From fb3c70eda88d3175627edc6a3316b4508b3d29c5 Mon Sep 17 00:00:00 2001 From: simon Date: Sat, 29 Jul 2006 19:10:21 +0000 Subject: Vendor import of OpenSSL 0.9.8b --- crypto/openssl/CHANGES | 1080 +++++++++- crypto/openssl/ChangeLog.0_9_7-stable_not-in-head | 163 ++ .../ChangeLog.0_9_7-stable_not-in-head_FIPS | 1494 ++++++++++++++ crypto/openssl/Configure | 982 ++++----- crypto/openssl/FAQ | 150 +- crypto/openssl/INSTALL | 32 +- crypto/openssl/LICENSE | 2 +- crypto/openssl/Makefile | 748 ++----- crypto/openssl/Makefile.org | 752 ++----- crypto/openssl/Makefile.shared | 603 ++++++ crypto/openssl/NEWS | 121 ++ crypto/openssl/PROBLEMS | 98 +- crypto/openssl/README | 29 +- crypto/openssl/apps/CA.pl | 53 +- crypto/openssl/apps/CA.pl.in | 53 +- crypto/openssl/apps/CA.sh | 31 +- crypto/openssl/apps/Makefile | 1291 +++++------- crypto/openssl/apps/apps.c | 456 ++++- crypto/openssl/apps/apps.h | 23 +- crypto/openssl/apps/asn1pars.c | 123 +- crypto/openssl/apps/ca.c | 389 ++-- crypto/openssl/apps/ciphers.c | 4 +- crypto/openssl/apps/crl.c | 12 +- crypto/openssl/apps/dgst.c | 77 +- crypto/openssl/apps/dh.c | 1 + crypto/openssl/apps/dhparam.c | 25 +- crypto/openssl/apps/dsa.c | 2 + crypto/openssl/apps/dsaparam.c | 86 +- crypto/openssl/apps/ec.c | 400 ++++ crypto/openssl/apps/ecparam.c | 728 +++++++ crypto/openssl/apps/enc.c | 34 +- crypto/openssl/apps/engine.c | 25 +- crypto/openssl/apps/gendh.c | 24 +- crypto/openssl/apps/gendsa.c | 1 + crypto/openssl/apps/genrsa.c | 34 +- crypto/openssl/apps/ocsp.c | 5 +- crypto/openssl/apps/openssl.c | 36 +- crypto/openssl/apps/openssl.cnf | 61 +- crypto/openssl/apps/passwd.c | 10 +- crypto/openssl/apps/pkcs12.c | 274 ++- crypto/openssl/apps/prime.c | 50 +- crypto/openssl/apps/progs.h | 18 +- crypto/openssl/apps/progs.pl | 10 +- crypto/openssl/apps/rand.c | 2 +- crypto/openssl/apps/req.c | 228 ++- crypto/openssl/apps/rsa.c | 4 +- crypto/openssl/apps/rsautl.c | 3 + crypto/openssl/apps/s_apps.h | 10 +- crypto/openssl/apps/s_cb.c | 54 +- crypto/openssl/apps/s_client.c | 183 +- crypto/openssl/apps/s_server.c | 359 +++- crypto/openssl/apps/s_socket.c | 120 +- crypto/openssl/apps/s_time.c | 18 +- crypto/openssl/apps/sess_id.c | 6 +- crypto/openssl/apps/smime.c | 551 ++++-- crypto/openssl/apps/speed.c | 814 +++++++- crypto/openssl/apps/spkac.c | 5 +- crypto/openssl/apps/timeouts.h | 67 + crypto/openssl/apps/verify.c | 44 +- crypto/openssl/apps/version.c | 15 +- crypto/openssl/apps/x509.c | 63 +- crypto/openssl/certs/argena.pem | 39 + crypto/openssl/certs/argeng.pem | 23 + crypto/openssl/certs/demo/ca-cert.pem | 33 + crypto/openssl/certs/demo/dsa-ca.pem | 43 + crypto/openssl/certs/demo/dsa-pca.pem | 49 + crypto/openssl/certs/demo/nortelCA.pem | 16 + crypto/openssl/certs/demo/pca-cert.pem | 33 + crypto/openssl/certs/demo/timCA.pem | 16 + crypto/openssl/certs/demo/tjhCA.pem | 15 + crypto/openssl/certs/demo/vsigntca.pem | 18 + crypto/openssl/certs/expired/RegTP-4R.pem | 19 + crypto/openssl/certs/expired/factory.pem | 15 + crypto/openssl/certs/expired/rsa-cca.pem | 19 + crypto/openssl/certs/expired/vsign2.pem | 18 + crypto/openssl/certs/wellsfgo.pem | 23 + crypto/openssl/config | 280 +-- crypto/openssl/crypto/LPdir_nyi.c | 42 + crypto/openssl/crypto/LPdir_unix.c | 127 ++ crypto/openssl/crypto/LPdir_vms.c | 199 ++ crypto/openssl/crypto/LPdir_win.c | 155 ++ crypto/openssl/crypto/LPdir_win32.c | 30 + crypto/openssl/crypto/LPdir_wince.c | 31 + crypto/openssl/crypto/Makefile | 179 +- crypto/openssl/crypto/aes/Makefile | 40 +- crypto/openssl/crypto/aes/aes.h | 10 +- crypto/openssl/crypto/aes/aes_cbc.c | 44 +- crypto/openssl/crypto/aes/aes_cfb.c | 67 +- crypto/openssl/crypto/aes/aes_core.c | 25 +- crypto/openssl/crypto/aes/aes_locl.h | 6 +- crypto/openssl/crypto/aes/asm/aes-586.pl | 1531 ++++++++++++++ crypto/openssl/crypto/aes/asm/aes-ia64.S | 1652 ++++++++++++++++ crypto/openssl/crypto/asn1/Makefile | 1298 +++++------- crypto/openssl/crypto/asn1/a_bitstr.c | 21 +- crypto/openssl/crypto/asn1/a_bool.c | 4 +- crypto/openssl/crypto/asn1/a_bytes.c | 22 +- crypto/openssl/crypto/asn1/a_d2i_fp.c | 32 +- crypto/openssl/crypto/asn1/a_digest.c | 9 +- crypto/openssl/crypto/asn1/a_dup.c | 18 +- crypto/openssl/crypto/asn1/a_enum.c | 14 +- crypto/openssl/crypto/asn1/a_gentm.c | 14 +- crypto/openssl/crypto/asn1/a_hdr.c | 6 +- crypto/openssl/crypto/asn1/a_i2d_fp.c | 8 +- crypto/openssl/crypto/asn1/a_int.c | 26 +- crypto/openssl/crypto/asn1/a_mbstr.c | 20 +- crypto/openssl/crypto/asn1/a_meth.c | 16 +- crypto/openssl/crypto/asn1/a_object.c | 99 +- crypto/openssl/crypto/asn1/a_octet.c | 2 +- crypto/openssl/crypto/asn1/a_print.c | 2 +- crypto/openssl/crypto/asn1/a_set.c | 44 +- crypto/openssl/crypto/asn1/a_sign.c | 23 +- crypto/openssl/crypto/asn1/a_strex.c | 28 +- crypto/openssl/crypto/asn1/a_type.c | 7 +- crypto/openssl/crypto/asn1/a_utctm.c | 13 +- crypto/openssl/crypto/asn1/a_verify.c | 18 +- crypto/openssl/crypto/asn1/asn1.h | 238 ++- crypto/openssl/crypto/asn1/asn1_err.c | 365 ++-- crypto/openssl/crypto/asn1/asn1_gen.c | 848 ++++++++ crypto/openssl/crypto/asn1/asn1_lib.c | 64 +- crypto/openssl/crypto/asn1/asn1_mac.h | 39 +- crypto/openssl/crypto/asn1/asn1_par.c | 58 +- crypto/openssl/crypto/asn1/asn1t.h | 100 +- crypto/openssl/crypto/asn1/asn_moid.c | 64 +- crypto/openssl/crypto/asn1/asn_pack.c | 26 +- crypto/openssl/crypto/asn1/d2i_pr.c | 24 +- crypto/openssl/crypto/asn1/d2i_pu.c | 19 +- crypto/openssl/crypto/asn1/evp_asn1.c | 10 +- crypto/openssl/crypto/asn1/i2d_pr.c | 9 + crypto/openssl/crypto/asn1/i2d_pu.c | 7 + crypto/openssl/crypto/asn1/n_pkey.c | 49 +- crypto/openssl/crypto/asn1/p5_pbe.c | 39 +- crypto/openssl/crypto/asn1/p5_pbev2.c | 6 +- crypto/openssl/crypto/asn1/t_bitst.c | 5 +- crypto/openssl/crypto/asn1/t_crl.c | 4 +- crypto/openssl/crypto/asn1/t_pkey.c | 548 +++++- crypto/openssl/crypto/asn1/t_req.c | 18 +- crypto/openssl/crypto/asn1/t_spki.c | 16 + crypto/openssl/crypto/asn1/t_x509.c | 13 +- crypto/openssl/crypto/asn1/tasn_dec.c | 1107 +++++++---- crypto/openssl/crypto/asn1/tasn_enc.c | 515 +++-- crypto/openssl/crypto/asn1/tasn_fre.c | 149 +- crypto/openssl/crypto/asn1/tasn_new.c | 234 ++- crypto/openssl/crypto/asn1/tasn_typ.c | 4 + crypto/openssl/crypto/asn1/tasn_utl.c | 128 +- crypto/openssl/crypto/asn1/x_bignum.c | 6 +- crypto/openssl/crypto/asn1/x_crl.c | 1 + crypto/openssl/crypto/asn1/x_long.c | 8 +- crypto/openssl/crypto/asn1/x_name.c | 31 +- crypto/openssl/crypto/asn1/x_pkey.c | 6 +- crypto/openssl/crypto/asn1/x_pubkey.c | 335 +++- crypto/openssl/crypto/asn1/x_x509.c | 19 +- crypto/openssl/crypto/asn1/x_x509a.c | 29 + crypto/openssl/crypto/bf/Makefile | 42 +- crypto/openssl/crypto/bf/bf_enc.c | 4 +- crypto/openssl/crypto/bf/bf_opts.c | 3 + crypto/openssl/crypto/bf/bfspeed.c | 3 + crypto/openssl/crypto/bf/bftest.c | 4 + crypto/openssl/crypto/bio/Makefile | 127 +- crypto/openssl/crypto/bio/b_dump.c | 75 +- crypto/openssl/crypto/bio/b_print.c | 18 +- crypto/openssl/crypto/bio/b_sock.c | 40 +- crypto/openssl/crypto/bio/bf_nbio.c | 4 +- crypto/openssl/crypto/bio/bio.h | 89 +- crypto/openssl/crypto/bio/bio_err.c | 131 +- crypto/openssl/crypto/bio/bio_lcl.h | 28 + crypto/openssl/crypto/bio/bio_lib.c | 14 +- crypto/openssl/crypto/bio/bss_acpt.c | 4 +- crypto/openssl/crypto/bio/bss_conn.c | 12 +- crypto/openssl/crypto/bio/bss_dgram.c | 484 +++++ crypto/openssl/crypto/bio/bss_fd.c | 30 +- crypto/openssl/crypto/bio/bss_file.c | 107 +- crypto/openssl/crypto/bio/bss_log.c | 2 + crypto/openssl/crypto/bio/bss_sock.c | 7 +- crypto/openssl/crypto/bn/Makefile | 273 +-- crypto/openssl/crypto/bn/asm/bn-586.pl | 86 +- crypto/openssl/crypto/bn/asm/ppc.pl | 2078 ++++++++++++++++++++ crypto/openssl/crypto/bn/asm/sparcv8plus.S | 16 +- crypto/openssl/crypto/bn/asm/x86_64-gcc.c | 54 +- crypto/openssl/crypto/bn/bn.h | 388 +++- crypto/openssl/crypto/bn/bn_add.c | 96 +- crypto/openssl/crypto/bn/bn_asm.c | 30 +- crypto/openssl/crypto/bn/bn_blind.c | 243 ++- crypto/openssl/crypto/bn/bn_const.c | 402 ++++ crypto/openssl/crypto/bn/bn_ctx.c | 417 +++- crypto/openssl/crypto/bn/bn_depr.c | 112 ++ crypto/openssl/crypto/bn/bn_div.c | 69 +- crypto/openssl/crypto/bn/bn_err.c | 104 +- crypto/openssl/crypto/bn/bn_exp.c | 353 +++- crypto/openssl/crypto/bn/bn_exp2.c | 56 +- crypto/openssl/crypto/bn/bn_gcd.c | 3 + crypto/openssl/crypto/bn/bn_gf2m.c | 1091 ++++++++++ crypto/openssl/crypto/bn/bn_kron.c | 8 +- crypto/openssl/crypto/bn/bn_lcl.h | 152 +- crypto/openssl/crypto/bn/bn_lib.c | 221 ++- crypto/openssl/crypto/bn/bn_mod.c | 7 +- crypto/openssl/crypto/bn/bn_mont.c | 67 +- crypto/openssl/crypto/bn/bn_mpi.c | 1 + crypto/openssl/crypto/bn/bn_mul.c | 534 ++++- crypto/openssl/crypto/bn/bn_nist.c | 775 ++++++++ crypto/openssl/crypto/bn/bn_prime.c | 103 +- crypto/openssl/crypto/bn/bn_prime.pl | 2 +- crypto/openssl/crypto/bn/bn_print.c | 43 +- crypto/openssl/crypto/bn/bn_rand.c | 24 +- crypto/openssl/crypto/bn/bn_recp.c | 22 +- crypto/openssl/crypto/bn/bn_shift.c | 27 +- crypto/openssl/crypto/bn/bn_sqr.c | 18 +- crypto/openssl/crypto/bn/bn_sqrt.c | 76 +- crypto/openssl/crypto/bn/bn_word.c | 65 +- crypto/openssl/crypto/bn/bntest.c | 791 +++++++- crypto/openssl/crypto/bn/expspeed.c | 2 +- crypto/openssl/crypto/bn/exptest.c | 21 +- crypto/openssl/crypto/buffer/Makefile | 22 +- crypto/openssl/crypto/buffer/buf_err.c | 19 +- crypto/openssl/crypto/buffer/buffer.c | 31 +- crypto/openssl/crypto/buffer/buffer.h | 17 +- crypto/openssl/crypto/cast/Makefile | 40 +- crypto/openssl/crypto/cast/cast.h | 2 + crypto/openssl/crypto/cast/cast_lcl.h | 21 +- crypto/openssl/crypto/cast/cast_spd.c | 3 + crypto/openssl/crypto/cast/castopts.c | 3 + crypto/openssl/crypto/cast/casttest.c | 1 + crypto/openssl/crypto/comp/Makefile | 50 +- crypto/openssl/crypto/comp/c_zlib.c | 271 ++- crypto/openssl/crypto/comp/comp.h | 23 +- crypto/openssl/crypto/comp/comp_err.c | 10 +- crypto/openssl/crypto/comp/comp_lib.c | 6 - crypto/openssl/crypto/conf/Makefile | 113 +- crypto/openssl/crypto/conf/conf.h | 5 +- crypto/openssl/crypto/conf/conf_def.c | 47 +- crypto/openssl/crypto/conf/conf_err.c | 80 +- crypto/openssl/crypto/conf/conf_lib.c | 2 +- crypto/openssl/crypto/conf/conf_mod.c | 4 +- crypto/openssl/crypto/cpt_err.c | 30 +- crypto/openssl/crypto/cryptlib.c | 371 ++-- crypto/openssl/crypto/cryptlib.h | 12 + crypto/openssl/crypto/crypto.h | 133 +- crypto/openssl/crypto/cversion.c | 3 - crypto/openssl/crypto/des/FILES0 | 2 +- crypto/openssl/crypto/des/Makefile | 288 ++- crypto/openssl/crypto/des/asm/des_enc.m4 | 1980 +++++++++++++++++++ crypto/openssl/crypto/des/cfb64ede.c | 5 +- crypto/openssl/crypto/des/cfb_enc.c | 71 +- crypto/openssl/crypto/des/des.h | 8 +- crypto/openssl/crypto/des/des_enc.c | 8 - crypto/openssl/crypto/des/des_locl.h | 4 +- crypto/openssl/crypto/des/des_old.c | 2 +- crypto/openssl/crypto/des/des_old.h | 10 +- crypto/openssl/crypto/des/des_opts.c | 4 + crypto/openssl/crypto/des/destest.c | 18 +- crypto/openssl/crypto/des/ecb3_enc.c | 4 +- crypto/openssl/crypto/des/ede_cbcm_enc.c | 2 + crypto/openssl/crypto/des/fcrypt.c | 3 - crypto/openssl/crypto/des/read2pwd.c | 1 + crypto/openssl/crypto/des/set_key.c | 8 +- crypto/openssl/crypto/des/speed.c | 4 + crypto/openssl/crypto/des/str2key.c | 1 + crypto/openssl/crypto/dh/Makefile | 48 +- crypto/openssl/crypto/dh/dh.h | 64 +- crypto/openssl/crypto/dh/dh_check.c | 28 +- crypto/openssl/crypto/dh/dh_depr.c | 83 + crypto/openssl/crypto/dh/dh_err.c | 28 +- crypto/openssl/crypto/dh/dh_gen.c | 49 +- crypto/openssl/crypto/dh/dh_key.c | 81 +- crypto/openssl/crypto/dh/dhtest.c | 32 +- crypto/openssl/crypto/dsa/Makefile | 107 +- crypto/openssl/crypto/dsa/dsa.h | 55 +- crypto/openssl/crypto/dsa/dsa_depr.c | 106 + crypto/openssl/crypto/dsa/dsa_err.c | 42 +- crypto/openssl/crypto/dsa/dsa_gen.c | 132 +- crypto/openssl/crypto/dsa/dsa_key.c | 29 +- crypto/openssl/crypto/dsa/dsa_lib.c | 3 + crypto/openssl/crypto/dsa/dsa_ossl.c | 153 +- crypto/openssl/crypto/dsa/dsa_sign.c | 12 - crypto/openssl/crypto/dsa/dsa_vrf.c | 8 - crypto/openssl/crypto/dsa/dsatest.c | 44 +- crypto/openssl/crypto/dso/Makefile | 50 +- crypto/openssl/crypto/dso/dso.h | 52 +- crypto/openssl/crypto/dso/dso_dl.c | 73 +- crypto/openssl/crypto/dso/dso_dlfcn.c | 84 +- crypto/openssl/crypto/dso/dso_err.c | 107 +- crypto/openssl/crypto/dso/dso_lib.c | 29 +- crypto/openssl/crypto/dso/dso_null.c | 2 + crypto/openssl/crypto/ebcdic.c | 15 +- crypto/openssl/crypto/ec/Makefile | 165 +- crypto/openssl/crypto/ec/ec.h | 311 ++- crypto/openssl/crypto/ec/ec2_mult.c | 380 ++++ crypto/openssl/crypto/ec/ec2_smpl.c | 971 +++++++++ crypto/openssl/crypto/ec/ec2_smpt.c | 141 ++ crypto/openssl/crypto/ec/ec_asn1.c | 1379 +++++++++++++ crypto/openssl/crypto/ec/ec_check.c | 123 ++ crypto/openssl/crypto/ec/ec_curve.c | 1270 ++++++++++++ crypto/openssl/crypto/ec/ec_cvt.c | 76 +- crypto/openssl/crypto/ec/ec_err.c | 209 +- crypto/openssl/crypto/ec/ec_key.c | 465 +++++ crypto/openssl/crypto/ec/ec_lcl.h | 241 ++- crypto/openssl/crypto/ec/ec_lib.c | 678 ++++++- crypto/openssl/crypto/ec/ec_mult.c | 645 ++++-- crypto/openssl/crypto/ec/ec_print.c | 195 ++ crypto/openssl/crypto/ec/ecp_mont.c | 151 +- crypto/openssl/crypto/ec/ecp_nist.c | 180 +- crypto/openssl/crypto/ec/ecp_smpl.c | 335 ++-- crypto/openssl/crypto/ec/ectest.c | 801 +++++++- crypto/openssl/crypto/ecdh/Makefile | 111 ++ crypto/openssl/crypto/ecdh/ecdh.h | 123 ++ crypto/openssl/crypto/ecdh/ecdhtest.c | 368 ++++ crypto/openssl/crypto/ecdh/ech_err.c | 101 + crypto/openssl/crypto/ecdh/ech_key.c | 83 + crypto/openssl/crypto/ecdh/ech_lib.c | 247 +++ crypto/openssl/crypto/ecdh/ech_locl.h | 94 + crypto/openssl/crypto/ecdh/ech_ossl.c | 213 ++ crypto/openssl/crypto/ecdsa/Makefile | 125 ++ crypto/openssl/crypto/ecdsa/ecdsa.h | 270 +++ crypto/openssl/crypto/ecdsa/ecdsatest.c | 500 +++++ crypto/openssl/crypto/ecdsa/ecs_asn1.c | 67 + crypto/openssl/crypto/ecdsa/ecs_err.c | 106 + crypto/openssl/crypto/ecdsa/ecs_lib.c | 261 +++ crypto/openssl/crypto/ecdsa/ecs_locl.h | 107 + crypto/openssl/crypto/ecdsa/ecs_ossl.c | 442 +++++ crypto/openssl/crypto/ecdsa/ecs_sign.c | 104 + crypto/openssl/crypto/ecdsa/ecs_vrf.c | 96 + crypto/openssl/crypto/engine/Makefile | 534 ++--- crypto/openssl/crypto/engine/eng_all.c | 31 +- crypto/openssl/crypto/engine/eng_cnf.c | 9 +- crypto/openssl/crypto/engine/eng_cryptodev.c | 1133 +++++++++++ crypto/openssl/crypto/engine/eng_ctrl.c | 12 +- crypto/openssl/crypto/engine/eng_dyn.c | 108 +- crypto/openssl/crypto/engine/eng_err.c | 159 +- crypto/openssl/crypto/engine/eng_fat.c | 26 +- crypto/openssl/crypto/engine/eng_init.c | 5 +- crypto/openssl/crypto/engine/eng_int.h | 9 + crypto/openssl/crypto/engine/eng_lib.c | 18 +- crypto/openssl/crypto/engine/eng_list.c | 43 +- crypto/openssl/crypto/engine/eng_openssl.c | 25 +- crypto/openssl/crypto/engine/eng_padlock.c | 268 ++- crypto/openssl/crypto/engine/eng_pkey.c | 3 - crypto/openssl/crypto/engine/eng_table.c | 94 +- crypto/openssl/crypto/engine/engine.h | 158 +- crypto/openssl/crypto/engine/enginetest.c | 2 +- crypto/openssl/crypto/engine/tb_cipher.c | 2 - crypto/openssl/crypto/engine/tb_dh.c | 2 - crypto/openssl/crypto/engine/tb_digest.c | 2 - crypto/openssl/crypto/engine/tb_dsa.c | 4 +- crypto/openssl/crypto/engine/tb_ecdh.c | 133 ++ crypto/openssl/crypto/engine/tb_ecdsa.c | 118 ++ crypto/openssl/crypto/engine/tb_rand.c | 2 - crypto/openssl/crypto/engine/tb_rsa.c | 2 - crypto/openssl/crypto/engine/tb_store.c | 123 ++ crypto/openssl/crypto/err/Makefile | 61 +- crypto/openssl/crypto/err/err.c | 75 +- crypto/openssl/crypto/err/err.h | 25 +- crypto/openssl/crypto/err/err_all.c | 17 +- crypto/openssl/crypto/err/err_prn.c | 9 +- crypto/openssl/crypto/err/openssl.ec | 5 +- crypto/openssl/crypto/evp/Makefile | 1251 ++++-------- crypto/openssl/crypto/evp/bio_b64.c | 2 +- crypto/openssl/crypto/evp/bio_enc.c | 6 +- crypto/openssl/crypto/evp/bio_md.c | 8 +- crypto/openssl/crypto/evp/bio_ok.c | 60 +- crypto/openssl/crypto/evp/c_all.c | 6 + crypto/openssl/crypto/evp/c_alld.c | 13 +- crypto/openssl/crypto/evp/digest.c | 16 +- crypto/openssl/crypto/evp/e_aes.c | 2 + crypto/openssl/crypto/evp/e_bf.c | 2 +- crypto/openssl/crypto/evp/e_cast.c | 4 +- crypto/openssl/crypto/evp/e_des.c | 38 +- crypto/openssl/crypto/evp/e_des3.c | 65 +- crypto/openssl/crypto/evp/e_idea.c | 4 +- crypto/openssl/crypto/evp/e_null.c | 3 +- crypto/openssl/crypto/evp/e_old.c | 19 +- crypto/openssl/crypto/evp/e_rc2.c | 12 +- crypto/openssl/crypto/evp/e_rc4.c | 7 +- crypto/openssl/crypto/evp/e_rc5.c | 5 +- crypto/openssl/crypto/evp/e_xcbc_d.c | 5 +- crypto/openssl/crypto/evp/encode.c | 12 +- crypto/openssl/crypto/evp/evp.h | 203 +- crypto/openssl/crypto/evp/evp_enc.c | 64 +- crypto/openssl/crypto/evp/evp_err.c | 159 +- crypto/openssl/crypto/evp/evp_key.c | 5 +- crypto/openssl/crypto/evp/evp_lib.c | 16 +- crypto/openssl/crypto/evp/evp_pbe.c | 5 +- crypto/openssl/crypto/evp/evp_pkey.c | 492 ++++- crypto/openssl/crypto/evp/evp_test.c | 47 +- crypto/openssl/crypto/evp/evptests.txt | 107 +- crypto/openssl/crypto/evp/m_dss.c | 6 +- crypto/openssl/crypto/evp/m_dss1.c | 9 +- crypto/openssl/crypto/evp/m_ecdsa.c | 148 ++ crypto/openssl/crypto/evp/m_md2.c | 9 +- crypto/openssl/crypto/evp/m_md4.c | 9 +- crypto/openssl/crypto/evp/m_md5.c | 9 +- crypto/openssl/crypto/evp/m_mdc2.c | 7 +- crypto/openssl/crypto/evp/m_null.c | 2 +- crypto/openssl/crypto/evp/m_ripemd.c | 9 +- crypto/openssl/crypto/evp/m_sha.c | 9 +- crypto/openssl/crypto/evp/m_sha1.c | 113 +- crypto/openssl/crypto/evp/names.c | 8 +- crypto/openssl/crypto/evp/p5_crpt.c | 14 +- crypto/openssl/crypto/evp/p5_crpt2.c | 32 +- crypto/openssl/crypto/evp/p_dec.c | 2 +- crypto/openssl/crypto/evp/p_enc.c | 2 +- crypto/openssl/crypto/evp/p_lib.c | 177 +- crypto/openssl/crypto/evp/p_open.c | 10 +- crypto/openssl/crypto/evp/p_seal.c | 2 +- crypto/openssl/crypto/evp/p_verify.c | 2 +- crypto/openssl/crypto/ex_data.c | 8 +- crypto/openssl/crypto/hmac/Makefile | 36 +- crypto/openssl/crypto/hmac/hmac.c | 10 +- crypto/openssl/crypto/hmac/hmac.h | 8 +- crypto/openssl/crypto/ia64cpuid.S | 121 ++ crypto/openssl/crypto/idea/Makefile | 11 +- crypto/openssl/crypto/idea/i_skey.c | 5 +- crypto/openssl/crypto/idea/idea.h | 5 +- crypto/openssl/crypto/idea/idea_spd.c | 3 + crypto/openssl/crypto/idea/ideatest.c | 3 + crypto/openssl/crypto/krb5/Makefile | 14 +- crypto/openssl/crypto/krb5/krb5_asn.h | 2 +- crypto/openssl/crypto/lhash/Makefile | 21 +- crypto/openssl/crypto/lhash/lhash.c | 18 +- crypto/openssl/crypto/lhash/lhash.h | 17 +- crypto/openssl/crypto/md2/Makefile | 22 +- crypto/openssl/crypto/md2/md2.h | 8 +- crypto/openssl/crypto/md2/md2_dgst.c | 6 +- crypto/openssl/crypto/md2/md2_one.c | 5 +- crypto/openssl/crypto/md2/md2test.c | 6 +- crypto/openssl/crypto/md32_common.h | 124 +- crypto/openssl/crypto/md4/Makefile | 28 +- crypto/openssl/crypto/md4/md4.h | 6 +- crypto/openssl/crypto/md4/md4_dgst.c | 4 +- crypto/openssl/crypto/md4/md4_locl.h | 8 +- crypto/openssl/crypto/md4/md4_one.c | 5 +- crypto/openssl/crypto/md4/md4test.c | 2 +- crypto/openssl/crypto/md5/Makefile | 66 +- crypto/openssl/crypto/md5/asm/md5-x86_64.pl | 245 +++ crypto/openssl/crypto/md5/md5.h | 6 +- crypto/openssl/crypto/md5/md5_dgst.c | 4 +- crypto/openssl/crypto/md5/md5_locl.h | 18 +- crypto/openssl/crypto/md5/md5_one.c | 5 +- crypto/openssl/crypto/md5/md5test.c | 6 +- crypto/openssl/crypto/mdc2/Makefile | 27 +- crypto/openssl/crypto/mdc2/mdc2.h | 6 +- crypto/openssl/crypto/mdc2/mdc2_one.c | 5 +- crypto/openssl/crypto/mdc2/mdc2dgst.c | 21 +- crypto/openssl/crypto/mdc2/mdc2test.c | 3 + crypto/openssl/crypto/mem.c | 10 +- crypto/openssl/crypto/mem_clr.c | 2 +- crypto/openssl/crypto/mem_dbg.c | 10 +- crypto/openssl/crypto/o_dir.c | 83 + crypto/openssl/crypto/o_dir.h | 53 + crypto/openssl/crypto/o_dir_test.c | 70 + crypto/openssl/crypto/o_str.c | 30 +- crypto/openssl/crypto/o_str.h | 1 + crypto/openssl/crypto/objects/Makefile | 62 +- crypto/openssl/crypto/objects/o_names.c | 13 +- crypto/openssl/crypto/objects/obj_dat.c | 265 ++- crypto/openssl/crypto/objects/obj_dat.h | 645 +++++- crypto/openssl/crypto/objects/obj_dat.pl | 4 +- crypto/openssl/crypto/objects/obj_err.c | 26 +- crypto/openssl/crypto/objects/obj_lib.c | 3 +- crypto/openssl/crypto/objects/obj_mac.h | 433 +++- crypto/openssl/crypto/objects/obj_mac.num | 97 +- crypto/openssl/crypto/objects/objects.h | 9 +- crypto/openssl/crypto/objects/objects.txt | 142 +- crypto/openssl/crypto/ocsp/Makefile | 274 +-- crypto/openssl/crypto/ocsp/ocsp.h | 25 +- crypto/openssl/crypto/ocsp/ocsp_cl.c | 2 + crypto/openssl/crypto/ocsp/ocsp_err.c | 104 +- crypto/openssl/crypto/ocsp/ocsp_ext.c | 35 +- crypto/openssl/crypto/ocsp/ocsp_lib.c | 4 +- crypto/openssl/crypto/ocsp/ocsp_prn.c | 4 +- crypto/openssl/crypto/opensslconf.h | 22 + crypto/openssl/crypto/opensslconf.h.in | 1 + crypto/openssl/crypto/opensslv.h | 10 +- crypto/openssl/crypto/ossl_typ.h | 52 + crypto/openssl/crypto/pem/Makefile | 322 ++- crypto/openssl/crypto/pem/pem.h | 131 +- crypto/openssl/crypto/pem/pem_all.c | 233 ++- crypto/openssl/crypto/pem/pem_err.c | 91 +- crypto/openssl/crypto/pem/pem_info.c | 56 +- crypto/openssl/crypto/pem/pem_lib.c | 41 +- crypto/openssl/crypto/pem/pem_oth.c | 7 +- crypto/openssl/crypto/pem/pem_pk8.c | 7 +- crypto/openssl/crypto/pem/pem_pkey.c | 11 +- crypto/openssl/crypto/pem/pem_seal.c | 2 + crypto/openssl/crypto/pem/pem_xaux.c | 1 + crypto/openssl/crypto/perlasm/cbc.pl | 4 +- crypto/openssl/crypto/perlasm/x86_64-xlate.pl | 506 +++++ crypto/openssl/crypto/perlasm/x86asm.pl | 25 +- crypto/openssl/crypto/perlasm/x86ms.pl | 103 +- crypto/openssl/crypto/perlasm/x86nasm.pl | 157 +- crypto/openssl/crypto/perlasm/x86unix.pl | 263 ++- crypto/openssl/crypto/pkcs12/Makefile | 439 ++--- crypto/openssl/crypto/pkcs12/p12_add.c | 17 +- crypto/openssl/crypto/pkcs12/p12_crpt.c | 22 +- crypto/openssl/crypto/pkcs12/p12_crt.c | 328 ++- crypto/openssl/crypto/pkcs12/p12_decr.c | 13 +- crypto/openssl/crypto/pkcs12/p12_init.c | 14 +- crypto/openssl/crypto/pkcs12/p12_key.c | 2 +- crypto/openssl/crypto/pkcs12/p12_kiss.c | 38 +- crypto/openssl/crypto/pkcs12/p12_mutl.c | 25 +- crypto/openssl/crypto/pkcs12/p12_npas.c | 37 +- crypto/openssl/crypto/pkcs12/pk12err.c | 108 +- crypto/openssl/crypto/pkcs12/pkcs12.h | 21 +- crypto/openssl/crypto/pkcs7/Makefile | 192 +- crypto/openssl/crypto/pkcs7/bio_ber.c | 2 +- crypto/openssl/crypto/pkcs7/example.c | 8 +- crypto/openssl/crypto/pkcs7/pk7_asn1.c | 41 +- crypto/openssl/crypto/pkcs7/pk7_attr.c | 3 +- crypto/openssl/crypto/pkcs7/pk7_doit.c | 315 ++- crypto/openssl/crypto/pkcs7/pk7_lib.c | 119 +- crypto/openssl/crypto/pkcs7/pk7_mime.c | 77 +- crypto/openssl/crypto/pkcs7/pk7_smime.c | 77 +- crypto/openssl/crypto/pkcs7/pkcs7.h | 15 +- crypto/openssl/crypto/pkcs7/pkcs7err.c | 152 +- crypto/openssl/crypto/pqueue/Makefile | 84 + crypto/openssl/crypto/pqueue/pq_compat.h | 147 ++ crypto/openssl/crypto/pqueue/pq_test.c | 95 + crypto/openssl/crypto/pqueue/pqueue.c | 236 +++ crypto/openssl/crypto/pqueue/pqueue.h | 95 + crypto/openssl/crypto/rand/Makefile | 145 +- crypto/openssl/crypto/rand/md_rand.c | 15 +- crypto/openssl/crypto/rand/rand.h | 15 +- crypto/openssl/crypto/rand/rand_egd.c | 10 +- crypto/openssl/crypto/rand/rand_err.c | 22 +- crypto/openssl/crypto/rand/rand_lib.c | 12 - crypto/openssl/crypto/rand/rand_nw.c | 176 ++ crypto/openssl/crypto/rand/rand_unix.c | 44 +- crypto/openssl/crypto/rand/rand_vms.c | 5 +- crypto/openssl/crypto/rand/rand_win.c | 101 +- crypto/openssl/crypto/rand/randfile.c | 6 +- crypto/openssl/crypto/rand/randtest.c | 5 +- crypto/openssl/crypto/rc2/Makefile | 11 +- crypto/openssl/crypto/rc2/rc2.h | 2 +- crypto/openssl/crypto/rc2/rc2_skey.c | 7 + crypto/openssl/crypto/rc2/rc2speed.c | 9 +- crypto/openssl/crypto/rc2/rc2test.c | 3 + crypto/openssl/crypto/rc4/Makefile | 67 +- crypto/openssl/crypto/rc4/asm/rc4-586.pl | 115 +- crypto/openssl/crypto/rc4/asm/rc4-ia64.S | 160 ++ crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl | 240 +++ crypto/openssl/crypto/rc4/rc4.c | 3 +- crypto/openssl/crypto/rc4/rc4.h | 3 +- crypto/openssl/crypto/rc4/rc4_enc.c | 4 +- crypto/openssl/crypto/rc4/rc4_locl.h | 1 + crypto/openssl/crypto/rc4/rc4_skey.c | 47 +- crypto/openssl/crypto/rc4/rc4speed.c | 3 + crypto/openssl/crypto/rc4/rc4test.c | 51 +- crypto/openssl/crypto/rc5/Makefile | 51 +- crypto/openssl/crypto/rc5/rc5.h | 2 + crypto/openssl/crypto/rc5/rc5_locl.h | 2 +- crypto/openssl/crypto/rc5/rc5speed.c | 3 + crypto/openssl/crypto/ripemd/Makefile | 50 +- crypto/openssl/crypto/ripemd/ripemd.h | 6 +- crypto/openssl/crypto/ripemd/rmd_dgst.c | 8 +- crypto/openssl/crypto/ripemd/rmd_locl.h | 12 +- crypto/openssl/crypto/ripemd/rmd_one.c | 5 +- crypto/openssl/crypto/ripemd/rmdtest.c | 2 +- crypto/openssl/crypto/rsa/Makefile | 130 +- crypto/openssl/crypto/rsa/rsa.h | 117 +- crypto/openssl/crypto/rsa/rsa_asn1.c | 8 +- crypto/openssl/crypto/rsa/rsa_chk.c | 4 +- crypto/openssl/crypto/rsa/rsa_depr.c | 101 + crypto/openssl/crypto/rsa/rsa_eay.c | 601 +++--- crypto/openssl/crypto/rsa/rsa_err.c | 144 +- crypto/openssl/crypto/rsa/rsa_gen.c | 138 +- crypto/openssl/crypto/rsa/rsa_lib.c | 120 +- crypto/openssl/crypto/rsa/rsa_null.c | 15 +- crypto/openssl/crypto/rsa/rsa_oaep.c | 21 +- crypto/openssl/crypto/rsa/rsa_pss.c | 269 +++ crypto/openssl/crypto/rsa/rsa_saos.c | 10 +- crypto/openssl/crypto/rsa/rsa_sign.c | 13 +- crypto/openssl/crypto/rsa/rsa_test.c | 9 +- crypto/openssl/crypto/rsa/rsa_x931.c | 177 ++ crypto/openssl/crypto/sha/Makefile | 102 +- crypto/openssl/crypto/sha/asm/sha1-586.pl | 71 +- crypto/openssl/crypto/sha/asm/sha1-ia64.pl | 549 ++++++ crypto/openssl/crypto/sha/asm/sha512-ia64.pl | 432 ++++ crypto/openssl/crypto/sha/asm/sha512-sse2.pl | 404 ++++ crypto/openssl/crypto/sha/sha.h | 86 +- crypto/openssl/crypto/sha/sha1_one.c | 5 +- crypto/openssl/crypto/sha/sha1dgst.c | 9 +- crypto/openssl/crypto/sha/sha1test.c | 6 +- crypto/openssl/crypto/sha/sha256.c | 319 +++ crypto/openssl/crypto/sha/sha256t.c | 147 ++ crypto/openssl/crypto/sha/sha512.c | 496 +++++ crypto/openssl/crypto/sha/sha512t.c | 184 ++ crypto/openssl/crypto/sha/sha_dgst.c | 1 + crypto/openssl/crypto/sha/sha_locl.h | 151 +- crypto/openssl/crypto/sha/sha_one.c | 5 +- crypto/openssl/crypto/sha/shatest.c | 10 +- crypto/openssl/crypto/sparccpuid.S | 239 +++ crypto/openssl/crypto/stack/Makefile | 22 +- crypto/openssl/crypto/stack/safestack.h | 281 ++- crypto/openssl/crypto/stack/stack.c | 27 +- crypto/openssl/crypto/stack/stack.h | 1 + crypto/openssl/crypto/store/Makefile | 112 ++ crypto/openssl/crypto/store/README | 95 + crypto/openssl/crypto/store/store.h | 554 ++++++ crypto/openssl/crypto/store/str_err.c | 214 ++ crypto/openssl/crypto/store/str_lib.c | 1824 +++++++++++++++++ crypto/openssl/crypto/store/str_locl.h | 124 ++ crypto/openssl/crypto/store/str_mem.c | 357 ++++ crypto/openssl/crypto/store/str_meth.c | 250 +++ crypto/openssl/crypto/symhacks.h | 112 +- crypto/openssl/crypto/threads/mttest.c | 115 ++ crypto/openssl/crypto/threads/th-lock.c | 2 +- crypto/openssl/crypto/tmdiff.c | 45 +- crypto/openssl/crypto/tmdiff.h | 22 +- crypto/openssl/crypto/txt_db/Makefile | 18 +- crypto/openssl/crypto/txt_db/txt_db.c | 21 +- crypto/openssl/crypto/txt_db/txt_db.h | 5 +- crypto/openssl/crypto/ui/Makefile | 40 +- crypto/openssl/crypto/ui/ui.h | 20 +- crypto/openssl/crypto/ui/ui_err.c | 48 +- crypto/openssl/crypto/ui/ui_lib.c | 8 +- crypto/openssl/crypto/ui/ui_locl.h | 5 + crypto/openssl/crypto/ui/ui_openssl.c | 48 +- crypto/openssl/crypto/ui/ui_util.c | 2 +- crypto/openssl/crypto/uid.c | 2 +- crypto/openssl/crypto/x509/Makefile | 712 +++---- crypto/openssl/crypto/x509/by_dir.c | 15 +- crypto/openssl/crypto/x509/by_file.c | 4 +- crypto/openssl/crypto/x509/x509.h | 133 +- crypto/openssl/crypto/x509/x509_att.c | 12 +- crypto/openssl/crypto/x509/x509_cmp.c | 91 +- crypto/openssl/crypto/x509/x509_err.c | 142 +- crypto/openssl/crypto/x509/x509_lu.c | 30 +- crypto/openssl/crypto/x509/x509_r2x.c | 12 +- crypto/openssl/crypto/x509/x509_req.c | 44 +- crypto/openssl/crypto/x509/x509_trs.c | 4 +- crypto/openssl/crypto/x509/x509_txt.c | 19 +- crypto/openssl/crypto/x509/x509_v3.c | 10 +- crypto/openssl/crypto/x509/x509_vfy.c | 550 ++++-- crypto/openssl/crypto/x509/x509_vfy.h | 150 +- crypto/openssl/crypto/x509/x509_vpm.c | 420 ++++ crypto/openssl/crypto/x509/x509cset.c | 1 + crypto/openssl/crypto/x509/x509name.c | 10 +- crypto/openssl/crypto/x509/x509spki.c | 3 +- crypto/openssl/crypto/x509/x509type.c | 6 + crypto/openssl/crypto/x509/x_all.c | 138 +- crypto/openssl/crypto/x509v3/Makefile | 863 ++++---- crypto/openssl/crypto/x509v3/ext_dat.h | 11 +- crypto/openssl/crypto/x509v3/pcy_cache.c | 287 +++ crypto/openssl/crypto/x509v3/pcy_data.c | 123 ++ crypto/openssl/crypto/x509v3/pcy_int.h | 223 +++ crypto/openssl/crypto/x509v3/pcy_lib.c | 167 ++ crypto/openssl/crypto/x509v3/pcy_map.c | 186 ++ crypto/openssl/crypto/x509v3/pcy_node.c | 158 ++ crypto/openssl/crypto/x509v3/pcy_tree.c | 682 +++++++ crypto/openssl/crypto/x509v3/v3_akey.c | 190 +- crypto/openssl/crypto/x509v3/v3_alt.c | 287 ++- crypto/openssl/crypto/x509v3/v3_bitst.c | 17 +- crypto/openssl/crypto/x509v3/v3_conf.c | 73 +- crypto/openssl/crypto/x509v3/v3_cpols.c | 31 +- crypto/openssl/crypto/x509v3/v3_extku.c | 4 +- crypto/openssl/crypto/x509v3/v3_ia5.c | 5 +- crypto/openssl/crypto/x509v3/v3_info.c | 13 +- crypto/openssl/crypto/x509v3/v3_int.c | 13 + crypto/openssl/crypto/x509v3/v3_lib.c | 7 +- crypto/openssl/crypto/x509v3/v3_ncons.c | 220 +++ crypto/openssl/crypto/x509v3/v3_ocsp.c | 8 +- crypto/openssl/crypto/x509v3/v3_pci.c | 313 +++ crypto/openssl/crypto/x509v3/v3_pcia.c | 55 + crypto/openssl/crypto/x509v3/v3_pcons.c | 136 ++ crypto/openssl/crypto/x509v3/v3_pmaps.c | 153 ++ crypto/openssl/crypto/x509v3/v3_prn.c | 5 +- crypto/openssl/crypto/x509v3/v3_purp.c | 83 +- crypto/openssl/crypto/x509v3/v3_skey.c | 8 +- crypto/openssl/crypto/x509v3/v3_sxnet.c | 4 +- crypto/openssl/crypto/x509v3/v3_utl.c | 318 ++- crypto/openssl/crypto/x509v3/v3err.c | 215 +- crypto/openssl/crypto/x509v3/x509v3.h | 127 +- crypto/openssl/crypto/x86_64cpuid.pl | 138 ++ crypto/openssl/crypto/x86cpuid.pl | 197 ++ crypto/openssl/demos/easy_tls/easy-tls.c | 4 +- crypto/openssl/demos/engines/zencod/hw_zencod.c | 4 +- crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh | 98 + crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh | 164 ++ crypto/openssl/demos/ssltest-ecc/README | 15 + crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh | 121 ++ crypto/openssl/demos/ssltest-ecc/ssltest.sh | 188 ++ crypto/openssl/demos/tunala/autoungunk.sh | 10 +- crypto/openssl/demos/tunala/cb.c | 10 + crypto/openssl/demos/tunala/configure.in | 1 + crypto/openssl/demos/tunala/test.sh | 107 + crypto/openssl/demos/tunala/tunala.c | 28 +- crypto/openssl/demos/tunala/tunala.h | 1 + crypto/openssl/doc/HOWTO/certificates.txt | 11 +- crypto/openssl/doc/HOWTO/keys.txt | 6 +- crypto/openssl/doc/HOWTO/proxy_certificates.txt | 322 +++ crypto/openssl/doc/apps/CA.pl.pod | 2 +- crypto/openssl/doc/apps/asn1parse.pod | 44 +- crypto/openssl/doc/apps/ca.pod | 78 +- crypto/openssl/doc/apps/config.pod | 7 + crypto/openssl/doc/apps/dgst.pod | 6 + crypto/openssl/doc/apps/ec.pod | 190 ++ crypto/openssl/doc/apps/ecparam.pod | 179 ++ crypto/openssl/doc/apps/enc.pod | 16 +- crypto/openssl/doc/apps/errstr.pod | 39 + crypto/openssl/doc/apps/req.pod | 10 + crypto/openssl/doc/apps/s_client.pod | 16 + crypto/openssl/doc/apps/s_server.pod | 23 + crypto/openssl/doc/apps/x509.pod | 20 +- crypto/openssl/doc/apps/x509v3_config.pod | 456 +++++ crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod | 6 +- crypto/openssl/doc/crypto/ASN1_generate_nconf.pod | 253 +++ crypto/openssl/doc/crypto/BIO_f_base64.pod | 2 +- crypto/openssl/doc/crypto/BN_BLINDING_new.pod | 109 + crypto/openssl/doc/crypto/BN_add_word.pod | 10 +- crypto/openssl/doc/crypto/BN_new.pod | 2 +- crypto/openssl/doc/crypto/ERR_error_string.pod | 2 +- crypto/openssl/doc/crypto/ERR_set_mark.pod | 38 + crypto/openssl/doc/crypto/EVP_BytesToKey.pod | 2 +- crypto/openssl/doc/crypto/EVP_DigestInit.pod | 2 +- crypto/openssl/doc/crypto/EVP_EncryptInit.pod | 8 +- crypto/openssl/doc/crypto/EVP_SealInit.pod | 5 +- crypto/openssl/doc/crypto/EVP_SignInit.pod | 9 +- crypto/openssl/doc/crypto/OPENSSL_Applink.pod | 21 + crypto/openssl/doc/crypto/OPENSSL_config.pod | 2 +- crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod | 35 + crypto/openssl/doc/crypto/PKCS12_create.pod | 18 + crypto/openssl/doc/crypto/PKCS7_sign.pod | 24 +- crypto/openssl/doc/crypto/PKCS7_verify.pod | 2 +- crypto/openssl/doc/crypto/RSA_sign.pod | 4 +- crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod | 14 +- .../doc/crypto/X509_NAME_ENTRY_get_object.pod | 6 +- .../doc/crypto/X509_NAME_add_entry_by_txt.pod | 6 +- crypto/openssl/doc/crypto/X509_NAME_print_ex.pod | 4 +- crypto/openssl/doc/crypto/blowfish.pod | 2 +- crypto/openssl/doc/crypto/bn.pod | 25 +- crypto/openssl/doc/crypto/bn_internal.pod | 14 +- crypto/openssl/doc/crypto/d2i_X509.pod | 6 +- crypto/openssl/doc/crypto/d2i_X509_CRL.pod | 2 +- crypto/openssl/doc/crypto/d2i_X509_REQ.pod | 2 +- crypto/openssl/doc/crypto/des_modes.pod | 2 + crypto/openssl/doc/crypto/ecdsa.pod | 210 ++ crypto/openssl/doc/crypto/engine.pod | 206 +- crypto/openssl/doc/crypto/hmac.pod | 2 +- crypto/openssl/doc/crypto/threads.pod | 25 +- crypto/openssl/doc/crypto/x509.pod | 64 + crypto/openssl/doc/fingerprints.txt | 57 + crypto/openssl/doc/openssl.txt | 27 +- crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod | 6 +- .../openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod | 2 +- crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod | 12 +- crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod | 2 +- .../openssl/doc/ssl/SSL_CTX_set_info_callback.pod | 4 +- crypto/openssl/doc/ssl/SSL_CTX_set_options.pod | 4 +- .../openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod | 4 +- crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod | 16 +- .../doc/ssl/SSL_SESSION_get_ex_new_index.pod | 2 +- crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod | 8 +- crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_ciphers.pod | 4 +- crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod | 4 +- crypto/openssl/doc/ssl/SSL_get_current_cipher.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_default_timeout.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_error.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_fd.pod | 6 +- crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod | 2 +- .../openssl/doc/ssl/SSL_get_peer_certificate.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_session.pod | 4 +- crypto/openssl/doc/ssl/SSL_get_verify_result.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_version.pod | 2 +- crypto/openssl/doc/ssl/SSL_pending.pod | 2 +- crypto/openssl/doc/ssl/SSL_set_shutdown.pod | 2 +- crypto/openssl/doc/ssl/SSL_shutdown.pod | 2 +- crypto/openssl/doc/ssl/SSL_state_string.pod | 4 +- crypto/openssl/doc/ssl/SSL_want.pod | 10 +- crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod | 2 +- crypto/openssl/doc/ssl/ssl.pod | 110 +- crypto/openssl/doc/ssleay.txt | 2 +- crypto/openssl/doc/standards.txt | 4 + crypto/openssl/e_os.h | 97 +- crypto/openssl/e_os2.h | 23 +- crypto/openssl/engines/Makefile | 249 +++ crypto/openssl/engines/axp.opt | 1 + crypto/openssl/engines/e_4758cca.c | 994 ++++++++++ crypto/openssl/engines/e_4758cca.ec | 1 + crypto/openssl/engines/e_4758cca_err.c | 153 ++ crypto/openssl/engines/e_4758cca_err.h | 93 + crypto/openssl/engines/e_aep.c | 1137 +++++++++++ crypto/openssl/engines/e_aep.ec | 1 + crypto/openssl/engines/e_aep_err.c | 161 ++ crypto/openssl/engines/e_aep_err.h | 101 + crypto/openssl/engines/e_atalla.c | 607 ++++++ crypto/openssl/engines/e_atalla.ec | 1 + crypto/openssl/engines/e_atalla_err.c | 149 ++ crypto/openssl/engines/e_atalla_err.h | 89 + crypto/openssl/engines/e_chil.c | 1374 +++++++++++++ crypto/openssl/engines/e_chil.ec | 1 + crypto/openssl/engines/e_chil_err.c | 161 ++ crypto/openssl/engines/e_chil_err.h | 101 + crypto/openssl/engines/e_cswift.c | 1131 +++++++++++ crypto/openssl/engines/e_cswift.ec | 1 + crypto/openssl/engines/e_cswift_err.c | 154 ++ crypto/openssl/engines/e_cswift_err.h | 94 + crypto/openssl/engines/e_gmp.c | 435 ++++ crypto/openssl/engines/e_gmp.ec | 1 + crypto/openssl/engines/e_gmp_err.c | 141 ++ crypto/openssl/engines/e_gmp_err.h | 81 + crypto/openssl/engines/e_nuron.c | 434 ++++ crypto/openssl/engines/e_nuron.ec | 1 + crypto/openssl/engines/e_nuron_err.c | 146 ++ crypto/openssl/engines/e_nuron_err.h | 86 + crypto/openssl/engines/e_sureware.c | 1057 ++++++++++ crypto/openssl/engines/e_sureware.ec | 1 + crypto/openssl/engines/e_sureware_err.c | 158 ++ crypto/openssl/engines/e_sureware_err.h | 98 + crypto/openssl/engines/e_ubsec.c | 1070 ++++++++++ crypto/openssl/engines/e_ubsec.ec | 1 + crypto/openssl/engines/e_ubsec_err.c | 157 ++ crypto/openssl/engines/e_ubsec_err.h | 97 + crypto/openssl/engines/engine_vector.mar | 24 + crypto/openssl/engines/vax.opt | 9 + crypto/openssl/engines/vendor_defns/aep.h | 178 ++ crypto/openssl/engines/vendor_defns/atalla.h | 48 + crypto/openssl/engines/vendor_defns/cswift.h | 234 +++ crypto/openssl/engines/vendor_defns/hw_4758_cca.h | 149 ++ crypto/openssl/engines/vendor_defns/hw_ubsec.h | 100 + crypto/openssl/engines/vendor_defns/hwcryptohook.h | 486 +++++ crypto/openssl/engines/vendor_defns/sureware.h | 239 +++ crypto/openssl/openssl.spec | 7 +- crypto/openssl/ssl/Makefile | 1558 +++++++-------- crypto/openssl/ssl/bio_ssl.c | 6 +- crypto/openssl/ssl/d1_both.c | 1263 ++++++++++++ crypto/openssl/ssl/d1_clnt.c | 1143 +++++++++++ crypto/openssl/ssl/d1_enc.c | 281 +++ crypto/openssl/ssl/d1_lib.c | 190 ++ crypto/openssl/ssl/d1_meth.c | 77 + crypto/openssl/ssl/d1_pkt.c | 1770 +++++++++++++++++ crypto/openssl/ssl/d1_srvr.c | 1130 +++++++++++ crypto/openssl/ssl/dtls1.h | 212 ++ crypto/openssl/ssl/kssl.c | 31 +- crypto/openssl/ssl/kssl.h | 6 + crypto/openssl/ssl/s23_clnt.c | 251 ++- crypto/openssl/ssl/s23_lib.c | 62 +- crypto/openssl/ssl/s23_meth.c | 39 +- crypto/openssl/ssl/s23_srvr.c | 35 +- crypto/openssl/ssl/s2_clnt.c | 42 +- crypto/openssl/ssl/s2_enc.c | 2 +- crypto/openssl/ssl/s2_lib.c | 129 +- crypto/openssl/ssl/s2_meth.c | 26 +- crypto/openssl/ssl/s2_srvr.c | 46 +- crypto/openssl/ssl/s3_both.c | 41 +- crypto/openssl/ssl/s3_clnt.c | 749 +++++-- crypto/openssl/ssl/s3_enc.c | 32 +- crypto/openssl/ssl/s3_lib.c | 1059 +++++++--- crypto/openssl/ssl/s3_meth.c | 26 +- crypto/openssl/ssl/s3_pkt.c | 43 +- crypto/openssl/ssl/s3_srvr.c | 687 ++++++- crypto/openssl/ssl/ssl.h | 366 ++-- crypto/openssl/ssl/ssl3.h | 31 +- crypto/openssl/ssl/ssl_algs.c | 11 + crypto/openssl/ssl/ssl_asn1.c | 26 +- crypto/openssl/ssl/ssl_cert.c | 241 +-- crypto/openssl/ssl/ssl_ciph.c | 276 ++- crypto/openssl/ssl/ssl_err.c | 783 ++++---- crypto/openssl/ssl/ssl_lib.c | 431 +++- crypto/openssl/ssl/ssl_locl.h | 426 +++- crypto/openssl/ssl/ssl_rsa.c | 112 +- crypto/openssl/ssl/ssl_sess.c | 28 +- crypto/openssl/ssl/ssl_txt.c | 10 +- crypto/openssl/ssl/ssltest.c | 740 ++++++- crypto/openssl/ssl/t1_clnt.c | 26 +- crypto/openssl/ssl/t1_enc.c | 51 +- crypto/openssl/ssl/t1_lib.c | 42 +- crypto/openssl/ssl/t1_meth.c | 28 +- crypto/openssl/ssl/t1_srvr.c | 26 +- crypto/openssl/ssl/tls1.h | 81 +- crypto/openssl/test/CAss.cnf | 51 + crypto/openssl/test/Makefile | 837 +++----- crypto/openssl/test/P1ss.cnf | 37 + crypto/openssl/test/P2ss.cnf | 45 + crypto/openssl/test/Uss.cnf | 8 + crypto/openssl/test/bctest | 2 +- crypto/openssl/test/evptests.txt | 107 +- crypto/openssl/test/tcrl | 9 +- crypto/openssl/test/testca | 7 +- crypto/openssl/test/testenc | 2 +- crypto/openssl/test/testgen | 6 +- crypto/openssl/test/testss | 86 +- crypto/openssl/test/testssl | 14 +- crypto/openssl/test/testsslproxy | 10 + crypto/openssl/test/tpkcs7 | 9 +- crypto/openssl/test/tpkcs7d | 9 +- crypto/openssl/test/treq | 11 +- crypto/openssl/test/trsa | 11 +- crypto/openssl/test/tsid | 9 +- crypto/openssl/test/tx509 | 9 +- crypto/openssl/tools/Makefile | 9 +- crypto/openssl/util/ck_errf.pl | 13 +- crypto/openssl/util/copy.pl | 59 + crypto/openssl/util/domd | 2 +- crypto/openssl/util/extract-section.pl | 12 + crypto/openssl/util/libeay.num | 621 +++++- crypto/openssl/util/mk1mf.pl | 482 +++-- crypto/openssl/util/mkdef.pl | 117 +- crypto/openssl/util/mkdir-p.pl | 1 + crypto/openssl/util/mkerr.pl | 154 +- crypto/openssl/util/mkfiles.pl | 12 +- crypto/openssl/util/mklink.pl | 7 +- crypto/openssl/util/mkstack.pl | 1 + crypto/openssl/util/opensslwrap.sh | 22 + crypto/openssl/util/pl/BC-32.pl | 27 +- crypto/openssl/util/pl/Mingw32.pl | 13 +- crypto/openssl/util/pl/OS2-EMX.pl | 12 +- crypto/openssl/util/pl/VC-32.pl | 207 +- crypto/openssl/util/pl/linux.pl | 11 +- crypto/openssl/util/pl/netware.pl | 341 ++++ crypto/openssl/util/pl/ultrix.pl | 11 +- crypto/openssl/util/pl/unix.pl | 9 +- crypto/openssl/util/pod2man.pl | 1 + crypto/openssl/util/selftest.pl | 26 +- crypto/openssl/util/shlib_wrap.sh | 70 + crypto/openssl/util/ssleay.num | 13 +- 915 files changed, 98999 insertions(+), 20663 deletions(-) create mode 100644 crypto/openssl/ChangeLog.0_9_7-stable_not-in-head create mode 100644 crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS create mode 100644 crypto/openssl/Makefile.shared create mode 100644 crypto/openssl/apps/ec.c create mode 100644 crypto/openssl/apps/ecparam.c create mode 100644 crypto/openssl/apps/timeouts.h create mode 100644 crypto/openssl/certs/argena.pem create mode 100644 crypto/openssl/certs/argeng.pem create mode 100644 crypto/openssl/certs/demo/ca-cert.pem create mode 100644 crypto/openssl/certs/demo/dsa-ca.pem create mode 100644 crypto/openssl/certs/demo/dsa-pca.pem create mode 100644 crypto/openssl/certs/demo/nortelCA.pem create mode 100644 crypto/openssl/certs/demo/pca-cert.pem create mode 100644 crypto/openssl/certs/demo/timCA.pem create mode 100644 crypto/openssl/certs/demo/tjhCA.pem create mode 100644 crypto/openssl/certs/demo/vsigntca.pem create mode 100644 crypto/openssl/certs/expired/RegTP-4R.pem create mode 100644 crypto/openssl/certs/expired/factory.pem create mode 100644 crypto/openssl/certs/expired/rsa-cca.pem create mode 100644 crypto/openssl/certs/expired/vsign2.pem create mode 100644 crypto/openssl/certs/wellsfgo.pem create mode 100644 crypto/openssl/crypto/LPdir_nyi.c create mode 100644 crypto/openssl/crypto/LPdir_unix.c create mode 100644 crypto/openssl/crypto/LPdir_vms.c create mode 100644 crypto/openssl/crypto/LPdir_win.c create mode 100644 crypto/openssl/crypto/LPdir_win32.c create mode 100644 crypto/openssl/crypto/LPdir_wince.c create mode 100755 crypto/openssl/crypto/aes/asm/aes-586.pl create mode 100644 crypto/openssl/crypto/aes/asm/aes-ia64.S create mode 100644 crypto/openssl/crypto/asn1/asn1_gen.c create mode 100644 crypto/openssl/crypto/bio/bio_lcl.h create mode 100644 crypto/openssl/crypto/bio/bss_dgram.c create mode 100644 crypto/openssl/crypto/bn/asm/ppc.pl create mode 100755 crypto/openssl/crypto/bn/bn_const.c create mode 100644 crypto/openssl/crypto/bn/bn_depr.c create mode 100644 crypto/openssl/crypto/bn/bn_gf2m.c create mode 100644 crypto/openssl/crypto/bn/bn_nist.c create mode 100644 crypto/openssl/crypto/des/asm/des_enc.m4 create mode 100644 crypto/openssl/crypto/dh/dh_depr.c create mode 100644 crypto/openssl/crypto/dsa/dsa_depr.c create mode 100644 crypto/openssl/crypto/ec/ec2_mult.c create mode 100644 crypto/openssl/crypto/ec/ec2_smpl.c create mode 100644 crypto/openssl/crypto/ec/ec2_smpt.c create mode 100644 crypto/openssl/crypto/ec/ec_asn1.c create mode 100644 crypto/openssl/crypto/ec/ec_check.c create mode 100644 crypto/openssl/crypto/ec/ec_curve.c create mode 100644 crypto/openssl/crypto/ec/ec_key.c create mode 100644 crypto/openssl/crypto/ec/ec_print.c create mode 100644 crypto/openssl/crypto/ecdh/Makefile create mode 100644 crypto/openssl/crypto/ecdh/ecdh.h create mode 100644 crypto/openssl/crypto/ecdh/ecdhtest.c create mode 100644 crypto/openssl/crypto/ecdh/ech_err.c create mode 100644 crypto/openssl/crypto/ecdh/ech_key.c create mode 100644 crypto/openssl/crypto/ecdh/ech_lib.c create mode 100644 crypto/openssl/crypto/ecdh/ech_locl.h create mode 100644 crypto/openssl/crypto/ecdh/ech_ossl.c create mode 100644 crypto/openssl/crypto/ecdsa/Makefile create mode 100644 crypto/openssl/crypto/ecdsa/ecdsa.h create mode 100644 crypto/openssl/crypto/ecdsa/ecdsatest.c create mode 100644 crypto/openssl/crypto/ecdsa/ecs_asn1.c create mode 100644 crypto/openssl/crypto/ecdsa/ecs_err.c create mode 100644 crypto/openssl/crypto/ecdsa/ecs_lib.c create mode 100644 crypto/openssl/crypto/ecdsa/ecs_locl.h create mode 100644 crypto/openssl/crypto/ecdsa/ecs_ossl.c create mode 100644 crypto/openssl/crypto/ecdsa/ecs_sign.c create mode 100644 crypto/openssl/crypto/ecdsa/ecs_vrf.c create mode 100644 crypto/openssl/crypto/engine/eng_cryptodev.c create mode 100644 crypto/openssl/crypto/engine/tb_ecdh.c create mode 100644 crypto/openssl/crypto/engine/tb_ecdsa.c create mode 100644 crypto/openssl/crypto/engine/tb_store.c create mode 100644 crypto/openssl/crypto/evp/m_ecdsa.c create mode 100644 crypto/openssl/crypto/ia64cpuid.S create mode 100755 crypto/openssl/crypto/md5/asm/md5-x86_64.pl create mode 100644 crypto/openssl/crypto/o_dir.c create mode 100644 crypto/openssl/crypto/o_dir.h create mode 100644 crypto/openssl/crypto/o_dir_test.c create mode 100755 crypto/openssl/crypto/perlasm/x86_64-xlate.pl create mode 100644 crypto/openssl/crypto/pqueue/Makefile create mode 100644 crypto/openssl/crypto/pqueue/pq_compat.h create mode 100644 crypto/openssl/crypto/pqueue/pq_test.c create mode 100644 crypto/openssl/crypto/pqueue/pqueue.c create mode 100644 crypto/openssl/crypto/pqueue/pqueue.h create mode 100644 crypto/openssl/crypto/rand/rand_nw.c create mode 100644 crypto/openssl/crypto/rc4/asm/rc4-ia64.S create mode 100755 crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl create mode 100644 crypto/openssl/crypto/rsa/rsa_depr.c create mode 100644 crypto/openssl/crypto/rsa/rsa_pss.c create mode 100644 crypto/openssl/crypto/rsa/rsa_x931.c create mode 100644 crypto/openssl/crypto/sha/asm/sha1-ia64.pl create mode 100755 crypto/openssl/crypto/sha/asm/sha512-ia64.pl create mode 100644 crypto/openssl/crypto/sha/asm/sha512-sse2.pl create mode 100644 crypto/openssl/crypto/sha/sha256.c create mode 100644 crypto/openssl/crypto/sha/sha256t.c create mode 100644 crypto/openssl/crypto/sha/sha512.c create mode 100644 crypto/openssl/crypto/sha/sha512t.c create mode 100644 crypto/openssl/crypto/sparccpuid.S create mode 100644 crypto/openssl/crypto/store/Makefile create mode 100644 crypto/openssl/crypto/store/README create mode 100644 crypto/openssl/crypto/store/store.h create mode 100644 crypto/openssl/crypto/store/str_err.c create mode 100644 crypto/openssl/crypto/store/str_lib.c create mode 100644 crypto/openssl/crypto/store/str_locl.h create mode 100644 crypto/openssl/crypto/store/str_mem.c create mode 100644 crypto/openssl/crypto/store/str_meth.c create mode 100644 crypto/openssl/crypto/x509/x509_vpm.c create mode 100644 crypto/openssl/crypto/x509v3/pcy_cache.c create mode 100644 crypto/openssl/crypto/x509v3/pcy_data.c create mode 100644 crypto/openssl/crypto/x509v3/pcy_int.h create mode 100644 crypto/openssl/crypto/x509v3/pcy_lib.c create mode 100644 crypto/openssl/crypto/x509v3/pcy_map.c create mode 100644 crypto/openssl/crypto/x509v3/pcy_node.c create mode 100644 crypto/openssl/crypto/x509v3/pcy_tree.c create mode 100644 crypto/openssl/crypto/x509v3/v3_ncons.c create mode 100644 crypto/openssl/crypto/x509v3/v3_pci.c create mode 100644 crypto/openssl/crypto/x509v3/v3_pcia.c create mode 100644 crypto/openssl/crypto/x509v3/v3_pcons.c create mode 100644 crypto/openssl/crypto/x509v3/v3_pmaps.c create mode 100644 crypto/openssl/crypto/x86_64cpuid.pl create mode 100644 crypto/openssl/crypto/x86cpuid.pl create mode 100755 crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh create mode 100755 crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh create mode 100644 crypto/openssl/demos/ssltest-ecc/README create mode 100755 crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh create mode 100755 crypto/openssl/demos/ssltest-ecc/ssltest.sh create mode 100755 crypto/openssl/demos/tunala/test.sh create mode 100644 crypto/openssl/doc/HOWTO/proxy_certificates.txt create mode 100644 crypto/openssl/doc/apps/ec.pod create mode 100644 crypto/openssl/doc/apps/ecparam.pod create mode 100644 crypto/openssl/doc/apps/errstr.pod create mode 100644 crypto/openssl/doc/apps/x509v3_config.pod create mode 100644 crypto/openssl/doc/crypto/ASN1_generate_nconf.pod create mode 100644 crypto/openssl/doc/crypto/BN_BLINDING_new.pod create mode 100644 crypto/openssl/doc/crypto/ERR_set_mark.pod create mode 100644 crypto/openssl/doc/crypto/OPENSSL_Applink.pod create mode 100644 crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod create mode 100644 crypto/openssl/doc/crypto/ecdsa.pod create mode 100644 crypto/openssl/doc/crypto/x509.pod create mode 100644 crypto/openssl/doc/fingerprints.txt create mode 100644 crypto/openssl/engines/Makefile create mode 100644 crypto/openssl/engines/axp.opt create mode 100644 crypto/openssl/engines/e_4758cca.c create mode 100644 crypto/openssl/engines/e_4758cca.ec create mode 100644 crypto/openssl/engines/e_4758cca_err.c create mode 100644 crypto/openssl/engines/e_4758cca_err.h create mode 100644 crypto/openssl/engines/e_aep.c create mode 100644 crypto/openssl/engines/e_aep.ec create mode 100644 crypto/openssl/engines/e_aep_err.c create mode 100644 crypto/openssl/engines/e_aep_err.h create mode 100644 crypto/openssl/engines/e_atalla.c create mode 100644 crypto/openssl/engines/e_atalla.ec create mode 100644 crypto/openssl/engines/e_atalla_err.c create mode 100644 crypto/openssl/engines/e_atalla_err.h create mode 100644 crypto/openssl/engines/e_chil.c create mode 100644 crypto/openssl/engines/e_chil.ec create mode 100644 crypto/openssl/engines/e_chil_err.c create mode 100644 crypto/openssl/engines/e_chil_err.h create mode 100644 crypto/openssl/engines/e_cswift.c create mode 100644 crypto/openssl/engines/e_cswift.ec create mode 100644 crypto/openssl/engines/e_cswift_err.c create mode 100644 crypto/openssl/engines/e_cswift_err.h create mode 100644 crypto/openssl/engines/e_gmp.c create mode 100644 crypto/openssl/engines/e_gmp.ec create mode 100644 crypto/openssl/engines/e_gmp_err.c create mode 100644 crypto/openssl/engines/e_gmp_err.h create mode 100644 crypto/openssl/engines/e_nuron.c create mode 100644 crypto/openssl/engines/e_nuron.ec create mode 100644 crypto/openssl/engines/e_nuron_err.c create mode 100644 crypto/openssl/engines/e_nuron_err.h create mode 100644 crypto/openssl/engines/e_sureware.c create mode 100644 crypto/openssl/engines/e_sureware.ec create mode 100644 crypto/openssl/engines/e_sureware_err.c create mode 100644 crypto/openssl/engines/e_sureware_err.h create mode 100644 crypto/openssl/engines/e_ubsec.c create mode 100644 crypto/openssl/engines/e_ubsec.ec create mode 100644 crypto/openssl/engines/e_ubsec_err.c create mode 100644 crypto/openssl/engines/e_ubsec_err.h create mode 100644 crypto/openssl/engines/engine_vector.mar create mode 100644 crypto/openssl/engines/vax.opt create mode 100644 crypto/openssl/engines/vendor_defns/aep.h create mode 100644 crypto/openssl/engines/vendor_defns/atalla.h create mode 100644 crypto/openssl/engines/vendor_defns/cswift.h create mode 100644 crypto/openssl/engines/vendor_defns/hw_4758_cca.h create mode 100644 crypto/openssl/engines/vendor_defns/hw_ubsec.h create mode 100644 crypto/openssl/engines/vendor_defns/hwcryptohook.h create mode 100644 crypto/openssl/engines/vendor_defns/sureware.h create mode 100644 crypto/openssl/ssl/d1_both.c create mode 100644 crypto/openssl/ssl/d1_clnt.c create mode 100644 crypto/openssl/ssl/d1_enc.c create mode 100644 crypto/openssl/ssl/d1_lib.c create mode 100644 crypto/openssl/ssl/d1_meth.c create mode 100644 crypto/openssl/ssl/d1_pkt.c create mode 100644 crypto/openssl/ssl/d1_srvr.c create mode 100644 crypto/openssl/ssl/dtls1.h create mode 100644 crypto/openssl/test/P1ss.cnf create mode 100644 crypto/openssl/test/P2ss.cnf create mode 100644 crypto/openssl/test/testsslproxy create mode 100644 crypto/openssl/util/copy.pl create mode 100644 crypto/openssl/util/extract-section.pl create mode 100755 crypto/openssl/util/opensslwrap.sh create mode 100644 crypto/openssl/util/pl/netware.pl create mode 100755 crypto/openssl/util/shlib_wrap.sh diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 048349e..ce9de56 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,1058 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8a and 0.9.8b [04 May 2006] + + *) When applying a cipher rule check to see if string match is an explicit + cipher suite and only match that one cipher suite if it is. + [Steve Henson] + + *) Link in manifests for VC++ if needed. + [Austin Ziegler ] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-12.txt with proposed changes (but without + TLS extensions, which are supported starting with the 0.9.9 + branch, not in the OpenSSL 0.9.8 branch). + [Douglas Stebila] + + *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support + opaque EVP_CIPHER_CTX handling. + [Steve Henson] + + *) Fixes and enhancements to zlib compression code. We now only use + "zlib1.dll" and use the default __cdecl calling convention on Win32 + to conform with the standards mentioned here: + http://www.zlib.net/DLL_FAQ.txt + Static zlib linking now works on Windows and the new --with-zlib-include + --with-zlib-lib options to Configure can be used to supply the location + of the headers and library. Gracefully handle case where zlib library + can't be loaded. + [Steve Henson] + + *) Several fixes and enhancements to the OID generation code. The old code + sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't + handle numbers larger than ULONG_MAX, truncated printing and had a + non standard OBJ_obj2txt() behaviour. + [Steve Henson] + + *) Add support for building of engines under engine/ as shared libraries + under VC++ build system. + [Steve Henson] + + *) Corrected the numerous bugs in the Win32 path splitter in DSO. + Hopefully, we will not see any false combination of paths any more. + [Richard Levitte] + + Changes between 0.9.8 and 0.9.8a [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. (CVE-2005-2969) + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] + + *) Add two function to clear and return the verify parameter flags. + [Steve Henson] + + *) Keep cipherlists sorted in the source instead of sorting them at + runtime, thus removing the need for a lock. + [Nils Larsch] + + *) Avoid some small subgroup attacks in Diffie-Hellman. + [Nick Mathewson and Ben Laurie] + + *) Add functions for well-known primes. + [Nick Mathewson] + + *) Extended Windows CE support. + [Satoshi Nakamura and Andy Polyakov] + + *) Initialize SSL_METHOD structures at compile time instead of during + runtime, thus removing the need for a lock. + [Steve Henson] + + *) Make PKCS7_decrypt() work even if no certificate is supplied by + attempting to decrypt each encrypted key in turn. Add support to + smime utility. + [Steve Henson] + + Changes between 0.9.7h and 0.9.8 [05 Jul 2005] + + *) Add libcrypto.pc and libssl.pc for those who feel they need them. + [Richard Levitte] + + *) Change CA.sh and CA.pl so they don't bundle the CSR and the private + key into the same file any more. + [Richard Levitte] + + *) Add initial support for Win64, both IA64 and AMD64/x64 flavors. + [Andy Polyakov] + + *) Add -utf8 command line and config file option to 'ca'. + [Stefan and Geoff Thorpe] + + *) Add attribute functions to EVP_PKEY structure. Modify + PKCS12_create() to recognize a CSP name attribute and + use it. Make -CSP option work again in pkcs12 utility. + [Steve Henson] + + *) Add new functionality to the bn blinding code: + - automatic re-creation of the BN_BLINDING parameters after + a fixed number of uses (currently 32) + - add new function for parameter creation + - introduce flags to control the update behaviour of the + BN_BLINDING parameters + - hide BN_BLINDING structure + Add a second BN_BLINDING slot to the RSA structure to improve + performance when a single RSA object is shared among several + threads. + [Nils Larsch] + + *) Add support for DTLS. + [Nagendra Modadugu and Ben Laurie] + + *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1) + to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() + [Walter Goulet] + + *) Remove buggy and incompletet DH cert support from + ssl/ssl_rsa.c and ssl/s3_both.c + [Nils Larsch] + + *) Use SHA-1 instead of MD5 as the default digest algorithm for + the apps/openssl applications. + [Nils Larsch] + + *) Compile clean with "-Wall -Wmissing-prototypes + -Wstrict-prototypes -Wmissing-declarations -Werror". Currently + DEBUG_SAFESTACK must also be set. + [Ben Laurie] + + *) Change ./Configure so that certain algorithms can be disabled by default. + The new counterpiece to "no-xxx" is "enable-xxx". + + The patented RC5 and MDC2 algorithms will now be disabled unless + "enable-rc5" and "enable-mdc2", respectively, are specified. + + (IDEA remains enabled despite being patented. This is because IDEA + is frequently required for interoperability, and there is no license + fee for non-commercial use. As before, "no-idea" can be used to + avoid this algorithm.) + + [Bodo Moeller] + + *) Add processing of proxy certificates (see RFC 3820). This work was + sponsored by KTH (The Royal Institute of Technology in Stockholm) and + EGEE (Enabling Grids for E-science in Europe). + [Richard Levitte] + + *) RC4 performance overhaul on modern architectures/implementations, such + as Intel P4, IA-64 and AMD64. + [Andy Polyakov] + + *) New utility extract-section.pl. This can be used specify an alternative + section number in a pod file instead of having to treat each file as + a separate case in Makefile. This can be done by adding two lines to the + pod file: + + =for comment openssl_section:XXX + + The blank line is mandatory. + + [Steve Henson] + + *) New arguments -certform, -keyform and -pass for s_client and s_server + to allow alternative format key and certificate files and passphrase + sources. + [Steve Henson] + + *) New structure X509_VERIFY_PARAM which combines current verify parameters, + update associated structures and add various utility functions. + + Add new policy related verify parameters, include policy checking in + standard verify code. Enhance 'smime' application with extra parameters + to support policy checking and print out. + [Steve Henson] + + *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3 + Nehemiah processors. These extensions support AES encryption in hardware + as well as RNG (though RNG support is currently disabled). + [Michal Ludvig , with help from Andy Polyakov] + + *) Deprecate BN_[get|set]_params() functions (they were ignored internally). + [Geoff Thorpe] + + *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented. + [Andy Polyakov and a number of other people] + + *) Improved PowerPC platform support. Most notably BIGNUM assembler + implementation contributed by IBM. + [Suresh Chari, Peter Waltenberg, Andy Polyakov] + + *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public + exponent rather than 'unsigned long'. There is a corresponding change to + the new 'rsa_keygen' element of the RSA_METHOD structure. + [Jelte Jansen, Geoff Thorpe] + + *) Functionality for creating the initial serial number file is now + moved from CA.pl to the 'ca' utility with a new option -create_serial. + + (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial + number file to 1, which is bound to cause problems. To avoid + the problems while respecting compatibility between different 0.9.7 + patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in + CA.pl for serial number initialization. With the new release 0.9.8, + we can fix the problem directly in the 'ca' utility.) + [Steve Henson] + + *) Reduced header interdepencies by declaring more opaque objects in + ossl_typ.h. As a consequence, including some headers (eg. engine.h) will + give fewer recursive includes, which could break lazy source code - so + this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always, + developers should define this symbol when building and using openssl to + ensure they track the recommended behaviour, interfaces, [etc], but + backwards-compatible behaviour prevails when this isn't defined. + [Geoff Thorpe] + + *) New function X509_POLICY_NODE_print() which prints out policy nodes. + [Steve Henson] + + *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. + This will generate a random key of the appropriate length based on the + cipher context. The EVP_CIPHER can provide its own random key generation + routine to support keys of a specific form. This is used in the des and + 3des routines to generate a key of the correct parity. Update S/MIME + code to use new functions and hence generate correct parity DES keys. + Add EVP_CHECK_DES_KEY #define to return an error if the key is not + valid (weak or incorrect parity). + [Steve Henson] + + *) Add a local set of CRLs that can be used by X509_verify_cert() as well + as looking them up. This is useful when the verified structure may contain + CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs + present unless the new PKCS7_NO_CRL flag is asserted. + [Steve Henson] + + *) Extend ASN1 oid configuration module. It now additionally accepts the + syntax: + + shortName = some long name, 1.2.3.4 + [Steve Henson] + + *) Reimplemented the BN_CTX implementation. There is now no more static + limitation on the number of variables it can handle nor the depth of the + "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack + information can now expand as required, and rather than having a single + static array of bignums, BN_CTX now uses a linked-list of such arrays + allowing it to expand on demand whilst maintaining the usefulness of + BN_CTX's "bundling". + [Geoff Thorpe] + + *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD + to allow all RSA operations to function using a single BN_CTX. + [Geoff Thorpe] + + *) Preliminary support for certificate policy evaluation and checking. This + is initially intended to pass the tests outlined in "Conformance Testing + of Relying Party Client Certificate Path Processing Logic" v1.07. + [Steve Henson] + + *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and + remained unused and not that useful. A variety of other little bignum + tweaks and fixes have also been made continuing on from the audit (see + below). + [Geoff Thorpe] + + *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with + associated ASN1, EVP and SSL functions and old ASN1 macros. + [Richard Levitte] + + *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, + and this should never fail. So the return value from the use of + BN_set_word() (which can fail due to needless expansion) is now deprecated; + if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. + [Geoff Thorpe] + + *) BN_CTX_get() should return zero-valued bignums, providing the same + initialised value as BN_new(). + [Geoff Thorpe, suggested by Ulf Möller] + + *) Support for inhibitAnyPolicy certificate extension. + [Steve Henson] + + *) An audit of the BIGNUM code is underway, for which debugging code is + enabled when BN_DEBUG is defined. This makes stricter enforcements on what + is considered valid when processing BIGNUMs, and causes execution to + assert() when a problem is discovered. If BN_DEBUG_RAND is defined, + further steps are taken to deliberately pollute unused data in BIGNUM + structures to try and expose faulty code further on. For now, openssl will + (in its default mode of operation) continue to tolerate the inconsistent + forms that it has tolerated in the past, but authors and packagers should + consider trying openssl and their own applications when compiled with + these debugging symbols defined. It will help highlight potential bugs in + their own code, and will improve the test coverage for OpenSSL itself. At + some point, these tighter rules will become openssl's default to improve + maintainability, though the assert()s and other overheads will remain only + in debugging configurations. See bn.h for more details. + [Geoff Thorpe, Nils Larsch, Ulf Möller] + + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure + that can only be obtained through BN_CTX_new() (which implicitly + initialises it). The presence of this function only made it possible + to overwrite an existing structure (and cause memory leaks). + [Geoff Thorpe] + + *) Because of the callback-based approach for implementing LHASH as a + template type, lh_insert() adds opaque objects to hash-tables and + lh_doall() or lh_doall_arg() are typically used with a destructor callback + to clean up those corresponding objects before destroying the hash table + (and losing the object pointers). So some over-zealous constifications in + LHASH have been relaxed so that lh_insert() does not take (nor store) the + objects as "const" and the lh_doall[_arg] callback wrappers are not + prototyped to have "const" restrictions on the object pointers they are + given (and so aren't required to cast them away any more). + [Geoff Thorpe] + + *) The tmdiff.h API was so ugly and minimal that our own timing utility + (speed) prefers to use its own implementation. The two implementations + haven't been consolidated as yet (volunteers?) but the tmdiff API has had + its object type properly exposed (MS_TM) instead of casting to/from "char + *". This may still change yet if someone realises MS_TM and "ms_time_***" + aren't necessarily the greatest nomenclatures - but this is what was used + internally to the implementation so I've used that for now. + [Geoff Thorpe] + + *) Ensure that deprecated functions do not get compiled when + OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of + the self-tests were still using deprecated key-generation functions so + these have been updated also. + [Geoff Thorpe] + + *) Reorganise PKCS#7 code to separate the digest location functionality + into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + New function PKCS7_set_digest() to set the digest type for PKCS#7 + digestedData type. Add additional code to correctly generate the + digestedData type and add support for this type in PKCS7 initialization + functions. + [Steve Henson] + + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". + [Steve Henson] + + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making + sure the loop does correctly stop and breaking ("division by zero") + modulus operations are not performed. The (pre-generated) prime + table crypto/bn/bn_prime.h was already correct, but it could not be + re-generated on some platforms because of the "division by zero" + situation in the script. + [Ralf S. Engelschall] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with + SHA-1 now is only used for "small" curves (where the + representation of a field element takes up to 24 bytes); for + larger curves, the field element resulting from ECDH is directly + used as premaster secret. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 + curve secp160r1 to the tests. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add the possibility to load symbols globally with DSO. + [Götz Babin-Ebell via Richard Levitte] + + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better + control of the error stack. + [Richard Levitte] + + *) Add support for STORE in ENGINE. + [Richard Levitte] + + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + + *) Add a generic structure called OPENSSL_ITEM. This can be used to + pass a list of arguments to any function as well as provide a way + for a function to pass data back to the caller. + [Richard Levitte] + + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() + works like BUF_strdup() but can be used to duplicate a portion of + a string. The copy gets NUL-terminated. BUF_memdup() duplicates + a memory area. + [Richard Levitte] + + *) Add the function sk_find_ex() which works like sk_find(), but will + return an index to an element even if an exact match couldn't be + found. The index is guaranteed to point at the element where the + searched-for key would be inserted to preserve sorting order. + [Richard Levitte] + + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but + takes an extra flags argument for optional functionality. Currently, + the following flags are defined: + + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. + + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. + [Richard Levitte] + + *) Make it possible to create self-signed certificates with 'openssl ca' + in such a way that the self-signed certificate becomes part of the + CA database and uses the same mechanisms for serial number generation + as all other certificate signing. The new flag '-selfsign' enables + this functionality. Adapt CA.sh and CA.pl.in. + [Richard Levitte] + + *) Add functionality to check the public key of a certificate request + against a given private. This is useful to check that a certificate + request can be signed by that key (self-signing). + [Richard Levitte] + + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + + *) Generate muti valued AVAs using '+' notation in config files for + req and dirName. + [Steve Henson] + + *) Support for nameConstraints certificate extension. + [Steve Henson] + + *) Support for policyConstraints certificate extension. + [Steve Henson] + + *) Support for policyMappings certificate extension. + [Steve Henson] + + *) Make sure the default DSA_METHOD implementation only uses its + dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, + and change its own handlers to be NULL so as to remove unnecessary + indirection. This lets alternative implementations fallback to the + default implementation more easily. + [Geoff Thorpe] + + *) Support for directoryName in GeneralName related extensions + in config files. + [Steve Henson] + + *) Make it possible to link applications using Makefile.shared. + Make that possible even when linking against static libraries! + [Richard Levitte] + + *) Support for single pass processing for S/MIME signing. This now + means that S/MIME signing can be done from a pipe, in addition + cleartext signing (multipart/signed type) is effectively streaming + and the signed data does not need to be all held in memory. + + This is done with a new flag PKCS7_STREAM. When this flag is set + PKCS7_sign() only initializes the PKCS7 structure and the actual signing + is done after the data is output (and digests calculated) in + SMIME_write_PKCS7(). + [Steve Henson] + + *) Add full support for -rpath/-R, both in shared libraries and + applications, at least on the platforms where it's known how + to do it. + [Richard Levitte] + + *) In crypto/ec/ec_mult.c, implement fast point multiplication with + precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() + will now compute a table of multiples of the generator that + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul() + faster (notably in the case of a single point multiplication, + scalar * generator). + [Nils Larsch, Bodo Moeller] + + *) IPv6 support for certificate extensions. The various extensions + which use the IP:a.b.c.d can now take IPv6 addresses using the + formats of RFC1884 2.2 . IPv6 addresses are now also displayed + correctly. + [Steve Henson] + + *) Added an ENGINE that implements RSA by performing private key + exponentiations with the GMP library. The conversions to and from + GMP's mpz_t format aren't optimised nor are any montgomery forms + cached, and on x86 it appears OpenSSL's own performance has caught up. + However there are likely to be other architectures where GMP could + provide a boost. This ENGINE is not built in by default, but it can be + specified at Configure time and should be accompanied by the necessary + linker additions, eg; + ./config -DOPENSSL_USE_GMP -lgmp + [Geoff Thorpe] + + *) "openssl engine" will not display ENGINE/DSO load failure errors when + testing availability of engines with "-t" - the old behaviour is + produced by increasing the feature's verbosity with "-tt". + [Geoff Thorpe] + + *) ECDSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Nils Larsch + via PR#459) + [Lutz Jaenicke] + + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + + *) Change the "progress" mechanism used in key-generation and + primality testing to functions that take a new BN_GENCB pointer in + place of callback/argument pairs. The new API functions have "_ex" + postfixes and the older functions are reimplemented as wrappers for + the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide + declarations of the old functions to help (graceful) attempts to + migrate to the new functions. Also, the new key-generation API + functions operate on a caller-supplied key-structure and return + success/failure rather than returning a key or NULL - this is to + help make "keygen" another member function of RSA_METHOD etc. + + Example for using the new callback interface: + + int (*my_callback)(int a, int b, BN_GENCB *cb) = ...; + void *my_arg = ...; + BN_GENCB my_cb; + + BN_GENCB_set(&my_cb, my_callback, my_arg); + + return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb); + /* For the meaning of a, b in calls to my_callback(), see the + * documentation of the function that calls the callback. + * cb will point to my_cb; my_arg can be retrieved as cb->arg. + * my_callback should return 1 if it wants BN_is_prime_ex() + * to continue, or 0 to stop. + */ + + [Geoff Thorpe] + + *) Change the ZLIB compression method to be stateful, and make it + available to TLS with the number defined in + draft-ietf-tls-compression-04.txt. + [Richard Levitte] + + *) Add the ASN.1 structures and functions for CertificatePair, which + is defined as follows (according to X.509_4thEditionDraftV6.pdf): + + CertificatePair ::= SEQUENCE { + forward [0] Certificate OPTIONAL, + reverse [1] Certificate OPTIONAL, + -- at least one of the pair shall be present -- } + + Also implement the PEM functions to read and write certificate + pairs, and defined the PEM tag as "CERTIFICATE PAIR". + + This needed to be defined, mostly for the sake of the LDAP + attribute crossCertificatePair, but may prove useful elsewhere as + well. + [Richard Levitte] + + *) Make it possible to inhibit symlinking of shared libraries in + Makefile.shared, for Cygwin's sake. + [Richard Levitte] + + *) Extend the BIGNUM API by creating a function + void BN_set_negative(BIGNUM *a, int neg); + and a macro that behave like + int BN_is_negative(const BIGNUM *a); + + to avoid the need to access 'a->neg' directly in applications. + [Nils Larsch] + + *) Implement fast modular reduction for pseudo-Mersenne primes + used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). + EC_GROUP_new_curve_GFp() will now automatically use this + if applicable. + [Nils Larsch ] + + *) Add new lock type (CRYPTO_LOCK_BN). + [Bodo Moeller] + + *) Change the ENGINE framework to automatically load engines + dynamically from specific directories unless they could be + found to already be built in or loaded. Move all the + current engines except for the cryptodev one to a new + directory engines/. + The engines in engines/ are built as shared libraries if + the "shared" options was given to ./Configure or ./config. + Otherwise, they are inserted in libcrypto.a. + /usr/local/ssl/engines is the default directory for dynamic + engines, but that can be overriden at configure time through + the usual use of --prefix and/or --openssldir, and at run + time with the environment variable OPENSSL_ENGINES. + [Geoff Thorpe and Richard Levitte] + + *) Add Makefile.shared, a helper makefile to build shared + libraries. Addapt Makefile.org. + [Richard Levitte] + + *) Add version info to Win32 DLLs. + [Peter 'Luna' Runestig" ] + + *) Add new 'medium level' PKCS#12 API. Certificates and keys + can be added using this API to created arbitrary PKCS#12 + files while avoiding the low level API. + + New options to PKCS12_create(), key or cert can be NULL and + will then be omitted from the output file. The encryption + algorithm NIDs can be set to -1 for no encryption, the mac + iteration count can be set to 0 to omit the mac. + + Enhance pkcs12 utility by making the -nokeys and -nocerts + options work when creating a PKCS#12 file. New option -nomac + to omit the mac, NONE can be set for an encryption algorithm. + New code is modified to use the enhanced PKCS12_create() + instead of the low level API. + [Steve Henson] + + *) Extend ASN1 encoder to support indefinite length constructed + encoding. This can output sequences tags and octet strings in + this form. Modify pk7_asn1.c to support indefinite length + encoding. This is experimental and needs additional code to + be useful, such as an ASN1 bio and some enhanced streaming + PKCS#7 code. + + Extend template encode functionality so that tagging is passed + down to the template encoder. + [Steve Henson] + + *) Let 'openssl req' fail if an argument to '-newkey' is not + recognized instead of using RSA as a default. + [Bodo Moeller] + + *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt. + As these are not official, they are not included in "ALL"; + the "ECCdraft" ciphersuite group alias can be used to select them. + [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)] + + *) Add ECDH engine support. + [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add ECDH in new directory crypto/ecdh/. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Let BN_rand_range() abort with an error after 100 iterations + without success (which indicates a broken PRNG). + [Bodo Moeller] + + *) Change BN_mod_sqrt() so that it verifies that the input value + is really the square of the return value. (Previously, + BN_mod_sqrt would show GIGO behaviour.) + [Bodo Moeller] + + *) Add named elliptic curves over binary fields from X9.62, SECG, + and WAP/WTLS; add OIDs that were still missing. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Extend the EC library for elliptic curves over binary fields + (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). + New EC_METHOD: + + EC_GF2m_simple_method + + New API functions: + + EC_GROUP_new_curve_GF2m + EC_GROUP_set_curve_GF2m + EC_GROUP_get_curve_GF2m + EC_POINT_set_affine_coordinates_GF2m + EC_POINT_get_affine_coordinates_GF2m + EC_POINT_set_compressed_coordinates_GF2m + + Point compression for binary fields is disabled by default for + patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to + enable it). + + As binary polynomials are represented as BIGNUMs, various members + of the EC_GROUP and EC_POINT data structures can be shared + between the implementations for prime fields and binary fields; + the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) + are essentially identical to their ..._GFp counterparts. + (For simplicity, the '..._GFp' prefix has been dropped from + various internal method names.) + + An internal 'field_div' method (similar to 'field_mul' and + 'field_sqr') has been added; this is used only for binary fields. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() + through methods ('mul', 'precompute_mult'). + + The generic implementations (now internally called 'ec_wNAF_mul' + and 'ec_wNAF_precomputed_mult') remain the default if these + methods are undefined. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) New function EC_GROUP_get_degree, which is defined through + EC_METHOD. For curves over prime fields, this returns the bit + length of the modulus. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) New functions EC_GROUP_dup, EC_POINT_dup. + (These simply call ..._new and ..._copy). + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. + Polynomials are represented as BIGNUMs (where the sign bit is not + used) in the following functions [macros]: + + BN_GF2m_add + BN_GF2m_sub [= BN_GF2m_add] + BN_GF2m_mod [wrapper for BN_GF2m_mod_arr] + BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr] + BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr] + BN_GF2m_mod_inv + BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr] + BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr] + BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr] + BN_GF2m_cmp [= BN_ucmp] + + (Note that only the 'mod' functions are actually for fields GF(2^m). + BN_GF2m_add() is misnomer, but this is for the sake of consistency.) + + For some functions, an the irreducible polynomial defining a + field can be given as an 'unsigned int[]' with strictly + decreasing elements giving the indices of those bits that are set; + i.e., p[] represents the polynomial + f(t) = t^p[0] + t^p[1] + ... + t^p[k] + where + p[0] > p[1] > ... > p[k] = 0. + This applies to the following functions: + + BN_GF2m_mod_arr + BN_GF2m_mod_mul_arr + BN_GF2m_mod_sqr_arr + BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv] + BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div] + BN_GF2m_mod_exp_arr + BN_GF2m_mod_sqrt_arr + BN_GF2m_mod_solve_quad_arr + BN_GF2m_poly2arr + BN_GF2m_arr2poly + + Conversion can be performed by the following functions: + + BN_GF2m_poly2arr + BN_GF2m_arr2poly + + bntest.c has additional tests for binary polynomial arithmetic. + + Two implementations for BN_GF2m_mod_div() are available. + The default algorithm simply uses BN_GF2m_mod_inv() and + BN_GF2m_mod_mul(). The alternative algorithm is compiled in only + if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the + copyright notice in crypto/bn/bn_gf2m.c before enabling it). + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Add new error code 'ERR_R_DISABLED' that can be used when some + functionality is disabled at compile-time. + [Douglas Stebila ] + + *) Change default behaviour of 'openssl asn1parse' so that more + information is visible when viewing, e.g., a certificate: + + Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' + mode the content of non-printable OCTET STRINGs is output in a + style similar to INTEGERs, but with '[HEX DUMP]' prepended to + avoid the appearance of a printable string. + [Nils Larsch ] + + *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access + functions + EC_GROUP_set_asn1_flag() + EC_GROUP_get_asn1_flag() + EC_GROUP_set_point_conversion_form() + EC_GROUP_get_point_conversion_form() + These control ASN1 encoding details: + - Curves (i.e., groups) are encoded explicitly unless asn1_flag + has been set to OPENSSL_EC_NAMED_CURVE. + - Points are encoded in uncompressed form by default; options for + asn1_for are as for point2oct, namely + POINT_CONVERSION_COMPRESSED + POINT_CONVERSION_UNCOMPRESSED + POINT_CONVERSION_HYBRID + + Also add 'seed' and 'seed_len' members to EC_GROUP with access + functions + EC_GROUP_set_seed() + EC_GROUP_get0_seed() + EC_GROUP_get_seed_len() + This is used only for ASN1 purposes (so far). + [Nils Larsch ] + + *) Add 'field_type' member to EC_METHOD, which holds the NID + of the appropriate field type OID. The new function + EC_METHOD_get_field_type() returns this value. + [Nils Larsch ] + + *) Add functions + EC_POINT_point2bn() + EC_POINT_bn2point() + EC_POINT_point2hex() + EC_POINT_hex2point() + providing useful interfaces to EC_POINT_point2oct() and + EC_POINT_oct2point(). + [Nils Larsch ] + + *) Change internals of the EC library so that the functions + EC_GROUP_set_generator() + EC_GROUP_get_generator() + EC_GROUP_get_order() + EC_GROUP_get_cofactor() + are implemented directly in crypto/ec/ec_lib.c and not dispatched + to methods, which would lead to unnecessary code duplication when + adding different types of curves. + [Nils Larsch with input by Bodo Moeller] + + *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM + arithmetic, and such that modified wNAFs are generated + (which avoid length expansion in many cases). + [Bodo Moeller] + + *) Add a function EC_GROUP_check_discriminant() (defined via + EC_METHOD) that verifies that the curve discriminant is non-zero. + + Add a function EC_GROUP_check() that makes some sanity tests + on a EC_GROUP, its generator and order. This includes + EC_GROUP_check_discriminant(). + [Nils Larsch ] + + *) Add ECDSA in new directory crypto/ecdsa/. + + Add applications 'openssl ecparam' and 'openssl ecdsa' + (these are based on 'openssl dsaparam' and 'openssl dsa'). + + ECDSA support is also included in various other files across the + library. Most notably, + - 'openssl req' now has a '-newkey ecdsa:file' option; + - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; + - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and + d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make + them suitable for ECDSA where domain parameters must be + extracted before the specific public key; + - ECDSA engine support has been added. + [Nils Larsch ] + + *) Include some named elliptic curves, and add OIDs from X9.62, + SECG, and WAP/WTLS. Each curve can be obtained from the new + function + EC_GROUP_new_by_curve_name(), + and the list of available named curves can be obtained with + EC_get_builtin_curves(). + Also add a 'curve_name' member to EC_GROUP objects, which can be + accessed via + EC_GROUP_set_curve_name() + EC_GROUP_get_curve_name() + [Nils Larsch 4 (some 64 bit platforms). + + This change has negligible security impact because: + + 1. Server and client random values still have 24 bytes of pseudo random + data. + + 2. Server and client random values are sent in the clear in the initial + handshake. + + 3. The master secret is derived using the premaster secret (48 bytes in + size for static RSA ciphersuites) as well as client server and random + values. + + The OpenSSL team would like to thank the UK NISCC for bringing this issue + to our attention. + + [Stephen Henson, reported by UK NISCC] + + *) Use Windows randomness collection on Cygwin. + [Ulf Möller] + + *) Fix hang in EGD/PRNGD query when communication socket is closed + prematurely by EGD/PRNGD. + [Darren Tucker via Lutz Jänicke, resolves #1014] + + *) Prompt for pass phrases when appropriate for PKCS12 input format. + [Steve Henson] + + *) Back-port of selected performance improvements from development + branch, as well as improved support for PowerPC platforms. + [Andy Polyakov] + + *) Add lots of checks for memory allocation failure, error codes to indicate + failure and freeing up memory if a failure occurs. + [Nauticus Networks SSL Team , Steve Henson] + + *) Add new -passin argument to dgst. + [Steve Henson] + + *) Perform some character comparisons of different types in X509_NAME_cmp: + this is needed for some certificates that reencode DNs into UTF8Strings + (in violation of RFC3280) and can't or wont issue name rollover + certificates. + [Steve Henson] + + *) Make an explicit check during certificate validation to see that + the CA setting in each certificate on the chain is correct. As a + side effect always do the following basic checks on extensions, + not just when there's an associated purpose to the check: + + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) + [Richard Levitte] + Changes between 0.9.7d and 0.9.7e [25 Oct 2004] *) Avoid a race condition when CRLs are checked in a multi threaded @@ -29,11 +1081,11 @@ Changes between 0.9.7c and 0.9.7d [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed - by using the Codenomicon TLS Test Tool (CAN-2004-0079) + by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites - (CAN-2004-0112) + (CVE-2004-0112) [Joe Orton, Steve Henson] *) Make it possible to have multiple active certificates with the same @@ -76,9 +1128,9 @@ *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with - invalid tags (CAN-2003-0543 and CAN-2003-0544). + invalid tags (CVE-2003-0543 and CVE-2003-0544). - Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. @@ -163,7 +1215,7 @@ via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish - between bad padding and a MAC verification error. (CAN-2003-0078) + between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and @@ -380,7 +1432,7 @@ Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized master key in Kerberos-enabled versions. - (CAN-2002-0657) + (CVE-2002-0657) [Ben Laurie (CHATS)] *) Change the SSL kerb5 codes to match RFC 2712. @@ -2064,7 +3116,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6l and 0.9.6m [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed - by using the Codenomicon TLS Test Tool (CAN-2004-0079) + by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] @@ -2072,7 +3124,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix additional bug revealed by the NISCC test suite: Stop bug triggering large recursion when presented with - certain ASN.1 tags (CAN-2003-0851) + certain ASN.1 tags (CVE-2003-0851) [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] @@ -2080,7 +3132,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with - invalid tags (CAN-2003-0543 and CAN-2003-0544). + invalid tags (CVE-2003-0543 and CVE-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. @@ -2132,7 +3184,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish - between bad padding and a MAC verification error. (CAN-2003-0078) + between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and @@ -2265,7 +3317,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the - supplied buffer. (CAN-2002-0659) + supplied buffer. (CVE-2002-0659) [Steve Henson, Adi Stav , James Yonan ] *) Assertions for various potential buffer overflows, not known to @@ -2273,15 +3325,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie (CHATS)] *) Various temporary buffers to hold ASCII versions of integers were - too small for 64 bit platforms. (CAN-2002-0655) + too small for 64 bit platforms. (CVE-2002-0655) [Matthew Byng-Maddick and Ben Laurie (CHATS)> *) Remote buffer overflow in SSL3 protocol - an attacker could - supply an oversized session ID to a client. (CAN-2002-0656) + supply an oversized session ID to a client. (CVE-2002-0656) [Ben Laurie (CHATS)] *) Remote buffer overflow in SSL2 protocol - an attacker could - supply an oversized client master key. (CAN-2002-0656) + supply an oversized client master key. (CVE-2002-0656) [Ben Laurie (CHATS)] Changes between 0.9.6c and 0.9.6d [9 May 2002] diff --git a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head new file mode 100644 index 0000000..1203a22 --- /dev/null +++ b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head @@ -0,0 +1,163 @@ +This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS, +provides a collection of those CVS change log entries for the +0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in +0.9.8-dev (CVS head). + +ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes +ChangeLog.0_9_7-stable_not-in-head - everything else + +Some obvious false positives have been eliminated: e.g., we do not +care about a simple "make update"; and we don't care about changes +identified to the 0.9.7 branch that were explicitly identified as +backports from head. + +Eliminating all other entries (and finally this file and its +compantion), either as false positives or as things that should go +into 0.9.8, remains to be done. Any additional changes to 0.9.7 that +are not immediately put into 0.9.8, but belong there as well, should +be added to the end of this file. + + +2002-11-04 17:33 levitte + + Changed: + Configure (1.314.2.38), "Exp", lines: +4 -2 + + Return my normal debug targets to something not so extreme, and + make the extreme ones special (or 'extreme', if you will :-)). + +2002-12-16 19:17 appro + + Changed: + crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0 + crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445 + + This is rollback to 0.9.6h bn_mul.c to address problem reported in + RT#272. + +2003-07-27 15:46 ben + + Changed: + crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0 + + Add untested CFB-r mode. Will be tested soon. + +2003-07-28 17:07 ben + + Changed: + Makefile.org (1.154.2.69), "Exp", lines: +5 -1 + crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0 + crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2 + crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16 + crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0 + crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1 + crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2 + crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11 + crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2 + crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5 + crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0 + crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0 + crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0 + fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0 + fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1 + fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1 + test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43 + + Add support for partial CFB modes, make tests work, update + dependencies. + +2003-07-29 12:56 ben + + Changed: + crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6 + crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0 + crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8 + crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1 + + Working CFB1 and test vectors. + +2003-07-29 15:24 ben + + Changed: + crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0 + crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5 + crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0 + crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0 + crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0 + fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1 + fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19 + + The rest of the keysizes for CFB1, working AES AVS test for CFB1. + +2003-07-29 19:05 ben + + Changed: + crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0 + crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0 + crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9 + crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0 + crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5 + crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0 + crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0 + crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0 + fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0 + + AES CFB8. + +2003-07-30 20:30 ben + + Changed: + Makefile.org (1.154.2.70), "Exp", lines: +16 -5 + crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1 + crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0 + crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14 + crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1 + crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0 + crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0 + crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23 + crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6 + crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0 + crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6 + fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1 + fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0 + fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1 + fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 + fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0 + fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0 + fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0 + fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0 + + Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. + +2003-08-01 12:25 ben + + Changed: + crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36 + crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0 + crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3 + crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0 + + Fix DES CFB-r. + +2003-08-01 12:31 ben + + Changed: + crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0 + + DES CFB8 test. + +2005-04-19 16:21 appro + + Changed: + Configure (1.314.2.117), "Exp", lines: +24 -21 + Makefile.org (1.154.2.100), "Exp", lines: +1 -11 + TABLE (1.99.2.52), "Exp", lines: +20 -20 + apps/Makefile (1.1.4.15), "Exp", lines: +1 -1 + test/Makefile (1.1.4.12), "Exp", lines: +1 -1 + + Enable shared link on HP-UX. + diff --git a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS new file mode 100644 index 0000000..1e6c88f --- /dev/null +++ b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS @@ -0,0 +1,1494 @@ +See file ChangeLog.0_9_7-stable_not-in-head for explanations. +This is the "FIPS"-related part. + + + +2003-07-27 19:00 ben + + Changed: + Configure (1.314.2.85), "Exp", lines: +2 -0 + Makefile.org (1.154.2.67), "Exp", lines: +12 -3 + crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 + crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 + crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 + crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 + crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 + crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 + crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 + crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 + crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 + crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 + crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 + crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 + crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 + crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 + crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 + crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 + crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 + crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 + crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 + crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 + crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 + crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 + crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 + crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 + crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 + crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 + crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 + crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 + crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 + fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 + fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 + fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 + fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 + fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 + fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 + fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 + fips/lib (1.1.2.1), "Exp", lines: +0 -0 + fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 + fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 + fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 + fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 + fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 + fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 + fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 + fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 + fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 + fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 + fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 + fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 + fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 + fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 + fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 + fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 + fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 + fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 + fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 + fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 + fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 + fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 + test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 + util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 + + Unfinished FIPS stuff for review/improvement. + +2003-07-27 19:19 ben + + Changed: + fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Use unified diff. + +2003-07-27 19:23 ben + + Changed: + fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 + fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 + fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Build in non-FIPS mode. + +2003-07-27 23:13 ben + + Changed: + Makefile.org (1.154.2.68), "Exp", lines: +1 -1 + fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 + fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 + fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 + fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 + fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 + fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Build when not FIPS. + +2003-07-28 11:56 ben + + Changed: + fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 + + New fingerprints. + +2003-07-29 16:06 ben + + Changed: + fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 + + Reformat. + +2003-07-29 16:34 ben + + Changed: + fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 + + MMT for CFB1 + +2003-07-29 17:17 ben + + Changed: + fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 + fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 + fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 + + Missing files. + +2003-07-31 23:30 levitte + + Changed: + Makefile.org (1.154.2.71), "Exp", lines: +2 -0 + + If FDIRS is to be treated like SDIRS, let's not forget to + initialize it in Makefile.org. + +2003-07-31 23:41 levitte + + Changed: + fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 + + No C++ comments in C programs! + +2003-08-01 15:07 steve + + Changed: + fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 + + Replace C++ style comments. + +2003-08-03 14:22 ben + + Changed: + fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 + + Make tests work (CFB1 still doesn't produce the right answers, + strangely). + +2003-08-08 12:08 levitte + + Changed: + fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 + + Avoid clashing with the regular DES functions when not compiling + with -DFIPS. This is basically only visible when building with + shared library supoort... + +2003-08-11 11:36 levitte + + Deleted: + fips/sha1/.cvsignore (1.1.2.2) + fips/sha1/Makefile.ssl (1.1.2.3) + fips/sha1/fingerprint.sha1 (1.1.2.3) + fips/sha1/fips_md32_common.h (1.1.2.2) + fips/sha1/fips_sha1dgst.c (1.1.2.3) + fips/sha1/fips_sha1test.c (1.1.2.3) + fips/sha1/fips_sha_locl.h (1.1.2.2) + fips/sha1/fips_standalone_sha1.c (1.1.2.3) + fips/sha1/sha1hashes.txt (1.1.2.2) + fips/sha1/sha1vectors.txt (1.1.2.2) + fips/sha1/standalone.sha1 (1.1.2.4) + fips/dsa/.cvsignore (1.1.2.2) + fips/dsa/Makefile.ssl (1.1.2.2) + fips/dsa/fingerprint.sha1 (1.1.2.3) + fips/dsa/fips_dsa_ossl.c (1.1.2.3) + fips/dsa/fips_dsatest.c (1.1.2.3) + fips/rand/.cvsignore (1.1.2.2) + fips/rand/Makefile.ssl (1.1.2.2) + fips/rand/fingerprint.sha1 (1.1.2.2) + fips/rand/fips_rand.c (1.1.2.2) + fips/rand/fips_rand.h (1.1.2.2) + fips/rand/fips_randtest.c (1.1.2.2) + fips/des/.cvsignore (1.1.2.2) + fips/des/Makefile.ssl (1.1.2.3) + fips/des/fingerprint.sha1 (1.1.2.2) + fips/des/fips_des_enc.c (1.1.2.3) + fips/des/fips_des_locl.h (1.1.2.2) + fips/des/fips_desmovs.c (1.1.2.3) + fips/aes/.cvsignore (1.1.2.2) + fips/aes/Makefile.ssl (1.1.2.5) + fips/aes/fingerprint.sha1 (1.1.2.2) + fips/aes/fips_aes_core.c (1.1.2.2) + fips/aes/fips_aes_locl.h (1.1.2.2) + fips/aes/fips_aesavs.c (1.1.2.9) + fips/.cvsignore (1.1.2.2) + fips/Makefile.ssl (1.1.2.6) + fips/fingerprint.sha1 (1.1.2.3) + fips/fips.c (1.1.2.2) + fips/fips.h (1.1.2.2) + fips/fips_check_sha1 (1.1.2.4) + fips/fips_err.c (1.1.2.2) + fips/fips_err_wrapper.c (1.1.2.2) + fips/fips_make_sha1 (1.1.2.4) + fips/lib (1.1.2.2) + Changed: + util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 + util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 + test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 + crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 + crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 + crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 + crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 + crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 + crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 + crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 + crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 + crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 + crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 + crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 + crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 + crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 + crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 + crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 + crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 + crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 + crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 + crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 + crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 + crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 + crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 + crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 + crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 + crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 + crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 + crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 + crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 + crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 + crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 + crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 + crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 + crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 + crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 + crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 + crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 + crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 + crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 + crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 + crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 + crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 + Configure (1.314.2.86), "Exp", lines: +0 -2 + Makefile.org (1.154.2.72), "Exp", lines: +8 -34 + TABLE (1.99.2.30), "Exp", lines: +0 -50 + + A new branch for FIPS-related changes has been created with the + name OpenSSL-fips-0_9_7-stable. + + Since the 0.9.7-stable branch is supposed to be in freeze + and should only contain bug corrections, this change removes the + FIPS changes from that branch. + +2004-05-11 14:44 ben + + Deleted: + apps/Makefile.ssl (1.100.2.27) + crypto/Makefile.ssl (1.84.2.12) + crypto/aes/Makefile.ssl (1.4.2.9) + crypto/asn1/Makefile.ssl (1.77.2.7) + crypto/bf/Makefile.ssl (1.25.2.6) + crypto/bio/Makefile.ssl (1.52.2.4) + crypto/bn/Makefile.ssl (1.65.2.9) + crypto/buffer/Makefile.ssl (1.32.2.4) + crypto/cast/Makefile.ssl (1.31.2.6) + crypto/comp/Makefile.ssl (1.32.2.4) + crypto/conf/Makefile.ssl (1.38.2.8) + crypto/des/Makefile.ssl (1.61.2.13) + crypto/dh/Makefile.ssl (1.43.2.5) + crypto/dsa/Makefile.ssl (1.49.2.9) + crypto/dso/Makefile.ssl (1.11.2.4) + crypto/ec/Makefile.ssl (1.7.2.4) + crypto/engine/Makefile.ssl (1.30.2.13) + crypto/err/Makefile.ssl (1.48.2.7) + crypto/evp/Makefile.ssl (1.64.2.12) + crypto/hmac/Makefile.ssl (1.33.2.6) + crypto/idea/Makefile.ssl (1.20.2.4) + crypto/krb5/Makefile.ssl (1.5.2.6) + crypto/lhash/Makefile.ssl (1.28.2.4) + crypto/md2/Makefile.ssl (1.29.2.5) + crypto/md4/Makefile.ssl (1.6.2.7) + crypto/md5/Makefile.ssl (1.33.2.10) + crypto/mdc2/Makefile.ssl (1.30.2.4) + crypto/objects/Makefile.ssl (1.46.2.6) + crypto/ocsp/Makefile.ssl (1.19.2.7) + crypto/pem/Makefile.ssl (1.51.2.5) + crypto/pkcs12/Makefile.ssl (1.37.2.5) + crypto/pkcs7/Makefile.ssl (1.47.2.5) + crypto/rand/Makefile.ssl (1.56.2.8) + crypto/rc2/Makefile.ssl (1.20.2.4) + crypto/rc4/Makefile.ssl (1.25.2.6) + crypto/rc5/Makefile.ssl (1.22.2.6) + crypto/ripemd/Makefile.ssl (1.25.2.9) + crypto/rsa/Makefile.ssl (1.53.2.6) + crypto/sha/Makefile.ssl (1.26.2.9) + crypto/stack/Makefile.ssl (1.28.2.4) + crypto/txt_db/Makefile.ssl (1.26.2.4) + crypto/ui/Makefile.ssl (1.10.2.6) + crypto/x509/Makefile.ssl (1.56.2.5) + crypto/x509v3/Makefile.ssl (1.62.2.5) + ssl/Makefile.ssl (1.53.2.11) + test/Makefile.ssl (1.84.2.36) + tools/Makefile.ssl (1.9.2.4) + Changed: + .cvsignore (1.7.6.2), "Exp", lines: +2 -1 + Configure (1.314.2.92), "Exp", lines: +38 -8 + FAQ (1.61.2.31), "Exp", lines: +1 -1 + INSTALL (1.45.2.9), "Exp", lines: +2 -2 + INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 + Makefile.org (1.154.2.78), "Exp", lines: +51 -19 + PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 + e_os.h (1.56.2.17), "Exp", lines: +20 -1 + apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 + apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 + apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 + apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 + apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 + apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 + crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 + crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 + crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 + crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 + crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 + crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 + crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 + crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 + crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 + crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 + crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 + crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 + crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 + crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 + crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 + crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 + crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 + crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 + crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 + crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 + crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 + crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 + crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 + crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 + crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 + crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 + crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 + crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 + crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 + crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 + crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 + crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 + crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 + crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 + crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 + crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 + crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 + crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 + crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 + crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 + crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 + crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 + crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 + crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 + crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 + crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 + crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 + crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 + crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 + crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 + crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 + crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 + crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 + crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 + crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 + crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 + crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 + crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 + crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 + crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 + crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 + crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 + crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 + crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 + crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 + crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 + crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 + crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 + crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 + crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 + crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 + crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 + crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 + crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 + crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 + crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 + crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 + crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 + crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 + crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 + crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 + crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 + crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 + crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 + crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 + fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 + fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 + fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 + fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 + fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 + fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 + fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 + fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 + fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 + fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 + fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 + fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 + fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 + fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 + fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 + fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 + fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 + fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 + fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 + fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 + fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 + fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 + fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 + fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 + fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 + fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 + fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 + fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 + fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 + fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 + fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 + fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 + fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 + fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 + fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 + fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 + fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 + fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 + fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 + fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 + fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 + fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 + fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 + fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 + fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 + fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 + fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 + fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 + fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 + fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 + ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 + ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 + ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 + ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 + shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 + ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 + ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 + ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 + ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 + ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 + ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 + ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 + test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 + test/Makefile (1.1.4.1), "Exp", lines: +941 -0 + test/bctest (1.14.2.1), "Exp", lines: +1 -1 + test/testenc (1.3.8.1), "Exp", lines: +1 -1 + test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 + tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 + util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 + util/domd (1.6.2.3), "Exp", lines: +5 -5 + util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 + util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 + util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 + util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 + util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 + util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 + util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 + util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 + util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 + util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 + util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 + util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 + util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 + util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 + util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 + util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 + + Pull FIPS back into stable. + +2004-05-12 10:27 levitte + + Changed: + apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 + + Only check for FIPS signatures when FIPS is enabled. + +2004-05-12 10:28 levitte + + Changed: + crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 + + Makefile.ssl changed name to Makefile. + +2004-05-12 10:28 levitte + + Changed: + fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 + + Only really build this file when OPENSSL_FIPS is defined. And oh, + let's keep internal variables static. + +2004-05-12 10:42 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + + I forgot to modify the signature for fips_rand.c... + +2004-05-12 10:46 levitte + + Changed: + fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 + fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 + fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 + fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 + fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 + fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 + + Ignore the 'lib' timestamp file. + +2004-05-12 12:07 levitte + + Changed: + fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 + fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + + Ignore 'Makefile.save' + +2004-05-12 16:11 ben + + Changed: + crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 + crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 + fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 + fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 + + Blow up in people's faces if they don't reseed. + +2004-05-15 19:51 ben + + Changed: + crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 + crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 + crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 + fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 + fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 + fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 + fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 + fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 + fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 + + Fix self-tests, ban some things in FIPS mode, fix copyrights. + +2004-05-17 06:28 levitte + + Changed: + util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 + util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 + util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 + util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 + util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 + util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 + util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 + util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 + util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 + util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 + util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 + + Generate SHA1 files on Windows and other platforms supported by + mk1mf.pl, when building in FIPS mode. + + Note: UNTESTED! + +2004-05-17 06:30 levitte + + Changed: + apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 + apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 + + Make sure the applications know when we are running in FIPS mode. + We can't use the variable in libcrypto, since it's supposedly + unknown. + + Note: currently only supported in MONOLITH mode. + +2004-05-17 06:31 levitte + + Changed: + apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 + + When in FIPS mode, use SHA1 to digest the key, rather than MD5, as + MD5 isn't a FIPS-approved algorithm. + + Note: this means the user needs to keep track of this, and + we need to add support for that... + +2004-05-19 16:16 levitte + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 + fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 + fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 + fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 + fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 + crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 + crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 + crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 + + Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation + for size_t-ification of those algorithms in future version of + OpenSSL... + +2004-05-27 11:33 levitte + + Changed: + makevms.com (1.35.2.3), "Exp", lines: +27 -0 + + Copy the FIPS files to the temporary openssl include directory. + +2004-05-27 12:04 levitte + + Changed: + fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 + makevms.com (1.35.2.4), "Exp", lines: +8 -0 + + Compile the FIPS directory on VMS as well. fips-lib.com is + essentially a copy of crypto-lib.com, with just a few edits. + +2004-05-27 12:07 levitte + + Changed: + fips/install.com (1.1.2.1), "Exp", lines: +55 -0 + install.com (1.4.2.2), "Exp", lines: +6 -6 + + Run an installation of FIPS stuff as well. + +2004-05-27 12:19 levitte + + Changed: + test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 + apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 + + Make sure o_str.h is reachable. + +2004-06-19 15:15 ben + + Changed: + Makefile.org (1.154.2.80), "Exp", lines: +1 -1 + crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 + crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 + crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 + crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 + crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 + fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 + fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 + fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 + fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 + fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 + fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 + fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 + + The version that was actually submitted for FIPS testing. + +2004-06-19 15:16 ben + + Changed: + fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 + fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 + fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 + fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 + + Add Diffie-Hellman to FIPS. + +2004-06-19 15:18 ben + + Changed: + fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 + fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 + + Update ignores. + +2004-06-21 11:07 levitte + + Changed: + fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 + fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 + fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 + fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 + fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 + fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 + + Make sure we don't try to loop over an empty EXHEADER. In the + Makefiles where this was fixed by commenting away code, change it + to check for an empty EXHEADER instead, so we have less hassle in a + future where EXHEADER changes. + + PR: 900 + +2004-06-21 20:05 levitte + + Changed: + Makefile.org (1.154.2.82), "Exp", lines: +3 -1 + + Standard sh doesn't tolerate ! as part of the conditional command. + + PR: 900 + +2004-06-28 22:33 levitte + + Changed: + fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 + fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 + fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 + + Make sure the FIPS stuff is only really compiled when in FIPS mode. + +2004-07-12 19:59 ben + + Changed: + fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 + fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 + + Corrected test program. + +2004-07-17 14:48 appro + + Changed: + fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 + + Eliminate enforced -g from CFLAGS. It switches off optimization + with some compilers, e.g. DEC C. + +2004-07-21 19:41 steve + + Changed: + crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 + + When in FIPS mode write private keys in PKCS#8 and PBES2 format to + avoid use of prohibited MD5 algorithm. + +2004-07-23 15:20 ben + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 + fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 + + Convert to X9.31. + +2004-07-21 19:35 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 + fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 + + Avoid compiler warnings. + +2004-07-27 02:17 steve + + Changed: + fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 + + Stop compiler warnings. + +2004-07-27 02:20 steve + + Changed: + crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 + + Add FIPS name to error library. + +2004-07-27 14:22 steve + + Changed: + Makefile.org (1.154.2.84), "Exp", lines: +3 -3 + fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 + fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 + + Rename libcrypto.sha1 to libcrypto.a.sha1 + +2004-07-27 20:28 steve + + Changed: + ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 + ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 + ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 + ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 + + New cipher "strength" FIPS which specifies that a cipher suite is + FIPS compatible. + + New cipherstring "FIPS" is all FIPS compatible ciphersuites + except eNULL. + + Only allow FIPS ciphersuites in FIPS mode. + +2004-07-28 04:24 levitte + + Changed: + makevms.com (1.35.2.6), "Exp", lines: +2 -2 + + From the FIPS directory, darnit! + +2004-07-28 15:47 levitte + + Changed: + makevms.com (1.35.2.7), "Exp", lines: +5 -1 + + Define OPENSSL_FIPS in opensslconf.h if a logical name with the + same name is defined. + + Go up one directory level before dealing with FIPS stuff. + +2004-07-30 00:26 levitte + + Changed: + fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 + + We're building crypto stuff, not ssl stuff. Additionally, we're in + the fips subdirectory, not the crypto one... + +2004-07-30 16:37 levitte + + Changed: + fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 + fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 + fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 + fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 + ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 + fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 + fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 + fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 + fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 + fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 + fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 + fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 + fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 + fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 + fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 + fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 + fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 + fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 + crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 + crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 + crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 + crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 + crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 + crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 + crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 + crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 + + To protect FIPS-related global variables, add locking mechanisms + around them. + + NOTE: because two new locks are added, this adds potential + binary incompatibility with earlier versions in the 0.9.7 series. + However, those locks will only ever be touched when FIPS_mode_set() + is called and after, thanks to a variable that's only changed from + 0 to 1 once (when FIPS_mode_set() is called). So basically, as + long as FIPS mode hasn't been engaged explicitely by the calling + application, the new locks are treated as if they didn't exist at + all, thus not becoming a problem. Applications that are built or + rebuilt to use FIPS functionality will need to be recompiled in any + case, thus not being a problem either. + +2004-08-02 16:15 levitte + + Changed: + crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 + + Let's lock a write lock when changing values, shall we? + + Thanks to Dr Stephen Henson + for making me aware of this error. + +2004-08-05 20:11 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 + + Stop compiler giving bogus shadow warning. + +2004-08-09 14:13 levitte + + Changed: + makevms.com (1.35.2.8), "Exp", lines: +1 -1 + + In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... + +2004-08-09 14:14 levitte + + Changed: + fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 + + Correct typos and include directory specifications. + +2004-08-10 11:11 levitte + + Changed: + fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 + + Update the VMS fips library builder with the DH library. + +2004-08-10 12:04 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 + + With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED + to get struct timeval and gettimeofday(). + +2004-09-06 16:19 levitte + + Changed: + fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 + + Replace the bogus checks of n with proper uses of feof(), ferror() + and clearerr(). + +2004-09-06 16:21 levitte + + Changed: + fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 + + num is an unsigned long, but since it was transfered from + crypto/sha/sha_locl.h, where it is in fact an int, we need to check + for less-than-zero as if it was an int... + +2004-10-08 12:03 ben + + Changed: + fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 + fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 + + Update fingerprints. + +2004-10-14 07:51 levitte + + Changed: + VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 + + We need to check for OPENSSL_FIPS when building shared libraries, + so we get correct transfer vectors for those functions when + required. + +2004-10-26 13:47 steve + + Changed: + util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 + + Add fips/dh directory to mkfiles.pl + +2004-10-26 14:17 levitte + + Changed: + fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 + util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 + fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 + crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 + + fips/dh was missing in mkfiles.pl. make update + +2004-10-26 15:01 steve + + Changed: + util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 + + Only add fips/dh once... + +2004-11-01 09:20 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 + + Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if + not already defined. + +2004-12-09 19:03 appro + + vChanged: + crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 + + Postpone linking of shared libcrypto in FIPS build. + +2004-12-09 19:13 appro + + Changed: + fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 + fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 + + Cygwin specific FIPS fix-ups. + +2004-12-09 23:43 appro + + Changed: + Configure (1.314.2.100), "Exp", lines: +2 -3 + crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 + + Eliminate false dependency on 386 config option is FIPS context. + At the same time limit assembler support to ELF platforms [that's + what is there, ELF modules]. + +2004-12-10 12:37 appro + + Changed: + Configure (1.314.2.101), "Exp", lines: +10 -3 + crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 + + Respect no-asm with fips option and disable FIPS DES assembler in + shared context [because it's not PIC]. + +2004-12-10 14:15 appro + + Changed: + fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 + fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 + + Solaris x86 assembler update. + +2004-12-10 17:30 appro + + Changed: + fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 + fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 + + Adapt FIPS sub-tree for mingw. + +2005-01-03 18:46 steve + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 + + RSA KAT. + +2005-01-11 17:54 levitte + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 + + Clear signed vs. unsigned conflicts. Change the fingerprint + accordingly. + +2005-01-11 19:25 levitte + + Changed: + ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 + fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 + fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 + fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 + fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 + apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 + fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 + + Use EXIT() instead of exit(). + +2005-01-26 21:00 steve + + Changed: + apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 + apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 + crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 + crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 + crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 + crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 + crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 + crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 + crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 + crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 + crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 + crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 + crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 + crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 + crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 + crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 + crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 + crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 + crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 + crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 + crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 + crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 + crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 + crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 + crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 + crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 + crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 + crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 + crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 + crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 + crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 + crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 + crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 + crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 + crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 + crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 + crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 + crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 + crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 + crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 + crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 + crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 + crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 + crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 + ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 + ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 + ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 + ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 + + FIPS algorithm blocking. + + Non FIPS algorithms are not normally allowed in FIPS mode. + + Any attempt to use them via high level functions will + return an error. + + The low level non-FIPS algorithm functions cannot return + errors so they produce assertion failures. HMAC also has to give an + assertion error because it (erroneously) can't return an error + either. + + There are exceptions (such as MD5 in TLS and non + cryptographic use of algorithms) and applications can override the + blocking and use non FIPS algorithms anyway. + + For low level functions the override is perfomed by + prefixing the algorithm initalization function with "private_" for + example private_MD5_Init(). + + For high level functions an override is performed by + setting a flag in the context. + +2005-01-27 02:49 steve + + Changed: + apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 + crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 + crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 + crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 + + More FIPS algorithm blocking. + + Catch attempted use of non FIPS algorithms with HMAC. + + Give an assertion error for applications that ignore FIPS + digest errors. + + Make -non-fips-allow work with dgst and HMAC. + +2005-01-28 15:03 steve + + Changed: + apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 + apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 + crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 + crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 + crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 + crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 + test/testenc (1.3.8.2), "Exp", lines: +8 -8 + + Further FIPS algorithm blocking. + + Fixes to cipher blocking and enabling code. + + Add option -non-fips-allow to 'enc' and update testenc. + +2005-01-31 02:33 steve + + Changed: + ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 + ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 + ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 + ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 + ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 + ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 + ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 + ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 + ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 + ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 + + Only allow TLS is FIPS mode. + + Remove old FIPS_allow_md5() calls. + +2005-02-05 19:24 steve + + Changed: + apps/req.c (1.88.2.18), "Exp", lines: +8 -1 + apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 + + In FIPS mode use SHA1 as default digest in x509 and req utilities. + +2005-03-15 10:46 appro + + Changed: + Makefile.org (1.154.2.96), "Exp", lines: +1 -1 + crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 + fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 + + Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this + in crypto/Makefile and make Makefile.org and fips/Makefile more + discreet. + +2005-03-22 18:29 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 + + Fix memory leak. + +2005-03-27 05:36 steve + + Changed: + crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 + ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 + + Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS + mode. + +2005-04-14 14:44 steve + + Changed: + fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0 + util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0 + + Perl script that checks or rebuilds FIPS hash files. This works on + both Unix and Windows. + + Merge all FIPS hash files into a single hash file + fips/fips.sha1 + +2005-04-15 05:27 steve + + Changed: + fips/Makefile (1.1.4.9), "Exp", lines: +1 -1 + fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4 + fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4 + fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4 + fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4 + fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4 + fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4 + fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7 + + Update hash checking in makefiles to use new perl script. + +2005-04-17 06:37 steve + + Changed: + util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127 + + Modify checkhash.pl so it can be run standalone or included as a + funtion in another perl script. + +2005-04-17 16:00 appro + + Changed: + fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5 + + Bring back fips_standalone_sha1. + +2005-04-17 16:17 appro + + Deleted: + fips/sha1/asm/sx86-elf.s (1.1.4.4) + Changed: + Configure (1.314.2.114), "Exp", lines: +1 -1 + fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1 + fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0 + + Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s. + +2005-04-17 16:21 steve + + Changed: + util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0 + + Return 0 for successful hash check. + +2005-04-17 16:54 appro + + Changed: + Configure (1.314.2.116), "Exp", lines: +8 -1 + Makefile.org (1.154.2.99), "Exp", lines: +3 -2 + crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0 + fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0 + fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2 + fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0 + + Throw in fips/aes/asm/fips-ax86-elf.s. + +2005-04-17 16:35 appro + + Changed: + Configure (1.314.2.115), "Exp", lines: +1 -1 + fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1 + fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98 + + Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag. + +2005-04-17 17:26 appro + + Changed: + crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55 + crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3 + fips/fips.c (1.1.2.11), "Exp", lines: +62 -8 + fips/fips.h (1.1.2.7), "Exp", lines: +2 -3 + fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3 + fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4 + fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2 + + Resolve minor binary compatibility issues in fips. + +2005-04-17 18:22 appro + + Changed: + fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12 + fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1 + fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2 + fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1 + fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1 + fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3 + fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2 + fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11 + fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1 + fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2 + + Minor fips const-ification. + +2005-04-18 07:02 steve + + Changed: + crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0 + crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0 + crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0 + crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0 + crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0 + crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0 + + Pick up definition of FIPS_mode() in fips.h to avoid warnings. + +2005-04-18 10:34 steve + + Deleted: + fips/fingerprint.sha1 (1.1.2.14) + fips/fips_check_sha1 (1.1.2.8) + fips/fips_make_sha1 (1.1.2.7) + fips/aes/fingerprint.sha1 (1.1.2.7) + fips/des/fingerprint.sha1 (1.1.2.6) + fips/dh/fingerprint.sha1 (1.1.2.4) + fips/dsa/fingerprint.sha1 (1.1.2.7) + fips/rand/fingerprint.sha1 (1.1.2.10) + fips/rsa/fingerprint.sha1 (1.1.4.7) + fips/sha1/fingerprint.sha1 (1.1.2.12) + Changed: + fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4 + + Remove obsolete fingerprint.sha1 files and associated scripts. + Delete test in fips/sha1/Makefile: the top level test checks the + same files. + +2005-04-19 09:11 appro + + Deleted: + fips/fipshashes.sha1 (1.1.2.7) + fips/sha1/standalone.sha1 (1.1.2.15) + Changed: + fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0 + util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4 + + Maintain fingerprint hashes as C source. + +2005-04-19 09:17 appro + + Changed: + util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1 + + Complete the transition C-code hashes. + +2005-04-21 19:06 steve + + Changed: + apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2 + fips/fips.c (1.1.2.12), "Exp", lines: +0 -27 + fips/fips.h (1.1.2.8), "Exp", lines: +0 -2 + fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2 + + Remove defunct FIPS_allow_md5() and related functions. + +2005-04-22 06:15 appro + + Changed: + fips/fips.c (1.1.2.13), "Exp", lines: +3 -3 + fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3 + fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2 + + Move some variables to .bss. + diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 2cd5877..9831ff3 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [[no-]fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -38,7 +38,6 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # -# no-engine do not compile in any engine code. # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware @@ -56,6 +55,7 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. # 386 generate 80386 code +# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through # @@ -87,9 +87,15 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # (intended for 64-bit CPUs running 32-bit OS). # BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). # BF_PTR2 intel specific version (generic version is more efficient). +# +# Following are set automatically by this script +# # MD5_ASM use some extra md5 assember, # SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 # RMD160_ASM use some extra ripemd160 assember, +# SHA256_ASM sha256_block is implemented in assembler +# SHA512_ASM sha512_block is implemented in assembler +# AES_ASM ASE_[en|de]crypt is implemented in assembler my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -108,19 +114,25 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; -my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; -my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; +my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o"; +my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o"; +my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o"; + +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::"; +my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::"; -my $mips3_irix_asm="asm/mips3.o::::::::"; -# There seems to be boundary faults in asm/alpha.s. -#my $alpha_asm="asm/alpha.o::::::::"; -my $alpha_asm="::::::::"; +my $no_asm="::::::::::"; -# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. -# So the md5_locl.h file has an undef B_ENDIAN if sun is defined +# As for $BSDthreads. Idea is to maintain "collective" set of flags, +# which would cover all BSD flavors. -pthread applies to them all, +# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD +# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, +# which has to be accompanied by explicit -D_THREAD_SAFE and +# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which +# seems to be sufficient? +my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; -#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags +#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags my %table=( # File 'TABLE' (created by 'make TABLE') contains the data from this list, @@ -135,21 +147,25 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", +"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::", +"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", -"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", +"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", +"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -157,10 +173,8 @@ my %table=( "cc", "cc:-O::(unknown)::::::", ####VOS Configurations -"vos-gcc","gcc:-b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:", -"debug-vos-gcc","gcc:-b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:", -"vos-vcc","vcc:-b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map::::::::::::::.so:", -"debug-vos-vcc","vcc:-b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map::::::::::::::.so:", +"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", #### Solaris x86 with GNU C setups # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it @@ -168,68 +182,59 @@ my %table=( # surrounds it with #APP #NO_APP comment pair which (at least Solaris # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" # error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -shared -static-libgcc might appear controversial, but modules taken +# from static libgcc do not have relocations and linking them into our +# shared objects doesn't have any negative side-effects. On the contrary, +# doing so makes it possible to use gcc shared build with Sun C. Given +# that gcc generates faster code [thanks to inline assembler], I would +# actually recommend to consider using gcc shared build even with vendor +# compiler:-) +# +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 -# but keep the assembler modules. -"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups -# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests -"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 # SC5.0 note: Compiler common patch 107357-01 or later is required! -"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", #### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### SPARC Linux setups -"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", -# Ray Miller has patiently -# assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# it's a real mess with -mcpu=ultrasparc option under Linux, but -# -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# Sunos configs, assuming sparc for the gcc one. -##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", +#### SunOS configs, assuming sparc for the gcc one. +#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", +"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. -# -mips4 flag is added by ./config when appropriate. -"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Unified HP-UX ANSI C configs. # Special notes: @@ -248,7 +253,7 @@ my %table=( # suitable for execution on the host you're currently compiling at. # If the toolkit is ment to be used on various PA-RISC processors # consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's ment to be +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be # compatible with *future* releases. # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to # pass -D_REENTRANT on HP-UX 10 and later. @@ -259,106 +264,78 @@ my %table=( # crypto/sha/sha_lcl.h. # # -#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", # Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# 64bit PARISC for GCC without optimization, which seems to make problems. -# Submitted by -"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# IA-64 targets -"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Frank Geurts has patiently assisted with -# with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler # Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Isn't the line below meaningless? HP-UX cc optimizes for host by default. -# hpux-parisc1_0-cc with +DAportable flag would make more sense. -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# HPUX 9.X config. -# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or -# egcs. gcc 2.8.1 is also broken. - -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, -# please report your OS and compiler version to the openssl-bugs@openssl.org -# mailing list. -"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux-gcc fails, try this one: -"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# HPUX 9.X on Motorola 68k platforms with gcc -"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::", - -# HPUX 10.X config. Supports threads. -"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): -"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux10-gcc fails, try this one: -"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# HPUX 11.X from www.globus.org. -# Only works on PA-RISC 2.0 cpus, and not optimized. Why? -#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::", -#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", -# Use unified settings above instead. +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# HP/UX IA-64 targets +"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# Frank Geurts has patiently assisted with +# with debugging of the following config. +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC builds... +"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT::bn-ia64.o::aes-ia64.o:::sha256-ia64.o sha512-ia64.o::rc4-ia64.o:::dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### PARISC Linux setups -"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", +# Legacy HPUX 9.X configs... +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ +"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", -# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion -# from the older DEC C Compiler to the newer compiler. It's now the -# same as the preferred entry, alpha-cc. If you are still using the -# older compiler (you're at 3.x or earlier, or perhaps very early 4.x) -# you should use `alphaold-cc'. +# DEC Alpha OSF/1/Tru64 targets. # # "What's in a name? That which we call a rose # By any other word would smell as sweet." # # - William Shakespeare, "Romeo & Juliet", Act II, scene II. # -# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the -# vendor compiler, use alphaold-cc. -# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc. -# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc. -# -# There's also an alternate target available (which `config' will never -# select) called alpha-cc-rpath. This target builds an RPATH into the -# shared libraries, which is very convenient on Tru64 since binaries -# linked against that shared library will automatically inherit that RPATH, -# and hence know where to look for the openssl libraries, even if they're in -# an odd place. -# # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version # -"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", -"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", -"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so", -# -# This probably belongs in a different section. -# -"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so", +"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", +#### +#### Variety of LINUX:-) +#### +# *-generic* is endian-neutral target, but ./config is free to +# throw in -D[BL]_ENDIAN, whichever appropriate... +"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### IA-32 targets... +"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", +#### +"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -bpowerpc64-linux is transient option, -m64 should be the one to use... +"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### SPARC Linux setups +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC 3.1 is a requirement +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -372,59 +349,39 @@ my %table=( # # # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -# assembler versions -- currently defunct: -##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}", - -# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the -# bn86-elf.o file file since it is hand tweaked assembler. -"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", -"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", + +#### *BSD [do see comment about ${BSDthreads} above!] +"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it +# simply *happens* to work around a compiler bug in gcc 3.3.3, +# triggered by RIPEMD160 code. +"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", "nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # NCR MP-RAS UNIX ver 02.03.01 "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", -# QNX 4 +# QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", - -# QNX 6 "qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", -# Linux on ARM -"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# SCO/Caldera targets. +#### SCO/Caldera targets. # # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. # Now we only have blended unixware-* as it's the only one used by ./config. @@ -435,25 +392,23 @@ my %table=( # compiler drivers and assemblers. Tim Rice has # patiently assisted to debug most of it. # -# UnixWare 2.0x fails destest with -O +# UnixWare 2.0x fails destest with -O. "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# IBM's AIX. -"aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::", -"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", -"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +#### IBM's AIX. +"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:", +"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64", +# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE +# at build time. $OBJECT_MODE is respected at ./config stage! +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) @@ -488,7 +443,7 @@ my %table=( # Sinix/ReliantUNIX RM400 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ -"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", @@ -501,56 +456,53 @@ my %table=( # "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", -# Windows NT, Microsoft Visual C++ 4.0 +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", +"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", -"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", -"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", -"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", -"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", -"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", -"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", -"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", +# Visual C targets +"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", +"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", +"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", -"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", # MinGW -"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll", +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a", # UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", +"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", + +# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +# netware-libc => LibC/NKS support +# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be +# configured to use BSD sockets instead. +"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", -"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", # K&R C is no longer supported; you need gcc on old Ultrix installations ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", -# Some OpenBSD from Bob Beck -"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-alpha", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-m88k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-mips", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-powerpc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-hppa", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - ##### MacOS X (a.k.a. Rhapsody or Darwin) setup -"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", -"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", +"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", @@ -559,7 +511,7 @@ my %table=( "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", ##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", +"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", ##### OS/2 EMX "OS2-EMX", "gcc::::::::", @@ -567,17 +519,18 @@ my %table=( ##### VxWorks for various targets "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", -"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:", +"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", ); -my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS - BC-32 BC-16 Mingw32 OS2-EMX); +my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A + VC-NT VC-CE VC-WIN32 + BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock); my $idx = 0; my $idx_cc = $idx++; @@ -587,8 +540,10 @@ my $idx_thread_cflag = $idx++; my $idx_sys_id = $idx++; my $idx_lflags = $idx++; my $idx_bn_ops = $idx++; +my $idx_cpuid_obj = $idx++; my $idx_bn_obj = $idx++; my $idx_des_obj = $idx++; +my $idx_aes_obj = $idx++; my $idx_bf_obj = $idx++; my $idx_md5_obj = $idx++; my $idx_sha1_obj = $idx++; @@ -609,12 +564,13 @@ my $openssldir=""; my $exe_ext=""; my $install_prefix=""; my $no_threads=0; -my $no_shared=1; -my $zlib=0; -my $no_krb5=0; my $threads=0; +my $no_shared=0; # but "no-shared" is default +my $zlib=1; # but "no-zlib" is default +my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_asm=0; my $no_dso=0; +my $no_gmp=0; my @skip=(); my $Makefile="Makefile"; my $des_locl="crypto/des/des_locl.h"; @@ -628,7 +584,7 @@ my $rc2 ="crypto/rc2/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; -my $fips_des_enc="fips_des_enc.o"; +my $aes_enc="aes_core.o aes_cbc.o"; my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; my $rc4_enc="rc4_enc.o"; @@ -639,16 +595,28 @@ my $rmd160_obj=""; my $processor=""; my $default_ranlib; my $perl; -my $fips=0; -my $debug=0; -my $no_ssl2=0; -my $no_ssl3=0; -my $no_tls1=0; -my $no_md5=0; -my $no_sha=0; -my $no_rsa=0; -my $no_dh=0; + +# All of the following is disabled by default (RC5 was enabled before 0.9.8): + +my %disabled = ( # "what" => "comment" + "gmp" => "default", + "mdc2" => "default", + "rc5" => "default", + "shared" => "default", + "zlib" => "default", + "zlib-dynamic" => "default" + ); + +# Additional "no-..." options will be collected in %disabled. +# To remove something from %disabled, use e.g. "enable-rc5". +# For symmetry, "disable-..." is a synonym for "no-...". + +# This is what $depflags will look like with the above default: +my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 "; + + +my $no_sse2=0; &usage if ($#ARGV < 0); @@ -690,102 +658,38 @@ PROCESS_ARGS: foreach (@argvcopy) { s /^-no-/no-/; # some people just can't read the instructions - if (/^--test-sanity$/) - { - exit(&test_sanity()); - } - elsif (/^no-asm$/) - { - $no_asm=1; - $flags .= "-DOPENSSL_NO_ASM "; - $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; - } - elsif (/^no-err$/) - { - $flags .= "-DOPENSSL_NO_ERR "; - $openssl_other_defines .= "#define OPENSSL_NO_ERR\n"; - } - elsif (/^no-hw-(.+)$/) - { - my $hw=$1; - $hw =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_HW_$hw "; - $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n"; - } - elsif (/^no-hw$/) - { - $flags .= "-DOPENSSL_NO_HW "; - $openssl_other_defines .= "#define OPENSSL_NO_HW\n"; - } - elsif (/^no-dso$/) - { $no_dso=1; } - elsif (/^no-krb5$/) - { $no_krb5=1; } - elsif (/^no-threads$/) - { $no_threads=1; } - elsif (/^threads$/) - { $threads=1; } - elsif (/^no-shared$/) - { $no_shared=1; } - elsif (/^shared$/ || /^-shared$/ || /^--shared$/) - { $no_shared=0; } - elsif (/^no-zlib$/) - { $zlib=0; } - elsif (/^zlib$/) - { $zlib=1; } - elsif (/^zlib-dynamic$/) - { $zlib=2; } - elsif (/^no-symlinks$/) - { $symlink=0; } - elsif (/^no-ssl$/) - { $no_ssl2 = $no_ssl3 = 1; } - elsif (/^no-ssl2$/) - { $no_ssl2 = 1; } - elsif (/^no-ssl3$/) - { $no_ssl3 = 1; } - elsif (/^no-tls1?$/) - { $no_tls1 = 1; } - elsif (/^no-fips$/) - { $fips = 0; } - elsif (/^no-(.+)$/) + + # rewrite some options in "enable-..." form + s /^-?-?shared$/enable-shared/; + s /^threads$/enable-threads/; + s /^zlib$/enable-zlib/; + s /^zlib-dynamic$/enable-zlib-dynamic/; + + if (/^no-(.+)$/ || /^disable-(.+)$/) { - my $algo=$1; - push @skip,$algo; - $algo =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_$algo "; - $depflags .= "-DOPENSSL_NO_$algo "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n"; - if ($algo eq "RIJNDAEL") - { - push @skip, "aes"; - $flags .= "-DOPENSSL_NO_AES "; - $depflags .= "-DOPENSSL_NO_AES "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n"; - } - if ($algo eq "DES") - { - push @skip, "mdc2"; - $options .= " no-mdc2"; - $flags .= "-DOPENSSL_NO_MDC2 "; - $depflags .= "-DOPENSSL_NO_MDC2 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n"; - } - if ($algo eq "MD5") - { - $no_md5 = 1; - } - if ($algo eq "SHA") + if ($1 eq "ssl") { - $no_sha = 1; + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; } - if ($algo eq "RSA") + elsif ($1 eq "tls") { - $no_rsa = 1; + $disabled{"tls1"} = "option(tls)" } - if ($algo eq "DH") + else { - $no_dh = 1; + $disabled{$1} = "option"; } + } + elsif (/^enable-(.+)$/) + { + delete $disabled{$1}; + + $threads = 1 if ($1 eq "threads"); + } + elsif (/^--test-sanity$/) + { + exit(&test_sanity()); } elsif (/^reconfigure/ || /^reconf/) { @@ -793,7 +697,7 @@ PROCESS_ARGS: { while () { - chop; + chomp; if (/^CONFIGURE_ARGS=(.*)/) { $argvstring=$1; @@ -812,14 +716,6 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } - elsif (/^fips$/) - { - $fips=1; - } - elsif (/^debug$/) - { - $debug=1; - } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. @@ -852,6 +748,14 @@ PROCESS_ARGS: { $withargs{"krb5-".$1}=$2; } + elsif (/^--with-zlib-lib=(.*)$/) + { + $withargs{"zlib-lib"}=$1; + } + elsif (/^--with-zlib-include=(.*)$/) + { + $withargs{"zlib-include"}="-I$1"; + } else { print STDERR $usage; @@ -865,52 +769,73 @@ PROCESS_ARGS: } else { - die "target already defined - $target\n" if ($target ne ""); + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); $target=$_; } - unless ($_ eq $target) { - if ($options eq "") { - $options = $_; - } else { - $options .= " ".$_; + + unless ($_ eq $target || /^no-/ || /^disable-/) + { + # "no-..." follows later after implied disactivations + # have been derived. (Don't take this too seroiusly, + # we really only write OPTIONS to the Makefile out of + # nostalgia.) + + if ($options eq "") + { $options = $_; } + else + { $options .= " ".$_; } } } } -} -$no_ssl3=1 if ($no_md5 || $no_sha); -$no_ssl3=1 if ($no_rsa && $no_dh); -$no_ssl2=1 if ($no_md5); -$no_ssl2=1 if ($no_rsa); -$no_tls1=1 if ($no_md5 || $no_sha); -$no_tls1=1 if ($no_dh); +if ($processor eq "386") + { + $disabled{"sse2"} = "forced"; + } -if ($no_ssl2) +if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") { - push @skip,"SSL2"; - $flags .= "-DOPENSSL_NO_SSL2 "; - $depflags .= "-DOPENSSL_NO_SSL2 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n"; + $disabled{"krb5"} = "krb5-flavor not specified"; } -if ($no_ssl3) +if (!defined($disabled{"zlib-dynamic"})) { - push @skip,"SSL3"; - $flags .= "-DOPENSSL_NO_SSL3 "; - $depflags .= "-DOPENSSL_NO_SSL3 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n"; + # "zlib-dynamic" was specifically enabled, so enable "zlib" + delete $disabled{"zlib"}; } -if ($no_tls1) +if (defined($disabled{"rijndael"})) { - push @skip,"TLS1"; - $flags .= "-DOPENSSL_NO_TLS1 "; - $depflags .= "-DOPENSSL_NO_TLS1 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n"; + $disabled{"aes"} = "forced"; + } +if (defined($disabled{"des"})) + { + $disabled{"mdc2"} = "forced"; + } +if (defined($disabled{"ec"})) + { + $disabled{"ecdsa"} = "forced"; + $disabled{"ecdh"} = "forced"; } +# SSL 2.0 requires MD5 and RSA +if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) + { + $disabled{"ssl2"} = "forced"; + } + +# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH +if (defined($disabled{"md5"}) || defined($disabled{"sha"}) + || (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) + { + $disabled{"ssl3"} = "forced"; + $disabled{"tls1"} = "forced"; + } + + if ($target eq "TABLE") { foreach $target (sort keys %table) { print_table_entry($target); @@ -934,11 +859,69 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); -my $IsWindows=scalar grep /^$target$/,@WinTargets; -$exe_ext=".exe" if ($target eq "Cygwin"); -$exe_ext=".exe" if ($target eq "DJGPP"); -$exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc"); +foreach (sort (keys %disabled)) + { + $options .= " no-$_"; + + printf " no-%-12s %-10s", $_, "[$disabled{$_}]"; + + if (/^dso$/) + { $no_dso = 1; } + elsif (/^threads$/) + { $no_threads = 1; } + elsif (/^shared$/) + { $no_shared = 1; } + elsif (/^zlib$/) + { $zlib = 0; } + elsif (/^static-engine$/) + { } + elsif (/^zlib-dynamic$/) + { } + elsif (/^symlinks$/) + { $symlink = 0; } + elsif (/^sse2$/) + { $no_sse2 = 1; } + else + { + my ($ALGO, $algo); + ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/; + + if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/) + { + $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n"; + print " OPENSSL_NO_$ALGO"; + + if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } + elsif (/^asm$/) { $no_asm = 1; } + } + else + { + $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; + print " OPENSSL_NO_$ALGO"; + + if (/^krb5$/) + { $no_krb5 = 1; } + else + { + push @skip, $algo; + print " (skip dir)"; + + $depflags .="-DOPENSSL_NO_$ALGO "; + } + } + } + + print "\n"; + } + + +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; + +$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin"); + +$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); +$exe_ext=".pm" if ($target =~ /vos/); $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $prefix=$openssldir if $prefix eq ""; @@ -953,7 +936,7 @@ $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -print "IsWindows=$IsWindows\n"; +print "IsMK1MF=$IsMK1MF\n"; my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); my $cc = $fields[$idx_cc]; @@ -963,14 +946,16 @@ my $thread_cflag = $fields[$idx_thread_cflag]; my $sys_id = $fields[$idx_sys_id]; my $lflags = $fields[$idx_lflags]; my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; my $bn_obj = $fields[$idx_bn_obj]; my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; my $bf_obj = $fields[$idx_bf_obj]; -$md5_obj = $fields[$idx_md5_obj]; -$sha1_obj = $fields[$idx_sha1_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; my $cast_obj = $fields[$idx_cast_obj]; my $rc4_obj = $fields[$idx_rc4_obj]; -$rmd160_obj = $fields[$idx_rmd160_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; my $rc5_obj = $fields[$idx_rc5_obj]; my $dso_scheme = $fields[$idx_dso_scheme]; my $shared_target = $fields[$idx_shared_target]; @@ -981,20 +966,14 @@ my $ranlib = $fields[$idx_ranlib]; my $arflags = $fields[$idx_arflags]; my $no_shared_warn=0; +my $no_user_cflags=0; -$cflags="$flags$cflags" if ($flags ne ""); +if ($flags ne "") { $cflags="$flags$cflags"; } +else { $no_user_cflags=1; } # Kerberos settings. The flavor must be provided from outside, either through # the script "config" or manually. -if ($no_krb5 - || !defined($withargs{"krb5-flavor"}) - || $withargs{"krb5-flavor"} eq "") - { - $cflags="-DOPENSSL_NO_KRB5 $cflags"; - $options.=" no-krb5" unless $no_krb5; - $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n"; - } -else +if (!$no_krb5) { my ($lresolv, $lpath, $lext); if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) @@ -1014,7 +993,7 @@ else if $withargs{"krb5-dir"} eq ""; $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq ""; + if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; $cflags="-DKRB5_HEIMDAL $cflags"; } if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) @@ -1023,7 +1002,7 @@ else if $withargs{"krb5-dir"} eq ""; $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq ""; + if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; $cflags="-DKRB5_MIT $cflags"; $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) @@ -1080,10 +1059,17 @@ if ($thread_cflag ne "(unknown)" && !$no_threads) # If we know how to do it, support threads by default. $threads = 1; } -if ($thread_cflag eq "(unknown)") +if ($thread_cflag eq "(unknown)" && $threads) { - # If the user asked for "threads", hopefully they also provided - # any system-dependent compiler options that are necessary. + # If the user asked for "threads", [s]he is also expected to + # provide any system-dependent compiler options that are + # necessary. + if ($no_user_cflags) + { + print "You asked for multi-threading support, but didn't\n"; + print "provide any system-specific compiler options\n"; + exit(1); + } $thread_cflags="-DOPENSSL_THREADS $cflags" ; $thread_defines .= "#define OPENSSL_THREADS\n"; } @@ -1105,7 +1091,7 @@ $lflags="$libs$lflags" if ($libs ne ""); if ($no_asm) { - $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; + $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; $sha1_obj=$md5_obj=$rmd160_obj=""; } @@ -1123,8 +1109,14 @@ if ($threads) if ($zlib) { $cflags = "-DZLIB $cflags"; - $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2; - $lflags = "$lflags -lz" if $zlib == 1; + if (defined($disabled{"zlib-dynamic"})) + { + $lflags = "$lflags -lz"; + } + else + { + $cflags = "-DZLIB_SHARED $cflags"; + } } # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org @@ -1138,13 +1130,41 @@ if (!$no_shared) { if ($shared_cflag ne "") { - $cflags = "$shared_cflag $cflags"; + $cflags = "$shared_cflag -DOPENSSL_PIC $cflags"; + } + } + +if (!$IsMK1MF) + { + if ($no_shared) + { + $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; + } + else + { + $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; + } + } + +$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); +# Compiler fix-ups +if ($target =~ /icc$/) + { + my($iccver)=`$cc -V 2>&1`; + if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; } + else { $iccver=0; } + if ($iccver>=8) + { + # Eliminate unnecessary dependency from libirc.a. This is + # essential for shared library support, as otherwise + # apps/openssl can end up in endless loop upon startup... + $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; } } if ($sys_id ne "") { - $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; + #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; } @@ -1158,25 +1178,30 @@ if ($ranlib eq "") #$bn1=$bn_asm unless ($bn1 =~ /\.o$/); #$bn_obj="$bn1"; +$cpuid_obj="" if ($processor eq "386"); + $bn_obj = $bn_asm unless $bn_obj ne ""; +# bn86* is the only one implementing bn_*_part_words +$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); +$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); -if ($fips) - { - $des_obj=$sha1_obj=""; - $openssl_other_defines.="#define OPENSSL_FIPS\n"; - } -$des_obj=$des_enc unless (!$fips && $des_obj =~ /\.o$/); -my $fips_des_obj='asm/fips-dx86-elf.o'; -$fips_des_obj=$fips_des_enc unless $processor eq '386'; -my $fips_sha1_obj='asm/sx86-elf.o' if $processor eq '386'; +$des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); -if ($sha1_obj =~ /\.o$/ || $fips_sha1_obj =~ /\.o$/) +if ($sha1_obj =~ /\.o$/) { # $sha1_obj=$sha1_enc; - $cflags.=" -DSHA1_ASM"; + $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/); + $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/); + $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/); + if ($sha1_obj =~ /x86/) + { if ($no_sse2) + { $sha1_obj =~ s/\S*sse2\S+//; } + elsif ($cflags !~ /OPENSSL_IA32_SSE2/) + { $cflags.=" -DOPENSSL_IA32_SSE2"; } + } } if ($md5_obj =~ /\.o$/) { @@ -1188,11 +1213,12 @@ if ($rmd160_obj =~ /\.o$/) # $rmd160_obj=$rmd160_enc; $cflags.=" -DRMD160_ASM"; } - -if ($debug) +if ($aes_obj =~ /\.o$/) { - $cflags.=" -g"; - $cflags=~s/-fomit-frame-pointer//; + $cflags.=" -DAES_ASM"; + } +else { + $aes_obj=$aes_enc; } # "Stringify" the C flags string. This permits it to be made part of a string @@ -1200,6 +1226,7 @@ if ($debug) $cflags =~ s/([\\\"])/\\\1/g; my $version = "unknown"; +my $version_num = "unknown"; my $major = "unknown"; my $minor = "unknown"; my $shlib_version_number = "unknown"; @@ -1211,6 +1238,7 @@ open(IN,') { $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; + $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; } @@ -1236,7 +1264,7 @@ print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; my $sdirs=0; while () { - chop; + chomp; $sdirs = 1 if /^SDIRS=/; if ($sdirs) { my $dir; @@ -1265,16 +1293,16 @@ while () s/^DEPFLAG=.*$/DEPFLAG= $depflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; + s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; s/^BN_ASM=.*$/BN_ASM= $bn_obj/; s/^DES_ENC=.*$/DES_ENC= $des_obj/; - s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/; + s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/; s/^BF_ENC=.*$/BF_ENC= $bf_obj/; s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; - s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/; s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^RANLIB=.*/RANLIB= $ranlib/; @@ -1282,6 +1310,8 @@ while () s/^PERL=.*/PERL= $perl/; s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; + s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; + s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); @@ -1314,8 +1344,10 @@ rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; print "CC =$cc\n"; print "CFLAG =$cflags\n"; print "EX_LIBS =$lflags\n"; +print "CPUID_OBJ =$cpuid_obj\n"; print "BN_ASM =$bn_obj\n"; print "DES_ENC =$des_obj\n"; +print "AES_ASM_OBJ =$aes_obj\n"; print "BF_ENC =$bf_obj\n"; print "CAST_ENC =$cast_obj\n"; print "RC4_ENC =$rc4_obj\n"; @@ -1407,10 +1439,14 @@ print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; print OUT $openssl_algorithm_defines_trans; print OUT "#endif\n\n"; +print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj); + while () { if (/^#define\s+OPENSSLDIR/) { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + elsif (/^#define\s+ENGINESDIR/) + { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" if $export_var_as_fn; @@ -1455,7 +1491,7 @@ while () elsif (/^#((define)|(undef))\s+RC4_INDEX/) { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } elsif (/^#(define|undef)\s+I386_ONLY/) - { printf OUT "#%s I386_ONLY\n", ($processor == 386)? + { printf OUT "#%s I386_ONLY\n", ($processor eq "386")? "define":"undef"; } elsif (/^#define\s+MD2_INT\s/) { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } @@ -1502,12 +1538,12 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; -if($IsWindows) { +if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <ms/version32.rc") || die "Can't open ms/version32.rc"; + print OUT < + +LANGUAGE 0x09,0x01 + +1 VERSIONINFO + FILEVERSION $v1,$v2,$v3,$v4 + PRODUCTVERSION $v1,$v2,$v3,$v4 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x01L +#else + FILEFLAGS 0x00L +#endif + FILEOS VOS__WINDOWS32 + FILETYPE VFT_DLL + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + // Required: + VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" + VALUE "FileDescription", "OpenSSL Shared Library\\0" + VALUE "FileVersion", "$version\\0" +#if defined(CRYPTO) + VALUE "InternalName", "libeay32\\0" + VALUE "OriginalFilename", "libeay32.dll\\0" +#elif defined(SSL) + VALUE "InternalName", "ssleay32\\0" + VALUE "OriginalFilename", "ssleay32.dll\\0" +#endif + VALUE "ProductName", "The OpenSSL Toolkit\\0" + VALUE "ProductVersion", "$version\\0" + // Optional: + //VALUE "Comments", "\\0" + VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + //VALUE "LegalTrademarks", "\\0" + //VALUE "PrivateBuild", "\\0" + //VALUE "SpecialBuild", "\\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 0x4b0 + END +END +EOF + close(OUT); + } + print <. -OpenSSL 0.9.7e was released on October 25, 2004. +OpenSSL 0.9.8b was released on May 4th, 2006. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at ). Then just do: pgp TARBALL.asc @@ -166,8 +171,8 @@ you if you want to use OpenSSL. For information on intellectual property rights, please consult a lawyer. The OpenSSL team does not offer legal advice. -You can configure OpenSSL so as not to use RC5 and IDEA by using - ./config no-rc5 no-idea +You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using + ./config no-idea no-mdc2 no-rc5 * Can I use OpenSSL with GPL software? @@ -383,6 +388,43 @@ interface, the "-nameopt" option could be introduded. See the manual page of the "openssl x509" commandline tool for details. The old behaviour has however been left as default for the sake of compatibility. +* What is a "128 bit certificate"? Can I create one with OpenSSL? + +The term "128 bit certificate" is a highly misleading marketing term. It does +*not* refer to the size of the public key in the certificate! A certificate +containing a 128 bit RSA key would have negligible security. + +There were various other names such as "magic certificates", "SGC +certificates", "step up certificates" etc. + +You can't generally create such a certificate using OpenSSL but there is no +need to any more. Nowadays web browsers using unrestricted strong encryption +are generally available. + +When there were tight export restrictions on the export of strong encryption +software from the US only weak encryption algorithms could be freely exported +(initially 40 bit and then 56 bit). It was widely recognised that this was +inadequate. A relaxation the rules allowed the use of strong encryption but +only to an authorised server. + +Two slighly different techniques were developed to support this, one used by +Netscape was called "step up", the other used by MSIE was called "Server Gated +Cryptography" (SGC). When a browser initially connected to a server it would +check to see if the certificate contained certain extensions and was issued by +an authorised authority. If these test succeeded it would reconnect using +strong encryption. + +Only certain (initially one) certificate authorities could issue the +certificates and they generally cost more than ordinary certificates. + +Although OpenSSL can create certificates containing the appropriate extensions +the certificate would not come from a permitted authority and so would not +be recognized. + +The export laws were later changed to allow almost unrestricted use of strong +encryption so these certificates are now obsolete. + + [BUILD] ======================================================================= * Why does the linker complain about undefined symbols? @@ -462,7 +504,7 @@ get the best result from OpenSSL. A bit more complicated solution is the following: ----- snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \ + make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ sed -e 's/ -O[0-9] / -O0 /'`" rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` make @@ -472,6 +514,10 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization level chosen by the configuration process. When the above is done, do the test and installation and you're set. +3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It +should not be used and is not used in SSL/TLS nor any other recognized +protocol in either case. + * Why does the OpenSSL compilation fail with "ar: command not found"? @@ -593,6 +639,35 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and remedy should be same. Provided binary is statically linked and should be working across wider range of *BSD branches, not just OpenBSD. +* Why does the OpenSSL test suite fail in sha512t on x86 CPU? + +If the test program in question fails withs SIGILL, Illegal Instruction +exception, then you more than likely to run SSE2-capable CPU, such as +Intel P4, under control of kernel which does not support SSE2 +instruction extentions. See accompanying INSTALL file and +OPENSSL_ia32cap(3) documentation page for further information. + +* Why does compiler fail to compile sha512.c? + +OpenSSL SHA-512 implementation depends on compiler support for 64-bit +integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a +couple] lack support for this and therefore are incapable of compiling +the module in question. The recommendation is to disable SHA-512 by +adding no-sha512 to ./config [or ./Configure] command line. Another +possible alternative might be to switch to GCC. + +* Test suite still fails, what to do? + +Another common reason for failure to complete some particular test is +simply bad code generated by a buggy component in toolchain or deficiency +in run-time environment. There are few cases documented in PROBLEMS file, +consult it for possible workaround before you beat the drum. Even if you +don't find solution or even mention there, do reserve for possibility of +a compiler bug. Compiler bugs might appear in rather bizarre ways, they +never make sense, and tend to emerge when you least expect them. In order +to identify one, drop optimization level, e.g. by editing CFLAG line in +top-level Makefile, recompile and re-run the test. + [PROG] ======================================================================== * Is OpenSSL thread-safe? @@ -625,10 +700,10 @@ your application must link against the same by which OpenSSL was built. If you are using MS Visual C++ (Studio) this can be changed by: -1. Select Settings... from the Project Menu. -2. Select the C/C++ Tab. -3. Select "Code Generation from the "Category" drop down list box -4. Select the Appropriate library (see table below) from the "Use + 1. Select Settings... from the Project Menu. + 2. Select the C/C++ Tab. + 3. Select "Code Generation from the "Category" drop down list box + 4. Select the Appropriate library (see table below) from the "Use run-time library" drop down list box. Perform this step for both your debug and release versions of your application (look at the top left of the settings panel to change between the two) @@ -647,30 +722,44 @@ by: Note that debug and release libraries are NOT interchangeable. If you built OpenSSL with /MD your application must use /MD and cannot use /MDd. +As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL +.DLLs compiled with some specific run-time option [we insist on the +default /MD] can be deployed with application compiled with different +option or even different compiler. But there is a catch! Instead of +re-compiling OpenSSL toolkit, as you would have to with prior versions, +you have to compile small C snippet with compiler and/or options of +your choice. The snippet gets installed as +/include/openssl/applink.c and should be either added to +your application project or simply #include-d in one [and only one] +of your application source files. Failure to link this shim module +into your application manifests itself as fatal "no OPENSSL_Applink" +run-time error. An explicit reminder is due that in this situation +[mixing compiler options] it is as important to add CRYPTO_malloc_init +prior first call to OpenSSL. * How do I read or write a DER encoded buffer using the ASN1 functions? You have two options. You can either use a memory BIO in conjunction -with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the -i2d_XXX(), d2i_XXX() functions directly. Since these are often the +with the i2d_*_bio() or d2i_*_bio() functions or you can use the +i2d_*(), d2i_*() functions directly. Since these are often the cause of grief here are some code fragments using PKCS7 as an example: -unsigned char *buf, *p; -int len; + unsigned char *buf, *p; + int len; -len = i2d_PKCS7(p7, NULL); -buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ -p = buf; -i2d_PKCS7(p7, &p); + len = i2d_PKCS7(p7, NULL); + buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ + p = buf; + i2d_PKCS7(p7, &p); At this point buf contains the len bytes of the DER encoding of p7. The opposite assumes we already have len bytes in buf: -unsigned char *p; -p = buf; -p7 = d2i_PKCS7(NULL, &p, len); + unsigned char *p; + p = buf; + p7 = d2i_PKCS7(NULL, &p, len); At this point p7 contains a valid PKCS7 structure of NULL if an error occurred. If an error occurred ERR_print_errors(bio) should give more @@ -788,9 +877,20 @@ that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless. These internal tables can be freed up when an application closes using various -functions. Currently these include: EVP_cleanup(), ERR_remove_state(), -ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and -CRYPTO_cleanup_all_ex_data(). +functions. Currently these include following: + +Thread-local cleanup functions: + + ERR_remove_state() + +Application-global cleanup functions that are aware of usage (and therefore +thread-safe): + + ENGINE_cleanup() and CONF_modules_unload() + +"Brutal" (thread-unsafe) Application-global cleanup functions: + + ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). =============================================================================== diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL index 503474f..ebb3697 100644 --- a/crypto/openssl/INSTALL +++ b/crypto/openssl/INSTALL @@ -2,8 +2,10 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X) - is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS. + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + This document describes installation on operating systems in the Unix family.] @@ -73,14 +75,30 @@ no-asm Do not use assembler code. 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). + more efficient, but requires at least a 486). Note: Use + compiler flags for any other CPU specific configuration, + e.g. "-m32" to build x86 code on an x64 system. + + no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is + detected at run-time, but the decision whether or not the + machine code will be executed is taken solely on CPU + capability vector. This means that if you happen to run OS + kernel which does not support SSE2 extension on Intel P4 + processor, then your application might be exposed to + "illegal instruction" exception. There might be a way + to enable support in kernel, e.g. FreeBSD kernel can be + compiled with CPU_ENABLE_SSE, and there is a way to + disengage SSE2 code pathes upon application start-up, + but if you aim for wider "audience" running such kernel, + consider no-sse2. Both 386 and no-asm options above imply + no-sse2. no- Build without the specified cipher (bf, cast, des, dh, dsa, hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). The crypto/ directory can be removed after running "make depend". - -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will + -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will be passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, library directories or other compiler options. @@ -123,7 +141,7 @@ generic configurations "cc" or "gcc" should usually work on 32 bit systems. - Configure creates the file Makefile from Makefile.org and + Configure creates the file Makefile.ssl from Makefile.org and defines various macros in crypto/opensslconf.h (generated from crypto/opensslconf.h.in). @@ -159,7 +177,7 @@ the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). If it is a problem with OpenSSL itself, try removing any compiler optimization flags from the CFLAG line - in Makefile and run "make clean; make". Please send a bug + in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of "make report" in order to be added to the request tracker at http://www.openssl.org/support/rt2.html. @@ -312,7 +330,7 @@ Note on support for multiple builds ----------------------------------- - OpenSSL is usually built in it's source tree. Unfortunately, this doesn't + OpenSSL is usually built in its source tree. Unfortunately, this doesn't support building for multiple platforms from the same source tree very well. It is however possible to build in a separate tree through the use of lots of symbolic links, which should be prepared like this: diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE index 4027788..e6afecc 100644 --- a/crypto/openssl/LICENSE +++ b/crypto/openssl/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile index 9c284bf..18fa5a3 100644 --- a/crypto/openssl/Makefile +++ b/crypto/openssl/Makefile @@ -4,16 +4,16 @@ ## Makefile for OpenSSL ## -VERSION=0.9.7e +VERSION=0.9.8b MAJOR=0 -MINOR=9.7 -SHLIB_VERSION_NUMBER=0.9.7 +MINOR=9.8 +SHLIB_VERSION_NUMBER=0.9.8 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=0 -SHLIB_MINOR=9.7 +SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-krb5 +OPTIONS= no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -60,9 +60,8 @@ OPENSSLDIR=/usr/local/ssl # PKCS1_CHECK - pkcs1 tests. CC= cc -#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -CFLAG= -DOPENSSL_NO_KRB5 -O -DEPFLAG= +CFLAG= -O +DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 PEX_LIBS= EX_LIBS= EXE_EXT= @@ -82,113 +81,45 @@ MAKEDEPPROG=makedepend AS=$(CC) -c ASFLAG=$(CFLAG) -# Set BN_ASM to bn_asm.o if you want to use the C version -BN_ASM= bn_asm.o -#BN_ASM= bn_asm.o -#BN_ASM= asm/bn86-elf.o # elf, linux-elf -#BN_ASM= asm/bn86-sol.o # solaris -#BN_ASM= asm/bn86-out.o # a.out, FreeBSD -#BN_ASM= asm/bn86bsdi.o # bsdi -#BN_ASM= asm/alpha.o # DEC Alpha -#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC -#BN_ASM= asm/r3000.o # SGI MIPS cpu -#BN_ASM= asm/sparc.o # Sun solaris/SunOS -#BN_ASM= asm/bn-win32.o # Windows 95/NT -#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS -#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1 - # For x86 assembler: Set PROCESSOR to 386 if you want to support # the 80386. PROCESSOR= -# Set DES_ENC to des_enc.o if you want to use the C version -#There are 4 x86 assember options. -FIPS_DES_ENC= fips_des_enc.o +# CPUID module collects small commonly used assembler snippets +CPUID_OBJ= +BN_ASM= bn_asm.o DES_ENC= des_enc.o fcrypt_b.o -#DES_ENC= des_enc.o fcrypt_b.o # C -#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf -#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris -#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD -#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi - -# Set BF_ENC to bf_enc.o if you want to use the C version -#There are 4 x86 assember options. +AES_ASM_OBJ= aes_core.o aes_cbc.o BF_ENC= bf_enc.o -#BF_ENC= bf_enc.o -#BF_ENC= asm/bx86-elf.o # elf -#BF_ENC= asm/bx86-sol.o # solaris -#BF_ENC= asm/bx86-out.o # a.out, FreeBSD -#BF_ENC= asm/bx86bsdi.o # bsdi - -# Set CAST_ENC to c_enc.o if you want to use the C version -#There are 4 x86 assember options. CAST_ENC= c_enc.o -#CAST_ENC= c_enc.o -#CAST_ENC= asm/cx86-elf.o # elf -#CAST_ENC= asm/cx86-sol.o # solaris -#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD -#CAST_ENC= asm/cx86bsdi.o # bsdi - -# Set RC4_ENC to rc4_enc.o if you want to use the C version -#There are 4 x86 assember options. RC4_ENC= rc4_enc.o -#RC4_ENC= rc4_enc.o -#RC4_ENC= asm/rx86-elf.o # elf -#RC4_ENC= asm/rx86-sol.o # solaris -#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD -#RC4_ENC= asm/rx86bsdi.o # bsdi - -# Set RC5_ENC to rc5_enc.o if you want to use the C version -#There are 4 x86 assember options. RC5_ENC= rc5_enc.o -#RC5_ENC= rc5_enc.o -#RC5_ENC= asm/r586-elf.o # elf -#RC5_ENC= asm/r586-sol.o # solaris -#RC5_ENC= asm/r586-out.o # a.out, FreeBSD -#RC5_ENC= asm/r586bsdi.o # bsdi - -# Also need MD5_ASM defined MD5_ASM_OBJ= -#MD5_ASM_OBJ= asm/mx86-elf.o # elf -#MD5_ASM_OBJ= asm/mx86-sol.o # solaris -#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD -#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi - -# Also need SHA1_ASM defined SHA1_ASM_OBJ= -FIPS_SHA1_ASM_OBJ= -#SHA1_ASM_OBJ= asm/sx86-elf.o # elf -#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris -#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD -#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi - -# Also need RMD160_ASM defined RMD160_ASM_OBJ= -#RMD160_ASM_OBJ= asm/rm86-elf.o # elf -#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris -#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD -#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi # KRB5 stuff KRB5_INCLUDES= LIBKRB5= -# When we're prepared to use shared libraries in the programs we link here -# we might set SHLIB_MARK to '$(SHARED_LIBS)'. -SHLIB_MARK= +# Zlib stuff +ZLIB_INCLUDE= +LIBZLIB= -DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools -SHLIBDIRS= fips crypto ssl +DIRS= crypto ssl engines apps test tools +SHLIBDIRS= crypto ssl # dirs in crypto to build -SDIRS= objects \ - md2 md4 md5 sha mdc2 hmac ripemd \ - des rc2 rc4 rc5 idea bf cast \ - bn ec rsa dsa dh dso engine aes \ +SDIRS= \ + objects \ + md2 md4 md5 sha hmac ripemd \ + des aes rc2 rc4 idea bf cast \ + bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 - -FDIRS= sha1 rand des aes dsa rsa dh + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store pqueue +# keep in mind that the above list is adjusted by ./Configure +# according to no-xxx arguments... # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -207,7 +138,6 @@ ONEDIRS=out tmp EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS WDIRS= windows LIBS= libcrypto.a libssl.a -SIGS= libcrypto.a.sha1 SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= @@ -222,45 +152,106 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -# When we're prepared to use shared libraries in the programs we link here -# we might remove 'clean-shared' from the targets to perform at this stage +all: Makefile build_all openssl.pc libssl.pc libcrypto.pc + +# as we stick to -e, CLEARENV ensures that local variables in lower +# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn +# shell, which [annoyingly enough] terminates unset with error if VAR +# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, +# which terminates unset with error if no variable was present:-( +CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ + $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ + $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ + $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ + $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ + $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ + $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ + $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \ + $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ + $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} + +BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ + CC='${CC}' CFLAG='${CFLAG}' \ + AS='${CC}' ASFLAG='${CFLAG} -c' \ + AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ + SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ + INSTALL_PREFIX='${INSTALL_PREFIX}' \ + INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ + MAKEDEPPROG='${MAKEDEPPROG}' \ + SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ + KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ + EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ + SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \ + PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \ + CPUID_OBJ='${CPUID_OBJ}' \ + BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \ + AES_ASM_OBJ='${AES_ASM_OBJ}' \ + BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \ + RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \ + SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ + MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ + RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= +# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, +# which in turn eliminates ambiguities in variable treatment with -e. + +# BUILD_CMD is a generic macro to build a given target in a given +# subdirectory. The target must be given through the shell variable +# `target' and the subdirectory to build in must be given through `dir'. +# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or +# BUILD_ONE_CMD instead. +# +# BUILD_ONE_CMD is a macro to build a given target in a given +# subdirectory if that subdirectory is part of $(DIRS). It requires +# exactly the same shell variables as BUILD_CMD. +# +# RECURSIVE_BUILD_CMD is a macro to build a given target in all +# subdirectories defined in $(DIRS). It requires that the target +# is given through the shell variable `target'. +BUILD_CMD= if [ -d "$$dir" ]; then \ + ( cd $$dir && echo "making $$target in $$dir..." && \ + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ + ) || exit 1; \ + fi +RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done +BUILD_ONE_CMD=\ + if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \ + $(BUILD_CMD); \ + fi -all: Makefile sub_all openssl.pc +reflect: + @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -sigs: $(SIGS) -libcrypto.a.sha1: libcrypto.a - if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - $(RANLIB) libcrypto.a; \ - fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \ - fi +sub_all: build_all +build_all: build_libs build_apps build_tests build_tools -sub_all: - @for i in $(DIRS); \ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ - else \ - $(MAKE) $$i; \ - fi; \ - done; +build_libs: build_crypto build_ssl build_engines -sub_target: - @for i in $(DIRS); \ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making $(TARGET) in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \ - else \ - $(MAKE) $$i; \ - fi; \ - done; +build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +build_ssl: + @dir=ssl; target=all; $(BUILD_ONE_CMD) +build_engines: + @dir=engines; target=all; $(BUILD_ONE_CMD) +build_apps: + @dir=apps; target=all; $(BUILD_ONE_CMD) +build_tests: + @dir=test; target=all; $(BUILD_ONE_CMD) +build_tools: + @dir=tools; target=all; $(BUILD_ONE_CMD) + +all_testapps: build_libs build_testapps +build_testapps: + @dir=crypto; target=testapps; $(BUILD_ONE_CMD) libcrypto$(SHLIB_EXT): libcrypto.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ $(MAKE) SHLIBDIRS=crypto build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ fi libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @@ -268,10 +259,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ fi clean-shared: - @for i in $(SHLIBDIRS); do \ + @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ tmp="$(SHARED_LIBS_LINK_EXTS)"; \ for j in $${tmp:-x}; do \ @@ -280,327 +272,59 @@ clean-shared: fi; \ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ if [ "$(PLATFORM)" = "Cygwin" ]; then \ - ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ + ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ fi; \ done link-shared: - @if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ - tmp="$(SHARED_LIBS_LINK_EXTS)"; \ - for i in $(SHLIBDIRS); do \ - prev=lib$$i$(SHLIB_EXT); \ - for j in $${tmp:-x}; do \ - ( set -x; \ - rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ - prev=lib$$i$$j; \ - done; \ - done; \ - fi - -build-shared: clean-shared do_$(SHLIB_TARGET) link-shared - -do_bsd-gcc-shared: do_gnu-shared -do_linux-shared: do_gnu-shared -do_gnu-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-Bsymbolic \ - -Wl,--whole-archive lib$$i.a \ - -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done - -DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null - -# For Darwin AKA Mac OS/X (dyld) -do_darwin-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ - lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ - -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ - libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \ - echo "" ; \ + @ set -e; for i in ${SHLIBDIRS}; do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ + LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + symlink.$(SHLIB_TARGET); \ + libs="$$libs -l$$i"; \ done -do_cygwin-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \ - -Wl,-Bsymbolic \ - -Wl,--whole-archive lib$$i.a \ - -Wl,--out-implib,lib$$i.dll.a \ - -Wl,--no-whole-archive $$libs ) || exit 1; \ - libs="-l$$i $$libs"; \ - done - -# This assumes that GNU utilities are *not* used -do_alpha-osf1-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -# The difference between alpha-osf1-shared and tru64-shared is the `-msym' -# option passed to the linker. -do_tru64-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -msym -o lib$$i.so \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -# The difference between tru64-shared and tru64-shared-rpath is the -# -rpath ${INSTALLTOP}/lib passed to the linker. -do_tru64-shared-rpath: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -msym -o lib$$i.so \ - -rpath ${INSTALLTOP}/lib \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - - -# This assumes that GNU utilities are *not* used -do_solaris-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - MINUSZ='-z '; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ - set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \ - -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-Bsymbolic \ - $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ - $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# OpenServer 5 native compilers used -do_svr3-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - find . -name "*.o" -print > allobjs ; \ - OBJS= ; export OBJS ; \ - for obj in `ar t lib$$i.a` ; do \ - OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ - done ; \ - set -x; ${CC} ${SHARED_LDFLAGS} \ - -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# UnixWare 7 and OpenUNIX 8 native compilers used -do_svr5-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - SHARE_FLAG='-G'; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ - find . -name "*.o" -print > allobjs ; \ - OBJS= ; export OBJS ; \ - for obj in `ar t lib$$i.a` ; do \ - OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ - done ; \ - set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \ - ${CC} ${SHARED_LDFLAGS} \ - $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi +build-shared: do_$(SHLIB_TARGET) link-shared -# This assumes that GNU utilities are *not* used -do_irix-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ +do_$(SHLIB_TARGET): + @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ - ( WHOLELIB="-all lib$$i.a -notall"; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \ - set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ + LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -# HP-UX includes the full pathname of libs we depend on, so we would get -# ./libcrypto (with ./ as path information) compiled into libssl, hence -# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto -# anyway. -# The object modules are loaded from lib$i.a using the undocumented -Fl -# option. -# -# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH -# by temporarily specifying "+s"! -# -do_hpux-shared: - for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ - +vnocompatwarnings \ - -b -z +s \ - -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Fl lib$$i.a -ldld -lc ) || exit 1; \ - chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ done -# This assumes that GNU utilities are *not* used -# HP-UX includes the full pathname of libs we depend on, so we would get -# ./libcrypto (with ./ as path information) compiled into libssl, hence -# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto -# anyway. -# -# HP-UX in 64bit mode has "+s" enabled by default; it will search for -# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH. -# -do_hpux64-shared: - for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ - -b -z \ - -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +forceload lib$$i.a -ldl -lc ) || exit 1; \ - chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ - done - -# The following method is said to work on all platforms. Tests will -# determine if that's how it's gong to be used. -# This assumes that for all but GNU systems, GNU utilities are *not* used. -# ALLSYMSFLAGS would be: -# GNU systems: --whole-archive -# Tru64 Unix: -all -# Solaris: -z allextract -# Irix: -all -# HP/UX-32bit: -Fl -# HP/UX-64bit: +forceload -# AIX: -bnogc -# SHAREDFLAGS would be: -# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -# Tru64 Unix: -shared \ -# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" -# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -# HP/UX-32bit: +vnocompatwarnings -b -z +s \ -# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} -# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} -# AIX: -G -bE:lib$$i.exp -bM:SRE -# SHAREDCMD would be: -# GNU systems: $(CC) -# Tru64 Unix: $(CC) -# Solaris: $(CC) -# Irix: $(CC) -# HP/UX-32bit: /usr/ccs/bin/ld -# HP/UX-64bit: /usr/ccs/bin/ld -# AIX: $(CC) -ALLSYMSFLAG=-bnogc -SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE -SHAREDCMD=$(CC) -do_aix-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; \ - ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \ - ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ - $(SHAREDCMD) $(SHAREDFLAGS) \ - -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \ - $$libs ${EX_LIBS} ) ) \ - || exit 1; \ - libs="-l$$i $$libs"; \ - done +libcrypto.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/lib'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL-libcrypto'; \ + echo 'Description: OpenSSL cryptography library'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ + echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc -do_reliantunix-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \ - ( set -x; \ - ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \ - cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \ - ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \ - ) || exit 1; \ - cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \ - ) || exit 1; \ - rm -rf $$tmpdir ; \ - libs="-l$$i $$libs"; \ - done +libssl.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/lib'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ @@ -612,31 +336,25 @@ openssl.pc: Makefile echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc -Makefile: Makefile.org - @echo "Makefile is older than Makefile.org." +Makefile: Makefile.org Configure config + @echo "Makefile is older than Makefile.org, Configure or config." @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." @false libclean: - rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib + rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib clean: libclean rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making clean in $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \ - rm -f $(LIBS); \ - fi; \ - done; - rm -f openssl.pc + @set -e; target=clean; $(RECURSIVE_BUILD_CMD) + rm -f $(LIBS) + rm -f openssl.pc libssl.pc libcrypto.pc rm -f speed.* .pure rm -f $(TARFILE) - @for i in $(ONEDIRS) ;\ + @set -e; for i in $(ONEDIRS) ;\ do \ rm -fr $$i/*; \ done @@ -647,84 +365,44 @@ makefile.one: files files: $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making 'files' in $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \ - fi; \ - done; + @set -e; target=files; $(RECURSIVE_BUILD_CMD) links: @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @for i in $(DIRS); do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making links in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ - fi; \ - done; + @set -e; target=links; $(RECURSIVE_BUILD_CMD) gentests: @(cd test && echo "generating dummy tests (if needed)..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); dclean: rm -f *.bak - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making dclean in $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \ - fi; \ - done; + @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) rehash: rehash.time rehash.time: certs - @(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - $(PERL) tools/c_rehash certs) + @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs) touch rehash.time test: tests tests: rehash @(cd test && echo "testing..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - apps/openssl version -a + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); + util/opensslwrap.sh version -a report: @$(PERL) util/selftest.pl depend: - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making dependencies $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \ - fi; \ - done; + @set -e; target=depend; $(RECURSIVE_BUILD_CMD) lint: - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making lint $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \ - fi; \ - done; + @set -e; target=lint; $(RECURSIVE_BUILD_CMD) tags: rm -f TAGS @@ -732,7 +410,8 @@ tags: errors: $(PERL) util/mkerr.pl -recurse -write - (cd crypto/engine; $(MAKE) PERL=$(PERL) errors) + (cd engines; $(MAKE) PERL=$(PERL) errors) + $(PERL) util/ck_errf.pl */*.c */*/*.c stacks: $(PERL) util/mkstack.pl -write @@ -751,11 +430,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c apps/openssl-vms.cnf: apps/openssl.cnf $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf +crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl + $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h + + TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE +update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar @@ -790,45 +473,36 @@ dist: @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar dist_pem_h: - (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private - @for i in $(EXHEADER) ;\ + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i; echo "installing $$i..."; \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \ - fi; \ - done - @for i in $(LIBS) ;\ + @set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; for i in $(LIBS) ;\ do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - : ; \ - else \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - fi; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done; - @if [ -n "$(SHARED_LIBS)" ]; then \ + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ tmp="$(SHARED_LIBS)"; \ for i in $${tmp:-x}; \ do \ @@ -839,20 +513,19 @@ install_sw: chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ - c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - set $(MAKE); \ - $$1 -f $$here/Makefile link-shared ); \ + $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ echo ' $(INSTALLTOP)'; \ @@ -860,15 +533,10 @@ install_sw: sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi - @for i in $(SIGS) ;\ - do \ - if [ -f "$$i" ]; then \ - ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ - fi; \ - done; + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc @@ -881,12 +549,12 @@ install_docs: @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ - if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \ + if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ filecase=-i; \ fi; \ - for i in doc/apps/*.pod; do \ + set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ - if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ @@ -894,16 +562,16 @@ install_docs: --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - grep -v "[ ]" | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ - for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ - if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ @@ -911,8 +579,8 @@ install_docs: --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - grep -v "[ ]" | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org index 7a30aca..eaa9a11 100644 --- a/crypto/openssl/Makefile.org +++ b/crypto/openssl/Makefile.org @@ -57,9 +57,8 @@ OPENSSLDIR=/usr/local/ssl # equal 4. # PKCS1_CHECK - pkcs1 tests. -CC= gcc -#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM +CC= cc +CFLAG= -O DEPFLAG= PEX_LIBS= EX_LIBS= @@ -80,113 +79,45 @@ MAKEDEPPROG=makedepend AS=$(CC) -c ASFLAG=$(CFLAG) -# Set BN_ASM to bn_asm.o if you want to use the C version -BN_ASM= bn_asm.o -#BN_ASM= bn_asm.o -#BN_ASM= asm/bn86-elf.o # elf, linux-elf -#BN_ASM= asm/bn86-sol.o # solaris -#BN_ASM= asm/bn86-out.o # a.out, FreeBSD -#BN_ASM= asm/bn86bsdi.o # bsdi -#BN_ASM= asm/alpha.o # DEC Alpha -#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC -#BN_ASM= asm/r3000.o # SGI MIPS cpu -#BN_ASM= asm/sparc.o # Sun solaris/SunOS -#BN_ASM= asm/bn-win32.o # Windows 95/NT -#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS -#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1 - # For x86 assembler: Set PROCESSOR to 386 if you want to support # the 80386. PROCESSOR= -# Set DES_ENC to des_enc.o if you want to use the C version -#There are 4 x86 assember options. -FIPS_DES_ENC= des_enc.o fcrypt_b.o -DES_ENC= asm/dx86-out.o asm/yx86-out.o -#DES_ENC= des_enc.o fcrypt_b.o # C -#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf -#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris -#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD -#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi - -# Set BF_ENC to bf_enc.o if you want to use the C version -#There are 4 x86 assember options. -BF_ENC= asm/bx86-out.o -#BF_ENC= bf_enc.o -#BF_ENC= asm/bx86-elf.o # elf -#BF_ENC= asm/bx86-sol.o # solaris -#BF_ENC= asm/bx86-out.o # a.out, FreeBSD -#BF_ENC= asm/bx86bsdi.o # bsdi - -# Set CAST_ENC to c_enc.o if you want to use the C version -#There are 4 x86 assember options. -CAST_ENC= asm/cx86-out.o -#CAST_ENC= c_enc.o -#CAST_ENC= asm/cx86-elf.o # elf -#CAST_ENC= asm/cx86-sol.o # solaris -#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD -#CAST_ENC= asm/cx86bsdi.o # bsdi - -# Set RC4_ENC to rc4_enc.o if you want to use the C version -#There are 4 x86 assember options. -RC4_ENC= asm/rx86-out.o -#RC4_ENC= rc4_enc.o -#RC4_ENC= asm/rx86-elf.o # elf -#RC4_ENC= asm/rx86-sol.o # solaris -#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD -#RC4_ENC= asm/rx86bsdi.o # bsdi - -# Set RC5_ENC to rc5_enc.o if you want to use the C version -#There are 4 x86 assember options. -RC5_ENC= asm/r586-out.o -#RC5_ENC= rc5_enc.o -#RC5_ENC= asm/r586-elf.o # elf -#RC5_ENC= asm/r586-sol.o # solaris -#RC5_ENC= asm/r586-out.o # a.out, FreeBSD -#RC5_ENC= asm/r586bsdi.o # bsdi - -# Also need MD5_ASM defined -MD5_ASM_OBJ= asm/mx86-out.o -#MD5_ASM_OBJ= asm/mx86-elf.o # elf -#MD5_ASM_OBJ= asm/mx86-sol.o # solaris -#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD -#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi - -# Also need SHA1_ASM defined -SHA1_ASM_OBJ= asm/sx86-out.o -FIPS_SHA1_ASM_OBJ= asm/sx86-out.o -#SHA1_ASM_OBJ= asm/sx86-elf.o # elf -#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris -#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD -#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi - -# Also need RMD160_ASM defined -RMD160_ASM_OBJ= asm/rm86-out.o -#RMD160_ASM_OBJ= asm/rm86-elf.o # elf -#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris -#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD -#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi +# CPUID module collects small commonly used assembler snippets +CPUID_OBJ= +BN_ASM= bn_asm.o +DES_ENC= des_enc.o fcrypt_b.o +AES_ASM_OBJ=aes_core.o aes_cbc.o +BF_ENC= bf_enc.o +CAST_ENC= c_enc.o +RC4_ENC= rc4_enc.o +RC5_ENC= rc5_enc.o +MD5_ASM_OBJ= +SHA1_ASM_OBJ= +RMD160_ASM_OBJ= # KRB5 stuff KRB5_INCLUDES= LIBKRB5= -# When we're prepared to use shared libraries in the programs we link here -# we might set SHLIB_MARK to '$(SHARED_LIBS)'. -SHLIB_MARK= +# Zlib stuff +ZLIB_INCLUDE= +LIBZLIB= -DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools -SHLIBDIRS= fips crypto ssl +DIRS= crypto ssl engines apps test tools +SHLIBDIRS= crypto ssl # dirs in crypto to build -SDIRS= objects \ +SDIRS= \ + objects \ md2 md4 md5 sha mdc2 hmac ripemd \ - des rc2 rc4 rc5 idea bf cast \ - bn ec rsa dsa dh dso engine aes \ + des aes rc2 rc4 rc5 idea bf cast \ + bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 - -FDIRS= sha1 rand des aes dsa rsa dh + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store pqueue +# keep in mind that the above list is adjusted by ./Configure +# according to no-xxx arguments... # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -205,7 +136,6 @@ ONEDIRS=out tmp EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS WDIRS= windows LIBS= libcrypto.a libssl.a -SIGS= libcrypto.a.sha1 SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= @@ -220,45 +150,106 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -# When we're prepared to use shared libraries in the programs we link here -# we might remove 'clean-shared' from the targets to perform at this stage +all: Makefile build_all openssl.pc libssl.pc libcrypto.pc + +# as we stick to -e, CLEARENV ensures that local variables in lower +# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn +# shell, which [annoyingly enough] terminates unset with error if VAR +# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, +# which terminates unset with error if no variable was present:-( +CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ + $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ + $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ + $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ + $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ + $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ + $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ + $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \ + $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ + $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} + +BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ + CC='${CC}' CFLAG='${CFLAG}' \ + AS='${CC}' ASFLAG='${CFLAG} -c' \ + AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ + SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ + INSTALL_PREFIX='${INSTALL_PREFIX}' \ + INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ + MAKEDEPPROG='${MAKEDEPPROG}' \ + SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ + KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ + EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ + SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \ + PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \ + CPUID_OBJ='${CPUID_OBJ}' \ + BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \ + AES_ASM_OBJ='${AES_ASM_OBJ}' \ + BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \ + RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \ + SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ + MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ + RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= +# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, +# which in turn eliminates ambiguities in variable treatment with -e. + +# BUILD_CMD is a generic macro to build a given target in a given +# subdirectory. The target must be given through the shell variable +# `target' and the subdirectory to build in must be given through `dir'. +# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or +# BUILD_ONE_CMD instead. +# +# BUILD_ONE_CMD is a macro to build a given target in a given +# subdirectory if that subdirectory is part of $(DIRS). It requires +# exactly the same shell variables as BUILD_CMD. +# +# RECURSIVE_BUILD_CMD is a macro to build a given target in all +# subdirectories defined in $(DIRS). It requires that the target +# is given through the shell variable `target'. +BUILD_CMD= if [ -d "$$dir" ]; then \ + ( cd $$dir && echo "making $$target in $$dir..." && \ + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ + ) || exit 1; \ + fi +RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done +BUILD_ONE_CMD=\ + if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \ + $(BUILD_CMD); \ + fi -all: Makefile sub_all openssl.pc +reflect: + @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -sigs: $(SIGS) -libcrypto.a.sha1: libcrypto.a - if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - $(RANLIB) libcrypto.a; \ - fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \ - fi +sub_all: build_all +build_all: build_libs build_apps build_tests build_tools -sub_all: - @for i in $(DIRS); \ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ - else \ - $(MAKE) $$i; \ - fi; \ - done; +build_libs: build_crypto build_ssl build_engines -sub_target: - @for i in $(DIRS); \ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making $(TARGET) in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \ - else \ - $(MAKE) $$i; \ - fi; \ - done; +build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +build_ssl: + @dir=ssl; target=all; $(BUILD_ONE_CMD) +build_engines: + @dir=engines; target=all; $(BUILD_ONE_CMD) +build_apps: + @dir=apps; target=all; $(BUILD_ONE_CMD) +build_tests: + @dir=test; target=all; $(BUILD_ONE_CMD) +build_tools: + @dir=tools; target=all; $(BUILD_ONE_CMD) + +all_testapps: build_libs build_testapps +build_testapps: + @dir=crypto; target=testapps; $(BUILD_ONE_CMD) libcrypto$(SHLIB_EXT): libcrypto.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ $(MAKE) SHLIBDIRS=crypto build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ fi libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @@ -266,10 +257,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ fi clean-shared: - @for i in $(SHLIBDIRS); do \ + @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ tmp="$(SHARED_LIBS_LINK_EXTS)"; \ for j in $${tmp:-x}; do \ @@ -278,327 +270,59 @@ clean-shared: fi; \ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ if [ "$(PLATFORM)" = "Cygwin" ]; then \ - ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ + ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ fi; \ done link-shared: - @if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ - tmp="$(SHARED_LIBS_LINK_EXTS)"; \ - for i in $(SHLIBDIRS); do \ - prev=lib$$i$(SHLIB_EXT); \ - for j in $${tmp:-x}; do \ - ( set -x; \ - rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ - prev=lib$$i$$j; \ - done; \ - done; \ - fi - -build-shared: clean-shared do_$(SHLIB_TARGET) link-shared - -do_bsd-gcc-shared: do_gnu-shared -do_linux-shared: do_gnu-shared -do_gnu-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-Bsymbolic \ - -Wl,--whole-archive lib$$i.a \ - -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done - -DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null - -# For Darwin AKA Mac OS/X (dyld) -do_darwin-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ - lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ - -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ - libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \ - echo "" ; \ + @ set -e; for i in ${SHLIBDIRS}; do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ + LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + symlink.$(SHLIB_TARGET); \ + libs="$$libs -l$$i"; \ done -do_cygwin-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \ - -Wl,-Bsymbolic \ - -Wl,--whole-archive lib$$i.a \ - -Wl,--out-implib,lib$$i.dll.a \ - -Wl,--no-whole-archive $$libs ) || exit 1; \ - libs="-l$$i $$libs"; \ - done - -# This assumes that GNU utilities are *not* used -do_alpha-osf1-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -# The difference between alpha-osf1-shared and tru64-shared is the `-msym' -# option passed to the linker. -do_tru64-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -msym -o lib$$i.so \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -# The difference between tru64-shared and tru64-shared-rpath is the -# -rpath ${INSTALLTOP}/lib passed to the linker. -do_tru64-shared-rpath: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -msym -o lib$$i.so \ - -rpath ${INSTALLTOP}/lib \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - - -# This assumes that GNU utilities are *not* used -do_solaris-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - MINUSZ='-z '; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ - set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \ - -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-Bsymbolic \ - $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ - $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# OpenServer 5 native compilers used -do_svr3-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - find . -name "*.o" -print > allobjs ; \ - OBJS= ; export OBJS ; \ - for obj in `ar t lib$$i.a` ; do \ - OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ - done ; \ - set -x; ${CC} ${SHARED_LDFLAGS} \ - -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi +build-shared: do_$(SHLIB_TARGET) link-shared -# UnixWare 7 and OpenUNIX 8 native compilers used -do_svr5-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ +do_$(SHLIB_TARGET): + @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - SHARE_FLAG='-G'; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ - find . -name "*.o" -print > allobjs ; \ - OBJS= ; export OBJS ; \ - for obj in `ar t lib$$i.a` ; do \ - OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ - done ; \ - set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \ - ${CC} ${SHARED_LDFLAGS} \ - $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ + LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -do_irix-shared: - if ${DETECT_GNU_LD}; then \ - $(MAKE) do_gnu-shared; \ - else \ - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( WHOLELIB="-all lib$$i.a -notall"; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \ - set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \ - libs="-l$$i $$libs"; \ - done; \ - fi - -# This assumes that GNU utilities are *not* used -# HP-UX includes the full pathname of libs we depend on, so we would get -# ./libcrypto (with ./ as path information) compiled into libssl, hence -# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto -# anyway. -# The object modules are loaded from lib$i.a using the undocumented -Fl -# option. -# -# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH -# by temporarily specifying "+s"! -# -do_hpux-shared: - for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ - +vnocompatwarnings \ - -b -z +s \ - -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Fl lib$$i.a -ldld -lc ) || exit 1; \ - chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ - done - -# This assumes that GNU utilities are *not* used -# HP-UX includes the full pathname of libs we depend on, so we would get -# ./libcrypto (with ./ as path information) compiled into libssl, hence -# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto -# anyway. -# -# HP-UX in 64bit mode has "+s" enabled by default; it will search for -# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH. -# -do_hpux64-shared: - for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ - -b -z \ - -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - +forceload lib$$i.a -ldl -lc ) || exit 1; \ - chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ done -# The following method is said to work on all platforms. Tests will -# determine if that's how it's gong to be used. -# This assumes that for all but GNU systems, GNU utilities are *not* used. -# ALLSYMSFLAGS would be: -# GNU systems: --whole-archive -# Tru64 Unix: -all -# Solaris: -z allextract -# Irix: -all -# HP/UX-32bit: -Fl -# HP/UX-64bit: +forceload -# AIX: -bnogc -# SHAREDFLAGS would be: -# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -# Tru64 Unix: -shared \ -# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" -# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -# HP/UX-32bit: +vnocompatwarnings -b -z +s \ -# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} -# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} -# AIX: -G -bE:lib$$i.exp -bM:SRE -# SHAREDCMD would be: -# GNU systems: $(CC) -# Tru64 Unix: $(CC) -# Solaris: $(CC) -# Irix: $(CC) -# HP/UX-32bit: /usr/ccs/bin/ld -# HP/UX-64bit: /usr/ccs/bin/ld -# AIX: $(CC) -ALLSYMSFLAG=-bnogc -SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE -SHAREDCMD=$(CC) -do_aix-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - ( set -x; \ - ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \ - ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ - $(SHAREDCMD) $(SHAREDFLAGS) \ - -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \ - $$libs ${EX_LIBS} ) ) \ - || exit 1; \ - libs="-l$$i $$libs"; \ - done +libcrypto.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/lib'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL-libcrypto'; \ + echo 'Description: OpenSSL cryptography library'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ + echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc -do_reliantunix-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \ - ( set -x; \ - ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \ - cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \ - ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \ - ) || exit 1; \ - cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \ - ) || exit 1; \ - rm -rf $$tmpdir ; \ - libs="-l$$i $$libs"; \ - done +libssl.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/lib'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ @@ -610,31 +334,25 @@ openssl.pc: Makefile echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc -Makefile: Makefile.org - @echo "Makefile is older than Makefile.org." +Makefile: Makefile.org Configure config + @echo "Makefile is older than Makefile.org, Configure or config." @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." @false libclean: - rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib + rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib clean: libclean rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making clean in $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \ - rm -f $(LIBS); \ - fi; \ - done; - rm -f openssl.pc + @set -e; target=clean; $(RECURSIVE_BUILD_CMD) + rm -f $(LIBS) + rm -f openssl.pc libssl.pc libcrypto.pc rm -f speed.* .pure rm -f $(TARFILE) - @for i in $(ONEDIRS) ;\ + @set -e; for i in $(ONEDIRS) ;\ do \ rm -fr $$i/*; \ done @@ -645,84 +363,44 @@ makefile.one: files files: $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making 'files' in $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \ - fi; \ - done; + @set -e; target=files; $(RECURSIVE_BUILD_CMD) links: @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @for i in $(DIRS); do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making links in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ - fi; \ - done; + @set -e; target=links; $(RECURSIVE_BUILD_CMD) gentests: @(cd test && echo "generating dummy tests (if needed)..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); dclean: rm -f *.bak - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making dclean in $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \ - fi; \ - done; + @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) rehash: rehash.time rehash.time: certs - @(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - $(PERL) tools/c_rehash certs) + @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs) touch rehash.time test: tests tests: rehash @(cd test && echo "testing..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - apps/openssl version -a + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); + util/opensslwrap.sh version -a report: @$(PERL) util/selftest.pl depend: - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making dependencies $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \ - fi; \ - done; + @set -e; target=depend; $(RECURSIVE_BUILD_CMD) lint: - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i && echo "making lint $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \ - fi; \ - done; + @set -e; target=lint; $(RECURSIVE_BUILD_CMD) tags: rm -f TAGS @@ -730,7 +408,8 @@ tags: errors: $(PERL) util/mkerr.pl -recurse -write - (cd crypto/engine; $(MAKE) PERL=$(PERL) errors) + (cd engines; $(MAKE) PERL=$(PERL) errors) + $(PERL) util/ck_errf.pl */*.c */*/*.c stacks: $(PERL) util/mkstack.pl -write @@ -749,11 +428,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c apps/openssl-vms.cnf: apps/openssl.cnf $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf +crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl + $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h + + TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE +update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar @@ -788,45 +471,36 @@ dist: @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar dist_pem_h: - (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private - @for i in $(EXHEADER) ;\ + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; - @for i in $(DIRS) ;\ - do \ - if [ -d "$$i" ]; then \ - (cd $$i; echo "installing $$i..."; \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \ - fi; \ - done - @for i in $(LIBS) ;\ + @set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; for i in $(LIBS) ;\ do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - : ; \ - else \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - fi; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done; - @if [ -n "$(SHARED_LIBS)" ]; then \ + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ tmp="$(SHARED_LIBS)"; \ for i in $${tmp:-x}; \ do \ @@ -837,20 +511,19 @@ install_sw: chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ - c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - set $(MAKE); \ - $$1 -f $$here/Makefile link-shared ); \ + $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ echo ' $(INSTALLTOP)'; \ @@ -858,15 +531,10 @@ install_sw: sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi - @for i in $(SIGS) ;\ - do \ - if [ -f "$$i" ]; then \ - ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ - fi; \ - done; + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc @@ -879,12 +547,12 @@ install_docs: @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ - if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \ + if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ filecase=-i; \ fi; \ - for i in doc/apps/*.pod; do \ + set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ - if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ @@ -892,16 +560,16 @@ install_docs: --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - grep -v "[ ]" | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ - for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ - if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ @@ -909,8 +577,8 @@ install_docs: --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - grep -v "[ ]" | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ diff --git a/crypto/openssl/Makefile.shared b/crypto/openssl/Makefile.shared new file mode 100644 index 0000000..ef1bfe1 --- /dev/null +++ b/crypto/openssl/Makefile.shared @@ -0,0 +1,603 @@ +# +# Helper makefile to link shared libraries in a portable way. +# This is much simpler than libtool, and hopefully not too error-prone. +# +# The following variables need to be set on the command line to build +# properly + +# CC contains the current compiler. This one MUST be defined +CC=cc +CFLAGS=$(CFLAG) +# LDFLAGS contains flags to be used when temporary object files (when building +# shared libraries) are created, or when an application is linked. +# SHARED_LDFLAGS contains flags to be used when the shared library is created. +LDFLAGS= +SHARED_LDFLAGS= + +# LIBNAME contains just the name of the library, without prefix ("lib" +# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so, +# .dll, ...). This one MUST have a value when using this makefile to +# build shared libraries. +# For example, to build libfoo.so, you need to do the following: +#LIBNAME=foo +LIBNAME= + +# APPNAME contains just the name of the application, without suffix ("" +# on Unix, ".exe" on Windows, ...). This one MUST have a value when using +# this makefile to build applications. +# For example, to build foo, you need to do the following: +#APPNAME=foo +APPNAME= + +# OBJECTS contains all the object files to link together into the application. +# This must contain at least one object file. +#OBJECTS=foo.o +OBJECTS= + +# LIBEXTRAS contains extra modules to link together with the library. +# For example, if a second library, say libbar.a needs to be linked into +# libfoo.so, you need to do the following: +#LIBEXTRAS=libbar.a +# Note that this MUST be used when using the link_o targets, to hold the +# names of all object files that go into the target library. +LIBEXTRAS= + +# LIBVERSION contains the current version of the library. +# For example, to build libfoo.so.1.2, you need to do the following: +#LIBVERSION=1.2 +LIBVERSION= + +# LIBCOMPATVERSIONS contains the compatibility versions (a list) of +# the library. They MUST be in decreasing order. +# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2 +# and libfoo.so.1, you need to do the following: +#LIBCOMPATVERSIONS=1.2 1 +# Note that on systems that use sonames, the last number will appear as +# part of it. +# It's also possible, for systems that support it (Tru64, for example), +# to add extra compatibility info with more precision, by adding a second +# list of versions, separated from the first with a semicolon, like this: +#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0 +LIBCOMPATVERSIONS= + +# LIBDEPS contains all the flags necessary to cover all necessary +# dependencies to other libraries. +LIBDEPS= + +#------------------------------------------------------------------------------ +# The rest is private to this makefile. + +SET_X=: +#SET_X=set -x + +top: + echo "Trying to use this makefile interactively? Don't." + +CALC_VERSIONS= \ + SHLIB_COMPAT=; SHLIB_SOVER=; \ + if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \ + prev=""; \ + for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \ + SHLIB_SOVER_NODOT=$$v; \ + SHLIB_SOVER=.$$v; \ + if [ -n "$$prev" ]; then \ + SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \ + fi; \ + prev=$$v; \ + done; \ + fi + +LINK_APP= \ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ + LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} ) + +LINK_SO= \ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ + SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ + $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ + ) && $(SYMLINK_SO); \ + ( $(SET_X); rm -f lib$(LIBNAME).exp ) + +SYMLINK_SO= \ + if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ + prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ + if [ -n "$$SHLIB_COMPAT" ]; then \ + for x in $$SHLIB_COMPAT; do \ + ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ + prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ + fi + +LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO) +LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO) + +LINK_SO_A_VIA_O= \ + SHOBJECTS=lib$(LIBNAME).o; \ + ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \ + ( $(SET_X); \ + ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \ + $(LINK_SO) && rm -f $(LIBNAME).o + +LINK_SO_A_UNPACKED= \ + UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ + (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \ + ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ + SHOBJECTS=$$UNPACKDIR/*.o; \ + $(LINK_SO) && rm -rf $$UNPACKDIR + +DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null + +DO_GNU_SO=$(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" + +#This is rather special. It's a special target with which one can link +#applications without bothering with any features that have anything to +#do with shared libraries, for example when linking against static +#libraries. It's mostly here to avoid a lot of conditionals everywhere +#else... +link_app.: + $(LINK_APP) + +link_o.gnu: + @ $(DO_GNU_SO); $(LINK_SO_O) +link_a.gnu: + @ $(DO_GNU_SO); $(LINK_SO_A) +link_app.gnu: + @ $(DO_GNU_APP); $(LINK_APP) + +link_o.bsd: + @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + LIBDEPS=" "; \ + ALLSYMSFLAGS="-Wl,-Bforcearchive"; \ + NOALLSYMSFLAGS=; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \ + fi; $(LINK_SO_O) +link_a.bsd: + @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + LIBDEPS=" "; \ + ALLSYMSFLAGS="-Wl,-Bforcearchive"; \ + NOALLSYMSFLAGS=; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \ + fi; $(LINK_SO_A) +link_app.bsd: + @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \ + LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \ + fi; $(LINK_APP) + +# For Darwin AKA Mac OS/X (dyld) +# link_o.darwin produces .so, because we let it use dso_dlfcn module, +# which has .so extension hard-coded. One can argue that one should +# develop special dso module for MacOS X. At least manual encourages +# to use native NSModule(3) API and refers to dlfcn as termporary hack. +link_o.darwin: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME); \ + SHLIB_SUFFIX=.so; \ + ALLSYMSFLAGS='-all_load'; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ + if [ -n "$(LIBVERSION)" ]; then \ + SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \ + fi; \ + if [ -n "$$SHLIB_SOVER_NODOT" ]; then \ + SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \ + fi; \ + $(LINK_SO_O) +link_a.darwin: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME); \ + SHLIB_SUFFIX=.dylib; \ + ALLSYMSFLAGS='-all_load'; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ + if [ -n "$(LIBVERSION)" ]; then \ + SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \ + fi; \ + if [ -n "$$SHLIB_SOVER_NODOT" ]; then \ + SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \ + fi; \ + SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \ + $(LINK_SO_A) +link_app.darwin: # is there run-path on darwin? + $(LINK_APP) + +link_o.cygwin: + @ $(CALC_VERSIONS); \ + INHIBIT_SYMLINKS=yes; \ + SHLIB=cyg$(LIBNAME); \ + expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \ + SHLIB_SUFFIX=.dll; \ + LIBVERSION="$(LIBVERSION)"; \ + SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ + $(LINK_SO_O) +link_a.cygwin: + @ $(CALC_VERSIONS); \ + INHIBIT_SYMLINKS=yes; \ + SHLIB=cyg$(LIBNAME); \ + expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \ + SHLIB_SUFFIX=.dll; \ + SHLIB_SOVER=-$(LIBVERSION); \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ + [ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \ + [ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \ + $(LINK_SO_A) || exit 1; \ + cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \ + cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/ +link_app.cygwin: + $(LINK_APP) + +link_o.alpha-osf1: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ + if [ -n "$$SHLIB_HIST" ]; then \ + SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ + else \ + SHLIB_HIST="$(LIBVERSION)"; \ + fi; \ + SHLIB_SOVER=; \ + ALLSYMSFLAGS='-all'; \ + NOALLSYMSFLAGS='-none'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \ + if [ -n "$$SHLIB_HIST" ]; then \ + SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ + fi; \ + fi; \ + $(LINK_SO_O) +link_a.alpha-osf1: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ + if [ -n "$$SHLIB_HIST" ]; then \ + SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ + else \ + SHLIB_HIST="$(LIBVERSION)"; \ + fi; \ + SHLIB_SOVER=; \ + ALLSYMSFLAGS='-all'; \ + NOALLSYMSFLAGS='-none'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \ + if [ -n "$$SHLIB_HIST" ]; then \ + SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ + fi; \ + fi; \ + $(LINK_SO_A) +link_app.alpha-osf1: + @if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \ + fi; \ + $(LINK_APP) + +link_o.solaris: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + MINUSZ='-z '; \ + ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS="$${MINUSZ}allextract"; \ + NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ + fi; \ + $(LINK_SO_O) +link_a.solaris: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + MINUSZ='-z '; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=;\ + ALLSYMSFLAGS="$${MINUSZ}allextract"; \ + NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ + fi; \ + $(LINK_SO_A) +link_app.solaris: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \ + fi; \ + $(LINK_APP) + +# OpenServer 5 native compilers used +link_o.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + $(LINK_SO_O) +link_a.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + $(LINK_SO_A_UNPACKED) +link_app.svr3: + @${DETECT_GNU_LD} && $(DO_GNU_APP); \ + $(LINK_APP) + +# UnixWare 7 and OpenUNIX 8 native compilers used +link_o.svr5: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHARE_FLAG='-G'; \ + ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + $(LINK_SO_O) +link_a.svr5: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHARE_FLAG='-G'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + $(LINK_SO_A_UNPACKED) +link_app.svr5: + @${DETECT_GNU_LD} && $(DO_GNU_APP); \ + $(LINK_APP) + +link_o.irix: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + MINUSWL=""; \ + ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ + ALLSYMSFLAGS="$${MINUSWL}-all"; \ + NOALLSYMSFLAGS="$${MINUSWL}-none"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + $(LINK_SO_O) +link_a.irix: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + MINUSWL=""; \ + ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ + ALLSYMSFLAGS="$${MINUSWL}-all"; \ + NOALLSYMSFLAGS="$${MINUSWL}-none"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + $(LINK_SO_A) +link_app.irix: + @LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \ + $(LINK_APP) + +# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so +# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite +# rules imply that we can only link one level down in catalog structure, +# but that's what takes place for the moment of this writing. +cdp option +# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link +# editor context only [it's simply ignored in other cases, which are all +# ELFs by the way]. +# +link_o.hpux: + @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).sl; \ + expr "$(CFLAGS)" : 'DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,-Fl'; \ + NOALLSYMSFLAGS=''; \ + expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ + $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +link_a.hpux: + @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).sl; \ + expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,-Fl'; \ + NOALLSYMSFLAGS=''; \ + expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + fi; \ + rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ + $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +link_app.hpux: + @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \ + LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \ + fi; \ + $(LINK_APP) + +link_o.aix: + @ $(CALC_VERSIONS); \ + OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \ + OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-bnogc'; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + $(LINK_SO_O); rm -rf lib$(LIBNAME).exp +link_a.aix: + @ $(CALC_VERSIONS); \ + OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \ + OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-bnogc'; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + $(LINK_SO_A_VIA_O) +link_app.aix: + LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \ + $(LINK_APP) + +link_o.reliantunix: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS=; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS='$(CFLAGS) -G'; \ + $(LINK_SO_O) +link_a.reliantunix: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS=; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS='$(CFLAGS) -G'; \ + $(LINK_SO_A_UNPACKED) +link_app.reliantunix: + $(LINK_APP) + +# Targets to build symbolic links when needed +symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ +symlink.aix symlink.reliantunix: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + $(SYMLINK_SO) +symlink.darwin: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME); \ + SHLIB_SUFFIX=.dylib; \ + $(SYMLINK_SO) +symlink.hpux: + @ $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).sl; \ + expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \ + $(SYMLINK_SO) +# The following lines means those specific architectures do no symlinks +symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath: + +# Compatibility targets +link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu +link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu +link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu +symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu +link_o.bsd-shared: link_o.bsd +link_a.bsd-shared: link_a.bsd +link_app.bsd-shared: link_app.bsd +link_o.darwin-shared: link_o.darwin +link_a.darwin-shared: link_a.darwin +link_app.darwin-shared: link_app.darwin +symlink.darwin-shared: symlink.darwin +link_o.cygwin-shared: link_o.cygwin +link_a.cygwin-shared: link_a.cygwin +link_app.cygwin-shared: link_app.cygwin +symlink.cygwin-shared: symlink.cygwin +link_o.alpha-osf1-shared: link_o.alpha-osf1 +link_a.alpha-osf1-shared: link_a.alpha-osf1 +link_app.alpha-osf1-shared: link_app.alpha-osf1 +symlink.alpha-osf1-shared: symlink.alpha-osf1 +link_o.tru64-shared: link_o.tru64 +link_a.tru64-shared: link_a.tru64 +link_app.tru64-shared: link_app.tru64 +symlink.tru64-shared: symlink.tru64 +link_o.tru64-shared-rpath: link_o.tru64-rpath +link_a.tru64-shared-rpath: link_a.tru64-rpath +link_app.tru64-shared-rpath: link_app.tru64-rpath +symlink.tru64-shared-rpath: symlink.tru64-rpath +link_o.solaris-shared: link_o.solaris +link_a.solaris-shared: link_a.solaris +link_app.solaris-shared: link_app.solaris +symlink.solaris-shared: symlink.solaris +link_o.svr3-shared: link_o.svr3 +link_a.svr3-shared: link_a.svr3 +link_app.svr3-shared: link_app.svr3 +symlink.svr3-shared: symlink.svr3 +link_o.svr5-shared: link_o.svr5 +link_a.svr5-shared: link_a.svr5 +link_app.svr5-shared: link_app.svr5 +symlink.svr5-shared: symlink.svr5 +link_o.irix-shared: link_o.irix +link_a.irix-shared: link_a.irix +link_app.irix-shared: link_app.irix +symlink.irix-shared: symlink.irix +link_o.hpux-shared: link_o.hpux +link_a.hpux-shared: link_a.hpux +link_app.hpux-shared: link_app.hpux +symlink.hpux-shared: symlink.hpux +link_o.aix-shared: link_o.aix +link_a.aix-shared: link_a.aix +link_app.aix-shared: link_app.aix +symlink.aix-shared: symlink.aix +link_o.reliantunix-shared: link_o.reliantunix +link_a.reliantunix-shared: link_a.reliantunix +link_app.reliantunix-shared: link_app.reliantunix +symlink.reliantunix-shared: symlink.reliantunix diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 496f59d..4cdfbf4 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,127 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: + + o Cipher string fixes. + o Fixes for VC++ 2005. + o Updated ECC cipher suite support. + o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). + o Zlib compression usage fixes. + o Built in dynamic engine compilation support on Win32. + o Fixes auto dynamic engine loading in Win32. + + Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: + + o Fix potential SSL 2.0 rollback, CAN-2005-2969 + o Extended Windows CE support + + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: + + o Major work on the BIGNUM library for higher efficiency and to + make operations more streamlined and less contradictory. This + is the result of a major audit of the BIGNUM library. + o Addition of BIGNUM functions for fields GF(2^m) and NIST + curves, to support the Elliptic Crypto functions. + o Major work on Elliptic Crypto; ECDH and ECDSA added, including + the use through EVP, X509 and ENGINE. + o New ASN.1 mini-compiler that's usable through the OpenSSL + configuration file. + o Added support for ASN.1 indefinite length constructed encoding. + o New PKCS#12 'medium level' API to manipulate PKCS#12 files. + o Complete rework of shared library construction and linking + programs with shared or static libraries, through a separate + Makefile.shared. + o Rework of the passing of parameters from one Makefile to another. + o Changed ENGINE framework to load dynamic engine modules + automatically from specifically given directories. + o New structure and ASN.1 functions for CertificatePair. + o Changed the ZLIB compression method to be stateful. + o Changed the key-generation and primality testing "progress" + mechanism to take a structure that contains the ticker + function and an argument. + o New engine module: GMP (performs private key exponentiation). + o New engine module: VIA PadLOck ACE extension in VIA C3 + Nehemiah processors. + o Added support for IPv6 addresses in certificate extensions. + See RFC 1884, section 2.2. + o Added support for certificate policy mappings, policy + constraints and name constraints. + o Added support for multi-valued AVAs in the OpenSSL + configuration file. + o Added support for multiple certificates with the same subject + in the 'openssl ca' index file. + o Make it possible to create self-signed certificates using + 'openssl ca -selfsign'. + o Make it possible to generate a serial number file with + 'openssl ca -create_serial'. + o New binary search functions with extended functionality. + o New BUF functions. + o New STORE structure and library to provide an interface to all + sorts of data repositories. Supports storage of public and + private keys, certificates, CRLs, numbers and arbitrary blobs. + This library is unfortunately unfinished and unused withing + OpenSSL. + o New control functions for the error stack. + o Changed the PKCS#7 library to support one-pass S/MIME + processing. + o Added the possibility to compile without old deprecated + functionality with the OPENSSL_NO_DEPRECATED macro or the + 'no-deprecated' argument to the config and Configure scripts. + o Constification of all ASN.1 conversion functions, and other + affected functions. + o Improved platform support for PowerPC. + o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). + o New X509_VERIFY_PARAM structure to support parametrisation + of X.509 path validation. + o Major overhaul of RC4 performance on Intel P4, IA-64 and + AMD64. + o Changed the Configure script to have some algorithms disabled + by default. Those can be explicitely enabled with the new + argument form 'enable-xxx'. + o Change the default digest in 'openssl' commands from MD5 to + SHA-1. + o Added support for DTLS. + o New BIGNUM blinding. + o Added support for the RSA-PSS encryption scheme + o Added support for the RSA X.931 padding. + o Added support for BSD sockets on NetWare. + o Added support for files larger than 2GB. + o Added initial support for Win64. + o Added alternate pkg-config files. + + Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: + + o Visual C++ 2005 fixes. + o Update Windows build system for FIPS. + + Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: + + o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. + + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: + + o Fix SSL 2.0 Rollback, CAN-2005-2969 + o Allow use of fixed-length exponent on DSA signing + o Default fixed-window RSA, DSA, DH private-key operations + + Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: + + o More compilation issues fixed. + o Adaptation to more modern Kerberos API. + o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. + o Enhanced x86_64 assembler BIGNUM module. + o More constification. + o Added processing of proxy certificates (RFC 3820). + + Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: + + o Several compilation issues fixed. + o Many memory allocation failure checks added. + o Improved comparison of X509 Name type. + o Mandatory basic checks on certificates. + o Performance improvements. + Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: o Fix race condition in CRL checking code. diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS index d6731b1..ed3c174 100644 --- a/crypto/openssl/PROBLEMS +++ b/crypto/openssl/PROBLEMS @@ -48,20 +48,34 @@ will interfere with each other and lead to test failure. The solution is simple for now: don't run parallell make when testing. -* Bugs in gcc 3.0 triggered +* Bugs in gcc triggered -According to a problem report, there are bugs in gcc 3.0 that are -triggered by some of the code in OpenSSL, more specifically in -PEM_get_EVP_CIPHER_INFO(). The triggering code is the following: +- According to a problem report, there are bugs in gcc 3.0 that are + triggered by some of the code in OpenSSL, more specifically in + PEM_get_EVP_CIPHER_INFO(). The triggering code is the following: header+=11; if (*header != '4') return(0); header++; if (*header != ',') return(0); header++; -What happens is that gcc might optimize a little too agressively, and -you end up with an extra incrementation when *header != '4'. + What happens is that gcc might optimize a little too agressively, and + you end up with an extra incrementation when *header != '4'. -We recommend that you upgrade gcc to as high a 3.x version as you can. + We recommend that you upgrade gcc to as high a 3.x version as you can. + +- According to multiple problem reports, some of our message digest + implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64 + and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while + latter - SHA one. + + The recomendation is to upgrade your compiler. This naturally applies to + other similar cases. + +- There is a subtle Solaris x86-specific gcc run-time environment bug, which + "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug + manifests itself as Segmentation Fault upon early application start-up. + The problem can be worked around by patching the environment according to + http://www.openssl.org/~appro/values.c. * solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler. @@ -90,15 +104,6 @@ failures in other parts of the code. Workaround: modify the target to +O2 when building with no-asm. -* Poor support for AIX shared builds. - -do_aix-shared rule is not flexible enough to parameterize through a -config-line. './Configure aix43-cc shared' is working, but not -'./Configure aix64-gcc shared'. In latter case make fails to create shared -libraries. It's possible to build 64-bit shared libraries by running -'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one -supporting even gcc shared builds. See RT#463 for background information. - * Problems building shared libraries on SCO OpenServer Release 5.0.6 with gcc 2.95.3 @@ -129,3 +134,64 @@ Any information helping to solve this issue would be deeply appreciated. NOTE: building non-shared doesn't come with this problem. + +* ULTRIX build fails with shell errors, such as "bad substitution" + and "test: argument expected" + +The problem is caused by ULTRIX /bin/sh supporting only original +Bourne shell syntax/semantics, and the trouble is that the vast +majority is so accustomed to more modern syntax, that very few +people [if any] would recognize the ancient syntax even as valid. +This inevitably results in non-trivial scripts breaking on ULTRIX, +and OpenSSL isn't an exclusion. Fortunately there is workaround, +hire /bin/ksh to do the job /bin/sh fails to do. + +1. Trick make(1) to use /bin/ksh by setting up following environ- + ment variables *prior* you execute ./Configure and make: + + PROG_ENV=POSIX + MAKESHELL=/bin/ksh + export PROG_ENV MAKESHELL + + or if your shell is csh-compatible: + + setenv PROG_ENV POSIX + setenv MAKESHELL /bin/ksh + +2. Trick /bin/sh to use alternative expression evaluator. Create + following 'test' script for example in /tmp: + + #!/bin/ksh + ${0##*/} "$@" + + Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend* + your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter- + natively just replace system /bin/test and /bin/[ with the + above script. + +* hpux64-ia64-cc fails blowfish test. + +Compiler bug, presumably at particular patch level. It should be noted +that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc +target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o. + +* no-engines generates errors. + +Unfortunately, the 'no-engines' configuration option currently doesn't +work properly. Use 'no-hw' and you'll will at least get no hardware +support. We'll see how we fix that on OpenSSL versions past 0.9.8. + +* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV] + if elder GNU binutils were deployed to link shared libcrypto.so. + +As subject suggests the failure is caused by a bug in elder binutils, +either as or ld, and was observed on FreeBSD and Linux. There are two +options. First is naturally to upgrade binutils, the second one - to +reconfigure with additional no-sse2 [or 386] option passed to ./config. + +* If configured with ./config no-dso, toolkit still gets linked with -ldl, + which most notably poses a problem when linking with dietlibc. + +We don't have framework to associate -ldl with no-dso, therefore the only +way is to edit Makefile right after ./config no-dso and remove -ldl from +EX_LIBS line. diff --git a/crypto/openssl/README b/crypto/openssl/README index 4d0cd83..48612bb 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.7e 25 Oct 2004 + OpenSSL 0.9.8b 04 May 2006 - Copyright (c) 1998-2004 The OpenSSL Project + Copyright (c) 1998-2005 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -14,13 +14,13 @@ protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the OpenSSL license plus the SSLeay license) situation, which basically means that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + purposes as long as you fulfill the conditions of both licenses. OVERVIEW -------- @@ -53,11 +53,11 @@ MDC2 message digest. A DES based hash that is popular on smart cards. Public Key - RSA encryption/decryption/generation. + RSA encryption/decryption/generation. There is no limit on the number of bits. - DSA encryption/decryption/generation. + DSA encryption/decryption/generation. There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. + Diffie-Hellman key-exchange/key generation. There is no limit on the number of bits. X.509v3 certificates @@ -80,16 +80,16 @@ A simple stack. A Configuration loader that uses a format similar to MS .ini files. - openssl: + openssl: A command line tool that can be used for: Creation of RSA, DH and DSA key parameters - Creation of X.509 certificates, CSRs and CRLs + Creation of X.509 certificates, CSRs and CRLs Calculation of Message Digests Encryption and Decryption with Ciphers SSL/TLS Client and Server Tests Handling of S/MIME signed or encrypted mail - + PATENTS ------- @@ -104,13 +104,15 @@ licensing conditions. Their web page is http://www.rsasecurity.com/. RC4 is a trademark of RSA Security, so use of this label should perhaps - only be used with RSA Security's permission. + only be used with RSA Security's permission. The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should be contacted if that algorithm is to be used; their web page is http://www.ascom.ch/. + The MDC2 algorithm is patented by IBM. + INSTALLATION ------------ @@ -129,7 +131,7 @@ or application author. We try to collect those in doc/PROBLEMS, with current thoughts on how they should be solved in a future of OpenSSL. - SUPPORT + SUPPORT ------- If you have any problems with OpenSSL then please take the following steps @@ -138,7 +140,7 @@ - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ to see if the problem has already been addressed - Remove ASM versions of libraries - - Remove compiler optimisation flags + - Remove compiler optimisation flags If you wish to report a bug then please include the following information in any bug report: @@ -191,3 +193,4 @@ # ./Configure dist; make clean # cd .. # diff -ur openssl-orig openssl-work > mydiffs.patch + diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl index a52a004..a3965ec 100755 --- a/crypto/openssl/apps/CA.pl +++ b/crypto/openssl/apps/CA.pl @@ -36,16 +36,26 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -58,19 +68,19 @@ foreach (@ARGV) { exit 0; } elsif (/^-newcert$/) { # create a certificate - system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); $RET=$?; - print "Certificate (and private key) is in newreq.pem\n" + print "Certificate is in newcert.pem, private key is in newkey.pem\n" } elsif (/^-newreq$/) { # create a certificate request - system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newreq-nodes$/) { # create a certificate request - system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -84,6 +94,9 @@ foreach (@ARGV) { mkdir "${CATOP}/private", $DIRMODE; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -98,22 +111,24 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } - if (! -f "${CATOP}/serial" ) { - system ("$X509 -in ${CATOP}/$CACERT -noout " - . "-next_serial -out ${CATOP}/serial"); - } } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . "-certfile ${CATOP}/$CACERT -out newcert.p12 " . "-export -name \"$cname\""); $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in index ae7d9c0..c783a6e 100644 --- a/crypto/openssl/apps/CA.pl.in +++ b/crypto/openssl/apps/CA.pl.in @@ -36,16 +36,26 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -58,19 +68,19 @@ foreach (@ARGV) { exit 0; } elsif (/^-newcert$/) { # create a certificate - system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); $RET=$?; - print "Certificate (and private key) is in newreq.pem\n" + print "Certificate is in newcert.pem, private key is in newkey.pem\n" } elsif (/^-newreq$/) { # create a certificate request - system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newreq-nodes$/) { # create a certificate request - system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -84,6 +94,9 @@ foreach (@ARGV) { mkdir "${CATOP}/private", $DIRMODE; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -98,22 +111,24 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } - if (! -f "${CATOP}/serial" ) { - system ("$X509 -in ${CATOP}/$CACERT -noout " - . "-next_serial -out ${CATOP}/serial"); - } } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . "-certfile ${CATOP}/$CACERT -out newcert.p12 " . "-export -name \"$cname\""); $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh index d9f3069..a0b20d8 100644 --- a/crypto/openssl/apps/CA.sh +++ b/crypto/openssl/apps/CA.sh @@ -30,14 +30,18 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored -DAYS="-days 365" -REQ="openssl req $SSLEAY_CONFIG" -CA="openssl ca $SSLEAY_CONFIG" -VERIFY="openssl verify" -X509="openssl x509" +if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi + +DAYS="-days 365" # 1 year +CADAYS="-days 1095" # 3 years +REQ="$OPENSSL req $SSLEAY_CONFIG" +CA="$OPENSSL ca $SSLEAY_CONFIG" +VERIFY="$OPENSSL verify" +X509="$OPENSSL x509" CATOP=./demoCA CAKEY=./cakey.pem +CAREQ=./careq.pem CACERT=./cacert.pem for i @@ -49,15 +53,15 @@ case $i in ;; -newcert) # create a certificate - $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS + $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS RET=$? - echo "Certificate (and private key) is in newreq.pem" + echo "Certificate is in newcert.pem, private key is in newkey.pem" ;; -newreq) # create a certificate request - $REQ -new -keyout newreq.pem -out newreq.pem $DAYS + $REQ -new -keyout newkey.pem -out newreq.pem $DAYS RET=$? - echo "Request (and private key) is in newreq.pem" + echo "Request is in newreq.pem, private key is in newkey.pem" ;; -newca) # if explicitly asked for or it doesn't exist then setup the directory @@ -70,7 +74,7 @@ case $i in mkdir ${CATOP}/crl mkdir ${CATOP}/newcerts mkdir ${CATOP}/private - echo "01" > ${CATOP}/serial + echo "00" > ${CATOP}/serial touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,8 +87,11 @@ case $i in RET=$? else echo "Making CA certificate ..." - $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ - -out ${CATOP}/$CACERT $DAYS + $REQ -new -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CAREQ + $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + -keyfile ${CATOP}/private/$CAKEY -selfsign \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi diff --git a/crypto/openssl/apps/Makefile b/crypto/openssl/apps/Makefile index b44c8fa..79ea8a7 100644 --- a/crypto/openssl/apps/Makefile +++ b/crypto/openssl/apps/Makefile @@ -7,11 +7,6 @@ TOP= .. CC= cc INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) CFLAG= -g -static -INSTALL_PREFIX= -INSTALLTOP= /usr/local/ssl -OPENSSLDIR= /usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile PERL= perl RM= rm -f @@ -36,12 +31,12 @@ LIBSSL=-L.. -lssl PROGRAM= openssl -SCRIPTS=CA.sh CA.pl der_chop +SCRIPTS=CA.sh CA.pl EXE= $(PROGRAM)$(EXE_EXT) E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ - ca crl rsa rsautl dsa dsaparam \ + ca crl rsa rsautl dsa dsaparam ec ecparam \ x509 genrsa gendsa s_server s_client speed \ s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ pkcs8 spkac smime rand engine ocsp prime @@ -57,17 +52,19 @@ RAND_SRC=app_rand.c E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \ ca.o pkcs7.o crl2p7.o crl.o \ - rsa.o rsautl.o dsa.o dsaparam.o \ + rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ - ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o + ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \ + ocsp.o prime.o E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ - rsa.c rsautl.c dsa.c dsaparam.c \ + rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ - ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c prime.c + ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \ + ocsp.c prime.c SRC=$(E_SRC) @@ -86,8 +83,13 @@ all: exe exe: $(EXE) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) - LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ - $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \ + link_app.$${shlib_target} sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -96,14 +98,15 @@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO install: - @for i in $(EXE); \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @set -e; for i in $(EXE); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; - @for i in $(SCRIPTS); \ + @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ @@ -125,7 +128,11 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) + @if [ -z "$(THIS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ + else \ + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + fi dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -143,23 +150,21 @@ $(DLIBCRYPTO): $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "darwin-shared" ] ; then \ + LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ else \ - LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ - $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi - if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \ - fi - -(cd ..; OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - $(PERL) tools/c_rehash certs) + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + -(cd ..; \ + OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \ + $(PERL) tools/c_rehash certs) progs.h: progs.pl $(PERL) progs.pl $(E_EXE) >progs.h @@ -167,1005 +172,729 @@ progs.h: progs.pl # DO NOT DELETE THIS LINE -- make depend depends on it. -app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h -app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h -app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h -app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h -app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h -app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h -app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h -app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h -app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h +app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h +app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c app_rand.o: apps.h -apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h -apps.o: ../include/openssl/cast.h ../include/openssl/conf.h -apps.o: ../include/openssl/crypto.h ../include/openssl/des.h -apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h -apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h +apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h -apps.o: ../include/openssl/evp.h ../include/openssl/idea.h -apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h -apps.o: ../include/openssl/md4.h ../include/openssl/md5.h -apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h -apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h -apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h +apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h -asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h -asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h -asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h -asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h -asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h -asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h -asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h -asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h -asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h +asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h +asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h +asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h -asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h asn1pars.o: asn1pars.c -ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ca.o: ../include/openssl/cast.h ../include/openssl/conf.h -ca.o: ../include/openssl/crypto.h ../include/openssl/des.h -ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h -ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ca.o: ../include/openssl/engine.h ../include/openssl/err.h -ca.o: ../include/openssl/evp.h ../include/openssl/idea.h -ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ca.o: ../include/openssl/md4.h ../include/openssl/md5.h -ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h -ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c -ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ca.o: ../include/openssl/sha.h ../include/openssl/stack.h +ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h ca.c +ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h -ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h -ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h -ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h -ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h +ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h +ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h +ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c -crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -crl.o: ../include/openssl/cast.h ../include/openssl/conf.h -crl.o: ../include/openssl/crypto.h ../include/openssl/des.h -crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h -crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -crl.o: ../include/openssl/engine.h ../include/openssl/err.h -crl.o: ../include/openssl/evp.h ../include/openssl/idea.h -crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h -crl.o: ../include/openssl/md4.h ../include/openssl/md5.h -crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h +crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +crl.o: ../include/openssl/err.h ../include/openssl/evp.h +crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h crl.o: ../include/openssl/sha.h ../include/openssl/stack.h crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h crl.o: ../include/openssl/x509v3.h apps.h crl.c -crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h -crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h -crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h -crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h -crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h -crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h -crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h -crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h -crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h +crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h +crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h crl2p7.o: crl2p7.c -dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h -dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h -dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h -dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dgst.o: ../include/openssl/engine.h ../include/openssl/err.h -dgst.o: ../include/openssl/evp.h ../include/openssl/hmac.h -dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h -dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h -dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h -dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dgst.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c -dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h +dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +dgst.o: ../include/openssl/err.h ../include/openssl/evp.h +dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c +dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dh.o: ../include/openssl/cast.h ../include/openssl/conf.h -dh.o: ../include/openssl/crypto.h ../include/openssl/des.h -dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h -dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dh.o: ../include/openssl/engine.h ../include/openssl/err.h -dh.o: ../include/openssl/evp.h ../include/openssl/idea.h -dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h -dh.o: ../include/openssl/md4.h ../include/openssl/md5.h -dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h +dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h +dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +dh.o: ../include/openssl/err.h ../include/openssl/evp.h +dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h dh.o: ../include/openssl/sha.h ../include/openssl/stack.h dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c -dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dsa.o: ../include/openssl/engine.h ../include/openssl/err.h -dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +dsa.o: ../include/openssl/err.h ../include/openssl/evp.h +dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c -dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h -dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h -dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h -dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h +dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h -dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h -dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h -dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h -dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h +dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h +dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -dsaparam.o: dsaparam.c -enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h -enc.o: ../include/openssl/cast.h ../include/openssl/conf.h -enc.o: ../include/openssl/crypto.h ../include/openssl/des.h -enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h -enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -enc.o: ../include/openssl/engine.h ../include/openssl/err.h -enc.o: ../include/openssl/evp.h ../include/openssl/idea.h -enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h -enc.o: ../include/openssl/md4.h ../include/openssl/md5.h -enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c +ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h +ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ec.o: ../include/openssl/err.h ../include/openssl/evp.h +ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ec.o: ../include/openssl/sha.h ../include/openssl/stack.h +ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c +ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h +ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c +enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h +enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +enc.o: ../include/openssl/err.h ../include/openssl/evp.h +enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -enc.o: ../include/openssl/sha.h ../include/openssl/stack.h -enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c -engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +enc.o: ../include/openssl/x509_vfy.h apps.h enc.c +engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h -engine.o: ../include/openssl/cast.h ../include/openssl/comp.h -engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h -engine.o: ../include/openssl/des.h ../include/openssl/des_old.h -engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h -engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -engine.o: ../include/openssl/err.h ../include/openssl/evp.h -engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h -engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h -engine.o: ../include/openssl/md4.h ../include/openssl/md5.h -engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +engine.o: ../include/openssl/comp.h ../include/openssl/conf.h +engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +engine.o: ../include/openssl/engine.h ../include/openssl/err.h +engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h +engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h -engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h engine.o: ../include/openssl/x509_vfy.h apps.h engine.c -errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h -errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h -errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h -errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -errstr.o: ../include/openssl/err.h ../include/openssl/evp.h -errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h -errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h +errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +errstr.o: ../include/openssl/engine.h ../include/openssl/err.h +errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h +errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c -gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h -gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h -gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h -gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h -gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h +gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h +gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h gendh.o: ../include/openssl/engine.h ../include/openssl/err.h -gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h -gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h -gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h -gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h +gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h +gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h +gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendh.o: ../include/openssl/stack.h ../include/openssl/store.h gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c -gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c +gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h -gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h +gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendsa.o: gendsa.c -genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h -genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h +genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h -genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h +genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -genrsa.o: genrsa.c -nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h -nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h -nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h -nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h -nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -nseq.o: ../include/openssl/engine.h ../include/openssl/err.h -nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h -nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h -nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h -nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c +nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h +nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +nseq.o: ../include/openssl/err.h ../include/openssl/evp.h +nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h -nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c -ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h -ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h -ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h -ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h -ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h -ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h +ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h +ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h +ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h -ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c -openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h -openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h -openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h -openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h -openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/fips.h ../include/openssl/idea.h -openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h -openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/rand.h ../include/openssl/rc2.h -openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -openssl.o: openssl.c progs.h s_apps.h -passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h -passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h +openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h +openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +openssl.o: ../include/openssl/engine.h ../include/openssl/err.h +openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h -passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h -passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -passwd.o: ../include/openssl/engine.h ../include/openssl/err.h -passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h -passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h -passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h -passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +passwd.o: ../include/openssl/err.h ../include/openssl/evp.h +passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h +passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h passwd.o: passwd.c -pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h -pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h -pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h -pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h -pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h -pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h -pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h -pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h -pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h -pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c -pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h -pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h -pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h -pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h -pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h -pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h -pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h -pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h -pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c -pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h -pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h -pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h -pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h -pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h -pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h -pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h -pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h -pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h -pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c -prime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -prime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h -prime.o: ../include/openssl/cast.h ../include/openssl/conf.h -prime.o: ../include/openssl/crypto.h ../include/openssl/des.h -prime.o: ../include/openssl/des_old.h ../include/openssl/dh.h -prime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -prime.o: ../include/openssl/engine.h ../include/openssl/err.h -prime.o: ../include/openssl/evp.h ../include/openssl/idea.h -prime.o: ../include/openssl/lhash.h ../include/openssl/md2.h -prime.o: ../include/openssl/md4.h ../include/openssl/md5.h -prime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h +prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +prime.o: ../include/openssl/engine.h ../include/openssl/evp.h +prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -prime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -prime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -prime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -prime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h prime.o: ../include/openssl/sha.h ../include/openssl/stack.h prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -prime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c -rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h -rand.o: ../include/openssl/cast.h ../include/openssl/conf.h -rand.o: ../include/openssl/crypto.h ../include/openssl/des.h -rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h -rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -rand.o: ../include/openssl/engine.h ../include/openssl/err.h -rand.o: ../include/openssl/evp.h ../include/openssl/idea.h -rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h -rand.o: ../include/openssl/md4.h ../include/openssl/md5.h -rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h +rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +rand.o: ../include/openssl/err.h ../include/openssl/evp.h +rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c -req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h -req.o: ../include/openssl/asn1.h ../include/openssl/bio.h -req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rand.o: ../include/openssl/x509_vfy.h apps.h rand.c +req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/bn.h ../include/openssl/buffer.h req.o: ../include/openssl/conf.h ../include/openssl/crypto.h -req.o: ../include/openssl/des.h ../include/openssl/des_old.h req.o: ../include/openssl/dh.h ../include/openssl/dsa.h -req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -req.o: ../include/openssl/err.h ../include/openssl/evp.h -req.o: ../include/openssl/idea.h ../include/openssl/lhash.h -req.o: ../include/openssl/md2.h ../include/openssl/md4.h -req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +req.o: ../include/openssl/engine.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/lhash.h req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rc2.h -req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +req.o: ../include/openssl/rand.h ../include/openssl/rsa.h req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +req.o: ../include/openssl/stack.h ../include/openssl/store.h +req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +req.o: ../include/openssl/ui.h ../include/openssl/x509.h req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c -rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h -rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h +rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h rsa.o: ../include/openssl/engine.h ../include/openssl/err.h -rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c -rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h -rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h -rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h -rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h -rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h -rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h -rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h -rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h +rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h +rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -rsautl.o: rsautl.c -s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c +s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h -s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h +s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c -s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_client.o: ../include/openssl/err.h ../include/openssl/evp.h -s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_client.o: ../include/openssl/engine.h ../include/openssl/err.h +s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c -s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: s_apps.h s_client.c timeouts.h +s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_server.o: ../include/openssl/err.h ../include/openssl/evp.h -s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h +s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_server.o: ../include/openssl/engine.h ../include/openssl/err.h +s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c -s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h +s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h -s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c -s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h +s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_socket.o: s_apps.h s_socket.c +s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_time.o: ../include/openssl/err.h ../include/openssl/evp.h -s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_time.o: ../include/openssl/engine.h ../include/openssl/err.h +s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c -sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h -sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h -sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h -sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h -sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h -sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h -sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h -sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h -sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h +sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h +sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h +sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h -sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c -smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h -smime.o: ../include/openssl/cast.h ../include/openssl/conf.h -smime.o: ../include/openssl/crypto.h ../include/openssl/des.h -smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h -smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -smime.o: ../include/openssl/engine.h ../include/openssl/err.h -smime.o: ../include/openssl/evp.h ../include/openssl/idea.h -smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h -smime.o: ../include/openssl/md4.h ../include/openssl/md5.h -smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h +smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +smime.o: ../include/openssl/err.h ../include/openssl/evp.h +smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h -smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h smime.o: ../include/openssl/sha.h ../include/openssl/stack.h smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c +smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +smime.o: ../include/openssl/x509v3.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h speed.o: ../include/openssl/cast.h ../include/openssl/conf.h speed.o: ../include/openssl/crypto.h ../include/openssl/des.h -speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h -speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h +speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h speed.o: ../include/openssl/engine.h ../include/openssl/err.h speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h speed.o: ../include/openssl/md2.h ../include/openssl/md4.h -speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h -speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h -spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h -spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h -spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h -spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h -spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -spkac.o: ../include/openssl/engine.h ../include/openssl/err.h -spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h -spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h -spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h -spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h +spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +spkac.o: ../include/openssl/err.h ../include/openssl/evp.h +spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h -spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c -verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h -verify.o: ../include/openssl/cast.h ../include/openssl/conf.h -verify.o: ../include/openssl/crypto.h ../include/openssl/des.h -verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h -verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -verify.o: ../include/openssl/engine.h ../include/openssl/err.h -verify.o: ../include/openssl/evp.h ../include/openssl/idea.h -verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h -verify.o: ../include/openssl/md4.h ../include/openssl/md5.h -verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h +verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +verify.o: ../include/openssl/err.h ../include/openssl/evp.h +verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h -verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h verify.o: ../include/openssl/sha.h ../include/openssl/stack.h verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h verify.o: ../include/openssl/x509v3.h apps.h verify.c -version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -version.o: ../include/openssl/bn.h ../include/openssl/buffer.h -version.o: ../include/openssl/cast.h ../include/openssl/conf.h +version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +version.o: ../include/openssl/buffer.h ../include/openssl/conf.h version.o: ../include/openssl/crypto.h ../include/openssl/des.h -version.o: ../include/openssl/des_old.h ../include/openssl/dh.h -version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -version.o: ../include/openssl/engine.h ../include/openssl/err.h +version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h version.o: ../include/openssl/evp.h ../include/openssl/idea.h version.o: ../include/openssl/lhash.h ../include/openssl/md2.h -version.o: ../include/openssl/md4.h ../include/openssl/md5.h -version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h version.o: ../include/openssl/sha.h ../include/openssl/stack.h version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h version.o: version.c -x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h -x509.o: ../include/openssl/cast.h ../include/openssl/conf.h -x509.o: ../include/openssl/crypto.h ../include/openssl/des.h -x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h +x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -x509.o: ../include/openssl/engine.h ../include/openssl/err.h -x509.o: ../include/openssl/evp.h ../include/openssl/idea.h -x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h -x509.o: ../include/openssl/md4.h ../include/openssl/md5.h -x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +x509.o: ../include/openssl/err.h ../include/openssl/evp.h +x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h -x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -x509.o: ../include/openssl/sha.h ../include/openssl/stack.h -x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -x509.o: ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h +x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index b747e2d..613c3ba 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -125,13 +125,17 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#ifndef OPENSSL_NO_RSA +#include +#endif +#include #define NON_MAIN #include "apps.h" #undef NON_MAIN typedef struct { - char *name; + const char *name; unsigned long flag; unsigned long mask; } NAME_EX_TBL; @@ -250,7 +254,7 @@ int str2fmt(char *s) return(FORMAT_UNDEF); } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE) void program_name(char *in, char *out, int size) { int i,n; @@ -269,12 +273,23 @@ void program_name(char *in, char *out, int size) if (p == NULL) p=in; n=strlen(p); + +#if defined(OPENSSL_SYS_NETWARE) + /* strip off trailing .nlm if present. */ + if ((n > 4) && (p[n-4] == '.') && + ((p[n-3] == 'n') || (p[n-3] == 'N')) && + ((p[n-2] == 'l') || (p[n-2] == 'L')) && + ((p[n-1] == 'm') || (p[n-1] == 'M'))) + n-=4; +#else /* strip off trailing .exe if present. */ if ((n > 4) && (p[n-4] == '.') && ((p[n-3] == 'e') || (p[n-3] == 'E')) && ((p[n-2] == 'x') || (p[n-2] == 'X')) && ((p[n-1] == 'e') || (p[n-1] == 'E'))) n-=4; +#endif + if (n > size-1) n=size-1; @@ -330,22 +345,6 @@ void program_name(char *in, char *out, int size) #endif #endif -#ifdef OPENSSL_SYS_VMS -int VMS_strcasecmp(const char *str1, const char *str2) - { - while (*str1 && *str2) - { - int res = toupper(*str1) - toupper(*str2); - if (res) return res < 0 ? -1 : 1; - } - if (*str1) - return 1; - if (*str2) - return -1; - return 0; - } -#endif - int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { int num,len,i; @@ -377,10 +376,17 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) /* The start of something good :-) */ if (num >= arg->count) { - arg->count+=20; - arg->data=(char **)OPENSSL_realloc(arg->data, - sizeof(char *)*arg->count); - if (argc == 0) return(0); + char **tmp_p; + int tlen = arg->count + 20; + tmp_p = (char **)OPENSSL_realloc(arg->data, + sizeof(char *)*tlen); + if (tmp_p == NULL) + return 0; + arg->data = tmp_p; + arg->count = tlen; + /* initialize newly allocated data */ + for (i = num; i < arg->count; i++) + arg->data[i] = NULL; } arg->data[num++]=p; @@ -542,7 +548,7 @@ int password_callback(char *buf, int bufsiz, int verify, char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", - cb_data->prompt_info); + prompt_info); ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -691,6 +697,51 @@ int add_oid_section(BIO *err, CONF *conf) return 1; } +static int load_pkcs12(BIO *err, BIO *in, const char *desc, + pem_password_cb *pem_cb, void *cb_data, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) + { + const char *pass; + char tpass[PEM_BUFSIZE]; + int len, ret = 0; + PKCS12 *p12; + p12 = d2i_PKCS12_bio(in, NULL); + if (p12 == NULL) + { + BIO_printf(err, "Error loading PKCS12 file for %s\n", desc); + goto die; + } + /* See if an empty password will do */ + if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) + pass = ""; + else + { + if (!pem_cb) + pem_cb = (pem_password_cb *)password_callback; + len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); + if (len < 0) + { + BIO_printf(err, "Passpharse callback error for %s\n", + desc); + goto die; + } + if (len < PEM_BUFSIZE) + tpass[len] = 0; + if (!PKCS12_verify_mac(p12, tpass, len)) + { + BIO_printf(err, + "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc); + goto die; + } + pass = tpass; + } + ret = PKCS12_parse(p12, pass, pkey, cert, ca); + die: + if (p12) + PKCS12_free(p12); + return ret; + } + X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip) { @@ -725,7 +776,7 @@ X509 *load_cert(BIO *err, const char *file, int format, x=d2i_X509_bio(cert,NULL); else if (format == FORMAT_NETSCAPE) { - unsigned char *p,*op; + const unsigned char *p,*op; int size=0,i; /* We sort of have to do it this way because it is sort of nice @@ -771,11 +822,9 @@ X509 *load_cert(BIO *err, const char *file, int format, (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { - PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL); - - PKCS12_parse(p12, NULL, NULL, &x, NULL); - PKCS12_free(p12); - p12 = NULL; + if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL, + NULL, &x, NULL)) + goto end; } else { BIO_printf(err,"bad input format specified for %s\n", @@ -854,11 +903,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, #endif else if (format == FORMAT_PKCS12) { - PKCS12 *p12 = d2i_PKCS12_bio(key, NULL); - - PKCS12_parse(p12, pass, &pkey, NULL, NULL); - PKCS12_free(p12); - p12 = NULL; + if (!load_pkcs12(err, key, key_descrip, + (pem_password_cb *)password_callback, &cb_data, + &pkey, NULL, NULL)) + goto end; } else { @@ -1230,7 +1278,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T return 0; } -void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) +void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags) { char *buf; char mline = 0; @@ -1565,8 +1613,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) { if (errno != ENOENT #ifdef ENOTDIR - && errno != ENOTDIR) + && errno != ENOTDIR #endif + ) goto err; } else @@ -1697,23 +1746,10 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); if (p) { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - retdb->attributes.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - retdb->attributes.unique_subject = 1; - break; - } +#endif + retdb->attributes.unique_subject = parse_yesno(p,1); } } @@ -1748,7 +1784,7 @@ int index_index(CA_DB *db) return 1; } -int save_index(char *dbfile, char *suffix, CA_DB *db) +int save_index(const char *dbfile, const char *suffix, CA_DB *db) { char buf[3][BSIZE]; BIO *out = BIO_new(BIO_s_file()); @@ -1815,7 +1851,7 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) return 0; } -int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) +int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) { char buf[5][BSIZE]; int i,j; @@ -1867,8 +1903,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) { if (errno != ENOENT #ifdef ENOTDIR - && errno != ENOTDIR) + && errno != ENOTDIR #endif + ) goto err; } else @@ -1903,8 +1940,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) { if (errno != ENOENT #ifdef ENOTDIR - && errno != ENOTDIR) + && errno != ENOTDIR #endif + ) goto err; } else @@ -1953,9 +1991,174 @@ void free_index(CA_DB *db) } } +int parse_yesno(const char *str, int def) + { + int ret = def; + if (str) + { + switch (*str) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ + ret = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ + ret = 0; + break; + default: + ret = def; + break; + } + } + return ret; + } + +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +X509_NAME *parse_name(char *subject, long chtype, int multirdn) + { + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); + + char *sp = subject, *bp = buf; + int i, ne_num = 0; + + X509_NAME *n = NULL; + int nid; + + if (!buf || !ne_types || !ne_values) + { + BIO_printf(bio_err, "malloc error\n"); + goto error; + } + + if (*subject != '/') + { + BIO_printf(bio_err, "Subject does not start with '/'.\n"); + goto error; + } + sp++; /* skip leading / */ + + /* no multivalued RDN by default */ + mval[ne_num] = 0; + + while (*sp) + { + /* collect type */ + ne_types[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') /* is there anything to escape in the type...? */ + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '=') + { + sp++; + *bp++ = '\0'; + break; + } + else + *bp++ = *sp++; + } + if (!*sp) + { + BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); + goto error; + } + ne_values[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '/') + { + sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; + break; + } + else + *bp++ = *sp++; + } + *bp++ = '\0'; + ne_num++; + } + + if (!(n = X509_NAME_new())) + goto error; + + for (i = 0; i < ne_num; i++) + { + if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) + { + BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); + continue; + } + + if (!*ne_values[i]) + { + BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); + continue; + } + + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) + goto error; + } + + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); + return n; + +error: + X509_NAME_free(n); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); + return NULL; +} + /* This code MUST COME AFTER anything that uses rename() */ #ifdef OPENSSL_SYS_WIN32 -int WIN32_rename(char *from, char *to) +int WIN32_rename(const char *from, const char *to) { #ifndef OPENSSL_SYS_WINCE /* Windows rename gives an error if 'to' exists, so delete it @@ -1991,3 +2194,142 @@ int WIN32_rename(char *from, char *to) #endif } #endif + +int args_verify(char ***pargs, int *pargc, + int *badarg, BIO *err, X509_VERIFY_PARAM **pm) + { + ASN1_OBJECT *otmp = NULL; + unsigned long flags = 0; + int i; + int purpose = 0; + char **oldargs = *pargs; + char *arg = **pargs, *argn = (*pargs)[1]; + if (!strcmp(arg, "-policy")) + { + if (!argn) + *badarg = 1; + else + { + otmp = OBJ_txt2obj(argn, 0); + if (!otmp) + { + BIO_printf(err, "Invalid Policy \"%s\"\n", + argn); + *badarg = 1; + } + } + (*pargs)++; + } + else if (strcmp(arg,"-purpose") == 0) + { + X509_PURPOSE *xptmp; + if (!argn) + *badarg = 1; + else + { + i = X509_PURPOSE_get_by_sname(argn); + if(i < 0) + { + BIO_printf(err, "unrecognized purpose\n"); + *badarg = 1; + } + else + { + xptmp = X509_PURPOSE_get0(i); + purpose = X509_PURPOSE_get_id(xptmp); + } + } + (*pargs)++; + } + else if (!strcmp(arg, "-ignore_critical")) + flags |= X509_V_FLAG_IGNORE_CRITICAL; + else if (!strcmp(arg, "-issuer_checks")) + flags |= X509_V_FLAG_CB_ISSUER_CHECK; + else if (!strcmp(arg, "-crl_check")) + flags |= X509_V_FLAG_CRL_CHECK; + else if (!strcmp(arg, "-crl_check_all")) + flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + else if (!strcmp(arg, "-policy_check")) + flags |= X509_V_FLAG_POLICY_CHECK; + else if (!strcmp(arg, "-explicit_policy")) + flags |= X509_V_FLAG_EXPLICIT_POLICY; + else if (!strcmp(arg, "-x509_strict")) + flags |= X509_V_FLAG_X509_STRICT; + else if (!strcmp(arg, "-policy_print")) + flags |= X509_V_FLAG_NOTIFY_POLICY; + else + return 0; + + if (*badarg) + { + if (*pm) + X509_VERIFY_PARAM_free(*pm); + *pm = NULL; + goto end; + } + + if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) + { + *badarg = 1; + goto end; + } + + if (otmp) + X509_VERIFY_PARAM_add0_policy(*pm, otmp); + if (flags) + X509_VERIFY_PARAM_set_flags(*pm, flags); + + if (purpose) + X509_VERIFY_PARAM_set_purpose(*pm, purpose); + + end: + + (*pargs)++; + + if (pargc) + *pargc -= *pargs - oldargs; + + return 1; + + } + +static void nodes_print(BIO *out, const char *name, + STACK_OF(X509_POLICY_NODE) *nodes) + { + X509_POLICY_NODE *node; + int i; + BIO_printf(out, "%s Policies:", name); + if (nodes) + { + BIO_puts(out, "\n"); + for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) + { + node = sk_X509_POLICY_NODE_value(nodes, i); + X509_POLICY_NODE_print(out, node, 2); + } + } + else + BIO_puts(out, " \n"); + } + +void policies_print(BIO *out, X509_STORE_CTX *ctx) + { + X509_POLICY_TREE *tree; + int explicit_policy; + int free_out = 0; + if (out == NULL) + { + out = BIO_new_fp(stderr, BIO_NOCLOSE); + free_out = 1; + } + tree = X509_STORE_CTX_get0_policy_tree(ctx); + explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); + + BIO_printf(out, "Require explicit Policy: %s\n", + explicit_policy ? "True" : "False"); + + nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); + nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); + if (free_out) + BIO_free(out); + } diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h index 4320410..26dcbc5 100644 --- a/crypto/openssl/apps/apps.h +++ b/crypto/openssl/apps/apps.h @@ -114,9 +114,7 @@ #include "e_os.h" -#include #include -#include #include #include #include @@ -138,7 +136,7 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, #ifdef OPENSSL_SYS_WIN32 #define rename(from,to) WIN32_rename((from),(to)) -int WIN32_rename(char *oldname,char *newname); +int WIN32_rename(const char *oldname,const char *newname); #endif #ifndef MONOLITH @@ -148,11 +146,9 @@ int WIN32_rename(char *oldname,char *newname); #ifndef NON_MAIN CONF *config=NULL; BIO *bio_err=NULL; -int in_FIPS_mode=0; #else extern CONF *config; extern BIO *bio_err; -extern int in_FIPS_mode; #endif #else @@ -161,11 +157,12 @@ extern int in_FIPS_mode; extern CONF *config; extern char *default_config_file; extern BIO *bio_err; -extern int in_FIPS_mode; #endif +#ifndef OPENSSL_SYS_NETWARE #include +#endif #ifdef SIGPIPE #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) @@ -257,7 +254,7 @@ void program_name(char *in,char *out,int size); int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); #ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); -void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags); +void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); #endif int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); @@ -283,7 +280,7 @@ char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, char *str); + ASN1_GENERALIZEDTIME **pinvtm, const char *str); #define DB_type 0 #define DB_exp_date 1 @@ -313,12 +310,16 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); -int save_index(char *dbfile, char *suffix, CA_DB *db); -int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); +int save_index(const char *dbfile, const char *suffix, CA_DB *db); +int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); +int parse_yesno(const char *str, int def); -X509_NAME *do_subject(char *str, long chtype); +X509_NAME *parse_name(char *str, long chtype, int multirdn); +int args_verify(char ***pargs, int *pargc, + int *badarg, BIO *err, X509_VERIFY_PARAM **pm); +void policies_print(BIO *out, X509_STORE_CTX *ctx); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c index c89b358..b1a7c8e 100644 --- a/crypto/openssl/apps/asn1pars.c +++ b/crypto/openssl/apps/asn1pars.c @@ -82,6 +82,8 @@ int MAIN(int, char **); +static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); + int MAIN(int argc, char **argv) { int i,badops=0,offset=0,ret=1,j; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; int informat,indent=0, noout = 0, dump = 0; char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; + char *genstr=NULL, *genconf=NULL; unsigned char *tmpbuf; + const unsigned char *ctmpbuf; BUF_MEM *buf=NULL; STACK *osk=NULL; ASN1_TYPE *at=NULL; @@ -167,6 +171,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; sk_push(osk,*(++argv)); } + else if (strcmp(*argv,"-genstr") == 0) + { + if (--argc < 1) goto bad; + genstr= *(++argv); + } + else if (strcmp(*argv,"-genconf") == 0) + { + if (--argc < 1) goto bad; + genconf= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -182,7 +196,7 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] data[num]),BUFSIZ); - if (i <= 0) break; - num+=i; + + if (informat == FORMAT_PEM) + { + BIO *tmp; + + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + BIO_push(b64,in); + tmp=in; + in=b64; + b64=tmp; + } + + num=0; + for (;;) + { + if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; + i=BIO_read(in,&(buf->data[num]),BUFSIZ); + if (i <= 0) break; + num+=i; + } } str=buf->data; @@ -278,8 +308,8 @@ bad: tmplen=num; for (i=0; idata; + + i2d_ASN1_TYPE(atyp, &p); + + ASN1_TYPE_free(atyp); + return len; + + conferr: + + if (errline > 0) + BIO_printf(bio, "Error on line %ld of config file '%s'\n", + errline, genconf); + else + BIO_printf(bio, "Error loading config file '%s'\n", genconf); + + err: + NCONF_free(cnf); + ASN1_TYPE_free(atyp); + + return -1; + + } diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index cacacb6..210b5e1 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -83,7 +83,7 @@ # else # include # endif -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) # include # endif #endif @@ -105,6 +105,9 @@ #define ENV_DEFAULT_CA "default_ca" +#define STRING_MASK "string_mask" +#define UTF8_IN "utf8" + #define ENV_DIR "dir" #define ENV_CERTS "certs" #define ENV_CRL_DIR "crl_dir" @@ -131,6 +134,7 @@ #define ENV_NAMEOPT "name_opt" #define ENV_CERTOPT "cert_opt" #define ENV_EXTCOPY "copy_extensions" +#define ENV_UNIQUE_SUBJECT "unique_subject" #define ENV_DATABASE "database" @@ -142,7 +146,7 @@ #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ -static char *ca_usage[]={ +static const char *ca_usage[]={ "usage: ca args\n", "\n", " -verbose - Talk alot while doing things\n", @@ -160,6 +164,7 @@ static char *ca_usage[]={ " -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", +" -selfsign - sign a certificate with the key associated with it\n", " -in file - The input PEM encoded certificate request(s)\n", " -out file - Where to put the output file(s)\n", " -outdir dir - Where to put output certificates\n", @@ -172,6 +177,8 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -subj arg - Use arg instead of request's subject\n", +" -utf8 - input characters are UTF8 (default ASCII)\n", +" -multivalue-rdn - enable support for multivalued RDNs\n", " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", @@ -189,40 +196,40 @@ extern int EF_PROTECT_BELOW; extern int EF_ALIGNMENT; #endif -static void lookup_fail(char *name,char *tag); +static void lookup_fail(const char *name, const char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy); + int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy); + int ext_copy, int selfsign); static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); -int make_revoked(X509_REVOKED *rev, char *str); +int make_revoked(X509_REVOKED *rev, const char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); static CONF *conf=NULL; static CONF *extconf=NULL; @@ -272,6 +279,8 @@ int MAIN(int argc, char **argv) char *extensions=NULL; char *extfile=NULL; char *subj=NULL; + unsigned long chtype = MBSTRING_ASC; + int multirdn = 0; char *tmp_email_dn=NULL; char *crl_ext=NULL; int rev_type = REV_NONE; @@ -286,7 +295,8 @@ int MAIN(int argc, char **argv) unsigned long nameopt = 0, certopt = 0; int default_op = 1; int ext_copy = EXT_COPY_NONE; - X509 *x509=NULL; + int selfsign = 0; + X509 *x509=NULL, *x509p = NULL; X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; @@ -295,7 +305,8 @@ int MAIN(int argc, char **argv) X509_REVOKED *r=NULL; ASN1_TIME *tmptm; ASN1_INTEGER *tmpser; - char **pp,*p,*f; + char *f; + const char *p, **pp; int i,j; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; @@ -350,6 +361,12 @@ EF_ALIGNMENT=0; subj= *(++argv); /* preserve=1; */ } + else if (strcmp(*argv,"-utf8") == 0) + chtype = MBSTRING_UTF8; + else if (strcmp(*argv,"-create_serial") == 0) + create_ser = 1; + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-startdate") == 0) { if (--argc < 1) goto bad; @@ -400,6 +417,8 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; certfile= *(++argv); } + else if (strcmp(*argv,"-selfsign") == 0) + selfsign=1; else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; @@ -633,29 +652,31 @@ bad: ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); + f = NCONF_get_string(conf, section, STRING_MASK); + if (!f) + ERR_clear_error(); + + if(f && !ASN1_STRING_set_default_mask_asc(f)) { + BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); + goto err; + } + + if (chtype != MBSTRING_UTF8){ + f = NCONF_get_string(conf, section, UTF8_IN); + if (!f) + ERR_clear_error(); + else if (!strcmp(f, "yes")) + chtype = MBSTRING_UTF8; + } + db_attr.unique_subject = 1; - p = NCONF_get_string(conf, section, "unique_subject"); + p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) { #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - db_attr.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - db_attr.unique_subject = 1; - break; - } + db_attr.unique_subject = parse_yesno(p,1); } else ERR_clear_error(); @@ -699,7 +720,7 @@ bad: } /*****************************************************************/ - /* we definitely need a public key, so let's get it */ + /* we definitely need a private key, so let's get it */ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) @@ -727,22 +748,27 @@ bad: /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, - section,ENV_CERTIFICATE)) == NULL)) + if (!selfsign || spkac_file || ss_cert_file || gencrl) { - lookup_fail(section,ENV_CERTIFICATE); - goto err; - } - x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, - "CA certificate"); - if (x509 == NULL) - goto err; + if ((certfile == NULL) + && ((certfile=NCONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, + "CA certificate"); + if (x509 == NULL) + goto err; - if (!X509_check_private_key(x509,pkey)) - { - BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); - goto err; + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } } + if (!selfsign) x509p = x509; f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if (f == NULL) @@ -856,7 +882,7 @@ bad: /* Lets check some fields */ for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->db->data,i); + pp=(const char **)sk_value(db->db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { @@ -869,7 +895,7 @@ bad: BIO_printf(bio_err," in entry %d\n", i+1); goto err; } - if (!check_time_format(pp[DB_exp_date])) + if (!check_time_format((char *)pp[DB_exp_date])) { BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); goto err; @@ -943,7 +969,6 @@ bad: if (verbose) BIO_printf(bio_err, "Done. %d entries marked as expired\n",i); } - goto err; } /*****************************************************************/ @@ -994,25 +1019,27 @@ bad: } } + if ((md == NULL) && ((md=NCONF_get_string(conf, + section,ENV_DEFAULT_MD)) == NULL)) + { + lookup_fail(section,ENV_DEFAULT_MD); + goto err; + } + + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + if (req) { - if ((md == NULL) && ((md=NCONF_get_string(conf, - section,ENV_DEFAULT_MD)) == NULL)) - { - lookup_fail(section,ENV_DEFAULT_MD); - goto err; - } if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, section,ENV_DEFAULT_EMAIL_DN)) != NULL )) { if(strcmp(tmp_email_dn,"no") == 0) email_dn=0; } - if ((dgst=EVP_get_digestbyname(md)) == NULL) - { - BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); - goto err; - } if (verbose) BIO_printf(bio_err,"message digest is %s\n", OBJ_nid2ln(dgst->type)); @@ -1131,7 +1158,7 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,extensions, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) @@ -1155,7 +1182,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,subj,email_dn,startdate,enddate,days,batch, + db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); if (j < 0) goto err; @@ -1174,10 +1201,10 @@ bad: if (infile != NULL) { total++; - j=certify(&x,infile,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + j=certify(&x,infile,pkey,x509p,dgst,attribs,db, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, - default_op, ext_copy); + default_op, ext_copy, selfsign); if (j < 0) goto err; if (j > 0) { @@ -1194,10 +1221,10 @@ bad: for (i=0; i 0) { @@ -1248,7 +1275,7 @@ bad: x=sk_X509_value(cert_sk,i); j=x->cert_info->serialNumber->length; - p=(char *)x->cert_info->serialNumber->data; + p=(const char *)x->cert_info->serialNumber->data; if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) { @@ -1369,7 +1396,7 @@ bad: for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->db->data,i); + pp=(const char **)sk_value(db->db->data,i); if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; @@ -1395,23 +1422,15 @@ bad: /* we now have a CRL */ if (verbose) BIO_printf(bio_err,"signing CRL\n"); - if (md != NULL) - { - if ((dgst=EVP_get_digestbyname(md)) == NULL) - { - BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); - goto err; - } - } - else - { #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - dgst=EVP_dss1(); - else + if (pkey->type == EVP_PKEY_DSA) + dgst=EVP_dss1(); + else +#endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + dgst=EVP_ecdsa(); #endif - dgst=EVP_md5(); - } /* Add any extensions asked for */ @@ -1498,7 +1517,7 @@ err: BN_free(serial); free_index(db); EVP_PKEY_free(pkey); - X509_free(x509); + if (x509) X509_free(x509); X509_CRL_free(crl); NCONF_free(conf); OBJ_cleanup(); @@ -1506,17 +1525,17 @@ err: OPENSSL_EXIT(ret); } -static void lookup_fail(char *name, char *tag) +static void lookup_fail(const char *name, const char *tag) { BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_REQ *req=NULL; BIO *in=NULL; @@ -1541,6 +1560,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err,"Check that the request matches the signature\n"); + if (selfsign && !X509_REQ_check_private_key(req,pkey)) + { + BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); + ok=0; + goto err; + } if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); @@ -1563,9 +1588,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, - certopt, nameopt, default_op, ext_copy); + certopt, nameopt, default_op, ext_copy, selfsign); err: if (req != NULL) X509_REQ_free(req); @@ -1575,7 +1600,7 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) @@ -1617,9 +1642,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (rreq != NULL) X509_REQ_free(rreq); @@ -1629,10 +1654,11 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; ASN1_UTCTIME *tm,*tmptm; @@ -1644,7 +1670,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, X509_NAME_ENTRY *tne,*push; EVP_PKEY *pktmp; int ok= -1,i,j,last,nid; - char *p; + const char *p; CONF_VALUE *cv; char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; char buf[25]; @@ -1661,7 +1687,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC); + X509_NAME *n = parse_name(subj, chtype, multirdn); if (!n) { @@ -1736,7 +1762,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, } /* take a copy of the issuer name before we mess with it. */ - CAname=X509_NAME_dup(x509->cert_info->subject); + if (selfsign) + CAname=X509_NAME_dup(name); + else + CAname=X509_NAME_dup(x509->cert_info->subject); if (CAname == NULL) goto err; str=str2=NULL; @@ -1948,8 +1977,16 @@ again2: if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) goto err; - if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) - goto err; + if (selfsign) + { + if (!X509_set_issuer_name(ret,subject)) + goto err; + } + else + { + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + } if (strcmp(startdate,"today") == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); @@ -1984,7 +2021,10 @@ again2: ci->extensions = NULL; /* Initialize the context structure */ - X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + if (selfsign) + X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); + else + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); if (extconf) { @@ -2051,7 +2091,7 @@ again2: BIO_printf(bio_err,"Certificate is to be certified until "); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - if (days) BIO_printf(bio_err," (%d days)",days); + if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); if (!batch) @@ -2078,6 +2118,16 @@ again2: EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + dgst = EVP_ecdsa(); + pktmp = X509_get_pubkey(ret); + if (EVP_PKEY_missing_parameters(pktmp) && + !EVP_PKEY_missing_parameters(pkey)) + EVP_PKEY_copy_parameters(pktmp, pkey); + EVP_PKEY_free(pktmp); +#endif + if (!X509_sign(ret,pkey,dgst)) goto err; @@ -2174,7 +2224,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2315,9 +2365,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); @@ -2628,7 +2678,7 @@ err: return (cnt); } -static char *crl_reasons[] = { +static const char *crl_reasons[] = { /* CRL reason strings */ "unspecified", "keyCompromise", @@ -2656,7 +2706,8 @@ static char *crl_reasons[] = { char *make_revocation_str(int rev_type, char *rev_arg) { - char *reason = NULL, *other = NULL, *str; + char *other = NULL, *str; + const char *reason = NULL; ASN1_OBJECT *otmp; ASN1_UTCTIME *revtm = NULL; int i; @@ -2750,7 +2801,7 @@ char *make_revocation_str(int rev_type, char *rev_arg) */ -int make_revoked(X509_REVOKED *rev, char *str) +int make_revoked(X509_REVOKED *rev, const char *str) { char *tmp = NULL; int reason_code = -1; @@ -2804,129 +2855,6 @@ int make_revoked(X509_REVOKED *rev, char *str) return ret; } -/* - * subject is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ - */ -X509_NAME *do_subject(char *subject, long chtype) - { - size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = OPENSSL_malloc(buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); - char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); - - char *sp = subject, *bp = buf; - int i, ne_num = 0; - - X509_NAME *n = NULL; - int nid; - - if (!buf || !ne_types || !ne_values) - { - BIO_printf(bio_err, "malloc error\n"); - goto error; - } - - if (*subject != '/') - { - BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error; - } - sp++; /* skip leading / */ - - while (*sp) - { - /* collect type */ - ne_types[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') /* is there anything to escape in the type...? */ - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '=') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - if (!*sp) - { - BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error; - } - ne_values[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '/') - { - sp++; - break; - } - else - *bp++ = *sp++; - } - *bp++ = '\0'; - ne_num++; - } - - if (!(n = X509_NAME_new())) - goto error; - - for (i = 0; i < ne_num; i++) - { - if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) - { - BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); - continue; - } - - if (!*ne_values[i]) - { - BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) - goto error; - } - - OPENSSL_free(ne_values); - OPENSSL_free(ne_types); - OPENSSL_free(buf); - return n; - -error: - X509_NAME_free(n); - if (ne_values) - OPENSSL_free(ne_values); - if (ne_types) - OPENSSL_free(ne_types); - if (buf) - OPENSSL_free(buf); - return NULL; -} - int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25],*pbuf, *p; @@ -2966,12 +2894,13 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) return 1; } -int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str) +int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) { char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; int reason_code = -1; - int i, ret = 0; + int ret = 0; + unsigned int i; ASN1_OBJECT *hold = NULL; ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c index 7c62fc5..43f0ac5 100644 --- a/crypto/openssl/apps/ciphers.c +++ b/crypto/openssl/apps/ciphers.c @@ -69,7 +69,7 @@ #undef PROG #define PROG ciphers_main -static char *ciphers_usage[]={ +static const char *ciphers_usage[]={ "usage: ciphers args\n", " -v - verbose mode, a textual listing of the ciphers in SSLeay\n", " -ssl2 - SSL2 mode\n", @@ -84,7 +84,7 @@ int MAIN(int argc, char **argv) { int ret=1,i; int verbose=0; - char **pp; + const char **pp; const char *p; int badops=0; SSL_CTX *ctx=NULL; diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c index 81d6658..a0040fb 100644 --- a/crypto/openssl/apps/crl.c +++ b/crypto/openssl/apps/crl.c @@ -72,7 +72,7 @@ #undef POSTFIX #define POSTFIX ".rvk" -static char *crl_usage[]={ +static const char *crl_usage[]={ "usage: crl args\n", "\n", " -inform arg - input format - default PEM (DER or PEM)\n", @@ -108,14 +108,14 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0; - char **pp; + const char **pp; X509_STORE *store = NULL; X509_STORE_CTX ctx; X509_LOOKUP *lookup = NULL; X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); apps_startup(); @@ -355,7 +355,11 @@ bad: if (text) X509_CRL_print(out, x); - if (noout) goto end; + if (noout) + { + ret = 0; + goto end; + } if (outformat == FORMAT_ASN1) i=(int)i2d_X509_CRL_bio(out,x); diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index f8d9a70..c13535f 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -66,7 +66,6 @@ #include #include #include -#include #undef BUFSIZE #define BUFSIZE 1024*8 @@ -74,11 +73,9 @@ #undef PROG #define PROG dgst_main -static HMAC_CTX hmac_ctx; - int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key); + const char *file); int MAIN(int, char **); @@ -103,10 +100,10 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; + char *passargin = NULL, *passin = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif - char *hmac_key=NULL; apps_startup(); @@ -149,6 +146,12 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyfile=*(++argv); } + else if (!strcmp(*argv,"-passin")) + { + if (--argc < 1) + break; + passargin=*++argv; + } else if (strcmp(*argv,"-verify") == 0) { if (--argc < 1) break; @@ -185,12 +188,6 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; - else if (!strcmp(*argv,"-hmac")) - { - if (--argc < 1) - break; - hmac_key=*++argv; - } else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) md=m; else @@ -232,10 +229,20 @@ int MAIN(int argc, char **argv) LN_md4,LN_md4); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_md2,LN_md2); +#ifndef OPENSSL_NO_SHA BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_sha1,LN_sha1); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_sha,LN_sha); +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha256,LN_sha256); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha512,LN_sha512); +#endif +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", @@ -245,7 +252,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); @@ -257,6 +264,12 @@ int MAIN(int argc, char **argv) BIO_set_callback_arg(in,bio_err); } + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + if ((in == NULL) || (bmd == NULL)) { ERR_print_errors(bio_err); @@ -298,7 +311,7 @@ int MAIN(int argc, char **argv) sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, e, "key file"); else - sigkey = load_key(bio_err, keyfile, keyform, 0, NULL, + sigkey = load_key(bio_err, keyfile, keyform, 0, passin, e, "key file"); if (!sigkey) { @@ -328,6 +341,8 @@ int MAIN(int argc, char **argv) goto end; } } + + /* we use md as a filter, reading from 'in' */ if (!BIO_set_md(bmd,md)) @@ -343,7 +358,7 @@ int MAIN(int argc, char **argv) { BIO_set_fp(in,stdin,BIO_NOCLOSE); err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, - siglen,"","(stdin)",bmd,hmac_key); + siglen,"","(stdin)"); } else { @@ -361,15 +376,14 @@ int MAIN(int argc, char **argv) } if(!out_bin) { - size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5; + size_t len = strlen(name)+strlen(argv[i])+5; tmp=tofree=OPENSSL_malloc(len); - BIO_snprintf(tmp,len,"%s%s(%s)= ", - hmac_key ? "HMAC-" : "",name,argv[i]); + BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]); } else tmp=""; r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, - siglen,tmp,argv[i],bmd,hmac_key); + siglen,tmp,argv[i]); if(r) err=r; if(tofree) @@ -384,6 +398,8 @@ end: OPENSSL_free(buf); } if (in != NULL) BIO_free(in); + if (passin) + OPENSSL_free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); @@ -394,21 +410,11 @@ end: int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key) + const char *file) { - unsigned int len; + int len; int i; - EVP_MD_CTX *md_ctx; - if (hmac_key) - { - EVP_MD *md; - - BIO_get_md(bmd,&md); - HMAC_Init(&hmac_ctx,hmac_key,strlen(hmac_key),md); - BIO_get_md_ctx(bmd,&md_ctx); - BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); - } for (;;) { i=BIO_read(bp,(char *)buf,BUFSIZE); @@ -451,11 +457,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, return 1; } } - else if(hmac_key) - { - HMAC_Final(&hmac_ctx,buf,&len); - HMAC_CTX_cleanup(&hmac_ctx); - } else len=BIO_gets(bp,(char *)buf,BUFSIZE); @@ -463,7 +464,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, else { BIO_write(out,title,strlen(title)); - for (i=0; (unsigned int)i /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include #include diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index dc00355..04bd57c 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -109,6 +109,7 @@ * */ +#include /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include #include @@ -142,7 +143,7 @@ * -C */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -294,6 +295,8 @@ bad: if(num) { + BN_GENCB cb; + BN_GENCB_set(&cb, dh_cb, bio_err); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); @@ -305,12 +308,13 @@ bad: #ifndef OPENSSL_NO_DSA if (dsaparam) { - DSA *dsa; + DSA *dsa = DSA_new(); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); - dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err); - if (dsa == NULL) + if(!dsa || !DSA_generate_parameters_ex(dsa, num, + NULL, 0, NULL, NULL, &cb)) { + if(dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } @@ -326,12 +330,12 @@ bad: else #endif { + dh = DH_new(); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) + if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { + if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } @@ -534,7 +538,7 @@ end: } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -542,11 +546,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c index e9de3a3..a5ec5d7 100644 --- a/crypto/openssl/apps/dsa.c +++ b/crypto/openssl/apps/dsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include #include @@ -68,6 +69,7 @@ #include #include #include +#include #undef PROG #define PROG dsa_main diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index 04861e8..c301e81 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DSA */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_DSA #include #include @@ -82,9 +89,23 @@ * -C * -noout * -genkey + * #ifdef GENCB_TEST + * -timebomb n - interrupt keygen after seconds + * #endif */ -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +#ifdef GENCB_TEST + +static int stop_keygen_flag = 0; + +static void timebomb_sigalarm(int foo) + { + stop_keygen_flag = 1; + } + +#endif + +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -103,6 +124,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif +#ifdef GENCB_TEST + int timebomb=0; +#endif apps_startup(); @@ -150,6 +174,13 @@ int MAIN(int argc, char **argv) engine = *(++argv); } #endif +#ifdef GENCB_TEST + else if(strcmp(*argv, "-timebomb") == 0) + { + if (--argc < 1) goto bad; + timebomb = atoi(*(++argv)); + } +#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -200,6 +231,9 @@ bad: #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif +#ifdef GENCB_TEST + BIO_printf(bio_err," -timebomb n interrupt keygen after seconds\n"); +#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -257,10 +291,47 @@ bad: if (numbits > 0) { + BN_GENCB cb; + BN_GENCB_set(&cb, dsa_cb, bio_err); assert(need_rand); + dsa = DSA_new(); + if(!dsa) + { + BIO_printf(bio_err,"Error allocating DSA object\n"); + goto end; + } BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); - dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); +#ifdef GENCB_TEST + if(timebomb > 0) + { + struct sigaction act; + act.sa_handler = timebomb_sigalarm; + act.sa_flags = 0; + BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", + timebomb); + if(sigaction(SIGALRM, &act, NULL) != 0) + { + BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); + goto end; + } + alarm(timebomb); + } +#endif + if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) + { +#ifdef GENCB_TEST + if(stop_keygen_flag) + { + BIO_printf(bio_err,"DSA key generation time-stopped\n"); + /* This is an asked-for behaviour! */ + ret = 0; + goto end; + } +#endif + BIO_printf(bio_err,"Error, DSA key generation failed\n"); + goto end; + } } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); @@ -385,7 +456,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -393,10 +464,15 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif +#ifdef GENCB_TEST + if(stop_keygen_flag) + return 0; +#endif + return 1; } #endif diff --git a/crypto/openssl/apps/ec.c b/crypto/openssl/apps/ec.c new file mode 100644 index 0000000..9ddaddf --- /dev/null +++ b/crypto/openssl/apps/ec.c @@ -0,0 +1,400 @@ +/* apps/ec.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#ifndef OPENSSL_NO_EC +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include + +#undef PROG +#define PROG ec_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -text - print a text version + * -param_out - print the elliptic curve parameters + * -conv_form arg - specifies the point encoding form + * -param_enc arg - specifies the parameter encoding + */ + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) +{ +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; +#endif + int ret = 1; + EC_KEY *eckey = NULL; + const EC_GROUP *group; + int i, badops = 0; + const EVP_CIPHER *enc = NULL; + BIO *in = NULL, *out = NULL; + int informat, outformat, text=0, noout=0; + int pubin = 0, pubout = 0, param_out = 0; + char *infile, *outfile, *prog, *engine; + char *passargin = NULL, *passargout = NULL; + char *passin = NULL, *passout = NULL; + point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; + int new_form = 0; + int asn1_flag = OPENSSL_EC_NAMED_CURVE; + int new_asn1_flag = 0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto end; + + engine = NULL; + infile = NULL; + outfile = NULL; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; + + prog = argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passargin= *(++argv); + } + else if (strcmp(*argv,"-passout") == 0) + { + if (--argc < 1) goto bad; + passargout= *(++argv); + } + else if (strcmp(*argv, "-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } + else if (strcmp(*argv, "-noout") == 0) + noout = 1; + else if (strcmp(*argv, "-text") == 0) + text = 1; + else if (strcmp(*argv, "-conv_form") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_form = 1; + if (strcmp(*argv, "compressed") == 0) + form = POINT_CONVERSION_COMPRESSED; + else if (strcmp(*argv, "uncompressed") == 0) + form = POINT_CONVERSION_UNCOMPRESSED; + else if (strcmp(*argv, "hybrid") == 0) + form = POINT_CONVERSION_HYBRID; + else + goto bad; + } + else if (strcmp(*argv, "-param_enc") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_asn1_flag = 1; + if (strcmp(*argv, "named_curve") == 0) + asn1_flag = OPENSSL_EC_NAMED_CURVE; + else if (strcmp(*argv, "explicit") == 0) + asn1_flag = 0; + else + goto bad; + } + else if (strcmp(*argv, "-param_out") == 0) + param_out = 1; + else if (strcmp(*argv, "-pubin") == 0) + pubin=1; + else if (strcmp(*argv, "-pubout") == 0) + pubout=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err, "%s [options] outfile\n", prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - " + "DER or PEM\n"); + BIO_printf(bio_err, " -outform arg output format - " + "DER or PEM\n"); + BIO_printf(bio_err, " -in arg input file\n"); + BIO_printf(bio_err, " -passin arg input file pass " + "phrase source\n"); + BIO_printf(bio_err, " -out arg output file\n"); + BIO_printf(bio_err, " -passout arg output file pass " + "phrase source\n"); + BIO_printf(bio_err, " -engine e use engine e, " + "possibly a hardware device.\n"); + BIO_printf(bio_err, " -des encrypt PEM output, " + "instead of 'des' every other \n" + " cipher " + "supported by OpenSSL can be used\n"); + BIO_printf(bio_err, " -text print the key\n"); + BIO_printf(bio_err, " -noout don't print key out\n"); + BIO_printf(bio_err, " -param_out print the elliptic " + "curve parameters\n"); + BIO_printf(bio_err, " -conv_form arg specifies the " + "point conversion form \n"); + BIO_printf(bio_err, " possible values:" + " compressed\n"); + BIO_printf(bio_err, " " + " uncompressed (default)\n"); + BIO_printf(bio_err, " " + " hybrid\n"); + BIO_printf(bio_err, " -param_enc arg specifies the way" + " the ec parameters are encoded\n"); + BIO_printf(bio_err, " in the asn1 der " + "encoding\n"); + BIO_printf(bio_err, " possilbe values:" + " named_curve (default)\n"); + BIO_printf(bio_err," " + "explicit\n"); + goto end; + } + + ERR_load_crypto_strings(); + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) + { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else + { + if (BIO_read_filename(in, infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err, "read EC key\n"); + if (informat == FORMAT_ASN1) + { + if (pubin) + eckey = d2i_EC_PUBKEY_bio(in, NULL); + else + eckey = d2i_ECPrivateKey_bio(in, NULL); + } + else if (informat == FORMAT_PEM) + { + if (pubin) + eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, + NULL); + else + eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, + passin); + } + else + { + BIO_printf(bio_err, "bad input format specified for key\n"); + goto end; + } + if (eckey == NULL) + { + BIO_printf(bio_err,"unable to load Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + { + BIO_set_fp(out, stdout, BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } + else + { + if (BIO_write_filename(out, outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + group = EC_KEY_get0_group(eckey); + + if (new_form) + EC_KEY_set_conv_form(eckey, form); + + if (new_asn1_flag) + EC_KEY_set_asn1_flag(eckey, asn1_flag); + + if (text) + if (!EC_KEY_print(out, eckey, 0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (noout) + goto end; + + BIO_printf(bio_err, "writing EC key\n"); + if (outformat == FORMAT_ASN1) + { + if (param_out) + i = i2d_ECPKParameters_bio(out, group); + else if (pubin || pubout) + i = i2d_EC_PUBKEY_bio(out, eckey); + else + i = i2d_ECPrivateKey_bio(out, eckey); + } + else if (outformat == FORMAT_PEM) + { + if (param_out) + i = PEM_write_bio_ECPKParameters(out, group); + else if (pubin || pubout) + i = PEM_write_bio_EC_PUBKEY(out, eckey); + else + i = PEM_write_bio_ECPrivateKey(out, eckey, enc, + NULL, 0, NULL, passout); + } + else + { + BIO_printf(bio_err, "bad output format specified for " + "outfile\n"); + goto end; + } + + if (!i) + { + BIO_printf(bio_err, "unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in) + BIO_free(in); + if (out) + BIO_free_all(out); + if (eckey) + EC_KEY_free(eckey); + if (passin) + OPENSSL_free(passin); + if (passout) + OPENSSL_free(passout); + apps_shutdown(); + OPENSSL_EXIT(ret); +} +#endif diff --git a/crypto/openssl/apps/ecparam.c b/crypto/openssl/apps/ecparam.c new file mode 100644 index 0000000..4e1fc83 --- /dev/null +++ b/crypto/openssl/apps/ecparam.c @@ -0,0 +1,728 @@ +/* apps/ecparam.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include +#ifndef OPENSSL_NO_EC +#include +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG ecparam_main + +/* -inform arg - input format - default PEM (DER or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -noout - do not print the ec parameter + * -text - print the ec parameters in text form + * -check - validate the ec parameters + * -C - print a 'C' function creating the parameters + * -name arg - use the ec parameters with 'short name' name + * -list_curves - prints a list of all currently available curve 'short names' + * -conv_form arg - specifies the point conversion form + * - possible values: compressed + * uncompressed (default) + * hybrid + * -param_enc arg - specifies the way the ec parameters are encoded + * in the asn1 der encoding + * possible values: named_curve (default) + * explicit + * -no_seed - if 'explicit' parameters are choosen do not use the seed + * -genkey - generate ec key + * -rand file - files to use for random number input + * -engine e - use engine e, possibly a hardware device + */ + + +static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + EC_GROUP *group = NULL; + point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; + int new_form = 0; + int asn1_flag = OPENSSL_EC_NAMED_CURVE; + int new_asn1_flag = 0; + char *curve_name = NULL, *inrand = NULL; + int list_curves = 0, no_seed = 0, check = 0, + badops = 0, text = 0, i, need_rand = 0, genkey = 0; + char *infile = NULL, *outfile = NULL, *prog; + BIO *in = NULL, *out = NULL; + int informat, outformat, noout = 0, C = 0, ret = 1; +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; +#endif + char *engine = NULL; + + BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, + *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; + unsigned char *buffer = NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto end; + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text = 1; + else if (strcmp(*argv,"-C") == 0) + C = 1; + else if (strcmp(*argv,"-check") == 0) + check = 1; + else if (strcmp (*argv, "-name") == 0) + { + if (--argc < 1) + goto bad; + curve_name = *(++argv); + } + else if (strcmp(*argv, "-list_curves") == 0) + list_curves = 1; + else if (strcmp(*argv, "-conv_form") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_form = 1; + if (strcmp(*argv, "compressed") == 0) + form = POINT_CONVERSION_COMPRESSED; + else if (strcmp(*argv, "uncompressed") == 0) + form = POINT_CONVERSION_UNCOMPRESSED; + else if (strcmp(*argv, "hybrid") == 0) + form = POINT_CONVERSION_HYBRID; + else + goto bad; + } + else if (strcmp(*argv, "-param_enc") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_asn1_flag = 1; + if (strcmp(*argv, "named_curve") == 0) + asn1_flag = OPENSSL_EC_NAMED_CURVE; + else if (strcmp(*argv, "explicit") == 0) + asn1_flag = 0; + else + goto bad; + } + else if (strcmp(*argv, "-no_seed") == 0) + no_seed = 1; + else if (strcmp(*argv, "-noout") == 0) + noout=1; + else if (strcmp(*argv,"-genkey") == 0) + { + genkey=1; + need_rand=1; + } + else if (strcmp(*argv, "-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + need_rand=1; + } + else if(strcmp(*argv, "-engine") == 0) + { + if (--argc < 1) goto bad; + engine = *(++argv); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err, "%s [options] outfile\n",prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - " + "default PEM (DER or PEM)\n"); + BIO_printf(bio_err, " -outform arg output format - " + "default PEM\n"); + BIO_printf(bio_err, " -in arg input file - " + "default stdin\n"); + BIO_printf(bio_err, " -out arg output file - " + "default stdout\n"); + BIO_printf(bio_err, " -noout do not print the " + "ec parameter\n"); + BIO_printf(bio_err, " -text print the ec " + "parameters in text form\n"); + BIO_printf(bio_err, " -check validate the ec " + "parameters\n"); + BIO_printf(bio_err, " -C print a 'C' " + "function creating the parameters\n"); + BIO_printf(bio_err, " -name arg use the " + "ec parameters with 'short name' name\n"); + BIO_printf(bio_err, " -list_curves prints a list of " + "all currently available curve 'short names'\n"); + BIO_printf(bio_err, " -conv_form arg specifies the " + "point conversion form \n"); + BIO_printf(bio_err, " possible values:" + " compressed\n"); + BIO_printf(bio_err, " " + " uncompressed (default)\n"); + BIO_printf(bio_err, " " + " hybrid\n"); + BIO_printf(bio_err, " -param_enc arg specifies the way" + " the ec parameters are encoded\n"); + BIO_printf(bio_err, " in the asn1 der " + "encoding\n"); + BIO_printf(bio_err, " possible values:" + " named_curve (default)\n"); + BIO_printf(bio_err, " " + " explicit\n"); + BIO_printf(bio_err, " -no_seed if 'explicit'" + " parameters are choosen do not" + " use the seed\n"); + BIO_printf(bio_err, " -genkey generate ec" + " key\n"); + BIO_printf(bio_err, " -rand file files to use for" + " random number input\n"); + BIO_printf(bio_err, " -engine e use engine e, " + "possibly a hardware device\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + { + BIO_set_fp(out,stdout,BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if (list_curves) + { + EC_builtin_curve *curves = NULL; + size_t crv_len = 0; + size_t n = 0; + + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len)); + + if (curves == NULL) + goto end; + + if (!EC_get_builtin_curves(curves, crv_len)) + { + OPENSSL_free(curves); + goto end; + } + + + for (n = 0; n < crv_len; n++) + { + const char *comment; + const char *sname; + comment = curves[n].comment; + sname = OBJ_nid2sn(curves[n].nid); + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) + sname = ""; + + BIO_printf(out, " %-10s: ", sname); + BIO_printf(out, "%s\n", comment); + } + + OPENSSL_free(curves); + ret = 0; + goto end; + } + + if (curve_name != NULL) + { + int nid; + + /* workaround for the SECG curve names secp192r1 + * and secp256r1 (which are the same as the curves + * prime192v1 and prime256v1 defined in X9.62) + */ + if (!strcmp(curve_name, "secp192r1")) + { + BIO_printf(bio_err, "using curve name prime192v1 " + "instead of secp192r1\n"); + nid = NID_X9_62_prime192v1; + } + else if (!strcmp(curve_name, "secp256r1")) + { + BIO_printf(bio_err, "using curve name prime256v1 " + "instead of secp256r1\n"); + nid = NID_X9_62_prime256v1; + } + else + nid = OBJ_sn2nid(curve_name); + + if (nid == 0) + { + BIO_printf(bio_err, "unknown curve name (%s)\n", + curve_name); + goto end; + } + + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + { + BIO_printf(bio_err, "unable to create curve (%s)\n", + curve_name); + goto end; + } + EC_GROUP_set_asn1_flag(group, asn1_flag); + EC_GROUP_set_point_conversion_form(group, form); + } + else if (informat == FORMAT_ASN1) + { + group = d2i_ECPKParameters_bio(in, NULL); + } + else if (informat == FORMAT_PEM) + { + group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL); + } + else + { + BIO_printf(bio_err, "bad input format specified\n"); + goto end; + } + + if (group == NULL) + { + BIO_printf(bio_err, + "unable to load elliptic curve parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (new_form) + EC_GROUP_set_point_conversion_form(group, form); + + if (new_asn1_flag) + EC_GROUP_set_asn1_flag(group, asn1_flag); + + if (no_seed) + { + EC_GROUP_set_seed(group, NULL, 0); + } + + if (text) + { + if (!ECPKParameters_print(out, group, 0)) + goto end; + } + + if (check) + { + if (group == NULL) + BIO_printf(bio_err, "no elliptic curve parameters\n"); + BIO_printf(bio_err, "checking elliptic curve parameters: "); + if (!EC_GROUP_check(group, NULL)) + { + BIO_printf(bio_err, "failed\n"); + ERR_print_errors(bio_err); + } + else + BIO_printf(bio_err, "ok\n"); + + } + + if (C) + { + size_t buf_len = 0, tmp_len = 0; + const EC_POINT *point; + int is_prime, len = 0; + const EC_METHOD *meth = EC_GROUP_method_of(group); + + if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || + (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || + (ec_order = BN_new()) == NULL || + (ec_cofactor = BN_new()) == NULL ) + { + perror("OPENSSL_malloc"); + goto end; + } + + is_prime = (EC_METHOD_get_field_type(meth) == + NID_X9_62_prime_field); + + if (is_prime) + { + if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, + ec_b, NULL)) + goto end; + } + else + { + /* TODO */ + goto end; + } + + if ((point = EC_GROUP_get0_generator(group)) == NULL) + goto end; + if (!EC_POINT_point2bn(group, point, + EC_GROUP_get_point_conversion_form(group), ec_gen, + NULL)) + goto end; + if (!EC_GROUP_get_order(group, ec_order, NULL)) + goto end; + if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) + goto end; + + if (!ec_p || !ec_a || !ec_b || !ec_gen || + !ec_order || !ec_cofactor) + goto end; + + len = BN_num_bits(ec_order); + + if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) + buf_len = tmp_len; + + buffer = (unsigned char *)OPENSSL_malloc(buf_len); + + if (buffer == NULL) + { + perror("OPENSSL_malloc"); + goto end; + } + + ecparam_print_var(out, ec_p, "ec_p", len, buffer); + ecparam_print_var(out, ec_a, "ec_a", len, buffer); + ecparam_print_var(out, ec_b, "ec_b", len, buffer); + ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); + ecparam_print_var(out, ec_order, "ec_order", len, buffer); + ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, + buffer); + + BIO_printf(out, "\n\n"); + + BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len); + BIO_printf(out, "\tint ok=0;\n"); + BIO_printf(out, "\tEC_GROUP *group = NULL;\n"); + BIO_printf(out, "\tEC_POINT *point = NULL;\n"); + BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, " + "*tmp_3 = NULL;\n\n"); + BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, " + "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, " + "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " + "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + if (is_prime) + { + BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" + "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" + "\n\t\tgoto err;\n\n"); + } + else + { + /* TODO */ + goto end; + } + BIO_printf(out, "\t/* build generator */\n"); + BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, " + "sizeof(ec_gen_%d), tmp_1)) == NULL)" + "\n\t\tgoto err;\n", len, len); + BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, " + "NULL, NULL);\n"); + BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n"); + BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, " + "sizeof(ec_order_%d), tmp_2)) == NULL)" + "\n\t\tgoto err;\n", len, len); + BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, " + "sizeof(ec_cofactor_%d), tmp_3)) == NULL)" + "\n\t\tgoto err;\n", len, len); + BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point," + " tmp_2, tmp_3))\n\t\tgoto err;\n"); + BIO_printf(out, "\n\tok=1;\n"); + BIO_printf(out, "err:\n"); + BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n"); + BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n"); + BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n"); + BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n"); + BIO_printf(out, "\tif (!ok)\n"); + BIO_printf(out, "\t\t{\n"); + BIO_printf(out, "\t\tEC_GROUP_free(group);\n"); + BIO_printf(out, "\t\tgroup = NULL;\n"); + BIO_printf(out, "\t\t}\n"); + BIO_printf(out, "\treturn(group);\n\t}\n"); + } + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i = i2d_ECPKParameters_bio(out, group); + else if (outformat == FORMAT_PEM) + i = PEM_write_bio_ECPKParameters(out, group); + else + { + BIO_printf(bio_err,"bad output format specified for" + " outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err, "unable to write elliptic " + "curve parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + if (need_rand) + { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + + if (genkey) + { + EC_KEY *eckey = EC_KEY_new(); + + if (eckey == NULL) + goto end; + + assert(need_rand); + + if (EC_KEY_set_group(eckey, group) == 0) + goto end; + + if (!EC_KEY_generate_key(eckey)) + { + EC_KEY_free(eckey); + goto end; + } + if (outformat == FORMAT_ASN1) + i = i2d_ECPrivateKey_bio(out, eckey); + else if (outformat == FORMAT_PEM) + i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, + NULL, 0, NULL, NULL); + else + { + BIO_printf(bio_err, "bad output format specified " + "for outfile\n"); + EC_KEY_free(eckey); + goto end; + } + EC_KEY_free(eckey); + } + + if (need_rand) + app_RAND_write_file(NULL, bio_err); + + ret=0; +end: + if (ec_p) + BN_free(ec_p); + if (ec_a) + BN_free(ec_a); + if (ec_b) + BN_free(ec_b); + if (ec_gen) + BN_free(ec_gen); + if (ec_order) + BN_free(ec_order); + if (ec_cofactor) + BN_free(ec_cofactor); + if (buffer) + OPENSSL_free(buffer); + if (in != NULL) + BIO_free(in); + if (out != NULL) + BIO_free_all(out); + if (group != NULL) + EC_GROUP_free(group); + apps_shutdown(); + OPENSSL_EXIT(ret); +} + +static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var, + int len, unsigned char *buffer) + { + BIO_printf(out, "static unsigned char %s_%d[] = {", var, len); + if (BN_is_zero(in)) + BIO_printf(out, "\n\t0x00"); + else + { + int i, l; + + l = BN_bn2bin(in, buffer); + for (i=0; i - runs command 'cmd' against the ENGINE before any attempts\n", " to load it (if -t is used)\n", " -post - runs command 'cmd' against the ENGINE after loading it\n", @@ -343,8 +344,8 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { int ret=1,i; - char **pp; - int verbose=0, list_cap=0, test_avail=0; + const char **pp; + int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; STACK *engines = sk_new_null(); STACK *pre_cmds = sk_new_null(); @@ -382,16 +383,26 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-c") == 0) list_cap=1; - else if (strcmp(*argv,"-t") == 0) + else if (strncmp(*argv,"-t",2) == 0) + { test_avail=1; + if(strspn(*argv + 1, "t") < strlen(*argv + 1)) + goto skip_arg_loop; + if((test_avail_noise = strlen(*argv + 1) - 1) > 1) + goto skip_arg_loop; + } else if (strcmp(*argv,"-pre") == 0) { argc--; argv++; + if (argc == 0) + goto skip_arg_loop; sk_push(pre_cmds,*argv); } else if (strcmp(*argv,"-post") == 0) { argc--; argv++; + if (argc == 0) + goto skip_arg_loop; sk_push(post_cmds,*argv); } else if ((strncmp(*argv,"-h",2) == 0) || @@ -498,7 +509,8 @@ skip_digests: else { BIO_printf(bio_out, "[ unavailable ]\n"); - ERR_print_errors_fp(stdout); + if(test_avail_noise) + ERR_print_errors_fp(stdout); ERR_clear_error(); } } @@ -512,6 +524,7 @@ skip_digests: ret=0; end: + ERR_print_errors(bio_err); sk_pop_free(engines, identity); sk_pop_free(pre_cmds, identity); diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c index a34a862..4749786 100644 --- a/crypto/openssl/apps/gendh.c +++ b/crypto/openssl/apps/gendh.c @@ -57,6 +57,13 @@ * [including the GNU Public Licence.] */ +#include +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_DH #include #include @@ -75,12 +82,13 @@ #undef PROG #define PROG gendh_main -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -96,6 +104,7 @@ int MAIN(int argc, char **argv) apps_startup(); + BN_GENCB_set(&cb, dh_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -193,10 +202,10 @@ bad: BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) goto end; + if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) + goto end; + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) @@ -211,7 +220,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -219,10 +228,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 6d2ed06..828e27f 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include #include diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index 63be873..4f62cfd 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +#include +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_RSA #include #include @@ -75,17 +82,17 @@ #undef PROG #define PROG genrsa_main -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif int ret=1; - RSA *rsa=NULL; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; @@ -97,8 +104,13 @@ int MAIN(int argc, char **argv) #endif char *inrand=NULL; BIO *out=NULL; + BIGNUM *bn = BN_new(); + RSA *rsa = RSA_new(); + + if(!bn || !rsa) goto err; apps_startup(); + BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -233,12 +245,12 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) + goto err; app_RAND_write_file(NULL, bio_err); - if (rsa == NULL) goto err; - /* We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l=0L; @@ -262,8 +274,9 @@ bad: ret=0; err: - if (rsa != NULL) RSA_free(rsa); - if (out != NULL) BIO_free_all(out); + if (bn) BN_free(bn); + if (rsa) RSA_free(rsa); + if (out) BIO_free_all(out); if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); @@ -271,7 +284,7 @@ err: OPENSSL_EXIT(ret); } -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -279,11 +292,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 856b797..52af592 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -64,6 +64,7 @@ #include #include #include +#include /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) @@ -784,7 +785,7 @@ int MAIN(int argc, char **argv) if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%ld)\n", + BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; @@ -850,7 +851,7 @@ int MAIN(int argc, char **argv) if(i <= 0) { - BIO_printf(bio_err, "Response Verify Failure\n", i); + BIO_printf(bio_err, "Response Verify Failure\n"); ERR_print_errors(bio_err); } else diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c index 9a9ef91..02d86d5 100644 --- a/crypto/openssl/apps/openssl.c +++ b/crypto/openssl/apps/openssl.c @@ -129,7 +129,6 @@ #include "progs.h" #include "s_apps.h" #include -#include /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the * base prototypes (we cast each variable inside the function to the required @@ -148,7 +147,6 @@ char *default_config_file=NULL; #ifdef MONOLITH CONF *config=NULL; BIO *bio_err=NULL; -int in_FIPS_mode=0; #endif @@ -222,38 +220,18 @@ int main(int Argc, char *Argv[]) #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; FUNCTION f,*fp; - MS_STATIC char *prompt,buf[1024]; + MS_STATIC const char *prompt; + MS_STATIC char buf[1024]; char *to_free=NULL; int n,i,ret=0; int argc; char **argv,*p; LHASH *prog=NULL; long errline; - + arg.data=NULL; arg.count=0; - in_FIPS_mode = 0; - -#ifdef OPENSSL_FIPS - if(getenv("OPENSSL_FIPS")) { -#if defined(_WIN32) - char filename[MAX_PATH] = ""; - GetModuleFileName( NULL, filename, MAX_PATH) ; - p = filename; -#else - p = Argv[0]; -#endif - if (!FIPS_mode_set(1,p)) { - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - exit(1); - } - in_FIPS_mode = 1; - if (getenv("OPENSSL_FIPS_MD5")) - FIPS_allow_md5(1); - } -#endif if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -511,7 +489,7 @@ static LHASH *prog_init(void) { LHASH *ret; FUNCTION *f; - int i; + size_t i; /* Purely so it looks nice when the user hits ? */ for(i=0,f=functions ; f->name != NULL ; ++f,++i) @@ -529,12 +507,12 @@ static LHASH *prog_init(void) /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */ static int MS_CALLBACK cmp(const void *a_void, const void *b_void) { - return(strncmp(((FUNCTION *)a_void)->name, - ((FUNCTION *)b_void)->name,8)); + return(strncmp(((const FUNCTION *)a_void)->name, + ((const FUNCTION *)b_void)->name,8)); } /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */ static unsigned long MS_CALLBACK hash(const void *a_void) { - return(lh_strhash(((FUNCTION *)a_void)->name)); + return(lh_strhash(((const FUNCTION *)a_void)->name)); } diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index af688a4..9e59020 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -44,8 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number -#crlnumber = $dir/crlnumber # the current crl number must be - # commented out to leave a V1 CRL +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file @@ -67,7 +67,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. +default_md = sha1 # which md to use. preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -188,7 +188,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. @@ -258,3 +258,56 @@ basicConstraints = CA:true # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c index 3ad91d8..9ca25dd 100644 --- a/crypto/openssl/apps/passwd.c +++ b/crypto/openssl/apps/passwd.c @@ -312,7 +312,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; - int n, i; + int n; + unsigned int i; EVP_MD_CTX md,md2; size_t passwd_len, salt_len; @@ -358,13 +359,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2,EVP_md5(), NULL); - EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, + EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, + EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, (i & 1) ? sizeof buf : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); } @@ -473,7 +474,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if ((strlen(passwd) > pw_maxlen)) { if (!quiet) - BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen); + /* XXX: really we should know how to print a size_t, not cast it */ + BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); passwd[pw_maxlen] = 0; } assert(strlen(passwd) <= pw_maxlen); diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index 71192bd..c22c00f 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -1,11 +1,9 @@ /* pkcs12.c */ -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) - /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,6 +56,9 @@ * */ +#include +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) + #include #include #include @@ -83,7 +84,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); -int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); +int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); int alg_print(BIO *x, X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); @@ -166,10 +167,14 @@ int MAIN(int argc, char **argv) maciter = PKCS12_DEFAULT_ITER; else if (!strcmp (*args, "-nomaciter")) maciter = 1; + else if (!strcmp (*args, "-nomac")) + maciter = -1; else if (!strcmp (*args, "-nodes")) enc=NULL; else if (!strcmp (*args, "-certpbe")) { if (args[1]) { args++; + if (!strcmp(*args, "NONE")) + cert_pbe = -1; cert_pbe=OBJ_txt2nid(*args); if(cert_pbe == NID_undef) { BIO_printf(bio_err, @@ -180,7 +185,10 @@ int MAIN(int argc, char **argv) } else if (!strcmp (*args, "-keypbe")) { if (args[1]) { args++; - key_pbe=OBJ_txt2nid(*args); + if (!strcmp(*args, "NONE")) + key_pbe = -1; + else + key_pbe=OBJ_txt2nid(*args); if(key_pbe == NID_undef) { BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args); @@ -365,24 +373,6 @@ int MAIN(int argc, char **argv) goto end; } -#if 0 - if (certfile) { - if(!(certsin = BIO_new_file(certfile, "r"))) { - BIO_printf(bio_err, "Can't open certificate file %s\n", certfile); - perror (certfile); - goto end; - } - } - - if (keyname) { - if(!(inkey = BIO_new_file(keyname, "r"))) { - BIO_printf(bio_err, "Can't key certificate file %s\n", keyname); - perror (keyname); - goto end; - } - } -#endif - #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); CRYPTO_push_info("write files"); @@ -419,27 +409,31 @@ int MAIN(int argc, char **argv) if (export_cert) { EVP_PKEY *key = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - STACK_OF(PKCS7) *safes = NULL; - PKCS12_SAFEBAG *bag = NULL; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - PKCS7 *authsafe = NULL; - X509 *ucert = NULL; + X509 *ucert = NULL, *x = NULL; STACK_OF(X509) *certs=NULL; - char *catmp = NULL; + unsigned char *catmp = NULL; int i; - unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen = 0; + + if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) + { + BIO_printf(bio_err, "Nothing to do!\n"); + goto export_end; + } + + if (options & NOCERTS) + chain = 0; #ifdef CRYPTO_MDEBUG CRYPTO_push_info("process -export_cert"); CRYPTO_push_info("reading private key"); #endif - key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1, - passin, e, "private key"); - if (!key) { - goto export_end; - } + if (!(options & NOKEYS)) + { + key = load_key(bio_err, keyname ? keyname : infile, + FORMAT_PEM, 1, passin, e, "private key"); + if (!key) + goto export_end; + } #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -447,49 +441,61 @@ int MAIN(int argc, char **argv) #endif /* Load in all certs in input file */ - if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, - "certificates"))) { - goto export_end; - } + if(!(options & NOCERTS)) + { + certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, + "certificates"); + if (!certs) + goto export_end; -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from input 2"); -#endif + if (key) + { + /* Look for matching private key */ + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + if(X509_check_private_key(x, key)) + { + ucert = x; + /* Zero keyid and alias */ + X509_keyid_set1(ucert, NULL, 0); + X509_alias_set1(ucert, NULL, 0); + /* Remove from list */ + sk_X509_delete(certs, i); + break; + } + } + if (!ucert) + { + BIO_printf(bio_err, "No certificate matches private key\n"); + goto export_end; + } + } - for(i = 0; i < sk_X509_num(certs); i++) { - ucert = sk_X509_value(certs, i); - if(X509_check_private_key(ucert, key)) { - X509_digest(ucert, EVP_sha1(), keyid, &keyidlen); - break; } - } - if(!keyidlen) { - ucert = NULL; - BIO_printf(bio_err, "No certificate matches private key\n"); - goto export_end; - } - + #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from certfile"); + CRYPTO_push_info("reading certs from input 2"); #endif - bags = sk_PKCS12_SAFEBAG_new_null (); - /* Add any more certificates asked for */ - if (certfile) { + if(certfile) + { STACK_OF(X509) *morecerts=NULL; if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, NULL, e, - "certificates from certfile"))) { + "certificates from certfile"))) goto export_end; - } - while(sk_X509_num(morecerts) > 0) { + while(sk_X509_num(morecerts) > 0) sk_X509_push(certs, sk_X509_shift(morecerts)); - } sk_X509_free(morecerts); - } + } + +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("reading certs from certfile"); +#endif #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -526,100 +532,55 @@ int MAIN(int argc, char **argv) } } -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("building bags"); -#endif - - /* We now have loads of certificates: include them all */ - for(i = 0; i < sk_X509_num(certs); i++) { - X509 *cert = NULL; - cert = sk_X509_value(certs, i); - bag = PKCS12_x5092certbag(cert); - /* If it matches private key set id */ - if(cert == ucert) { - if(name) PKCS12_add_friendlyname(bag, name, -1); - PKCS12_add_localkeyid(bag, keyid, keyidlen); - } else if((catmp = sk_shift(canames))) - PKCS12_add_friendlyname(bag, catmp, -1); - sk_PKCS12_SAFEBAG_push(bags, bag); - } - sk_X509_pop_free(certs, X509_free); - certs = NULL; - -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("encrypting bags"); -#endif - - if(!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { - BIO_printf (bio_err, "Can't read Password\n"); - goto export_end; - } - if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); - /* Turn certbags into encrypted authsafe */ - authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, - iter, bags); - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (!authsafe) { - ERR_print_errors (bio_err); - goto export_end; - } - - safes = sk_PKCS7_new_null (); - sk_PKCS7_push (safes, authsafe); + /* Add any CA names */ -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("building shrouded key bag"); -#endif + for (i = 0; i < sk_num(canames); i++) + { + catmp = (unsigned char *)sk_value(canames, i); + X509_alias_set1(sk_X509_value(certs, i), catmp, -1); + } - /* Make a shrouded key bag */ - p8 = EVP_PKEY2PKCS8 (key); - if(keytype) PKCS8_add_keyusage(p8, keytype); - bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8); - PKCS8_PRIV_KEY_INFO_free(p8); - p8 = NULL; - if (name) PKCS12_add_friendlyname (bag, name, -1); - if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1); - PKCS12_add_localkeyid (bag, keyid, keyidlen); - bags = sk_PKCS12_SAFEBAG_new_null(); - sk_PKCS12_SAFEBAG_push (bags, bag); + if (csp_name && key) + EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, + MBSTRING_ASC, (unsigned char *)csp_name, -1); + #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); - CRYPTO_push_info("encrypting shrouded key bag"); + CRYPTO_push_info("reading password"); #endif - /* Turn it into unencrypted safe bag */ - authsafe = PKCS12_pack_p7data (bags); - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - sk_PKCS7_push (safes, authsafe); + if(!noprompt && + EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) + { + BIO_printf (bio_err, "Can't read Password\n"); + goto export_end; + } + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); - CRYPTO_push_info("building pkcs12"); + CRYPTO_push_info("creating PKCS#12 structure"); #endif - p12 = PKCS12_init(NID_pkcs7_data); - - PKCS12_pack_authsafes(p12, safes); + p12 = PKCS12_create(cpass, name, key, ucert, certs, + key_pbe, cert_pbe, iter, -1, keytype); - sk_PKCS7_pop_free(safes, PKCS7_free); - safes = NULL; + if (!p12) + { + ERR_print_errors (bio_err); + goto export_end; + } - PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL); + if (maciter != -1) + PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); CRYPTO_push_info("writing pkcs12"); #endif - i2d_PKCS12_bio (out, p12); + i2d_PKCS12_bio(out, p12); ret = 0; @@ -632,8 +593,7 @@ int MAIN(int argc, char **argv) if (key) EVP_PKEY_free(key); if (certs) sk_X509_pop_free(certs, X509_free); - if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); - if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -666,7 +626,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("verify MAC"); #endif /* If we enter empty password try no password first */ - if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { /* If mac and crypto pass the same set it to NULL too */ if(!twopass) cpass = NULL; } else if (!PKCS12_verify_mac(p12, mpass, -1)) { @@ -710,9 +670,10 @@ int MAIN(int argc, char **argv) int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass) { - STACK_OF(PKCS7) *asafes; + STACK_OF(PKCS7) *asafes = NULL; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; + int ret = 0; PKCS7 *p7; if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; @@ -730,16 +691,22 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else continue; - if (!bags) return 0; + if (!bags) goto err; if (!dump_certs_pkeys_bags (out, bags, pass, passlen, options, pempass)) { sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); - return 0; + goto err; } sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); + bags = NULL; } - sk_PKCS7_pop_free (asafes, PKCS7_free); - return 1; + ret = 1; + + err: + + if (asafes) + sk_PKCS7_pop_free (asafes, PKCS7_free); + return ret; } int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, @@ -856,11 +823,12 @@ err: int alg_print (BIO *x, X509_ALGOR *alg) { PBEPARAM *pbe; - unsigned char *p; + const unsigned char *p; p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); - BIO_printf (bio_err, "%s, Iteration %d\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + BIO_printf (bio_err, "%s, Iteration %ld\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free (pbe); return 0; } @@ -894,7 +862,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) /* Generalised attribute print: handle PKCS#8 and bag attributes */ -int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) +int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) { X509_ATTRIBUTE *attr; ASN1_TYPE *av; diff --git a/crypto/openssl/apps/prime.c b/crypto/openssl/apps/prime.c index 5c731a7..af2fed1 100644 --- a/crypto/openssl/apps/prime.c +++ b/crypto/openssl/apps/prime.c @@ -56,12 +56,14 @@ #undef PROG #define PROG prime_main +int MAIN(int, char **); + int MAIN(int argc, char **argv) { int hex=0; int checks=20; BIGNUM *bn=NULL; - BIO *bio_out=NULL; + BIO *bio_out; apps_startup(); @@ -69,18 +71,6 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); - if (bio_out == NULL) - if ((bio_out=BIO_new(BIO_s_file())) != NULL) - { - BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); -#ifdef OPENSSL_SYS_VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - bio_out = BIO_push(tmpbio, bio_out); - } -#endif - } - --argc; ++argv; while (argc >= 1 && **argv == '-') @@ -95,16 +85,29 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err,"Unknown option '%s'\n",*argv); - bad: - BIO_printf(bio_err,"options are\n"); - BIO_printf(bio_err,"%-14s hex\n","-hex"); - BIO_printf(bio_err,"%-14s number of checks\n","-checks "); - exit(1); + goto bad; } --argc; ++argv; } + if (argv[0] == NULL) + { + BIO_printf(bio_err,"No prime specified\n"); + goto bad; + } + + if ((bio_out=BIO_new(BIO_s_file())) != NULL) + { + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + bio_out = BIO_push(tmpbio, bio_out); + } +#endif + } + if(hex) BN_hex2bn(&bn,argv[0]); else @@ -112,7 +115,16 @@ int MAIN(int argc, char **argv) BN_print(bio_out,bn); BIO_printf(bio_out," is %sprime\n", - BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not "); + BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + + BN_free(bn); + BIO_free_all(bio_out); return 0; + + bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s hex\n","-hex"); + BIO_printf(bio_err,"%-14s number of checks\n","-checks "); + return 1; } diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h index 0493257..dc665c5 100644 --- a/crypto/openssl/apps/progs.h +++ b/crypto/openssl/apps/progs.h @@ -17,6 +17,8 @@ extern int rsa_main(int argc,char *argv[]); extern int rsautl_main(int argc,char *argv[]); extern int dsa_main(int argc,char *argv[]); extern int dsaparam_main(int argc,char *argv[]); +extern int ec_main(int argc,char *argv[]); +extern int ecparam_main(int argc,char *argv[]); extern int x509_main(int argc,char *argv[]); extern int genrsa_main(int argc,char *argv[]); extern int gendsa_main(int argc,char *argv[]); @@ -35,11 +37,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); -extern int prime_main(int argc,char *argv[]); -#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); -#endif extern int ocsp_main(int argc,char *argv[]); +extern int prime_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 @@ -47,8 +47,8 @@ extern int ocsp_main(int argc,char *argv[]); typedef struct { int type; - char *name; - int (*func)(); + const char *name; + int (*func)(int argc,char *argv[]); } FUNCTION; FUNCTION functions[] = { @@ -82,6 +82,12 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_DSA {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, #endif +#ifndef OPENSSL_NO_EC + {FUNC_TYPE_GENERAL,"ec",ec_main}, +#endif +#ifndef OPENSSL_NO_EC + {FUNC_TYPE_GENERAL,"ecparam",ecparam_main}, +#endif {FUNC_TYPE_GENERAL,"x509",x509_main}, #ifndef OPENSSL_NO_RSA {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, @@ -116,11 +122,11 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, - {FUNC_TYPE_GENERAL,"prime",prime_main}, #ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, #endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, + {FUNC_TYPE_GENERAL,"prime",prime_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, #endif diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl index d6a40ed..36569d2 100644 --- a/crypto/openssl/apps/progs.pl +++ b/crypto/openssl/apps/progs.pl @@ -16,8 +16,8 @@ print <<'EOF'; typedef struct { int type; - char *name; - int (*func)(); + const char *name; + int (*func)(int argc,char *argv[]); } FUNCTION; FUNCTION functions[] = { @@ -29,10 +29,16 @@ foreach (@ARGV) $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } + elsif ( ($_ =~ /^speed$/)) + { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } + elsif ( ($_ =~ /^engine$/)) + { print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; } elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/)) + { print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";} elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c index 63724bc..a893896 100644 --- a/crypto/openssl/apps/rand.c +++ b/crypto/openssl/apps/rand.c @@ -205,7 +205,7 @@ int MAIN(int argc, char **argv) int chunk; chunk = num; - if (chunk > sizeof buf) + if (chunk > (int)sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index 046bb3d..f58e65e 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include @@ -73,7 +79,13 @@ #include #include #include -#include "../crypto/cryptlib.h" +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #define SECTION "req" @@ -113,9 +125,10 @@ * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, - unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, + int attribs,unsigned long chtype); +static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, + int multirdn); static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, @@ -123,16 +136,16 @@ static int prompt_info(X509_REQ *req, static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, STACK_OF(CONF_VALUE) *attr, int attribs, unsigned long chtype); -static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int n_min, +static int add_attribute_object(X509_REQ *req, char *text, const char *def, + char *value, int nid, int n_min, int n_max, unsigned long chtype); -static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int n_min,int n_max, unsigned long chtype); +static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, + int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); #endif static int req_check_len(int len,int n_min,int n_max); -static int check_end(char *str, char *end); +static int check_end(const char *str, const char *end); #ifndef MONOLITH static char *default_config_file=NULL; #endif @@ -142,6 +155,7 @@ static int batch=0; #define TYPE_RSA 1 #define TYPE_DSA 2 #define TYPE_DH 3 +#define TYPE_EC 4 int MAIN(int, char **); @@ -151,6 +165,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA DSA *dsa_params=NULL; #endif +#ifndef OPENSSL_NO_ECDSA + EC_KEY *ec_params = NULL; +#endif unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; @@ -175,7 +192,8 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *p; char *subj = NULL; - const EVP_MD *md_alg=NULL,*digest=EVP_md5(); + int multirdn = 0; + const EVP_MD *md_alg=NULL,*digest=EVP_sha1(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH char *to_free; @@ -322,11 +340,64 @@ int MAIN(int argc, char **argv) } } BIO_free(in); - newkey=BN_num_bits(dsa_params->p); in=NULL; + newkey=BN_num_bits(dsa_params->p); } else #endif +#ifndef OPENSSL_NO_ECDSA + if (strncmp("ec:",p,3) == 0) + { + X509 *xtmp=NULL; + EVP_PKEY *dtmp; + EC_GROUP *group; + + pkey_type=TYPE_EC; + p+=3; + if ((in=BIO_new_file(p,"r")) == NULL) + { + perror(p); + goto end; + } + if ((ec_params = EC_KEY_new()) == NULL) + goto end; + group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); + if (group == NULL) + { + EC_KEY_free(ec_params); + ERR_clear_error(); + (void)BIO_reset(in); + if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load EC parameters from file\n"); + goto end; + } + + if ((dtmp=X509_get_pubkey(xtmp))==NULL) + goto end; + if (dtmp->type == EVP_PKEY_EC) + ec_params = EC_KEY_dup(dtmp->pkey.ec); + EVP_PKEY_free(dtmp); + X509_free(xtmp); + if (ec_params == NULL) + { + BIO_printf(bio_err,"Certificate does not contain EC parameters\n"); + goto end; + } + } + else + { + if (EC_KEY_set_group(ec_params, group) == 0) + goto end; + EC_GROUP_free(group); + } + + BIO_free(in); + in=NULL; + newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params)); + } + else +#endif #ifndef OPENSSL_NO_DH if (strncmp("dh:",p,4) == 0) { @@ -335,7 +406,9 @@ int MAIN(int argc, char **argv) } else #endif - pkey_type=TYPE_RSA; + { + goto bad; + } newreq=1; } @@ -380,6 +453,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; subj= *(++argv); } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -445,9 +520,13 @@ bad: BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); +#ifndef OPENSSL_NO_ECDSA + BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); +#endif BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -subj arg set or modify request subject\n"); + BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -batch do not ask anything during request generation\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); @@ -499,13 +578,16 @@ bad: else { req_conf=config; - if( verbose ) - BIO_printf(bio_err,"Using configuration from %s\n", - default_config_file); + if (req_conf == NULL) { - BIO_printf(bio_err,"Unable to load config info\n"); + BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file); + if (newreq) + goto end; } + else if( verbose ) + BIO_printf(bio_err,"Using configuration from %s\n", + default_config_file); } if (req_conf != NULL) @@ -637,7 +719,8 @@ bad: message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) + if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || + EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) @@ -648,6 +731,9 @@ bad: if (newreq && (pkey == NULL)) { +#ifndef OPENSSL_NO_RSA + BN_GENCB cb; +#endif char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -661,24 +747,33 @@ bad: newkey=DEFAULT_KEY_LENGTH; } - if (newkey < MIN_KEY_LENGTH) + if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); - BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); goto end; } - BIO_printf(bio_err,"Generating a %d bit %s private key\n", - newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA"); + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", + newkey,(pkey_type == TYPE_RSA)?"RSA": + (pkey_type == TYPE_DSA)?"DSA":"EC"); if ((pkey=EVP_PKEY_new()) == NULL) goto end; #ifndef OPENSSL_NO_RSA + BN_GENCB_set(&cb, req_cb, bio_err); if (pkey_type == TYPE_RSA) { - if (!EVP_PKEY_assign_RSA(pkey, - RSA_generate_key(newkey,0x10001, - req_cb,bio_err))) + RSA *rsa = RSA_new(); + BIGNUM *bn = BN_new(); + if(!bn || !rsa || !BN_set_word(bn, 0x10001) || + !RSA_generate_key_ex(rsa, newkey, bn, &cb) || + !EVP_PKEY_assign_RSA(pkey, rsa)) + { + if(bn) BN_free(bn); + if(rsa) RSA_free(rsa); goto end; + } + BN_free(bn); } else #endif @@ -690,6 +785,15 @@ bad: dsa_params=NULL; } #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey_type == TYPE_EC) + { + if (!EC_KEY_generate_key(ec_params)) goto end; + if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) + goto end; + ec_params = NULL; + } +#endif app_RAND_write_file(randfile, bio_err); @@ -796,6 +900,10 @@ loop: if (pkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + digest=EVP_ecdsa(); +#endif if (req == NULL) { req=X509_REQ_new(); @@ -804,7 +912,7 @@ loop: goto end; } - i=make_REQ(req,pkey,subj,!x509, chtype); + i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); subj=NULL; /* done processing '-subj' option */ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { @@ -899,7 +1007,7 @@ loop: print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); } - if (build_subject(req, subj, chtype) == 0) + if (build_subject(req, subj, chtype, multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); ex=1; @@ -1083,12 +1191,15 @@ end: #ifndef OPENSSL_NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif +#ifndef OPENSSL_NO_ECDSA + if (ec_params != NULL) EC_KEY_free(ec_params); +#endif apps_shutdown(); OPENSSL_EXIT(ex); } -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, - unsigned long chtype) +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, + int attribs, unsigned long chtype) { int ret=0,i; char no_prompt = 0; @@ -1138,7 +1249,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, else { if (subj) - i = build_subject(req, subj, chtype); + i = build_subject(req, subj, chtype, multirdn); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); } @@ -1155,11 +1266,11 @@ err: * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) +static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) { X509_NAME *n; - if (!(n = do_subject(subject, chtype))) + if (!(n = parse_name(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) @@ -1180,9 +1291,10 @@ static int prompt_info(X509_REQ *req, int i; char *p,*q; char buf[100]; - int nid; + int nid, mval; long n_min,n_max; - char *type,*def,*value; + char *type, *value; + const char *def; CONF_VALUE *v; X509_NAME *subj; subj = X509_REQ_get_subject_name(req); @@ -1223,10 +1335,17 @@ start: for (;;) if(*p) type = p; break; } + if (*type == '+') + { + mval = -1; + type++; + } + else + mval = 0; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) - >= sizeof buf) + >= (int)sizeof(buf)) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; @@ -1260,7 +1379,7 @@ start: for (;;) } if (!add_DN_object(subj,v->value,def,value,nid, - n_min,n_max, chtype)) + n_min,n_max, chtype, mval)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1291,7 +1410,7 @@ start2: for (;;) goto start2; if (BIO_snprintf(buf,sizeof buf,"%s_default",type) - >= sizeof buf) + >= (int)sizeof(buf)) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; @@ -1350,6 +1469,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { + int mval; v=sk_CONF_VALUE_value(dn_sk,i); p=q=NULL; type=v->name; @@ -1366,8 +1486,19 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, if(*p) type = p; break; } +#ifndef CHARSET_EBCDIC + if (*p == '+') +#else + if (*p == os_toascii['+']) +#endif + { + p++; + mval = -1; + } + else + mval = 0; if (!X509_NAME_add_entry_by_txt(subj,type, chtype, - (unsigned char *) v->value,-1,-1,0)) return 0; + (unsigned char *) v->value,-1,-1,mval)) return 0; } @@ -1389,8 +1520,8 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, } -static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int n_min, int n_max, unsigned long chtype) +static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, + int nid, int n_min, int n_max, unsigned long chtype, int mval) { int i,ret=0; MS_STATIC char buf[1024]; @@ -1439,14 +1570,14 @@ start: #endif if(!req_check_len(i, n_min, n_max)) goto start; if (!X509_NAME_add_entry_by_NID(n,nid, chtype, - (unsigned char *) buf, -1,-1,0)) goto err; + (unsigned char *) buf, -1,-1,mval)) goto err; ret=1; err: return(ret); } -static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int n_min, +static int add_attribute_object(X509_REQ *req, char *text, const char *def, + char *value, int nid, int n_min, int n_max, unsigned long chtype) { int i; @@ -1510,7 +1641,7 @@ err: } #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p, int n, void *arg) +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -1518,11 +1649,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif @@ -1542,10 +1674,10 @@ static int req_check_len(int len, int n_min, int n_max) } /* Check if the end of a string matches 'end' */ -static int check_end(char *str, char *end) +static int check_end(const char *str, const char *end) { int elen, slen; - char *tmp; + const char *tmp; elen = strlen(end); slen = strlen(str); if(elen > slen) return 1; diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c index 0acdb08..d5cb7b7 100644 --- a/crypto/openssl/apps/rsa.c +++ b/crypto/openssl/apps/rsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #ifndef OPENSSL_NO_RSA #include #include @@ -68,6 +69,7 @@ #include #include #include +#include #undef PROG #define PROG rsa_main @@ -307,7 +309,7 @@ bad: BIO_printf(out,"RSA key ok\n"); else if (r == 0) { - long err; + unsigned long err; while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c index 5db6fe7..4638909 100644 --- a/crypto/openssl/apps/rsautl.c +++ b/crypto/openssl/apps/rsautl.c @@ -56,12 +56,14 @@ * */ +#include #ifndef OPENSSL_NO_RSA #include "apps.h" #include #include #include +#include #define RSA_SIGN 1 #define RSA_VERIFY 2 @@ -147,6 +149,7 @@ int MAIN(int argc, char **argv) else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; + else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; else if(!strcmp(*argv, "-sign")) { rsa_mode = RSA_SIGN; need_priv = 1; diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h index 66b6edd..886a95a 100644 --- a/crypto/openssl/apps/s_apps.h +++ b/crypto/openssl/apps/s_apps.h @@ -108,8 +108,9 @@ * Hudson (tjh@cryptsoft.com). * */ - +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ #include +#endif #include #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) @@ -147,19 +148,20 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" -int do_server(int port, int *ret, int (*cb) (), char *context); +int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif #ifdef HEADER_SSL_H int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); +int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); #endif -int init_client(int *sock, char *server, int port); +int init_client(int *sock, char *server, int port, int type); int should_retry(int i); int extract_port(char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, +long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); #ifdef HEADER_SSL_H diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index 675527d..9a35d46 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -229,8 +229,36 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) return(1); } -long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, - long argl, long ret) +int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) + { + if (cert == NULL) + return 1; + if (SSL_CTX_use_certificate(ctx,cert) <= 0) + { + BIO_printf(bio_err,"error setting certificate\n"); + ERR_print_errors(bio_err); + return 0; + } + if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) + { + BIO_printf(bio_err,"error setting private key\n"); + ERR_print_errors(bio_err); + return 0; + } + + + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + return 0; + } + return 1; + } + +long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret) { BIO *out; @@ -239,15 +267,15 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", - bio,argp,argi,ret,ret); + BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", - bio,argp,argi,ret,ret); + BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); @@ -255,7 +283,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) { - char *str; + const char *str; int w; w=where& ~SSL_ST_MASK; @@ -318,14 +346,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len > 0) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", ERROR:"; str_details2 = " ???"; if (len >= 3) { - unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2]; + unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; switch (err) { @@ -394,7 +422,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len == 2) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 1: str_details1 = ", warning"; @@ -405,7 +433,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * } str_details2 = " ???"; - switch (((unsigned char*)buf)[1]) + switch (((const unsigned char*)buf)[1]) { case 0: str_details2 = " close_notify"; @@ -486,7 +514,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len > 0) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", HelloRequest"; @@ -539,7 +567,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * { if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); - BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]); + BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); } if (i < len) BIO_printf(bio, " ..."); diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index eb6fd7c..4a1857f 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -135,6 +135,7 @@ typedef unsigned int u_int; #include #include #include "s_apps.h" +#include "timeouts.h" #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ @@ -187,16 +188,22 @@ static void sc_usage(void) BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); - BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); BIO_printf(bio_err," not specified but cert file is.\n"); + BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); + BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); +#ifdef WATT32 + BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); +#endif BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); @@ -209,6 +216,8 @@ static void sc_usage(void) BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); + BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -mtu - set the MTU\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); @@ -241,6 +250,10 @@ int MAIN(int argc, char **argv) int full_log=1; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; + int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; + char *passarg = NULL, *pass = NULL; + X509 *cert = NULL; + EVP_PKEY *key = NULL; char *CApath=NULL,*CAfile=NULL,*cipher=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; int crlf=0; @@ -250,16 +263,25 @@ int MAIN(int argc, char **argv) int starttls_proto = 0; int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; +#ifdef sock_type +#undef sock_type +#endif + int sock_type=SOCK_STREAM; BIO *sbio; char *inrand=NULL; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; #endif -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif + struct sockaddr peer; + int peerlen = sizeof(peer); + int enable_timeouts = 0 ; + long mtu = 0; + #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); #elif !defined(OPENSSL_NO_SSL3) @@ -329,6 +351,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-certform") == 0) + { + if (--argc < 1) goto bad; + cert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv,"-crl_check") == 0) vflags |= X509_V_FLAG_CRL_CHECK; else if (strcmp(*argv,"-crl_check_all") == 0) @@ -348,6 +375,10 @@ int MAIN(int argc, char **argv) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; +#ifdef WATT32 + else if (strcmp(*argv,"-wdebug") == 0) + dbug_init(); +#endif else if (strcmp(*argv,"-msg") == 0) c_msg=1; else if (strcmp(*argv,"-showcerts") == 0) @@ -368,8 +399,32 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif +#ifndef OPENSSL_NO_DTLS1 + else if (strcmp(*argv,"-dtls1") == 0) + { + meth=DTLSv1_client_method(); + sock_type=SOCK_DGRAM; + } + else if (strcmp(*argv,"-timeout") == 0) + enable_timeouts=1; + else if (strcmp(*argv,"-mtu") == 0) + { + if (--argc < 1) goto bad; + mtu = atol(*(++argv)); + } +#endif else if (strcmp(*argv,"-bugs") == 0) bugs=1; + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + key_format = str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-pass") == 0) + { + if (--argc < 1) goto bad; + passarg = *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -451,6 +506,42 @@ bad: #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); #endif + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + if (key_file == NULL) + key_file = cert_file; + + + if (key_file) + + { + + key = load_key(bio_err, key_file, key_format, 0, pass, e, + "client certificate private key file"); + if (!key) + { + ERR_print_errors(bio_err); + goto end; + } + + } + + if (cert_file) + + { + cert = load_cert(bio_err,cert_file,cert_format, + NULL, e, "client certificate file"); + + if (!cert) + { + ERR_print_errors(bio_err); + goto end; + } + } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) @@ -485,6 +576,10 @@ bad: SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else SSL_CTX_set_options(ctx,off); + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (cipher != NULL) @@ -499,7 +594,7 @@ bad: #endif SSL_CTX_set_verify(ctx,verify,verify_callback); - if (!set_cert_stuff(ctx,cert_file,key_file)) + if (!set_cert_key_stuff(ctx,cert,key)) goto end; if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || @@ -524,7 +619,7 @@ bad: re_start: - if (init_client(&s,host,port) == 0) + if (init_client(&s,host,port,sock_type) == 0) { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); SHUTDOWN(s); @@ -545,7 +640,46 @@ re_start: } #endif if (c_Pause & 0x01) con->debug=1; - sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if ( SSL_version(con) == DTLS1_VERSION) + { + struct timeval timeout; + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); + if (getsockname(s, &peer, (void *)&peerlen) < 0) + { + BIO_printf(bio_err, "getsockname:errno=%d\n", + get_last_socket_error()); + SHUTDOWN(s); + goto end; + } + + BIO_ctrl_set_connected(sbio, 1, &peer); + + if ( enable_timeouts) + { + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_RCV_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); + + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_SND_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); + } + + if ( mtu > 0) + { + SSL_set_options(con, SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(con, mtu); + } + else + /* want to do MTU discovery */ + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); + } + else + sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if (nbio_test) { @@ -558,7 +692,7 @@ re_start: if (c_debug) { con->debug=1; - BIO_set_callback(sbio,bio_dump_cb); + BIO_set_callback(sbio,bio_dump_callback); BIO_set_callback_arg(sbio,bio_c_out); } if (c_msg) @@ -640,7 +774,7 @@ re_start: if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -690,6 +824,16 @@ re_start: } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); } +#elif defined(OPENSSL_SYS_NETWARE) + if(!write_tty) { + if(read_tty) { + tv.tv_sec = 1; + tv.tv_usec = 0; + i=select(width,(void *)&readfds,(void *)&writefds, + NULL,&tv); + } else i=select(width,(void *)&readfds,(void *)&writefds, + NULL,NULL); + } #else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); @@ -770,7 +914,7 @@ re_start: goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else @@ -857,6 +1001,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif +#elif defined (OPENSSL_SYS_NETWARE) + else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif @@ -920,6 +1066,12 @@ end: if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); + if (cert) + X509_free(cert); + if (key) + EVP_PKEY_free(key); + if (pass) + OPENSSL_free(pass); if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } @@ -937,13 +1089,16 @@ static void print_stuff(BIO *bio, SSL *s, int full) { X509 *peer=NULL; char *p; - static char *space=" "; + static const char *space=" "; char buf[BUFSIZ]; STACK_OF(X509) *sk; STACK_OF(X509_NAME) *sk2; SSL_CIPHER *c; X509_NAME *xn; int j,i; +#ifndef OPENSSL_NO_COMP + const COMP_METHOD *comp, *expansion; +#endif if (full) { @@ -1046,6 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } +#ifndef OPENSSL_NO_COMP + comp=SSL_get_current_compression(s); + expansion=SSL_get_current_expansion(s); + BIO_printf(bio,"Compression: %s\n", + comp ? SSL_COMP_get_name(comp) : "NONE"); + BIO_printf(bio,"Expansion: %s\n", + expansion ? SSL_COMP_get_name(expansion) : "NONE"); +#endif SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index ff4ab6e..0d6727c 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -108,18 +108,33 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif #include #include #include #include -#include + #include #include #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +#include +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -138,7 +153,14 @@ typedef unsigned int u_int; #include #include #include +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif #include "s_apps.h" +#include "timeouts.h" #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ @@ -165,9 +187,10 @@ static void print_stats(BIO *bp,SSL_CTX *ctx); static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); #ifndef OPENSSL_NO_DH -static DH *load_dh_param(char *dhfile); +static DH *load_dh_param(const char *dhfile); static DH *get_dh512(void); #endif + #ifdef MONOLITH static void s_server_init(void); #endif @@ -206,6 +229,7 @@ static DH *get_dh512(void) } #endif + /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ @@ -222,7 +246,7 @@ extern int verify_depth; static char *cipher=NULL; static int s_server_verify=SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ -static char *s_cert_file=TEST_CERT,*s_key_file=NULL; +static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; static char *s_dcert_file=NULL,*s_dkey_file=NULL; #ifdef FIONBIO static int s_nbio=0; @@ -243,6 +267,14 @@ static char *engine_id=NULL; #endif static const char *session_id_prefix=NULL; +static int enable_timeouts = 0; +#ifdef mtu +#undef mtu +#endif +static long mtu; +static int cert_chain = 0; + + #ifdef MONOLITH static void s_server_init(void) { @@ -279,14 +311,25 @@ static void sv_usage(void) BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); - BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); BIO_printf(bio_err," or a default set of parameters is used\n"); +#ifndef OPENSSL_NO_ECDH + BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ + " Use \"openssl ecparam -list_curves\" for all names\n" \ + " (default is sect163r2).\n"); +#endif #ifdef FIONBIO BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); #endif @@ -305,12 +348,19 @@ static void sv_usage(void) BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); + BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); + BIO_printf(bio_err," -timeout - Enable timeouts\n"); + BIO_printf(bio_err," -mtu - Set MTU\n"); + BIO_printf(bio_err," -chain - Read a certificate chain\n"); BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); #ifndef OPENSSL_NO_DH BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); #endif +#ifndef OPENSSL_NO_ECDH + BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); +#endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); @@ -484,18 +534,31 @@ int MAIN(int argc, char *argv[]) int vflags = 0; short port=PORT; char *CApath=NULL,*CAfile=NULL; - char *context = NULL; + unsigned char *context = NULL; char *dhfile = NULL; +#ifndef OPENSSL_NO_ECDH + char *named_curve = NULL; +#endif int badop=0,bugs=0; int ret=1; int off=0; - int no_tmp_rsa=0,no_dhe=0,nocert=0; + int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifdef sock_type +#undef sock_type +#endif + int sock_type=SOCK_STREAM; #ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; #endif char *inrand=NULL; + int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; + char *passarg = NULL, *pass = NULL; + char *dpassarg = NULL, *dpass = NULL; + int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; + X509 *s_cert = NULL, *s_dcert = NULL; + EVP_PKEY *s_key = NULL, *s_dkey = NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); @@ -555,28 +618,65 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-context") == 0) { if (--argc < 1) goto bad; - context= *(++argv); + context= (unsigned char *)*(++argv); } else if (strcmp(*argv,"-cert") == 0) { if (--argc < 1) goto bad; s_cert_file= *(++argv); } + else if (strcmp(*argv,"-certform") == 0) + { + if (--argc < 1) goto bad; + s_cert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; s_key_file= *(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + s_key_format = str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-pass") == 0) + { + if (--argc < 1) goto bad; + passarg = *(++argv); + } else if (strcmp(*argv,"-dhparam") == 0) { if (--argc < 1) goto bad; dhfile = *(++argv); } +#ifndef OPENSSL_NO_ECDH + else if (strcmp(*argv,"-named_curve") == 0) + { + if (--argc < 1) goto bad; + named_curve = *(++argv); + } +#endif + else if (strcmp(*argv,"-dcertform") == 0) + { + if (--argc < 1) goto bad; + s_dcert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv,"-dcert") == 0) { if (--argc < 1) goto bad; s_dcert_file= *(++argv); } + else if (strcmp(*argv,"-dkeyform") == 0) + { + if (--argc < 1) goto bad; + s_dkey_format = str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-dpass") == 0) + { + if (--argc < 1) goto bad; + dpassarg = *(++argv); + } else if (strcmp(*argv,"-dkey") == 0) { if (--argc < 1) goto bad; @@ -640,6 +740,8 @@ int MAIN(int argc, char *argv[]) { no_tmp_rsa=1; } else if (strcmp(*argv,"-no_dhe") == 0) { no_dhe=1; } + else if (strcmp(*argv,"-no_ecdhe") == 0) + { no_ecdhe=1; } else if (strcmp(*argv,"-www") == 0) { www=1; } else if (strcmp(*argv,"-WWW") == 0) @@ -664,6 +766,22 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-tls1") == 0) { meth=TLSv1_server_method(); } #endif +#ifndef OPENSSL_NO_DTLS1 + else if (strcmp(*argv,"-dtls1") == 0) + { + meth=DTLSv1_server_method(); + sock_type = SOCK_DGRAM; + } + else if (strcmp(*argv,"-timeout") == 0) + enable_timeouts = 1; + else if (strcmp(*argv,"-mtu") == 0) + { + if (--argc < 1) goto bad; + mtu = atol(*(++argv)); + } + else if (strcmp(*argv, "-chain") == 0) + cert_chain = 1; +#endif else if (strcmp(*argv, "-id_prefix") == 0) { if (--argc < 1) goto bad; @@ -704,6 +822,62 @@ bad: e = setup_engine(bio_err, engine_id, 1); #endif + if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + + if (s_key_file == NULL) + s_key_file = s_cert_file; + + if (nocert == 0) + { + s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, + "server certificate private key file"); + if (!s_key) + { + ERR_print_errors(bio_err); + goto end; + } + + s_cert = load_cert(bio_err,s_cert_file,s_cert_format, + NULL, e, "server certificate file"); + + if (!s_cert) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (s_dcert_file) + { + + if (s_dkey_file == NULL) + s_dkey_file = s_dcert_file; + + s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, + 0, dpass, e, + "second certificate private key file"); + if (!s_dkey) + { + ERR_print_errors(bio_err); + goto end; + } + + s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format, + NULL, e, "second server certificate file"); + + if (!s_dcert) + { + ERR_print_errors(bio_err); + goto end; + } + + } + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { @@ -726,7 +900,7 @@ bad: } } -#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) if (nocert) #endif { @@ -762,6 +936,10 @@ bad: if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); SSL_CTX_set_options(ctx,off); + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); @@ -814,12 +992,57 @@ bad: DH_free(dh); } #endif + +#ifndef OPENSSL_NO_ECDH + if (!no_ecdhe) + { + EC_KEY *ecdh=NULL; + + if (named_curve) + { + int nid = OBJ_sn2nid(named_curve); + + if (nid == 0) + { + BIO_printf(bio_err, "unknown curve name (%s)\n", + named_curve); + goto end; + } + ecdh = EC_KEY_new_by_curve_name(nid); + if (ecdh == NULL) + { + BIO_printf(bio_err, "unable to create curve (%s)\n", + named_curve); + goto end; + } + } + + if (ecdh != NULL) + { + BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); + ecdh = EC_KEY_new_by_curve_name(NID_sect163r2); + if (ecdh == NULL) + { + BIO_printf(bio_err, "unable to create curve (sect163r2)\n"); + goto end; + } + } + (void)BIO_flush(bio_s_out); + + SSL_CTX_set_tmp_ecdh(ctx,ecdh); + EC_KEY_free(ecdh); + } +#endif - if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) + if (!set_cert_key_stuff(ctx,s_cert,s_key)) goto end; - if (s_dcert_file != NULL) + if (s_dcert != NULL) { - if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) + if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) goto end; } @@ -863,16 +1086,28 @@ bad: BIO_printf(bio_s_out,"ACCEPT\n"); if (www) - do_server(port,&accept_socket,www_body, context); + do_server(port,sock_type,&accept_socket,www_body, context); else - do_server(port,&accept_socket,sv_body, context); + do_server(port,sock_type,&accept_socket,sv_body, context); print_stats(bio_s_out,ctx); ret=0; end: if (ctx != NULL) SSL_CTX_free(ctx); + if (s_cert) + X509_free(s_cert); + if (s_dcert) + X509_free(s_dcert); + if (s_key) + EVP_PKEY_free(s_key); + if (s_dkey) + EVP_PKEY_free(s_dkey); + if (pass) + OPENSSL_free(pass); + if (dpass) + OPENSSL_free(dpass); if (bio_s_out != NULL) { - BIO_free(bio_s_out); + BIO_free(bio_s_out); bio_s_out=NULL; } apps_shutdown(); @@ -883,23 +1118,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) { BIO_printf(bio,"%4ld items in the session cache\n", SSL_CTX_sess_number(ssl_ctx)); - BIO_printf(bio,"%4d client connects (SSL_connect())\n", + BIO_printf(bio,"%4ld client connects (SSL_connect())\n", SSL_CTX_sess_connect(ssl_ctx)); - BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", + BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", SSL_CTX_sess_connect_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d client connects that finished\n", + BIO_printf(bio,"%4ld client connects that finished\n", SSL_CTX_sess_connect_good(ssl_ctx)); - BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", SSL_CTX_sess_accept(ssl_ctx)); - BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", + BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", SSL_CTX_sess_accept_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d server accepts that finished\n", + BIO_printf(bio,"%4ld server accepts that finished\n", SSL_CTX_sess_accept_good(ssl_ctx)); - BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); - BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); - BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); - BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", SSL_CTX_sess_cache_full(ssl_ctx), SSL_CTX_sess_get_cache_size(ssl_ctx)); } @@ -913,7 +1148,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -951,7 +1186,39 @@ static int sv_body(char *hostname, int s, unsigned char *context) } SSL_clear(con); - sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (SSL_version(con) == DTLS1_VERSION) + { + struct timeval timeout; + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); + + if ( enable_timeouts) + { + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_RCV_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); + + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_SND_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); + } + + + if ( mtu > 0) + { + SSL_set_options(con, SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(con, mtu); + } + else + /* want to do MTU discovery */ + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); + + /* turn on cookie exchange */ + SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); + } + else + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) { BIO *test; @@ -966,7 +1233,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (s_debug) { con->debug=1; - BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } if (s_msg) @@ -987,7 +1254,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -997,7 +1264,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1057,7 +1324,8 @@ static int sv_body(char *hostname, int s, unsigned char *context) if ((i <= 0) || (buf[0] == 'q')) { BIO_printf(bio_s_out,"DONE\n"); - SHUTDOWN(s); + if (SSL_version(con) != DTLS1_VERSION) + SHUTDOWN(s); /* close_accept_socket(); ret= -11;*/ goto err; @@ -1086,7 +1354,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) } if (buf[0] == 'P') { - static char *str="Lets print some clear text\n"; + static const char *str="Lets print some clear text\n"; BIO_write(SSL_get_wbio(con),str,strlen(str)); } if (buf[0] == 'S') @@ -1270,7 +1538,7 @@ static int init_ssl_connection(SSL *con) } #ifndef OPENSSL_NO_DH -static DH *load_dh_param(char *dhfile) +static DH *load_dh_param(const char *dhfile) { DH *ret=NULL; BIO *bio; @@ -1369,7 +1637,7 @@ static int www_body(char *hostname, int s, unsigned char *context) if (s_debug) { con->debug=1; - BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } if (s_msg) @@ -1417,7 +1685,9 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) +#if defined(OPENSSL_SYS_NETWARE) + delay(1000); +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; @@ -1436,7 +1706,7 @@ static int www_body(char *hostname, int s, unsigned char *context) char *p; X509 *peer; STACK_OF(SSL_CIPHER) *sk; - static char *space=" "; + static const char *space=" "; BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); BIO_puts(io,"\n"); @@ -1516,7 +1786,7 @@ static int www_body(char *hostname, int s, unsigned char *context) { BIO *file; char *p,*e; - static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; + static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; /* skip the '/' */ p= &(buf[5]); @@ -1692,21 +1962,30 @@ err: #ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) { + BIGNUM *bn = NULL; static RSA *rsa_tmp=NULL; - if (rsa_tmp == NULL) + if (!rsa_tmp && ((bn = BN_new()) == NULL)) + BIO_printf(bio_err,"Allocation error in generating RSA key\n"); + if (!rsa_tmp && bn) { if (!s_quiet) { BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); (void)BIO_flush(bio_err); } - rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || + !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) + { + if(rsa_tmp) RSA_free(rsa_tmp); + rsa_tmp = NULL; + } if (!s_quiet) { BIO_printf(bio_err,"\n"); (void)BIO_flush(bio_err); } + BN_free(bn); } return(rsa_tmp); } diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c index 1867890..4a922e1 100644 --- a/crypto/openssl/apps/s_socket.c +++ b/crypto/openssl/apps/s_socket.c @@ -62,8 +62,6 @@ #include #include -#include - /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -81,14 +79,26 @@ typedef unsigned int u_int; #include "s_apps.h" #include +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif + +#ifndef OPENSSL_NO_SOCK + +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) +#include "netdb.h" +#endif + static struct hostent *GetHostByName(char *name); -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); -static int init_client_ip(int *sock,unsigned char ip[4], int port); -static int init_server(int *sock, int port); -static int init_server_long(int *sock, int port,char *ip); +static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); +static int init_server(int *sock, int port, int type); +static int init_server_long(int *sock, int port,char *ip, int type); static int do_accept(int acc_sock, int *sock, char **host); static int host_ip(char *str, unsigned char ip[4]); @@ -98,6 +108,10 @@ static int host_ip(char *str, unsigned char ip[4]); #define SOCKET_PROTOCOL IPPROTO_TCP #endif +#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) +static int wsa_init_done=0; +#endif + #ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; static int wsa_init_done=0; @@ -146,6 +160,15 @@ static void ssl_sock_cleanup(void) WSACleanup(); } } +#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) +static void sock_cleanup(void) + { + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } + } #endif static int ssl_sock_init(void) @@ -153,7 +176,6 @@ static int ssl_sock_init(void) #ifdef WATT32 extern int _watt_do_exit; _watt_do_exit = 0; - dbug_init(); if (sock_init()) return (0); #elif defined(OPENSSL_SYS_WINDOWS) @@ -181,11 +203,32 @@ static int ssl_sock_init(void) SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); #endif /* OPENSSL_SYS_WIN16 */ } +#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); + return(0); + } + } #endif /* OPENSSL_SYS_WINDOWS */ return(1); } -int init_client(int *sock, char *host, int port) +int init_client(int *sock, char *host, int port, int type) { unsigned char ip[4]; short p=0; @@ -195,10 +238,10 @@ int init_client(int *sock, char *host, int port) return(0); } if (p != 0) port=p; - return(init_client_ip(sock,ip,port)); + return(init_client_ip(sock,ip,port,type)); } -static int init_client_ip(int *sock, unsigned char ip[4], int port) +static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) { unsigned long addr; struct sockaddr_in them; @@ -216,13 +259,20 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) ((unsigned long)ip[3]); them.sin_addr.s_addr=htonl(addr); - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + if (type == SOCK_STREAM) + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + else /* ( type == SOCK_DGRAM) */ + s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); + if (s == INVALID_SOCKET) { perror("socket"); return(0); } #ifndef OPENSSL_SYS_MPE - i=0; - i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } + if (type == SOCK_STREAM) + { + i=0; + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); + if (i < 0) { perror("keepalive"); return(0); } + } #endif if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) @@ -231,30 +281,36 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) return(1); } -int do_server(int port, int *ret, int (*cb)(), char *context) +int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) { int sock; - char *name; + char *name = NULL; int accept_socket; int i; - if (!init_server(&accept_socket,port)) return(0); + if (!init_server(&accept_socket,port,type)) return(0); if (ret != NULL) { *ret=accept_socket; /* return(1);*/ } - for (;;) - { - if (do_accept(accept_socket,&sock,&name) == 0) + for (;;) + { + if (type==SOCK_STREAM) { - SHUTDOWN(accept_socket); - return(0); + if (do_accept(accept_socket,&sock,&name) == 0) + { + SHUTDOWN(accept_socket); + return(0); + } } + else + sock = accept_socket; i=(*cb)(name,sock, context); if (name != NULL) OPENSSL_free(name); - SHUTDOWN2(sock); + if (type==SOCK_STREAM) + SHUTDOWN2(sock); if (i < 0) { SHUTDOWN2(accept_socket); @@ -263,7 +319,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context) } } -static int init_server_long(int *sock, int port, char *ip) +static int init_server_long(int *sock, int port, char *ip, int type) { int ret=0; struct sockaddr_in server; @@ -283,7 +339,11 @@ static int init_server_long(int *sock, int port, char *ip) #else memcpy(&server.sin_addr,ip,4); #endif - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + + if (type == SOCK_STREAM) + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + else /* type == SOCK_DGRAM */ + s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); if (s == INVALID_SOCKET) goto err; #if defined SOL_SOCKET && defined SO_REUSEADDR @@ -301,7 +361,7 @@ static int init_server_long(int *sock, int port, char *ip) goto err; } /* Make it 128 for linux */ - if (listen(s,128) == -1) goto err; + if (type==SOCK_STREAM && listen(s,128) == -1) goto err; i=0; *sock=s; ret=1; @@ -313,9 +373,9 @@ err: return(ret); } -static int init_server(int *sock, int port) +static int init_server(int *sock, int port, int type) { - return(init_server_long(sock, port, NULL)); + return(init_server_long(sock, port, NULL, type)); } static int do_accept(int acc_sock, int *sock, char **host) @@ -342,7 +402,7 @@ redoit: ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); if (ret == INVALID_SOCKET) { -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -553,3 +613,5 @@ static struct hostent *GetHostByName(char *name) return(ret); } } + +#endif diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c index 7d47057..904945e 100644 --- a/crypto/openssl/apps/s_time.c +++ b/crypto/openssl/apps/s_time.c @@ -85,7 +85,7 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) +#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -105,7 +105,7 @@ #undef TIMES #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include #endif @@ -384,6 +384,20 @@ static double tm_Time_F(int s) ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } +#elif defined(OPENSSL_SYS_NETWARE) + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } #elif defined(OPENSSL_SYS_VXWORKS) { static unsigned long tick_start, tick_end; diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c index d91d84d..b99179f 100644 --- a/crypto/openssl/apps/sess_id.c +++ b/crypto/openssl/apps/sess_id.c @@ -69,7 +69,7 @@ #undef PROG #define PROG sess_id_main -static char *sess_id_usage[]={ +static const char *sess_id_usage[]={ "usage: sess_id args\n", "\n", " -inform arg - input format - default PEM (DER or PEM)\n", @@ -95,7 +95,7 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile=NULL,*outfile=NULL,*context=NULL; int cert=0,noout=0,text=0; - char **pp; + const char **pp; apps_startup(); @@ -241,7 +241,7 @@ bad: if (!noout && !cert) { if (outformat == FORMAT_ASN1) - i=(int)i2d_SSL_SESSION_bio(out,x); + i=i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_SSL_SESSION(out,x); else { diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c index 51bc893..250fd69 100644 --- a/crypto/openssl/apps/smime.c +++ b/crypto/openssl/apps/smime.c @@ -1,9 +1,9 @@ /* smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,10 +64,13 @@ #include #include #include +#include +#include #undef PROG #define PROG smime_main static int save_certs(char *signerfile, STACK_OF(X509) *signers); +static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_OP 0x10 #define SMIME_ENCRYPT (1 | SMIME_OP) @@ -79,12 +82,12 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); int MAIN(int, char **); int MAIN(int argc, char **argv) -{ + { ENGINE *e = NULL; int operation = 0; int ret = 0; char **args; - char *inmode = "r", *outmode = "w"; + const char *inmode = "r", *outmode = "w"; char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; @@ -96,7 +99,7 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL; int badarg = 0; - int flags = PKCS7_DETACHED, store_flags = 0; + int flags = PKCS7_DETACHED; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; @@ -108,24 +111,34 @@ int MAIN(int argc, char **argv) char *engine=NULL; #endif + X509_VERIFY_PARAM *vpm = NULL; + args = argv + 1; ret = 1; apps_startup(); if (bio_err == NULL) + { if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + } if (!load_config(bio_err, NULL)) goto end; - while (!badarg && *args && *args[0] == '-') { - if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; - else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; - else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; - else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; - else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; + while (!badarg && *args && *args[0] == '-') + { + if (!strcmp (*args, "-encrypt")) + operation = SMIME_ENCRYPT; + else if (!strcmp (*args, "-decrypt")) + operation = SMIME_DECRYPT; + else if (!strcmp (*args, "-sign")) + operation = SMIME_SIGN; + else if (!strcmp (*args, "-verify")) + operation = SMIME_VERIFY; + else if (!strcmp (*args, "-pk7out")) + operation = SMIME_PK7OUT; #ifndef OPENSSL_NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); @@ -172,127 +185,225 @@ int MAIN(int argc, char **argv) flags |= PKCS7_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) flags |= PKCS7_CRLFEOL; - else if (!strcmp (*args, "-crl_check")) - store_flags |= X509_V_FLAG_CRL_CHECK; - else if (!strcmp (*args, "-crl_check_all")) - store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; - else if (!strcmp(*args,"-rand")) { - if (args[1]) { + else if (!strcmp(*args,"-rand")) + { + if (args[1]) + { args++; inrand = *args; - } else badarg = 1; + } + else + badarg = 1; need_rand = 1; + } #ifndef OPENSSL_NO_ENGINE - } else if (!strcmp(*args,"-engine")) { - if (args[1]) { + else if (!strcmp(*args,"-engine")) + { + if (args[1]) + { args++; engine = *args; - } else badarg = 1; + } + else badarg = 1; + } #endif - } else if (!strcmp(*args,"-passin")) { - if (args[1]) { + else if (!strcmp(*args,"-passin")) + { + if (args[1]) + { args++; passargin = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-to")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-to")) + { + if (args[1]) + { args++; to = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-from")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-from")) + { + if (args[1]) + { args++; from = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-subject")) { - if (args[1]) { + } + else badarg = 1; + } + else if (!strcmp (*args, "-subject")) + { + if (args[1]) + { args++; subject = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-signer")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-signer")) + { + if (args[1]) + { args++; signerfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-recip")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-recip")) + { + if (args[1]) + { args++; recipfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-inkey")) { - if (args[1]) { + } + else badarg = 1; + } + else if (!strcmp (*args, "-inkey")) + { + if (args[1]) + { args++; keyfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-keyform")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-keyform")) + { + if (args[1]) + { args++; keyform = str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-certfile")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-certfile")) + { + if (args[1]) + { args++; certfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-CAfile")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-CAfile")) + { + if (args[1]) + { args++; CAfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-CApath")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-CApath")) + { + if (args[1]) + { args++; CApath = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-in")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-in")) + { + if (args[1]) + { args++; infile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-inform")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-inform")) + { + if (args[1]) + { args++; informat = str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-outform")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-outform")) + { + if (args[1]) + { args++; outformat = str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-out")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-out")) + { + if (args[1]) + { args++; outfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-content")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-content")) + { + if (args[1]) + { args++; contfile = *args; - } else badarg = 1; - } else badarg = 1; + } + else + badarg = 1; + } + else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) + continue; + else + badarg = 1; args++; - } + } - if(operation == SMIME_SIGN) { - if(!signerfile) { + + if (operation == SMIME_SIGN) + { + if (!signerfile) + { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; - } + } need_rand = 1; - } else if(operation == SMIME_DECRYPT) { - if(!recipfile) { - BIO_printf(bio_err, "No recipient certificate and key specified\n"); + } + else if (operation == SMIME_DECRYPT) + { + if (!recipfile && !keyfile) + { + BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; + } } - } else if(operation == SMIME_ENCRYPT) { - if(!*args) { + else if (operation == SMIME_ENCRYPT) + { + if (!*args) + { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; - } + } need_rand = 1; - } else if(!operation) badarg = 1; + } + else if (!operation) + badarg = 1; - if (badarg) { + if (badarg) + { BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); BIO_printf (bio_err, "where options are\n"); BIO_printf (bio_err, "-encrypt encrypt message\n"); @@ -347,121 +458,155 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, " the random number generator\n"); BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; - } + } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif - if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { BIO_printf(bio_err, "Error getting password\n"); goto end; - } + } - if (need_rand) { + if (need_rand) + { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); - } + } ret = 2; - if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED; + if (operation != SMIME_SIGN) + flags &= ~PKCS7_DETACHED; - if(operation & SMIME_OP) { - if(flags & PKCS7_BINARY) inmode = "rb"; - if(outformat == FORMAT_ASN1) outmode = "wb"; - } else { - if(flags & PKCS7_BINARY) outmode = "wb"; - if(informat == FORMAT_ASN1) inmode = "rb"; - } + if (operation & SMIME_OP) + { + if (flags & PKCS7_BINARY) + inmode = "rb"; + if (outformat == FORMAT_ASN1) + outmode = "wb"; + } + else + { + if (flags & PKCS7_BINARY) + outmode = "wb"; + if (informat == FORMAT_ASN1) + inmode = "rb"; + } - if(operation == SMIME_ENCRYPT) { - if (!cipher) { + if (operation == SMIME_ENCRYPT) + { + if (!cipher) + { #ifndef OPENSSL_NO_RC2 cipher = EVP_rc2_40_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif - } + } encerts = sk_X509_new_null(); - while (*args) { - if(!(cert = load_cert(bio_err,*args,FORMAT_PEM, - NULL, e, "recipient certificate file"))) { + while (*args) + { + if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, + NULL, e, "recipient certificate file"))) + { #if 0 /* An appropriate message is already printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); #endif goto end; - } + } sk_X509_push(encerts, cert); cert = NULL; args++; + } } - } - if(signerfile && (operation == SMIME_SIGN)) { - if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, - e, "signer certificate"))) { + if (signerfile && (operation == SMIME_SIGN)) + { + if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, + e, "signer certificate"))) + { #if 0 /* An appropri message has already been printed */ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); #endif goto end; + } } - } - if(certfile) { - if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, - e, "certificate file"))) { + if (certfile) + { + if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, + e, "certificate file"))) + { #if 0 /* An appropriate message has already been printed */ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); #endif ERR_print_errors(bio_err); goto end; + } } - } - if(recipfile && (operation == SMIME_DECRYPT)) { - if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, - e, "recipient certificate file"))) { + if (recipfile && (operation == SMIME_DECRYPT)) + { + if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, + e, "recipient certificate file"))) + { #if 0 /* An appropriate message has alrady been printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); #endif ERR_print_errors(bio_err); goto end; + } } - } - if(operation == SMIME_DECRYPT) { - if(!keyfile) keyfile = recipfile; - } else if(operation == SMIME_SIGN) { - if(!keyfile) keyfile = signerfile; - } else keyfile = NULL; + if (operation == SMIME_DECRYPT) + { + if (!keyfile) + keyfile = recipfile; + } + else if (operation == SMIME_SIGN) + { + if (!keyfile) + keyfile = signerfile; + } + else keyfile = NULL; - if(keyfile) { + if (keyfile) + { key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) { + if (!key) goto end; - } - } + } - if (infile) { - if (!(in = BIO_new_file(infile, inmode))) { + if (infile) + { + if (!(in = BIO_new_file(infile, inmode))) + { BIO_printf (bio_err, "Can't open input file %s\n", infile); goto end; + } } - } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + else + in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (outfile) { - if (!(out = BIO_new_file(outfile, outmode))) { + if (outfile) + { + if (!(out = BIO_new_file(outfile, outmode))) + { BIO_printf (bio_err, "Can't open output file %s\n", outfile); goto end; + } } - } else { + else + { out = BIO_new_fp(stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { @@ -469,100 +614,133 @@ int MAIN(int argc, char **argv) out = BIO_push(tmpbio, out); } #endif - } + } - if(operation == SMIME_VERIFY) { - if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end; - X509_STORE_set_flags(store, store_flags); - } + if (operation == SMIME_VERIFY) + { + if (!(store = setup_verify(bio_err, CAfile, CApath))) + goto end; + X509_STORE_set_verify_cb_func(store, smime_cb); + if (vpm) + X509_STORE_set1_param(store, vpm); + } ret = 3; - if(operation == SMIME_ENCRYPT) { + if (operation == SMIME_ENCRYPT) p7 = PKCS7_encrypt(encerts, in, cipher, flags); - } else if(operation == SMIME_SIGN) { + else if (operation == SMIME_SIGN) + { + /* If detached data and SMIME output enable partial + * signing. + */ + if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) + flags |= PKCS7_STREAM; p7 = PKCS7_sign(signer, key, other, in, flags); - if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) { - BIO_printf(bio_err, "Can't rewind input file\n"); - goto end; + /* Don't need to rewind for partial signing */ + if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) + { + BIO_printf(bio_err, "Can't rewind input file\n"); + goto end; + } } - } else { - if(informat == FORMAT_SMIME) + else + { + if (informat == FORMAT_SMIME) p7 = SMIME_read_PKCS7(in, &indata); - else if(informat == FORMAT_PEM) + else if (informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - else if(informat == FORMAT_ASN1) + else if (informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); - else { + else + { BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); goto end; - } + } - if(!p7) { + if (!p7) + { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; - } - if(contfile) { + } + if (contfile) + { BIO_free(indata); - if(!(indata = BIO_new_file(contfile, "rb"))) { + if (!(indata = BIO_new_file(contfile, "rb"))) + { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; + } } } - } - if(!p7) { + if (!p7) + { BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); goto end; - } + } ret = 4; - if(operation == SMIME_DECRYPT) { - if(!PKCS7_decrypt(p7, key, recip, out, flags)) { + if (operation == SMIME_DECRYPT) + { + if (!PKCS7_decrypt(p7, key, recip, out, flags)) + { BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); goto end; + } } - } else if(operation == SMIME_VERIFY) { + else if (operation == SMIME_VERIFY) + { STACK_OF(X509) *signers; - if(PKCS7_verify(p7, other, store, indata, out, flags)) { + if (PKCS7_verify(p7, other, store, indata, out, flags)) BIO_printf(bio_err, "Verification successful\n"); - } else { + else + { BIO_printf(bio_err, "Verification failure\n"); goto end; - } + } signers = PKCS7_get0_signers(p7, other, flags); - if(!save_certs(signerfile, signers)) { + if (!save_certs(signerfile, signers)) + { BIO_printf(bio_err, "Error writing signers to %s\n", signerfile); ret = 5; goto end; - } + } sk_X509_free(signers); - } else if(operation == SMIME_PK7OUT) { + } + else if (operation == SMIME_PK7OUT) PEM_write_bio_PKCS7(out, p7); - } else { - if(to) BIO_printf(out, "To: %s\n", to); - if(from) BIO_printf(out, "From: %s\n", from); - if(subject) BIO_printf(out, "Subject: %s\n", subject); - if(outformat == FORMAT_SMIME) + else + { + if (to) + BIO_printf(out, "To: %s\n", to); + if (from) + BIO_printf(out, "From: %s\n", from); + if (subject) + BIO_printf(out, "Subject: %s\n", subject); + if (outformat == FORMAT_SMIME) SMIME_write_PKCS7(out, p7, in, flags); - else if(outformat == FORMAT_PEM) + else if (outformat == FORMAT_PEM) PEM_write_bio_PKCS7(out,p7); - else if(outformat == FORMAT_ASN1) + else if (outformat == FORMAT_ASN1) i2d_PKCS7_bio(out,p7); - else { + else + { BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); goto end; + } } - } ret = 0; end: if (need_rand) app_RAND_write_file(NULL, bio_err); - if(ret) ERR_print_errors(bio_err); + if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); + if (vpm) + X509_VERIFY_PARAM_free(vpm); X509_STORE_free(store); X509_free(cert); X509_free(recip); @@ -572,20 +750,39 @@ end: BIO_free(in); BIO_free(indata); BIO_free_all(out); - if(passin) OPENSSL_free(passin); + if (passin) OPENSSL_free(passin); return (ret); } static int save_certs(char *signerfile, STACK_OF(X509) *signers) -{ + { int i; BIO *tmp; - if(!signerfile) return 1; + if (!signerfile) + return 1; tmp = BIO_new_file(signerfile, "w"); - if(!tmp) return 0; + if (!tmp) return 0; for(i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); BIO_free(tmp); return 1; -} + } + +/* Minimal callback just to output policy info (if any) */ + +static int smime_cb(int ok, X509_STORE_CTX *ctx) + { + int error; + + error = X509_STORE_CTX_get_error(ctx); + + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) + && ((error != X509_V_OK) || (ok != 2))) + return ok; + + policies_print(NULL, ctx); + + return ok; + + } diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index 5ed510c..7082c37 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -55,6 +55,19 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The ECDH and ECDSA speed test software is originally written by + * Sumit Gupta of Sun Microsystems Laboratories. + * + */ /* most of this code has been pilfered from my libdes speed.c program */ @@ -64,6 +77,8 @@ #define SECONDS 3 #define RSA_SECONDS 10 #define DSA_SECONDS 10 +#define ECDSA_SECONDS 10 +#define ECDH_SECONDS 10 /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ @@ -73,7 +88,7 @@ #include #include -#include + #include #include #include "apps.h" @@ -89,6 +104,10 @@ #include OPENSSL_UNISTD #endif +#ifndef OPENSSL_SYS_NETWARE +#include +#endif + #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) @@ -98,6 +117,12 @@ # define TIMEB #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TIMES +#undef TIMEB +#include +#endif + #ifndef _IRIX # include #endif @@ -122,7 +147,7 @@ #include #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -132,6 +157,7 @@ #include #endif +#include #ifndef OPENSSL_NO_DES #include #endif @@ -184,14 +210,31 @@ #endif #include #ifndef OPENSSL_NO_DSA +#include #include "./testdsa.h" #endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#ifndef OPENSSL_NO_ECDH +#include +#endif + +/* + * The following "HZ" timing stuff should be sync'd up with the code in + * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think + * this code is more up to date than libcrypto's so there may be features to + * migrate over first. This is used in two places further down AFAICS. + * The point is that nothing in openssl actually *uses* that tmdiff stuff, so + * either speed.c should be using it or it should go because it's obviously not + * useful enough. Anyone want to do a janitorial job on this? + */ /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -205,7 +248,7 @@ # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) # define HAVE_FORK 1 #endif @@ -219,25 +262,41 @@ static int usertime=1; static double Time_F(int s); static void print_message(const char *s,long num,int length); -static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); +static void pkey_print_message(const char *str, const char *str2, + long num, int bits, int sec); static void print_result(int alg,int run_no,int count,double time_used); #ifdef HAVE_FORK static int do_multi(int multi); #endif -#define ALGOR_NUM 19 +#define ALGOR_NUM 21 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 + +#define EC_NUM 16 +#define MAX_ECDH_SIZE 256 + static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", - "aes-128 cbc","aes-192 cbc","aes-256 cbc"}; + "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; static double dsa_results[DSA_NUM][2]; +#ifndef OPENSSL_NO_ECDSA +static double ecdsa_results[EC_NUM][2]; +#endif +#ifndef OPENSSL_NO_ECDH +static double ecdh_results[EC_NUM][1]; +#endif + +#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static int rnd_fake = 0; +#endif #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) @@ -260,13 +319,39 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 +#if defined(OPENSSL_SYS_NETWARE) + + /* for NetWare the best we can do is use clock() which returns the + * time, in hundredths of a second, since the NLM began executing + */ +static double Time_F(int s) + { + double ret; + + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } + } + +#else + static double Time_F(int s) { double ret; #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; getrusage_used = 1; @@ -321,7 +406,8 @@ static double Time_F(int s) else { times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + ret = HZ; + ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; return((ret < 1e-3)?1e-3:ret); } } @@ -367,6 +453,25 @@ static double Time_F(int s) # endif #endif } +#endif /* if defined(OPENSSL_SYS_NETWARE) */ + + +#ifndef OPENSSL_NO_ECDH +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) + { +#ifndef OPENSSL_NO_SHA + if (*outlen < SHA_DIGEST_LENGTH) + return NULL; + else + *outlen = SHA_DIGEST_LENGTH; + return SHA1(in, inlen, out); +#else + return NULL; +#endif /* OPENSSL_NO_SHA */ + } +#endif /* OPENSSL_NO_ECDH */ + int MAIN(int, char **); @@ -401,6 +506,12 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; +#ifndef OPENSSL_NO_SHA256 + unsigned char sha256[SHA256_DIGEST_LENGTH]; +#endif +#ifndef OPENSSL_NO_SHA512 + unsigned char sha512[SHA512_DIGEST_LENGTH]; +#endif #endif #ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; @@ -426,6 +537,7 @@ int MAIN(int argc, char **argv) static const unsigned char key16[16]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; +#ifndef OPENSSL_NO_AES static const unsigned char key24[24]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, @@ -435,6 +547,7 @@ int MAIN(int argc, char **argv) 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#endif #ifndef OPENSSL_NO_AES #define MAX_BLOCK_SIZE 128 #else @@ -473,6 +586,8 @@ int MAIN(int argc, char **argv) #define D_CBC_192_AES 16 #define D_CBC_256_AES 17 #define D_EVP 18 +#define D_SHA256 19 +#define D_SHA512 20 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -482,6 +597,24 @@ int MAIN(int argc, char **argv) #define R_RSA_1024 1 #define R_RSA_2048 2 #define R_RSA_4096 3 + +#define R_EC_P160 0 +#define R_EC_P192 1 +#define R_EC_P224 2 +#define R_EC_P256 3 +#define R_EC_P384 4 +#define R_EC_P521 5 +#define R_EC_K163 6 +#define R_EC_K233 7 +#define R_EC_K283 8 +#define R_EC_K409 9 +#define R_EC_K571 10 +#define R_EC_B163 11 +#define R_EC_B233 12 +#define R_EC_B283 13 +#define R_EC_B409 14 +#define R_EC_B571 15 + #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; long rsa_c[RSA_NUM][2]; @@ -497,8 +630,87 @@ int MAIN(int argc, char **argv) long dsa_c[DSA_NUM][2]; static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; #endif +#ifndef OPENSSL_NO_EC + /* We only test over the following curves as they are representative, + * To add tests over more curves, simply add the curve NID + * and curve name to the following arrays and increase the + * EC_NUM value accordingly. + */ + static unsigned int test_curves[EC_NUM] = + { + /* Prime Curves */ + NID_secp160r1, + NID_X9_62_prime192v1, + NID_secp224r1, + NID_X9_62_prime256v1, + NID_secp384r1, + NID_secp521r1, + /* Binary Curves */ + NID_sect163k1, + NID_sect233k1, + NID_sect283k1, + NID_sect409k1, + NID_sect571k1, + NID_sect163r2, + NID_sect233r1, + NID_sect283r1, + NID_sect409r1, + NID_sect571r1 + }; + static const char * test_curves_names[EC_NUM] = + { + /* Prime Curves */ + "secp160r1", + "nistp192", + "nistp224", + "nistp256", + "nistp384", + "nistp521", + /* Binary Curves */ + "nistk163", + "nistk233", + "nistk283", + "nistk409", + "nistk571", + "nistb163", + "nistb233", + "nistb283", + "nistb409", + "nistb571" + }; + static int test_curves_bits[EC_NUM] = + { + 160, 192, 224, 256, 384, 521, + 163, 233, 283, 409, 571, + 163, 233, 283, 409, 571 + }; + +#endif + +#ifndef OPENSSL_NO_ECDSA + unsigned char ecdsasig[256]; + unsigned int ecdsasiglen; + EC_KEY *ecdsa[EC_NUM]; + long ecdsa_c[EC_NUM][2]; +#endif + +#ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; + unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; + int secret_size_a, secret_size_b; + int ecdh_checks = 0; + int secret_idx = 0; + long ecdh_c[EC_NUM][2]; +#endif + int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; +#ifndef OPENSSL_NO_ECDSA + int ecdsa_doit[EC_NUM]; +#endif +#ifndef OPENSSL_NO_ECDH + int ecdh_doit[EC_NUM]; +#endif int doit[ALGOR_NUM]; int pr_header=0; const EVP_CIPHER *evp_cipher=NULL; @@ -517,6 +729,17 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA memset(dsa_key,0,sizeof(dsa_key)); #endif +#ifndef OPENSSL_NO_ECDSA + for (i=0; ispkac->challenge, - challenge, strlen(challenge)); + challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); diff --git a/crypto/openssl/apps/timeouts.h b/crypto/openssl/apps/timeouts.h new file mode 100644 index 0000000..89b5dc7 --- /dev/null +++ b/crypto/openssl/apps/timeouts.h @@ -0,0 +1,67 @@ +/* apps/timeouts.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef INCLUDED_TIMEOUTS_H +#define INCLUDED_TIMEOUTS_H + +/* numbers in us */ +#define DGRAM_RCV_TIMEOUT 250000 +#define DGRAM_SND_TIMEOUT 250000 + +#endif /* ! INCLUDED_TIMEOUTS_H */ diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c index 6a93c01..9ff32cb 100644 --- a/crypto/openssl/apps/verify.c +++ b/crypto/openssl/apps/verify.c @@ -79,13 +79,14 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { ENGINE *e = NULL; - int i,ret=1; + int i,ret=1, badarg = 0; int purpose = -1; char *CApath=NULL,*CAfile=NULL; char *untfile = NULL, *trustfile = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; + X509_VERIFY_PARAM *vpm = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif @@ -121,18 +122,12 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; CAfile= *(++argv); } - else if (strcmp(*argv,"-purpose") == 0) + else if (args_verify(&argv, &argc, &badarg, bio_err, + &vpm)) { - X509_PURPOSE *xptmp; - if (argc-- < 1) goto end; - i = X509_PURPOSE_get_by_sname(*(++argv)); - if(i < 0) - { - BIO_printf(bio_err, "unrecognized purpose\n"); + if (badarg) goto end; - } - xptmp = X509_PURPOSE_get0(i); - purpose = X509_PURPOSE_get_id(xptmp); + continue; } else if (strcmp(*argv,"-untrusted") == 0) { @@ -153,14 +148,6 @@ int MAIN(int argc, char **argv) #endif else if (strcmp(*argv,"-help") == 0) goto end; - else if (strcmp(*argv,"-ignore_critical") == 0) - vflags |= X509_V_FLAG_IGNORE_CRITICAL; - else if (strcmp(*argv,"-issuer_checks") == 0) - vflags |= X509_V_FLAG_CB_ISSUER_CHECK; - else if (strcmp(*argv,"-crl_check") == 0) - vflags |= X509_V_FLAG_CRL_CHECK; - else if (strcmp(*argv,"-crl_check_all") == 0) - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-verbose") == 0) v_verbose=1; else if (argv[0][0] == '-') @@ -178,6 +165,9 @@ int MAIN(int argc, char **argv) e = setup_engine(bio_err, engine, 0); #endif + if (vpm) + X509_STORE_set1_param(cert_ctx, vpm); + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); if (CAfile) { @@ -238,6 +228,7 @@ end: X509_PURPOSE_get0_name(ptmp)); } } + if (vpm) X509_VERIFY_PARAM_free(vpm); if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); @@ -339,10 +330,13 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { - X509_NAME_oneline( + if (ctx->current_cert) + { + X509_NAME_oneline( X509_get_subject_name(ctx->current_cert),buf, sizeof buf); - printf("%s\n",buf); + printf("%s\n",buf); + } printf("error %d at %d depth lookup:%s\n",ctx->error, ctx->error_depth, X509_verify_cert_error_string(ctx->error)); @@ -354,13 +348,21 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; /* Continue after extension errors too */ if (ctx->error == X509_V_ERR_INVALID_CA) ok=1; + if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1; if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; + + if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) + policies_print(NULL, ctx); + return ok; + } + if ((ctx->error == X509_V_OK) && (ok == 2)) + policies_print(NULL, ctx); if (!v_verbose) ERR_clear_error(); return(ok); diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c index 0843b67..69ef3e1 100644 --- a/crypto/openssl/apps/version.c +++ b/crypto/openssl/apps/version.c @@ -115,6 +115,7 @@ #include "apps.h" #include #include +#include #ifndef OPENSSL_NO_MD2 # include #endif @@ -172,7 +173,19 @@ int MAIN(int argc, char **argv) } } - if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION)); + if (version) + { + if (SSLeay() == SSLEAY_VERSION_NUMBER) + { + printf("%s\n",SSLeay_version(SSLEAY_VERSION)); + } + else + { + printf("%s (Library: %s)\n", + OPENSSL_VERSION_TEXT, + SSLeay_version(SSLEAY_VERSION)); + } + } if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); if (options) diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index dedd9f1..5f61eb5 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -73,6 +73,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #undef PROG #define PROG x509_main @@ -81,7 +87,7 @@ #define POSTFIX ".srl" #define DEF_DAYS 30 -static char *x509_usage[]={ +static const char *x509_usage[]={ "usage: x509 args\n", " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", @@ -92,7 +98,9 @@ static char *x509_usage[]={ " -out arg - output file - default stdout\n", " -passin arg - private key password source\n", " -serial - print serial number value\n", -" -hash - print hash value\n", +" -subject_hash - print subject hash value\n", +" -issuer_hash - print issuer hash value\n", +" -hash - synonym for -subject_hash\n", " -subject - print subject DN\n", " -issuer - print issuer DN\n", " -email - print email address(es)\n", @@ -167,19 +175,20 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; - int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; - int next_serial=0,ocspid=0; + int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; + int next_serial=0; + int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; int pprint = 0; - char **pp; + const char **pp; X509_STORE *ctx=NULL; X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; @@ -381,8 +390,11 @@ int MAIN(int argc, char **argv) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; - else if (strcmp(*argv,"-hash") == 0) - hash= ++num; + else if (strcmp(*argv,"-hash") == 0 + || strcmp(*argv,"-subject_hash") == 0) + subject_hash= ++num; + else if (strcmp(*argv,"-issuer_hash") == 0) + issuer_hash= ++num; else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -598,9 +610,12 @@ bad: sno = ASN1_INTEGER_new(); if (!sno || !rand_serial(NULL, sno)) goto end; + if (!X509_set_serialNumber(x, sno)) + goto end; + ASN1_INTEGER_free(sno); + sno = NULL; } - - if (!X509_set_serialNumber(x, sno)) + else if (!X509_set_serialNumber(x, sno)) goto end; if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; @@ -694,7 +709,8 @@ bad: else if (serial == i) { BIO_printf(STDout,"serial="); - i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber); + i2a_ASN1_INTEGER(STDout, + X509_get_serialNumber(x)); BIO_printf(STDout,"\n"); } else if (next_serial == i) @@ -731,10 +747,14 @@ bad: if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"\n"); } - else if (hash == i) + else if (subject_hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } + else if (issuer_hash == i) + { + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); + } else if (pprint == i) { X509_PURPOSE *ptmp; @@ -896,6 +916,10 @@ bad: if (Upkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (Upkey->type == EVP_PKEY_EC) + digest=EVP_ecdsa(); +#endif assert(need_rand); if (!sign(x,Upkey,days,clrext,digest, @@ -916,6 +940,10 @@ bad: if (CApkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (CApkey->type == EVP_PKEY_EC) + digest = EVP_ecdsa(); +#endif assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, @@ -947,6 +975,10 @@ bad: if (pk->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (pk->type == EVP_PKEY_EC) + digest=EVP_ecdsa(); +#endif rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); @@ -971,9 +1003,9 @@ bad: if (checkend) { - time_t tnow=time(NULL); + time_t tcheck=time(NULL) + checkoffset; - if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1) + if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { BIO_printf(out,"Certificate will expire\n"); ret=1; @@ -1010,8 +1042,7 @@ bad: ah.data=(char *)x; ah.meth=X509_asn1_meth(); - /* no macro for this one yet */ - i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah); + i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); diff --git a/crypto/openssl/certs/argena.pem b/crypto/openssl/certs/argena.pem new file mode 100644 index 0000000..db730e3 --- /dev/null +++ b/crypto/openssl/certs/argena.pem @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx +EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH +RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl +MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP +QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe +Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ +MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF +IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw +IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B +LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679 +tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM +e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2 +4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ +W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6 +2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID +AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV +HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG +EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK +EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0 +aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD +VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0 +LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G +CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD +CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq +KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0 +aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h +LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m +b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93 +d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt +Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF +BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK +Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG +HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW +3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW +msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG +J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg= +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/argeng.pem b/crypto/openssl/certs/argeng.pem new file mode 100644 index 0000000..621e30e --- /dev/null +++ b/crypto/openssl/certs/argeng.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx +EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn +ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu +c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx +MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD +VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0 +ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0 +ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1 +XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb +Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3 +NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB +xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG +A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG +A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm +dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu +LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE +AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV +AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA +x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3 +US0spjsDPQ== +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/demo/ca-cert.pem b/crypto/openssl/certs/demo/ca-cert.pem new file mode 100644 index 0000000..bcba68a --- /dev/null +++ b/crypto/openssl/certs/demo/ca-cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx +HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN +MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu +ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg +KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p +yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF +b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM +5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA +U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW +R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0 +IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL +6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35 +3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK +sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/certs/demo/dsa-ca.pem b/crypto/openssl/certs/demo/dsa-ca.pem new file mode 100644 index 0000000..9eb08f3 --- /dev/null +++ b/crypto/openssl/certs/demo/dsa-ca.pem @@ -0,0 +1,43 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0 + +svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0 +Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl +Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/ +par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr +zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO +uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5 +rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx +1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4 +HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827 +MVqOsYxGCb+kez0FoDSTgw== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew +ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW +sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m +rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk +cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo +bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR +CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB +F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH +vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq +AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u +3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v +AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE +AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi +ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh +MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD +MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa +C1Q= +-----END CERTIFICATE----- + diff --git a/crypto/openssl/certs/demo/dsa-pca.pem b/crypto/openssl/certs/demo/dsa-pca.pem new file mode 100644 index 0000000..e3641ad --- /dev/null +++ b/crypto/openssl/certs/demo/dsa-pca.pem @@ -0,0 +1,49 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4 + +GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS +mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt +of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr +FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX +RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd +qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1 +diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn +V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h +hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf +dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7 +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB +MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G +lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O +Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR +5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl +aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 +kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als +QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe +6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ +yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 +z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB +nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww +ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ +R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 +JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps +BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze +mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO +VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C +uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D +AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n +5rKUjNBhSg== +-----END CERTIFICATE----- + diff --git a/crypto/openssl/certs/demo/nortelCA.pem b/crypto/openssl/certs/demo/nortelCA.pem new file mode 100644 index 0000000..207f34a --- /dev/null +++ b/crypto/openssl/certs/demo/nortelCA.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN +BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w +HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0 +IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL +MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls +aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww +GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL +ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc +zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0 +YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq +hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF +cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W +YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w== +-----END CERTIFICATE----- + diff --git a/crypto/openssl/certs/demo/pca-cert.pem b/crypto/openssl/certs/demo/pca-cert.pem new file mode 100644 index 0000000..9d754d4 --- /dev/null +++ b/crypto/openssl/certs/demo/pca-cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx +HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN +MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu +ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB +ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy +V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 +JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S +S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R +aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E +1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY +BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy +NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho ++Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ +JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 +Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/certs/demo/timCA.pem b/crypto/openssl/certs/demo/timCA.pem new file mode 100644 index 0000000..9c8d5bf --- /dev/null +++ b/crypto/openssl/certs/demo/timCA.pem @@ -0,0 +1,16 @@ +Tims test GCI CA + +-----BEGIN CERTIFICATE----- +MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 +cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD +cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow +gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC +cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl +dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN +AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw +OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF +AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA +TfdbFZtAAD2Hx9jUtY3tfdrJOb8= +-----END CERTIFICATE----- + diff --git a/crypto/openssl/certs/demo/tjhCA.pem b/crypto/openssl/certs/demo/tjhCA.pem new file mode 100644 index 0000000..67bee1b --- /dev/null +++ b/crypto/openssl/certs/demo/tjhCA.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 +cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O +IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB +VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1 +NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH +EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT +I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta +RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ +KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR +Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG +9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4 +WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU= +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/demo/vsigntca.pem b/crypto/openssl/certs/demo/vsigntca.pem new file mode 100644 index 0000000..05acf76 --- /dev/null +++ b/crypto/openssl/certs/demo/vsigntca.pem @@ -0,0 +1,18 @@ +subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997 +notBefore=Mar 4 00:00:00 1997 GMT +notAfter=Mar 4 23:59:59 2025 GMT +-----BEGIN CERTIFICATE----- +MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU +BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v +cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw +RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v +IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz +NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52 +ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM +aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0 +aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB +BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s +cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB +ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW +ToLEMaUojc3DuNXHG21PDG8= +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/expired/RegTP-4R.pem b/crypto/openssl/certs/expired/RegTP-4R.pem new file mode 100644 index 0000000..6f2c6ab --- /dev/null +++ b/crypto/openssl/certs/expired/RegTP-4R.pem @@ -0,0 +1,19 @@ +issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE +notBefore=Jan 21 16:04:53 1999 GMT +notAfter=Jan 21 16:04:53 2004 GMT +subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE +-----BEGIN CERTIFICATE----- +MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9 +MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth +dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO +MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT +AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t +dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB +IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso +aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs +jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h +5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr +JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX +Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re +JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w== +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/expired/factory.pem b/crypto/openssl/certs/expired/factory.pem new file mode 100644 index 0000000..8e28b39 --- /dev/null +++ b/crypto/openssl/certs/expired/factory.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM +MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT +DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx +CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv +amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB +iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt +U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw +zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd +BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8 +/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi +lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA +S7ELuYGtmYgYm9NZOIr7yU0= +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/expired/rsa-cca.pem b/crypto/openssl/certs/expired/rsa-cca.pem new file mode 100644 index 0000000..69f5c1c --- /dev/null +++ b/crypto/openssl/certs/expired/rsa-cca.pem @@ -0,0 +1,19 @@ +subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority +issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority +notBefore=941104185834Z +notAfter =991103185834Z +-----BEGIN X509 CERTIFICATE----- + +MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw +HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy +Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05 +OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT +ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o +975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/ +touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE +7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j +9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI +0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb +MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU= +-----END X509 CERTIFICATE----- diff --git a/crypto/openssl/certs/expired/vsign2.pem b/crypto/openssl/certs/expired/vsign2.pem new file mode 100644 index 0000000..d8bdd8c --- /dev/null +++ b/crypto/openssl/certs/expired/vsign2.pem @@ -0,0 +1,18 @@ +subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority +notBefore=Jan 29 00:00:00 1996 GMT +notAfter=Jan 7 23:59:59 2004 GMT +-----BEGIN CERTIFICATE----- +MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh +c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 +NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD +VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp +bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18 +oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED +uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN +BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML +v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd +G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9 +1Q== +-----END CERTIFICATE----- diff --git a/crypto/openssl/certs/wellsfgo.pem b/crypto/openssl/certs/wellsfgo.pem new file mode 100644 index 0000000..2ba88cd --- /dev/null +++ b/crypto/openssl/certs/wellsfgo.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0 +MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww +KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G +A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13 +5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE +SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O +JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu +ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE +AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB +AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB +CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw +b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo +7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/ +0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7 +nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx +x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ +33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s= +-----END CERTIFICATE----- diff --git a/crypto/openssl/config b/crypto/openssl/config index 36e820e..6583959 100755 --- a/crypto/openssl/config +++ b/crypto/openssl/config @@ -82,9 +82,9 @@ if [ "x$XREL" != "x" ]; then esac ;; 4.2) - echo "i386-whatever-unixware1"; exit 0 + echo "whatever-whatever-unixware1"; exit 0 ;; - 5) + 5*) case "x${VERSION}" in # We hardcode i586 in place of ${MACHINE} for the # following reason. The catch is that even though Pentium @@ -93,8 +93,7 @@ if [ "x$XREL" != "x" ]; then # with i386 is that it makes ./config pass 386 to # ./Configure, which in turn makes make generate # inefficient SHA-1 (for this moment) code. - x7*) echo "i586-sco-unixware7"; exit 0 ;; - x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;; + x[678]*) echo "i586-sco-unixware7"; exit 0 ;; esac ;; esac @@ -111,16 +110,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "m68k-apple-aux3"; exit 0 ;; - AIX:[3456789]:4:*) - echo "${MACHINE}-ibm-aix43"; exit 0 + AIX:[3-9]:4:*) + echo "${MACHINE}-ibm-aix"; exit 0 ;; - AIX:*:[56789]:*) - echo "${MACHINE}-ibm-aix43"; exit 0 + AIX:*:[5-9]:*) + echo "${MACHINE}-ibm-aix"; exit 0 ;; AIX:*) - echo "${MACHINE}-ibm-aix"; exit 0 + echo "${MACHINE}-ibm-aix3"; exit 0 ;; dgux:*) @@ -337,6 +336,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "mips-sony-newsos4"; exit 0; ;; + MINGW*) + echo "${MACHINE}-whatever-mingw"; exit 0; + ;; CYGWIN*) case "$RELEASE" in [bB]*|1.0|1.[12].*) @@ -404,7 +406,7 @@ if [ "$GCCVER" != "" ]; then CC=gcc # then strip off whatever prefix egcs prepends the number with... # Hopefully, this will work for any future prefixes as well. - GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'` + GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'` # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion # does give us what we want though, so we use that. We just just the # major and minor version numbers. @@ -442,15 +444,13 @@ if [ "$SYSTEM" = "SunOS" ]; then egrep -e '^cc: .* C [0-9]\.[0-9]' | \ sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'` CCVER=${CCVER:-0} - if [ $CCVER -gt 40 ]; then + if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then CC=cc # overrides gcc!!! if [ $CCVER -eq 50 ]; then echo "WARNING! Detected WorkShop C 5.0. Do make sure you have" echo " patch #107357-01 or later applied." sleep 5 fi - elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then - CC=sc3 fi fi @@ -491,91 +491,81 @@ case "$GUESSOS" in OUT="irix-$CC" ;; mips3-sgi-irix) - CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` - CPU=${CPU:-0} - if [ $CPU -ge 5000 ]; then - options="$options -mips4" - else - options="$options -mips3" - fi + #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + #CPU=${CPU:-0} + #if [ $CPU -ge 5000 ]; then + # options="$options -mips4" + #else + # options="$options -mips3" + #fi OUT="irix-mips3-$CC" ;; mips4-sgi-irix64) echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure irix64-mips4-$CC' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi - CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` - CPU=${CPU:-0} - if [ $CPU -ge 5000 ]; then - options="$options -mips4" - else - options="$options -mips3" - fi + #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + #CPU=${CPU:-0} + #if [ $CPU -ge 5000 ]; then + # options="$options -mips4" + #else + # options="$options -mips3" + #fi OUT="irix-mips3-$CC" ;; + ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; + ppc-apple-darwin*) OUT="darwin-ppc-cc" ;; + i386-apple-darwin*) OUT="darwin-i386-cc" ;; alpha-*-linux2) - ISA=`awk '/cpu model/{print$4}' /proc/cpuinfo` + ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` case ${ISA:-generic} in - *[67]) OUT="linux-alpha+bwx-$CC" ;; + *[678]) OUT="linux-alpha+bwx-$CC" ;; *) OUT="linux-alpha-$CC" ;; esac if [ "$CC" = "gcc" ]; then case ${ISA:-generic} in EV5|EV45) options="$options -mcpu=ev5";; EV56|PCA56) options="$options -mcpu=ev56";; - EV6|EV67|PCA57) options="$options -mcpu=ev6";; + *) options="$options -mcpu=ev6";; esac fi ;; - mips-*-linux?) - cat >dummy.c < /* for printf() prototype */ - int main (argc, argv) int argc; char *argv[]; { -#ifdef __MIPSEB__ - printf ("linux-%s\n", argv[1]); -#endif -#ifdef __MIPSEL__ - printf ("linux-%sel\n", argv[1]); -#endif - return 0; -} -EOF - ${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}` - rm dummy dummy.c - ;; ppc64-*-linux2) - #Use the standard target for PPC architecture until we create a - #special one for the 64bit architecture. - OUT="linux-ppc" ;; + echo "WARNING! If you wish to build 64-bit library, then you have to" + echo " invoke './Configure linux-ppc64' *manually*." + if [ "$TEST" = "false" -a -t 1 ]; then + echo " You have about 5 seconds to press Ctrl-C to abort." + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 + fi + OUT="linux-ppc" + ;; ppc-*-linux2) OUT="linux-ppc" ;; - m68k-*-linux*) OUT="linux-m68k" ;; ia64-*-linux?) OUT="linux-ia64" ;; - ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; - ppc-apple-darwin*) OUT="darwin-ppc-cc" ;; - i386-apple-darwin*) OUT="darwin-i386-cc" ;; sparc64-*-linux2) echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI" echo " and wish to build 64-bit library, then you have to" echo " invoke './Configure linux64-sparcv9' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi OUT="linux-sparcv9" ;; sparc-*-linux2) - KARCH=`awk '/^type/{print$3}' /proc/cpuinfo` + KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo` case ${KARCH:-sun4} in sun4u*) OUT="linux-sparcv9" ;; sun4m) OUT="linux-sparcv8" ;; sun4d) OUT="linux-sparcv8" ;; - *) OUT="linux-sparcv7" ;; + *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; esac ;; - parisc-*-linux2) - CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo` - CPUSCHEDULE=`awk '/^cpu.[ ]: PA/{print substr($3,3)}' /proc/cpuinfo` + parisc*-*-linux2) + # 64-bit builds under parisc64 linux are not supported and + # compiler is expected to generate 32-bit objects... + CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo` + CPUSCHEDULE=`awk '/^cpu.[ ]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo` # ??TODO ?? Model transformations # 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off @@ -588,28 +578,29 @@ EOF # PA8500 -> 8000 (2.0) # PA8600 -> 8000 (2.0) - CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'` + CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'` # Finish Model transformations - options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH" - OUT="linux-parisc" ;; - arm*-*-linux2) OUT="linux-elf-arm" ;; - s390-*-linux2) OUT="linux-s390" ;; - s390x-*-linux?) OUT="linux-s390x" ;; + options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH" + OUT="linux-generic32" ;; + arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; + arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; + s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;; x86_64-*-linux?) OUT="linux-x86_64" ;; - *-*-linux2) OUT="linux-elf" + *86-*-linux2) OUT="linux-elf" if [ "$GCCVER" -gt 28 ]; then if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then - OUT="linux-pentium" + options="$options -mcpu=pentium" fi if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then - OUT="linux-ppro" + options="$options -mcpu=pentiumpro" fi if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then - OUT="linux-k6" + options="$options -mcpu=k6" fi fi ;; *-*-linux1) OUT="linux-aout" ;; + *-*-linux2) OUT="linux-generic32" ;; sun4u*-*-solaris2) OUT="solaris-sparcv9-$CC" ISA64=`(isalist) 2>/dev/null | grep sparcv9` @@ -617,9 +608,9 @@ EOF if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure solaris64-sparcv9-cc' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then # $GCC_ARCH denotes default ABI chosen by compiler driver @@ -629,17 +620,17 @@ EOF OUT="solaris64-sparcv9-gcc" echo "WARNING! If you wish to build 32-bit library, then you have to" echo " invoke './Configure solaris-sparcv9-gcc' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi elif [ "$GCC_ARCH" = "-m32" ]; then echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI" echo " and wish to build 64-bit library, then you have to" echo " invoke './Configure solaris64-sparcv9-gcc' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi fi fi @@ -647,47 +638,49 @@ EOF sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;; sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;; sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;; - *86*-*-solaris2) OUT="solaris-x86-$CC" ;; - *-*-sunos4) OUT="sunos-$CC" ;; - alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; - sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; - ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; - *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; - *-freebsd[1-2]*) OUT="FreeBSD" ;; - *86*-*-netbsd) OUT="NetBSD-x86" ;; - sun3*-*-netbsd) OUT="NetBSD-m68" ;; - *-*-netbsd) OUT="NetBSD-sparc" ;; - alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; - *86*-*-openbsd) OUT="OpenBSD-i386" ;; - m68k*-*-openbsd) OUT="OpenBSD-m68k" ;; - m88k*-*-openbsd) OUT="OpenBSD-m88k" ;; - mips*-*-openbsd) OUT="OpenBSD-mips" ;; - pmax*-*-openbsd) OUT="OpenBSD-mips" ;; - powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;; - sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;; - sparc*-*-openbsd) OUT="OpenBSD-sparc" ;; - vax*-*-openbsd) OUT="OpenBSD-vax" ;; - hppa*-*-openbsd) OUT="OpenBSD-hppa" ;; - *-*-openbsd) OUT="OpenBSD" ;; - *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;; - *-*-osf) OUT="alphaold-cc" ;; - *-*-tru64) OUT="alpha-cc" ;; - *-*-OpenUNIX*) + *86*-*-solaris2) + ISA64=`(isalist) 2>/dev/null | grep amd64` + if [ "$ISA64" != "" ]; then + OUT="solaris64-x86_64-$CC" + else + OUT="solaris-x86-$CC" + if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then + options="$options no-sse2" + fi + fi + ;; + *-*-sunos4) OUT="sunos-$CC" ;; + + *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;; + alpha*-*-*bsd*) OUT="BSD-generic64; options="$options -DL_ENDIAN" ;; + powerpc64-*-*bsd*) OUT="BSD-generic64; options="$options -DB_ENDIAN" ;; + sparc64-*-*bsd*) OUT="BSD-sparc64" ;; + ia64-*-*bsd*) OUT="BSD-ia64" ;; + amd64-*-*bsd*) OUT="BSD-x86_64" ;; + *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... + if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD + libc=/usr/lib/libc.so + else # OpenBSD + # ld searches for highest libc.so.* and so do we + libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null` + fi + case "`(file -L $libc) 2>/dev/null`" in + *ELF*) OUT="BSD-x86-elf" ;; + *) OUT="BSD-x86"; options="$options no-sse2" ;; + esac ;; + *-*-*bsd*) OUT="BSD-generic32" ;; + + *-*-osf) OUT="osf1-alpha-cc" ;; + *-*-tru64) OUT="tru64-alpha-cc" ;; + *-*-[Uu]nix[Ww]are7) if [ "$CC" = "gcc" ]; then - OUT="OpenUNIX-8-gcc" + OUT="unixware-7-gcc" ; options="$options no-sse2" else - OUT="OpenUNIX-8" + OUT="unixware-7" ; options="$options no-sse2 -D__i386__" fi ;; - *-*-unixware7) OUT="unixware-7" ;; - *-*-UnixWare7) OUT="unixware-7" ;; - *-*-Unixware7) OUT="unixware-7" ;; - *-*-unixware20*) OUT="unixware-2.0" ;; - *-*-unixware21*) OUT="unixware-2.1" ;; - *-*-UnixWare20*) OUT="unixware-2.0" ;; - *-*-UnixWare21*) OUT="unixware-2.1" ;; - *-*-Unixware20*) OUT="unixware-2.0" ;; - *-*-Unixware21*) OUT="unixware-2.1" ;; + *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;; + *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;; *-*-vos) options="$options no-threads no-shared no-asm no-dso" EXE=".pm" @@ -696,15 +689,8 @@ EOF RM*-siemens-sysv4) OUT="ReliantUNIX" ;; *-siemens-sysv4) OUT="SINIX" ;; *-hpux1*) - if [ $CC = "gcc" ]; - then - if [ $GCC_BITS = "64" ]; then + if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then OUT="hpux64-parisc2-gcc" - else - OUT="hpux-parisc-gcc" - fi - else - OUT="hpux-parisc-$CC" fi KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null` KERNEL_BITS=${KERNEL_BITS:-32} @@ -715,34 +701,57 @@ EOF echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi." echo " If you wish to build 32-bit library, the you have to" echo " invoke './Configure hpux-ia64-cc' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi OUT="hpux64-ia64-cc" elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU - if [ "$CC" = "cc" ]; then - OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc? - fi + OUT=${OUT:-"hpux-parisc2-${CC}"} if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then echo "WARNING! If you wish to build 64-bit library then you have to" echo " invoke './Configure hpux64-parisc2-cc' *manually*." - if [ "$TEST" = "false" ]; then + if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (stty -icanon min 0 time 50; read waste) < /dev/tty + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi fi elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU - : + OUT="hpux-parisc-${CC} elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU - : + OUT="hpux-parisc-${CC} else # Motorola(?) CPU OUT="hpux-$CC" fi options="$options -D_REENTRANT" ;; *-hpux) OUT="hpux-parisc-$CC" ;; + *-aix) + KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null` + KERNEL_BITS=${KERNEL_BITS:-32} + OBJECT_MODE=${OBJECT_MODE:-32} + if [ "$CC" = "gcc" ]; then + OUT="aix-gcc" + elif [ $OBJECT_MODE -eq 64 ]; then + echo 'Your $OBJECT_MODE was found to be set to 64' + OUT="aix64-cc" + else + OUT="aix-cc" + if [ $KERNEL_BITS -eq 64 ]; then + echo "WARNING! If you wish to build 64-bit kit, then you have to" + echo " invoke './Configure aix64-cc' *manually*." + if [ "$TEST" = "false" -a -t 1 ]; then + echo " You have ~5 seconds to press Ctrl-C to abort." + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 + fi + fi + fi + if (lsattr -E -O -l proc0 | grep -i powerpc) >/dev/null 2>&1; then + : # this applies even to Power3 and later, as they return PowerPC_POWER[345] + else + options="$options no-asm" + fi + ;; # these are all covered by the catchall below - # *-aix) OUT="aix-$CC" ;; # *-dgux) OUT="dgux" ;; mips-sony-newsos4) OUT="newsos4-gcc" ;; *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;; @@ -768,9 +777,10 @@ esac # gcc < 2.8 does not support -mcpu=ultrasparc if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] then - echo "WARNING! Do consider upgrading to gcc-2.8 or later." + echo "WARNING! Falling down to 'solaris-sparcv8-gcc'." + echo " Upgrade to gcc-2.8 or later." sleep 5 - OUT=solaris-sparcv9-gcc27 + OUT=solaris-sparcv8-gcc fi if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ] then diff --git a/crypto/openssl/crypto/LPdir_nyi.c b/crypto/openssl/crypto/LPdir_nyi.c new file mode 100644 index 0000000..6c1a50e --- /dev/null +++ b/crypto/openssl/crypto/LPdir_nyi.c @@ -0,0 +1,42 @@ +/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef LPDIR_H +#include "LPdir.h" +#endif + +struct LP_dir_context_st { void *dummy; }; +const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) + { + errno = EINVAL; + return 0; + } +int LP_find_file_end(LP_DIR_CTX **ctx) + { + errno = EINVAL; + return 0; + } diff --git a/crypto/openssl/crypto/LPdir_unix.c b/crypto/openssl/crypto/LPdir_unix.c new file mode 100644 index 0000000..b004cd9 --- /dev/null +++ b/crypto/openssl/crypto/LPdir_unix.c @@ -0,0 +1,127 @@ +/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#ifndef LPDIR_H +#include "LPdir.h" +#endif + +/* The POSIXly macro for the maximum number of characters in a file path + is NAME_MAX. However, some operating systems use PATH_MAX instead. + Therefore, it seems natural to first check for PATH_MAX and use that, + and if it doesn't exist, use NAME_MAX. */ +#if defined(PATH_MAX) +# define LP_ENTRY_SIZE PATH_MAX +#elif defined(NAME_MAX) +# define LP_ENTRY_SIZE NAME_MAX +#endif + +/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX + exist. It's also possible that NAME_MAX exists but is define to a + very small value (HP-UX offers 14), so we need to check if we got a + result, and if it meets a minimum standard, and create or change it + if not. */ +#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255 +# undef LP_ENTRY_SIZE +# define LP_ENTRY_SIZE 255 +#endif + +struct LP_dir_context_st +{ + DIR *dir; + char entry_name[LP_ENTRY_SIZE+1]; +}; + +const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) +{ + struct dirent *direntry = NULL; + + if (ctx == NULL || directory == NULL) + { + errno = EINVAL; + return 0; + } + + errno = 0; + if (*ctx == NULL) + { + *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + if (*ctx == NULL) + { + errno = ENOMEM; + return 0; + } + memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + + (*ctx)->dir = opendir(directory); + if ((*ctx)->dir == NULL) + { + int save_errno = errno; /* Probably not needed, but I'm paranoid */ + free(*ctx); + *ctx = NULL; + errno = save_errno; + return 0; + } + } + + direntry = readdir((*ctx)->dir); + if (direntry == NULL) + { + return 0; + } + + strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); + (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; + return (*ctx)->entry_name; +} + +int LP_find_file_end(LP_DIR_CTX **ctx) +{ + if (ctx != NULL && *ctx != NULL) + { + int ret = closedir((*ctx)->dir); + + free(*ctx); + switch (ret) + { + case 0: + return 1; + case -1: + return 0; + default: + break; + } + } + errno = EINVAL; + return 0; +} diff --git a/crypto/openssl/crypto/LPdir_vms.c b/crypto/openssl/crypto/LPdir_vms.c new file mode 100644 index 0000000..85b427a --- /dev/null +++ b/crypto/openssl/crypto/LPdir_vms.c @@ -0,0 +1,199 @@ +/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef LPDIR_H +#include "LPdir.h" +#endif + +/* Because some compiler options hide this macor */ +#ifndef EVMSERR +#define EVMSERR 65535 /* error for non-translatable VMS errors */ +#endif + +struct LP_dir_context_st +{ + unsigned long VMS_context; +#ifdef NAML$C_MAXRSS + char filespec[NAML$C_MAXRSS+1]; + char result[NAML$C_MAXRSS+1]; +#else + char filespec[256]; + char result[256]; +#endif + struct dsc$descriptor_d filespec_dsc; + struct dsc$descriptor_d result_dsc; +}; + +const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) +{ + int status; + char *p, *r; + size_t l; + unsigned long flags = 0; +#ifdef NAML$C_MAXRSS + flags |= LIB$M_FIL_LONG_NAMES; +#endif + + if (ctx == NULL || directory == NULL) + { + errno = EINVAL; + return 0; + } + + errno = 0; + if (*ctx == NULL) + { + size_t filespeclen = strlen(directory); + char *filespec = NULL; + + /* MUST be a VMS directory specification! Let's estimate if it is. */ + if (directory[filespeclen-1] != ']' + && directory[filespeclen-1] != '>' + && directory[filespeclen-1] != ':') + { + errno = EINVAL; + return 0; + } + + filespeclen += 4; /* "*.*;" */ + + if (filespeclen > +#ifdef NAML$C_MAXRSS + NAML$C_MAXRSS +#else + 255 +#endif + ) + { + errno = ENAMETOOLONG; + return 0; + } + + *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + if (*ctx == NULL) + { + errno = ENOMEM; + return 0; + } + memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + + strcpy((*ctx)->filespec,directory); + strcat((*ctx)->filespec,"*.*;"); + (*ctx)->filespec_dsc.dsc$w_length = filespeclen; + (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S; + (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec; + (*ctx)->result_dsc.dsc$w_length = 0; + (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D; + (*ctx)->result_dsc.dsc$a_pointer = 0; + } + + (*ctx)->result_dsc.dsc$w_length = 0; + (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T; + (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D; + (*ctx)->result_dsc.dsc$a_pointer = 0; + + status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc, + &(*ctx)->VMS_context, 0, 0, 0, &flags); + + if (status == RMS$_NMF) + { + errno = 0; + vaxc$errno = status; + return NULL; + } + + if(!$VMS_STATUS_SUCCESS(status)) + { + errno = EVMSERR; + vaxc$errno = status; + return NULL; + } + + /* Quick, cheap and dirty way to discard any device and directory, + since we only want file names */ + l = (*ctx)->result_dsc.dsc$w_length; + p = (*ctx)->result_dsc.dsc$a_pointer; + r = p; + for (; *p; p++) + { + if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */ + { + p++; + } + else if (*p == ':' || *p == '>' || *p == ']') + { + l -= p + 1 - r; + r = p + 1; + } + else if (*p == ';') + { + l = p - r; + break; + } + } + + strncpy((*ctx)->result, r, l); + (*ctx)->result[l] = '\0'; + str$free1_dx(&(*ctx)->result_dsc); + + return (*ctx)->result; +} + +int LP_find_file_end(LP_DIR_CTX **ctx) +{ + if (ctx != NULL && *ctx != NULL) + { + int status = lib$find_file_end(&(*ctx)->VMS_context); + + free(*ctx); + + if(!$VMS_STATUS_SUCCESS(status)) + { + errno = EVMSERR; + vaxc$errno = status; + return 0; + } + return 1; + } + errno = EINVAL; + return 0; +} + diff --git a/crypto/openssl/crypto/LPdir_win.c b/crypto/openssl/crypto/LPdir_win.c new file mode 100644 index 0000000..09b475b --- /dev/null +++ b/crypto/openssl/crypto/LPdir_win.c @@ -0,0 +1,155 @@ +/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include +#include +#ifndef LPDIR_H +#include "LPdir.h" +#endif + +/* We're most likely overcautious here, but let's reserve for + broken WinCE headers and explicitly opt for UNICODE call. + Keep in mind that our WinCE builds are compiled with -DUNICODE + [as well as -D_UNICODE]. */ +#if defined(LP_SYS_WINCE) && !defined(FindFirstFile) +# define FindFirstFile FindFirstFileW +#endif +#if defined(LP_SYS_WINCE) && !defined(FindFirstFile) +# define FindNextFile FindNextFileW +#endif + +#ifndef NAME_MAX +#define NAME_MAX 255 +#endif + +struct LP_dir_context_st +{ + WIN32_FIND_DATA ctx; + HANDLE handle; + char entry_name[NAME_MAX+1]; +}; + +const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) +{ + struct dirent *direntry = NULL; + + if (ctx == NULL || directory == NULL) + { + errno = EINVAL; + return 0; + } + + errno = 0; + if (*ctx == NULL) + { + *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + if (*ctx == NULL) + { + errno = ENOMEM; + return 0; + } + memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + + if (sizeof(TCHAR) != sizeof(char)) + { + TCHAR *wdir = NULL; + /* len_0 denotes string length *with* trailing 0 */ + size_t index = 0,len_0 = strlen(directory) + 1; + + wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR)); + if (wdir == NULL) + { + free(*ctx); + *ctx = NULL; + errno = ENOMEM; + return 0; + } + +#ifdef LP_MULTIBYTE_AVAILABLE + if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0)) +#endif + for (index = 0; index < len_0; index++) + wdir[index] = (TCHAR)directory[index]; + + (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx); + + free(wdir); + } + else + (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx); + + if ((*ctx)->handle == INVALID_HANDLE_VALUE) + { + free(*ctx); + *ctx = NULL; + errno = EINVAL; + return 0; + } + } + else + { + if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) + { + return 0; + } + } + + if (sizeof(TCHAR) != sizeof(char)) + { + TCHAR *wdir = (*ctx)->ctx.cFileName; + size_t index, len_0 = 0; + + while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++; + len_0++; + +#ifdef LP_MULTIBYTE_AVAILABLE + if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name, + sizeof((*ctx)->entry_name), NULL, 0)) +#endif + for (index = 0; index < len_0; index++) + (*ctx)->entry_name[index] = (char)wdir[index]; + } + else + strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName, + sizeof((*ctx)->entry_name)-1); + + (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0'; + + return (*ctx)->entry_name; +} + +int LP_find_file_end(LP_DIR_CTX **ctx) +{ + if (ctx != NULL && *ctx != NULL) + { + FindClose((*ctx)->handle); + free(*ctx); + *ctx = NULL; + return 1; + } + errno = EINVAL; + return 0; +} diff --git a/crypto/openssl/crypto/LPdir_win32.c b/crypto/openssl/crypto/LPdir_win32.c new file mode 100644 index 0000000..e39872d --- /dev/null +++ b/crypto/openssl/crypto/LPdir_win32.c @@ -0,0 +1,30 @@ +/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define LP_SYS_WIN32 +#define LP_MULTIBYTE_AVAILABLE +#include "LPdir_win.c" diff --git a/crypto/openssl/crypto/LPdir_wince.c b/crypto/openssl/crypto/LPdir_wince.c new file mode 100644 index 0000000..ab0e1e6 --- /dev/null +++ b/crypto/openssl/crypto/LPdir_wince.c @@ -0,0 +1,31 @@ +/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define LP_SYS_WINCE +/* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently + under investigation what the exact conditions would be */ +#include "LPdir_win.c" diff --git a/crypto/openssl/crypto/Makefile b/crypto/openssl/crypto/Makefile index 347de0c..bb8eaa0 100644 --- a/crypto/openssl/crypto/Makefile +++ b/crypto/openssl/crypto/Makefile @@ -1,48 +1,46 @@ # -# SSLeay/crypto/Makefile +# OpenSSL/crypto/Makefile # DIR= crypto TOP= .. CC= cc INCLUDE= -I. -I$(TOP) -I../include +# INCLUDES targets sudbirs! INCLUDES= -I.. -I../.. -I../../include CFLAG= -g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP= /usr/local/ssl MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile RM= rm -f AR= ar r +RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \ + (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ + $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \ + done; + PEX_LIBS= EX_LIBS= CFLAGS= $(INCLUDE) $(CFLAG) - +ASFLAGS= $(INCLUDE) $(ASFLAG) +AFLAGS=$(ASFLAGS) LIBS= -SDIRS= md2 md5 sha mdc2 hmac ripemd \ - des rc2 rc4 rc5 idea bf cast \ - bn ec rsa dsa dh dso engine aes \ - buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 - GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c -LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ) SRC= $(LIBSRC) EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -59,39 +57,49 @@ buildinf.h: ../Makefile echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ echo '#endif' ) >buildinf.h +x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@ +x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@ +x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@ + +uplink.o: ../ms/uplink.c + $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c + +uplink-cof.s: ../ms/uplink.pl + $(PERL) ../ms/uplink.pl coff > $@ + +x86_64cpuid.s: x86_64cpuid.pl + $(PERL) x86_64cpuid.pl $@ +ia64cpuid.s: ia64cpuid.S + $(CC) $(CFLAGS) -E ia64cpuid.S > $@ + testapps: - if echo ${SDIRS} | fgrep ' des '; \ - then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi - cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps + [ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \ + then cd des && $(MAKE) -e des; fi ) + [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps ); + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi subdirs: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making all in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ - done; + @target=all; $(RECURSIVE_MAKE) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making 'files' in crypto/$$i..." && \ - $(MAKE) PERL='${PERL}' files ); \ - done; + @target=files; $(RECURSIVE_MAKE) links: @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) - @for i in $(SDIRS); do \ - (cd $$i && echo "making links in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \ - done; + @target=links; $(RECURSIVE_MAKE) -lib: $(LIBOBJ) +# lib: and $(LIB): are splitted to avoid end-less loop +lib: $(LIB) + @touch lib +$(LIB): $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. - @touch lib shared: buildinf.h lib subdirs if [ -n "$(SHARED_LIBS)" ]; then \ @@ -99,119 +107,98 @@ shared: buildinf.h lib subdirs fi libs: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making libs in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \ - done; - -tests: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making tests in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \ - done; + @target=lib; $(RECURSIVE_MAKE) install: - @for i in $(EXHEADER) ;\ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making install in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \ - done; + @target=install; $(RECURSIVE_MAKE) lint: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making lint in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \ - done; + @target=lint; $(RECURSIVE_MAKE) depend: - if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - if [ ! -s buildinf.h ]; then rm buildinf.h; fi - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making depend in crypto/$$i..." && \ - $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \ - done; + @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: - rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making clean in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \ - done; + rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + @target=clean; $(RECURSIVE_MAKE) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making dclean in crypto/$$i..." && \ - $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \ - done; + @target=dclean; $(RECURSIVE_MAKE) # DO NOT DELETE THIS LINE -- make depend depends on it. cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h -cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c +cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h +cpt_err.o: ../include/openssl/symhacks.h cpt_err.c cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h -cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h +cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c +cryptlib.o: cryptlib.h cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h -cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c +cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h +cversion.o: cryptlib.h cversion.c ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h -ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c +ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +ex_data.o: ex_data.c mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h -mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c +mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +mem.o: mem.c mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h -mem_clr.o: ../include/openssl/symhacks.h mem_clr.c +mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h -mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c -o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c -o_str.o: o_str.h +mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +mem_dbg.o: mem_dbg.c +o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +o_dir.o: LPdir_unix.c o_dir.c o_dir.h +o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +o_str.o: o_str.c o_str.h o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c o_time.o: o_time.h tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h -tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h -tmdiff.o: tmdiff.c +tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h -uid.o: ../include/openssl/symhacks.h uid.c +uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c diff --git a/crypto/openssl/crypto/aes/Makefile b/crypto/openssl/crypto/aes/Makefile index 71087bc..057b70b 100644 --- a/crypto/openssl/crypto/aes/Makefile +++ b/crypto/openssl/crypto/aes/Makefile @@ -8,16 +8,14 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP= /usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r -# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr +AES_ASM_OBJ=aes_core.o aes_cbc.o + CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile #TEST=aestest.c @@ -26,7 +24,7 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c -LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o +LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o $(AES_ASM_OBJ) SRC= $(LIBSRC) @@ -47,6 +45,16 @@ lib: $(LIBOBJ) $(LIBOBJ): $(LIBSRC) +aes-ia64.s: asm/aes-ia64.S + $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@ + +ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) +ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) +ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -55,10 +63,9 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) -install: installs - -installs: - @for i in $(EXHEADER) ; \ +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -73,6 +80,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -80,17 +88,17 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h -aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h +aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h +aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +aes_cfb.o: aes_cfb.c aes_locl.h aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -aes_core.o: aes_core.c aes_locl.h +aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h diff --git a/crypto/openssl/crypto/aes/aes.h b/crypto/openssl/crypto/aes/aes.h index 8a3ea0b..9ffcc9f 100644 --- a/crypto/openssl/crypto/aes/aes.h +++ b/crypto/openssl/crypto/aes/aes.h @@ -52,7 +52,7 @@ #ifndef HEADER_AES_H #define HEADER_AES_H -#include +#include #ifdef OPENSSL_NO_AES #error AES is disabled. @@ -66,17 +66,17 @@ #define AES_MAXNR 14 #define AES_BLOCK_SIZE 16 -#if defined(OPENSSL_FIPS) -#define FIPS_AES_SIZE_T int -#endif - #ifdef __cplusplus extern "C" { #endif /* This should be a hidden type, but EVP requires that the size be known */ struct aes_key_st { +#ifdef AES_LONG unsigned long rd_key[4 *(AES_MAXNR + 1)]; +#else + unsigned int rd_key[4 *(AES_MAXNR + 1)]; +#endif int rounds; }; typedef struct aes_key_st AES_KEY; diff --git a/crypto/openssl/crypto/aes/aes_cbc.c b/crypto/openssl/crypto/aes/aes_cbc.c index 1222a21..d2ba6bc 100644 --- a/crypto/openssl/crypto/aes/aes_cbc.c +++ b/crypto/openssl/crypto/aes/aes_cbc.c @@ -66,6 +66,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, unsigned long n; unsigned long len = length; unsigned char tmp[AES_BLOCK_SIZE]; + const unsigned char *iv = ivec; assert(in && out && key && ivec); assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); @@ -73,22 +74,39 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, if (AES_ENCRYPT == enc) { while (len >= AES_BLOCK_SIZE) { for(n=0; n < AES_BLOCK_SIZE; ++n) - tmp[n] = in[n] ^ ivec[n]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); + out[n] = in[n] ^ iv[n]; + AES_encrypt(out, out, key); + iv = out; len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { for(n=0; n < len; ++n) - tmp[n] = in[n] ^ ivec[n]; + out[n] = in[n] ^ iv[n]; for(n=len; n < AES_BLOCK_SIZE; ++n) - tmp[n] = ivec[n]; - AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, AES_BLOCK_SIZE); - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } + out[n] = iv[n]; + AES_encrypt(out, out, key); + iv = out; + } + memcpy(ivec,iv,AES_BLOCK_SIZE); + } else if (in != out) { + while (len >= AES_BLOCK_SIZE) { + AES_decrypt(in, out, key); + for(n=0; n < AES_BLOCK_SIZE; ++n) + out[n] ^= iv[n]; + iv = in; + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (len) { + AES_decrypt(in,tmp,key); + for(n=0; n < len; ++n) + out[n] = tmp[n] ^ iv[n]; + iv = in; + } + memcpy(ivec,iv,AES_BLOCK_SIZE); } else { while (len >= AES_BLOCK_SIZE) { memcpy(tmp, in, AES_BLOCK_SIZE); @@ -102,10 +120,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, tmp, key); + AES_decrypt(tmp, out, key); for(n=0; n < len; ++n) - out[n] = tmp[n] ^ ivec[n]; + out[n] ^= ivec[n]; + for(n=len; n < AES_BLOCK_SIZE; ++n) + out[n] = tmp[n]; memcpy(ivec, tmp, AES_BLOCK_SIZE); - } + } } } diff --git a/crypto/openssl/crypto/aes/aes_cfb.c b/crypto/openssl/crypto/aes/aes_cfb.c index 2e0c41e..49f0411 100644 --- a/crypto/openssl/crypto/aes/aes_cfb.c +++ b/crypto/openssl/crypto/aes/aes_cfb.c @@ -114,6 +114,7 @@ #include #include "aes_locl.h" +#include "e_os.h" /* The input and output encrypted as though 128bit cfb mode is being * used. The extra state information to record how much of the @@ -157,61 +158,35 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, /* This expects a single block of size nbits for both in and out. Note that it corrupts any extra bits in the last byte of out */ -/* Untested, once it is working, it will be optimised */ void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, const int nbits,const AES_KEY *key, unsigned char *ivec,const int enc) { - int n; + int n,rem,num; unsigned char ovec[AES_BLOCK_SIZE*2]; - assert(in && out && key && ivec); - if(enc) - { - /* construct the new IV */ - AES_encrypt(ivec,ovec,key); - /* encrypt the input */ - for(n=0 ; n < (nbits+7)/8 ; ++n) - out[n]=in[n]^ovec[n]; - /* fill in the first half of the new IV with the current IV */ - memcpy(ovec,ivec,AES_BLOCK_SIZE); - /* and put the ciphertext in the second half */ - memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8); - /* shift ovec left most of the bits... */ - memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0)); - /* now the remaining bits */ - if(nbits%8 != 0) - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - { - ovec[n]<<=nbits%8; - ovec[n]|=ovec[n+1]>>(8-nbits%8); - } - /* finally, move it back into place */ - memcpy(ivec,ovec,AES_BLOCK_SIZE); - } - else - { - /* construct the new IV in the first half of ovec */ - AES_encrypt(ivec,ovec,key); - /* decrypt the input */ - for(n=0 ; n < (nbits+7)/8 ; ++n) - out[n]=in[n]^ovec[n]; + if (nbits<=0 || nbits>128) return; + /* fill in the first half of the new IV with the current IV */ memcpy(ovec,ivec,AES_BLOCK_SIZE); - /* append the ciphertext */ - memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8); - /* shift ovec left most of the bits... */ - memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0)); - /* now the remaining bits */ - if(nbits%8 != 0) + /* construct the new IV */ + AES_encrypt(ivec,ivec,key); + num = (nbits+7)/8; + if (enc) /* encrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); + else /* decrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; + /* shift ovec left... */ + rem = nbits%8; + num = nbits/8; + if(rem==0) + memcpy(ivec,ovec+num,AES_BLOCK_SIZE); + else for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - { - ovec[n]<<=nbits%8; - ovec[n]|=ovec[n+1]>>(8-nbits%8); - } - /* finally, move it back into place */ - memcpy(ivec,ovec,AES_BLOCK_SIZE); - } + ivec[n] = ovec[n+num]<>(8-rem); + /* it is not necessary to cleanse ovec, since the IV is not secret */ } diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/openssl/crypto/aes/aes_core.c index ed566a8..410ae2e 100644 --- a/crypto/openssl/crypto/aes/aes_core.c +++ b/crypto/openssl/crypto/aes/aes_core.c @@ -37,11 +37,8 @@ #include #include -#include #include "aes_locl.h" -#ifndef OPENSSL_FIPS - /* Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -56,6 +53,13 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e]; Td4[x] = Si[x].[01, 01, 01, 01]; */ +#ifdef AES_ASM +extern const u32 AES_Te[5][256]; +#define Te0 AES_Te[0] +#define Te1 AES_Te[1] +#define Te2 AES_Te[2] +#define Te3 AES_Te[3] +#else static const u32 Te0[256] = { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, @@ -255,7 +259,6 @@ static const u32 Te2[256] = { 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, }; static const u32 Te3[256] = { - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, @@ -321,6 +324,7 @@ static const u32 Te3[256] = { 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, }; +#endif static const u32 Te4[256] = { 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, @@ -387,6 +391,14 @@ static const u32 Te4[256] = { 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, }; + +#ifdef AES_ASM +extern const u32 AES_Td[5][256]; +#define Td0 AES_Td[0] +#define Td1 AES_Td[1] +#define Td2 AES_Td[2] +#define Td3 AES_Td[3] +#else static const u32 Td0[256] = { 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, @@ -540,7 +552,6 @@ static const u32 Td2[256] = { 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, @@ -652,6 +663,7 @@ static const u32 Td3[256] = { 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, }; +#endif static const u32 Td4[256] = { 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, @@ -876,6 +888,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, return 0; } +#ifndef AES_ASM /* * Encrypt a single block * in and out can overlap @@ -1258,4 +1271,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, PUTU32(out + 12, s3); } -#endif /* ndef OPENSSL_FIPS */ +#endif /* AES_ASM */ diff --git a/crypto/openssl/crypto/aes/aes_locl.h b/crypto/openssl/crypto/aes/aes_locl.h index 4184729..054b442 100644 --- a/crypto/openssl/crypto/aes/aes_locl.h +++ b/crypto/openssl/crypto/aes/aes_locl.h @@ -62,7 +62,7 @@ #include #include -#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE) +#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) # define GETU32(p) SWAP(*((u32 *)(p))) # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } @@ -71,7 +71,11 @@ # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } #endif +#ifdef AES_LONG typedef unsigned long u32; +#else +typedef unsigned int u32; +#endif typedef unsigned short u16; typedef unsigned char u8; diff --git a/crypto/openssl/crypto/aes/asm/aes-586.pl b/crypto/openssl/crypto/aes/asm/aes-586.pl new file mode 100755 index 0000000..c120623 --- /dev/null +++ b/crypto/openssl/crypto/aes/asm/aes-586.pl @@ -0,0 +1,1531 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# Version 3.4. +# +# You might fail to appreciate this module performance from the first +# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered +# to be *the* best Intel C compiler without -KPIC, performance appears +# to be virtually identical... But try to re-configure with shared +# library support... Aha! Intel compiler "suddenly" lags behind by 30% +# [on P4, more on others]:-) And if compared to position-independent +# code generated by GNU C, this code performs *more* than *twice* as +# fast! Yes, all this buzz about PIC means that unlike other hand- +# coded implementations, this one was explicitly designed to be safe +# to use even in shared library context... This also means that this +# code isn't necessarily absolutely fastest "ever," because in order +# to achieve position independence an extra register has to be +# off-loaded to stack, which affects the benchmark result. +# +# Special note about instruction choice. Do you recall RC4_INT code +# performing poorly on P4? It might be the time to figure out why. +# RC4_INT code implies effective address calculations in base+offset*4 +# form. Trouble is that it seems that offset scaling turned to be +# critical path... At least eliminating scaling resulted in 2.8x RC4 +# performance improvement [as you might recall]. As AES code is hungry +# for scaling too, I [try to] avoid the latter by favoring off-by-2 +# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. +# +# As was shown by Dean Gaudet , the above note turned +# void. Performance improvement with off-by-2 shifts was observed on +# intermediate implementation, which was spilling yet another register +# to stack... Final offset*4 code below runs just a tad faster on P4, +# but exhibits up to 10% improvement on other cores. +# +# Second version is "monolithic" replacement for aes_core.c, which in +# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. +# This made it possible to implement little-endian variant of the +# algorithm without modifying the base C code. Motivating factor for +# the undertaken effort was that it appeared that in tight IA-32 +# register window little-endian flavor could achieve slightly higher +# Instruction Level Parallelism, and it indeed resulted in up to 15% +# better performance on most recent µ-archs... +# +# Third version adds AES_cbc_encrypt implementation, which resulted in +# up to 40% performance imrovement of CBC benchmark results. 40% was +# observed on P4 core, where "overall" imrovement coefficient, i.e. if +# compared to PIC generated by GCC and in CBC mode, was observed to be +# as large as 4x:-) CBC performance is virtually identical to ECB now +# and on some platforms even better, e.g. 17.6 "small" cycles/byte on +# Opteron, because certain function prologues and epilogues are +# effectively taken out of the loop... +# +# Version 3.2 implements compressed tables and prefetch of these tables +# in CBC[!] mode. Former means that 3/4 of table references are now +# misaligned, which unfortunately has negative impact on elder IA-32 +# implementations, Pentium suffered 30% penalty, PIII - 10%. +# +# Version 3.3 avoids L1 cache aliasing between stack frame and +# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The +# latter is achieved by copying the key schedule to controlled place in +# stack. This unfortunately has rather strong impact on small block CBC +# performance, ~2x deterioration on 16-byte block if compared to 3.3. +# +# Current ECB performance numbers for 128-bit key in CPU cycles per +# processed byte [measure commonly used by AES benchmarkers] are: +# +# small footprint fully unrolled +# P4 24 22 +# AMD K8 20 19 +# PIII 25 23 +# Pentium 81 78 + +push(@INC,"perlasm","../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386"); + +$s0="eax"; +$s1="ebx"; +$s2="ecx"; +$s3="edx"; +$key="edi"; +$acc="esi"; + +$compromise=0; # $compromise=128 abstains from copying key + # schedule to stack when encrypting inputs + # shorter than 128 bytes at the cost of + # risksing aliasing with S-boxes. In return + # you get way better, up to +70%, small block + # performance. +$small_footprint=1; # $small_footprint=1 code is ~5% slower [on + # recent µ-archs], but ~5 times smaller! + # I favor compact code to minimize cache + # contention and in hope to "collect" 5% back + # in real-life applications... +$vertical_spin=0; # shift "verticaly" defaults to 0, because of + # its proof-of-concept status... + +# Note that there is no decvert(), as well as last encryption round is +# performed with "horizontal" shifts. This is because this "vertical" +# implementation [one which groups shifts on a given $s[i] to form a +# "column," unlike "horizontal" one, which groups shifts on different +# $s[i] to form a "row"] is work in progress. It was observed to run +# few percents faster on Intel cores, but not AMD. On AMD K8 core it's +# whole 12% slower:-( So we face a trade-off... Shall it be resolved +# some day? Till then the code is considered experimental and by +# default remains dormant... + +sub encvert() +{ my ($te,@s) = @_; + my $v0 = $acc, $v1 = $key; + + &mov ($v0,$s[3]); # copy s3 + &mov (&DWP(4,"esp"),$s[2]); # save s2 + &mov ($v1,$s[0]); # copy s0 + &mov (&DWP(8,"esp"),$s[1]); # save s1 + + &movz ($s[2],&HB($s[0])); + &and ($s[0],0xFF); + &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 + &shr ($v1,16); + &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 + &movz ($s[1],&HB($v1)); + &and ($v1,0xFF); + &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 + &mov ($v1,$v0); + &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 + + &and ($v0,0xFF); + &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 + &movz ($v0,&HB($v1)); + &shr ($v1,16); + &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 + &movz ($v0,&HB($v1)); + &and ($v1,0xFF); + &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 + &mov ($v1,&DWP(4,"esp")); # restore s2 + &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 + + &mov ($v0,$v1); + &and ($v1,0xFF); + &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 + &movz ($v1,&HB($v0)); + &shr ($v0,16); + &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 + &movz ($v1,&HB($v0)); + &and ($v0,0xFF); + &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 + &mov ($v0,&DWP(8,"esp")); # restore s1 + &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 + + &mov ($v1,$v0); + &and ($v0,0xFF); + &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 + &movz ($v0,&HB($v1)); + &shr ($v1,16); + &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 + &movz ($v0,&HB($v1)); + &and ($v1,0xFF); + &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 + &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key + &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 +} + +sub encstep() +{ my ($i,$te,@s) = @_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + # lines marked with #%e?x[i] denote "reordered" instructions... + if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx + else { &mov ($out,$s[0]); + &and ($out,0xFF); } + if ($i==1) { &shr ($s[0],16); }#%ebx[1] + if ($i==2) { &shr ($s[0],24); }#%ecx[2] + &mov ($out,&DWP(0,$te,$out,8)); + + if ($i==3) { $tmp=$s[1]; }##%eax + &movz ($tmp,&HB($s[1])); + &xor ($out,&DWP(3,$te,$tmp,8)); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx + else { &mov ($tmp,$s[2]); + &shr ($tmp,16); } + if ($i==2) { &and ($s[1],0xFF); }#%edx[2] + &and ($tmp,0xFF); + &xor ($out,&DWP(2,$te,$tmp,8)); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx + elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] + else { &mov ($tmp,$s[3]); + &shr ($tmp,24) } + &xor ($out,&DWP(1,$te,$tmp,8)); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$acc); } + &comment(); +} + +sub enclast() +{ my ($i,$te,@s)=@_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + if ($i==1) { &shr ($s[0],16); }#%ebx[1] + if ($i==2) { &shr ($s[0],24); }#%ecx[2] + &mov ($out,&DWP(2,$te,$out,8)); + &and ($out,0x000000ff); + + if ($i==3) { $tmp=$s[1]; }##%eax + &movz ($tmp,&HB($s[1])); + &mov ($tmp,&DWP(0,$te,$tmp,8)); + &and ($tmp,0x0000ff00); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx + else { mov ($tmp,$s[2]); + &shr ($tmp,16); } + if ($i==2) { &and ($s[1],0xFF); }#%edx[2] + &and ($tmp,0xFF); + &mov ($tmp,&DWP(0,$te,$tmp,8)); + &and ($tmp,0x00ff0000); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx + elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] + else { &mov ($tmp,$s[3]); + &shr ($tmp,24); } + &mov ($tmp,&DWP(2,$te,$tmp,8)); + &and ($tmp,0xff000000); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$acc); } +} + +sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } + +&public_label("AES_Te"); +&function_begin_B("_x86_AES_encrypt"); + if ($vertical_spin) { + # I need high parts of volatile registers to be accessible... + &exch ($s1="edi",$key="ebx"); + &mov ($s2="esi",$acc="ecx"); + } + + # note that caller is expected to allocate stack frame for me! + &mov (&DWP(12,"esp"),$key); # save key + + &xor ($s0,&DWP(0,$key)); # xor with key + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($acc,&DWP(240,$key)); # load key->rounds + + if ($small_footprint) { + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov (&DWP(16,"esp"),$acc); # end of key schedule + &align (4); + &set_label("loop"); + if ($vertical_spin) { + &encvert("ebp",$s0,$s1,$s2,$s3); + } else { + &encstep(0,"ebp",$s0,$s1,$s2,$s3); + &encstep(1,"ebp",$s1,$s2,$s3,$s0); + &encstep(2,"ebp",$s2,$s3,$s0,$s1); + &encstep(3,"ebp",$s3,$s0,$s1,$s2); + } + &add ($key,16); # advance rd_key + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + &cmp ($key,&DWP(16,"esp")); + &mov (&DWP(12,"esp"),$key); + &jb (&label("loop")); + } + else { + &cmp ($acc,10); + &jle (&label("10rounds")); + &cmp ($acc,12); + &jle (&label("12rounds")); + + &set_label("14rounds"); + for ($i=1;$i<3;$i++) { + if ($vertical_spin) { + &encvert("ebp",$s0,$s1,$s2,$s3); + } else { + &encstep(0,"ebp",$s0,$s1,$s2,$s3); + &encstep(1,"ebp",$s1,$s2,$s3,$s0); + &encstep(2,"ebp",$s2,$s3,$s0,$s1); + &encstep(3,"ebp",$s3,$s0,$s1,$s2); + } + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov (&DWP(12,"esp"),$key); # advance rd_key + &set_label("12rounds"); + for ($i=1;$i<3;$i++) { + if ($vertical_spin) { + &encvert("ebp",$s0,$s1,$s2,$s3); + } else { + &encstep(0,"ebp",$s0,$s1,$s2,$s3); + &encstep(1,"ebp",$s1,$s2,$s3,$s0); + &encstep(2,"ebp",$s2,$s3,$s0,$s1); + &encstep(3,"ebp",$s3,$s0,$s1,$s2); + } + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov (&DWP(12,"esp"),$key); # advance rd_key + &set_label("10rounds"); + for ($i=1;$i<10;$i++) { + if ($vertical_spin) { + &encvert("ebp",$s0,$s1,$s2,$s3); + } else { + &encstep(0,"ebp",$s0,$s1,$s2,$s3); + &encstep(1,"ebp",$s1,$s2,$s3,$s0); + &encstep(2,"ebp",$s2,$s3,$s0,$s1); + &encstep(3,"ebp",$s3,$s0,$s1,$s2); + } + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + } + + if ($vertical_spin) { + # "reincarnate" some registers for "horizontal" spin... + &mov ($s1="ebx",$key="edi"); + &mov ($s2="ecx",$acc="esi"); + } + &enclast(0,"ebp",$s0,$s1,$s2,$s3); + &enclast(1,"ebp",$s1,$s2,$s3,$s0); + &enclast(2,"ebp",$s2,$s3,$s0,$s1); + &enclast(3,"ebp",$s3,$s0,$s1,$s2); + + &add ($key,$small_footprint?16:160); + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &ret (); + +&set_label("AES_Te",64); # Yes! I keep it in the code segment! + &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); + &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); + &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); + &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); + &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); + &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); + &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); + &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); + &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); + &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); + &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); + &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); + &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); + &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); + &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); + &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); + &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); + &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); + &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); + &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); + &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); + &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); + &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); + &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); + &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); + &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); + &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); + &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); + &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); + &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); + &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); + &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); + &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); + &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); + &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); + &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); + &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); + &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); + &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); + &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); + &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); + &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); + &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); + &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); + &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); + &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); + &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); + &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); + &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); + &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); + &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); + &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); + &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); + &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); + &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); + &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); + &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); + &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); + &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); + &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); + &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); + &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); + &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); + &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); +#rcon: + &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); + &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); + &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0); +&function_end_B("_x86_AES_encrypt"); + +# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); +&public_label("AES_Te"); +&function_begin("AES_encrypt"); + &mov ($acc,&wparam(0)); # load inp + &mov ($key,&wparam(2)); # load key + + &mov ($s0,"esp"); + &sub ("esp",24); + &and ("esp",-64); + &add ("esp",4); + &mov (&DWP(16,"esp"),$s0); + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop("ebp"); + &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); + + &mov ($s0,&DWP(0,$acc)); # load input data + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &call ("_x86_AES_encrypt"); + + &mov ("esp",&DWP(16,"esp")); + + &mov ($acc,&wparam(1)); # load out + &mov (&DWP(0,$acc),$s0); # write output data + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); +&function_end("AES_encrypt"); + +#------------------------------------------------------------------# + +sub decstep() +{ my ($i,$td,@s) = @_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + # no instructions are reordered, as performance appears + # optimal... or rather that all attempts to reorder didn't + # result in better performance [which by the way is not a + # bit lower than ecryption]. + if($i==3) { &mov ($key,&DWP(12,"esp")); } + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + &mov ($out,&DWP(0,$td,$out,8)); + + if ($i==3) { $tmp=$s[1]; } + &movz ($tmp,&HB($s[1])); + &xor ($out,&DWP(3,$td,$tmp,8)); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } + else { &mov ($tmp,$s[2]); } + &shr ($tmp,16); + &and ($tmp,0xFF); + &xor ($out,&DWP(2,$td,$tmp,8)); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } + else { &mov ($tmp,$s[3]); } + &shr ($tmp,24); + &xor ($out,&DWP(1,$td,$tmp,8)); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } + &comment(); +} + +sub declast() +{ my ($i,$td,@s)=@_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + if($i==3) { &mov ($key,&DWP(12,"esp")); } + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + &mov ($out,&DWP(2048,$td,$out,4)); + &and ($out,0x000000ff); + + if ($i==3) { $tmp=$s[1]; } + &movz ($tmp,&HB($s[1])); + &mov ($tmp,&DWP(2048,$td,$tmp,4)); + &and ($tmp,0x0000ff00); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } + else { mov ($tmp,$s[2]); } + &shr ($tmp,16); + &and ($tmp,0xFF); + &mov ($tmp,&DWP(2048,$td,$tmp,4)); + &and ($tmp,0x00ff0000); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } + else { &mov ($tmp,$s[3]); } + &shr ($tmp,24); + &mov ($tmp,&DWP(2048,$td,$tmp,4)); + &and ($tmp,0xff000000); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } +} + +&public_label("AES_Td"); +&function_begin_B("_x86_AES_decrypt"); + # note that caller is expected to allocate stack frame for me! + &mov (&DWP(12,"esp"),$key); # save key + + &xor ($s0,&DWP(0,$key)); # xor with key + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($acc,&DWP(240,$key)); # load key->rounds + + if ($small_footprint) { + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov (&DWP(16,"esp"),$acc); # end of key schedule + &align (4); + &set_label("loop"); + &decstep(0,"ebp",$s0,$s3,$s2,$s1); + &decstep(1,"ebp",$s1,$s0,$s3,$s2); + &decstep(2,"ebp",$s2,$s1,$s0,$s3); + &decstep(3,"ebp",$s3,$s2,$s1,$s0); + &add ($key,16); # advance rd_key + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + &cmp ($key,&DWP(16,"esp")); + &mov (&DWP(12,"esp"),$key); + &jb (&label("loop")); + } + else { + &cmp ($acc,10); + &jle (&label("10rounds")); + &cmp ($acc,12); + &jle (&label("12rounds")); + + &set_label("14rounds"); + for ($i=1;$i<3;$i++) { + &decstep(0,"ebp",$s0,$s3,$s2,$s1); + &decstep(1,"ebp",$s1,$s0,$s3,$s2); + &decstep(2,"ebp",$s2,$s1,$s0,$s3); + &decstep(3,"ebp",$s3,$s2,$s1,$s0); + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov (&DWP(12,"esp"),$key); # advance rd_key + &set_label("12rounds"); + for ($i=1;$i<3;$i++) { + &decstep(0,"ebp",$s0,$s3,$s2,$s1); + &decstep(1,"ebp",$s1,$s0,$s3,$s2); + &decstep(2,"ebp",$s2,$s1,$s0,$s3); + &decstep(3,"ebp",$s3,$s2,$s1,$s0); + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov (&DWP(12,"esp"),$key); # advance rd_key + &set_label("10rounds"); + for ($i=1;$i<10;$i++) { + &decstep(0,"ebp",$s0,$s3,$s2,$s1); + &decstep(1,"ebp",$s1,$s0,$s3,$s2); + &decstep(2,"ebp",$s2,$s1,$s0,$s3); + &decstep(3,"ebp",$s3,$s2,$s1,$s0); + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + } + + &declast(0,"ebp",$s0,$s3,$s2,$s1); + &declast(1,"ebp",$s1,$s0,$s3,$s2); + &declast(2,"ebp",$s2,$s1,$s0,$s3); + &declast(3,"ebp",$s3,$s2,$s1,$s0); + + &add ($key,$small_footprint?16:160); + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &ret (); + +&set_label("AES_Td",64); # Yes! I keep it in the code segment! + &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); + &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); + &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); + &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); + &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); + &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); + &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); + &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); + &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); + &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); + &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); + &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); + &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); + &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); + &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); + &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); + &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); + &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); + &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); + &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); + &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); + &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); + &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); + &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); + &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); + &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); + &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); + &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); + &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); + &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); + &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); + &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); + &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); + &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); + &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); + &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); + &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); + &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); + &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); + &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); + &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); + &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); + &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); + &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); + &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); + &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); + &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); + &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); + &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); + &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); + &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); + &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); + &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); + &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); + &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); + &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); + &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); + &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); + &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); + &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); + &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); + &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); + &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); + &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); +#Td4: + &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5); + &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838); + &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e); + &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb); + &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282); + &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787); + &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444); + &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb); + &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232); + &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d); + &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b); + &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e); + &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666); + &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2); + &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949); + &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525); + &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464); + &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616); + &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc); + &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292); + &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050); + &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada); + &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757); + &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484); + &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000); + &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a); + &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505); + &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606); + &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f); + &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202); + &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303); + &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b); + &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141); + &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea); + &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece); + &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373); + &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222); + &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585); + &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8); + &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e); + &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171); + &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989); + &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e); + &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b); + &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b); + &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020); + &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe); + &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4); + &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333); + &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131); + &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959); + &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f); + &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9); + &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d); + &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f); + &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef); + &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d); + &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0); + &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c); + &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161); + &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e); + &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626); + &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363); + &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d); +&function_end_B("_x86_AES_decrypt"); + +# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); +&public_label("AES_Td"); +&function_begin("AES_decrypt"); + &mov ($acc,&wparam(0)); # load inp + &mov ($key,&wparam(2)); # load key + + &mov ($s0,"esp"); + &sub ("esp",24); + &and ("esp",-64); + &add ("esp",4); + &mov (&DWP(16,"esp"),$s0); + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop("ebp"); + &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); + + &mov ($s0,&DWP(0,$acc)); # load input data + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &call ("_x86_AES_decrypt"); + + &mov ("esp",&DWP(16,"esp")); + + &mov ($acc,&wparam(1)); # load out + &mov (&DWP(0,$acc),$s0); # write output data + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); +&function_end("AES_decrypt"); + +# void AES_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +{ +# stack frame layout +# -4(%esp) 0(%esp) return address +# 0(%esp) 4(%esp) tmp1 +# 4(%esp) 8(%esp) tmp2 +# 8(%esp) 12(%esp) key +# 12(%esp) 16(%esp) end of key schedule +my $_esp=&DWP(16,"esp"); #saved %esp +my $_inp=&DWP(20,"esp"); #copy of wparam(0) +my $_out=&DWP(24,"esp"); #copy of wparam(1) +my $_len=&DWP(28,"esp"); #copy of wparam(2) +my $_key=&DWP(32,"esp"); #copy of wparam(3) +my $_ivp=&DWP(36,"esp"); #copy of wparam(4) +my $_tmp=&DWP(40,"esp"); #volatile variable +my $ivec=&DWP(44,"esp"); #ivec[16] +my $aes_key=&DWP(60,"esp"); #copy of aes_key + +&public_label("AES_Te"); +&public_label("AES_Td"); +&function_begin("AES_cbc_encrypt"); + &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len + &cmp ($s2,0); + &je (&label("enc_out")); + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop("ebp"); + + &pushf (); + &cld (); + + &cmp (&wparam(5),0); + &je (&label("DECRYPT")); + + &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); + + # allocate aligned stack frame... + &lea ($key,&DWP(-64-244,"esp")); + &and ($key,-64); + + # ... and make sure it doesn't alias with AES_Te modulo 4096 + &mov ($s0,"ebp"); + &lea ($s1,&DWP(2048,"ebp")); + &mov ($s3,$key); + &and ($s0,0xfff); # s = %ebp&0xfff + &and ($s1,0xfff); # e = (%ebp+2048)&0xfff + &and ($s3,0xfff); # p = %esp&0xfff + + &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); + &jb (&label("te_break_out")); + &sub ($s3,$s1); + &sub ($key,$s3); + &jmp (&label("te_ok")); + &set_label("te_break_out"); # else %esp -= (p-s)&0xfff + framesz; + &sub ($s3,$s0); + &and ($s3,0xfff); + &add ($s3,64+256); + &sub ($key,$s3); + &align (4); + &set_label("te_ok"); + + &mov ($s0,&wparam(0)); # load inp + &mov ($s1,&wparam(1)); # load out + &mov ($s3,&wparam(3)); # load key + &mov ($acc,&wparam(4)); # load ivp + + &exch ("esp",$key); + &add ("esp",4); # reserve for return address! + &mov ($_esp,$key); # save %esp + + &mov ($_inp,$s0); # save copy of inp + &mov ($_out,$s1); # save copy of out + &mov ($_len,$s2); # save copy of len + &mov ($_key,$s3); # save copy of key + &mov ($_ivp,$acc); # save copy of ivp + + if ($compromise) { + &cmp ($s2,$compromise); + &jb (&label("skip_ecopy")); + } + # copy key schedule to stack + &mov ("ecx",244/4); + &mov ("esi",$s3); + &lea ("edi",$aes_key); + &mov ($_key,"edi"); + &align (4); + &data_word(0xF689A5F3); # rep movsd + &set_label("skip_ecopy") if ($compromise); + + &mov ($acc,$s0); + &mov ($key,16); + &align (4); + &set_label("prefetch_te"); + &mov ($s0,&DWP(0,"ebp")); + &mov ($s1,&DWP(32,"ebp")); + &mov ($s2,&DWP(64,"ebp")); + &mov ($s3,&DWP(96,"ebp")); + &lea ("ebp",&DWP(128,"ebp")); + &dec ($key); + &jnz (&label("prefetch_te")); + &sub ("ebp",2048); + + &mov ($s2,$_len); + &mov ($key,$_ivp); + &test ($s2,0xFFFFFFF0); + &jz (&label("enc_tail")); # short input... + + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + + &align (4); + &set_label("enc_loop"); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + + &xor ($s0,&DWP(0,$acc)); # xor input data + &xor ($s1,&DWP(4,$acc)); + &xor ($s2,&DWP(8,$acc)); + &xor ($s3,&DWP(12,$acc)); + + &mov ($key,$_key); # load key + &call ("_x86_AES_encrypt"); + + &mov ($acc,$_inp); # load inp + &mov ($key,$_out); # load out + + &mov (&DWP(0,$key),$s0); # save output data + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($s2,$_len); # load len + + &lea ($acc,&DWP(16,$acc)); + &mov ($_inp,$acc); # save inp + + &lea ($s3,&DWP(16,$key)); + &mov ($_out,$s3); # save out + + &sub ($s2,16); + &test ($s2,0xFFFFFFF0); + &mov ($_len,$s2); # save len + &jnz (&label("enc_loop")); + &test ($s2,15); + &jnz (&label("enc_tail")); + &mov ($acc,$_ivp); # load ivp + &mov ($s2,&DWP(8,$key)); # restore last dwords + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$acc),$s0); # save ivec + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &mov ("edi",$_key); + &mov ("esp",$_esp); + if ($compromise) { + &cmp (&wparam(2),$compromise); + &jb (&label("skip_ezero")); + } + # zero copy of key schedule + &mov ("ecx",240/4); + &xor ("eax","eax"); + &align (4); + &data_word(0xF689ABF3); # rep stosd + &set_label("skip_ezero") if ($compromise); + &popf (); + &set_label("enc_out"); + &function_end_A(); + &pushf (); # kludge, never executed + + &align (4); + &set_label("enc_tail"); + &push ($key eq "edi" ? $key : ""); # push ivp + &mov ($key,$_out); # load out + &mov ($s1,16); + &sub ($s1,$s2); + &cmp ($key,$acc); # compare with inp + &je (&label("enc_in_place")); + &align (4); + &data_word(0xF689A4F3); # rep movsb # copy input + &jmp (&label("enc_skip_in_place")); + &set_label("enc_in_place"); + &lea ($key,&DWP(0,$key,$s2)); + &set_label("enc_skip_in_place"); + &mov ($s2,$s1); + &xor ($s0,$s0); + &align (4); + &data_word(0xF689AAF3); # rep stosb # zero tail + &pop ($key); # pop ivp + + &mov ($acc,$_out); # output as input + &mov ($s0,&DWP(0,$key)); + &mov ($s1,&DWP(4,$key)); + &mov ($_len,16); # len=16 + &jmp (&label("enc_loop")); # one more spin... + +#----------------------------- DECRYPT -----------------------------# +&align (4); +&set_label("DECRYPT"); + &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); + + # allocate aligned stack frame... + &lea ($key,&DWP(-64-244,"esp")); + &and ($key,-64); + + # ... and make sure it doesn't alias with AES_Td modulo 4096 + &mov ($s0,"ebp"); + &lea ($s1,&DWP(3072,"ebp")); + &mov ($s3,$key); + &and ($s0,0xfff); # s = %ebp&0xfff + &and ($s1,0xfff); # e = (%ebp+3072)&0xfff + &and ($s3,0xfff); # p = %esp&0xfff + + &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); + &jb (&label("td_break_out")); + &sub ($s3,$s1); + &sub ($key,$s3); + &jmp (&label("td_ok")); + &set_label("td_break_out"); # else %esp -= (p-s)&0xfff + framesz; + &sub ($s3,$s0); + &and ($s3,0xfff); + &add ($s3,64+256); + &sub ($key,$s3); + &align (4); + &set_label("td_ok"); + + &mov ($s0,&wparam(0)); # load inp + &mov ($s1,&wparam(1)); # load out + &mov ($s3,&wparam(3)); # load key + &mov ($acc,&wparam(4)); # load ivp + + &exch ("esp",$key); + &add ("esp",4); # reserve for return address! + &mov ($_esp,$key); # save %esp + + &mov ($_inp,$s0); # save copy of inp + &mov ($_out,$s1); # save copy of out + &mov ($_len,$s2); # save copy of len + &mov ($_key,$s3); # save copy of key + &mov ($_ivp,$acc); # save copy of ivp + + if ($compromise) { + &cmp ($s2,$compromise); + &jb (&label("skip_dcopy")); + } + # copy key schedule to stack + &mov ("ecx",244/4); + &mov ("esi",$s3); + &lea ("edi",$aes_key); + &mov ($_key,"edi"); + &align (4); + &data_word(0xF689A5F3); # rep movsd + &set_label("skip_dcopy") if ($compromise); + + &mov ($acc,$s0); + &mov ($key,24); + &align (4); + &set_label("prefetch_td"); + &mov ($s0,&DWP(0,"ebp")); + &mov ($s1,&DWP(32,"ebp")); + &mov ($s2,&DWP(64,"ebp")); + &mov ($s3,&DWP(96,"ebp")); + &lea ("ebp",&DWP(128,"ebp")); + &dec ($key); + &jnz (&label("prefetch_td")); + &sub ("ebp",3072); + + &cmp ($acc,$_out); + &je (&label("dec_in_place")); # in-place processing... + + &mov ($key,$_ivp); # load ivp + &mov ($_tmp,$key); + + &align (4); + &set_label("dec_loop"); + &mov ($s0,&DWP(0,$acc)); # read input + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov ($key,$_key); # load key + &call ("_x86_AES_decrypt"); + + &mov ($key,$_tmp); # load ivp + &mov ($acc,$_len); # load len + &xor ($s0,&DWP(0,$key)); # xor iv + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &sub ($acc,16); + &jc (&label("dec_partial")); + &mov ($_len,$acc); # save len + &mov ($acc,$_inp); # load inp + &mov ($key,$_out); # load out + + &mov (&DWP(0,$key),$s0); # write output + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($_tmp,$acc); # save ivp + &lea ($acc,&DWP(16,$acc)); + &mov ($_inp,$acc); # save inp + + &lea ($key,&DWP(16,$key)); + &mov ($_out,$key); # save out + + &jnz (&label("dec_loop")); + &mov ($key,$_tmp); # load temp ivp + &set_label("dec_end"); + &mov ($acc,$_ivp); # load user ivp + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$acc),$s0); # copy back to user + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + &jmp (&label("dec_out")); + + &align (4); + &set_label("dec_partial"); + &lea ($key,$ivec); + &mov (&DWP(0,$key),$s0); # dump output to stack + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc)); + &mov ($acc eq "esi" ? $acc : "",$key); + &mov ($key eq "edi" ? $key : "",$_out); # load out + &data_word(0xF689A4F3); # rep movsb # copy output + &mov ($key,$_inp); # use inp as temp ivp + &jmp (&label("dec_end")); + + &align (4); + &set_label("dec_in_place"); + &set_label("dec_in_place_loop"); + &lea ($key,$ivec); + &mov ($s0,&DWP(0,$acc)); # read input + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov (&DWP(0,$key),$s0); # copy to temp + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($key,$_key); # load key + &call ("_x86_AES_decrypt"); + + &mov ($key,$_ivp); # load ivp + &mov ($acc,$_out); # load out + &xor ($s0,&DWP(0,$key)); # xor iv + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov (&DWP(0,$acc),$s0); # write output + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &lea ($acc,&DWP(16,$acc)); + &mov ($_out,$acc); # save out + + &lea ($acc,$ivec); + &mov ($s0,&DWP(0,$acc)); # read temp + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov (&DWP(0,$key),$s0); # copy iv + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($acc,$_inp); # load inp + + &lea ($acc,&DWP(16,$acc)); + &mov ($_inp,$acc); # save inp + + &mov ($s2,$_len); # load len + &sub ($s2,16); + &jc (&label("dec_in_place_partial")); + &mov ($_len,$s2); # save len + &jnz (&label("dec_in_place_loop")); + &jmp (&label("dec_out")); + + &align (4); + &set_label("dec_in_place_partial"); + # one can argue if this is actually required... + &mov ($key eq "edi" ? $key : "",$_out); + &lea ($acc eq "esi" ? $acc : "",$ivec); + &lea ($key,&DWP(0,$key,$s2)); + &lea ($acc,&DWP(16,$acc,$s2)); + &neg ($s2 eq "ecx" ? $s2 : ""); + &data_word(0xF689A4F3); # rep movsb # restore tail + + &align (4); + &set_label("dec_out"); + &mov ("edi",$_key); + &mov ("esp",$_esp); + if ($compromise) { + &cmp (&wparam(2),$compromise); + &jb (&label("skip_dzero")); + } + # zero copy of key schedule + &mov ("ecx",240/4); + &xor ("eax","eax"); + &align (4); + &data_word(0xF689ABF3); # rep stosd + &set_label("skip_dzero") if ($compromise); + &popf (); +&function_end("AES_cbc_encrypt"); +} + +#------------------------------------------------------------------# + +sub enckey() +{ + &movz ("esi",&LB("edx")); # rk[i]>>0 + &mov ("ebx",&DWP(2,"ebp","esi",8)); + &movz ("esi",&HB("edx")); # rk[i]>>8 + &and ("ebx",0xFF000000); + &xor ("eax","ebx"); + + &mov ("ebx",&DWP(2,"ebp","esi",8)); + &shr ("edx",16); + &and ("ebx",0x000000FF); + &movz ("esi",&LB("edx")); # rk[i]>>16 + &xor ("eax","ebx"); + + &mov ("ebx",&DWP(0,"ebp","esi",8)); + &movz ("esi",&HB("edx")); # rk[i]>>24 + &and ("ebx",0x0000FF00); + &xor ("eax","ebx"); + + &mov ("ebx",&DWP(0,"ebp","esi",8)); + &and ("ebx",0x00FF0000); + &xor ("eax","ebx"); + + &xor ("eax",&DWP(2048,"ebp","ecx",4)); # rcon +} + +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +&public_label("AES_Te"); +&function_begin("AES_set_encrypt_key"); + &mov ("esi",&wparam(0)); # user supplied key + &mov ("edi",&wparam(2)); # private key schedule + + &test ("esi",-1); + &jz (&label("badpointer")); + &test ("edi",-1); + &jz (&label("badpointer")); + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("ebp"); + &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); + + &mov ("ecx",&wparam(1)); # number of bits in key + &cmp ("ecx",128); + &je (&label("10rounds")); + &cmp ("ecx",192); + &je (&label("12rounds")); + &cmp ("ecx",256); + &je (&label("14rounds")); + &mov ("eax",-2); # invalid number of bits + &jmp (&label("exit")); + + &set_label("10rounds"); + &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &xor ("ecx","ecx"); + &jmp (&label("10shortcut")); + + &align (4); + &set_label("10loop"); + &mov ("eax",&DWP(0,"edi")); # rk[0] + &mov ("edx",&DWP(12,"edi")); # rk[3] + &set_label("10shortcut"); + &enckey (); + + &mov (&DWP(16,"edi"),"eax"); # rk[4] + &xor ("eax",&DWP(4,"edi")); + &mov (&DWP(20,"edi"),"eax"); # rk[5] + &xor ("eax",&DWP(8,"edi")); + &mov (&DWP(24,"edi"),"eax"); # rk[6] + &xor ("eax",&DWP(12,"edi")); + &mov (&DWP(28,"edi"),"eax"); # rk[7] + &inc ("ecx"); + &add ("edi",16); + &cmp ("ecx",10); + &jl (&label("10loop")); + + &mov (&DWP(80,"edi"),10); # setup number of rounds + &xor ("eax","eax"); + &jmp (&label("exit")); + + &set_label("12rounds"); + &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + &mov ("ecx",&DWP(16,"esi")); + &mov ("edx",&DWP(20,"esi")); + &mov (&DWP(16,"edi"),"ecx"); + &mov (&DWP(20,"edi"),"edx"); + + &xor ("ecx","ecx"); + &jmp (&label("12shortcut")); + + &align (4); + &set_label("12loop"); + &mov ("eax",&DWP(0,"edi")); # rk[0] + &mov ("edx",&DWP(20,"edi")); # rk[5] + &set_label("12shortcut"); + &enckey (); + + &mov (&DWP(24,"edi"),"eax"); # rk[6] + &xor ("eax",&DWP(4,"edi")); + &mov (&DWP(28,"edi"),"eax"); # rk[7] + &xor ("eax",&DWP(8,"edi")); + &mov (&DWP(32,"edi"),"eax"); # rk[8] + &xor ("eax",&DWP(12,"edi")); + &mov (&DWP(36,"edi"),"eax"); # rk[9] + + &cmp ("ecx",7); + &je (&label("12break")); + &inc ("ecx"); + + &xor ("eax",&DWP(16,"edi")); + &mov (&DWP(40,"edi"),"eax"); # rk[10] + &xor ("eax",&DWP(20,"edi")); + &mov (&DWP(44,"edi"),"eax"); # rk[11] + + &add ("edi",24); + &jmp (&label("12loop")); + + &set_label("12break"); + &mov (&DWP(72,"edi"),12); # setup number of rounds + &xor ("eax","eax"); + &jmp (&label("exit")); + + &set_label("14rounds"); + &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edx",&DWP(28,"esi")); + &mov (&DWP(16,"edi"),"eax"); + &mov (&DWP(20,"edi"),"ebx"); + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + &xor ("ecx","ecx"); + &jmp (&label("14shortcut")); + + &align (4); + &set_label("14loop"); + &mov ("edx",&DWP(28,"edi")); # rk[7] + &set_label("14shortcut"); + &mov ("eax",&DWP(0,"edi")); # rk[0] + + &enckey (); + + &mov (&DWP(32,"edi"),"eax"); # rk[8] + &xor ("eax",&DWP(4,"edi")); + &mov (&DWP(36,"edi"),"eax"); # rk[9] + &xor ("eax",&DWP(8,"edi")); + &mov (&DWP(40,"edi"),"eax"); # rk[10] + &xor ("eax",&DWP(12,"edi")); + &mov (&DWP(44,"edi"),"eax"); # rk[11] + + &cmp ("ecx",6); + &je (&label("14break")); + &inc ("ecx"); + + &mov ("edx","eax"); + &mov ("eax",&DWP(16,"edi")); # rk[4] + &movz ("esi",&LB("edx")); # rk[11]>>0 + &mov ("ebx",&DWP(2,"ebp","esi",8)); + &movz ("esi",&HB("edx")); # rk[11]>>8 + &and ("ebx",0x000000FF); + &xor ("eax","ebx"); + + &mov ("ebx",&DWP(0,"ebp","esi",8)); + &shr ("edx",16); + &and ("ebx",0x0000FF00); + &movz ("esi",&LB("edx")); # rk[11]>>16 + &xor ("eax","ebx"); + + &mov ("ebx",&DWP(0,"ebp","esi",8)); + &movz ("esi",&HB("edx")); # rk[11]>>24 + &and ("ebx",0x00FF0000); + &xor ("eax","ebx"); + + &mov ("ebx",&DWP(2,"ebp","esi",8)); + &and ("ebx",0xFF000000); + &xor ("eax","ebx"); + + &mov (&DWP(48,"edi"),"eax"); # rk[12] + &xor ("eax",&DWP(20,"edi")); + &mov (&DWP(52,"edi"),"eax"); # rk[13] + &xor ("eax",&DWP(24,"edi")); + &mov (&DWP(56,"edi"),"eax"); # rk[14] + &xor ("eax",&DWP(28,"edi")); + &mov (&DWP(60,"edi"),"eax"); # rk[15] + + &add ("edi",32); + &jmp (&label("14loop")); + + &set_label("14break"); + &mov (&DWP(48,"edi"),14); # setup number of rounds + &xor ("eax","eax"); + &jmp (&label("exit")); + + &set_label("badpointer"); + &mov ("eax",-1); + &set_label("exit"); +&function_end("AES_set_encrypt_key"); + +sub deckey() +{ my ($i,$ptr,$te,$td) = @_; + + &mov ("eax",&DWP($i,$ptr)); + &mov ("edx","eax"); + &movz ("ebx",&HB("eax")); + &shr ("edx",16); + &and ("eax",0xFF); + &movz ("eax",&BP(2,$te,"eax",8)); + &movz ("ebx",&BP(2,$te,"ebx",8)); + &mov ("eax",&DWP(0,$td,"eax",8)); + &xor ("eax",&DWP(3,$td,"ebx",8)); + &movz ("ebx",&HB("edx")); + &and ("edx",0xFF); + &movz ("edx",&BP(2,$te,"edx",8)); + &movz ("ebx",&BP(2,$te,"ebx",8)); + &xor ("eax",&DWP(2,$td,"edx",8)); + &xor ("eax",&DWP(1,$td,"ebx",8)); + &mov (&DWP($i,$ptr),"eax"); +} + +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +&public_label("AES_Td"); +&public_label("AES_Te"); +&function_begin_B("AES_set_decrypt_key"); + &mov ("eax",&wparam(0)); + &mov ("ecx",&wparam(1)); + &mov ("edx",&wparam(2)); + &sub ("esp",12); + &mov (&DWP(0,"esp"),"eax"); + &mov (&DWP(4,"esp"),"ecx"); + &mov (&DWP(8,"esp"),"edx"); + &call ("AES_set_encrypt_key"); + &add ("esp",12); + &cmp ("eax",0); + &je (&label("proceed")); + &ret (); + + &set_label("proceed"); + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + + &mov ("esi",&wparam(2)); + &mov ("ecx",&DWP(240,"esi")); # pull number of rounds + &lea ("ecx",&DWP(0,"","ecx",4)); + &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk + + &align (4); + &set_label("invert"); # invert order of chunks + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(0,"edi")); + &mov ("edx",&DWP(4,"edi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(0,"esi"),"ecx"); + &mov (&DWP(4,"esi"),"edx"); + &mov ("eax",&DWP(8,"esi")); + &mov ("ebx",&DWP(12,"esi")); + &mov ("ecx",&DWP(8,"edi")); + &mov ("edx",&DWP(12,"edi")); + &mov (&DWP(8,"edi"),"eax"); + &mov (&DWP(12,"edi"),"ebx"); + &mov (&DWP(8,"esi"),"ecx"); + &mov (&DWP(12,"esi"),"edx"); + &add ("esi",16); + &sub ("edi",16); + &cmp ("esi","edi"); + &jne (&label("invert")); + + &call (&label("pic_point")); + &set_label("pic_point"); + blindpop("ebp"); + &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); + &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); + + &mov ("esi",&wparam(2)); + &mov ("ecx",&DWP(240,"esi")); # pull number of rounds + &dec ("ecx"); + &align (4); + &set_label("permute"); # permute the key schedule + &add ("esi",16); + &deckey (0,"esi","ebp","edi"); + &deckey (4,"esi","ebp","edi"); + &deckey (8,"esi","ebp","edi"); + &deckey (12,"esi","ebp","edi"); + &dec ("ecx"); + &jnz (&label("permute")); + + &xor ("eax","eax"); # return success +&function_end("AES_set_decrypt_key"); + +&asm_finish(); diff --git a/crypto/openssl/crypto/aes/asm/aes-ia64.S b/crypto/openssl/crypto/aes/asm/aes-ia64.S new file mode 100644 index 0000000..542cf33 --- /dev/null +++ b/crypto/openssl/crypto/aes/asm/aes-ia64.S @@ -0,0 +1,1652 @@ +// ==================================================================== +// Written by Andy Polyakov for the OpenSSL +// project. Rights for redistribution and usage in source and binary +// forms are granted according to the OpenSSL license. +// ==================================================================== +// +// What's wrong with compiler generated code? Compiler never uses +// variable 'shr' which is pairable with 'extr'/'dep' instructions. +// Then it uses 'zxt' which is an I-type, but can be replaced with +// 'and' which in turn can be assigned to M-port [there're double as +// much M-ports as there're I-ports on Itanium 2]. By sacrificing few +// registers for small constants (255, 24 and 16) to be used with +// 'shr' and 'and' instructions I can achieve better ILP, Intruction +// Level Parallelism, and performance. This code outperforms GCC 3.3 +// generated code by over factor of 2 (two), GCC 3.4 - by 70% and +// HP C - by 40%. Measured best-case scenario, i.e. aligned +// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds) +// ticks per block, or 9.25 CPU cycles per byte for 128 bit key. + +.ident "aes-ia64.S, version 1.1" +.ident "IA-64 ISA artwork by Andy Polyakov " +.explicit +.text + +rk0=r8; rk1=r9; + +prsave=r10; +maskff=r11; +twenty4=r14; +sixteen=r15; + +te00=r16; te11=r17; te22=r18; te33=r19; +te01=r20; te12=r21; te23=r22; te30=r23; +te02=r24; te13=r25; te20=r26; te31=r27; +te03=r28; te10=r29; te21=r30; te32=r31; + +// these are rotating... +t0=r32; s0=r33; +t1=r34; s1=r35; +t2=r36; s2=r37; +t3=r38; s3=r39; + +te0=r40; te1=r41; te2=r42; te3=r43; + +#if defined(_HPUX_SOURCE) && !defined(_LP64) +# define ADDP addp4 +# define KSZ 4 +# define LDKEY ld4 +#else +# define ADDP add +#endif + +// This implies that AES_KEY comprises 32-bit key schedule elements +// even on LP64 platforms. +#ifndef KSZ +# define KSZ 4 +# define LDKEY ld4 +#endif + +.proc _ia64_AES_encrypt# +// Input: rk0-rk1 +// te0 +// te3 as AES_KEY->rounds!!! +// s0-s3 +// maskff,twenty4,sixteen +// Output: r16,r20,r24,r28 as s0-s3 +// Clobber: r16-r31,rk0-rk1,r32-r43 +.align 32 +_ia64_AES_encrypt: +{ .mmi; alloc r16=ar.pfs,12,0,0,8 + LDKEY t0=[rk0],2*KSZ + mov pr.rot=1<<16 } +{ .mmi; LDKEY t1=[rk1],2*KSZ + add te1=1024,te0 + add te3=-3,te3 };; +{ .mib; LDKEY t2=[rk0],2*KSZ + mov ar.ec=3 } +{ .mib; LDKEY t3=[rk1],2*KSZ + add te2=2048,te0 + brp.loop.imp .Le_top,.Le_end-16 };; + +{ .mmi; xor s0=s0,t0 + xor s1=s1,t1 + mov ar.lc=te3 } +{ .mmi; xor s2=s2,t2 + xor s3=s3,t3 + add te3=3072,te0 };; + +.align 32 +.Le_top: +{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] + (p0) and te33=s3,maskff // 0/0:s3&0xff + (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff +{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] + (p0) and te30=s0,maskff // 0/1:s0&0xff + (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 +{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] + (p0) shladd te33=te33,2,te3 // 1/0:te0+s0>>24 + (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff +{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] + (p0) shladd te30=te30,2,te3 // 1/1:te3+s0 + (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 +{ .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff] + (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff + (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff +{ .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0] + (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8 + (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 +{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] + (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8 + (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff +{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] + (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24 + (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 +{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] + (p0) shladd te21=te21,2,te2 // 4/3:te3+s2 + (p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff +{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] + (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24 + (p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16 +{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] + (p0) shladd te11=te11,2,te1 // 5/0:te1+s1>>16 + (p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff +{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] + (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24 + (p0) and te31=s1,maskff };; // 5/2:s1&0xff + +{ .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16] + (p0) shladd te12=te12,2,te1 // 6/1:te1+s2>>16 + (p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff +{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] + (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16 + (p0) and te32=s2,maskff };; // 6/3:s2&0xff +{ .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16] + (p0) shladd te31=te31,2,te3 // 7/2:te3+s1&0xff + (p0) and te13=te13,maskff} // 7/2:s3>>16&0xff +{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] + (p0) shladd te32=te32,2,te3 // 7/3:te3+s2 + (p0) xor t0=t0,te33 };; // 7/0: +{ .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1] + (p0) shladd te13=te13,2,te1 // 8/2:te1+s3>>16 + (p0) xor t0=t0,te22 } // 8/0: +{ .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2] + (p0) shladd te10=te10,2,te1 // 8/3:te1+s0>>16 + (p0) xor t1=t1,te30 };; // 8/1: +{ .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16] + (p0) xor t0=t0,te00 // 9/0: + (p0) xor t1=t1,te23 } // 9/1: +{ .mmi; (p0) ld4 te10=[te10] // 9/3:te1[s0>>16] + (p0) xor t2=t2,te20 // 9/2: + (p0) xor t3=t3,te21 };; // 9/3: +{ .mmi; (p0) xor t0=t0,te11 // 10/0:done! + (p0) xor t1=t1,te01 // 10/1: + (p0) xor t2=t2,te02 } // 10/2: +{ .mmi; (p0) xor t3=t3,te03 // 10/3: + (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17) +{ .mmi; (p0) xor t1=t1,te12 // 11/1:done! + (p0) xor t2=t2,te31 // 11/2: + (p0) xor t3=t3,te32 } // 11/3: +{ .mmi; (p17) add te0=4096,te0 // 11/ + (p17) add te1=4096,te1 };; // 11/ +{ .mib; (p0) xor t2=t2,te13 // 12/2:done! + (p0) xor t3=t3,te10 } // 12/3:done! +{ .mib; (p17) add te2=4096,te2 // 12/ + (p17) add te3=4096,te3 // 12/ + br.ctop.sptk .Le_top };; +.Le_end: +{ .mib; mov r16=s0 + mov r20=s1 } +{ .mib; mov r24=s2 + mov r28=s3 + br.ret.sptk b6 };; +.endp _ia64_AES_encrypt# + +// void AES_encrypt (const void *in,void *out,const AES_KEY *key); +.global AES_encrypt# +.proc AES_encrypt# +.align 32 +.skip 16 +AES_encrypt: + .prologue + .fframe 0 + .save ar.pfs,r2 + .save ar.lc,r3 +{ .mmi; alloc r2=ar.pfs,3,0,12,0 + addl out8=@ltoff(AES_Te#),gp + mov r3=ar.lc } +{ .mmi; and out0=3,in0 + ADDP in0=0,in0 + ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds + + .body +{ .mmi; ld8 out8=[out8] // Te0 + ld4 out11=[out11] // AES_KEY->rounds + mov prsave=pr } + +#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... +{ .mib; cmp.ne p6,p0=out0,r0 + add out0=4,in0 +(p6) br.dpnt.many .Le_i_unaligned };; + +{ .mmi; ld4 out1=[in0],8 // s0 + and out9=3,in1 + mov twenty4=24 } +{ .mmi; ld4 out3=[out0],8 // s1 + ADDP rk0=0,in2 + mov sixteen=16 };; +{ .mmi; ld4 out5=[in0] // s2 + cmp.ne p6,p0=out9,r0 + mov maskff=0xff } +{ .mmb; ld4 out7=[out0] // s3 + ADDP rk1=KSZ,in2 + br.call.sptk.many b6=_ia64_AES_encrypt };; + +{ .mib; ADDP in0=4,in1 + ADDP in1=0,in1 +(p6) br.spnt .Le_o_unaligned };; + +{ .mii; mov ar.pfs=r2 + mov ar.lc=r3 } +{ .mmi; st4 [in1]=r16,8 // s0 + st4 [in0]=r20,8 // s1 + mov pr=prsave,0x1ffff };; +{ .mmb; st4 [in1]=r24 // s2 + st4 [in0]=r28 // s3 + br.ret.sptk.many b0 };; +#endif + +.align 32 +.Le_i_unaligned: +{ .mmi; add out0=1,in0 + add out2=2,in0 + add out4=3,in0 };; +{ .mmi; ld1 r16=[in0],4 + ld1 r17=[out0],4 }//;; +{ .mmi; ld1 r18=[out2],4 + ld1 out1=[out4],4 };; // s0 +{ .mmi; ld1 r20=[in0],4 + ld1 r21=[out0],4 }//;; +{ .mmi; ld1 r22=[out2],4 + ld1 out3=[out4],4 };; // s1 +{ .mmi; ld1 r24=[in0],4 + ld1 r25=[out0],4 }//;; +{ .mmi; ld1 r26=[out2],4 + ld1 out5=[out4],4 };; // s2 +{ .mmi; ld1 r28=[in0] + ld1 r29=[out0] }//;; +{ .mmi; ld1 r30=[out2] + ld1 out7=[out4] };; // s3 + +{ .mii; + dep out1=r16,out1,24,8 //;; + dep out3=r20,out3,24,8 }//;; +{ .mii; ADDP rk0=0,in2 + dep out5=r24,out5,24,8 //;; + dep out7=r28,out7,24,8 };; +{ .mii; ADDP rk1=KSZ,in2 + dep out1=r17,out1,16,8 //;; + dep out3=r21,out3,16,8 }//;; +{ .mii; mov twenty4=24 + dep out5=r25,out5,16,8 //;; + dep out7=r29,out7,16,8 };; +{ .mii; mov sixteen=16 + dep out1=r18,out1,8,8 //;; + dep out3=r22,out3,8,8 }//;; +{ .mii; mov maskff=0xff + dep out5=r26,out5,8,8 //;; + dep out7=r30,out7,8,8 };; + +{ .mib; br.call.sptk.many b6=_ia64_AES_encrypt };; + +.Le_o_unaligned: +{ .mii; ADDP out0=0,in1 + extr.u r17=r16,8,8 // s0 + shr.u r19=r16,twenty4 }//;; +{ .mii; ADDP out1=1,in1 + extr.u r18=r16,16,8 + shr.u r23=r20,twenty4 }//;; // s1 +{ .mii; ADDP out2=2,in1 + extr.u r21=r20,8,8 + shr.u r22=r20,sixteen }//;; +{ .mii; ADDP out3=3,in1 + extr.u r25=r24,8,8 // s2 + shr.u r27=r24,twenty4 };; +{ .mii; st1 [out3]=r16,4 + extr.u r26=r24,16,8 + shr.u r31=r28,twenty4 }//;; // s3 +{ .mii; st1 [out2]=r17,4 + extr.u r29=r28,8,8 + shr.u r30=r28,sixteen }//;; + +{ .mmi; st1 [out1]=r18,4 + st1 [out0]=r19,4 };; +{ .mmi; st1 [out3]=r20,4 + st1 [out2]=r21,4 }//;; +{ .mmi; st1 [out1]=r22,4 + st1 [out0]=r23,4 };; +{ .mmi; st1 [out3]=r24,4 + st1 [out2]=r25,4 + mov pr=prsave,0x1ffff }//;; +{ .mmi; st1 [out1]=r26,4 + st1 [out0]=r27,4 + mov ar.pfs=r2 };; +{ .mmi; st1 [out3]=r28 + st1 [out2]=r29 + mov ar.lc=r3 }//;; +{ .mmb; st1 [out1]=r30 + st1 [out0]=r31 + br.ret.sptk.many b0 };; +.endp AES_encrypt# + +// *AES_decrypt are autogenerated by the following script: +#if 0 +#!/usr/bin/env perl +print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n"; +open(PROG,'<'.$0); while() { print; } close(PROG); +print "#endif\n"; +while(<>) { + $process=1 if (/\.proc\s+_ia64_AES_encrypt/); + next if (!$process); + + #s/te00=s0/td00=s0/; s/te00/td00/g; + s/te11=s1/td13=s3/; s/te11/td13/g; + #s/te22=s2/td22=s2/; s/te22/td22/g; + s/te33=s3/td31=s1/; s/te33/td31/g; + + #s/te01=s1/td01=s1/; s/te01/td01/g; + s/te12=s2/td10=s0/; s/te12/td10/g; + #s/te23=s3/td23=s3/; s/te23/td23/g; + s/te30=s0/td32=s2/; s/te30/td32/g; + + #s/te02=s2/td02=s2/; s/te02/td02/g; + s/te13=s3/td11=s1/; s/te13/td11/g; + #s/te20=s0/td20=s0/; s/te20/td20/g; + s/te31=s1/td33=s3/; s/te31/td33/g; + + #s/te03=s3/td03=s3/; s/te03/td03/g; + s/te10=s0/td12=s2/; s/te10/td12/g; + #s/te21=s1/td21=s1/; s/te21/td21/g; + s/te32=s2/td30=s0/; s/te32/td30/g; + + s/td/te/g; + + s/AES_encrypt/AES_decrypt/g; + s/\.Le_/.Ld_/g; + s/AES_Te#/AES_Td#/g; + + print; + + exit if (/\.endp\s+AES_decrypt/); +} +#endif +.proc _ia64_AES_decrypt# +// Input: rk0-rk1 +// te0 +// te3 as AES_KEY->rounds!!! +// s0-s3 +// maskff,twenty4,sixteen +// Output: r16,r20,r24,r28 as s0-s3 +// Clobber: r16-r31,rk0-rk1,r32-r43 +.align 32 +_ia64_AES_decrypt: +{ .mmi; alloc r16=ar.pfs,12,0,0,8 + LDKEY t0=[rk0],2*KSZ + mov pr.rot=1<<16 } +{ .mmi; LDKEY t1=[rk1],2*KSZ + add te1=1024,te0 + add te3=-3,te3 };; +{ .mib; LDKEY t2=[rk0],2*KSZ + mov ar.ec=3 } +{ .mib; LDKEY t3=[rk1],2*KSZ + add te2=2048,te0 + brp.loop.imp .Ld_top,.Ld_end-16 };; + +{ .mmi; xor s0=s0,t0 + xor s1=s1,t1 + mov ar.lc=te3 } +{ .mmi; xor s2=s2,t2 + xor s3=s3,t3 + add te3=3072,te0 };; + +.align 32 +.Ld_top: +{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] + (p0) and te31=s1,maskff // 0/0:s3&0xff + (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff +{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] + (p0) and te32=s2,maskff // 0/1:s0&0xff + (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 +{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] + (p0) shladd te31=te31,2,te3 // 1/0:te0+s0>>24 + (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff +{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] + (p0) shladd te32=te32,2,te3 // 1/1:te3+s0 + (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 +{ .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff] + (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff + (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff +{ .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0] + (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8 + (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 +{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] + (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8 + (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff +{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] + (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24 + (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 +{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] + (p0) shladd te21=te21,2,te2 // 4/3:te3+s2 + (p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff +{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] + (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24 + (p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16 +{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] + (p0) shladd te13=te13,2,te1 // 5/0:te1+s1>>16 + (p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff +{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] + (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24 + (p0) and te33=s3,maskff };; // 5/2:s1&0xff + +{ .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16] + (p0) shladd te10=te10,2,te1 // 6/1:te1+s2>>16 + (p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff +{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] + (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16 + (p0) and te30=s0,maskff };; // 6/3:s2&0xff +{ .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16] + (p0) shladd te33=te33,2,te3 // 7/2:te3+s1&0xff + (p0) and te11=te11,maskff} // 7/2:s3>>16&0xff +{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] + (p0) shladd te30=te30,2,te3 // 7/3:te3+s2 + (p0) xor t0=t0,te31 };; // 7/0: +{ .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1] + (p0) shladd te11=te11,2,te1 // 8/2:te1+s3>>16 + (p0) xor t0=t0,te22 } // 8/0: +{ .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2] + (p0) shladd te12=te12,2,te1 // 8/3:te1+s0>>16 + (p0) xor t1=t1,te32 };; // 8/1: +{ .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16] + (p0) xor t0=t0,te00 // 9/0: + (p0) xor t1=t1,te23 } // 9/1: +{ .mmi; (p0) ld4 te12=[te12] // 9/3:te1[s0>>16] + (p0) xor t2=t2,te20 // 9/2: + (p0) xor t3=t3,te21 };; // 9/3: +{ .mmi; (p0) xor t0=t0,te13 // 10/0:done! + (p0) xor t1=t1,te01 // 10/1: + (p0) xor t2=t2,te02 } // 10/2: +{ .mmi; (p0) xor t3=t3,te03 // 10/3: + (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17) +{ .mmi; (p0) xor t1=t1,te10 // 11/1:done! + (p0) xor t2=t2,te33 // 11/2: + (p0) xor t3=t3,te30 } // 11/3: +{ .mmi; (p17) add te0=4096,te0 // 11/ + (p17) add te1=4096,te1 };; // 11/ +{ .mib; (p0) xor t2=t2,te11 // 12/2:done! + (p0) xor t3=t3,te12 } // 12/3:done! +{ .mib; (p17) add te2=4096,te2 // 12/ + (p17) add te3=4096,te3 // 12/ + br.ctop.sptk .Ld_top };; +.Ld_end: +{ .mib; mov r16=s0 + mov r20=s1 } +{ .mib; mov r24=s2 + mov r28=s3 + br.ret.sptk b6 };; +.endp _ia64_AES_decrypt# + +// void AES_decrypt (const void *in,void *out,const AES_KEY *key); +.global AES_decrypt# +.proc AES_decrypt# +.align 32 +.skip 16 +AES_decrypt: + .prologue + .fframe 0 + .save ar.pfs,r2 + .save ar.lc,r3 +{ .mmi; alloc r2=ar.pfs,3,0,12,0 + addl out8=@ltoff(AES_Td#),gp + mov r3=ar.lc } +{ .mmi; and out0=3,in0 + ADDP in0=0,in0 + ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds + + .body +{ .mmi; ld8 out8=[out8] // Te0 + ld4 out11=[out11] // AES_KEY->rounds + mov prsave=pr } + +#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... +{ .mib; cmp.ne p6,p0=out0,r0 + add out0=4,in0 +(p6) br.dpnt.many .Ld_i_unaligned };; + +{ .mmi; ld4 out1=[in0],8 // s0 + and out9=3,in1 + mov twenty4=24 } +{ .mmi; ld4 out3=[out0],8 // s1 + ADDP rk0=0,in2 + mov sixteen=16 };; +{ .mmi; ld4 out5=[in0] // s2 + cmp.ne p6,p0=out9,r0 + mov maskff=0xff } +{ .mmb; ld4 out7=[out0] // s3 + ADDP rk1=KSZ,in2 + br.call.sptk.many b6=_ia64_AES_decrypt };; + +{ .mib; ADDP in0=4,in1 + ADDP in1=0,in1 +(p6) br.spnt .Ld_o_unaligned };; + +{ .mii; mov ar.pfs=r2 + mov ar.lc=r3 } +{ .mmi; st4 [in1]=r16,8 // s0 + st4 [in0]=r20,8 // s1 + mov pr=prsave,0x1ffff };; +{ .mmb; st4 [in1]=r24 // s2 + st4 [in0]=r28 // s3 + br.ret.sptk.many b0 };; +#endif + +.align 32 +.Ld_i_unaligned: +{ .mmi; add out0=1,in0 + add out2=2,in0 + add out4=3,in0 };; +{ .mmi; ld1 r16=[in0],4 + ld1 r17=[out0],4 }//;; +{ .mmi; ld1 r18=[out2],4 + ld1 out1=[out4],4 };; // s0 +{ .mmi; ld1 r20=[in0],4 + ld1 r21=[out0],4 }//;; +{ .mmi; ld1 r22=[out2],4 + ld1 out3=[out4],4 };; // s1 +{ .mmi; ld1 r24=[in0],4 + ld1 r25=[out0],4 }//;; +{ .mmi; ld1 r26=[out2],4 + ld1 out5=[out4],4 };; // s2 +{ .mmi; ld1 r28=[in0] + ld1 r29=[out0] }//;; +{ .mmi; ld1 r30=[out2] + ld1 out7=[out4] };; // s3 + +{ .mii; + dep out1=r16,out1,24,8 //;; + dep out3=r20,out3,24,8 }//;; +{ .mii; ADDP rk0=0,in2 + dep out5=r24,out5,24,8 //;; + dep out7=r28,out7,24,8 };; +{ .mii; ADDP rk1=KSZ,in2 + dep out1=r17,out1,16,8 //;; + dep out3=r21,out3,16,8 }//;; +{ .mii; mov twenty4=24 + dep out5=r25,out5,16,8 //;; + dep out7=r29,out7,16,8 };; +{ .mii; mov sixteen=16 + dep out1=r18,out1,8,8 //;; + dep out3=r22,out3,8,8 }//;; +{ .mii; mov maskff=0xff + dep out5=r26,out5,8,8 //;; + dep out7=r30,out7,8,8 };; + +{ .mib; br.call.sptk.many b6=_ia64_AES_decrypt };; + +.Ld_o_unaligned: +{ .mii; ADDP out0=0,in1 + extr.u r17=r16,8,8 // s0 + shr.u r19=r16,twenty4 }//;; +{ .mii; ADDP out1=1,in1 + extr.u r18=r16,16,8 + shr.u r23=r20,twenty4 }//;; // s1 +{ .mii; ADDP out2=2,in1 + extr.u r21=r20,8,8 + shr.u r22=r20,sixteen }//;; +{ .mii; ADDP out3=3,in1 + extr.u r25=r24,8,8 // s2 + shr.u r27=r24,twenty4 };; +{ .mii; st1 [out3]=r16,4 + extr.u r26=r24,16,8 + shr.u r31=r28,twenty4 }//;; // s3 +{ .mii; st1 [out2]=r17,4 + extr.u r29=r28,8,8 + shr.u r30=r28,sixteen }//;; + +{ .mmi; st1 [out1]=r18,4 + st1 [out0]=r19,4 };; +{ .mmi; st1 [out3]=r20,4 + st1 [out2]=r21,4 }//;; +{ .mmi; st1 [out1]=r22,4 + st1 [out0]=r23,4 };; +{ .mmi; st1 [out3]=r24,4 + st1 [out2]=r25,4 + mov pr=prsave,0x1ffff }//;; +{ .mmi; st1 [out1]=r26,4 + st1 [out0]=r27,4 + mov ar.pfs=r2 };; +{ .mmi; st1 [out3]=r28 + st1 [out2]=r29 + mov ar.lc=r3 }//;; +{ .mmb; st1 [out1]=r30 + st1 [out0]=r31 + br.ret.sptk.many b0 };; +.endp AES_decrypt# + +// leave it in .text segment... +.align 64 +.global AES_Te# +.type AES_Te#,@object +AES_Te: data4 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d + data4 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 + data4 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d + data4 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a + data4 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 + data4 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b + data4 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea + data4 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b + data4 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a + data4 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f + data4 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 + data4 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f + data4 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e + data4 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 + data4 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d + data4 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f + data4 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e + data4 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb + data4 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce + data4 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 + data4 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c + data4 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed + data4 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b + data4 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a + data4 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 + data4 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 + data4 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 + data4 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 + data4 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a + data4 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 + data4 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 + data4 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d + data4 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f + data4 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 + data4 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 + data4 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 + data4 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f + data4 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 + data4 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c + data4 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 + data4 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e + data4 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 + data4 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 + data4 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b + data4 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 + data4 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 + data4 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 + data4 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 + data4 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 + data4 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 + data4 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 + data4 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 + data4 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa + data4 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 + data4 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 + data4 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 + data4 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 + data4 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 + data4 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 + data4 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a + data4 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 + data4 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 + data4 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 + data4 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a +// Te1: + data4 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b + data4 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5 + data4 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b + data4 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676 + data4 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d + data4 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0 + data4 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf + data4 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0 + data4 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626 + data4 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc + data4 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1 + data4 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515 + data4 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3 + data4 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a + data4 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2 + data4 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575 + data4 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a + data4 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0 + data4 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3 + data4 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484 + data4 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded + data4 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b + data4 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939 + data4 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf + data4 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb + data4 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585 + data4 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f + data4 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8 + data4 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f + data4 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5 + data4 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121 + data4 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2 + data4 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec + data4 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717 + data4 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d + data4 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373 + data4 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc + data4 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888 + data4 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414 + data4 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb + data4 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a + data4 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c + data4 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262 + data4 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979 + data4 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d + data4 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9 + data4 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea + data4 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808 + data4 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e + data4 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6 + data4 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f + data4 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a + data4 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666 + data4 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e + data4 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9 + data4 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e + data4 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111 + data4 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494 + data4 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9 + data4 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf + data4 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d + data4 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868 + data4 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f + data4 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616 +// Te2: + data4 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b + data4 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5 + data4 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b + data4 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76 + data4 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d + data4 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0 + data4 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af + data4 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0 + data4 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26 + data4 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc + data4 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1 + data4 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15 + data4 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3 + data4 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a + data4 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2 + data4 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75 + data4 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a + data4 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0 + data4 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3 + data4 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384 + data4 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed + data4 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b + data4 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239 + data4 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf + data4 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb + data4 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185 + data4 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f + data4 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8 + data4 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f + data4 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5 + data4 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221 + data4 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2 + data4 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec + data4 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17 + data4 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d + data4 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673 + data4 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc + data4 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88 + data4 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814 + data4 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb + data4 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a + data4 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c + data4 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462 + data4 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279 + data4 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d + data4 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9 + data4 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea + data4 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008 + data4 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e + data4 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6 + data4 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f + data4 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a + data4 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66 + data4 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e + data4 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9 + data4 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e + data4 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211 + data4 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394 + data4 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9 + data4 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df + data4 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d + data4 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068 + data4 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f + data4 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16 +// Te3: + data4 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6 + data4 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491 + data4 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56 + data4 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec + data4 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa + data4 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb + data4 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45 + data4 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b + data4 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c + data4 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83 + data4 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9 + data4 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a + data4 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d + data4 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f + data4 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf + data4 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea + data4 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34 + data4 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b + data4 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d + data4 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713 + data4 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1 + data4 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6 + data4 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72 + data4 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85 + data4 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed + data4 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411 + data4 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe + data4 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b + data4 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05 + data4 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1 + data4 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342 + data4 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf + data4 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3 + data4 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e + data4 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a + data4 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6 + data4 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3 + data4 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b + data4 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28 + data4 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad + data4 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14 + data4 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8 + data4 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4 + data4 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2 + data4 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da + data4 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049 + data4 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf + data4 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810 + data4 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c + data4 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197 + data4 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e + data4 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f + data4 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc + data4 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c + data4 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069 + data4 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927 + data4 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322 + data4 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733 + data4 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9 + data4 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5 + data4 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a + data4 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0 + data4 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e + data4 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c +// Te4: + data4 0x63000000, 0x7c000000, 0x77000000, 0x7b000000 + data4 0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000 + data4 0x30000000, 0x01000000, 0x67000000, 0x2b000000 + data4 0xfe000000, 0xd7000000, 0xab000000, 0x76000000 + data4 0xca000000, 0x82000000, 0xc9000000, 0x7d000000 + data4 0xfa000000, 0x59000000, 0x47000000, 0xf0000000 + data4 0xad000000, 0xd4000000, 0xa2000000, 0xaf000000 + data4 0x9c000000, 0xa4000000, 0x72000000, 0xc0000000 + data4 0xb7000000, 0xfd000000, 0x93000000, 0x26000000 + data4 0x36000000, 0x3f000000, 0xf7000000, 0xcc000000 + data4 0x34000000, 0xa5000000, 0xe5000000, 0xf1000000 + data4 0x71000000, 0xd8000000, 0x31000000, 0x15000000 + data4 0x04000000, 0xc7000000, 0x23000000, 0xc3000000 + data4 0x18000000, 0x96000000, 0x05000000, 0x9a000000 + data4 0x07000000, 0x12000000, 0x80000000, 0xe2000000 + data4 0xeb000000, 0x27000000, 0xb2000000, 0x75000000 + data4 0x09000000, 0x83000000, 0x2c000000, 0x1a000000 + data4 0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000 + data4 0x52000000, 0x3b000000, 0xd6000000, 0xb3000000 + data4 0x29000000, 0xe3000000, 0x2f000000, 0x84000000 + data4 0x53000000, 0xd1000000, 0x00000000, 0xed000000 + data4 0x20000000, 0xfc000000, 0xb1000000, 0x5b000000 + data4 0x6a000000, 0xcb000000, 0xbe000000, 0x39000000 + data4 0x4a000000, 0x4c000000, 0x58000000, 0xcf000000 + data4 0xd0000000, 0xef000000, 0xaa000000, 0xfb000000 + data4 0x43000000, 0x4d000000, 0x33000000, 0x85000000 + data4 0x45000000, 0xf9000000, 0x02000000, 0x7f000000 + data4 0x50000000, 0x3c000000, 0x9f000000, 0xa8000000 + data4 0x51000000, 0xa3000000, 0x40000000, 0x8f000000 + data4 0x92000000, 0x9d000000, 0x38000000, 0xf5000000 + data4 0xbc000000, 0xb6000000, 0xda000000, 0x21000000 + data4 0x10000000, 0xff000000, 0xf3000000, 0xd2000000 + data4 0xcd000000, 0x0c000000, 0x13000000, 0xec000000 + data4 0x5f000000, 0x97000000, 0x44000000, 0x17000000 + data4 0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000 + data4 0x64000000, 0x5d000000, 0x19000000, 0x73000000 + data4 0x60000000, 0x81000000, 0x4f000000, 0xdc000000 + data4 0x22000000, 0x2a000000, 0x90000000, 0x88000000 + data4 0x46000000, 0xee000000, 0xb8000000, 0x14000000 + data4 0xde000000, 0x5e000000, 0x0b000000, 0xdb000000 + data4 0xe0000000, 0x32000000, 0x3a000000, 0x0a000000 + data4 0x49000000, 0x06000000, 0x24000000, 0x5c000000 + data4 0xc2000000, 0xd3000000, 0xac000000, 0x62000000 + data4 0x91000000, 0x95000000, 0xe4000000, 0x79000000 + data4 0xe7000000, 0xc8000000, 0x37000000, 0x6d000000 + data4 0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000 + data4 0x6c000000, 0x56000000, 0xf4000000, 0xea000000 + data4 0x65000000, 0x7a000000, 0xae000000, 0x08000000 + data4 0xba000000, 0x78000000, 0x25000000, 0x2e000000 + data4 0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000 + data4 0xe8000000, 0xdd000000, 0x74000000, 0x1f000000 + data4 0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000 + data4 0x70000000, 0x3e000000, 0xb5000000, 0x66000000 + data4 0x48000000, 0x03000000, 0xf6000000, 0x0e000000 + data4 0x61000000, 0x35000000, 0x57000000, 0xb9000000 + data4 0x86000000, 0xc1000000, 0x1d000000, 0x9e000000 + data4 0xe1000000, 0xf8000000, 0x98000000, 0x11000000 + data4 0x69000000, 0xd9000000, 0x8e000000, 0x94000000 + data4 0x9b000000, 0x1e000000, 0x87000000, 0xe9000000 + data4 0xce000000, 0x55000000, 0x28000000, 0xdf000000 + data4 0x8c000000, 0xa1000000, 0x89000000, 0x0d000000 + data4 0xbf000000, 0xe6000000, 0x42000000, 0x68000000 + data4 0x41000000, 0x99000000, 0x2d000000, 0x0f000000 + data4 0xb0000000, 0x54000000, 0xbb000000, 0x16000000 +// Te5: + data4 0x00630000, 0x007c0000, 0x00770000, 0x007b0000 + data4 0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000 + data4 0x00300000, 0x00010000, 0x00670000, 0x002b0000 + data4 0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000 + data4 0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000 + data4 0x00fa0000, 0x00590000, 0x00470000, 0x00f00000 + data4 0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000 + data4 0x009c0000, 0x00a40000, 0x00720000, 0x00c00000 + data4 0x00b70000, 0x00fd0000, 0x00930000, 0x00260000 + data4 0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000 + data4 0x00340000, 0x00a50000, 0x00e50000, 0x00f10000 + data4 0x00710000, 0x00d80000, 0x00310000, 0x00150000 + data4 0x00040000, 0x00c70000, 0x00230000, 0x00c30000 + data4 0x00180000, 0x00960000, 0x00050000, 0x009a0000 + data4 0x00070000, 0x00120000, 0x00800000, 0x00e20000 + data4 0x00eb0000, 0x00270000, 0x00b20000, 0x00750000 + data4 0x00090000, 0x00830000, 0x002c0000, 0x001a0000 + data4 0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000 + data4 0x00520000, 0x003b0000, 0x00d60000, 0x00b30000 + data4 0x00290000, 0x00e30000, 0x002f0000, 0x00840000 + data4 0x00530000, 0x00d10000, 0x00000000, 0x00ed0000 + data4 0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000 + data4 0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000 + data4 0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000 + data4 0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000 + data4 0x00430000, 0x004d0000, 0x00330000, 0x00850000 + data4 0x00450000, 0x00f90000, 0x00020000, 0x007f0000 + data4 0x00500000, 0x003c0000, 0x009f0000, 0x00a80000 + data4 0x00510000, 0x00a30000, 0x00400000, 0x008f0000 + data4 0x00920000, 0x009d0000, 0x00380000, 0x00f50000 + data4 0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000 + data4 0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000 + data4 0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000 + data4 0x005f0000, 0x00970000, 0x00440000, 0x00170000 + data4 0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000 + data4 0x00640000, 0x005d0000, 0x00190000, 0x00730000 + data4 0x00600000, 0x00810000, 0x004f0000, 0x00dc0000 + data4 0x00220000, 0x002a0000, 0x00900000, 0x00880000 + data4 0x00460000, 0x00ee0000, 0x00b80000, 0x00140000 + data4 0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000 + data4 0x00e00000, 0x00320000, 0x003a0000, 0x000a0000 + data4 0x00490000, 0x00060000, 0x00240000, 0x005c0000 + data4 0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000 + data4 0x00910000, 0x00950000, 0x00e40000, 0x00790000 + data4 0x00e70000, 0x00c80000, 0x00370000, 0x006d0000 + data4 0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000 + data4 0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000 + data4 0x00650000, 0x007a0000, 0x00ae0000, 0x00080000 + data4 0x00ba0000, 0x00780000, 0x00250000, 0x002e0000 + data4 0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000 + data4 0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000 + data4 0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000 + data4 0x00700000, 0x003e0000, 0x00b50000, 0x00660000 + data4 0x00480000, 0x00030000, 0x00f60000, 0x000e0000 + data4 0x00610000, 0x00350000, 0x00570000, 0x00b90000 + data4 0x00860000, 0x00c10000, 0x001d0000, 0x009e0000 + data4 0x00e10000, 0x00f80000, 0x00980000, 0x00110000 + data4 0x00690000, 0x00d90000, 0x008e0000, 0x00940000 + data4 0x009b0000, 0x001e0000, 0x00870000, 0x00e90000 + data4 0x00ce0000, 0x00550000, 0x00280000, 0x00df0000 + data4 0x008c0000, 0x00a10000, 0x00890000, 0x000d0000 + data4 0x00bf0000, 0x00e60000, 0x00420000, 0x00680000 + data4 0x00410000, 0x00990000, 0x002d0000, 0x000f0000 + data4 0x00b00000, 0x00540000, 0x00bb0000, 0x00160000 +// Te6: + data4 0x00006300, 0x00007c00, 0x00007700, 0x00007b00 + data4 0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500 + data4 0x00003000, 0x00000100, 0x00006700, 0x00002b00 + data4 0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600 + data4 0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00 + data4 0x0000fa00, 0x00005900, 0x00004700, 0x0000f000 + data4 0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00 + data4 0x00009c00, 0x0000a400, 0x00007200, 0x0000c000 + data4 0x0000b700, 0x0000fd00, 0x00009300, 0x00002600 + data4 0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00 + data4 0x00003400, 0x0000a500, 0x0000e500, 0x0000f100 + data4 0x00007100, 0x0000d800, 0x00003100, 0x00001500 + data4 0x00000400, 0x0000c700, 0x00002300, 0x0000c300 + data4 0x00001800, 0x00009600, 0x00000500, 0x00009a00 + data4 0x00000700, 0x00001200, 0x00008000, 0x0000e200 + data4 0x0000eb00, 0x00002700, 0x0000b200, 0x00007500 + data4 0x00000900, 0x00008300, 0x00002c00, 0x00001a00 + data4 0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000 + data4 0x00005200, 0x00003b00, 0x0000d600, 0x0000b300 + data4 0x00002900, 0x0000e300, 0x00002f00, 0x00008400 + data4 0x00005300, 0x0000d100, 0x00000000, 0x0000ed00 + data4 0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00 + data4 0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900 + data4 0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00 + data4 0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00 + data4 0x00004300, 0x00004d00, 0x00003300, 0x00008500 + data4 0x00004500, 0x0000f900, 0x00000200, 0x00007f00 + data4 0x00005000, 0x00003c00, 0x00009f00, 0x0000a800 + data4 0x00005100, 0x0000a300, 0x00004000, 0x00008f00 + data4 0x00009200, 0x00009d00, 0x00003800, 0x0000f500 + data4 0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100 + data4 0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200 + data4 0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00 + data4 0x00005f00, 0x00009700, 0x00004400, 0x00001700 + data4 0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00 + data4 0x00006400, 0x00005d00, 0x00001900, 0x00007300 + data4 0x00006000, 0x00008100, 0x00004f00, 0x0000dc00 + data4 0x00002200, 0x00002a00, 0x00009000, 0x00008800 + data4 0x00004600, 0x0000ee00, 0x0000b800, 0x00001400 + data4 0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00 + data4 0x0000e000, 0x00003200, 0x00003a00, 0x00000a00 + data4 0x00004900, 0x00000600, 0x00002400, 0x00005c00 + data4 0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200 + data4 0x00009100, 0x00009500, 0x0000e400, 0x00007900 + data4 0x0000e700, 0x0000c800, 0x00003700, 0x00006d00 + data4 0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900 + data4 0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00 + data4 0x00006500, 0x00007a00, 0x0000ae00, 0x00000800 + data4 0x0000ba00, 0x00007800, 0x00002500, 0x00002e00 + data4 0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600 + data4 0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00 + data4 0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00 + data4 0x00007000, 0x00003e00, 0x0000b500, 0x00006600 + data4 0x00004800, 0x00000300, 0x0000f600, 0x00000e00 + data4 0x00006100, 0x00003500, 0x00005700, 0x0000b900 + data4 0x00008600, 0x0000c100, 0x00001d00, 0x00009e00 + data4 0x0000e100, 0x0000f800, 0x00009800, 0x00001100 + data4 0x00006900, 0x0000d900, 0x00008e00, 0x00009400 + data4 0x00009b00, 0x00001e00, 0x00008700, 0x0000e900 + data4 0x0000ce00, 0x00005500, 0x00002800, 0x0000df00 + data4 0x00008c00, 0x0000a100, 0x00008900, 0x00000d00 + data4 0x0000bf00, 0x0000e600, 0x00004200, 0x00006800 + data4 0x00004100, 0x00009900, 0x00002d00, 0x00000f00 + data4 0x0000b000, 0x00005400, 0x0000bb00, 0x00001600 +// Te7: + data4 0x00000063, 0x0000007c, 0x00000077, 0x0000007b + data4 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5 + data4 0x00000030, 0x00000001, 0x00000067, 0x0000002b + data4 0x000000fe, 0x000000d7, 0x000000ab, 0x00000076 + data4 0x000000ca, 0x00000082, 0x000000c9, 0x0000007d + data4 0x000000fa, 0x00000059, 0x00000047, 0x000000f0 + data4 0x000000ad, 0x000000d4, 0x000000a2, 0x000000af + data4 0x0000009c, 0x000000a4, 0x00000072, 0x000000c0 + data4 0x000000b7, 0x000000fd, 0x00000093, 0x00000026 + data4 0x00000036, 0x0000003f, 0x000000f7, 0x000000cc + data4 0x00000034, 0x000000a5, 0x000000e5, 0x000000f1 + data4 0x00000071, 0x000000d8, 0x00000031, 0x00000015 + data4 0x00000004, 0x000000c7, 0x00000023, 0x000000c3 + data4 0x00000018, 0x00000096, 0x00000005, 0x0000009a + data4 0x00000007, 0x00000012, 0x00000080, 0x000000e2 + data4 0x000000eb, 0x00000027, 0x000000b2, 0x00000075 + data4 0x00000009, 0x00000083, 0x0000002c, 0x0000001a + data4 0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0 + data4 0x00000052, 0x0000003b, 0x000000d6, 0x000000b3 + data4 0x00000029, 0x000000e3, 0x0000002f, 0x00000084 + data4 0x00000053, 0x000000d1, 0x00000000, 0x000000ed + data4 0x00000020, 0x000000fc, 0x000000b1, 0x0000005b + data4 0x0000006a, 0x000000cb, 0x000000be, 0x00000039 + data4 0x0000004a, 0x0000004c, 0x00000058, 0x000000cf + data4 0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb + data4 0x00000043, 0x0000004d, 0x00000033, 0x00000085 + data4 0x00000045, 0x000000f9, 0x00000002, 0x0000007f + data4 0x00000050, 0x0000003c, 0x0000009f, 0x000000a8 + data4 0x00000051, 0x000000a3, 0x00000040, 0x0000008f + data4 0x00000092, 0x0000009d, 0x00000038, 0x000000f5 + data4 0x000000bc, 0x000000b6, 0x000000da, 0x00000021 + data4 0x00000010, 0x000000ff, 0x000000f3, 0x000000d2 + data4 0x000000cd, 0x0000000c, 0x00000013, 0x000000ec + data4 0x0000005f, 0x00000097, 0x00000044, 0x00000017 + data4 0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d + data4 0x00000064, 0x0000005d, 0x00000019, 0x00000073 + data4 0x00000060, 0x00000081, 0x0000004f, 0x000000dc + data4 0x00000022, 0x0000002a, 0x00000090, 0x00000088 + data4 0x00000046, 0x000000ee, 0x000000b8, 0x00000014 + data4 0x000000de, 0x0000005e, 0x0000000b, 0x000000db + data4 0x000000e0, 0x00000032, 0x0000003a, 0x0000000a + data4 0x00000049, 0x00000006, 0x00000024, 0x0000005c + data4 0x000000c2, 0x000000d3, 0x000000ac, 0x00000062 + data4 0x00000091, 0x00000095, 0x000000e4, 0x00000079 + data4 0x000000e7, 0x000000c8, 0x00000037, 0x0000006d + data4 0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9 + data4 0x0000006c, 0x00000056, 0x000000f4, 0x000000ea + data4 0x00000065, 0x0000007a, 0x000000ae, 0x00000008 + data4 0x000000ba, 0x00000078, 0x00000025, 0x0000002e + data4 0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6 + data4 0x000000e8, 0x000000dd, 0x00000074, 0x0000001f + data4 0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a + data4 0x00000070, 0x0000003e, 0x000000b5, 0x00000066 + data4 0x00000048, 0x00000003, 0x000000f6, 0x0000000e + data4 0x00000061, 0x00000035, 0x00000057, 0x000000b9 + data4 0x00000086, 0x000000c1, 0x0000001d, 0x0000009e + data4 0x000000e1, 0x000000f8, 0x00000098, 0x00000011 + data4 0x00000069, 0x000000d9, 0x0000008e, 0x00000094 + data4 0x0000009b, 0x0000001e, 0x00000087, 0x000000e9 + data4 0x000000ce, 0x00000055, 0x00000028, 0x000000df + data4 0x0000008c, 0x000000a1, 0x00000089, 0x0000000d + data4 0x000000bf, 0x000000e6, 0x00000042, 0x00000068 + data4 0x00000041, 0x00000099, 0x0000002d, 0x0000000f + data4 0x000000b0, 0x00000054, 0x000000bb, 0x00000016 +.size AES_Te#,8*256*4 // HP-UX assembler fails to ".-AES_Te#" + +.align 64 +.global AES_Td# +.type AES_Td#,@object +AES_Td: data4 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 + data4 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 + data4 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 + data4 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f + data4 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 + data4 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 + data4 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da + data4 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 + data4 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd + data4 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 + data4 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 + data4 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 + data4 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 + data4 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a + data4 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 + data4 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c + data4 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 + data4 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a + data4 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 + data4 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 + data4 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 + data4 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff + data4 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 + data4 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb + data4 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 + data4 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e + data4 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 + data4 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a + data4 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e + data4 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 + data4 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d + data4 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 + data4 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd + data4 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 + data4 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 + data4 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 + data4 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d + data4 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 + data4 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 + data4 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef + data4 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 + data4 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 + data4 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 + data4 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 + data4 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 + data4 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b + data4 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 + data4 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 + data4 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 + data4 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 + data4 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 + data4 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f + data4 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df + data4 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f + data4 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e + data4 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 + data4 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 + data4 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c + data4 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf + data4 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 + data4 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f + data4 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 + data4 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 + data4 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 +// Td1: + data4 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e + data4 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303 + data4 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c + data4 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3 + data4 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0 + data4 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9 + data4 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259 + data4 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8 + data4 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971 + data4 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a + data4 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f + data4 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b + data4 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8 + data4 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab + data4 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708 + data4 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682 + data4 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2 + data4 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe + data4 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb + data4 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10 + data4 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd + data4 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015 + data4 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e + data4 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee + data4 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000 + data4 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72 + data4 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39 + data4 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e + data4 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91 + data4 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a + data4 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17 + data4 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9 + data4 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60 + data4 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e + data4 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1 + data4 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611 + data4 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1 + data4 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3 + data4 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964 + data4 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390 + data4 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b + data4 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf + data4 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46 + data4 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af + data4 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512 + data4 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb + data4 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a + data4 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8 + data4 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c + data4 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266 + data4 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8 + data4 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6 + data4 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604 + data4 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551 + data4 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41 + data4 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647 + data4 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c + data4 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1 + data4 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737 + data4 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db + data4 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340 + data4 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95 + data4 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1 + data4 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 +// Td2: + data4 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27 + data4 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3 + data4 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502 + data4 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562 + data4 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe + data4 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3 + data4 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552 + data4 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9 + data4 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9 + data4 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce + data4 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253 + data4 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908 + data4 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b + data4 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655 + data4 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337 + data4 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16 + data4 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69 + data4 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6 + data4 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6 + data4 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e + data4 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6 + data4 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050 + data4 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9 + data4 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8 + data4 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000 + data4 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a + data4 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d + data4 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436 + data4 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b + data4 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12 + data4 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b + data4 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e + data4 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f + data4 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb + data4 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4 + data4 0xdccad731, 0x85104263, 0x22401397, 0x112084c6 + data4 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729 + data4 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1 + data4 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9 + data4 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233 + data4 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4 + data4 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad + data4 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e + data4 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3 + data4 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25 + data4 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b + data4 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f + data4 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15 + data4 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0 + data4 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2 + data4 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7 + data4 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791 + data4 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496 + data4 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665 + data4 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b + data4 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6 + data4 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13 + data4 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47 + data4 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7 + data4 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844 + data4 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3 + data4 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d + data4 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456 + data4 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 +// Td3: + data4 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a + data4 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b + data4 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5 + data4 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5 + data4 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d + data4 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b + data4 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95 + data4 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e + data4 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27 + data4 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d + data4 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562 + data4 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9 + data4 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752 + data4 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66 + data4 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3 + data4 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced + data4 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e + data4 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4 + data4 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4 + data4 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd + data4 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d + data4 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60 + data4 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767 + data4 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79 + data4 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000 + data4 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c + data4 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736 + data4 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24 + data4 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b + data4 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c + data4 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12 + data4 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814 + data4 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3 + data4 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b + data4 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8 + data4 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084 + data4 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7 + data4 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077 + data4 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247 + data4 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22 + data4 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698 + data4 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f + data4 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254 + data4 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582 + data4 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf + data4 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb + data4 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883 + data4 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef + data4 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629 + data4 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035 + data4 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533 + data4 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17 + data4 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4 + data4 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46 + data4 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb + data4 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d + data4 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb + data4 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a + data4 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73 + data4 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678 + data4 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2 + data4 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff + data4 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064 + data4 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 +// Td4: + data4 0x52000000, 0x09000000, 0x6a000000, 0xd5000000 + data4 0x30000000, 0x36000000, 0xa5000000, 0x38000000 + data4 0xbf000000, 0x40000000, 0xa3000000, 0x9e000000 + data4 0x81000000, 0xf3000000, 0xd7000000, 0xfb000000 + data4 0x7c000000, 0xe3000000, 0x39000000, 0x82000000 + data4 0x9b000000, 0x2f000000, 0xff000000, 0x87000000 + data4 0x34000000, 0x8e000000, 0x43000000, 0x44000000 + data4 0xc4000000, 0xde000000, 0xe9000000, 0xcb000000 + data4 0x54000000, 0x7b000000, 0x94000000, 0x32000000 + data4 0xa6000000, 0xc2000000, 0x23000000, 0x3d000000 + data4 0xee000000, 0x4c000000, 0x95000000, 0x0b000000 + data4 0x42000000, 0xfa000000, 0xc3000000, 0x4e000000 + data4 0x08000000, 0x2e000000, 0xa1000000, 0x66000000 + data4 0x28000000, 0xd9000000, 0x24000000, 0xb2000000 + data4 0x76000000, 0x5b000000, 0xa2000000, 0x49000000 + data4 0x6d000000, 0x8b000000, 0xd1000000, 0x25000000 + data4 0x72000000, 0xf8000000, 0xf6000000, 0x64000000 + data4 0x86000000, 0x68000000, 0x98000000, 0x16000000 + data4 0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000 + data4 0x5d000000, 0x65000000, 0xb6000000, 0x92000000 + data4 0x6c000000, 0x70000000, 0x48000000, 0x50000000 + data4 0xfd000000, 0xed000000, 0xb9000000, 0xda000000 + data4 0x5e000000, 0x15000000, 0x46000000, 0x57000000 + data4 0xa7000000, 0x8d000000, 0x9d000000, 0x84000000 + data4 0x90000000, 0xd8000000, 0xab000000, 0x00000000 + data4 0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000 + data4 0xf7000000, 0xe4000000, 0x58000000, 0x05000000 + data4 0xb8000000, 0xb3000000, 0x45000000, 0x06000000 + data4 0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000 + data4 0xca000000, 0x3f000000, 0x0f000000, 0x02000000 + data4 0xc1000000, 0xaf000000, 0xbd000000, 0x03000000 + data4 0x01000000, 0x13000000, 0x8a000000, 0x6b000000 + data4 0x3a000000, 0x91000000, 0x11000000, 0x41000000 + data4 0x4f000000, 0x67000000, 0xdc000000, 0xea000000 + data4 0x97000000, 0xf2000000, 0xcf000000, 0xce000000 + data4 0xf0000000, 0xb4000000, 0xe6000000, 0x73000000 + data4 0x96000000, 0xac000000, 0x74000000, 0x22000000 + data4 0xe7000000, 0xad000000, 0x35000000, 0x85000000 + data4 0xe2000000, 0xf9000000, 0x37000000, 0xe8000000 + data4 0x1c000000, 0x75000000, 0xdf000000, 0x6e000000 + data4 0x47000000, 0xf1000000, 0x1a000000, 0x71000000 + data4 0x1d000000, 0x29000000, 0xc5000000, 0x89000000 + data4 0x6f000000, 0xb7000000, 0x62000000, 0x0e000000 + data4 0xaa000000, 0x18000000, 0xbe000000, 0x1b000000 + data4 0xfc000000, 0x56000000, 0x3e000000, 0x4b000000 + data4 0xc6000000, 0xd2000000, 0x79000000, 0x20000000 + data4 0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000 + data4 0x78000000, 0xcd000000, 0x5a000000, 0xf4000000 + data4 0x1f000000, 0xdd000000, 0xa8000000, 0x33000000 + data4 0x88000000, 0x07000000, 0xc7000000, 0x31000000 + data4 0xb1000000, 0x12000000, 0x10000000, 0x59000000 + data4 0x27000000, 0x80000000, 0xec000000, 0x5f000000 + data4 0x60000000, 0x51000000, 0x7f000000, 0xa9000000 + data4 0x19000000, 0xb5000000, 0x4a000000, 0x0d000000 + data4 0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000 + data4 0x93000000, 0xc9000000, 0x9c000000, 0xef000000 + data4 0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000 + data4 0xae000000, 0x2a000000, 0xf5000000, 0xb0000000 + data4 0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000 + data4 0x83000000, 0x53000000, 0x99000000, 0x61000000 + data4 0x17000000, 0x2b000000, 0x04000000, 0x7e000000 + data4 0xba000000, 0x77000000, 0xd6000000, 0x26000000 + data4 0xe1000000, 0x69000000, 0x14000000, 0x63000000 + data4 0x55000000, 0x21000000, 0x0c000000, 0x7d000000 +// Td5: + data4 0x00520000, 0x00090000, 0x006a0000, 0x00d50000 + data4 0x00300000, 0x00360000, 0x00a50000, 0x00380000 + data4 0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000 + data4 0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000 + data4 0x007c0000, 0x00e30000, 0x00390000, 0x00820000 + data4 0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000 + data4 0x00340000, 0x008e0000, 0x00430000, 0x00440000 + data4 0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000 + data4 0x00540000, 0x007b0000, 0x00940000, 0x00320000 + data4 0x00a60000, 0x00c20000, 0x00230000, 0x003d0000 + data4 0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000 + data4 0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000 + data4 0x00080000, 0x002e0000, 0x00a10000, 0x00660000 + data4 0x00280000, 0x00d90000, 0x00240000, 0x00b20000 + data4 0x00760000, 0x005b0000, 0x00a20000, 0x00490000 + data4 0x006d0000, 0x008b0000, 0x00d10000, 0x00250000 + data4 0x00720000, 0x00f80000, 0x00f60000, 0x00640000 + data4 0x00860000, 0x00680000, 0x00980000, 0x00160000 + data4 0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000 + data4 0x005d0000, 0x00650000, 0x00b60000, 0x00920000 + data4 0x006c0000, 0x00700000, 0x00480000, 0x00500000 + data4 0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000 + data4 0x005e0000, 0x00150000, 0x00460000, 0x00570000 + data4 0x00a70000, 0x008d0000, 0x009d0000, 0x00840000 + data4 0x00900000, 0x00d80000, 0x00ab0000, 0x00000000 + data4 0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000 + data4 0x00f70000, 0x00e40000, 0x00580000, 0x00050000 + data4 0x00b80000, 0x00b30000, 0x00450000, 0x00060000 + data4 0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000 + data4 0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000 + data4 0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000 + data4 0x00010000, 0x00130000, 0x008a0000, 0x006b0000 + data4 0x003a0000, 0x00910000, 0x00110000, 0x00410000 + data4 0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000 + data4 0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000 + data4 0x00f00000, 0x00b40000, 0x00e60000, 0x00730000 + data4 0x00960000, 0x00ac0000, 0x00740000, 0x00220000 + data4 0x00e70000, 0x00ad0000, 0x00350000, 0x00850000 + data4 0x00e20000, 0x00f90000, 0x00370000, 0x00e80000 + data4 0x001c0000, 0x00750000, 0x00df0000, 0x006e0000 + data4 0x00470000, 0x00f10000, 0x001a0000, 0x00710000 + data4 0x001d0000, 0x00290000, 0x00c50000, 0x00890000 + data4 0x006f0000, 0x00b70000, 0x00620000, 0x000e0000 + data4 0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000 + data4 0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000 + data4 0x00c60000, 0x00d20000, 0x00790000, 0x00200000 + data4 0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000 + data4 0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000 + data4 0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000 + data4 0x00880000, 0x00070000, 0x00c70000, 0x00310000 + data4 0x00b10000, 0x00120000, 0x00100000, 0x00590000 + data4 0x00270000, 0x00800000, 0x00ec0000, 0x005f0000 + data4 0x00600000, 0x00510000, 0x007f0000, 0x00a90000 + data4 0x00190000, 0x00b50000, 0x004a0000, 0x000d0000 + data4 0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000 + data4 0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000 + data4 0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000 + data4 0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000 + data4 0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000 + data4 0x00830000, 0x00530000, 0x00990000, 0x00610000 + data4 0x00170000, 0x002b0000, 0x00040000, 0x007e0000 + data4 0x00ba0000, 0x00770000, 0x00d60000, 0x00260000 + data4 0x00e10000, 0x00690000, 0x00140000, 0x00630000 + data4 0x00550000, 0x00210000, 0x000c0000, 0x007d0000 +// Td6: + data4 0x00005200, 0x00000900, 0x00006a00, 0x0000d500 + data4 0x00003000, 0x00003600, 0x0000a500, 0x00003800 + data4 0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00 + data4 0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00 + data4 0x00007c00, 0x0000e300, 0x00003900, 0x00008200 + data4 0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700 + data4 0x00003400, 0x00008e00, 0x00004300, 0x00004400 + data4 0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00 + data4 0x00005400, 0x00007b00, 0x00009400, 0x00003200 + data4 0x0000a600, 0x0000c200, 0x00002300, 0x00003d00 + data4 0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00 + data4 0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00 + data4 0x00000800, 0x00002e00, 0x0000a100, 0x00006600 + data4 0x00002800, 0x0000d900, 0x00002400, 0x0000b200 + data4 0x00007600, 0x00005b00, 0x0000a200, 0x00004900 + data4 0x00006d00, 0x00008b00, 0x0000d100, 0x00002500 + data4 0x00007200, 0x0000f800, 0x0000f600, 0x00006400 + data4 0x00008600, 0x00006800, 0x00009800, 0x00001600 + data4 0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00 + data4 0x00005d00, 0x00006500, 0x0000b600, 0x00009200 + data4 0x00006c00, 0x00007000, 0x00004800, 0x00005000 + data4 0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00 + data4 0x00005e00, 0x00001500, 0x00004600, 0x00005700 + data4 0x0000a700, 0x00008d00, 0x00009d00, 0x00008400 + data4 0x00009000, 0x0000d800, 0x0000ab00, 0x00000000 + data4 0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00 + data4 0x0000f700, 0x0000e400, 0x00005800, 0x00000500 + data4 0x0000b800, 0x0000b300, 0x00004500, 0x00000600 + data4 0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00 + data4 0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200 + data4 0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300 + data4 0x00000100, 0x00001300, 0x00008a00, 0x00006b00 + data4 0x00003a00, 0x00009100, 0x00001100, 0x00004100 + data4 0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00 + data4 0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00 + data4 0x0000f000, 0x0000b400, 0x0000e600, 0x00007300 + data4 0x00009600, 0x0000ac00, 0x00007400, 0x00002200 + data4 0x0000e700, 0x0000ad00, 0x00003500, 0x00008500 + data4 0x0000e200, 0x0000f900, 0x00003700, 0x0000e800 + data4 0x00001c00, 0x00007500, 0x0000df00, 0x00006e00 + data4 0x00004700, 0x0000f100, 0x00001a00, 0x00007100 + data4 0x00001d00, 0x00002900, 0x0000c500, 0x00008900 + data4 0x00006f00, 0x0000b700, 0x00006200, 0x00000e00 + data4 0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00 + data4 0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00 + data4 0x0000c600, 0x0000d200, 0x00007900, 0x00002000 + data4 0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00 + data4 0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400 + data4 0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300 + data4 0x00008800, 0x00000700, 0x0000c700, 0x00003100 + data4 0x0000b100, 0x00001200, 0x00001000, 0x00005900 + data4 0x00002700, 0x00008000, 0x0000ec00, 0x00005f00 + data4 0x00006000, 0x00005100, 0x00007f00, 0x0000a900 + data4 0x00001900, 0x0000b500, 0x00004a00, 0x00000d00 + data4 0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00 + data4 0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00 + data4 0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00 + data4 0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000 + data4 0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00 + data4 0x00008300, 0x00005300, 0x00009900, 0x00006100 + data4 0x00001700, 0x00002b00, 0x00000400, 0x00007e00 + data4 0x0000ba00, 0x00007700, 0x0000d600, 0x00002600 + data4 0x0000e100, 0x00006900, 0x00001400, 0x00006300 + data4 0x00005500, 0x00002100, 0x00000c00, 0x00007d00 +// Td7: + data4 0x00000052, 0x00000009, 0x0000006a, 0x000000d5 + data4 0x00000030, 0x00000036, 0x000000a5, 0x00000038 + data4 0x000000bf, 0x00000040, 0x000000a3, 0x0000009e + data4 0x00000081, 0x000000f3, 0x000000d7, 0x000000fb + data4 0x0000007c, 0x000000e3, 0x00000039, 0x00000082 + data4 0x0000009b, 0x0000002f, 0x000000ff, 0x00000087 + data4 0x00000034, 0x0000008e, 0x00000043, 0x00000044 + data4 0x000000c4, 0x000000de, 0x000000e9, 0x000000cb + data4 0x00000054, 0x0000007b, 0x00000094, 0x00000032 + data4 0x000000a6, 0x000000c2, 0x00000023, 0x0000003d + data4 0x000000ee, 0x0000004c, 0x00000095, 0x0000000b + data4 0x00000042, 0x000000fa, 0x000000c3, 0x0000004e + data4 0x00000008, 0x0000002e, 0x000000a1, 0x00000066 + data4 0x00000028, 0x000000d9, 0x00000024, 0x000000b2 + data4 0x00000076, 0x0000005b, 0x000000a2, 0x00000049 + data4 0x0000006d, 0x0000008b, 0x000000d1, 0x00000025 + data4 0x00000072, 0x000000f8, 0x000000f6, 0x00000064 + data4 0x00000086, 0x00000068, 0x00000098, 0x00000016 + data4 0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc + data4 0x0000005d, 0x00000065, 0x000000b6, 0x00000092 + data4 0x0000006c, 0x00000070, 0x00000048, 0x00000050 + data4 0x000000fd, 0x000000ed, 0x000000b9, 0x000000da + data4 0x0000005e, 0x00000015, 0x00000046, 0x00000057 + data4 0x000000a7, 0x0000008d, 0x0000009d, 0x00000084 + data4 0x00000090, 0x000000d8, 0x000000ab, 0x00000000 + data4 0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a + data4 0x000000f7, 0x000000e4, 0x00000058, 0x00000005 + data4 0x000000b8, 0x000000b3, 0x00000045, 0x00000006 + data4 0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f + data4 0x000000ca, 0x0000003f, 0x0000000f, 0x00000002 + data4 0x000000c1, 0x000000af, 0x000000bd, 0x00000003 + data4 0x00000001, 0x00000013, 0x0000008a, 0x0000006b + data4 0x0000003a, 0x00000091, 0x00000011, 0x00000041 + data4 0x0000004f, 0x00000067, 0x000000dc, 0x000000ea + data4 0x00000097, 0x000000f2, 0x000000cf, 0x000000ce + data4 0x000000f0, 0x000000b4, 0x000000e6, 0x00000073 + data4 0x00000096, 0x000000ac, 0x00000074, 0x00000022 + data4 0x000000e7, 0x000000ad, 0x00000035, 0x00000085 + data4 0x000000e2, 0x000000f9, 0x00000037, 0x000000e8 + data4 0x0000001c, 0x00000075, 0x000000df, 0x0000006e + data4 0x00000047, 0x000000f1, 0x0000001a, 0x00000071 + data4 0x0000001d, 0x00000029, 0x000000c5, 0x00000089 + data4 0x0000006f, 0x000000b7, 0x00000062, 0x0000000e + data4 0x000000aa, 0x00000018, 0x000000be, 0x0000001b + data4 0x000000fc, 0x00000056, 0x0000003e, 0x0000004b + data4 0x000000c6, 0x000000d2, 0x00000079, 0x00000020 + data4 0x0000009a, 0x000000db, 0x000000c0, 0x000000fe + data4 0x00000078, 0x000000cd, 0x0000005a, 0x000000f4 + data4 0x0000001f, 0x000000dd, 0x000000a8, 0x00000033 + data4 0x00000088, 0x00000007, 0x000000c7, 0x00000031 + data4 0x000000b1, 0x00000012, 0x00000010, 0x00000059 + data4 0x00000027, 0x00000080, 0x000000ec, 0x0000005f + data4 0x00000060, 0x00000051, 0x0000007f, 0x000000a9 + data4 0x00000019, 0x000000b5, 0x0000004a, 0x0000000d + data4 0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f + data4 0x00000093, 0x000000c9, 0x0000009c, 0x000000ef + data4 0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d + data4 0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0 + data4 0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c + data4 0x00000083, 0x00000053, 0x00000099, 0x00000061 + data4 0x00000017, 0x0000002b, 0x00000004, 0x0000007e + data4 0x000000ba, 0x00000077, 0x000000d6, 0x00000026 + data4 0x000000e1, 0x00000069, 0x00000014, 0x00000063 + data4 0x00000055, 0x00000021, 0x0000000c, 0x0000007d +.size AES_Td#,8*256*4 // HP-UX assembler fails to ".-AES_Td#" diff --git a/crypto/openssl/crypto/asn1/Makefile b/crypto/openssl/crypto/asn1/Makefile index 61145cb..f67c5eb 100644 --- a/crypto/openssl/crypto/asn1/Makefile +++ b/crypto/openssl/crypto/asn1/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/asn1/Makefile +# OpenSSL/crypto/asn1/Makefile # DIR= asn1 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -32,7 +27,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ f_int.c f_string.c n_pkey.c \ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \ - asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ + asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ @@ -44,7 +39,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ f_int.o f_string.o n_pkey.o \ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \ - asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ + asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o SRC= $(LIBSRC) @@ -81,7 +76,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -96,6 +92,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -109,69 +106,57 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h -a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_bitstr.o: ../../include/openssl/opensslconf.h a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c a_bool.o: ../../e_os.h ../../include/openssl/asn1.h a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_bool.o: ../cryptlib.h a_bool.c +a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h -a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c +a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_bytes.o: ../cryptlib.h a_bytes.c a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_d2i_fp.o: ../../include/openssl/opensslconf.h +a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_d2i_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c -a_digest.o: ../../e_os.h ../../include/openssl/aes.h -a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +a_digest.o: ../../e_os.h ../../include/openssl/asn1.h +a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_digest.o: ../../include/openssl/opensslconf.h a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_digest.o: ../cryptlib.h a_digest.c +a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_dup.o: ../cryptlib.h a_dup.c +a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -181,27 +166,26 @@ a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_enum.o: ../cryptlib.h a_enum.c a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h -a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c +a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_hdr.o: ../cryptlib.h a_hdr.c +a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h -a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_i2d_fp.o: ../../include/openssl/opensslconf.h a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c @@ -214,667 +198,501 @@ a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_int.o: ../cryptlib.h a_int.c a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h -a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c +a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_mbstr.o: ../cryptlib.h a_mbstr.c a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_meth.o: ../cryptlib.h a_meth.c +a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h -a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +a_object.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_object.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_object.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_object.o: ../../include/openssl/opensslconf.h a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c a_octet.o: ../../e_os.h ../../include/openssl/asn1.h -a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c +a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_octet.o: ../cryptlib.h a_octet.c a_print.o: ../../e_os.h ../../include/openssl/asn1.h -a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c +a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_print.o: ../cryptlib.h a_print.c a_set.o: ../../e_os.h ../../include/openssl/asn1.h a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_set.o: ../cryptlib.h a_set.c -a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c +a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h a_sign.o: ../cryptlib.h a_sign.c -a_strex.o: ../../e_os.h ../../include/openssl/aes.h -a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +a_strex.o: ../../e_os.h ../../include/openssl/asn1.h +a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_strex.o: ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h -a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_strnid.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_strnid.o: ../../include/openssl/opensslconf.h a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c a_time.o: ../../e_os.h ../../include/openssl/asn1.h a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_time.o: ../cryptlib.h ../o_time.h a_time.c +a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_time.c a_type.o: ../../e_os.h ../../include/openssl/asn1.h a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_type.o: ../cryptlib.h a_type.c +a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_type.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h -a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c +a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_utctm.o: ../cryptlib.h ../o_time.h a_utctm.c a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_utf8.o: ../cryptlib.h a_utf8.c -a_verify.o: ../../e_os.h ../../include/openssl/aes.h -a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c +a_verify.o: ../../e_os.h ../../include/openssl/asn1.h +a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_verify.o: ../../include/openssl/opensslconf.h +a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_verify.o: ../cryptlib.h a_verify.c +a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +asn1_err.o: ../../include/openssl/opensslconf.h asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c +asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h +asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h +asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +asn1_gen.o: ../cryptlib.h asn1_gen.c asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -asn1_lib.o: ../../include/openssl/opensslconf.h +asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h -asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +asn1_par.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +asn1_par.o: ../../include/openssl/opensslconf.h asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c -asn_moid.o: ../../e_os.h ../../include/openssl/aes.h -asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h +asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h asn_moid.o: ../../include/openssl/opensslconf.h asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_moid.o: ../cryptlib.h asn_moid.c +asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h -asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +asn_pack.o: ../../include/openssl/opensslconf.h asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c -d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h +d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c -d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +d2i_pr.o: ../cryptlib.h d2i_pr.c +d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h +d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c +d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +d2i_pu.o: ../cryptlib.h d2i_pu.c evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -evp_asn1.o: ../../include/openssl/opensslconf.h +evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -f_enum.o: ../cryptlib.h f_enum.c +f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -f_int.o: ../cryptlib.h f_int.c +f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c f_string.o: ../../e_os.h ../../include/openssl/asn1.h -f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +f_string.o: ../../include/openssl/opensslconf.h f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c -i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h +i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c -i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i2d_pr.o: ../cryptlib.h i2d_pr.c +i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h +i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c -n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i2d_pu.o: ../cryptlib.h i2d_pu.c +n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h -n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -n_pkey.o: ../cryptlib.h n_pkey.c -nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c +nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c -p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c +p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h p5_pbe.o: ../cryptlib.h p5_pbe.c -p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h -p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h +p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c -p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h -p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbev2.o: ../cryptlib.h p5_pbev2.c +p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p8_pkey.o: ../cryptlib.h p8_pkey.c -t_bitst.o: ../../e_os.h ../../include/openssl/aes.h -t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c +t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h +t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h +t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c -t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_bitst.o: ../cryptlib.h t_bitst.c +t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h t_crl.o: ../cryptlib.h t_crl.c t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c -t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h +t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_pkey.o: ../cryptlib.h t_pkey.c +t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h t_req.o: ../cryptlib.h t_req.c -t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h +t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h t_spki.o: ../cryptlib.h t_spki.c -t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h t_x509.o: ../cryptlib.h t_x509.c -t_x509a.o: ../../e_os.h ../../include/openssl/aes.h -t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h +t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509a.o: ../cryptlib.h t_x509a.c tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tasn_dec.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tasn_dec.o: ../../include/openssl/opensslconf.h tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c -tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_enc.o: ../../include/openssl/opensslconf.h +tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h +tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c +tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_fre.o: ../../include/openssl/opensslconf.h +tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_new.o: ../../include/openssl/opensslconf.h +tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_typ.o: ../../include/openssl/opensslconf.h +tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_utl.o: ../../include/openssl/opensslconf.h +tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +tasn_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c -x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_algor.o: x_algor.c -x_attrib.o: ../../e_os.h ../../include/openssl/aes.h -x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c +x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h +x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_attrib.o: ../cryptlib.h x_attrib.c +x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -884,69 +702,43 @@ x_bignum.o: ../../include/openssl/opensslconf.h x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c -x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_crl.o: ../../e_os.h ../../include/openssl/asn1.h x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c -x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_exten.o: x_exten.c -x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c +x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_info.o: ../cryptlib.h x_info.c +x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c x_long.o: ../../e_os.h ../../include/openssl/asn1.h x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -956,195 +748,123 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_long.o: ../cryptlib.h x_long.c -x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_name.o: ../../e_os.h ../../include/openssl/asn1.h x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c -x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c -x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h -x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h +x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_pubkey.o: ../../include/openssl/opensslconf.h x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h x_pubkey.o: ../cryptlib.h x_pubkey.c -x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_req.o: ../../e_os.h ../../include/openssl/asn1.h x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c -x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_sig.o: ../../e_os.h ../../include/openssl/asn1.h x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c -x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_spki.o: ../../e_os.h ../../include/openssl/asn1.h x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c -x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_val.o: ../../e_os.h ../../include/openssl/asn1.h x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c -x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +x_x509.o: ../../e_os.h ../../include/openssl/asn1.h x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c -x_x509a.o: ../../e_os.h ../../include/openssl/aes.h -x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h +x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509a.o: ../cryptlib.h x_x509a.c +x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/openssl/crypto/asn1/a_bitstr.c index f4ea96c..0fb9ce0 100644 --- a/crypto/openssl/crypto/asn1/a_bitstr.c +++ b/crypto/openssl/crypto/asn1/a_bitstr.c @@ -113,11 +113,12 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) return(ret); } -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, - long len) +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long len) { ASN1_BIT_STRING *ret=NULL; - unsigned char *p,*s; + const unsigned char *p; + unsigned char *s; int i; if (len < 1) @@ -164,7 +165,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, *pp=p; return(ret); err: - ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i); + ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) M_ASN1_BIT_STRING_free(ret); return(NULL); @@ -182,9 +183,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) iv= ~v; if (!value) v=0; + if (a == NULL) + return 0; + a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ - if (a == NULL) return(0); if ((a->length < (w+1)) || (a->data == NULL)) { if (!value) return(1); /* Don't need to set */ @@ -194,8 +197,12 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) c=(unsigned char *)OPENSSL_realloc_clean(a->data, a->length, w+1); - if (c == NULL) return(0); - if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); + if (c == NULL) + { + ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); + return 0; + } + if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); a->data=c; a->length=w+1; } diff --git a/crypto/openssl/crypto/asn1/a_bool.c b/crypto/openssl/crypto/asn1/a_bool.c index 24333ea4..331acdf 100644 --- a/crypto/openssl/crypto/asn1/a_bool.c +++ b/crypto/openssl/crypto/asn1/a_bool.c @@ -75,10 +75,10 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) return(r); } -int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length) +int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) { int ret= -1; - unsigned char *p; + const unsigned char *p; long len; int inf,tag,xclass; int i=0; diff --git a/crypto/openssl/crypto/asn1/a_bytes.c b/crypto/openssl/crypto/asn1/a_bytes.c index afd27b8..8d13f9c 100644 --- a/crypto/openssl/crypto/asn1/a_bytes.c +++ b/crypto/openssl/crypto/asn1/a_bytes.c @@ -60,14 +60,15 @@ #include "cryptlib.h" #include -static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c); +static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); /* type is a 'bitmap' of acceptable string types. */ -ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp, +ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, long length, int type) { ASN1_STRING *ret=NULL; - unsigned char *p,*s; + const unsigned char *p; + unsigned char *s; long len; int inf,tag,xclass; int i=0; @@ -153,11 +154,12 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) return(r); } -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, - int Ptag, int Pclass) +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, + long length, int Ptag, int Pclass) { ASN1_STRING *ret=NULL; - unsigned char *p,*s; + const unsigned char *p; + unsigned char *s; long len; int inf,tag,xclass; int i=0; @@ -185,7 +187,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, if (inf & V_ASN1_CONSTRUCTED) { - ASN1_CTX c; + ASN1_const_CTX c; c.pp=pp; c.p=p; @@ -247,7 +249,7 @@ err: * them into the one structure that is then returned */ /* There have been a few bug fixes for this function from * Paul Keogh , many thanks to him */ -static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) +static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) { ASN1_STRING *os=NULL; BUF_MEM b; @@ -268,7 +270,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) { if (c->inf & 1) { - c->eos=ASN1_check_infinite_end(&c->p, + c->eos=ASN1_const_check_infinite_end(&c->p, (long)(c->max-c->p)); if (c->eos) break; } @@ -296,7 +298,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) num+=os->length; } - if (!asn1_Finish(c)) goto err; + if (!asn1_const_Finish(c)) goto err; a->length=num; if (a->data != NULL) OPENSSL_free(a->data); diff --git a/crypto/openssl/crypto/asn1/a_d2i_fp.c b/crypto/openssl/crypto/asn1/a_d2i_fp.c index b67b75e..ece40bc 100644 --- a/crypto/openssl/crypto/asn1/a_d2i_fp.c +++ b/crypto/openssl/crypto/asn1/a_d2i_fp.c @@ -66,11 +66,10 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); #ifndef NO_OLD_ASN1 #ifndef OPENSSL_NO_FP_API -char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in, - unsigned char **x) +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) { BIO *b; - char *ret; + void *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { @@ -84,12 +83,11 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in, } #endif -char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in, - unsigned char **x) +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) { BUF_MEM *b = NULL; - unsigned char *p; - char *ret=NULL; + const unsigned char *p; + void *ret=NULL; int len; len = asn1_d2i_read_bio(in, &b); @@ -107,14 +105,14 @@ err: void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) { BUF_MEM *b = NULL; - unsigned char *p; + const unsigned char *p; void *ret=NULL; int len; len = asn1_d2i_read_bio(in, &b); if(len < 0) goto err; - p=(unsigned char *)b->data; + p=(const unsigned char *)b->data; ret=ASN1_item_d2i(x,&p,len, it); err: if (b != NULL) BUF_MEM_free(b); @@ -129,7 +127,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); + ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB); return(NULL); } BIO_set_fp(b,in,BIO_NOCLOSE); @@ -146,7 +144,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) unsigned char *p; int i; int ret=-1; - ASN1_CTX c; + ASN1_const_CTX c; int want=HEADER_SIZE; int eos=0; #if defined(__GNUC__) && defined(__ia64) @@ -160,7 +158,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) b=BUF_MEM_new(); if (b == NULL) { - ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); return -1; } @@ -173,13 +171,13 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (!BUF_MEM_grow_clean(b,len+want)) { - ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } i=BIO_read(in,&(b->data[len]),want); if ((i < 0) && ((len-off) == 0)) { - ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA); goto err; } if (i > 0) @@ -199,7 +197,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (e != ASN1_R_TOO_LONG) goto err; else - ERR_get_error(); /* clear error */ + ERR_clear_error(); /* clear error */ } i=c.p-p;/* header length */ off+=i; /* end of data */ @@ -228,7 +226,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) want-=(len-off); if (!BUF_MEM_grow_clean(b,len+want)) { - ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } while (want > 0) @@ -236,7 +234,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) i=BIO_read(in,&(b->data[len]),want); if (i <= 0) { - ASN1err(ASN1_F_ASN1_D2I_BIO, + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); goto err; } diff --git a/crypto/openssl/crypto/asn1/a_digest.c b/crypto/openssl/crypto/asn1/a_digest.c index 4931e22..d00d9e2 100644 --- a/crypto/openssl/crypto/asn1/a_digest.c +++ b/crypto/openssl/crypto/asn1/a_digest.c @@ -65,20 +65,25 @@ # include #endif +#include #include #include #include #ifndef NO_ASN1_OLD -int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len) { int i; unsigned char *str,*p; i=i2d(data,NULL); - if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0); + if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) + { + ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); + return(0); + } p=str; i2d(data,&p); diff --git a/crypto/openssl/crypto/asn1/a_dup.c b/crypto/openssl/crypto/asn1/a_dup.c index 58a0178..199d50f 100644 --- a/crypto/openssl/crypto/asn1/a_dup.c +++ b/crypto/openssl/crypto/asn1/a_dup.c @@ -62,22 +62,23 @@ #ifndef NO_OLD_ASN1 -char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x) { unsigned char *b,*p; - long i; + const unsigned char *p2; + int i; char *ret; if (x == NULL) return(NULL); - i=(long)i2d(x,NULL); - b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); + i=i2d(x,NULL); + b=OPENSSL_malloc(i+10); if (b == NULL) { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } p= b; i=i2d(x,&p); - p= b; - ret=d2i(NULL,&p,i); + p2= b; + ret=d2i(NULL,&p2,i); OPENSSL_free(b); return(ret); } @@ -91,7 +92,8 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) void *ASN1_item_dup(const ASN1_ITEM *it, void *x) { - unsigned char *b = NULL, *p; + unsigned char *b = NULL; + const unsigned char *p; long i; void *ret; @@ -99,7 +101,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) i=ASN1_item_i2d(x,&b,it); if (b == NULL) - { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } + { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } p= b; ret=ASN1_item_d2i(NULL,&p,i, it); OPENSSL_free(b); diff --git a/crypto/openssl/crypto/asn1/a_enum.c b/crypto/openssl/crypto/asn1/a_enum.c index ad8f0ff..fe9aa13 100644 --- a/crypto/openssl/crypto/asn1/a_enum.c +++ b/crypto/openssl/crypto/asn1/a_enum.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include /* * Code for ENUMERATED type: identical to INTEGER apart from a different tag. @@ -67,12 +68,13 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_ENUMERATED; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -116,7 +118,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) else if (i != V_ASN1_ENUMERATED) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); @@ -147,7 +149,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); goto err; } - if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED; + if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; else ret->type=V_ASN1_ENUMERATED; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); @@ -156,7 +158,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); if (!new_data) { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); goto err; } ret->data=new_data; @@ -175,6 +177,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1; + else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); return(ret); } diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c index 8581007..def7906 100644 --- a/crypto/openssl/crypto/asn1/a_gentm.c +++ b/crypto/openssl/crypto/asn1/a_gentm.c @@ -181,7 +181,7 @@ err: return(0); } -int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str) +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) { ASN1_GENERALIZEDTIME t; @@ -192,8 +192,9 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str) { if (s != NULL) { - ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length); + if (!ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str,t.length)) + return 0; s->type=V_ASN1_GENERALIZEDTIME; } return(1); @@ -223,7 +224,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); - if (p == NULL) return(NULL); + if (p == NULL) + { + ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, + ERR_R_MALLOC_FAILURE); + return(NULL); + } if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; diff --git a/crypto/openssl/crypto/asn1/a_hdr.c b/crypto/openssl/crypto/asn1/a_hdr.c index b1aad81..d1c2a7b 100644 --- a/crypto/openssl/crypto/asn1/a_hdr.c +++ b/crypto/openssl/crypto/asn1/a_hdr.c @@ -76,17 +76,17 @@ int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp) M_ASN1_I2D_finish(); } -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp, +ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp, long length) { M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new); M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING); + M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING); if (ret->meth != NULL) { - M_ASN1_D2I_get(ret->data,ret->meth->d2i); + M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i); } else { diff --git a/crypto/openssl/crypto/asn1/a_i2d_fp.c b/crypto/openssl/crypto/asn1/a_i2d_fp.c index f4f1b73..a3ad76d 100644 --- a/crypto/openssl/crypto/asn1/a_i2d_fp.c +++ b/crypto/openssl/crypto/asn1/a_i2d_fp.c @@ -64,7 +64,7 @@ #ifndef NO_OLD_ASN1 #ifndef OPENSSL_NO_FP_API -int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x) +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) { BIO *b; int ret; @@ -81,7 +81,7 @@ int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x) } #endif -int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x) +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) { char *b; unsigned char *p; @@ -124,7 +124,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); + ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,out,BIO_NOCLOSE); @@ -142,7 +142,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) n = ASN1_item_i2d(x, &b, it); if (b == NULL) { - ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE); return(0); } diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/openssl/crypto/asn1/a_int.c index 21cc64b..f8d198e 100644 --- a/crypto/openssl/crypto/asn1/a_int.c +++ b/crypto/openssl/crypto/asn1/a_int.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) { return M_ASN1_INTEGER_dup(x);} @@ -174,11 +175,12 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len) { ASN1_INTEGER *ret=NULL; - unsigned char *p,*to,*s, *pend; + const unsigned char *p, *pend; + unsigned char *to,*s; int i; if ((a == NULL) || ((*a) == NULL)) @@ -254,7 +256,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, *pp=pend; return(ret); err: - ASN1err(ASN1_F_D2I_ASN1_INTEGER,i); + ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) M_ASN1_INTEGER_free(ret); return(NULL); @@ -266,11 +268,12 @@ err: * with its MSB set as negative (it doesn't add a padding zero). */ -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length) { ASN1_INTEGER *ret=NULL; - unsigned char *p,*to,*s; + const unsigned char *p; + unsigned char *to,*s; long len; int inf,tag,xclass; int i; @@ -332,12 +335,13 @@ err: int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_INTEGER; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -381,7 +385,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) else if (i != V_ASN1_INTEGER) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); @@ -412,7 +416,8 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); goto err; } - if(bn->neg) ret->type = V_ASN1_NEG_INTEGER; + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_INTEGER; else ret->type=V_ASN1_INTEGER; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); @@ -445,7 +450,8 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1; + else if(ai->type == V_ASN1_NEG_INTEGER) + BN_set_negative(ret, 1); return(ret); } diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/openssl/crypto/asn1/a_mbstr.c index 208b3ec..2d4800a 100644 --- a/crypto/openssl/crypto/asn1/a_mbstr.c +++ b/crypto/openssl/crypto/asn1/a_mbstr.c @@ -107,7 +107,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, case MBSTRING_BMP: if(len & 1) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_BMPSTRING_LENGTH); return -1; } @@ -116,7 +116,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, case MBSTRING_UNIV: if(len & 3) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); return -1; } @@ -128,7 +128,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* This counts the characters and does utf8 syntax checking */ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); if(ret < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); return -1; } @@ -139,19 +139,19 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, break; default: - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); return -1; } if((minsize > 0) && (nchar < minsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if((maxsize > 0) && (nchar > maxsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; @@ -159,7 +159,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* Now work out minimal type (if any) */ if(traverse_string(in, len, inform, type_str, &mask) < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); return -1; } @@ -193,7 +193,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, free_out = 1; dest = ASN1_STRING_type_new(str_type); if(!dest) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); return -1; } @@ -202,7 +202,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* If both the same type just copy across */ if(inform == outform) { if(!ASN1_STRING_set(dest, in, len)) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); return -1; } return str_type; @@ -233,7 +233,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, } if(!(p = OPENSSL_malloc(outlen + 1))) { if(free_out) ASN1_STRING_free(dest); - ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); return -1; } dest->length = outlen; diff --git a/crypto/openssl/crypto/asn1/a_meth.c b/crypto/openssl/crypto/asn1/a_meth.c index 63158e9..50bea91 100644 --- a/crypto/openssl/crypto/asn1/a_meth.c +++ b/crypto/openssl/crypto/asn1/a_meth.c @@ -62,16 +62,16 @@ #include static ASN1_METHOD ia5string_meth={ - (int (*)()) i2d_ASN1_IA5STRING, - (char *(*)()) d2i_ASN1_IA5STRING, - (char *(*)()) ASN1_STRING_new, - (void (*)()) ASN1_STRING_free}; + (I2D_OF(void)) i2d_ASN1_IA5STRING, + (D2I_OF(void)) d2i_ASN1_IA5STRING, + (void *(*)(void))ASN1_STRING_new, + (void (*)(void *))ASN1_STRING_free}; static ASN1_METHOD bit_string_meth={ - (int (*)()) i2d_ASN1_BIT_STRING, - (char *(*)()) d2i_ASN1_BIT_STRING, - (char *(*)()) ASN1_STRING_new, - (void (*)()) ASN1_STRING_free}; + (I2D_OF(void)) i2d_ASN1_BIT_STRING, + (D2I_OF(void)) d2i_ASN1_BIT_STRING, + (void *(*)(void))ASN1_STRING_new, + (void (*)(void *))ASN1_STRING_free}; ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) { diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c index 0a8e6c2..a36356e 100644 --- a/crypto/openssl/crypto/asn1/a_object.c +++ b/crypto/openssl/crypto/asn1/a_object.c @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include @@ -83,10 +84,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { - int i,first,len=0,c; - char tmp[24]; + int i,first,len=0,c, use_bn; + char ftmp[24], *tmp = ftmp; + int tmpsize = sizeof ftmp; const char *p; unsigned long l; + BIGNUM *bl = NULL; if (num == 0) return(0); @@ -98,7 +101,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) num--; if ((c >= '0') && (c <= '2')) { - first=(c-'0')*40; + first= c-'0'; } else { @@ -122,6 +125,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) goto err; } l=0; + use_bn = 0; for (;;) { if (num <= 0) break; @@ -134,7 +138,22 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - l=l*10L+(long)(c-'0'); + if (!use_bn && l > (ULONG_MAX / 10L)) + { + use_bn = 1; + if (!bl) + bl = BN_new(); + if (!bl || !BN_set_word(bl, l)) + goto err; + } + if (use_bn) + { + if (!BN_mul_word(bl, 10L) + || !BN_add_word(bl, c-'0')) + goto err; + } + else + l=l*10L+(long)(c-'0'); } if (len == 0) { @@ -143,14 +162,42 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); goto err; } - l+=(long)first; + if (use_bn) + { + if (!BN_add_word(bl, first * 40)) + goto err; + } + else + l+=(long)first*40; } i=0; - for (;;) + if (use_bn) + { + int blsize; + blsize = BN_num_bits(bl); + blsize = (blsize + 6)/7; + if (blsize > tmpsize) + { + if (tmp != ftmp) + OPENSSL_free(tmp); + tmpsize = blsize + 32; + tmp = OPENSSL_malloc(tmpsize); + if (!tmp) + goto err; + } + while(blsize--) + tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); + } + else { - tmp[i++]=(unsigned char)l&0x7f; - l>>=7L; - if (l == 0L) break; + + for (;;) + { + tmp[i++]=(unsigned char)l&0x7f; + l>>=7L; + if (l == 0L) break; + } + } if (out != NULL) { @@ -166,8 +213,16 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) else len+=i; } + if (tmp != ftmp) + OPENSSL_free(tmp); + if (bl) + BN_free(bl); return(len); err: + if (tmp != ftmp) + OPENSSL_free(tmp); + if (bl) + BN_free(bl); return(0); } @@ -178,21 +233,31 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) { - char buf[80]; + char buf[80], *p = buf; int i; if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); i=i2t_ASN1_OBJECT(buf,sizeof buf,a); - if (i > sizeof buf) i=sizeof buf; - BIO_write(bp,buf,i); + if (i > (int)(sizeof(buf) - 1)) + { + p = OPENSSL_malloc(i + 1); + if (!p) + return -1; + i2t_ASN1_OBJECT(p,i + 1,a); + } + if (i <= 0) + return BIO_write(bp, "", 9); + BIO_write(bp,p,i); + if (p != buf) + OPENSSL_free(p); return(i); } -ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length) { - unsigned char *p; + const unsigned char *p; long len; int tag,xclass; int inf,i; @@ -219,11 +284,11 @@ err: ASN1_OBJECT_free(ret); return(NULL); } -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, +ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; - unsigned char *p; + const unsigned char *p; int i; /* only the ASN1_OBJECTs from the 'table' will have values @@ -255,7 +320,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, *pp=p; return(ret); err: - ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); + ASN1err(ASN1_F_C2I_ASN1_OBJECT,i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_OBJECT_free(ret); return(NULL); diff --git a/crypto/openssl/crypto/asn1/a_octet.c b/crypto/openssl/crypto/asn1/a_octet.c index 9690bae..24fd0f8 100644 --- a/crypto/openssl/crypto/asn1/a_octet.c +++ b/crypto/openssl/crypto/asn1/a_octet.c @@ -66,6 +66,6 @@ ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) { return M_ASN1_OCTET_STRING_cmp(a, b); } -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len) +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) { return M_ASN1_OCTET_STRING_set(x, d, len); } diff --git a/crypto/openssl/crypto/asn1/a_print.c b/crypto/openssl/crypto/asn1/a_print.c index 8035513..d18e772 100644 --- a/crypto/openssl/crypto/asn1/a_print.c +++ b/crypto/openssl/crypto/asn1/a_print.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include -int ASN1_PRINTABLE_type(unsigned char *s, int len) +int ASN1_PRINTABLE_type(const unsigned char *s, int len) { int c; int ia5=0; diff --git a/crypto/openssl/crypto/asn1/a_set.c b/crypto/openssl/crypto/asn1/a_set.c index 0f83982..958558c 100644 --- a/crypto/openssl/crypto/asn1/a_set.c +++ b/crypto/openssl/crypto/asn1/a_set.c @@ -85,8 +85,8 @@ static int SetBlobCmp(const void *elem1, const void *elem2 ) } /* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ -int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, - int ex_class, int is_set) +int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, + int ex_class, int is_set) { int ret=0,r; int i; @@ -97,7 +97,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, if (a == NULL) return(0); for (i=sk_num(a)-1; i>=0; i--) - ret+=func(sk_value(a,i),NULL); + ret+=i2d(sk_value(a,i),NULL); r=ASN1_object_size(1,ret,ex_tag); if (pp == NULL) return(r); @@ -111,20 +111,25 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, if(!is_set || (sk_num(a) < 2)) { for (i=0; ipkey_type == NID_dsaWithSHA1) + if (type->pkey_type == NID_dsaWithSHA1 || + type->pkey_type == NID_ecdsa_with_SHA1) { - /* special case: RFC 2459 tells us to omit 'parameters' - * with id-dsa-with-sha1 */ + /* special case: RFC 3279 tells us to omit 'parameters' + * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ ASN1_TYPE_free(a->parameter); a->parameter = NULL; } @@ -247,12 +248,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, a->algorithm=OBJ_nid2obj(type->pkey_type); if (a->algorithm == NULL) { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); + ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); goto err; } if (a->algorithm->length == 0) { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); goto err; } } @@ -262,7 +263,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, if ((buf_in == NULL) || (buf_out == NULL)) { outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); goto err; } @@ -272,7 +273,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, (unsigned int *)&outl,pkey)) { outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); + ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); goto err; } if (signature->data != NULL) OPENSSL_free(signature->data); diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c index a07122b..fc743c2 100644 --- a/crypto/openssl/crypto/asn1/a_strex.c +++ b/crypto/openssl/crypto/asn1/a_strex.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,12 +58,12 @@ #include #include +#include "cryptlib.h" #include #include #include #include "charmap.h" -#include "cryptlib.h" /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). * Enhanced string and name printing routines handling @@ -194,6 +194,8 @@ static int do_buf(unsigned char *buf, int buflen, if(i < 0) return -1; /* Invalid UTF8String */ p += i; break; + default: + return -1; /* invalid width */ } if (p == q) orflags = CHARTYPE_LAST_ESC_2253; if(type & BUF_TYPE_CONVUTF8) { @@ -223,7 +225,7 @@ static int do_buf(unsigned char *buf, int buflen, static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) { - const static char hexdig[] = "0123456789ABCDEF"; + static const char hexdig[] = "0123456789ABCDEF"; unsigned char *p, *q; char hextmp[2]; if(arg) { @@ -279,7 +281,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING * otherwise it is the number of bytes per character */ -const static signed char tag2nbyte[] = { +static const signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ @@ -356,12 +358,13 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR } len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if(outlen < 0) return -1; + if(len < 0) return -1; outlen += len; if(quotes) outlen += 2; if(!arg) return outlen; if(quotes && !io_ch(arg, "\"", 1)) return -1; - do_buf(str->data, str->length, type, flags, NULL, io_ch, arg); + if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) + return -1; if(quotes && !io_ch(arg, "\"", 1)) return -1; return outlen; } @@ -513,7 +516,7 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) return do_name_ex(send_bio_chars, out, nm, indent, flags); } - +#ifndef OPENSSL_NO_FP_API int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) { if(flags == XN_FLAG_COMPAT) @@ -528,17 +531,19 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long fla } return do_name_ex(send_fp_chars, fp, nm, indent, flags); } +#endif int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_bio_chars, out, flags, str); } - +#ifndef OPENSSL_NO_FP_API int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_fp_chars, fp, flags, str); } +#endif /* Utility function: convert any string type to UTF8, returns number of bytes * in output string or a negative error code @@ -553,12 +558,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) if((type < 0) || (type > 30)) return -1; mbflag = tag2nbyte[type]; if(mbflag == -1) return -1; - if (mbflag == 0) - mbflag = MBSTRING_UTF8; - else if (mbflag == 4) - mbflag = MBSTRING_UNIV; - else - mbflag |= MBSTRING_FLAG; + mbflag |= MBSTRING_FLAG; stmp.data = NULL; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/openssl/crypto/asn1/a_type.c index fe3fcd4..a6acef1 100644 --- a/crypto/openssl/crypto/asn1/a_type.c +++ b/crypto/openssl/crypto/asn1/a_type.c @@ -57,8 +57,8 @@ */ #include -#include #include "cryptlib.h" +#include int ASN1_TYPE_get(ASN1_TYPE *a) { @@ -71,7 +71,10 @@ int ASN1_TYPE_get(ASN1_TYPE *a) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { if (a->value.ptr != NULL) - ASN1_primitive_free((ASN1_VALUE **)&a, NULL); + { + ASN1_TYPE **tmp_a = &a; + ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); + } a->type=type; a->value.ptr=value; } diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c index 999852d..d31c028 100644 --- a/crypto/openssl/crypto/asn1/a_utctm.c +++ b/crypto/openssl/crypto/asn1/a_utctm.c @@ -162,7 +162,7 @@ err: return(0); } -int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str) +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { ASN1_UTCTIME t; @@ -173,8 +173,9 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str) { if (s != NULL) { - ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length); + if (!ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str,t.length)) + return 0; s->type = V_ASN1_UTCTIME; } return(1); @@ -203,7 +204,11 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); - if (p == NULL) return(NULL); + if (p == NULL) + { + ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE); + return(NULL); + } if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c index da2a0a6..fdce6e4 100644 --- a/crypto/openssl/crypto/asn1/a_verify.c +++ b/crypto/openssl/crypto/asn1/a_verify.c @@ -73,8 +73,8 @@ #ifndef NO_ASN1_OLD -int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey) +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey) { EVP_MD_CTX ctx; const EVP_MD *type; @@ -138,7 +138,14 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat type=EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { - ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); + ret=0; goto err; } @@ -146,11 +153,10 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat if (buf_in == NULL) { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } - EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); @@ -159,7 +165,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, (unsigned int)signature->length,pkey) <= 0) { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h index 3414509..30f1eec 100644 --- a/crypto/openssl/crypto/asn1/asn1.h +++ b/crypto/openssl/crypto/asn1/asn1.h @@ -60,17 +60,19 @@ #define HEADER_ASN1_H #include +#include #ifndef OPENSSL_NO_BIO #include #endif -#include -#include #include #include #include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif #ifdef OPENSSL_BUILD_SHLIBCRYPTO # undef OPENSSL_EXTERN @@ -147,19 +149,24 @@ extern "C" { #define B_ASN1_UTF8STRING 0x2000 #define B_ASN1_UTCTIME 0x4000 #define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 /* For use with ASN1_mbstring_copy() */ #define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) #define MBSTRING_ASC (MBSTRING_FLAG|1) #define MBSTRING_BMP (MBSTRING_FLAG|2) -#define MBSTRING_UNIV (MBSTRING_FLAG|3) -#define MBSTRING_UTF8 (MBSTRING_FLAG|4) +#define MBSTRING_UNIV (MBSTRING_FLAG|4) struct X509_algor_st; #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ +/* We MUST make sure that, except for constness, asn1_ctx_st and + asn1_const_ctx are exactly the same. Fortunately, as soon as + the old ASN1 parsing macros are gone, we can throw this away + as well... */ typedef struct asn1_ctx_st { unsigned char *p;/* work char pointer */ @@ -175,6 +182,21 @@ typedef struct asn1_ctx_st int line; /* used in error processing */ } ASN1_CTX; +typedef struct asn1_const_ctx_st + { + const unsigned char *p;/* work char pointer */ + int eos; /* end of sequence read for indefinite encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + const unsigned char *max; /* largest value of p allowed */ + const unsigned char *q;/* temporary variable */ + const unsigned char **pp;/* variable */ + int line; /* used in error processing */ + } ASN1_const_CTX; + /* These are used internally in the ASN1_OBJECT to keep track of * whether the names and data need to be free()ed */ #define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ @@ -191,6 +213,11 @@ typedef struct asn1_object_st } ASN1_OBJECT; #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +/* This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should + * be inserted in the memory buffer + */ +#define ASN1_STRING_FLAG_NDEF 0x010 /* This is the base type that holds just about everything :-) */ typedef struct asn1_string_st { @@ -259,18 +286,19 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ - type *d2i_##name(type **a, unsigned char **in, long len); \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ int i2d_##name(type *a, unsigned char **out); \ DECLARE_ASN1_ITEM(itname) @@ -279,10 +307,26 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; int i2d_##name(const type *a, unsigned char **out); \ DECLARE_ASN1_ITEM(name) +#define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + #define DECLARE_ASN1_FUNCTIONS_const(name) \ name *name##_new(void); \ void name##_free(name *a); +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +#define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +#define I2D_OF(type) int (*)(type *,unsigned char **) +#define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); /* The following macros and typedefs allow an ASN1_ITEM * to be embedded in a structure and referenced. Since @@ -475,17 +519,17 @@ DECLARE_ASN1_SET_OF(ASN1_TYPE) typedef struct asn1_method_st { - int (*i2d)(); - char *(*d2i)(); - char *(*create)(); - void (*destroy)(); + i2d_of_void *i2d; + d2i_of_void *d2i; + void *(*create)(void); + void (*destroy)(void *); } ASN1_METHOD; /* This is used when parsing some Netscape objects */ typedef struct asn1_header_st { ASN1_OCTET_STRING *header; - char *data; + void *data; ASN1_METHOD *meth; } ASN1_HEADER; @@ -551,6 +595,7 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_UNIVERSALSTRING|\ B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ B_ASN1_UNKNOWN #define B_ASN1_DIRECTORYSTRING \ @@ -700,9 +745,9 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); -ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, +ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, long length); -ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, +ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, long length); DECLARE_ASN1_ITEM(ASN1_OBJECT) @@ -725,7 +770,7 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, long length); int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length ); @@ -741,13 +786,13 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, BIT_STRING_BITNAME *tbl); int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); -int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); +int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length); -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp, +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length); ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); @@ -756,7 +801,7 @@ DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) int ASN1_UTCTIME_check(ASN1_UTCTIME *a); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); -int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); #if 0 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); @@ -764,12 +809,12 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); -int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) @@ -792,15 +837,17 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) DECLARE_ASN1_FUNCTIONS(ASN1_TIME) +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); int ASN1_TIME_check(ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); -int i2d_ASN1_SET(STACK *a, unsigned char **pp, - int (*func)(), int ex_tag, int ex_class, int is_set); -STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, - char *(*func)(), void (*free_func)(void *), - int ex_tag, int ex_class); +int i2d_ASN1_SET(STACK *a, unsigned char **pp, + i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); +STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, + d2i_of_void *d2i, void (*free_func)(void *), + int ex_tag, int ex_class); #ifndef OPENSSL_NO_BIO int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); @@ -829,36 +876,49 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ -int ASN1_PRINTABLE_type(unsigned char *s, int max); +int ASN1_PRINTABLE_type(const unsigned char *s, int max); int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, long length, int Ptag, int Pclass); unsigned long ASN1_tag2bit(int tag); /* type is one or more of the B_ASN1_ values. */ -ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, +ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp, long length,int type); /* PARSING */ int asn1_Finish(ASN1_CTX *c); +int asn1_const_Finish(ASN1_const_CTX *c); /* SPECIALS */ -int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, int *pclass, long omax); int ASN1_check_infinite_end(unsigned char **p,long len); +int ASN1_const_check_infinite_end(const unsigned char **p,long len); void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); int ASN1_object_size(int constructed, int length, int tag); /* Used to implement other functions */ -char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); +#define ASN1_dup_of(type,i2d,d2i,x) \ + ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) +#define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) void *ASN1_item_dup(const ASN1_ITEM *it, void *x); #ifndef OPENSSL_NO_FP_API -char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); +#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x) void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); -int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); +int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); +#define ASN1_i2d_fp_of(type,i2d,out,x) \ + ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) +#define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); #endif @@ -866,23 +926,29 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); #ifndef OPENSSL_NO_BIO -char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); +#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x) void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); -int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); +int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); +#define ASN1_i2d_bio_of(type,i2d,out,x) \ + ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) +#define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); -int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); -int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump); +int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent); +int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); #endif const char *ASN1_tag2str(int tag); /* Used to load and write netscape format cert/key */ int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length); +ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length); ASN1_HEADER *ASN1_HEADER_new(void ); void ASN1_HEADER_free(ASN1_HEADER *a); @@ -903,13 +969,16 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, unsigned char *data, int max_len); -STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), - void (*free_func)(void *) ); -unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, - int *len ); -void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); +STACK *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i, void (*free_func)(void *)); +unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, + unsigned char **buf, int *len ); +void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); -ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); +ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, + ASN1_OCTET_STRING **oct); +#define ASN1_pack_string_of(type,obj,i2d,oct) \ + ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct) ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); @@ -932,11 +1001,15 @@ void ASN1_STRING_TABLE_cleanup(void); /* Old API compatible functions */ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); -ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it); +ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); void ASN1_add_oid_module(void); +ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -950,43 +1023,67 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_A2I_ASN1_ENUMERATED 101 #define ASN1_F_A2I_ASN1_INTEGER 102 #define ASN1_F_A2I_ASN1_STRING 103 +#define ASN1_F_APPEND_EXP 176 +#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +#define ASN1_F_ASN1_CB 177 #define ASN1_F_ASN1_CHECK_TLEN 104 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 #define ASN1_F_ASN1_COLLECT 106 -#define ASN1_F_ASN1_D2I_BIO 107 #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 #define ASN1_F_ASN1_D2I_FP 109 +#define ASN1_F_ASN1_D2I_READ_BIO 107 +#define ASN1_F_ASN1_DIGEST 184 #define ASN1_F_ASN1_DO_ADB 110 #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +#define ASN1_F_ASN1_EX_C2I 204 +#define ASN1_F_ASN1_FIND_END 190 +#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 +#define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 #define ASN1_F_ASN1_I2D_BIO 116 #define ASN1_F_ASN1_I2D_FP 117 #define ASN1_F_ASN1_INTEGER_SET 118 #define ASN1_F_ASN1_INTEGER_TO_BN 119 +#define ASN1_F_ASN1_ITEM_D2I_FP 206 +#define ASN1_F_ASN1_ITEM_DUP 191 +#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 #define ASN1_F_ASN1_ITEM_EX_D2I 120 -#define ASN1_F_ASN1_ITEM_NEW 121 -#define ASN1_F_ASN1_MBSTRING_COPY 122 +#define ASN1_F_ASN1_ITEM_I2D_BIO 192 +#define ASN1_F_ASN1_ITEM_I2D_FP 193 +#define ASN1_F_ASN1_ITEM_PACK 198 +#define ASN1_F_ASN1_ITEM_SIGN 195 +#define ASN1_F_ASN1_ITEM_UNPACK 199 +#define ASN1_F_ASN1_ITEM_VERIFY 197 +#define ASN1_F_ASN1_MBSTRING_NCOPY 122 #define ASN1_F_ASN1_OBJECT_NEW 123 #define ASN1_F_ASN1_PACK_STRING 124 -#define ASN1_F_ASN1_PBE_SET 125 +#define ASN1_F_ASN1_PCTX_NEW 205 +#define ASN1_F_ASN1_PKCS5_PBE_SET 125 #define ASN1_F_ASN1_SEQ_PACK 126 #define ASN1_F_ASN1_SEQ_UNPACK 127 #define ASN1_F_ASN1_SIGN 128 +#define ASN1_F_ASN1_STR2TYPE 179 +#define ASN1_F_ASN1_STRING_SET 186 #define ASN1_F_ASN1_STRING_TABLE_ADD 129 #define ASN1_F_ASN1_STRING_TYPE_NEW 130 -#define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 #define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 +#define ASN1_F_ASN1_UTCTIME_SET 187 #define ASN1_F_ASN1_VERIFY 137 +#define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 #define ASN1_F_BN_TO_ASN1_INTEGER 139 +#define ASN1_F_C2I_ASN1_BIT_STRING 189 +#define ASN1_F_C2I_ASN1_INTEGER 194 +#define ASN1_F_C2I_ASN1_OBJECT 196 #define ASN1_F_COLLECT_DATA 140 #define ASN1_F_D2I_ASN1_BIT_STRING 141 #define ASN1_F_D2I_ASN1_BOOLEAN 142 @@ -1003,23 +1100,30 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_NETSCAPE_RSA_2 153 #define ASN1_F_D2I_PRIVATEKEY 154 #define ASN1_F_D2I_PUBLICKEY 155 +#define ASN1_F_D2I_RSA_NET 200 +#define ASN1_F_D2I_RSA_NET_2 201 #define ASN1_F_D2I_X509 156 #define ASN1_F_D2I_X509_CINF 157 -#define ASN1_F_D2I_X509_NAME 158 #define ASN1_F_D2I_X509_PKEY 159 +#define ASN1_F_I2D_ASN1_SET 188 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 -#define ASN1_F_I2D_NETSCAPE_RSA 162 +#define ASN1_F_I2D_EC_PUBKEY 181 #define ASN1_F_I2D_PRIVATEKEY 163 #define ASN1_F_I2D_PUBLICKEY 164 +#define ASN1_F_I2D_RSA_NET 162 #define ASN1_F_I2D_RSA_PUBKEY 165 #define ASN1_F_LONG_C2I 166 #define ASN1_F_OID_MODULE_INIT 174 +#define ASN1_F_PARSE_TAGGING 182 #define ASN1_F_PKCS5_PBE2_SET 167 +#define ASN1_F_PKCS5_PBE_SET 202 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 #define ASN1_F_X509_INFO_NEW 170 -#define ASN1_F_X509_NAME_NEW 171 +#define ASN1_F_X509_NAME_ENCODE 203 +#define ASN1_F_X509_NAME_EX_D2I 158 +#define ASN1_F_X509_NAME_EX_NEW 171 #define ASN1_F_X509_NEW 172 #define ASN1_F_X509_PKEY_NEW 173 @@ -1037,6 +1141,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DATA_IS_WRONG 109 #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_DEPTH_EXCEEDED 174 #define ASN1_R_ENCODE_ERROR 112 #define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 @@ -1051,38 +1156,58 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_FIELD_MISSING 121 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 #define ASN1_R_HEADER_TOO_LONG 123 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 #define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 #define ASN1_R_ILLEGAL_TAGGED_ANY 127 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 #define ASN1_R_INVALID_UTF8STRING 134 #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 +#define ASN1_R_LIST_ERROR 188 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 +#define ASN1_R_MISSING_VALUE 189 #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 +#define ASN1_R_NESTED_ASN1_STRING 197 #define ASN1_R_NON_HEX_CHARACTERS 141 +#define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 @@ -1092,10 +1217,13 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 #define ASN1_R_UNSUPPORTED_CIPHER 165 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +#define ASN1_R_UNSUPPORTED_TYPE 196 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c index 094ec06..c672d2e 100644 --- a/crypto/openssl/crypto/asn1/asn1_err.c +++ b/crypto/openssl/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,163 +64,222 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) + static ERR_STRING_DATA ASN1_str_functs[]= { -{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"}, -{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, -{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, -{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, -{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, -{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, -{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, -{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, -{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, -{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, -{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, -{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, -{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, -{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, -{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, -{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, -{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, -{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"}, -{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, -{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, -{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"}, -{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"}, -{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"}, -{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, -{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, -{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"}, -{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, -{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, -{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, -{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, -{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, -{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, -{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, -{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, -{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, -{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, -{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, -{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, -{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, -{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, -{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, -{ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"}, -{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"}, -{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, -{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"}, -{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"}, -{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, -{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, -{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, -{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, -{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, -{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, -{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, -{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, -{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, -{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"}, -{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, -{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, -{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, -{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"}, -{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, -{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, -{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"}, +{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, +{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, +{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, +{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, +{ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, +{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, +{ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, +{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, +{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, +{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, +{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, +{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, +{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, +{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, +{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, +{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, +{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, +{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, +{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, +{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, +{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, +{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, +{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, +{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, +{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, +{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, +{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, +{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, +{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, +{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, +{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, +{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, +{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, +{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, +{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, +{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, +{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, +{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, +{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, +{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, +{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, +{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, +{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, +{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_SET"}, +{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, +{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, +{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, +{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, +{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, +{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, +{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, +{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, +{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, +{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, +{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, +{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, +{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, +{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, +{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, +{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, +{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, +{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, +{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, +{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, +{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, +{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, +{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, +{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, +{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, +{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, +{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, +{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, +{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, +{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, +{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, +{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, +{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, +{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_PBE_SET"}, +{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, +{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_ADD0_REVOKED"}, +{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_NEW"}, +{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, +{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, +{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, +{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, +{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, {0,NULL} }; static ERR_STRING_DATA ASN1_str_reasons[]= { -{ASN1_R_ADDING_OBJECT ,"adding object"}, -{ASN1_R_AUX_ERROR ,"aux error"}, -{ASN1_R_BAD_CLASS ,"bad class"}, -{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, -{ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, -{ASN1_R_BAD_TAG ,"bad tag"}, -{ASN1_R_BN_LIB ,"bn lib"}, -{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, -{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, -{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, -{ASN1_R_DATA_IS_WRONG ,"data is wrong"}, -{ASN1_R_DECODE_ERROR ,"decode error"}, -{ASN1_R_DECODING_ERROR ,"decoding error"}, -{ASN1_R_ENCODE_ERROR ,"encode error"}, -{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, -{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, -{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, -{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, -{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, -{ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, -{ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, -{ASN1_R_EXPECTING_A_TIME ,"expecting a time"}, -{ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"}, -{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"}, -{ASN1_R_FIELD_MISSING ,"field missing"}, -{ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"}, -{ASN1_R_HEADER_TOO_LONG ,"header too long"}, -{ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"}, -{ASN1_R_ILLEGAL_NULL ,"illegal null"}, -{ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"}, -{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"}, -{ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"}, -{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"}, -{ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"}, -{ASN1_R_INVALID_DIGIT ,"invalid digit"}, -{ASN1_R_INVALID_SEPARATOR ,"invalid separator"}, -{ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"}, -{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"}, -{ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"}, -{ASN1_R_IV_TOO_LARGE ,"iv too large"}, -{ASN1_R_LENGTH_ERROR ,"length error"}, -{ASN1_R_MISSING_EOC ,"missing eoc"}, -{ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"}, -{ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"}, -{ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"}, -{ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"}, -{ASN1_R_NOT_ENOUGH_DATA ,"not enough data"}, -{ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"}, -{ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"}, -{ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"}, -{ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"}, -{ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"}, -{ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"}, -{ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"}, -{ASN1_R_SHORT_LINE ,"short line"}, -{ASN1_R_STRING_TOO_LONG ,"string too long"}, -{ASN1_R_STRING_TOO_SHORT ,"string too short"}, -{ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"}, -{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, -{ASN1_R_TOO_LONG ,"too long"}, -{ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"}, -{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, -{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, -{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"}, -{ASN1_R_UNKNOWN_FORMAT ,"unknown format"}, -{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, -{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, -{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"}, -{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"}, -{ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"}, -{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"}, -{ASN1_R_WRONG_TAG ,"wrong tag"}, -{ASN1_R_WRONG_TYPE ,"wrong type"}, +{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, +{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, +{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, +{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, +{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, +{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, +{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, +{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, +{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, +{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, +{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, +{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, +{ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"}, +{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"}, +{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"}, +{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"}, +{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"}, +{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"}, +{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"}, +{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"}, +{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"}, +{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"}, +{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"}, +{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"}, +{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"}, +{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"}, +{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"}, +{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) ,"illegal boolean"}, +{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"}, +{ERR_REASON(ASN1_R_ILLEGAL_FORMAT) ,"illegal format"}, +{ERR_REASON(ASN1_R_ILLEGAL_HEX) ,"illegal hex"}, +{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"}, +{ERR_REASON(ASN1_R_ILLEGAL_INTEGER) ,"illegal integer"}, +{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"}, +{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"}, +{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) ,"illegal null value"}, +{ERR_REASON(ASN1_R_ILLEGAL_OBJECT) ,"illegal object"}, +{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"}, +{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"}, +{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"}, +{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, +{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, +{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, +{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, +{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, +{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, +{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, +{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, +{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, +{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"}, +{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, +{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, +{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"}, +{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, +{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, +{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, +{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, +{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, +{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, +{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, +{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, +{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, +{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, +{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, +{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"}, +{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, +{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"}, +{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"}, +{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"}, +{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, +{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, +{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, +{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, +{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, +{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, +{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, +{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, +{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, +{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, +{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, +{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, +{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, +{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, +{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, +{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, +{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, +{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, +{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, +{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, +{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, +{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"}, +{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"}, +{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"}, {0,NULL} }; @@ -234,8 +293,8 @@ void ERR_load_ASN1_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs); - ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons); + ERR_load_strings(0,ASN1_str_functs); + ERR_load_strings(0,ASN1_str_reasons); #endif } diff --git a/crypto/openssl/crypto/asn1/asn1_gen.c b/crypto/openssl/crypto/asn1/asn1_gen.c new file mode 100644 index 0000000..26c8327 --- /dev/null +++ b/crypto/openssl/crypto/asn1/asn1_gen.c @@ -0,0 +1,848 @@ +/* asn1_gen.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include + +#define ASN1_GEN_FLAG 0x10000 +#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) +#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) +#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) +#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) +#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) +#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) +#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) +#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) + +#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} + +#define ASN1_FLAG_EXP_MAX 20 + +/* Input formats */ + +/* ASCII: default */ +#define ASN1_GEN_FORMAT_ASCII 1 +/* UTF8 */ +#define ASN1_GEN_FORMAT_UTF8 2 +/* Hex */ +#define ASN1_GEN_FORMAT_HEX 3 +/* List of bits */ +#define ASN1_GEN_FORMAT_BITLIST 4 + + +struct tag_name_st + { + const char *strnam; + int len; + int tag; + }; + +typedef struct + { + int exp_tag; + int exp_class; + int exp_constructed; + int exp_pad; + long exp_len; + } tag_exp_type; + +typedef struct + { + int imp_tag; + int imp_class; + int utype; + int format; + const char *str; + tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; + int exp_count; + } tag_exp_arg; + +static int bitstr_cb(const char *elem, int len, void *bitstr); +static int asn1_cb(const char *elem, int len, void *bitstr); +static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); +static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); +static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); +static int asn1_str2tag(const char *tagstr, int len); + +ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) + { + X509V3_CTX cnf; + + if (!nconf) + return ASN1_generate_v3(str, NULL); + + X509V3_set_nconf(&cnf, nconf); + return ASN1_generate_v3(str, &cnf); + } + +ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) + { + ASN1_TYPE *ret; + tag_exp_arg asn1_tags; + tag_exp_type *etmp; + + int i, len; + + unsigned char *orig_der = NULL, *new_der = NULL; + const unsigned char *cpy_start; + unsigned char *p; + const unsigned char *cp; + int cpy_len; + long hdr_len; + int hdr_constructed = 0, hdr_tag, hdr_class; + int r; + + asn1_tags.imp_tag = -1; + asn1_tags.imp_class = -1; + asn1_tags.format = ASN1_GEN_FORMAT_ASCII; + asn1_tags.exp_count = 0; + if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) + return NULL; + + if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) + { + if (!cnf) + { + ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + return NULL; + } + ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); + } + else + ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); + + if (!ret) + return NULL; + + /* If no tagging return base type */ + if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) + return ret; + + /* Generate the encoding */ + cpy_len = i2d_ASN1_TYPE(ret, &orig_der); + ASN1_TYPE_free(ret); + ret = NULL; + /* Set point to start copying for modified encoding */ + cpy_start = orig_der; + + /* Do we need IMPLICIT tagging? */ + if (asn1_tags.imp_tag != -1) + { + /* If IMPLICIT we will replace the underlying tag */ + /* Skip existing tag+len */ + r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len); + if (r & 0x80) + goto err; + /* Update copy length */ + cpy_len -= cpy_start - orig_der; + /* For IMPLICIT tagging the length should match the + * original length and constructed flag should be + * consistent. + */ + if (r & 0x1) + { + /* Indefinite length constructed */ + hdr_constructed = 2; + hdr_len = 0; + } + else + /* Just retain constructed flag */ + hdr_constructed = r & V_ASN1_CONSTRUCTED; + /* Work out new length with IMPLICIT tag: ignore constructed + * because it will mess up if indefinite length + */ + len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); + } + else + len = cpy_len; + + /* Work out length in any EXPLICIT, starting from end */ + + for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--) + { + /* Content length: number of content octets + any padding */ + len += etmp->exp_pad; + etmp->exp_len = len; + /* Total object length: length including new header */ + len = ASN1_object_size(0, len, etmp->exp_tag); + } + + /* Allocate buffer for new encoding */ + + new_der = OPENSSL_malloc(len); + + /* Generate tagged encoding */ + + p = new_der; + + /* Output explicit tags first */ + + for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++) + { + ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, + etmp->exp_tag, etmp->exp_class); + if (etmp->exp_pad) + *p++ = 0; + } + + /* If IMPLICIT, output tag */ + + if (asn1_tags.imp_tag != -1) + ASN1_put_object(&p, hdr_constructed, hdr_len, + asn1_tags.imp_tag, asn1_tags.imp_class); + + /* Copy across original encoding */ + memcpy(p, cpy_start, cpy_len); + + cp = new_der; + + /* Obtain new ASN1_TYPE structure */ + ret = d2i_ASN1_TYPE(NULL, &cp, len); + + err: + if (orig_der) + OPENSSL_free(orig_der); + if (new_der) + OPENSSL_free(new_der); + + return ret; + + } + +static int asn1_cb(const char *elem, int len, void *bitstr) + { + tag_exp_arg *arg = bitstr; + int i; + int utype; + int vlen = 0; + const char *p, *vstart = NULL; + + int tmp_tag, tmp_class; + + for(i = 0, p = elem; i < len; p++, i++) + { + /* Look for the ':' in name value pairs */ + if (*p == ':') + { + vstart = p + 1; + vlen = len - (vstart - elem); + len = p - elem; + break; + } + } + + utype = asn1_str2tag(elem, len); + + if (utype == -1) + { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); + ERR_add_error_data(2, "tag=", elem); + return -1; + } + + /* If this is not a modifier mark end of string and exit */ + if (!(utype & ASN1_GEN_FLAG)) + { + arg->utype = utype; + arg->str = vstart; + /* If no value and not end of string, error */ + if (!vstart && elem[len]) + { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); + return -1; + } + return 0; + } + + switch(utype) + { + + case ASN1_GEN_FLAG_IMP: + /* Check for illegal multiple IMPLICIT tagging */ + if (arg->imp_tag != -1) + { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); + return -1; + } + if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) + return -1; + break; + + case ASN1_GEN_FLAG_EXP: + + if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) + return -1; + if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) + return -1; + break; + + case ASN1_GEN_FLAG_SEQWRAP: + if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_SETWRAP: + if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_BITWRAP: + if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_OCTWRAP: + if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_FORMAT: + if (!strncmp(vstart, "ASCII", 5)) + arg->format = ASN1_GEN_FORMAT_ASCII; + else if (!strncmp(vstart, "UTF8", 4)) + arg->format = ASN1_GEN_FORMAT_UTF8; + else if (!strncmp(vstart, "HEX", 3)) + arg->format = ASN1_GEN_FORMAT_HEX; + else if (!strncmp(vstart, "BITLIST", 3)) + arg->format = ASN1_GEN_FORMAT_BITLIST; + else + { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); + return -1; + } + break; + + } + + return 1; + + } + +static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) + { + char erch[2]; + long tag_num; + char *eptr; + if (!vstart) + return 0; + tag_num = strtoul(vstart, &eptr, 10); + /* Check we haven't gone past max length: should be impossible */ + if (eptr && *eptr && (eptr > vstart + vlen)) + return 0; + if (tag_num < 0) + { + ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); + return 0; + } + *ptag = tag_num; + /* If we have non numeric characters, parse them */ + if (eptr) + vlen -= eptr - vstart; + else + vlen = 0; + if (vlen) + { + switch (*eptr) + { + + case 'U': + *pclass = V_ASN1_UNIVERSAL; + break; + + case 'A': + *pclass = V_ASN1_APPLICATION; + break; + + case 'P': + *pclass = V_ASN1_PRIVATE; + break; + + case 'C': + *pclass = V_ASN1_CONTEXT_SPECIFIC; + break; + + default: + erch[0] = *eptr; + erch[1] = 0; + ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); + ERR_add_error_data(2, "Char=", erch); + return 0; + break; + + } + } + else + *pclass = V_ASN1_CONTEXT_SPECIFIC; + + return 1; + + } + +/* Handle multiple types: SET and SEQUENCE */ + +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) + { + ASN1_TYPE *ret = NULL, *typ = NULL; + STACK_OF(ASN1_TYPE) *sk = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + unsigned char *der = NULL, *p; + int derlen; + int i, is_set; + sk = sk_ASN1_TYPE_new_null(); + if (section) + { + if (!cnf) + goto bad; + sect = X509V3_get_section(cnf, (char *)section); + if (!sect) + goto bad; + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) + { + typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); + if (!typ) + goto bad; + sk_ASN1_TYPE_push(sk, typ); + typ = NULL; + } + } + + /* Now we has a STACK of the components, convert to the correct form */ + + if (utype == V_ASN1_SET) + is_set = 1; + else + is_set = 0; + + + derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, + V_ASN1_UNIVERSAL, is_set); + der = OPENSSL_malloc(derlen); + p = der; + i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, + V_ASN1_UNIVERSAL, is_set); + + if (!(ret = ASN1_TYPE_new())) + goto bad; + + if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) + goto bad; + + ret->type = utype; + + ret->value.asn1_string->data = der; + ret->value.asn1_string->length = derlen; + + der = NULL; + + bad: + + if (der) + OPENSSL_free(der); + + if (sk) + sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); + if (typ) + ASN1_TYPE_free(typ); + if (sect) + X509V3_section_free(cnf, sect); + + return ret; + } + +static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok) + { + tag_exp_type *exp_tmp; + /* Can only have IMPLICIT if permitted */ + if ((arg->imp_tag != -1) && !imp_ok) + { + ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); + return 0; + } + + if (arg->exp_count == ASN1_FLAG_EXP_MAX) + { + ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); + return 0; + } + + exp_tmp = &arg->exp_list[arg->exp_count++]; + + /* If IMPLICIT set tag to implicit value then + * reset implicit tag since it has been used. + */ + if (arg->imp_tag != -1) + { + exp_tmp->exp_tag = arg->imp_tag; + exp_tmp->exp_class = arg->imp_class; + arg->imp_tag = -1; + arg->imp_class = -1; + } + else + { + exp_tmp->exp_tag = exp_tag; + exp_tmp->exp_class = exp_class; + } + exp_tmp->exp_constructed = exp_constructed; + exp_tmp->exp_pad = exp_pad; + + return 1; + } + + +static int asn1_str2tag(const char *tagstr, int len) + { + unsigned int i; + static struct tag_name_st *tntmp, tnst [] = { + ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), + ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), + ASN1_GEN_STR("NULL", V_ASN1_NULL), + ASN1_GEN_STR("INT", V_ASN1_INTEGER), + ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), + ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), + ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), + ASN1_GEN_STR("OID", V_ASN1_OBJECT), + ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), + ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), + ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), + ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), + ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), + ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), + ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), + ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), + ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), + ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), + ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), + ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), + ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), + ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), + ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), + ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), + ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), + ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), + ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), + ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), + ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), + ASN1_GEN_STR("T61", V_ASN1_T61STRING), + ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), + ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), + ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), + + /* Special cases */ + ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), + ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), + ASN1_GEN_STR("SET", V_ASN1_SET), + /* type modifiers */ + /* Explicit tag */ + ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), + ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), + /* Implicit tag */ + ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), + ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), + /* OCTET STRING wrapper */ + ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), + /* SEQUENCE wrapper */ + ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), + /* SET wrapper */ + ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), + /* BIT STRING wrapper */ + ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), + ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), + ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), + }; + + if (len == -1) + len = strlen(tagstr); + + tntmp = tnst; + for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) + { + if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) + return tntmp->tag; + } + + return -1; + } + +static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + { + ASN1_TYPE *atmp = NULL; + + CONF_VALUE vtmp; + + unsigned char *rdata; + long rdlen; + + int no_unused = 1; + + if (!(atmp = ASN1_TYPE_new())) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!str) + str = ""; + + switch(utype) + { + + case V_ASN1_NULL: + if (str && *str) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); + goto bad_form; + } + break; + + case V_ASN1_BOOLEAN: + if (format != ASN1_GEN_FORMAT_ASCII) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); + goto bad_form; + } + vtmp.name = NULL; + vtmp.section = NULL; + vtmp.value = (char *)str; + if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); + goto bad_str; + } + break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: + if (format != ASN1_GEN_FORMAT_ASCII) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); + goto bad_form; + } + if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); + goto bad_str; + } + break; + + case V_ASN1_OBJECT: + if (format != ASN1_GEN_FORMAT_ASCII) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); + goto bad_form; + } + if (!(atmp->value.object = OBJ_txt2obj(str, 0))) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); + goto bad_str; + } + break; + + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + if (format != ASN1_GEN_FORMAT_ASCII) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); + goto bad_form; + } + if (!(atmp->value.asn1_string = ASN1_STRING_new())) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + goto bad_str; + } + if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + goto bad_str; + } + atmp->value.asn1_string->type = utype; + if (!ASN1_TIME_check(atmp->value.asn1_string)) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); + goto bad_str; + } + + break; + + case V_ASN1_BMPSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_IA5STRING: + case V_ASN1_T61STRING: + case V_ASN1_UTF8STRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_GENERALSTRING: + + if (format == ASN1_GEN_FORMAT_ASCII) + format = MBSTRING_ASC; + else if (format == ASN1_GEN_FORMAT_UTF8) + format = MBSTRING_UTF8; + else + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); + goto bad_form; + } + + + if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, + -1, format, ASN1_tag2bit(utype)) <= 0) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + goto bad_str; + } + + + break; + + case V_ASN1_BIT_STRING: + + case V_ASN1_OCTET_STRING: + + if (!(atmp->value.asn1_string = ASN1_STRING_new())) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + goto bad_form; + } + + if (format == ASN1_GEN_FORMAT_HEX) + { + + if (!(rdata = string_to_hex((char *)str, &rdlen))) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); + goto bad_str; + } + + atmp->value.asn1_string->data = rdata; + atmp->value.asn1_string->length = rdlen; + atmp->value.asn1_string->type = utype; + + } + else if (format == ASN1_GEN_FORMAT_ASCII) + ASN1_STRING_set(atmp->value.asn1_string, str, -1); + else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING)) + { + if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); + goto bad_str; + } + no_unused = 0; + + } + else + { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); + goto bad_form; + } + + if ((utype == V_ASN1_BIT_STRING) && no_unused) + { + atmp->value.asn1_string->flags + &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + atmp->value.asn1_string->flags + |= ASN1_STRING_FLAG_BITS_LEFT; + } + + + break; + + default: + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); + goto bad_str; + break; + } + + + atmp->type = utype; + return atmp; + + + bad_str: + ERR_add_error_data(2, "string=", str); + bad_form: + + ASN1_TYPE_free(atmp); + return NULL; + + } + +static int bitstr_cb(const char *elem, int len, void *bitstr) + { + long bitnum; + char *eptr; + if (!elem) + return 0; + bitnum = strtoul(elem, &eptr, 10); + if (eptr && *eptr && (eptr != elem + len)) + return 0; + if (bitnum < 0) + { + ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); + return 0; + } + if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) + { + ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; + } + diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c index a74f136..bb94257 100644 --- a/crypto/openssl/crypto/asn1/asn1_lib.c +++ b/crypto/openssl/crypto/asn1/asn1_lib.c @@ -62,11 +62,11 @@ #include #include -static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); +static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max); static void asn1_put_length(unsigned char **pp, int length); const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT; -int ASN1_check_infinite_end(unsigned char **p, long len) +static int _asn1_check_infinite_end(const unsigned char **p, long len) { /* If there is 0 or 1 byte left, the length check should pick * things up */ @@ -80,13 +80,23 @@ int ASN1_check_infinite_end(unsigned char **p, long len) return(0); } +int ASN1_check_infinite_end(unsigned char **p, long len) + { + return _asn1_check_infinite_end((const unsigned char **)p, len); + } -int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, - long omax) +int ASN1_const_check_infinite_end(const unsigned char **p, long len) + { + return _asn1_check_infinite_end(p, len); + } + + +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax) { int i,ret; long l; - unsigned char *p= *pp; + const unsigned char *p= *pp; int tag,xclass,inf; long max=omax; @@ -141,11 +151,11 @@ err: return(0x80); } -static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) +static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) { - unsigned char *p= *pp; + const unsigned char *p= *pp; unsigned long ret=0; - int i; + unsigned int i; if (max-- < 1) return(0); if (*p == 0x80) @@ -205,13 +215,22 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, } p += ttag; } - if ((constructed == 2) && (length == 0)) - *(p++)=0x80; /* der_put_length would output 0 instead */ + if (constructed == 2) + *(p++)=0x80; else asn1_put_length(&p,length); *pp=p; } +int ASN1_put_eoc(unsigned char **pp) + { + unsigned char *p = *pp; + *p++ = 0; + *p++ = 0; + *pp = p; + return 2; + } + static void asn1_put_length(unsigned char **pp, int length) { unsigned char *p= *pp; @@ -249,8 +268,8 @@ int ASN1_object_size(int constructed, int length, int tag) ret++; } } - if ((length == 0) && (constructed == 2)) - ret+=2; + if (constructed == 2) + return ret + 3; ret++; if (length > 127) { @@ -263,11 +282,11 @@ int ASN1_object_size(int constructed, int length, int tag) return(ret); } -int asn1_Finish(ASN1_CTX *c) +static int _asn1_Finish(ASN1_const_CTX *c) { if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) { - if (!ASN1_check_infinite_end(&c->p,c->slen)) + if (!ASN1_const_check_infinite_end(&c->p,c->slen)) { c->error=ERR_R_MISSING_ASN1_EOS; return(0); @@ -282,9 +301,19 @@ int asn1_Finish(ASN1_CTX *c) return(1); } -int asn1_GetSequence(ASN1_CTX *c, long *length) +int asn1_Finish(ASN1_CTX *c) + { + return _asn1_Finish((ASN1_const_CTX *)c); + } + +int asn1_const_Finish(ASN1_const_CTX *c) + { + return _asn1_Finish(c); + } + +int asn1_GetSequence(ASN1_const_CTX *c, long *length) { - unsigned char *q; + const unsigned char *q; q=c->p; c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), @@ -349,6 +378,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) if (str->data == NULL) { + ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE); str->data=c; return(0); } @@ -410,7 +440,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) return(i); } -void asn1_add_error(unsigned char *address, int offset) +void asn1_add_error(const unsigned char *address, int offset) { char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; diff --git a/crypto/openssl/crypto/asn1/asn1_mac.h b/crypto/openssl/crypto/asn1/asn1_mac.h index a48649c..d958ca6 100644 --- a/crypto/openssl/crypto/asn1/asn1_mac.h +++ b/crypto/openssl/crypto/asn1/asn1_mac.h @@ -73,11 +73,11 @@ extern "C" { ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) #define M_ASN1_D2I_vars(a,type,func) \ - ASN1_CTX c; \ + ASN1_const_CTX c; \ type ret=NULL; \ \ - c.pp=(unsigned char **)pp; \ - c.q= *(unsigned char **)pp; \ + c.pp=(const unsigned char **)pp; \ + c.q= *(const unsigned char **)pp; \ c.error=ERR_R_NESTED_ASN1_ERROR; \ if ((a == NULL) || ((*a) == NULL)) \ { if ((ret=(type)func()) == NULL) \ @@ -85,13 +85,13 @@ extern "C" { else ret=(*a); #define M_ASN1_D2I_Init() \ - c.p= *(unsigned char **)pp; \ + c.p= *(const unsigned char **)pp; \ c.max=(length == 0)?0:(c.p+length); #define M_ASN1_D2I_Finish_2(a) \ - if (!asn1_Finish(&c)) \ + if (!asn1_const_Finish(&c)) \ { c.line=__LINE__; goto err; } \ - *(unsigned char **)pp=c.p; \ + *(const unsigned char **)pp=c.p; \ if (a != NULL) (*a)=ret; \ return(ret); @@ -99,7 +99,7 @@ extern "C" { M_ASN1_D2I_Finish_2(a); \ err:\ ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \ + asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ return(NULL) @@ -123,15 +123,22 @@ err:\ #define M_ASN1_D2I_end_sequence() \ (((c.inf&1) == 0)?(c.slen <= 0): \ - (c.eos=ASN1_check_infinite_end(&c.p,c.slen))) + (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) /* Don't use this with d2i_ASN1_BOOLEAN() */ -#define M_ASN1_D2I_get(b,func) \ +#define M_ASN1_D2I_get(b, func) \ c.q=c.p; \ if (func(&(b),&c.p,c.slen) == NULL) \ {c.line=__LINE__; goto err; } \ c.slen-=(c.p-c.q); +/* Don't use this with d2i_ASN1_BOOLEAN() */ +#define M_ASN1_D2I_get_x(type,b,func) \ + c.q=c.p; \ + if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + /* use this instead () */ #define M_ASN1_D2I_get_int(b,func) \ c.q=c.p; \ @@ -278,7 +285,7 @@ err:\ { c.line=__LINE__; goto err; } \ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ + if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ { c.error=ERR_R_MISSING_ASN1_EOS; \ c.line=__LINE__; goto err; } \ }\ @@ -353,8 +360,12 @@ err:\ return(NULL) -#define M_ASN1_next (*c.p) -#define M_ASN1_next_prev (*c.q) +/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, + some macros that use ASN1_const_CTX still insist on writing in the input + stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. + Please? -- Richard Levitte */ +#define M_ASN1_next (*((unsigned char *)(c.p))) +#define M_ASN1_next_prev (*((unsigned char *)(c.q))) /*************************************************/ @@ -551,8 +562,8 @@ err:\ #define M_ASN1_I2D_finish() *pp=p; \ return(r); -int asn1_GetSequence(ASN1_CTX *c, long *length); -void asn1_add_error(unsigned char *address,int offset); +int asn1_GetSequence(ASN1_const_CTX *c, long *length); +void asn1_add_error(const unsigned char *address,int offset); #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c index 676d434..501b62a 100644 --- a/crypto/openssl/crypto/asn1/asn1_par.c +++ b/crypto/openssl/crypto/asn1/asn1_par.c @@ -64,7 +64,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, int indent); -static int asn1_parse2(BIO *bp, unsigned char **pp, long length, +static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, int depth, int indent, int dump); static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, int indent) @@ -88,7 +88,10 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); - else p = ASN1_tag2str(tag); + else if (tag > 30) + BIO_snprintf(str,sizeof str,"",tag); + else + p = ASN1_tag2str(tag); if (p2 != NULL) { @@ -103,20 +106,20 @@ err: return(0); } -int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent) +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) { return(asn1_parse2(bp,&pp,len,0,0,indent,0)); } -int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump) +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) { return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); } -static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, +static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, int depth, int indent, int dump) { - unsigned char *p,*ep,*tot,*op,*opp; + const unsigned char *p,*ep,*tot,*op,*opp; long len; int tag,xclass,ret=0; int nl,hl,j,r; @@ -215,7 +218,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, { if (BIO_write(bp,":",1) <= 0) goto end; if ((len > 0) && - BIO_write(bp,(char *)p,(int)len) + BIO_write(bp,(const char *)p,(int)len) != (int)len) goto end; } @@ -256,9 +259,11 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, opp=op; os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); - if (os != NULL) + if (os != NULL && os->length > 0) { - opp=os->data; + opp = os->data; + /* testing whether the octet string is + * printable */ for (i=0; ilength; i++) { if (( (opp[i] < ' ') && @@ -271,28 +276,47 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, break; } } - if (printable && (os->length > 0)) + if (printable) + /* printable string */ { if (BIO_write(bp,":",1) <= 0) goto end; - if (BIO_write(bp,(char *)opp, + if (BIO_write(bp,(const char *)opp, os->length) <= 0) goto end; } - if (!printable && (os->length > 0) - && dump) + else if (!dump) + /* not printable => print octet string + * as hex dump */ + { + if (BIO_write(bp,"[HEX DUMP]:",11) <= 0) + goto end; + for (i=0; ilength; i++) + { + if (BIO_printf(bp,"%02X" + , opp[i]) <= 0) + goto end; + } + } + else + /* print the normal dump */ { if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } - if (BIO_dump_indent(bp,(char *)opp, - ((dump == -1 || dump > os->length)?os->length:dump), + if (BIO_dump_indent(bp, + (const char *)opp, + ((dump == -1 || dump > + os->length)?os->length:dump), dump_indent) <= 0) goto end; nl=1; } + } + if (os != NULL) + { M_ASN1_OCTET_STRING_free(os); os=NULL; } @@ -368,7 +392,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, if (BIO_write(bp,"\n",1) <= 0) goto end; } - if (BIO_dump_indent(bp,(char *)p, + if (BIO_dump_indent(bp,(const char *)p, ((dump == -1 || dump > len)?len:dump), dump_indent) <= 0) goto end; @@ -398,7 +422,7 @@ end: const char *ASN1_tag2str(int tag) { - const static char *tag2str[] = { + static const char *tag2str[] = { "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ diff --git a/crypto/openssl/crypto/asn1/asn1t.h b/crypto/openssl/crypto/asn1/asn1t.h index ed372f8..cc0cd1c 100644 --- a/crypto/openssl/crypto/asn1/asn1t.h +++ b/crypto/openssl/crypto/asn1/asn1t.h @@ -112,7 +112,7 @@ extern "C" { /* Macros to aid ASN1 template writing */ #define ASN1_ITEM_TEMPLATE(tname) \ - const static ASN1_TEMPLATE tname##_item_tt + static const ASN1_TEMPLATE tname##_item_tt #define ASN1_ITEM_TEMPLATE_END(tname) \ ;\ @@ -150,7 +150,7 @@ extern "C" { */ #define ASN1_SEQUENCE(tname) \ - const static ASN1_TEMPLATE tname##_seq_tt[] + static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) @@ -166,22 +166,37 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +#define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + #define ASN1_SEQUENCE_cb(tname, cb) \ - const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_BROKEN_SEQUENCE(tname) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_ref(tname, cb, lck) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_enc(tname, enc, cb) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ ASN1_SEQUENCE(tname) +#define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) @@ -224,10 +239,10 @@ extern "C" { */ #define ASN1_CHOICE(tname) \ - const static ASN1_TEMPLATE tname##_ch_tt[] + static const ASN1_TEMPLATE tname##_ch_tt[] #define ASN1_CHOICE_cb(tname, cb) \ - const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_CHOICE(tname) #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) @@ -353,16 +368,20 @@ extern "C" { #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + /* Macros for the ASN1_ADB structure */ #define ASN1_ADB(name) \ - const static ASN1_ADB_TABLE name##_adbtbl[] + static const ASN1_ADB_TABLE name##_adbtbl[] #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ;\ - const static ASN1_ADB name##_adb = {\ + static const ASN1_ADB name##_adb = {\ flags,\ offsetof(name, field),\ app_table,\ @@ -376,9 +395,9 @@ extern "C" { #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ;\ - const static ASN1_ITEM *name##_adb(void) \ + static const ASN1_ITEM *name##_adb(void) \ { \ - const static ASN1_ADB internal_adb = \ + static const ASN1_ADB internal_adb = \ {\ flags,\ offsetof(name, field),\ @@ -397,7 +416,7 @@ extern "C" { #define ADB_ENTRY(val, template) {val, template} #define ASN1_ADB_TEMPLATE(name) \ - const static ASN1_TEMPLATE name##_tt + static const ASN1_TEMPLATE name##_tt /* This is the ASN1 template structure that defines * a wrapper round the actual type. It determines the @@ -410,7 +429,7 @@ unsigned long flags; /* Various flags */ long tag; /* tag, not used if no tagging */ unsigned long offset; /* Offset of this field in structure */ #ifndef NO_ASN1_FIELD_NAMES -char *field_name; /* Field name */ +const char *field_name; /* Field name */ #endif ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; @@ -518,6 +537,13 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_COMBINE (0x1<<10) +/* This flag when present in a SEQUENCE OF, SET OF + * or EXPLICIT causes indefinite length constructed + * encoding to be used if required. + */ + +#define ASN1_TFLG_NDEF (0x1<<11) + /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { @@ -570,19 +596,25 @@ const char *sname; /* Structure name */ * has a special meaning, it is used as a mask * of acceptable types using the B_ASN1 constants. * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * */ -#define ASN1_ITYPE_PRIMITIVE 0x0 +#define ASN1_ITYPE_PRIMITIVE 0x0 + +#define ASN1_ITYPE_SEQUENCE 0x1 -#define ASN1_ITYPE_SEQUENCE 0x1 +#define ASN1_ITYPE_CHOICE 0x2 -#define ASN1_ITYPE_CHOICE 0x2 +#define ASN1_ITYPE_COMPAT 0x3 -#define ASN1_ITYPE_COMPAT 0x3 +#define ASN1_ITYPE_EXTERN 0x4 -#define ASN1_ITYPE_EXTERN 0x4 +#define ASN1_ITYPE_MSTRING 0x5 -#define ASN1_ITYPE_MSTRING 0x5 +#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 /* Cache for ASN1 tag and length, so we * don't keep re-reading it for things @@ -602,10 +634,10 @@ struct ASN1_TLC_st{ typedef ASN1_VALUE * ASN1_new_func(void); typedef void ASN1_free_func(ASN1_VALUE *a); -typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length); +typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); -typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); @@ -613,7 +645,7 @@ typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); typedef struct ASN1_COMPAT_FUNCS_st { ASN1_new_func *asn1_new; @@ -743,6 +775,9 @@ typedef struct ASN1_AUX_st { #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ @@ -758,7 +793,7 @@ typedef struct ASN1_AUX_st { IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, unsigned char **in, long len) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ { \ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ } \ @@ -767,13 +802,19 @@ typedef struct ASN1_AUX_st { return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ } +#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. */ #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ } \ int i2d_##fname(const stname *a, unsigned char **out) \ { \ @@ -798,7 +839,6 @@ typedef struct ASN1_AUX_st { DECLARE_ASN1_ITEM(ASN1_BOOLEAN) DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) -DECLARE_ASN1_ITEM(ASN1_ANY) DECLARE_ASN1_ITEM(ASN1_SEQUENCE) DECLARE_ASN1_ITEM(CBIGNUM) DECLARE_ASN1_ITEM(BIGNUM) @@ -815,8 +855,8 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt); -int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, +int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt); +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); @@ -824,7 +864,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); @@ -838,7 +878,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/asn1/asn_moid.c b/crypto/openssl/crypto/asn1/asn_moid.c index edb44c9..72cc121 100644 --- a/crypto/openssl/crypto/asn1/asn_moid.c +++ b/crypto/openssl/crypto/asn1/asn_moid.c @@ -3,7 +3,7 @@ * project 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -57,6 +57,7 @@ */ #include +#include #include #include "cryptlib.h" #include @@ -65,6 +66,8 @@ /* Simple ASN1 OID module: add all objects in a given section */ +static int do_create(char *value, char *name); + static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) { int i; @@ -80,7 +83,7 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { oval = sk_CONF_VALUE_value(sktmp, i); - if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef) + if(!do_create(oval->value, oval->name)) { ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); return 0; @@ -98,3 +101,60 @@ void ASN1_add_oid_module(void) { CONF_module_add("oid_section", oid_module_init, oid_module_finish); } + +/* Create an OID based on a name value pair. Accept two formats. + * shortname = 1.2.3.4 + * shortname = some long name, 1.2.3.4 + */ + + +static int do_create(char *value, char *name) + { + int nid; + ASN1_OBJECT *oid; + char *ln, *ostr, *p, *lntmp; + p = strrchr(value, ','); + if (!p) + { + ln = name; + ostr = value; + } + else + { + ln = NULL; + ostr = p + 1; + if (!*ostr) + return 0; + while(isspace((unsigned char)*ostr)) ostr++; + } + + nid = OBJ_create(ostr, name, ln); + + if (nid == NID_undef) + return 0; + + if (p) + { + ln = value; + while(isspace((unsigned char)*ln)) ln++; + p--; + while(isspace((unsigned char)*p)) + { + if (p == ln) + return 0; + p--; + } + p++; + lntmp = OPENSSL_malloc((p - ln) + 1); + if (lntmp == NULL) + return 0; + memcpy(lntmp, ln, p - ln); + lntmp[p - ln + 1] = 0; + oid = OBJ_nid2obj(nid); + oid->ln = lntmp; + } + + return 1; + } + + diff --git a/crypto/openssl/crypto/asn1/asn_pack.c b/crypto/openssl/crypto/asn1/asn_pack.c index e6051db..e8b671b 100644 --- a/crypto/openssl/crypto/asn1/asn_pack.c +++ b/crypto/openssl/crypto/asn1/asn_pack.c @@ -66,11 +66,11 @@ /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ -STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), - void (*free_func)(void *)) +STACK *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i,void (*free_func)(void *)) { STACK *sk; - unsigned char *pbuf; + const unsigned char *pbuf; pbuf = buf; if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) @@ -82,8 +82,8 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), * OPENSSL_malloc'ed buffer */ -unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, - int *len) +unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, + unsigned char **buf, int *len) { int safelen; unsigned char *safe, *p; @@ -106,9 +106,9 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, /* Extract an ASN1 object from an ASN1_STRING */ -void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)()) +void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i) { - unsigned char *p; + const unsigned char *p; char *ret; p = oct->data; @@ -119,7 +119,7 @@ void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)()) /* Pack an ASN1 object into an ASN1_STRING */ -ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct) +ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) { unsigned char *p; ASN1_STRING *octmp; @@ -155,7 +155,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) if (!oct || !*oct) { if (!(octmp = ASN1_STRING_new ())) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); return NULL; } if (oct) *oct = octmp; @@ -167,11 +167,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) } if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); + ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR); return NULL; } if (!octmp->data) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); return NULL; } return octmp; @@ -181,11 +181,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) { - unsigned char *p; + const unsigned char *p; void *ret; p = oct->data; if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) - ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); + ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR); return ret; } diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c index 2e7d96a..207ccda 100644 --- a/crypto/openssl/crypto/asn1/d2i_pr.c +++ b/crypto/openssl/crypto/asn1/d2i_pr.c @@ -68,8 +68,11 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; @@ -108,6 +111,16 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, } break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, + (const unsigned char **)pp, length)) == NULL) + { + ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); + goto err; + } + break; +#endif default: ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; @@ -122,11 +135,11 @@ err: /* This works like d2i_PrivateKey() except it automatically works out the type */ -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) { STACK_OF(ASN1_TYPE) *inkey; - unsigned char *p; + const unsigned char *p; int keytype; p = *pp; /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): @@ -138,7 +151,10 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, /* Since we only need to discern "traditional format" RSA and DSA * keys we can just count the elements. */ - if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA; + if(sk_ASN1_TYPE_num(inkey) == 6) + keytype = EVP_PKEY_DSA; + else if (sk_ASN1_TYPE_num(inkey) == 4) + keytype = EVP_PKEY_EC; else keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, a, pp, length); diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/openssl/crypto/asn1/d2i_pu.c index 71f2eb3..3694f51 100644 --- a/crypto/openssl/crypto/asn1/d2i_pu.c +++ b/crypto/openssl/crypto/asn1/d2i_pu.c @@ -68,8 +68,11 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif -EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; @@ -100,14 +103,24 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), + (const unsigned char **)pp,length)) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); goto err; } break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!o2i_ECPublicKey(&(ret->pkey.ec), + (const unsigned char **)pp, length)) + { + ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + goto err; + } + break; +#endif default: ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; diff --git a/crypto/openssl/crypto/asn1/evp_asn1.c b/crypto/openssl/crypto/asn1/evp_asn1.c index 3506005..f3d9804 100644 --- a/crypto/openssl/crypto/asn1/evp_asn1.c +++ b/crypto/openssl/crypto/asn1/evp_asn1.c @@ -115,7 +115,11 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, if ((osp=ASN1_STRING_new()) == NULL) return(0); /* Grow the 'string' */ - ASN1_STRING_set(osp,NULL,size); + if (!ASN1_STRING_set(osp,NULL,size)) + { + ASN1_STRING_free(osp); + return(0); + } M_ASN1_STRING_length_set(osp, size); p=M_ASN1_STRING_data(osp); @@ -137,9 +141,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, int ret= -1,n; ASN1_INTEGER *ai=NULL; ASN1_OCTET_STRING *os=NULL; - unsigned char *p; + const unsigned char *p; long length; - ASN1_CTX c; + ASN1_const_CTX c; if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { diff --git a/crypto/openssl/crypto/asn1/i2d_pr.c b/crypto/openssl/crypto/asn1/i2d_pr.c index 1e951ae..0be52c5 100644 --- a/crypto/openssl/crypto/asn1/i2d_pr.c +++ b/crypto/openssl/crypto/asn1/i2d_pr.c @@ -67,6 +67,9 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { @@ -83,6 +86,12 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); } #endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC) + { + return(i2d_ECPrivateKey(a->pkey.ec, pp)); + } +#endif ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return(-1); diff --git a/crypto/openssl/crypto/asn1/i2d_pu.c b/crypto/openssl/crypto/asn1/i2d_pu.c index 013d19b..34286db 100644 --- a/crypto/openssl/crypto/asn1/i2d_pu.c +++ b/crypto/openssl/crypto/asn1/i2d_pu.c @@ -67,6 +67,9 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) { @@ -80,6 +83,10 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) case EVP_PKEY_DSA: return(i2d_DSAPublicKey(a->pkey.dsa,pp)); #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + return(i2o_ECPublicKey(a->pkey.ec, pp)); +#endif default: ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return(-1); diff --git a/crypto/openssl/crypto/asn1/n_pkey.c b/crypto/openssl/crypto/asn1/n_pkey.c index 766b51c..60bc437 100644 --- a/crypto/openssl/crypto/asn1/n_pkey.c +++ b/crypto/openssl/crypto/asn1/n_pkey.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" +#ifndef OPENSSL_NO_RSA #include #include #include @@ -107,14 +107,20 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb)(), int sgckey); + int (*cb)(char *buf, int len, const char *prompt, + int verify), + int sgckey); -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()) +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, + int verify)) { return i2d_RSA_NET(a, pp, cb, 0); } -int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) +int i2d_RSA_NET(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify), + int sgckey) { int i, j, ret = 0; int rsalen, pkeylen, olen; @@ -164,7 +170,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) /* Since its RC4 encrypted length is actual length */ if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); goto err; } @@ -174,13 +180,13 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) if ((zz=OPENSSL_malloc(pkeylen)) == NULL) { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); goto err; } if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); goto err; } enckey->enckey->digest->data = zz; @@ -191,10 +197,10 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) if (cb == NULL) cb=EVP_read_pw_string; - i=cb(buf,256,"Enter Private Key password:",1); + i=cb((char *)buf,256,"Enter Private Key password:",1); if (i != 0) { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ); + ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ); goto err; } i = strlen((char *)buf); @@ -224,12 +230,16 @@ err: } -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()) +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, + int verify)) { return d2i_RSA_NET(a, pp, length, cb, 0); } -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey) +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify), + int sgckey) { RSA *ret=NULL; const unsigned char *p, *kp; @@ -239,20 +249,20 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); if(!enckey) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR); + ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR); return NULL; } if ((enckey->os->length != 11) || (strncmp("private-key", (char *)enckey->os->data,11) != 0)) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING); + ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING); NETSCAPE_ENCRYPTED_PKEY_free(enckey); return NULL; } if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); + ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } kp = enckey->enckey->digest->data; @@ -269,7 +279,8 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in } static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb)(), int sgckey) + int (*cb)(char *buf, int len, const char *prompt, + int verify), int sgckey) { NETSCAPE_PKEY *pkey=NULL; RSA *ret=NULL; @@ -279,10 +290,10 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, unsigned char key[EVP_MAX_KEY_LENGTH]; EVP_CIPHER_CTX ctx; - i=cb(buf,256,"Enter Private Key password:",0); + i=cb((char *)buf,256,"Enter Private Key password:",0); if (i != 0) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ); + ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ); goto err; } @@ -307,14 +318,14 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); + ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); goto err; } zz=pkey->private_key->data; if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); + ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); goto err; } err: diff --git a/crypto/openssl/crypto/asn1/p5_pbe.c b/crypto/openssl/crypto/asn1/p5_pbe.c index 8911506..da91170 100644 --- a/crypto/openssl/crypto/asn1/p5_pbe.c +++ b/crypto/openssl/crypto/asn1/p5_pbe.c @@ -76,47 +76,56 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen) { - PBEPARAM *pbe; + PBEPARAM *pbe=NULL; ASN1_OBJECT *al; X509_ALGOR *algor; - ASN1_TYPE *astype; + ASN1_TYPE *astype=NULL; if (!(pbe = PBEPARAM_new ())) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; } if(iter <= 0) iter = PKCS5_DEFAULT_ITER; - ASN1_INTEGER_set (pbe->iter, iter); + if (!ASN1_INTEGER_set(pbe->iter, iter)) { + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; + } if (!saltlen) saltlen = PKCS5_SALT_LEN; if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; } pbe->salt->length = saltlen; if (salt) memcpy (pbe->salt->data, salt, saltlen); else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) - return NULL; + goto err; if (!(astype = ASN1_TYPE_new())) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; } astype->type = V_ASN1_SEQUENCE; - if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, + &astype->value.sequence)) { + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; } PBEPARAM_free (pbe); + pbe = NULL; al = OBJ_nid2obj(alg); /* never need to free al */ if (!(algor = X509_ALGOR_new())) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; } ASN1_OBJECT_free(algor->algorithm); algor->algorithm = al; algor->parameter = astype; return (algor); +err: + if (pbe != NULL) PBEPARAM_free(pbe); + if (astype != NULL) ASN1_TYPE_free(astype); + return NULL; } diff --git a/crypto/openssl/crypto/asn1/p5_pbev2.c b/crypto/openssl/crypto/asn1/p5_pbev2.c index e0dc0ec..c834a38 100644 --- a/crypto/openssl/crypto/asn1/p5_pbev2.c +++ b/crypto/openssl/crypto/asn1/p5_pbev2.c @@ -115,7 +115,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, /* Create random IV */ if (EVP_CIPHER_iv_length(cipher) && RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) - goto err; + goto err; EVP_CIPHER_CTX_init(&ctx); @@ -164,7 +164,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; - if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM, + if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, &pbe2->keyfunc->parameter->value.sequence)) goto merr; pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; @@ -180,7 +180,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, /* Encode PBE2PARAM into parameter */ - if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM, + if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, &ret->parameter->value.sequence)) goto merr; ret->parameter->type = V_ASN1_SEQUENCE; diff --git a/crypto/openssl/crypto/asn1/t_bitst.c b/crypto/openssl/crypto/asn1/t_bitst.c index 8ee789f..397332d 100644 --- a/crypto/openssl/crypto/asn1/t_bitst.c +++ b/crypto/openssl/crypto/asn1/t_bitst.c @@ -84,7 +84,10 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, int bitnum; bitnum = ASN1_BIT_STRING_num_asc(name, tbl); if(bitnum < 0) return 0; - if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value); + if(bs) { + if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) + return 0; + } return 1; } diff --git a/crypto/openssl/crypto/asn1/t_crl.c b/crypto/openssl/crypto/asn1/t_crl.c index 757c148..929b3e5 100644 --- a/crypto/openssl/crypto/asn1/t_crl.c +++ b/crypto/openssl/crypto/asn1/t_crl.c @@ -72,7 +72,7 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); + X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -121,7 +121,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) r = sk_X509_REVOKED_value(rev, i); BIO_printf(out," Serial Number: "); i2a_ASN1_INTEGER(out,r->serialNumber); - BIO_printf(out,"\n Revocation Date: ",""); + BIO_printf(out,"\n Revocation Date: "); ASN1_TIME_print(out,r->revocationDate); BIO_printf(out,"\n"); X509V3_extensions_print(out, "CRL entry extensions", diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/openssl/crypto/asn1/t_pkey.c index d15006e..afb95d6 100644 --- a/crypto/openssl/crypto/asn1/t_pkey.c +++ b/crypto/openssl/crypto/asn1/t_pkey.c @@ -55,9 +55,15 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include #include "cryptlib.h" +#include #include #include #ifndef OPENSSL_NO_RSA @@ -69,26 +75,33 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif -static int print(BIO *fp,const char *str,BIGNUM *num, +static int print(BIO *fp,const char *str, const BIGNUM *num, unsigned char *buf,int off); +#ifndef OPENSSL_NO_EC +static int print_bin(BIO *fp, const char *str, const unsigned char *num, + size_t len, int off); +#endif #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_FP_API int RSA_print_fp(FILE *fp, const RSA *x, int off) - { - BIO *b; - int ret; + { + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) + if ((b=BIO_new(BIO_s_file())) == NULL) { RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); + return(0); } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=RSA_print(b,x,off); - BIO_free(b); - return(ret); - } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=RSA_print(b,x,off); + BIO_free(b); + return(ret); + } #endif int RSA_print(BIO *bp, const RSA *x, int off) @@ -96,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off) char str[128]; const char *s; unsigned char *m=NULL; - int ret=0; + int ret=0, mod_len = 0; size_t buf_len=0, i; if (x->n) @@ -130,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off) goto err; } + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + if (x->d != NULL) { if(!BIO_indent(bp,off,128)) goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) + if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) <= 0) goto err; } if (x->d == NULL) - BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); + BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); else BUF_strlcpy(str,"modulus:",sizeof str); if (!print(bp,str,x->n,m,off)) goto err; s=(x->d == NULL)?"Exponent:":"publicExponent:"; - if (!print(bp,s,x->e,m,off)) goto err; - if (!print(bp,"privateExponent:",x->d,m,off)) goto err; - if (!print(bp,"prime1:",x->p,m,off)) goto err; - if (!print(bp,"prime2:",x->q,m,off)) goto err; - if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err; - if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err; - if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err; + if ((x->e != NULL) && !print(bp,s,x->e,m,off)) + goto err; + if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) + goto err; + if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) + goto err; + if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) + goto err; + if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) + goto err; + if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) + goto err; + if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) + goto err; ret=1; err: if (m != NULL) OPENSSL_free(m); @@ -185,6 +208,11 @@ int DSA_print(BIO *bp, const DSA *x, int off) if (x->p) buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; @@ -227,16 +255,334 @@ err: } #endif /* !OPENSSL_NO_DSA */ -static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECPKParameters_print(b, x, off); + BIO_free(b); + return(ret); + } + +int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = EC_KEY_print(b, x, off); + BIO_free(b); + return(ret); + } +#endif + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) + { + unsigned char *buffer=NULL; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BN_CTX *ctx=NULL; + const EC_POINT *point=NULL; + BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, + *order=NULL, *cofactor=NULL; + const unsigned char *seed; + size_t seed_len=0; + + static const char *gen_compressed = "Generator (compressed):"; + static const char *gen_uncompressed = "Generator (uncompressed):"; + static const char *gen_hybrid = "Generator (hybrid):"; + + if (!x) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + if (EC_GROUP_get_asn1_flag(x)) + { + /* the curve parameter are given by an asn1 OID */ + int nid; + + if (!BIO_indent(bp, off, 128)) + goto err; + + nid = EC_GROUP_get_curve_name(x); + if (nid == 0) + goto err; + + if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) + goto err; + if (BIO_printf(bp, "\n") <= 0) + goto err; + } + else + { + /* explicit parameters */ + int is_char_two = 0; + point_conversion_form_t form; + int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); + + if (tmp_nid == NID_X9_62_characteristic_two_field) + is_char_two = 1; + + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || + (b = BN_new()) == NULL || (order = BN_new()) == NULL || + (cofactor = BN_new()) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (is_char_two) + { + if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + else /* prime field */ + { + if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + + if ((point = EC_GROUP_get0_generator(x)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + if (!EC_GROUP_get_order(x, order, NULL) || + !EC_GROUP_get_cofactor(x, cofactor, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + + form = EC_GROUP_get_point_conversion_form(x); + + if ((gen = EC_POINT_point2bn(x, point, + form, NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + + buf_len = (size_t)BN_num_bytes(p); + if (buf_len < (i = (size_t)BN_num_bytes(a))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(b))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(gen))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(order))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) + buf_len = i; + + if ((seed = EC_GROUP_get0_seed(x)) != NULL) + seed_len = EC_GROUP_get_seed_len(x); + + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (!BIO_indent(bp, off, 128)) + goto err; + + /* print the 'short name' of the field type */ + if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) + <= 0) + goto err; + + if (is_char_two) + { + /* print the 'short name' of the base type OID */ + int basis_type = EC_GROUP_get_basis_type(x); + if (basis_type == 0) + goto err; + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (BIO_printf(bp, "Basis Type: %s\n", + OBJ_nid2sn(basis_type)) <= 0) + goto err; + + /* print the polynomial */ + if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, + off)) + goto err; + } + else + { + if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) + goto err; + } + if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) + goto err; + if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) + goto err; + if (form == POINT_CONVERSION_COMPRESSED) + { + if ((gen != NULL) && !print(bp, gen_compressed, gen, + buffer, off)) + goto err; + } + else if (form == POINT_CONVERSION_UNCOMPRESSED) + { + if ((gen != NULL) && !print(bp, gen_uncompressed, gen, + buffer, off)) + goto err; + } + else /* form == POINT_CONVERSION_HYBRID */ + { + if ((gen != NULL) && !print(bp, gen_hybrid, gen, + buffer, off)) + goto err; + } + if ((order != NULL) && !print(bp, "Order: ", order, + buffer, off)) goto err; + if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, + buffer, off)) goto err; + if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) + goto err; + } + ret=1; +err: + if (!ret) + ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); + if (p) + BN_free(p); + if (a) + BN_free(a); + if (b) + BN_free(b); + if (gen) + BN_free(gen); + if (order) + BN_free(order); + if (cofactor) + BN_free(cofactor); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } + +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) + { + unsigned char *buffer=NULL; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BIGNUM *pub_key=NULL, *order=NULL; + BN_CTX *ctx=NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + const BIGNUM *priv_key; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + public_key = EC_KEY_get0_public_key(x); + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + + buf_len = (size_t)BN_num_bytes(pub_key); + priv_key = EC_KEY_get0_private_key(x); + if (priv_key != NULL) + { + if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) + buf_len = i; + } + + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (priv_key != NULL) + { + if (!BIO_indent(bp, off, 128)) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + if (BIO_printf(bp, "Private-Key: (%d bit)\n", + BN_num_bits(order)) <= 0) goto err; + } + + if ((priv_key != NULL) && !print(bp, "priv:", priv_key, + buffer, off)) + goto err; + if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, + buffer, off)) + goto err; + if (!ECPKParameters_print(bp, group, off)) + goto err; + ret=1; +err: + if (!ret) + ECerr(EC_F_EC_KEY_PRINT, reason); + if (pub_key) + BN_free(pub_key); + if (order) + BN_free(order); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } +#endif /* OPENSSL_NO_EC */ + +static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, int off) { int n,i; const char *neg; if (num == NULL) return(1); - neg=(num->neg)?"-":""; + neg = (BN_is_negative(num))?"-":""; if(!BIO_indent(bp,off,128)) return 0; + if (BN_is_zero(num)) + { + if (BIO_printf(bp, "%s 0\n", number) <= 0) + return 0; + return 1; + } if (BN_num_bytes(num) <= BN_BYTES) { @@ -272,23 +618,63 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, return(1); } +#ifndef OPENSSL_NO_EC +static int print_bin(BIO *fp, const char *name, const unsigned char *buf, + size_t len, int off) + { + size_t i; + char str[128]; + + if (buf == NULL) + return 1; + if (off) + { + if (off > 128) + off=128; + memset(str,' ',off); + if (BIO_write(fp, str, off) <= 0) + return 0; + } + + if (BIO_printf(fp,"%s", name) <= 0) + return 0; + + for (i=0; ip) buf_len = (size_t)BN_num_bytes(x->p); + else + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } if (x->g) if (buf_len < (i = (size_t)BN_num_bytes(x->g))) buf_len = i; @@ -333,30 +724,35 @@ err: #ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_FP_API int DSAparams_print_fp(FILE *fp, const DSA *x) - { - BIO *b; - int ret; + { + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) + if ((b=BIO_new(BIO_s_file())) == NULL) { DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); + return(0); } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSAparams_print(b, x); - BIO_free(b); - return(ret); - } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSAparams_print(b, x); + BIO_free(b); + return(ret); + } #endif int DSAparams_print(BIO *bp, const DSA *x) { unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,ret=0; + int ret=0; size_t buf_len=0,i; if (x->p) buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; @@ -366,7 +762,7 @@ int DSAparams_print(BIO *bp, const DSA *x) m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { - reason=ERR_R_MALLOC_FAILURE; + DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); goto err; } @@ -374,14 +770,70 @@ int DSAparams_print(BIO *bp, const DSA *x) BN_num_bits(x->p)) <= 0) goto err; if (!print(bp,"p:",x->p,m,4)) goto err; - if (!print(bp,"q:",x->q,m,4)) goto err; - if (!print(bp,"g:",x->g,m,4)) goto err; + if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; + if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; ret=1; err: if (m != NULL) OPENSSL_free(m); - DSAerr(DSA_F_DSAPARAMS_PRINT,reason); return(ret); } #endif /* !OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_FP_API +int ECParameters_print_fp(FILE *fp, const EC_KEY *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECParameters_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int ECParameters_print(BIO *bp, const EC_KEY *x) + { + int reason=ERR_R_EC_LIB, ret=0; + BIGNUM *order=NULL; + const EC_GROUP *group; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) + { + reason = ERR_R_PASSED_NULL_PARAMETER;; + goto err; + } + + if ((order = BN_new()) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (!EC_GROUP_get_order(group, order, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + + if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", + BN_num_bits(order)) <= 0) + goto err; + if (!ECPKParameters_print(bp, group, 4)) + goto err; + ret=1; +err: + if (order) + BN_free(order); + ECerr(EC_F_ECPARAMETERS_PRINT, reason); + return(ret); + } + +#endif diff --git a/crypto/openssl/crypto/asn1/t_req.c b/crypto/openssl/crypto/asn1/t_req.c index 740cee8..c779a9b 100644 --- a/crypto/openssl/crypto/asn1/t_req.c +++ b/crypto/openssl/crypto/asn1/t_req.c @@ -63,6 +63,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_FP_API int X509_REQ_print_fp(FILE *fp, X509_REQ *x) @@ -160,6 +166,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long } else #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + BIO_printf(bp, "%12sEC Public Key: \n",""); + EC_KEY_print(bp, pkey->pkey.ec, 16); + } + else +#endif BIO_printf(bp,"%12sUnknown Public Key:\n",""); EVP_PKEY_free(pkey); @@ -246,7 +260,7 @@ get_next: obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) goto err; if(!X509V3_EXT_print(bp, ex, 0, 16)) { @@ -266,7 +280,7 @@ get_next: return(1); err: - X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); + X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB); return(0); } diff --git a/crypto/openssl/crypto/asn1/t_spki.c b/crypto/openssl/crypto/asn1/t_spki.c index 5abfbc8..c2a5797 100644 --- a/crypto/openssl/crypto/asn1/t_spki.c +++ b/crypto/openssl/crypto/asn1/t_spki.c @@ -60,6 +60,13 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#include /* Print out an SPKI */ @@ -93,6 +100,15 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) } else #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + BIO_printf(out, " EC Public Key:\n"); + EC_KEY_print(out, pkey->pkey.ec,2); + } + else +#endif + BIO_printf(out," Unknown Public Key:\n"); EVP_PKEY_free(pkey); } diff --git a/crypto/openssl/crypto/asn1/t_x509.c b/crypto/openssl/crypto/asn1/t_x509.c index d1034c4..61f48d1 100644 --- a/crypto/openssl/crypto/asn1/t_x509.c +++ b/crypto/openssl/crypto/asn1/t_x509.c @@ -66,6 +66,9 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif #include #include #include @@ -83,7 +86,7 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla if ((b=BIO_new(BIO_s_file())) == NULL) { - X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); + X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -229,6 +232,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) } else #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + BIO_printf(bp, "%12sEC Public Key:\n",""); + EC_KEY_print(bp, pkey->pkey.ec, 16); + } + else +#endif BIO_printf(bp,"%12sUnknown Public Key:\n",""); EVP_PKEY_free(pkey); diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c index 2426cb6..f8b27cf 100644 --- a/crypto/openssl/crypto/asn1/tasn_dec.c +++ b/crypto/openssl/crypto/asn1/tasn_dec.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,23 +65,40 @@ #include #include -static int asn1_check_eoc(unsigned char **in, long len); -static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass); -static int collect_data(BUF_MEM *buf, unsigned char **p, long plen); -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, - unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx); -static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx); -static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx); -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); +static int asn1_check_eoc(const unsigned char **in, long len); +static int asn1_find_end(const unsigned char **in, long len, char inf); + +static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, + char inf, int tag, int aclass); + +static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); + +static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, + char *inf, char *cst, + const unsigned char **in, long len, + int exptag, int expclass, char opt, + ASN1_TLC *ctx); + +static int asn1_template_ex_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx); +static int asn1_template_noexp_d2i(ASN1_VALUE **val, + const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx); +static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); /* Table to convert tags to bit values, used for MSTRING type */ -static unsigned long tag2bit[32]={ +static unsigned long tag2bit[32] = { 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ -0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ +B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ @@ -89,14 +106,14 @@ B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 2 }; unsigned long ASN1_tag2bit(int tag) -{ - if((tag < 0) || (tag > 30)) return 0; + { + if ((tag < 0) || (tag > 30)) return 0; return tag2bit[tag]; -} + } /* Macro to initialize and invalidate the cache */ -#define asn1_tlc_clear(c) if(c) (c)->valid = 0 +#define asn1_tlc_clear(c) if (c) (c)->valid = 0 /* Decode an ASN1 item, this currently behaves just * like a standard 'd2i' function. 'in' points to @@ -106,113 +123,147 @@ unsigned long ASN1_tag2bit(int tag) * case. */ -ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it) -{ +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, const ASN1_ITEM *it) + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if(!pval) pval = &ptmpval; + if (!pval) + pval = &ptmpval; asn1_tlc_clear(&c); - if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) return *pval; return NULL; -} + } -int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt) -{ +int ASN1_template_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, const ASN1_TEMPLATE *tt) + { ASN1_TLC c; asn1_tlc_clear(&c); return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); -} + } /* Decode an item, taking care of IMPLICIT tagging, if any. * If 'opt' set and tag mismatch return -1 to handle OPTIONAL */ -int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) -{ +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) + { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; - unsigned char *p, *q, imphack = 0, oclass; + const unsigned char *p = NULL, *q; + unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ + unsigned char imphack = 0, oclass; char seq_eoc, seq_nolen, cst, isopt; long tmplen; int i; int otag; int ret = 0; ASN1_VALUE *pchval, **pchptr, *ptmpval; - if(!pval) return 0; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; + if (!pval) + return 0; + if (aux && aux->asn1_cb) + asn1_cb = aux->asn1_cb; else asn1_cb = 0; - switch(it->itype) { - + switch(it->itype) + { case ASN1_ITYPE_PRIMITIVE: - if(it->templates) { - /* tagging or OPTIONAL is currently illegal on an item template - * because the flags can't get passed down. In practice this isn't - * a problem: we include the relevant flags from the item template - * in the template itself. + if (it->templates) + { + /* tagging or OPTIONAL is currently illegal on an item + * template because the flags can't get passed down. + * In practice this isn't a problem: we include the + * relevant flags from the item template in the + * template itself. */ - if ((tag != -1) || opt) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + if ((tag != -1) || opt) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); goto err; - } - return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx); + } + return asn1_template_ex_d2i(pval, in, len, + it->templates, opt, ctx); } - return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); + return asn1_d2i_ex_primitive(pval, in, len, it, + tag, aclass, opt, ctx); break; case ASN1_ITYPE_MSTRING: p = *in; /* Just read in tag and class */ - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, + &p, len, -1, 0, 1, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; - } + } + /* Must be UNIVERSAL class */ - if(oclass != V_ASN1_UNIVERSAL) { + if (oclass != V_ASN1_UNIVERSAL) + { /* If OPTIONAL, assume this is OK */ - if(opt) return -1; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); + if (opt) return -1; + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_MSTRING_NOT_UNIVERSAL); goto err; - } + } /* Check tag matches bit map */ - if(!(ASN1_tag2bit(otag) & it->utype)) { + if (!(ASN1_tag2bit(otag) & it->utype)) + { /* If OPTIONAL, assume this is OK */ - if(opt) return -1; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); + if (opt) + return -1; + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_MSTRING_WRONG_TAG); goto err; - } - return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); + } + return asn1_d2i_ex_primitive(pval, in, len, + it, otag, 0, 0, ctx); case ASN1_ITYPE_EXTERN: /* Use new style d2i */ ef = it->funcs; - return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); + return ef->asn1_ex_d2i(pval, in, len, + it, tag, aclass, opt, ctx); case ASN1_ITYPE_COMPAT: /* we must resort to old style evil hackery */ cf = it->funcs; /* If OPTIONAL see if it is there */ - if(opt) { + if (opt) + { int exptag; p = *in; - if(tag == -1) exptag = it->utype; + if (tag == -1) + exptag = it->utype; else exptag = tag; - /* Don't care about anything other than presence of expected tag */ - ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + /* Don't care about anything other than presence + * of expected tag */ + + ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, + &p, len, exptag, aclass, 1, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; + } + if (ret == -1) + return -1; } - if(ret == -1) return -1; - } + /* This is the old style evil hack IMPLICIT handling: * since the underlying code is expecting a tag and * class other than the one present we change the @@ -228,245 +279,332 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1 * buffer. */ - if(tag != -1) { - p = *in; - imphack = *p; - *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype); - } + if (tag != -1) + { + wp = *(unsigned char **)in; + imphack = *wp; + if (p == NULL) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); + goto err; + } + *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) + | it->utype); + } ptmpval = cf->asn1_d2i(pval, in, len); - if(tag != -1) *p = imphack; + if (tag != -1) + *wp = imphack; + + if (ptmpval) + return 1; - if(ptmpval) return 1; ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; case ASN1_ITYPE_CHOICE: - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) goto auxerr; /* Allocate structure */ - if(!*pval) { - if(!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; + if (!*pval && !ASN1_item_ex_new(pval, it)) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); + goto err; } - } /* CHOICE type, try each possibility in turn */ pchval = NULL; p = *in; - for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) { + for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) + { pchptr = asn1_get_field_ptr(pval, tt); /* We mark field as OPTIONAL so its absence * can be recognised. */ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); /* If field not present, try the next one */ - if(ret == -1) continue; + if (ret == -1) + continue; /* If positive return, read OK, break loop */ - if(ret > 0) break; + if (ret > 0) + break; /* Otherwise must be an ASN1 parsing error */ errtt = tt; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; - } + } + /* Did we fall off the end without reading anything? */ - if(i == it->tcount) { + if (i == it->tcount) + { /* If OPTIONAL, this is OK */ - if(opt) { + if (opt) + { /* Free and zero it */ ASN1_item_ex_free(pval, it); return -1; - } - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); + } + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_NO_MATCHING_CHOICE_TYPE); goto err; - } + } + asn1_set_choice_selector(pval, i, it); *in = p; - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) goto auxerr; return 1; + case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: p = *in; tmplen = len; /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if(tag == -1) { + if (tag == -1) + { tag = V_ASN1_SEQUENCE; aclass = V_ASN1_UNIVERSAL; - } + } /* Get SEQUENCE length and update len, p */ - ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, + &p, len, tag, aclass, opt, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; - } else if(ret == -1) return -1; - if(aux && (aux->flags & ASN1_AFLG_BROKEN)) { + } + else if (ret == -1) + return -1; + if (aux && (aux->flags & ASN1_AFLG_BROKEN)) + { len = tmplen - (p - *in); seq_nolen = 1; - } else seq_nolen = seq_eoc; /* If indefinite we don't do a length check */ - if(!cst) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + } + /* If indefinite we don't do a length check */ + else seq_nolen = seq_eoc; + if (!cst) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_SEQUENCE_NOT_CONSTRUCTED); goto err; - } + } - if(!*pval) { - if(!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; + if (!*pval && !ASN1_item_ex_new(pval, it)) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); + goto err; } - } - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) + + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) goto auxerr; /* Get each field entry */ - for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) + { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) goto err; + if (!seqtt) + goto err; pseqval = asn1_get_field_ptr(pval, seqtt); /* Have we ran out of data? */ - if(!len) break; + if (!len) + break; q = p; - if(asn1_check_eoc(&p, len)) { - if(!seq_eoc) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); + if (asn1_check_eoc(&p, len)) + { + if (!seq_eoc) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_UNEXPECTED_EOC); goto err; - } + } len -= p - q; seq_eoc = 0; q = p; break; - } - /* This determines the OPTIONAL flag value. The field cannot - * be omitted if it is the last of a SEQUENCE and there is - * still data to be read. This isn't strictly necessary but - * it increases efficiency in some cases. + } + /* This determines the OPTIONAL flag value. The field + * cannot be omitted if it is the last of a SEQUENCE + * and there is still data to be read. This isn't + * strictly necessary but it increases efficiency in + * some cases. */ - if(i == (it->tcount - 1)) isopt = 0; + if (i == (it->tcount - 1)) + isopt = 0; else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); - /* attempt to read in field, allowing each to be OPTIONAL */ - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); - if(!ret) { + /* attempt to read in field, allowing each to be + * OPTIONAL */ + + ret = asn1_template_ex_d2i(pseqval, &p, len, + seqtt, isopt, ctx); + if (!ret) + { errtt = seqtt; goto err; - } else if(ret == -1) { - /* OPTIONAL component absent. Free and zero the field + } + else if (ret == -1) + { + /* OPTIONAL component absent. + * Free and zero the field. */ ASN1_template_free(pseqval, seqtt); continue; - } + } /* Update length */ len -= p - q; - } + } + /* Check for EOC if expecting one */ - if(seq_eoc && !asn1_check_eoc(&p, len)) { + if (seq_eoc && !asn1_check_eoc(&p, len)) + { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); goto err; - } + } /* Check all data read */ - if(!seq_nolen && len) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); + if (!seq_nolen && len) + { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_SEQUENCE_LENGTH_MISMATCH); goto err; - } + } /* If we get here we've got no more data in the SEQUENCE, * however we may not have read all fields so check all * remaining are OPTIONAL and clear any that are. */ - for(; i < it->tcount; tt++, i++) { + for (; i < it->tcount; tt++, i++) + { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) goto err; - if(seqtt->flags & ASN1_TFLG_OPTIONAL) { + if (!seqtt) + goto err; + if (seqtt->flags & ASN1_TFLG_OPTIONAL) + { ASN1_VALUE **pseqval; pseqval = asn1_get_field_ptr(pval, seqtt); ASN1_template_free(pseqval, seqtt); - } else { + } + else + { errtt = seqtt; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_FIELD_MISSING); goto err; + } } - } /* Save encoding */ - if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; + if (!asn1_enc_save(pval, *in, p - *in, it)) + goto auxerr; *in = p; - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) goto auxerr; return 1; default: return 0; - } + } auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: ASN1_item_ex_free(pval, it); - if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); - else ERR_add_error_data(2, "Type=", it->sname); + if (errtt) + ERR_add_error_data(4, "Field=", errtt->field_name, + ", Type=", it->sname); + else + ERR_add_error_data(2, "Type=", it->sname); return 0; -} + } -/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the - * rest. +/* Templates are handled with two separate functions. + * One handles any EXPLICIT tag and the other handles the rest. */ -static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx) -{ +static int asn1_template_ex_d2i(ASN1_VALUE **val, + const unsigned char **in, long inlen, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx) + { int flags, aclass; int ret; long len; - unsigned char *p, *q; + const unsigned char *p, *q; char exp_eoc; - if(!val) return 0; + if (!val) + return 0; flags = tt->flags; aclass = flags & ASN1_TFLG_TAG_CLASS; p = *in; /* Check if EXPLICIT tag expected */ - if(flags & ASN1_TFLG_EXPTAG) { + if (flags & ASN1_TFLG_EXPTAG) + { char cst; - /* Need to work out amount of data available to the inner content and where it - * starts: so read in EXPLICIT header to get the info. + /* Need to work out amount of data available to the inner + * content and where it starts: so read in EXPLICIT header to + * get the info. */ - ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx); + ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, + &p, inlen, tt->tag, aclass, opt, ctx); q = p; - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + if (!ret) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); return 0; - } else if(ret == -1) return -1; - if(!cst) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); + } + else if (ret == -1) + return -1; + if (!cst) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, + ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); return 0; - } + } /* We've found the field so it can't be OPTIONAL now */ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + if (!ret) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); return 0; - } + } /* We read the field in OK so update length */ len -= p - q; - if(exp_eoc) { + if (exp_eoc) + { /* If NDEF we must have an EOC here */ - if(!asn1_check_eoc(&p, len)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC); + if (!asn1_check_eoc(&p, len)) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, + ASN1_R_MISSING_EOC); goto err; + } } - } else { - /* Otherwise we must hit the EXPLICIT tag end or its an error */ - if(len) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH); + else + { + /* Otherwise we must hit the EXPLICIT tag end or its + * an error */ + if (len) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, + ASN1_R_EXPLICIT_LENGTH_MISMATCH); goto err; + } } } - } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); + else + return asn1_template_noexp_d2i(val, in, inlen, + tt, opt, ctx); *in = p; return 1; @@ -475,98 +613,145 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen ASN1_template_free(val, tt); *val = NULL; return 0; -} + } -static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx) -{ +static int asn1_template_noexp_d2i(ASN1_VALUE **val, + const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx) + { int flags, aclass; int ret; - unsigned char *p, *q; - if(!val) return 0; + const unsigned char *p, *q; + if (!val) + return 0; flags = tt->flags; aclass = flags & ASN1_TFLG_TAG_CLASS; p = *in; q = p; - if(flags & ASN1_TFLG_SK_MASK) { + if (flags & ASN1_TFLG_SK_MASK) + { /* SET OF, SEQUENCE OF */ int sktag, skaclass; char sk_eoc; /* First work out expected inner tag value */ - if(flags & ASN1_TFLG_IMPTAG) { + if (flags & ASN1_TFLG_IMPTAG) + { sktag = tt->tag; skaclass = aclass; - } else { + } + else + { skaclass = V_ASN1_UNIVERSAL; - if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET; - else sktag = V_ASN1_SEQUENCE; - } + if (flags & ASN1_TFLG_SET_OF) + sktag = V_ASN1_SET; + else + sktag = V_ASN1_SEQUENCE; + } /* Get the tag */ - ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, + &p, len, sktag, skaclass, opt, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_NESTED_ASN1_ERROR); return 0; - } else if(ret == -1) return -1; - if(!*val) *val = (ASN1_VALUE *)sk_new_null(); - else { + } + else if (ret == -1) + return -1; + if (!*val) + *val = (ASN1_VALUE *)sk_new_null(); + else + { /* We've got a valid STACK: free up any items present */ STACK *sktmp = (STACK *)*val; ASN1_VALUE *vtmp; - while(sk_num(sktmp) > 0) { + while(sk_num(sktmp) > 0) + { vtmp = (ASN1_VALUE *)sk_pop(sktmp); - ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); + ASN1_item_ex_free(&vtmp, + ASN1_ITEM_ptr(tt->item)); + } } - } - if(!*val) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE); + if (!*val) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_MALLOC_FAILURE); goto err; - } + } + /* Read as many items as we can */ - while(len > 0) { + while(len > 0) + { ASN1_VALUE *skfield; q = p; /* See if EOC found */ - if(asn1_check_eoc(&p, len)) { - if(!sk_eoc) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC); + if (asn1_check_eoc(&p, len)) + { + if (!sk_eoc) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ASN1_R_UNEXPECTED_EOC); goto err; - } + } len -= p - q; sk_eoc = 0; break; - } + } skfield = NULL; - if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); + if (!ASN1_item_ex_d2i(&skfield, &p, len, + ASN1_ITEM_ptr(tt->item), + -1, 0, 0, ctx)) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; - } + } len -= p - q; - if(!sk_push((STACK *)*val, (char *)skfield)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE); + if (!sk_push((STACK *)*val, (char *)skfield)) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_MALLOC_FAILURE); goto err; + } } - } - if(sk_eoc) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC); + if (sk_eoc) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); goto err; + } } - } else if(flags & ASN1_TFLG_IMPTAG) { + else if (flags & ASN1_TFLG_IMPTAG) + { /* IMPLICIT tagging */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = ASN1_item_ex_d2i(val, &p, len, + ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; - } else if(ret == -1) return -1; - } else { + } + else if (ret == -1) + return -1; + } + else + { /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), + -1, 0, opt, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_NESTED_ASN1_ERROR); goto err; - } else if(ret == -1) return -1; - } + } + else if (ret == -1) + return -1; + } *in = p; return 1; @@ -575,83 +760,114 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le ASN1_template_free(val, tt); *val = NULL; return 0; -} + } -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) -{ +static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, + const unsigned char **in, long inlen, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) + { int ret = 0, utype; long plen; char cst, inf, free_cont = 0; - unsigned char *p; + const unsigned char *p; BUF_MEM buf; - unsigned char *cont = NULL; + const unsigned char *cont = NULL; long len; - if(!pval) { + if (!pval) + { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); return 0; /* Should never happen */ - } + } - if(it->itype == ASN1_ITYPE_MSTRING) { + if (it->itype == ASN1_ITYPE_MSTRING) + { utype = tag; tag = -1; - } else utype = it->utype; + } + else + utype = it->utype; - if(utype == V_ASN1_ANY) { + if (utype == V_ASN1_ANY) + { /* If type is ANY need to figure out type from tag */ unsigned char oclass; - if(tag >= 0) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); + if (tag >= 0) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ASN1_R_ILLEGAL_TAGGED_ANY); return 0; - } - if(opt) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY); + } + if (opt) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ASN1_R_ILLEGAL_OPTIONAL_ANY); return 0; - } + } p = *in; - ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, + &p, inlen, -1, 0, 0, ctx); + if (!ret) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ERR_R_NESTED_ASN1_ERROR); return 0; + } + if (oclass != V_ASN1_UNIVERSAL) + utype = V_ASN1_OTHER; } - if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER; - } - if(tag == -1) { + if (tag == -1) + { tag = utype; aclass = V_ASN1_UNIVERSAL; - } + } p = *in; /* Check header */ - ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx); - if(!ret) { + ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, + &p, inlen, tag, aclass, opt, ctx); + if (!ret) + { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); return 0; - } else if(ret == -1) return -1; + } + else if (ret == -1) + return -1; /* SEQUENCE, SET and "OTHER" are left in encoded form */ - if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { - /* Clear context cache for type OTHER because the auto clear when - * we have a exact match wont work + if ((utype == V_ASN1_SEQUENCE) + || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) + { + /* Clear context cache for type OTHER because the auto clear + * when we have a exact match wont work */ - if(utype == V_ASN1_OTHER) { + if (utype == V_ASN1_OTHER) + { asn1_tlc_clear(ctx); + } /* SEQUENCE and SET must be constructed */ - } else if(!cst) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED); + else if (!cst) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ASN1_R_TYPE_NOT_CONSTRUCTED); return 0; - } + } cont = *in; /* If indefinite length constructed find the real end */ - if(inf) { - if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err; + if (inf) + { + if (!asn1_find_end(&p, plen, inf)) + goto err; len = p - cont; - } else { + } + else + { len = p - cont + plen; p += plen; buf.data = NULL; + } } - } else if(cst) { + else if (cst) + { buf.length = 0; buf.max = 0; buf.data = NULL; @@ -661,36 +877,43 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl * internally irrespective of the type. So instead just check * for UNIVERSAL class and ignore the tag. */ - if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; + if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) + goto err; len = buf.length; /* Append a final null to string */ - if(!BUF_MEM_grow_clean(&buf, len + 1)) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); + if (!BUF_MEM_grow_clean(&buf, len + 1)) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ERR_R_MALLOC_FAILURE); return 0; - } + } buf.data[len] = 0; - cont = (unsigned char *)buf.data; + cont = (const unsigned char *)buf.data; free_cont = 1; - } else { + } + else + { cont = p; len = plen; p += plen; - } + } /* We now have content length and type: translate into a structure */ - if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err; + if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) + goto err; *in = p; ret = 1; err: - if(free_cont && buf.data) OPENSSL_free(buf.data); + if (free_cont && buf.data) OPENSSL_free(buf.data); return ret; -} + } /* Translate ASN1 content octets into a structure */ -int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) -{ +int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it) + { ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; @@ -698,43 +921,62 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char const ASN1_PRIMITIVE_FUNCS *pf; ASN1_INTEGER **tint; pf = it->funcs; - if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it); + + if (pf && pf->prim_c2i) + return pf->prim_c2i(pval, cont, len, utype, free_cont, it); /* If ANY type clear type and set pointer to internal value */ - if(it->utype == V_ASN1_ANY) { - if(!*pval) { + if (it->utype == V_ASN1_ANY) + { + if (!*pval) + { typ = ASN1_TYPE_new(); + if (typ == NULL) + goto err; *pval = (ASN1_VALUE *)typ; - } else typ = (ASN1_TYPE *)*pval; - if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + } + else + typ = (ASN1_TYPE *)*pval; + + if (utype != typ->type) + ASN1_TYPE_set(typ, utype, NULL); opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; - } - switch(utype) { + } + switch(utype) + { case V_ASN1_OBJECT: - if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err; + if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) + goto err; break; case V_ASN1_NULL: - if(len) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH); + if (len) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_NULL_IS_WRONG_LENGTH); goto err; - } + } *pval = (ASN1_VALUE *)1; break; case V_ASN1_BOOLEAN: - if(len != 1) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); + if (len != 1) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_BOOLEAN_IS_WRONG_LENGTH); goto err; - } else { + } + else + { ASN1_BOOLEAN *tbool; tbool = (ASN1_BOOLEAN *)pval; *tbool = *cont; - } + } break; case V_ASN1_BIT_STRING: - if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err; + if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) + goto err; break; case V_ASN1_INTEGER: @@ -742,7 +984,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char case V_ASN1_ENUMERATED: case V_ASN1_NEG_ENUMERATED: tint = (ASN1_INTEGER **)pval; - if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; + if (!c2i_ASN1_INTEGER(tint, &cont, len)) + goto err; /* Fixup type to match the expected form */ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); break; @@ -766,127 +1009,216 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char case V_ASN1_SEQUENCE: default: /* All based on ASN1_STRING and handled the same */ - if(!*pval) { + if (!*pval) + { stmp = ASN1_STRING_type_new(utype); - if(!stmp) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); + if (!stmp) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ERR_R_MALLOC_FAILURE); goto err; - } + } *pval = (ASN1_VALUE *)stmp; - } else { + } + else + { stmp = (ASN1_STRING *)*pval; stmp->type = utype; - } + } /* If we've already allocated a buffer use it */ - if(*free_cont) { - if(stmp->data) OPENSSL_free(stmp->data); - stmp->data = cont; + if (*free_cont) + { + if (stmp->data) + OPENSSL_free(stmp->data); + stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ stmp->length = len; *free_cont = 0; - } else { - if(!ASN1_STRING_set(stmp, cont, len)) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); + } + else + { + if (!ASN1_STRING_set(stmp, cont, len)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ERR_R_MALLOC_FAILURE); ASN1_STRING_free(stmp); *pval = NULL; goto err; + } } - } break; - } + } /* If ASN1_ANY and NULL type fix up value */ - if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL; + if (typ && (utype == V_ASN1_NULL)) + typ->value.ptr = NULL; ret = 1; err: - if(!ret) + if (!ret) { ASN1_TYPE_free(typ); if (opval) *opval = NULL; } return ret; -} + } + + +/* This function finds the end of an ASN1 structure when passed its maximum + * length, whether it is indefinite length and a pointer to the content. + * This is more efficient than calling asn1_collect because it does not + * recurse on each indefinite length header. + */ +static int asn1_find_end(const unsigned char **in, long len, char inf) + { + int expected_eoc; + long plen; + const unsigned char *p = *in, *q; + /* If not indefinite length constructed just add length */ + if (inf == 0) + { + *in += len; + return 1; + } + expected_eoc = 1; + /* Indefinite length constructed form. Find the end when enough EOCs + * are found. If more indefinite length constructed headers + * are encountered increment the expected eoc count otherwise just + * skip to the end of the data. + */ + while (len > 0) + { + if(asn1_check_eoc(&p, len)) + { + expected_eoc--; + if (expected_eoc == 0) + break; + len -= 2; + continue; + } + q = p; + /* Just read in a header: only care about the length */ + if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, + -1, 0, 0, NULL)) + { + ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); + return 0; + } + if (inf) + expected_eoc++; + else + p += plen; + len -= p - q; + } + if (expected_eoc) + { + ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); + return 0; + } + *in = p; + return 1; + } /* This function collects the asn1 data from a constructred string * type into a buffer. The values of 'in' and 'len' should refer * to the contents of the constructed type and 'inf' should be set - * if it is indefinite length. If 'buf' is NULL then we just want - * to find the end of the current structure: useful for indefinite - * length constructed stuff. + * if it is indefinite length. */ -static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass) -{ - unsigned char *p, *q; +static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, + char inf, int tag, int aclass) + { + const unsigned char *p, *q; long plen; char cst, ininf; p = *in; inf &= 1; - /* If no buffer and not indefinite length constructed just pass over the encoded data */ - if(!buf && !inf) { + /* If no buffer and not indefinite length constructed just pass over + * the encoded data */ + if (!buf && !inf) + { *in += len; return 1; - } - while(len > 0) { + } + while(len > 0) + { q = p; /* Check for EOC */ - if(asn1_check_eoc(&p, len)) { - /* EOC is illegal outside indefinite length constructed form */ - if(!inf) { - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); + if (asn1_check_eoc(&p, len)) + { + /* EOC is illegal outside indefinite length + * constructed form */ + if (!inf) + { + ASN1err(ASN1_F_ASN1_COLLECT, + ASN1_R_UNEXPECTED_EOC); return 0; - } + } inf = 0; break; - } - if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) { + } + + if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, + len, tag, aclass, 0, NULL)) + { ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); return 0; - } + } + /* If indefinite length constructed update max length */ - if(cst) { - if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0; - } else { - if(!collect_data(buf, &p, plen)) return 0; - } + if (cst) + { +#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS + if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) + return 0; +#else + ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); + return 0; +#endif + } + else if (plen && !collect_data(buf, &p, plen)) + return 0; len -= p - q; - } - if(inf) { + } + if (inf) + { ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); return 0; - } + } *in = p; return 1; -} - -static int collect_data(BUF_MEM *buf, unsigned char **p, long plen) -{ - int len; - if(buf) { - len = buf->length; - if(!BUF_MEM_grow_clean(buf, len + plen)) { - ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); - return 0; + } + +static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) + { + int len; + if (buf) + { + len = buf->length; + if (!BUF_MEM_grow_clean(buf, len + plen)) + { + ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); + return 0; } - memcpy(buf->data + len, *p, plen); + memcpy(buf->data + len, *p, plen); } - *p += plen; - return 1; -} + *p += plen; + return 1; + } /* Check for ASN1 EOC and swallow it if found */ -static int asn1_check_eoc(unsigned char **in, long len) -{ - unsigned char *p; - if(len < 2) return 0; +static int asn1_check_eoc(const unsigned char **in, long len) + { + const unsigned char *p; + if (len < 2) return 0; p = *in; - if(!p[0] && !p[1]) { + if (!p[0] && !p[1]) + { *in += 2; return 1; - } + } return 0; -} + } /* Check an ASN1 tag and length: a bit like ASN1_get_object * but it sets the length for indefinite length constructed @@ -895,25 +1227,32 @@ static int asn1_check_eoc(unsigned char **in, long len) * header length just read. */ -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, - unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx) -{ +static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, + char *inf, char *cst, + const unsigned char **in, long len, + int exptag, int expclass, char opt, + ASN1_TLC *ctx) + { int i; int ptag, pclass; long plen; - unsigned char *p, *q; + const unsigned char *p, *q; p = *in; q = p; - if(ctx && ctx->valid) { + if (ctx && ctx->valid) + { i = ctx->ret; plen = ctx->plen; pclass = ctx->pclass; ptag = ctx->ptag; p += ctx->hdrlen; - } else { + } + else + { i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); - if(ctx) { + if (ctx) + { ctx->ret = i; ctx->plen = plen; ctx->pclass = pclass; @@ -923,43 +1262,57 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i /* If definite length, and no error, length + * header can't exceed total amount of data available. */ - if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); + if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) + { + ASN1err(ASN1_F_ASN1_CHECK_TLEN, + ASN1_R_TOO_LONG); asn1_tlc_clear(ctx); return 0; + } } } - } - if(i & 0x80) { + if (i & 0x80) + { ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); asn1_tlc_clear(ctx); return 0; - } - if(exptag >= 0) { - if((exptag != ptag) || (expclass != pclass)) { - /* If type is OPTIONAL, not an error, but indicate missing - * type. + } + if (exptag >= 0) + { + if ((exptag != ptag) || (expclass != pclass)) + { + /* If type is OPTIONAL, not an error: + * indicate missing type. */ - if(opt) return -1; + if (opt) return -1; asn1_tlc_clear(ctx); ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); return 0; - } - /* We have a tag and class match, so assume we are going to do something with it */ + } + /* We have a tag and class match: + * assume we are going to do something with it */ asn1_tlc_clear(ctx); - } + } - if(i & 1) plen = len - (p - q); + if (i & 1) + plen = len - (p - q); - if(inf) *inf = i & 1; + if (inf) + *inf = i & 1; - if(cst) *cst = i & V_ASN1_CONSTRUCTED; + if (cst) + *cst = i & V_ASN1_CONSTRUCTED; - if(olen) *olen = plen; - if(oclass) *oclass = pclass; - if(otag) *otag = ptag; + if (olen) + *olen = plen; + + if (oclass) + *oclass = pclass; + + if (otag) + *otag = ptag; *in = p; return 1; -} + } diff --git a/crypto/openssl/crypto/asn1/tasn_enc.c b/crypto/openssl/crypto/asn1/tasn_enc.c index f6c8dde..25c94aa 100644 --- a/crypto/openssl/crypto/asn1/tasn_enc.c +++ b/crypto/openssl/crypto/asn1/tasn_enc.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,88 +59,119 @@ #include #include +#include "cryptlib.h" #include #include #include -static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset); +static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, + int tag, int aclass); +static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, + int skcontlen, const ASN1_ITEM *item, + int do_sort, int iclass); +static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt, + int tag, int aclass); +static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it, int flags); + +/* Top level i2d equivalents: the 'ndef' variant instructs the encoder + * to use indefinite length constructed encoding, where appropriate + */ + +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it) + { + return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); + } + +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) + { + return asn1_item_flags_i2d(val, out, it, 0); + } -/* Encode an ASN1 item, this is compatible with the +/* Encode an ASN1 item, this is use by the * standard 'i2d' function. 'out' points to - * a buffer to output the data to, in future we will - * have more advanced versions that can output data - * a piece at a time and this will simply be a special - * case. + * a buffer to output the data to. * * The new i2d has one additional feature. If the output * buffer is NULL (i.e. *out == NULL) then a buffer is * allocated and populated with the encoding. */ - -int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) -{ - if(out && !*out) { +static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it, int flags) + { + if (out && !*out) + { unsigned char *p, *buf; int len; - len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0); - if(len <= 0) return len; + len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); + if (len <= 0) + return len; buf = OPENSSL_malloc(len); - if(!buf) return -1; + if (!buf) + return -1; p = buf; - ASN1_item_ex_i2d(&val, &p, it, -1, 0); + ASN1_item_ex_i2d(&val, &p, it, -1, flags); *out = buf; return len; + } + + return ASN1_item_ex_i2d(&val, out, it, -1, flags); } - - return ASN1_item_ex_i2d(&val, out, it, -1, 0); -} /* Encode an item, taking care of IMPLICIT tagging (if any). * This function performs the normal item handling: it can be * used in external types. */ -int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) -{ +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass) + { const ASN1_TEMPLATE *tt = NULL; unsigned char *p = NULL; - int i, seqcontlen, seqlen; - ASN1_STRING *strtmp; + int i, seqcontlen, seqlen, ndef = 1; const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; + ASN1_aux_cb *asn1_cb = 0; + + if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) + return 0; - switch(it->itype) { + if (aux && aux->asn1_cb) + asn1_cb = aux->asn1_cb; + + switch(it->itype) + { case ASN1_ITYPE_PRIMITIVE: - if(it->templates) - return ASN1_template_i2d(pval, out, it->templates); + if (it->templates) + return asn1_template_ex_i2d(pval, out, it->templates, + tag, aclass); return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); break; case ASN1_ITYPE_MSTRING: - strtmp = (ASN1_STRING *)*pval; - return asn1_i2d_ex_primitive(pval, out, it, -1, 0); + return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) return 0; i = asn1_get_choice_selector(pval, it); - if((i >= 0) && (i < it->tcount)) { + if ((i >= 0) && (i < it->tcount)) + { ASN1_VALUE **pchval; const ASN1_TEMPLATE *chtt; chtt = it->templates + i; pchval = asn1_get_field_ptr(pval, chtt); - return ASN1_template_i2d(pchval, out, chtt); - } + return asn1_template_ex_i2d(pchval, out, chtt, + -1, aclass); + } /* Fixme: error condition if selector out of range */ - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) return 0; break; @@ -152,136 +183,236 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it case ASN1_ITYPE_COMPAT: /* old style hackery... */ cf = it->funcs; - if(out) p = *out; + if (out) + p = *out; i = cf->asn1_i2d(*pval, out); /* Fixup for IMPLICIT tag: note this messes up for tags > 30, * but so did the old code. Tags > 30 are very rare anyway. */ - if(out && (tag != -1)) + if (out && (tag != -1)) *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); return i; + case ASN1_ITYPE_NDEF_SEQUENCE: + /* Use indefinite length constructed if requested */ + if (aclass & ASN1_TFLG_NDEF) ndef = 2; + /* fall through */ + case ASN1_ITYPE_SEQUENCE: i = asn1_enc_restore(&seqcontlen, out, pval, it); /* An error occurred */ - if(i < 0) return 0; + if (i < 0) + return 0; /* We have a valid cached encoding... */ - if(i > 0) return seqcontlen; + if (i > 0) + return seqcontlen; /* Otherwise carry on */ seqcontlen = 0; /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if(tag == -1) { + if (tag == -1) + { tag = V_ASN1_SEQUENCE; - aclass = V_ASN1_UNIVERSAL; - } - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) + /* Retain any other flags in aclass */ + aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) + | V_ASN1_UNIVERSAL; + } + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) return 0; /* First work out sequence content length */ - for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) + { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) return 0; + if (!seqtt) + return 0; pseqval = asn1_get_field_ptr(pval, seqtt); /* FIXME: check for errors in enhanced version */ - /* FIXME: special handling of indefinite length encoding */ - seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt); - } - seqlen = ASN1_object_size(1, seqcontlen, tag); - if(!out) return seqlen; + seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, + -1, aclass); + } + + seqlen = ASN1_object_size(ndef, seqcontlen, tag); + if (!out) + return seqlen; /* Output SEQUENCE header */ - ASN1_put_object(out, 1, seqcontlen, tag, aclass); - for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + ASN1_put_object(out, ndef, seqcontlen, tag, aclass); + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) + { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) return 0; + if (!seqtt) + return 0; pseqval = asn1_get_field_ptr(pval, seqtt); /* FIXME: check for errors in enhanced version */ - ASN1_template_i2d(pseqval, out, seqtt); - } - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) + asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); + } + if (ndef == 2) + ASN1_put_eoc(out); + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) return 0; return seqlen; default: return 0; - } + + } return 0; -} + } -int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt) -{ - int i, ret, flags, aclass; +int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt) + { + return asn1_template_ex_i2d(pval, out, tt, -1, 0); + } + +static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt, int tag, int iclass) + { + int i, ret, flags, ttag, tclass, ndef; flags = tt->flags; - aclass = flags & ASN1_TFLG_TAG_CLASS; - if(flags & ASN1_TFLG_SK_MASK) { + /* Work out tag and class to use: tagging may come + * either from the template or the arguments, not both + * because this would create ambiguity. Additionally + * the iclass argument may contain some additional flags + * which should be noted and passed down to other levels. + */ + if (flags & ASN1_TFLG_TAG_MASK) + { + /* Error if argument and template tagging */ + if (tag != -1) + /* FIXME: error code here */ + return -1; + /* Get tagging from template */ + ttag = tt->tag; + tclass = flags & ASN1_TFLG_TAG_CLASS; + } + else if (tag != -1) + { + /* No template tagging, get from arguments */ + ttag = tag; + tclass = iclass & ASN1_TFLG_TAG_CLASS; + } + else + { + ttag = -1; + tclass = 0; + } + /* + * Remove any class mask from iflag. + */ + iclass &= ~ASN1_TFLG_TAG_CLASS; + + /* At this point 'ttag' contains the outer tag to use, + * 'tclass' is the class and iclass is any flags passed + * to this function. + */ + + /* if template and arguments require ndef, use it */ + if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) + ndef = 2; + else ndef = 1; + + if (flags & ASN1_TFLG_SK_MASK) + { /* SET OF, SEQUENCE OF */ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; int isset, sktag, skaclass; int skcontlen, sklen; ASN1_VALUE *skitem; - if(!*pval) return 0; - if(flags & ASN1_TFLG_SET_OF) { + + if (!*pval) + return 0; + + if (flags & ASN1_TFLG_SET_OF) + { isset = 1; /* 2 means we reorder */ - if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2; - } else isset = 0; - /* First work out inner tag value */ - if(flags & ASN1_TFLG_IMPTAG) { - sktag = tt->tag; - skaclass = aclass; - } else { + if (flags & ASN1_TFLG_SEQUENCE_OF) + isset = 2; + } + else isset = 0; + + /* Work out inner tag value: if EXPLICIT + * or no tagging use underlying type. + */ + if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) + { + sktag = ttag; + skaclass = tclass; + } + else + { skaclass = V_ASN1_UNIVERSAL; - if(isset) sktag = V_ASN1_SET; + if (isset) + sktag = V_ASN1_SET; else sktag = V_ASN1_SEQUENCE; - } - /* Now work out length of items */ + } + + /* Determine total length of items */ skcontlen = 0; - for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) + { skitem = sk_ASN1_VALUE_value(sk, i); - skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0); - } - sklen = ASN1_object_size(1, skcontlen, sktag); + skcontlen += ASN1_item_ex_i2d(&skitem, NULL, + ASN1_ITEM_ptr(tt->item), + -1, iclass); + } + sklen = ASN1_object_size(ndef, skcontlen, sktag); /* If EXPLICIT need length of surrounding tag */ - if(flags & ASN1_TFLG_EXPTAG) - ret = ASN1_object_size(1, sklen, tt->tag); + if (flags & ASN1_TFLG_EXPTAG) + ret = ASN1_object_size(ndef, sklen, ttag); else ret = sklen; - if(!out) return ret; + if (!out) + return ret; /* Now encode this lot... */ /* EXPLICIT tag */ - if(flags & ASN1_TFLG_EXPTAG) - ASN1_put_object(out, 1, sklen, tt->tag, aclass); + if (flags & ASN1_TFLG_EXPTAG) + ASN1_put_object(out, ndef, sklen, ttag, tclass); /* SET or SEQUENCE and IMPLICIT tag */ - ASN1_put_object(out, 1, skcontlen, sktag, skaclass); - /* And finally the stuff itself */ - asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset); + ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); + /* And the stuff itself */ + asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), + isset, iclass); + if (ndef == 2) + { + ASN1_put_eoc(out); + if (flags & ASN1_TFLG_EXPTAG) + ASN1_put_eoc(out); + } return ret; - } - - if(flags & ASN1_TFLG_EXPTAG) { + } + + if (flags & ASN1_TFLG_EXPTAG) + { /* EXPLICIT tagging */ /* Find length of tagged item */ - i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0); - if(!i) return 0; + i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), + -1, iclass); + if (!i) + return 0; /* Find length of EXPLICIT tag */ - ret = ASN1_object_size(1, i, tt->tag); - if(out) { + ret = ASN1_object_size(ndef, i, ttag); + if (out) + { /* Output tag and item */ - ASN1_put_object(out, 1, i, tt->tag, aclass); - ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0); - } + ASN1_put_object(out, ndef, i, ttag, tclass); + ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), + -1, iclass); + if (ndef == 2) + ASN1_put_eoc(out); + } return ret; - } - if(flags & ASN1_TFLG_IMPTAG) { - /* IMPLICIT tagging */ - return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass); - } - /* Nothing special: treat as normal */ - return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0); + } + + /* Either normal or IMPLICIT tagging: combine class and flags */ + return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), + ttag, tclass | iclass); + } /* Temporary structure used to hold DER encoding of items for SET OF */ @@ -293,72 +424,90 @@ typedef struct { } DER_ENC; static int der_cmp(const void *a, const void *b) -{ + { const DER_ENC *d1 = a, *d2 = b; int cmplen, i; cmplen = (d1->length < d2->length) ? d1->length : d2->length; i = memcmp(d1->data, d2->data, cmplen); - if(i) return i; + if (i) + return i; return d1->length - d2->length; -} + } /* Output the content octets of SET OF or SEQUENCE OF */ -static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort) -{ +static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, + int skcontlen, const ASN1_ITEM *item, + int do_sort, int iclass) + { int i; ASN1_VALUE *skitem; unsigned char *tmpdat = NULL, *p = NULL; DER_ENC *derlst = NULL, *tder; - if(do_sort) { + if (do_sort) + { /* Don't need to sort less than 2 items */ - if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0; - else { - derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (sk_ASN1_VALUE_num(sk) < 2) + do_sort = 0; + else + { + derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) + * sizeof(*derlst)); tmpdat = OPENSSL_malloc(skcontlen); - if(!derlst || !tmpdat) return 0; + if (!derlst || !tmpdat) + return 0; + } } - } /* If not sorting just output each item */ - if(!do_sort) { - for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + if (!do_sort) + { + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) + { skitem = sk_ASN1_VALUE_value(sk, i); - ASN1_item_i2d(skitem, out, item); - } + ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); + } return 1; - } + } p = tmpdat; + /* Doing sort: build up a list of each member's DER encoding */ - for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { + for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) + { skitem = sk_ASN1_VALUE_value(sk, i); tder->data = p; - tder->length = ASN1_item_i2d(skitem, &p, item); + tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); tder->field = skitem; - } + } + /* Now sort them */ qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); /* Output sorted DER encoding */ p = *out; - for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { + for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) + { memcpy(p, tder->data, tder->length); p += tder->length; - } + } *out = p; /* If do_sort is 2 then reorder the STACK */ - if(do_sort == 2) { - for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) + if (do_sort == 2) + { + for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); + i++, tder++) sk_ASN1_VALUE_set(sk, i, tder->field); - } + } OPENSSL_free(derlst); OPENSSL_free(tmpdat); return 1; -} + } -static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) -{ +static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass) + { int len; int utype; int usetag; + int ndef = 0; utype = it->utype; @@ -374,33 +523,48 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A * because the call to asn1_ex_i2c() could change * utype. */ - if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || + if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) usetag = 0; else usetag = 1; /* -1 means omit type */ - if(len == -1) return 0; + if (len == -1) + return 0; + + /* -2 return is special meaning use ndef */ + if (len == -2) + { + ndef = 2; + len = 0; + } /* If not implicitly tagged get tag from underlying type */ - if(tag == -1) tag = utype; + if (tag == -1) tag = utype; /* Output tag+length followed by content octets */ - if(out) { - if(usetag) ASN1_put_object(out, 0, len, tag, aclass); + if (out) + { + if (usetag) + ASN1_put_object(out, ndef, len, tag, aclass); asn1_ex_i2c(pval, *out, &utype, it); - *out += len; - } + if (ndef) + ASN1_put_eoc(out); + else + *out += len; + } - if(usetag) return ASN1_object_size(0, len, tag); + if (usetag) + return ASN1_object_size(ndef, len, tag); return len; -} + } /* Produce content octets from a structure */ -int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it) -{ +int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + const ASN1_ITEM *it) + { ASN1_BOOLEAN *tbool = NULL; ASN1_STRING *strtmp; ASN1_OBJECT *otmp; @@ -409,28 +573,36 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ int len; const ASN1_PRIMITIVE_FUNCS *pf; pf = it->funcs; - if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it); + if (pf && pf->prim_i2c) + return pf->prim_i2c(pval, cout, putype, it); /* Should type be omitted? */ - if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) { - if(!*pval) return -1; - } + if ((it->itype != ASN1_ITYPE_PRIMITIVE) + || (it->utype != V_ASN1_BOOLEAN)) + { + if (!*pval) return -1; + } - if(it->itype == ASN1_ITYPE_MSTRING) { + if (it->itype == ASN1_ITYPE_MSTRING) + { /* If MSTRING type set the underlying type */ strtmp = (ASN1_STRING *)*pval; utype = strtmp->type; *putype = utype; - } else if(it->utype == V_ASN1_ANY) { + } + else if (it->utype == V_ASN1_ANY) + { /* If ANY set type and pointer to value */ ASN1_TYPE *typ; typ = (ASN1_TYPE *)*pval; utype = typ->type; *putype = utype; pval = (ASN1_VALUE **)&typ->value.ptr; - } else utype = *putype; + } + else utype = *putype; - switch(utype) { + switch(utype) + { case V_ASN1_OBJECT: otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; @@ -444,17 +616,24 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ case V_ASN1_BOOLEAN: tbool = (ASN1_BOOLEAN *)pval; - if(*tbool == -1) return -1; - /* Default handling if value == size field then omit */ - if(*tbool && (it->size > 0)) return -1; - if(!*tbool && !it->size) return -1; + if (*tbool == -1) + return -1; + if (it->utype != V_ASN1_ANY) + { + /* Default handling if value == size field then omit */ + if (*tbool && (it->size > 0)) + return -1; + if (!*tbool && !it->size) + return -1; + } c = (unsigned char)*tbool; cont = &c; len = 1; break; case V_ASN1_BIT_STRING: - return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL); + return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, + cout ? &cout : NULL); break; case V_ASN1_INTEGER: @@ -464,7 +643,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ /* These are all have the same content format * as ASN1_INTEGER */ - return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); + return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, + cout ? &cout : NULL); break; case V_ASN1_OCTET_STRING: @@ -486,12 +666,25 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ default: /* All based on ASN1_STRING and handled the same */ strtmp = (ASN1_STRING *)*pval; + /* Special handling for NDEF */ + if ((it->size == ASN1_TFLG_NDEF) + && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) + { + if (cout) + { + strtmp->data = cout; + strtmp->length = 0; + } + /* Special return code */ + return -2; + } cont = strtmp->data; len = strtmp->length; break; - } - if(cout && len) memcpy(cout, cont, len); + } + if (cout && len) + memcpy(cout, cont, len); return len; -} + } diff --git a/crypto/openssl/crypto/asn1/tasn_fre.c b/crypto/openssl/crypto/asn1/tasn_fre.c index 2dd8441..b68b66a 100644 --- a/crypto/openssl/crypto/asn1/tasn_fre.c +++ b/crypto/openssl/crypto/asn1/tasn_fre.c @@ -67,33 +67,40 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c /* Free up an ASN1 structure */ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) -{ + { asn1_item_combine_free(&val, it, 0); -} + } void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { asn1_item_combine_free(pval, it, 0); -} + } static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) -{ + { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; const ASN1_COMPAT_FUNCS *cf; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; int i; - if(!pval) return; - if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; + if (!pval) + return; + if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) + return; + if (aux && aux->asn1_cb) + asn1_cb = aux->asn1_cb; + else + asn1_cb = 0; - switch(it->itype) { + switch(it->itype) + { case ASN1_ITYPE_PRIMITIVE: - if(it->templates) ASN1_template_free(pval, it->templates); - else ASN1_primitive_free(pval, it); + if (it->templates) + ASN1_template_free(pval, it->templates); + else + ASN1_primitive_free(pval, it); break; case ASN1_ITYPE_MSTRING: @@ -101,41 +108,53 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c break; case ASN1_ITYPE_CHOICE: - if(asn1_cb) { + if (asn1_cb) + { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); - if(i == 2) return; - } + if (i == 2) + return; + } i = asn1_get_choice_selector(pval, it); - if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it); - if((i >= 0) && (i < it->tcount)) { + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_PRE, pval, it); + if ((i >= 0) && (i < it->tcount)) + { ASN1_VALUE **pchval; tt = it->templates + i; pchval = asn1_get_field_ptr(pval, tt); ASN1_template_free(pchval, tt); - } - if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it); - if(!combine) { + } + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_POST, pval, it); + if (!combine) + { OPENSSL_free(*pval); *pval = NULL; - } + } break; case ASN1_ITYPE_COMPAT: cf = it->funcs; - if(cf && cf->asn1_free) cf->asn1_free(*pval); + if (cf && cf->asn1_free) + cf->asn1_free(*pval); break; case ASN1_ITYPE_EXTERN: ef = it->funcs; - if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it); + if (ef && ef->asn1_ex_free) + ef->asn1_ex_free(pval, it); break; + case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: - if(asn1_do_lock(pval, -1, it) > 0) return; - if(asn1_cb) { + if (asn1_do_lock(pval, -1, it) > 0) + return; + if (asn1_cb) + { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); - if(i == 2) return; - } + if (i == 2) + return; + } asn1_enc_free(pval, it); /* If we free up as normal we will invalidate any * ANY DEFINED BY field and we wont be able to @@ -143,64 +162,84 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c * free up in reverse order. */ tt = it->templates + it->tcount - 1; - for(i = 0; i < it->tcount; tt--, i++) { + for (i = 0; i < it->tcount; tt--, i++) + { ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 0); - if(!seqtt) continue; + if (!seqtt) + continue; pseqval = asn1_get_field_ptr(pval, seqtt); ASN1_template_free(pseqval, seqtt); - } - if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it); - if(!combine) { + } + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_POST, pval, it); + if (!combine) + { OPENSSL_free(*pval); *pval = NULL; - } + } break; + } } -} void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ + { int i; - if(tt->flags & ASN1_TFLG_SK_MASK) { + if (tt->flags & ASN1_TFLG_SK_MASK) + { STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; - for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) + { ASN1_VALUE *vtmp; vtmp = sk_ASN1_VALUE_value(sk, i); - asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); - } + asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), + 0); + } sk_ASN1_VALUE_free(sk); *pval = NULL; - } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), + } + else + asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), tt->flags & ASN1_TFLG_COMBINE); -} + } void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { int utype; - if(it) { + if (it) + { const ASN1_PRIMITIVE_FUNCS *pf; pf = it->funcs; - if(pf && pf->prim_free) { + if (pf && pf->prim_free) + { pf->prim_free(pval, it); return; + } } - } /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ - if(!it) { + if (!it) + { ASN1_TYPE *typ = (ASN1_TYPE *)*pval; utype = typ->type; pval = (ASN1_VALUE **)&typ->value.ptr; - if(!*pval) return; - } else if(it->itype == ASN1_ITYPE_MSTRING) { + if (!*pval) + return; + } + else if (it->itype == ASN1_ITYPE_MSTRING) + { utype = -1; - if(!*pval) return; - } else { + if (!*pval) + return; + } + else + { utype = it->utype; - if((utype != V_ASN1_BOOLEAN) && !*pval) return; - } + if ((utype != V_ASN1_BOOLEAN) && !*pval) + return; + } - switch(utype) { + switch(utype) + { case V_ASN1_OBJECT: ASN1_OBJECT_free((ASN1_OBJECT *)*pval); break; @@ -224,6 +263,6 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_STRING_free((ASN1_STRING *)*pval); *pval = NULL; break; - } + } *pval = NULL; -} + } diff --git a/crypto/openssl/crypto/asn1/tasn_new.c b/crypto/openssl/crypto/asn1/tasn_new.c index a0e3db5..531dad3 100644 --- a/crypto/openssl/crypto/asn1/tasn_new.c +++ b/crypto/openssl/crypto/asn1/tasn_new.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,27 +64,30 @@ #include #include -static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); +static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) -{ + { ASN1_VALUE *ret = NULL; - if(ASN1_item_ex_new(&ret, it) > 0) return ret; + if (ASN1_item_ex_new(&ret, it) > 0) + return ret; return NULL; -} + } /* Allocate an ASN1 structure */ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { return asn1_item_ex_combine_new(pval, it, 0); -} + } -static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) -{ +static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine) + { const ASN1_TEMPLATE *tt = NULL; const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; @@ -92,133 +95,155 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int ASN1_aux_cb *asn1_cb; ASN1_VALUE **pseqval; int i; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; + if (aux && aux->asn1_cb) + asn1_cb = aux->asn1_cb; + else + asn1_cb = 0; - if(!combine) *pval = NULL; + if (!combine) *pval = NULL; #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_push_info(it->sname); + if (it->sname) + CRYPTO_push_info(it->sname); #endif - switch(it->itype) { + switch(it->itype) + { case ASN1_ITYPE_EXTERN: ef = it->funcs; - if(ef && ef->asn1_ex_new) { - if(!ef->asn1_ex_new(pval, it)) + if (ef && ef->asn1_ex_new) + { + if (!ef->asn1_ex_new(pval, it)) goto memerr; - } + } break; case ASN1_ITYPE_COMPAT: cf = it->funcs; - if(cf && cf->asn1_new) { + if (cf && cf->asn1_new) { *pval = cf->asn1_new(); - if(!*pval) goto memerr; + if (!*pval) + goto memerr; } break; case ASN1_ITYPE_PRIMITIVE: - if(it->templates) { - if(!ASN1_template_new(pval, it->templates)) + if (it->templates) + { + if (!ASN1_template_new(pval, it->templates)) goto memerr; - } else { - if(!ASN1_primitive_new(pval, it)) + } + else if (!ASN1_primitive_new(pval, it)) goto memerr; - } break; case ASN1_ITYPE_MSTRING: - if(!ASN1_primitive_new(pval, it)) + if (!ASN1_primitive_new(pval, it)) goto memerr; break; case ASN1_ITYPE_CHOICE: - if(asn1_cb) { + if (asn1_cb) + { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); - if(!i) goto auxerr; - if(i==2) { + if (!i) + goto auxerr; + if (i==2) + { #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 1; + } } - } - if(!combine) { + if (!combine) + { *pval = OPENSSL_malloc(it->size); - if(!*pval) goto memerr; + if (!*pval) + goto memerr; memset(*pval, 0, it->size); - } + } asn1_set_choice_selector(pval, -1, it); - if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) goto auxerr; break; + case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: - if(asn1_cb) { + if (asn1_cb) + { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); - if(!i) goto auxerr; - if(i==2) { + if (!i) + goto auxerr; + if (i==2) + { #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 1; + } } - } - if(!combine) { + if (!combine) + { *pval = OPENSSL_malloc(it->size); - if(!*pval) goto memerr; + if (!*pval) + goto memerr; memset(*pval, 0, it->size); asn1_do_lock(pval, 0, it); asn1_enc_init(pval, it); - } - for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + } + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) + { pseqval = asn1_get_field_ptr(pval, tt); - if(!ASN1_template_new(pseqval, tt)) goto memerr; - } - if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) + if (!ASN1_template_new(pseqval, tt)) + goto memerr; + } + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) goto auxerr; break; } #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) CRYPTO_pop_info(); #endif return 1; memerr: - ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) CRYPTO_pop_info(); #endif return 0; auxerr: - ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR); + ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) CRYPTO_pop_info(); #endif return 0; -} + } static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { const ASN1_EXTERN_FUNCS *ef; - switch(it->itype) { + switch(it->itype) + { case ASN1_ITYPE_EXTERN: ef = it->funcs; - if(ef && ef->asn1_ex_clear) + if (ef && ef->asn1_ex_clear) ef->asn1_ex_clear(pval, it); else *pval = NULL; break; case ASN1_ITYPE_PRIMITIVE: - if(it->templates) + if (it->templates) asn1_template_clear(pval, it->templates); else asn1_primitive_clear(pval, it); @@ -231,75 +256,90 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) case ASN1_ITYPE_COMPAT: case ASN1_ITYPE_CHOICE: case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_NDEF_SEQUENCE: *pval = NULL; break; + } } -} int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ + { const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); int ret; - if(tt->flags & ASN1_TFLG_OPTIONAL) { + if (tt->flags & ASN1_TFLG_OPTIONAL) + { asn1_template_clear(pval, tt); return 1; - } + } /* If ANY DEFINED BY nothing to do */ - if(tt->flags & ASN1_TFLG_ADB_MASK) { + if (tt->flags & ASN1_TFLG_ADB_MASK) + { *pval = NULL; return 1; - } + } #ifdef CRYPTO_MDEBUG - if(tt->field_name) CRYPTO_push_info(tt->field_name); + if (tt->field_name) + CRYPTO_push_info(tt->field_name); #endif /* If SET OF or SEQUENCE OF, its a STACK */ - if(tt->flags & ASN1_TFLG_SK_MASK) { + if (tt->flags & ASN1_TFLG_SK_MASK) + { STACK_OF(ASN1_VALUE) *skval; skval = sk_ASN1_VALUE_new_null(); - if(!skval) { + if (!skval) + { ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); ret = 0; goto done; - } + } *pval = (ASN1_VALUE *)skval; ret = 1; goto done; - } + } /* Otherwise pass it back to the item routine */ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); done: #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return ret; -} + } static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ + { /* If ADB or STACK just NULL the field */ - if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) + if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) *pval = NULL; else asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); -} + } -/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old - * functions. +/* NB: could probably combine most of the real XXX_new() behaviour and junk + * all the old functions. */ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { ASN1_TYPE *typ; int utype; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if(pf && pf->prim_new) return pf->prim_new(pval, it); - if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; - else utype = it->utype; - switch(utype) { + + if (it && it->funcs) + { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + if (pf->prim_new) + return pf->prim_new(pval, it); + } + + if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + utype = -1; + else + utype = it->utype; + switch(utype) + { case V_ASN1_OBJECT: *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); return 1; @@ -317,7 +357,8 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) case V_ASN1_ANY: typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); - if(!typ) return 0; + if (!typ) + return 0; typ->value.ptr = NULL; typ->type = -1; *pval = (ASN1_VALUE *)typ; @@ -326,26 +367,29 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) default: *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); break; - } - if(*pval) return 1; + } + if (*pval) + return 1; return 0; -} + } void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { int utype; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if(pf) { - if(pf->prim_clear) + if (it && it->funcs) + { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + if (pf->prim_clear) pf->prim_clear(pval, it); else *pval = NULL; return; - } - if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; - else utype = it->utype; - if(utype == V_ASN1_BOOLEAN) + } + if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + utype = -1; + else + utype = it->utype; + if (utype == V_ASN1_BOOLEAN) *(ASN1_BOOLEAN *)pval = it->size; else *pval = NULL; -} + } diff --git a/crypto/openssl/crypto/asn1/tasn_typ.c b/crypto/openssl/crypto/asn1/tasn_typ.c index 804d2ee..6f17f1b 100644 --- a/crypto/openssl/crypto/asn1/tasn_typ.c +++ b/crypto/openssl/crypto/asn1/tasn_typ.c @@ -131,3 +131,7 @@ IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1) IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1) IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) + +/* Special, OCTET STRING with indefinite length constructed support */ + +IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) diff --git a/crypto/openssl/crypto/asn1/tasn_utl.c b/crypto/openssl/crypto/asn1/tasn_utl.c index 8996ce8..34d520b 100644 --- a/crypto/openssl/crypto/asn1/tasn_utl.c +++ b/crypto/openssl/crypto/asn1/tasn_utl.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -74,23 +74,23 @@ */ int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { int *sel = offset2ptr(*pval, it->utype); return *sel; -} + } /* Given an ASN1_ITEM CHOICE type set * the selector value, return old value. */ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) -{ + { int *sel, ret; sel = offset2ptr(*pval, it->utype); ret = *sel; *sel = value; return ret; -} + } /* Do reference counting. The value 'op' decides what to do. * if it is +1 then the count is incremented. If op is 0 count is @@ -99,114 +99,134 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) */ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) -{ + { const ASN1_AUX *aux; int *lck, ret; - if(it->itype != ASN1_ITYPE_SEQUENCE) return 0; + if ((it->itype != ASN1_ITYPE_SEQUENCE) + && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) + return 0; aux = it->funcs; - if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0; + if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) + return 0; lck = offset2ptr(*pval, aux->ref_offset); - if(op == 0) { + if (op == 0) + { *lck = 1; return 1; - } + } ret = CRYPTO_add(lck, op, aux->ref_lock); #ifdef REF_PRINT fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); #endif #ifdef REF_CHECK - if(ret < 0) + if (ret < 0) fprintf(stderr, "%s, bad reference count\n", it->sname); #endif return ret; -} + } static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { const ASN1_AUX *aux; - if(!pval || !*pval) return NULL; + if (!pval || !*pval) + return NULL; aux = it->funcs; - if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL; + if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) + return NULL; return offset2ptr(*pval, aux->enc_offset); -} + } void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { ASN1_ENCODING *enc; enc = asn1_get_enc_ptr(pval, it); - if(enc) { + if (enc) + { enc->enc = NULL; enc->len = 0; enc->modified = 1; + } } -} void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ + { ASN1_ENCODING *enc; enc = asn1_get_enc_ptr(pval, it); - if(enc) { - if(enc->enc) OPENSSL_free(enc->enc); + if (enc) + { + if (enc->enc) + OPENSSL_free(enc->enc); enc->enc = NULL; enc->len = 0; enc->modified = 1; + } } -} -int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it) -{ +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it) + { ASN1_ENCODING *enc; enc = asn1_get_enc_ptr(pval, it); - if(!enc) return 1; + if (!enc) + return 1; - if(enc->enc) OPENSSL_free(enc->enc); + if (enc->enc) + OPENSSL_free(enc->enc); enc->enc = OPENSSL_malloc(inlen); - if(!enc->enc) return 0; + if (!enc->enc) + return 0; memcpy(enc->enc, in, inlen); enc->len = inlen; enc->modified = 0; return 1; -} + } -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it) -{ +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, + const ASN1_ITEM *it) + { ASN1_ENCODING *enc; enc = asn1_get_enc_ptr(pval, it); - if(!enc || enc->modified) return 0; - if(out) { + if (!enc || enc->modified) + return 0; + if (out) + { memcpy(*out, enc->enc, enc->len); *out += enc->len; - } - if(len) *len = enc->len; + } + if (len) + *len = enc->len; return 1; -} + } /* Given an ASN1_TEMPLATE get a pointer to a field */ ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ + { ASN1_VALUE **pvaltmp; - if(tt->flags & ASN1_TFLG_COMBINE) return pval; + if (tt->flags & ASN1_TFLG_COMBINE) + return pval; pvaltmp = offset2ptr(*pval, tt->offset); /* NOTE for BOOLEAN types the field is just a plain * int so we can't return int **, so settle for * (int *). */ return pvaltmp; -} + } /* Handle ANY DEFINED BY template, find the selector, look up * the relevant ASN1_TEMPLATE in the table and return it. */ -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr) -{ +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + int nullerr) + { const ASN1_ADB *adb; const ASN1_ADB_TABLE *atbl; long selector; ASN1_VALUE **sfld; int i; - if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt; + if (!(tt->flags & ASN1_TFLG_ADB_MASK)) + return tt; /* Else ANY DEFINED BY ... get the table */ adb = ASN1_ADB_ptr(tt->item); @@ -215,16 +235,18 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int sfld = offset2ptr(*pval, adb->offset); /* Check if NULL */ - if(!sfld) { - if(!adb->null_tt) goto err; + if (!sfld) + { + if (!adb->null_tt) + goto err; return adb->null_tt; - } + } /* Convert type to a long: * NB: don't check for NID_undef here because it * might be a legitimate value in the table */ - if(tt->flags & ASN1_TFLG_ADB_OID) + if (tt->flags & ASN1_TFLG_ADB_OID) selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); else selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); @@ -237,17 +259,21 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int * linear search. */ - for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) - if(atbl->value == selector) return &atbl->tt; + for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) + if (atbl->value == selector) + return &atbl->tt; /* FIXME: need to search application table too */ /* No match, return default type */ - if(!adb->default_tt) goto err; + if (!adb->default_tt) + goto err; return adb->default_tt; err: /* FIXME: should log the value or OID of unsupported type */ - if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); + if (nullerr) + ASN1err(ASN1_F_ASN1_DO_ADB, + ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); return NULL; -} + } diff --git a/crypto/openssl/crypto/asn1/x_bignum.c b/crypto/openssl/crypto/asn1/x_bignum.c index 848c7a0..869c05d 100644 --- a/crypto/openssl/crypto/asn1/x_bignum.c +++ b/crypto/openssl/crypto/asn1/x_bignum.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a * BIGNUM directly. Currently it ignores the sign which isn't a problem since all @@ -72,7 +73,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); static ASN1_PRIMITIVE_FUNCS bignum_pf = { NULL, 0, @@ -122,7 +123,8 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN return pad + BN_num_bytes(bn); } -static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) +static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it) { BIGNUM *bn; if(!*pval) bn_new(pval, it); diff --git a/crypto/openssl/crypto/asn1/x_crl.c b/crypto/openssl/crypto/asn1/x_crl.c index e4d1918..b99f8fc 100644 --- a/crypto/openssl/crypto/asn1/x_crl.c +++ b/crypto/openssl/crypto/asn1/x_crl.c @@ -130,6 +130,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); return 0; } + inf->enc.modified = 1; return 1; } diff --git a/crypto/openssl/crypto/asn1/x_long.c b/crypto/openssl/crypto/asn1/x_long.c index c5f2595..0db233c 100644 --- a/crypto/openssl/crypto/asn1/x_long.c +++ b/crypto/openssl/crypto/asn1/x_long.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include /* Custom primitive type for long handling. This converts between an ASN1_INTEGER * and a long directly. @@ -69,7 +70,7 @@ static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); static ASN1_PRIMITIVE_FUNCS long_pf = { NULL, 0, @@ -136,13 +137,14 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A return clen + pad; } -static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) +static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it) { int neg, i; long ltmp; unsigned long utmp = 0; char *cp = (char *)pval; - if(len > sizeof(long)) { + if(len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } diff --git a/crypto/openssl/crypto/asn1/x_name.c b/crypto/openssl/crypto/asn1/x_name.c index caece0f..681e5d1 100644 --- a/crypto/openssl/crypto/asn1/x_name.c +++ b/crypto/openssl/crypto/asn1/x_name.c @@ -61,7 +61,7 @@ #include #include -static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, +static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); @@ -123,7 +123,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) return 1; memerr: - ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); if (ret) { if (ret->entries) @@ -156,25 +156,26 @@ static void sk_internal_free(void *a) sk_free(a); } -static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, +static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) { - unsigned char *p = *in, *q; - STACK *intname = NULL; + const unsigned char *p = *in, *q; + STACK *intname = NULL, **intname_pp = &intname; int i, j, ret; - X509_NAME *nm = NULL; + X509_NAME *nm = NULL, **nm_pp = &nm; STACK_OF(X509_NAME_ENTRY) *entries; X509_NAME_ENTRY *entry; q = p; /* Get internal representation of Name */ - ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - tag, aclass, opt, ctx); + ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp, + &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), + tag, aclass, opt, ctx); if(ret <= 0) return ret; if(*val) x509_name_ex_free(val, NULL); - if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err; + if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err; /* We've decoded it: now cache encoding */ if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; memcpy(nm->bytes->data, q, p - q); @@ -196,7 +197,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, cons *in = p; return ret; err: - ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR); + ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -218,7 +219,7 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT static int x509_name_encode(X509_NAME *a) { - STACK *intname = NULL; + STACK *intname = NULL, **intname_pp = &intname; int len; unsigned char *p; STACK_OF(X509_NAME_ENTRY) *entries = NULL; @@ -236,16 +237,18 @@ static int x509_name_encode(X509_NAME *a) } if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; } - len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); + len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL, + ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); if (!BUF_MEM_grow(a->bytes,len)) goto memerr; p=(unsigned char *)a->bytes->data; - ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); + ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, + &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); sk_pop_free(intname, sk_internal_free); a->modified = 0; return len; memerr: sk_pop_free(intname, sk_internal_free); - ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/openssl/crypto/asn1/x_pkey.c b/crypto/openssl/crypto/asn1/x_pkey.c index f1c6221..8453618 100644 --- a/crypto/openssl/crypto/asn1/x_pkey.c +++ b/crypto/openssl/crypto/asn1/x_pkey.c @@ -69,15 +69,15 @@ int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) return(0); } -X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length) +X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length) { int i; M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING); + M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR); + M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING); ret->cipher.cipher=EVP_get_cipherbyname( OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm))); diff --git a/crypto/openssl/crypto/asn1/x_pubkey.c b/crypto/openssl/crypto/asn1/x_pubkey.c index d958540..91c2756 100644 --- a/crypto/openssl/crypto/asn1/x_pubkey.c +++ b/crypto/openssl/crypto/asn1/x_pubkey.c @@ -60,16 +60,23 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - if(operation == ASN1_OP_FREE_POST) { + { + if (operation == ASN1_OP_FREE_POST) + { X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); - } + } return 1; -} + } ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), @@ -80,8 +87,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { - int ok=0; - X509_PUBKEY *pk; + X509_PUBKEY *pk=NULL; X509_ALGOR *a; ASN1_OBJECT *o; unsigned char *s,*p = NULL; @@ -104,32 +110,111 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) (a->parameter->type != V_ASN1_NULL)) { ASN1_TYPE_free(a->parameter); - a->parameter=ASN1_TYPE_new(); + if (!(a->parameter=ASN1_TYPE_new())) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } a->parameter->type=V_ASN1_NULL; } } - else #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) + else if (pkey->type == EVP_PKEY_DSA) { unsigned char *pp; DSA *dsa; - + dsa=pkey->pkey.dsa; dsa->write_params=0; ASN1_TYPE_free(a->parameter); - i=i2d_DSAparams(dsa,NULL); - if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; + if ((i=i2d_DSAparams(dsa,NULL)) <= 0) + goto err; + if (!(p=(unsigned char *)OPENSSL_malloc(i))) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } pp=p; i2d_DSAparams(dsa,&pp); - a->parameter=ASN1_TYPE_new(); + if (!(a->parameter=ASN1_TYPE_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } a->parameter->type=V_ASN1_SEQUENCE; - a->parameter->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(a->parameter->value.sequence,p,i); + if (!(a->parameter->value.sequence=ASN1_STRING_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } OPENSSL_free(p); } - else #endif +#ifndef OPENSSL_NO_EC + else if (pkey->type == EVP_PKEY_EC) + { + int nid=0; + unsigned char *pp; + EC_KEY *ec_key; + const EC_GROUP *group; + + ec_key = pkey->pkey.ec; + ASN1_TYPE_free(a->parameter); + + if ((a->parameter = ASN1_TYPE_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); + goto err; + } + + group = EC_KEY_get0_group(ec_key); + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + { + /* just set the OID */ + a->parameter->type = V_ASN1_OBJECT; + a->parameter->value.object = OBJ_nid2obj(nid); + } + else /* explicit parameters */ + { + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); + goto err; + } + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); + goto err; + } + pp = p; + if (!i2d_ECParameters(ec_key, &pp)) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); + OPENSSL_free(p); + goto err; + } + a->parameter->type = V_ASN1_SEQUENCE; + if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); + OPENSSL_free(p); + goto err; + } + ASN1_STRING_set(a->parameter->value.sequence, p, i); + OPENSSL_free(p); + } + } +#endif + else if (1) { X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); goto err; @@ -143,8 +228,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) } p=s; i2d_PublicKey(pkey,&p); - if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; - /* Set number of unused bits to zero */ + if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + /* Set number of unused bits to zero */ pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; @@ -159,12 +248,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) X509_PUBKEY_free(*x); *x=pk; - pk=NULL; - ok=1; + return 1; err: if (pk != NULL) X509_PUBKEY_free(pk); - return(ok); + return 0; } EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) @@ -172,8 +260,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) EVP_PKEY *ret=NULL; long j; int type; - unsigned char *p; -#ifndef OPENSSL_NO_DSA + const unsigned char *p; +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) const unsigned char *cp; X509_ALGOR *a; #endif @@ -181,40 +269,106 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) if (key == NULL) goto err; if (key->pkey != NULL) - { - CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - return(key->pkey); - } + { + CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + return(key->pkey); + } if (key->public_key == NULL) goto err; type=OBJ_obj2nid(key->algor->algorithm); - p=key->public_key->data; - j=key->public_key->length; - if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL) + if ((ret = EVP_PKEY_new()) == NULL) { - X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB); + X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); goto err; } - ret->save_parameters=0; + ret->type = EVP_PKEY_type(type); -#ifndef OPENSSL_NO_DSA + /* the parameters must be extracted before the public key (ECDSA!) */ + +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) a=key->algor; - if (ret->type == EVP_PKEY_DSA) +#endif + + if (0) + ; +#ifndef OPENSSL_NO_DSA + else if (ret->type == EVP_PKEY_DSA) { if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { + if ((ret->pkey.dsa = DSA_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); + goto err; + } ret->pkey.dsa->write_params=0; cp=p=a->parameter->value.sequence->data; j=a->parameter->value.sequence->length; - if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) + if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) goto err; } ret->save_parameters=1; } #endif - key->pkey=ret; - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifndef OPENSSL_NO_EC + else if (ret->type == EVP_PKEY_EC) + { + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) + { + /* type == V_ASN1_SEQUENCE => we have explicit parameters + * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) + */ + if ((ret->pkey.ec= EC_KEY_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_GET, + ERR_R_MALLOC_FAILURE); + goto err; + } + cp = p = a->parameter->value.sequence->data; + j = a->parameter->value.sequence->length; + if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) + { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); + goto err; + } + } + else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) + { + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + EC_KEY *ec_key; + EC_GROUP *group; + + if (ret->pkey.ec == NULL) + ret->pkey.ec = EC_KEY_new(); + ec_key = ret->pkey.ec; + if (ec_key == NULL) + goto err; + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); + if (group == NULL) + goto err; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(ec_key, group) == 0) + goto err; + EC_GROUP_free(group); + } + /* the case implicitlyCA is currently not implemented */ + ret->save_parameters = 1; + } +#endif + + p=key->public_key->data; + j=key->public_key->length; + if (!d2i_PublicKey(type, &ret, &p, (long)j)) + { + X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); + goto err; + } + + key->pkey = ret; + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); return(ret); err: if (ret != NULL) @@ -226,9 +380,9 @@ err: * and encode or decode as X509_PUBKEY */ -EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) -{ + { X509_PUBKEY *xpk; EVP_PKEY *pktmp; xpk = d2i_X509_PUBKEY(NULL, pp, length); @@ -236,15 +390,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, pktmp = X509_PUBKEY_get(xpk); X509_PUBKEY_free(xpk); if(!pktmp) return NULL; - if(a) { + if(a) + { EVP_PKEY_free(*a); *a = pktmp; - } + } return pktmp; -} + } int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) -{ + { X509_PUBKEY *xpk=NULL; int ret; if(!a) return 0; @@ -252,83 +407,125 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) ret = i2d_X509_PUBKEY(xpk, pp); X509_PUBKEY_free(xpk); return ret; -} + } /* The following are equivalents but which return RSA and DSA * keys */ #ifndef OPENSSL_NO_RSA -RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) -{ + { EVP_PKEY *pkey; RSA *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); - if(!pkey) return NULL; + if (!pkey) return NULL; key = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); - if(!key) return NULL; + if (!key) return NULL; *pp = q; - if(a) { + if (a) + { RSA_free(*a); *a = key; - } + } return key; -} + } int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) -{ + { EVP_PKEY *pktmp; int ret; - if(!a) return 0; + if (!a) return 0; pktmp = EVP_PKEY_new(); - if(!pktmp) { + if (!pktmp) + { ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); return 0; - } + } EVP_PKEY_set1_RSA(pktmp, a); ret = i2d_PUBKEY(pktmp, pp); EVP_PKEY_free(pktmp); return ret; -} + } #endif #ifndef OPENSSL_NO_DSA -DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) -{ + { EVP_PKEY *pkey; DSA *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); - if(!pkey) return NULL; + if (!pkey) return NULL; key = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); - if(!key) return NULL; + if (!key) return NULL; *pp = q; - if(a) { + if (a) + { DSA_free(*a); *a = key; - } + } return key; -} + } int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) -{ + { EVP_PKEY *pktmp; int ret; if(!a) return 0; pktmp = EVP_PKEY_new(); - if(!pktmp) { + if(!pktmp) + { ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); return 0; - } + } EVP_PKEY_set1_DSA(pktmp, a); ret = i2d_PUBKEY(pktmp, pp); EVP_PKEY_free(pktmp); return ret; -} + } +#endif + +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) + { + EVP_PKEY *pkey; + EC_KEY *key; + const unsigned char *q; + q = *pp; + pkey = d2i_PUBKEY(NULL, &q, length); + if (!pkey) return(NULL); + key = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_free(pkey); + if (!key) return(NULL); + *pp = q; + if (a) + { + EC_KEY_free(*a); + *a = key; + } + return(key); + } + +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) + { + EVP_PKEY *pktmp; + int ret; + if (!a) return(0); + if ((pktmp = EVP_PKEY_new()) == NULL) + { + ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); + return(0); + } + EVP_PKEY_set1_EC_KEY(pktmp, a); + ret = i2d_PUBKEY(pktmp, pp); + EVP_PKEY_free(pktmp); + return(ret); + } #endif diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/openssl/crypto/asn1/x_x509.c index b50167c..12d1a25 100644 --- a/crypto/openssl/crypto/asn1/x_x509.c +++ b/crypto/openssl/crypto/asn1/x_x509.c @@ -79,6 +79,8 @@ ASN1_SEQUENCE(X509_CINF) = { IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ +extern void policy_cache_free(X509_POLICY_CACHE *cache); + static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) { X509 *ret = (X509 *)*pval; @@ -106,6 +108,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) X509_CERT_AUX_free(ret->aux); ASN1_OCTET_STRING_free(ret->skid); AUTHORITY_KEYID_free(ret->akid); + policy_cache_free(ret->policy_cache); if (ret->name != NULL) OPENSSL_free(ret->name); break; @@ -125,11 +128,13 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { IMPLEMENT_ASN1_FUNCTIONS(X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509) -static ASN1_METHOD meth={ - (int (*)()) i2d_X509, - (char *(*)())d2i_X509, - (char *(*)())X509_new, - (void (*)()) X509_free}; +static ASN1_METHOD meth= + { + (I2D_OF(void)) i2d_X509, + (D2I_OF(void)) d2i_X509, + (void *(*)(void))X509_new, + (void (*)(void *)) X509_free + }; ASN1_METHOD *X509_asn1_meth(void) { @@ -161,9 +166,9 @@ void *X509_get_ex_data(X509 *r, int idx) * */ -X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length) +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) { - unsigned char *q; + const unsigned char *q; X509 *ret; /* Save start position */ q = *pp; diff --git a/crypto/openssl/crypto/asn1/x_x509a.c b/crypto/openssl/crypto/asn1/x_x509a.c index f244768..13db5fd 100644 --- a/crypto/openssl/crypto/asn1/x_x509a.c +++ b/crypto/openssl/crypto/asn1/x_x509a.c @@ -91,6 +91,14 @@ static X509_CERT_AUX *aux_get(X509 *x) int X509_alias_set1(X509 *x, unsigned char *name, int len) { X509_CERT_AUX *aux; + if (!name) + { + if (!x || !x->aux || !x->aux->alias) + return 1; + ASN1_UTF8STRING_free(x->aux->alias); + x->aux->alias = NULL; + return 1; + } if(!(aux = aux_get(x))) return 0; if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; return ASN1_STRING_set(aux->alias, name, len); @@ -99,6 +107,14 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len) int X509_keyid_set1(X509 *x, unsigned char *id, int len) { X509_CERT_AUX *aux; + if (!id) + { + if (!x || !x->aux || !x->aux->keyid) + return 1; + ASN1_OCTET_STRING_free(x->aux->keyid); + x->aux->keyid = NULL; + return 1; + } if(!(aux = aux_get(x))) return 0; if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; return ASN1_STRING_set(aux->keyid, id, len); @@ -111,6 +127,13 @@ unsigned char *X509_alias_get0(X509 *x, int *len) return x->aux->alias->data; } +unsigned char *X509_keyid_get0(X509 *x, int *len) +{ + if(!x->aux || !x->aux->keyid) return NULL; + if(len) *len = x->aux->keyid->length; + return x->aux->keyid->data; +} + int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) { X509_CERT_AUX *aux; @@ -149,3 +172,9 @@ void X509_reject_clear(X509 *x) } } +ASN1_SEQUENCE(X509_CERT_PAIR) = { + ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), + ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) +} ASN1_SEQUENCE_END(X509_CERT_PAIR) + +IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) diff --git a/crypto/openssl/crypto/bf/Makefile b/crypto/openssl/crypto/bf/Makefile index 0a2a443..8441954 100644 --- a/crypto/openssl/crypto/bf/Makefile +++ b/crypto/openssl/crypto/bf/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/blowfish/Makefile +# OpenSSL/crypto/blowfish/Makefile # DIR= bf @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -22,6 +17,7 @@ BF_ENC= bf_enc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=bftest.c @@ -48,20 +44,15 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s) - +# ELF +bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) +# COFF +bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) # a.out -asm/bx86-out.o: asm/bx86unix.cpp - $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o - -# bsdi -asm/bx86bsdi.o: asm/bx86unix.cpp - $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o - -asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp) +bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -71,10 +62,12 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) -install: installs - -installs: - @for i in $(EXHEADER) ; \ +# We need to use force because 'install' matches 'INSTALL' on case +# insensitive systems +FRC.install: +install: FRC.install + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -89,6 +82,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -96,7 +90,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/bf/bf_enc.c b/crypto/openssl/crypto/bf/bf_enc.c index b380acf..2d21d09 100644 --- a/crypto/openssl/crypto/bf/bf_enc.c +++ b/crypto/openssl/crypto/bf/bf_enc.c @@ -73,7 +73,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key) { #ifndef BF_PTR2 register BF_LONG l,r; - const register BF_LONG *p,*s; + register const BF_LONG *p,*s; p=key->P; s= &(key->S[0]); @@ -150,7 +150,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key) { #ifndef BF_PTR2 register BF_LONG l,r; - const register BF_LONG *p,*s; + register const BF_LONG *p,*s; p=key->P; s= &(key->S[0]); diff --git a/crypto/openssl/crypto/bf/bf_opts.c b/crypto/openssl/crypto/bf/bf_opts.c index 171dada..1721bb9 100644 --- a/crypto/openssl/crypto/bf/bf_opts.c +++ b/crypto/openssl/crypto/bf/bf_opts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/bf/bfspeed.c b/crypto/openssl/crypto/bf/bfspeed.c index f346af6..c41ef3b 100644 --- a/crypto/openssl/crypto/bf/bfspeed.c +++ b/crypto/openssl/crypto/bf/bfspeed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/bf/bftest.c b/crypto/openssl/crypto/bf/bftest.c index 24d526b..97e6634 100644 --- a/crypto/openssl/crypto/bf/bftest.c +++ b/crypto/openssl/crypto/bf/bftest.c @@ -62,6 +62,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_BF is defined */ #include "../e_os.h" @@ -277,6 +278,9 @@ int main(int argc, char *argv[]) else ret=test(); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(0); } diff --git a/crypto/openssl/crypto/bio/Makefile b/crypto/openssl/crypto/bio/Makefile index 7da9532..1ef6c2f 100644 --- a/crypto/openssl/crypto/bio/Makefile +++ b/crypto/openssl/crypto/bio/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/bio/Makefile +# OpenSSL/crypto/bio/Makefile # DIR= bio @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -26,19 +21,21 @@ LIBSRC= bio_lib.c bio_cb.c bio_err.c \ bss_mem.c bss_null.c bss_fd.c \ bss_file.c bss_sock.c bss_conn.c \ bf_null.c bf_buff.c b_print.c b_dump.c \ - b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c + b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \ + bss_dgram.c # bf_lbuf.c LIBOBJ= bio_lib.o bio_cb.o bio_err.o \ bss_mem.o bss_null.o bss_fd.o \ bss_file.o bss_sock.o bss_conn.o \ bf_null.o bf_buff.o b_print.o b_dump.o \ - b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o + b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o \ + bss_dgram.o # bf_lbuf.o SRC= $(LIBSRC) EXHEADER= bio.h -HEADER= bss_file.c $(EXHEADER) +HEADER= bio_lcl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -61,7 +58,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER); \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -76,6 +74,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -91,30 +90,30 @@ b_dump.o: ../../e_os.h ../../include/openssl/bio.h b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_dump.o: ../cryptlib.h b_dump.c +b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_print.o: ../cryptlib.h b_print.c +b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c b_sock.o: ../../e_os.h ../../include/openssl/bio.h b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_sock.o: ../cryptlib.h b_sock.c +b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c bf_buff.o: ../../e_os.h ../../include/openssl/bio.h bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_buff.o: ../cryptlib.h bf_buff.c +bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_buff.c bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -127,88 +126,96 @@ bf_null.o: ../../e_os.h ../../include/openssl/bio.h bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_null.o: ../cryptlib.h bf_null.c +bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_null.c bio_cb.o: ../../e_os.h ../../include/openssl/bio.h bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_cb.o: ../cryptlib.h bio_cb.c +bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_cb.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_cb.c bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_err.o: bio_err.c +bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_err.o: ../../include/openssl/symhacks.h bio_err.c bio_lib.o: ../../e_os.h ../../include/openssl/bio.h bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_lib.o: ../cryptlib.h bio_lib.c +bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lib.c bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_acpt.o: ../cryptlib.h bss_acpt.c +bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_acpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_acpt.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_acpt.c bss_bio.o: ../../e_os.h ../../include/openssl/bio.h bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c +bss_bio.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bss_bio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bss_bio.o: bss_bio.c bss_conn.o: ../../e_os.h ../../include/openssl/bio.h bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_conn.o: ../cryptlib.h bss_conn.c +bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_conn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_conn.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_conn.c +bss_dgram.o: ../../e_os.h ../../include/openssl/bio.h +bss_dgram.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bss_dgram.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bss_dgram.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bss_dgram.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_dgram.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_dgram.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_dgram.c bss_fd.o: ../../e_os.h ../../include/openssl/bio.h bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_fd.o: ../cryptlib.h bss_fd.c +bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c bss_file.o: ../../e_os.h ../../include/openssl/bio.h bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_file.o: ../cryptlib.h bss_file.c +bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c bss_log.o: ../../e_os.h ../../include/openssl/bio.h bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_log.o: ../cryptlib.h bss_log.c +bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_log.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_log.c bss_mem.o: ../../e_os.h ../../include/openssl/bio.h bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_mem.o: ../cryptlib.h bss_mem.c +bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_mem.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_mem.c bss_null.o: ../../e_os.h ../../include/openssl/bio.h bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_null.o: ../cryptlib.h bss_null.c +bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_null.c bss_sock.o: ../../e_os.h ../../include/openssl/bio.h bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_sock.o: ../cryptlib.h bss_sock.c +bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bss_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bss_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_sock.c diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/openssl/crypto/bio/b_dump.c index f671e72..c80ecc4 100644 --- a/crypto/openssl/crypto/bio/b_dump.c +++ b/crypto/openssl/crypto/bio/b_dump.c @@ -62,30 +62,32 @@ #include #include "cryptlib.h" -#include +#include "bio_lcl.h" #define TRUNCATE #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) -int BIO_dump(BIO *bio, const char *s, int len) +int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len) { - return BIO_dump_indent(bio, s, len, 0); + return BIO_dump_indent_cb(cb, u, s, len, 0); } -int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) +int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent) { int ret=0; char buf[288+1],tmp[20],str[128+1]; - int i,j,rows,trunc; + int i,j,rows,trc; unsigned char ch; int dump_width; - - trunc=0; - + + trc=0; + #ifdef TRUNCATE - for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) - trunc++; + for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) + trc++; #endif if (indent < 0) @@ -96,7 +98,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) memset(str,' ',indent); } str[indent]='\0'; - + dump_width=DUMP_WIDTH_LESS_INDENT(indent); rows=(len/dump_width); if ((rows*dump_width)=' ')&&(ch<='~'))?ch:'.'); + ((ch>=' ')&&(ch<='~'))?ch:'.'); #else BIO_snprintf(tmp,sizeof tmp,"%c", - ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) - ? os_toebcdic[ch] - : '.'); + ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) + ? os_toebcdic[ch] + : '.'); #endif BUF_strlcat(buf,tmp,sizeof buf); } BUF_strlcat(buf,"\n",sizeof buf); - /* if this is the last call then update the ddt_dump thing so that - * we will move the selection point in the debug window + /* if this is the last call then update the ddt_dump thing so + * that we will move the selection point in the debug window */ - ret+=BIO_write(bio,(char *)buf,strlen(buf)); + ret+=cb((void *)buf,strlen(buf),u); } #ifdef TRUNCATE - if (trunc > 0) + if (trc > 0) { BIO_snprintf(buf,sizeof buf,"%s%04x - \n",str, - len+trunc); - ret+=BIO_write(bio,(char *)buf,strlen(buf)); + len+trc); + ret+=cb((void *)buf,strlen(buf),u); } #endif return(ret); } + +#ifndef OPENSSL_NO_FP_API +static int write_fp(const void *data, size_t len, void *fp) + { + return UP_fwrite(data, len, 1, fp); + } +int BIO_dump_fp(FILE *fp, const char *s, int len) + { + return BIO_dump_cb(write_fp, fp, s, len); + } +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent) + { + return BIO_dump_indent_cb(write_fp, fp, s, len, indent); + } +#endif + +static int write_bio(const void *data, size_t len, void *bp) + { + return BIO_write((BIO *)bp, (const char *)data, len); + } +int BIO_dump(BIO *bp, const char *s, int len) + { + return BIO_dump_cb(write_bio, bp, s, len); + } +int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) + { + return BIO_dump_indent_cb(write_bio, bp, s, len, indent); + } + diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c index c2bb357..4857cfe 100644 --- a/crypto/openssl/crypto/bio/b_print.c +++ b/crypto/openssl/crypto/bio/b_print.c @@ -482,7 +482,7 @@ fmtint( int flags) { int signvalue = 0; - char *prefix = ""; + const char *prefix = ""; unsigned LLONG uvalue; char convert[DECIMAL_SIZE(value)+3]; int place = 0; @@ -513,8 +513,8 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < sizeof convert)); - if (place == sizeof convert) + } while (uvalue && (place < (int)sizeof(convert))); + if (place == sizeof(convert)) place--; convert[place] = 0; @@ -576,7 +576,7 @@ abs_val(LDOUBLE value) } static LDOUBLE -pow10(int in_exp) +pow_10(int in_exp) { LDOUBLE result = 1; while (in_exp) { @@ -619,6 +619,7 @@ fmtfp( int caps = 0; long intpart; long fracpart; + long max10; if (max < 0) max = 6; @@ -639,11 +640,12 @@ fmtfp( /* we "cheat" by converting the fractional part to integer by multiplying by a factor of 10 */ - fracpart = roundv((pow10(max)) * (ufvalue - intpart)); + max10 = roundv(pow_10(max)); + fracpart = roundv(pow_10(max) * (ufvalue - intpart)); - if (fracpart >= (long)pow10(max)) { + if (fracpart >= max10) { intpart++; - fracpart -= (long)pow10(max); + fracpart -= max10; } /* convert integer part */ @@ -652,7 +654,7 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < sizeof iconvert)); + } while (intpart && (iplace < (int)sizeof(iconvert))); if (iplace == sizeof iconvert) iplace--; iconvert[iplace] = 0; diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c index c851298..4b3860b 100644 --- a/crypto/openssl/crypto/bio/b_sock.c +++ b/crypto/openssl/crypto/bio/b_sock.c @@ -56,14 +56,17 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) +#include "netdb.h" +#endif + +#ifndef OPENSSL_NO_SOCK #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ @@ -79,7 +82,7 @@ #define MAX_LISTEN 32 #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) static int wsa_init_done=0; #endif @@ -473,6 +476,31 @@ int BIO_sock_init(void) if (sock_init()) return (-1); #endif + +#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))BIO_sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + SYSerr(SYS_F_WSASTARTUP,err); + BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP); + return(-1); + } + } +#endif + return(1); } @@ -487,6 +515,12 @@ void BIO_sock_cleanup(void) #endif WSACleanup(); } +#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } #endif } diff --git a/crypto/openssl/crypto/bio/bf_nbio.c b/crypto/openssl/crypto/bio/bf_nbio.c index 1ce2bfa..c72a23c 100644 --- a/crypto/openssl/crypto/bio/bf_nbio.c +++ b/crypto/openssl/crypto/bio/bf_nbio.c @@ -127,7 +127,7 @@ static int nbiof_read(BIO *b, char *out, int outl) { NBIO_TEST *nt; int ret=0; -#if 0 +#if 1 int num; unsigned char n; #endif @@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl) nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); -#if 0 +#if 1 RAND_pseudo_bytes(&n,1); num=(n&0x07); diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h index 2eb7038..07333cf 100644 --- a/crypto/openssl/crypto/bio/bio.h +++ b/crypto/openssl/crypto/bio/bio.h @@ -59,13 +59,14 @@ #ifndef HEADER_BIO_H #define HEADER_BIO_H +#include + #ifndef OPENSSL_NO_FP_API # include #endif #include #include -#include #ifdef __cplusplus extern "C" { @@ -93,6 +94,7 @@ extern "C" { #define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ +#define BIO_TYPE_DGRAM (21|0x0400|0x0100) #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ #define BIO_TYPE_FILTER 0x0200 @@ -124,6 +126,38 @@ extern "C" { #define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ +/* dgram BIO stuff */ +#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally + * connected socket to be + * passed in */ +#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ + +#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ +/* #endif */ + +#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for + * MTU. want to use this + * if asking the kernel + * fails */ + +#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU + * was exceed in the + * previous write + * operation */ + +#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ + + /* modifiers */ #define BIO_FP_READ 0x02 #define BIO_FP_WRITE 0x04 @@ -135,6 +169,11 @@ extern "C" { #define BIO_FLAGS_IO_SPECIAL 0x04 #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) #define BIO_FLAGS_SHOULD_RETRY 0x08 +#ifndef BIO_FLAGS_UPLINK +/* "UPLINK" flag denotes file descriptors provided by application. + It defaults to 0, as most platforms don't require UPLINK interface. */ +#define BIO_FLAGS_UPLINK 0 +#endif /* Used in BIO_gethostbyname() */ #define BIO_GHBN_CTRL_HITS 1 @@ -347,7 +386,6 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_C_NWRITE0 145 #define BIO_C_NWRITE 146 #define BIO_C_RESET_READ_REQUEST 147 -#define BIO_C_SET_MD_CTX 148 #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) @@ -488,6 +526,18 @@ size_t BIO_ctrl_get_write_guarantee(BIO *b); size_t BIO_ctrl_get_read_request(BIO *b); int BIO_ctrl_reset_read_request(BIO *b); +/* ctrl macros for dgram */ +#define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +#define BIO_ctrl_set_connected(b, state, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +#define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +#define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) + /* These two aren't currently implemented */ /* int BIO_get_ex_num(BIO *bio); */ /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ @@ -567,15 +617,28 @@ BIO_METHOD *BIO_f_buffer(void); BIO_METHOD *BIO_f_linebuffer(void); #endif BIO_METHOD *BIO_f_nbio_test(void); +#ifndef OPENSSL_NO_DGRAM +BIO_METHOD *BIO_s_datagram(void); +#endif + /* BIO_METHOD *BIO_f_ber(void); */ int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); +int BIO_dgram_non_fatal_error(int error); + int BIO_fd_should_retry(int i); int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); int BIO_dump(BIO *b,const char *bytes,int len); int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); - +#ifndef OPENSSL_NO_FP_API +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +#endif struct hostent *BIO_gethostbyname(const char *name); /* We might want a thread-safe interface too: * struct hostent *BIO_gethostbyname_r(const char *name, @@ -597,6 +660,7 @@ void BIO_sock_cleanup(void); int BIO_set_tcp_ndelay(int sock,int turn_on); BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_dgram(int fd, int close_flag); BIO *BIO_new_fd(int fd, int close_flag); BIO *BIO_new_connect(char *host_port); BIO *BIO_new_accept(char *host_port); @@ -612,10 +676,20 @@ void BIO_copy_next_retry(BIO *b); /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ -int BIO_printf(BIO *bio, const char *format, ...); -int BIO_vprintf(BIO *bio, const char *format, va_list args); -int BIO_snprintf(char *buf, size_t n, const char *format, ...); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); +#ifdef __GNUC__ +# define __bio_h__attr__ __attribute__ +#else +# define __bio_h__attr__(x) +#endif +int BIO_printf(BIO *bio, const char *format, ...) + __bio_h__attr__((__format__(__printf__,2,3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) + __bio_h__attr__((__format__(__printf__,2,0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) + __bio_h__attr__((__format__(__printf__,3,4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + __bio_h__attr__((__format__(__printf__,3,0))); +#undef __bio_h__attr__ /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -629,6 +703,7 @@ void ERR_load_BIO_strings(void); #define BIO_F_ACPT_STATE 100 #define BIO_F_BIO_ACCEPT 101 #define BIO_F_BIO_BER_GET_HEADER 102 +#define BIO_F_BIO_CALLBACK_CTRL 131 #define BIO_F_BIO_CTRL 103 #define BIO_F_BIO_GETHOSTBYNAME 120 #define BIO_F_BIO_GETS 104 diff --git a/crypto/openssl/crypto/bio/bio_err.c b/crypto/openssl/crypto/bio/bio_err.c index 68a119d..426f8d1 100644 --- a/crypto/openssl/crypto/bio/bio_err.c +++ b/crypto/openssl/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* crypto/bio/bio_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,73 +64,78 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) + static ERR_STRING_DATA BIO_str_functs[]= { -{ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"}, -{ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"}, -{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"}, -{ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"}, -{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"}, -{ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"}, -{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"}, -{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"}, -{ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"}, -{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"}, -{ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"}, -{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"}, -{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"}, -{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"}, -{ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"}, -{ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"}, -{ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"}, -{ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"}, -{ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"}, -{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"}, -{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"}, -{ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"}, -{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, -{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, -{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, -{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"}, -{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, -{ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, -{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, -{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"}, -{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"}, +{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, +{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, +{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, +{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, +{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, +{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, +{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, +{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, +{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, +{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, +{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, +{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, +{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, +{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, +{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, +{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, +{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, +{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, +{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, +{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, +{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, +{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, +{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, +{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, +{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, +{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, +{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, +{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, +{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, +{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, +{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, +{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, {0,NULL} }; static ERR_STRING_DATA BIO_str_reasons[]= { -{BIO_R_ACCEPT_ERROR ,"accept error"}, -{BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"}, -{BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"}, -{BIO_R_BROKEN_PIPE ,"broken pipe"}, -{BIO_R_CONNECT_ERROR ,"connect error"}, -{BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"}, -{BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"}, -{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"}, -{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"}, -{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"}, -{BIO_R_INVALID_ARGUMENT ,"invalid argument"}, -{BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"}, -{BIO_R_IN_USE ,"in use"}, -{BIO_R_KEEPALIVE ,"keepalive"}, -{BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"}, -{BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"}, -{BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"}, -{BIO_R_NO_PORT_DEFINED ,"no port defined"}, -{BIO_R_NO_PORT_SPECIFIED ,"no port specified"}, -{BIO_R_NO_SUCH_FILE ,"no such file"}, -{BIO_R_NULL_PARAMETER ,"null parameter"}, -{BIO_R_TAG_MISMATCH ,"tag mismatch"}, -{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"}, -{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"}, -{BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"}, -{BIO_R_UNINITIALIZED ,"uninitialized"}, -{BIO_R_UNSUPPORTED_METHOD ,"unsupported method"}, -{BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"}, -{BIO_R_WSASTARTUP ,"WSAStartup"}, +{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"}, +{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"}, +{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"}, +{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"}, +{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"}, +{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"}, +{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"}, +{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"}, +{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"}, +{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"}, +{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"}, +{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"}, +{ERR_REASON(BIO_R_IN_USE) ,"in use"}, +{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"}, +{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"}, +{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"}, +{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"}, +{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"}, +{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"}, +{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"}, +{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"}, +{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"}, +{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"}, +{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"}, +{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"}, +{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"}, +{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"}, +{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"}, +{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"}, {0,NULL} }; @@ -144,8 +149,8 @@ void ERR_load_BIO_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_BIO,BIO_str_functs); - ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons); + ERR_load_strings(0,BIO_str_functs); + ERR_load_strings(0,BIO_str_reasons); #endif } diff --git a/crypto/openssl/crypto/bio/bio_lcl.h b/crypto/openssl/crypto/bio/bio_lcl.h new file mode 100644 index 0000000..dba2919 --- /dev/null +++ b/crypto/openssl/crypto/bio/bio_lcl.h @@ -0,0 +1,28 @@ +#include + +#if BIO_FLAGS_UPLINK==0 +/* Shortcut UPLINK calls on most platforms... */ +#define UP_stdin stdin +#define UP_stdout stdout +#define UP_stderr stderr +#define UP_fprintf fprintf +#define UP_fgets fgets +#define UP_fread fread +#define UP_fwrite fwrite +#undef UP_fsetmod +#define UP_feof feof +#define UP_fclose fclose + +#define UP_fopen fopen +#define UP_fseek fseek +#define UP_ftell ftell +#define UP_fflush fflush +#define UP_ferror ferror +#define UP_fileno fileno + +#define UP_open open +#define UP_read read +#define UP_write write +#define UP_lseek lseek +#define UP_close close +#endif diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c index 692c8fb..dcc989f 100644 --- a/crypto/openssl/crypto/bio/bio_lib.c +++ b/crypto/openssl/crypto/bio/bio_lib.c @@ -144,7 +144,7 @@ void BIO_vfree(BIO *a) int BIO_read(BIO *b, void *out, int outl) { int i; - long (*cb)(); + long (*cb)(BIO *,int,const char *,int,long,long); if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) { @@ -176,7 +176,7 @@ int BIO_read(BIO *b, void *out, int outl) int BIO_write(BIO *b, const void *in, int inl) { int i; - long (*cb)(); + long (*cb)(BIO *,int,const char *,int,long,long); if (b == NULL) return(0); @@ -211,7 +211,7 @@ int BIO_write(BIO *b, const void *in, int inl) int BIO_puts(BIO *b, const char *in) { int i; - long (*cb)(); + long (*cb)(BIO *,int,const char *,int,long,long); if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { @@ -244,7 +244,7 @@ int BIO_puts(BIO *b, const char *in) int BIO_gets(BIO *b, char *in, int inl) { int i; - long (*cb)(); + long (*cb)(BIO *,int,const char *,int,long,long); if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { @@ -305,7 +305,7 @@ char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) { long ret; - long (*cb)(); + long (*cb)(BIO *,int,const char *,int,long,long); if (b == NULL) return(0); @@ -332,13 +332,13 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) { long ret; - long (*cb)(); + long (*cb)(BIO *,int,const char *,int,long,long); if (b == NULL) return(0); if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { - BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); + BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD); return(-2); } diff --git a/crypto/openssl/crypto/bio/bss_acpt.c b/crypto/openssl/crypto/bio/bss_acpt.c index 8ea1db1..d090b72 100644 --- a/crypto/openssl/crypto/bio/bss_acpt.c +++ b/crypto/openssl/crypto/bio/bss_acpt.c @@ -56,14 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c index f5d0e75..c147278 100644 --- a/crypto/openssl/crypto/bio/bss_conn.c +++ b/crypto/openssl/crypto/bio/bss_conn.c @@ -56,14 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else @@ -130,7 +130,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) int ret= -1,i; unsigned long l; char *p,*q; - int (*cb)()=NULL; + int (*cb)(const BIO *,int,int)=NULL; if (c->info_callback != NULL) cb=c->info_callback; @@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_DO_STATE_MACHINE: /* use this one to start the connection */ - if (!data->state != BIO_CONN_S_OK) + if (data->state != BIO_CONN_S_OK) ret=(long)conn_state(b,data); else ret=1; @@ -590,9 +590,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr)(); + int (**fptr)(const BIO *bio,int state,int xret); - fptr=(int (**)())ptr; + fptr=(int (**)(const BIO *bio,int state,int xret))ptr; *fptr=data->info_callback; } break; diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/openssl/crypto/bio/bss_dgram.c new file mode 100644 index 0000000..a0cb29b --- /dev/null +++ b/crypto/openssl/crypto/bio/bss_dgram.c @@ -0,0 +1,484 @@ +/* crypto/bio/bio_dgram.c */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef OPENSSL_NO_DGRAM + +#include +#include +#define USE_SOCKETS +#include "cryptlib.h" + +#include + +#define IP_MTU 14 /* linux is lame */ + +#ifdef WATT32 +#define sock_write SockWrite /* Watt-32 uses same names */ +#define sock_read SockRead +#define sock_puts SockPuts +#endif + +static int dgram_write(BIO *h, const char *buf, int num); +static int dgram_read(BIO *h, char *buf, int size); +static int dgram_puts(BIO *h, const char *str); +static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int dgram_new(BIO *h); +static int dgram_free(BIO *data); +static int dgram_clear(BIO *bio); + +int BIO_dgram_should_retry(int s); + +static BIO_METHOD methods_dgramp= + { + BIO_TYPE_DGRAM, + "datagram socket", + dgram_write, + dgram_read, + dgram_puts, + NULL, /* dgram_gets, */ + dgram_ctrl, + dgram_new, + dgram_free, + NULL, + }; + +typedef struct bio_dgram_data_st + { + struct sockaddr peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; + } bio_dgram_data; + +BIO_METHOD *BIO_s_datagram(void) + { + return(&methods_dgramp); + } + +BIO *BIO_new_dgram(int fd, int close_flag) + { + BIO *ret; + + ret=BIO_new(BIO_s_datagram()); + if (ret == NULL) return(NULL); + BIO_set_fd(ret,fd,close_flag); + return(ret); + } + +static int dgram_new(BIO *bi) + { + bio_dgram_data *data = NULL; + + bi->init=0; + bi->num=0; + data = OPENSSL_malloc(sizeof(bio_dgram_data)); + if (data == NULL) + return 0; + memset(data, 0x00, sizeof(bio_dgram_data)); + bi->ptr = data; + + bi->flags=0; + return(1); + } + +static int dgram_free(BIO *a) + { + bio_dgram_data *data; + + if (a == NULL) return(0); + if ( ! dgram_clear(a)) + return 0; + + data = (bio_dgram_data *)a->ptr; + if(data != NULL) OPENSSL_free(data); + + return(1); + } + +static int dgram_clear(BIO *a) + { + if (a == NULL) return(0); + if (a->shutdown) + { + if (a->init) + { + SHUTDOWN2(a->num); + } + a->init=0; + a->flags=0; + } + return(1); + } + +static int dgram_read(BIO *b, char *out, int outl) + { + int ret=0; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + + struct sockaddr peer; + int peerlen = sizeof(peer); + + if (out != NULL) + { + clear_socket_error(); + memset(&peer, 0x00, peerlen); + /* Last arg in recvfrom is signed on some platforms and + * unsigned on others. It is of type socklen_t on some + * but this is not universal. Cast to (void *) to avoid + * compiler warnings. + */ + ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen); + + if ( ! data->connected && ret > 0) + BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer); + + BIO_clear_retry_flags(b); + if (ret <= 0) + { + if (BIO_dgram_should_retry(ret)) + { + BIO_set_retry_read(b); + data->_errno = get_last_socket_error(); + } + } + } + return(ret); + } + +static int dgram_write(BIO *b, const char *in, int inl) + { + int ret; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + clear_socket_error(); + + if ( data->connected ) + ret=send(b->num,in,inl,0); + else + ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); + + BIO_clear_retry_flags(b); + if (ret <= 0) + { + if (BIO_sock_should_retry(ret)) + { + BIO_set_retry_write(b); + data->_errno = get_last_socket_error(); + +#if 0 /* higher layers are responsible for querying MTU, if necessary */ + if ( data->_errno == EMSGSIZE) + /* retrieve the new MTU */ + BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); +#endif + } + } + return(ret); + } + +static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + { + long ret=1; + int *ip; + struct sockaddr *to = NULL; + bio_dgram_data *data = NULL; + long sockopt_val = 0; + unsigned int sockopt_len = 0; + + data = (bio_dgram_data *)b->ptr; + + switch (cmd) + { + case BIO_CTRL_RESET: + num=0; + case BIO_C_FILE_SEEK: + ret=0; + break; + case BIO_C_FILE_TELL: + case BIO_CTRL_INFO: + ret=0; + break; + case BIO_C_SET_FD: + dgram_clear(b); + b->num= *((int *)ptr); + b->shutdown=(int)num; + b->init=1; + break; + case BIO_C_GET_FD: + if (b->init) + { + ip=(int *)ptr; + if (ip != NULL) *ip=b->num; + ret=b->num; + } + else + ret= -1; + break; + case BIO_CTRL_GET_CLOSE: + ret=b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown=(int)num; + break; + case BIO_CTRL_PENDING: + case BIO_CTRL_WPENDING: + ret=0; + break; + case BIO_CTRL_DUP: + case BIO_CTRL_FLUSH: + ret=1; + break; + case BIO_CTRL_DGRAM_CONNECT: + to = (struct sockaddr *)ptr; +#if 0 + if (connect(b->num, to, sizeof(struct sockaddr)) < 0) + { perror("connect"); ret = 0; } + else + { +#endif + memcpy(&(data->peer),to, sizeof(struct sockaddr)); +#if 0 + } +#endif + break; + /* (Linux)kernel sets DF bit on outgoing IP packets */ +#ifdef IP_MTU_DISCOVER + case BIO_CTRL_DGRAM_MTU_DISCOVER: + sockopt_val = IP_PMTUDISC_DO; + if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) + perror("setsockopt"); + break; +#endif + case BIO_CTRL_DGRAM_QUERY_MTU: + sockopt_len = sizeof(sockopt_val); + if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, + &sockopt_len)) < 0 || sockopt_val < 0) + { ret = 0; } + else + { + data->mtu = sockopt_val; + ret = data->mtu; + } + break; + case BIO_CTRL_DGRAM_GET_MTU: + return data->mtu; + break; + case BIO_CTRL_DGRAM_SET_MTU: + data->mtu = num; + ret = num; + break; + case BIO_CTRL_DGRAM_SET_CONNECTED: + to = (struct sockaddr *)ptr; + + if ( to != NULL) + { + data->connected = 1; + memcpy(&(data->peer),to, sizeof(struct sockaddr)); + } + else + { + data->connected = 0; + memset(&(data->peer), 0x00, sizeof(struct sockaddr)); + } + break; + case BIO_CTRL_DGRAM_SET_PEER: + to = (struct sockaddr *) ptr; + + memcpy(&(data->peer), to, sizeof(struct sockaddr)); + break; + case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: + if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, + sizeof(struct timeval)) < 0) + { perror("setsockopt"); ret = -1; } + break; + case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: + if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + ptr, (void *)&ret) < 0) + { perror("getsockopt"); ret = -1; } + break; + case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: + if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, + sizeof(struct timeval)) < 0) + { perror("setsockopt"); ret = -1; } + break; + case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: + if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + ptr, (void *)&ret) < 0) + { perror("getsockopt"); ret = -1; } + break; + case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: + /* fall-through */ + case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: + if ( data->_errno == EAGAIN) + { + ret = 1; + data->_errno = 0; + } + else + ret = 0; + break; +#ifdef EMSGSIZE + case BIO_CTRL_DGRAM_MTU_EXCEEDED: + if ( data->_errno == EMSGSIZE) + { + ret = 1; + data->_errno = 0; + } + else + ret = 0; + break; +#endif + default: + ret=0; + break; + } + return(ret); + } + +static int dgram_puts(BIO *bp, const char *str) + { + int n,ret; + + n=strlen(str); + ret=dgram_write(bp,str,n); + return(ret); + } + +int BIO_dgram_should_retry(int i) + { + int err; + + if ((i == 0) || (i == -1)) + { + err=get_last_socket_error(); + +#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ + if ((i == -1) && (err == 0)) + return(1); +#endif + + return(BIO_dgram_non_fatal_error(err)); + } + return(0); + } + +int BIO_dgram_non_fatal_error(int err) + { + switch (err) + { +#if defined(OPENSSL_SYS_WINDOWS) +# if defined(WSAEWOULDBLOCK) + case WSAEWOULDBLOCK: +# endif + +# if 0 /* This appears to always be an error */ +# if defined(WSAENOTCONN) + case WSAENOTCONN: +# endif +# endif +#endif + +#ifdef EWOULDBLOCK +# ifdef WSAEWOULDBLOCK +# if WSAEWOULDBLOCK != EWOULDBLOCK + case EWOULDBLOCK: +# endif +# else + case EWOULDBLOCK: +# endif +#endif + +#if defined(ENOTCONN) + case ENOTCONN: +#endif + +#ifdef EINTR + case EINTR: +#endif + +#ifdef EAGAIN +#if EWOULDBLOCK != EAGAIN + case EAGAIN: +# endif +#endif + +#ifdef EPROTO + case EPROTO: +#endif + +#ifdef EINPROGRESS + case EINPROGRESS: +#endif + +#ifdef EALREADY + case EALREADY: +#endif + +/* DF bit set, and packet larger than MTU */ +#ifdef EMSGSIZE + case EMSGSIZE: +#endif + + return(1); + /* break; */ + default: + break; + } + return(0); + } +#endif diff --git a/crypto/openssl/crypto/bio/bss_fd.c b/crypto/openssl/crypto/bio/bss_fd.c index 5e3e187..4c229bf 100644 --- a/crypto/openssl/crypto/bio/bss_fd.c +++ b/crypto/openssl/crypto/bio/bss_fd.c @@ -60,7 +60,19 @@ #include #define USE_SOCKETS #include "cryptlib.h" -#include +/* + * As for unconditional usage of "UPLINK" interface in this module. + * Trouble is that unlike Unix file descriptors [which are indexes + * in kernel-side per-process table], corresponding descriptors on + * platforms which require "UPLINK" interface seem to be indexes + * in a user-land, non-global table. Well, in fact they are indexes + * in stdio _iob[], and recall that _iob[] was the very reason why + * "UPLINK" interface was introduced in first place. But one way on + * another. Neither libcrypto or libssl use this BIO meaning that + * file descriptors can only be provided by application. Therefore + * "UPLINK" calls are due... + */ +#include "bio_lcl.h" static int fd_write(BIO *h, const char *buf, int num); static int fd_read(BIO *h, char *buf, int size); @@ -100,9 +112,9 @@ BIO *BIO_new_fd(int fd,int close_flag) static int fd_new(BIO *bi) { bi->init=0; - bi->num=0; + bi->num=-1; bi->ptr=NULL; - bi->flags=0; + bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */ return(1); } @@ -113,10 +125,10 @@ static int fd_free(BIO *a) { if (a->init) { - close(a->num); + UP_close(a->num); } a->init=0; - a->flags=0; + a->flags=BIO_FLAGS_UPLINK; } return(1); } @@ -128,7 +140,7 @@ static int fd_read(BIO *b, char *out,int outl) if (out != NULL) { clear_sys_error(); - ret=read(b->num,out,outl); + ret=UP_read(b->num,out,outl); BIO_clear_retry_flags(b); if (ret <= 0) { @@ -143,7 +155,7 @@ static int fd_write(BIO *b, const char *in, int inl) { int ret; clear_sys_error(); - ret=write(b->num,in,inl); + ret=UP_write(b->num,in,inl); BIO_clear_retry_flags(b); if (ret <= 0) { @@ -163,11 +175,11 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_RESET: num=0; case BIO_C_FILE_SEEK: - ret=(long)lseek(b->num,num,0); + ret=(long)UP_lseek(b->num,num,0); break; case BIO_C_FILE_TELL: case BIO_CTRL_INFO: - ret=(long)lseek(b->num,0,1); + ret=(long)UP_lseek(b->num,0,1); break; case BIO_C_SET_FD: fd_free(b); diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c index 4fe38ae..b277367 100644 --- a/crypto/openssl/crypto/bio/bss_file.c +++ b/crypto/openssl/crypto/bio/bss_file.c @@ -65,10 +65,28 @@ #ifndef HEADER_BSS_FILE_C #define HEADER_BSS_FILE_C +#if defined(__linux) || defined(__sun) || defined(__hpux) +/* Following definition aliases fopen to fopen64 on above mentioned + * platforms. This makes it possible to open and sequentially access + * files larger than 2GB from 32-bit application. It does not allow to + * traverse them beyond 2GB with fseek/ftell, but on the other hand *no* + * 32-bit platform permits that, not with fseek/ftell. Not to mention + * that breaking 2GB limit for seeking would require surgery to *our* + * API. But sequential access suffices for practical cases when you + * can run into large files, such as fingerprinting, so we can let API + * alone. For reference, the list of 32-bit platforms which allow for + * sequential access of large files without extra "magic" comprise *BSD, + * Darwin, IRIX... + */ +#ifndef _FILE_OFFSET_BITS +#define _FILE_OFFSET_BITS 64 +#endif +#endif + #include #include #include "cryptlib.h" -#include +#include "bio_lcl.h" #include #if !defined(OPENSSL_NO_STDIO) @@ -110,8 +128,12 @@ BIO *BIO_new_file(const char *filename, const char *mode) return(NULL); } if ((ret=BIO_new(BIO_s_file_internal())) == NULL) + { + fclose(file); return(NULL); + } + BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ BIO_set_fp(ret,file,BIO_CLOSE); return(ret); } @@ -123,6 +145,7 @@ BIO *BIO_new_fp(FILE *stream, int close_flag) if ((ret=BIO_new(BIO_s_file())) == NULL) return(NULL); + BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */ BIO_set_fp(ret,stream,close_flag); return(ret); } @@ -137,6 +160,7 @@ static int MS_CALLBACK file_new(BIO *bi) bi->init=0; bi->num=0; bi->ptr=NULL; + bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */ return(1); } @@ -147,8 +171,12 @@ static int MS_CALLBACK file_free(BIO *a) { if ((a->init) && (a->ptr != NULL)) { - fclose((FILE *)a->ptr); + if (a->flags&BIO_FLAGS_UPLINK) + UP_fclose (a->ptr); + else + fclose (a->ptr); a->ptr=NULL; + a->flags=BIO_FLAGS_UPLINK; } a->init=0; } @@ -161,8 +189,11 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl) if (b->init && (out != NULL)) { - ret=fread(out,1,(int)outl,(FILE *)b->ptr); - if(ret == 0 && ferror((FILE *)b->ptr)) + if (b->flags&BIO_FLAGS_UPLINK) + ret=UP_fread(out,1,(int)outl,b->ptr); + else + ret=fread(out,1,(int)outl,(FILE *)b->ptr); + if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr)) { SYSerr(SYS_F_FREAD,get_last_sys_error()); BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB); @@ -178,7 +209,11 @@ static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) if (b->init && (in != NULL)) { - if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) + if (b->flags&BIO_FLAGS_UPLINK) + ret=UP_fwrite(in,(int)inl,1,b->ptr); + else + ret=fwrite(in,(int)inl,1,(FILE *)b->ptr); + if (ret) ret=inl; /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ /* according to Tim Hudson , the commented @@ -199,20 +234,45 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) { case BIO_C_FILE_SEEK: case BIO_CTRL_RESET: - ret=(long)fseek(fp,num,0); + if (b->flags&BIO_FLAGS_UPLINK) + ret=(long)UP_fseek(b->ptr,num,0); + else + ret=(long)fseek(fp,num,0); break; case BIO_CTRL_EOF: - ret=(long)feof(fp); + if (b->flags&BIO_FLAGS_UPLINK) + ret=(long)UP_feof(fp); + else + ret=(long)feof(fp); break; case BIO_C_FILE_TELL: case BIO_CTRL_INFO: - ret=ftell(fp); + if (b->flags&BIO_FLAGS_UPLINK) + ret=UP_ftell(b->ptr); + else + ret=ftell(fp); break; case BIO_C_SET_FILE_PTR: file_free(b); b->shutdown=(int)num&BIO_CLOSE; - b->ptr=(char *)ptr; + b->ptr=ptr; b->init=1; +#if BIO_FLAGS_UPLINK!=0 +#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +#define _IOB_ENTRIES 20 +#endif +#if defined(_IOB_ENTRIES) + /* Safety net to catch purely internal BIO_set_fp calls */ + if ((size_t)ptr >= (size_t)stdin && + (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES)) + BIO_clear_flags(b,BIO_FLAGS_UPLINK); +#endif +#endif +#ifdef UP_fsetmode + if (b->flags&BIO_FLAGS_UPLINK) + UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b'); + else +#endif { #if defined(OPENSSL_SYS_WINDOWS) int fd = fileno((FILE*)ptr); @@ -220,6 +280,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) _setmode(fd,_O_TEXT); else _setmode(fd,_O_BINARY); +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) + int fd = fileno((FILE*)ptr); + /* Under CLib there are differences in file modes + */ + if (num & BIO_FP_TEXT) + _setmode(fd,O_TEXT); + else + _setmode(fd,O_BINARY); #elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE*)ptr); /* Set correct text/binary mode */ @@ -266,7 +334,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) + if (!(num & BIO_FP_TEXT)) + strcat(p,"b"); + else + strcat(p,"t"); +#endif +#if defined(OPENSSL_SYS_NETWARE) if (!(num & BIO_FP_TEXT)) strcat(p,"b"); else @@ -281,8 +355,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; } - b->ptr=(char *)fp; + b->ptr=fp; b->init=1; + BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ break; case BIO_C_GET_FILE_PTR: /* the ptr parameter is actually a FILE ** in this case. */ @@ -299,7 +374,10 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown=(int)num; break; case BIO_CTRL_FLUSH: - fflush((FILE *)b->ptr); + if (b->flags&BIO_FLAGS_UPLINK) + UP_fflush(b->ptr); + else + fflush((FILE *)b->ptr); break; case BIO_CTRL_DUP: ret=1; @@ -321,7 +399,10 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) int ret=0; buf[0]='\0'; - fgets(buf,size,(FILE *)bp->ptr); + if (bp->flags&BIO_FLAGS_UPLINK) + UP_fgets(buf,size,bp->ptr); + else + fgets(buf,size,(FILE *)bp->ptr); if (buf[0] != '\0') ret=strlen(buf); return(ret); diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c index 1eb678c..6360dbc 100644 --- a/crypto/openssl/crypto/bio/bss_log.c +++ b/crypto/openssl/crypto/bio/bss_log.c @@ -78,6 +78,8 @@ # include #elif defined(__ultrix) # include +#elif defined(OPENSSL_SYS_NETWARE) +# define NO_SYSLOG #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include #endif diff --git a/crypto/openssl/crypto/bio/bss_sock.c b/crypto/openssl/crypto/bio/bss_sock.c index 2c1c405..472dd75 100644 --- a/crypto/openssl/crypto/bio/bss_sock.c +++ b/crypto/openssl/crypto/bio/bss_sock.c @@ -56,8 +56,6 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS @@ -248,7 +246,7 @@ int BIO_sock_non_fatal_error(int err) { switch (err) { -#if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) # if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: # endif @@ -279,7 +277,7 @@ int BIO_sock_non_fatal_error(int err) #endif #ifdef EAGAIN -#if EWOULDBLOCK != EAGAIN +# if EWOULDBLOCK != EAGAIN case EAGAIN: # endif #endif @@ -302,4 +300,3 @@ int BIO_sock_non_fatal_error(int err) } return(0); } -#endif diff --git a/crypto/openssl/crypto/bn/Makefile b/crypto/openssl/crypto/bn/Makefile index 76ced9f..5c3e08f 100644 --- a/crypto/openssl/crypto/bn/Makefile +++ b/crypto/openssl/crypto/bn/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/bn/Makefile +# OpenSSL/crypto/bn/Makefile # DIR= bn @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -22,6 +17,7 @@ BN_ASM= bn_asm.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=bntest.c exptest.c @@ -31,12 +27,14 @@ LIB=$(TOP)/libcrypto.a LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ + bn_depr.c bn_const.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ - bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o + bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ + bn_depr.o bn_const.o SRC= $(LIBSRC) @@ -64,63 +62,52 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s) - -asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s) - +# ELF +bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@) +co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@) +# COFF +bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@) +co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@) # a.out -asm/bn86-out.o: asm/bn86unix.cpp - $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o - -asm/co86-out.o: asm/co86unix.cpp - $(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o - -# bsdi -asm/bn86bsdi.o: asm/bn86unix.cpp - $(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o - -asm/co86bsdi.o: asm/co86unix.cpp - $(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o - -asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp ) - -asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl cpp >co86unix.cpp ) - -asm/sparcv8.o: asm/sparcv8.S - -asm/sparcv8plus.o: asm/sparcv8plus.S - -# Old GNU assembler doesn't understand V9 instructions, so we -# hire /usr/ccs/bin/as to do the job. Note that option is called -# *-gcc27, but even gcc 2>=8 users may experience similar problem -# if they didn't bother to upgrade GNU assembler. Such users should -# not choose this option, but be adviced to *remove* GNU assembler -# or upgrade it. -asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S - $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \ - /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o - - -asm/ia64.o: asm/ia64.S - -# Some compiler drivers (most notably HP-UX and Intel C++) don't -# understand .S extension:-( I wish I could pipe output from cc -E, -# but it's too compiler driver/ABI dependent to cover with a single -# rule... -asm/ia64-cpp.o: asm/ia64.S - $(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s && \ - $(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s; \ - rm -f /tmp/ia64.$$$$.s - -asm/x86_64-gcc.o: asm/x86_64-gcc.c - -asm/pa-risc2W.o: asm/pa-risc2W.s - /usr/ccs/bin/as -o asm/pa-risc2W.o asm/pa-risc2W.s +bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@) +co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@) + +sparcv8.o: asm/sparcv8.S + $(CC) $(CFLAGS) -c asm/sparcv8.S +sparcv8plus.o: asm/sparcv8plus.S + $(CC) $(CFLAGS) -c asm/sparcv8plus.S + +bn-mips3.o: asm/mips3.s + @if [ "$(CC)" = "gcc" ]; then \ + ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \ + as -$$ABI -O -o $@ asm/mips3.s; \ + else $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi + +x86_64-gcc.o: asm/x86_64-gcc.c + $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c + +bn-ia64.s: asm/ia64.S + $(CC) $(CFLAGS) -E asm/ia64.S > $@ + +# GNU assembler fails to compile PA-RISC2 modules, insist on calling +# vendor assembler... +pa-risc2W.o: asm/pa-risc2W.s + /usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s +pa-risc2.o: asm/pa-risc2.s + /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s + +# ppc - AIX, Linux, MacOS X... +linux_ppc32.s: asm/ppc.pl; $(PERL) $< $@ +linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@ +aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ +aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ +osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -131,7 +118,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -154,6 +142,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -161,7 +150,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. @@ -169,101 +158,131 @@ bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h +bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h +bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h +bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h +bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h +bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h +bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h +bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_err.o: ../../include/openssl/symhacks.h bn_err.c +bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bn_err.o: bn_err.c bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h +bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h +bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h -bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h +bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h +bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h +bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c +bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c +bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c +bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c +bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c +bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c +bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -276,9 +295,9 @@ bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c +bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -291,34 +310,34 @@ bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c +bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c +bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c +bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c +bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c +bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/openssl/crypto/bn/asm/bn-586.pl index c4de4a2..26c2685 100644 --- a/crypto/openssl/crypto/bn/asm/bn-586.pl +++ b/crypto/openssl/crypto/bn/asm/bn-586.pl @@ -5,13 +5,18 @@ require "x86asm.pl"; &asm_init($ARGV[0],$0); +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + &bn_mul_add_words("bn_mul_add_words"); &bn_mul_words("bn_mul_words"); &bn_sqr_words("bn_sqr_words"); &bn_div_words("bn_div_words"); &bn_add_words("bn_add_words"); &bn_sub_words("bn_sub_words"); -#&bn_sub_part_words("bn_sub_part_words"); +&bn_sub_part_words("bn_sub_part_words"); &asm_finish(); @@ -19,7 +24,7 @@ sub bn_mul_add_words { local($name)=@_; - &function_begin($name,""); + &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); &comment(""); $Low="eax"; @@ -42,6 +47,83 @@ sub bn_mul_add_words &jz(&label("maw_finish")); + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt(&DWP(0,"eax"),26); + &jnc(&label("maw_loop")); + + &movd("mm0",$w); # mm0 = w + &pxor("mm1","mm1"); # mm1 = carry_in + + &set_label("maw_sse2_loop",0); + &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] + &paddq("mm1","mm3"); # mm1 = carry_in + r[0] + &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0] + &pmuludq("mm2","mm0"); # mm2 = w*a[0] + &movd("mm4",&DWP(4,$a,"",0)); # mm4 = a[1] + &pmuludq("mm4","mm0"); # mm4 = w*a[1] + &movd("mm6",&DWP(8,$a,"",0)); # mm6 = a[2] + &pmuludq("mm6","mm0"); # mm6 = w*a[2] + &movd("mm7",&DWP(12,$a,"",0)); # mm7 = a[3] + &pmuludq("mm7","mm0"); # mm7 = w*a[3] + &paddq("mm1","mm2"); # mm1 = carry_in + r[0] + w*a[0] + &movd("mm3",&DWP(4,$r,"",0)); # mm3 = r[1] + &paddq("mm3","mm4"); # mm3 = r[1] + w*a[1] + &movd("mm5",&DWP(8,$r,"",0)); # mm5 = r[2] + &paddq("mm5","mm6"); # mm5 = r[2] + w*a[2] + &movd("mm4",&DWP(12,$r,"",0)); # mm4 = r[3] + &paddq("mm7","mm4"); # mm7 = r[3] + w*a[3] + &movd(&DWP(0,$r,"",0),"mm1"); + &movd("mm2",&DWP(16,$a,"",0)); # mm2 = a[4] + &pmuludq("mm2","mm0"); # mm2 = w*a[4] + &psrlq("mm1",32); # mm1 = carry0 + &movd("mm4",&DWP(20,$a,"",0)); # mm4 = a[5] + &pmuludq("mm4","mm0"); # mm4 = w*a[5] + &paddq("mm1","mm3"); # mm1 = carry0 + r[1] + w*a[1] + &movd("mm6",&DWP(24,$a,"",0)); # mm6 = a[6] + &pmuludq("mm6","mm0"); # mm6 = w*a[6] + &movd(&DWP(4,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry1 + &movd("mm3",&DWP(28,$a,"",0)); # mm3 = a[7] + &add($a,32); + &pmuludq("mm3","mm0"); # mm3 = w*a[7] + &paddq("mm1","mm5"); # mm1 = carry1 + r[2] + w*a[2] + &movd("mm5",&DWP(16,$r,"",0)); # mm5 = r[4] + &paddq("mm2","mm5"); # mm2 = r[4] + w*a[4] + &movd(&DWP(8,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry2 + &paddq("mm1","mm7"); # mm1 = carry2 + r[3] + w*a[3] + &movd("mm5",&DWP(20,$r,"",0)); # mm5 = r[5] + &paddq("mm4","mm5"); # mm4 = r[5] + w*a[5] + &movd(&DWP(12,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry3 + &paddq("mm1","mm2"); # mm1 = carry3 + r[4] + w*a[4] + &movd("mm5",&DWP(24,$r,"",0)); # mm5 = r[6] + &paddq("mm6","mm5"); # mm6 = r[6] + w*a[6] + &movd(&DWP(16,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry4 + &paddq("mm1","mm4"); # mm1 = carry4 + r[5] + w*a[5] + &movd("mm5",&DWP(28,$r,"",0)); # mm5 = r[7] + &paddq("mm3","mm5"); # mm3 = r[7] + w*a[7] + &movd(&DWP(20,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry5 + &paddq("mm1","mm6"); # mm1 = carry5 + r[6] + w*a[6] + &movd(&DWP(24,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry6 + &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7] + &movd(&DWP(28,$r,"",0),"mm1"); + &add($r,32); + &psrlq("mm1",32); # mm1 = carry_out + + &sub("ecx",8); + &jnz(&label("maw_sse2_loop")); + + &movd($c,"mm1"); # c = carry_out + &emms(); + + &jmp(&label("maw_finish")); + } + &set_label("maw_loop",0); &mov(&swtmp(0),"ecx"); # diff --git a/crypto/openssl/crypto/bn/asm/ppc.pl b/crypto/openssl/crypto/bn/asm/ppc.pl new file mode 100644 index 0000000..08e0053 --- /dev/null +++ b/crypto/openssl/crypto/bn/asm/ppc.pl @@ -0,0 +1,2078 @@ +#!/usr/bin/env perl +# +# Implemented as a Perl wrapper as we want to support several different +# architectures with single file. We pick up the target based on the +# file name we are asked to generate. +# +# It should be noted though that this perl code is nothing like +# /crypto/perlasm/x86*. In this case perl is used pretty much +# as pre-processor to cover for platform differences in name decoration, +# linker tables, 32-/64-bit instruction sets... +# +# As you might know there're several PowerPC ABI in use. Most notably +# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs +# are similar enough to implement leaf(!) functions, which would be ABI +# neutral. And that's what you find here: ABI neutral leaf functions. +# In case you wonder what that is... +# +# AIX performance +# +# MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e. +# +# The following is the performance of 32-bit compiler +# generated code: +# +# OpenSSL 0.9.6c 21 dec 2001 +# built on: Tue Jun 11 11:06:51 EDT 2002 +# options:bn(64,32) ... +#compiler: cc -DTHREADS -DAIX -DB_ENDIAN -DBN_LLONG -O3 +# sign verify sign/s verify/s +#rsa 512 bits 0.0098s 0.0009s 102.0 1170.6 +#rsa 1024 bits 0.0507s 0.0026s 19.7 387.5 +#rsa 2048 bits 0.3036s 0.0085s 3.3 117.1 +#rsa 4096 bits 2.0040s 0.0299s 0.5 33.4 +#dsa 512 bits 0.0087s 0.0106s 114.3 94.5 +#dsa 1024 bits 0.0256s 0.0313s 39.0 32.0 +# +# Same bechmark with this assembler code: +# +#rsa 512 bits 0.0056s 0.0005s 178.6 2049.2 +#rsa 1024 bits 0.0283s 0.0015s 35.3 674.1 +#rsa 2048 bits 0.1744s 0.0050s 5.7 201.2 +#rsa 4096 bits 1.1644s 0.0179s 0.9 55.7 +#dsa 512 bits 0.0052s 0.0062s 191.6 162.0 +#dsa 1024 bits 0.0149s 0.0180s 67.0 55.5 +# +# Number of operations increases by at almost 75% +# +# Here are performance numbers for 64-bit compiler +# generated code: +# +# OpenSSL 0.9.6g [engine] 9 Aug 2002 +# built on: Fri Apr 18 16:59:20 EDT 2003 +# options:bn(64,64) ... +# compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3 +# sign verify sign/s verify/s +#rsa 512 bits 0.0028s 0.0003s 357.1 3844.4 +#rsa 1024 bits 0.0148s 0.0008s 67.5 1239.7 +#rsa 2048 bits 0.0963s 0.0028s 10.4 353.0 +#rsa 4096 bits 0.6538s 0.0102s 1.5 98.1 +#dsa 512 bits 0.0026s 0.0032s 382.5 313.7 +#dsa 1024 bits 0.0081s 0.0099s 122.8 100.6 +# +# Same benchmark with this assembler code: +# +#rsa 512 bits 0.0020s 0.0002s 510.4 6273.7 +#rsa 1024 bits 0.0088s 0.0005s 114.1 2128.3 +#rsa 2048 bits 0.0540s 0.0016s 18.5 622.5 +#rsa 4096 bits 0.3700s 0.0058s 2.7 171.0 +#dsa 512 bits 0.0016s 0.0020s 610.7 507.1 +#dsa 1024 bits 0.0047s 0.0058s 212.5 173.2 +# +# Again, performance increases by at about 75% +# +# Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code) +# OpenSSL 0.9.7c 30 Sep 2003 +# +# Original code. +# +#rsa 512 bits 0.0011s 0.0001s 906.1 11012.5 +#rsa 1024 bits 0.0060s 0.0003s 166.6 3363.1 +#rsa 2048 bits 0.0370s 0.0010s 27.1 982.4 +#rsa 4096 bits 0.2426s 0.0036s 4.1 280.4 +#dsa 512 bits 0.0010s 0.0012s 1038.1 841.5 +#dsa 1024 bits 0.0030s 0.0037s 329.6 269.7 +#dsa 2048 bits 0.0101s 0.0127s 98.9 78.6 +# +# Same benchmark with this assembler code: +# +#rsa 512 bits 0.0007s 0.0001s 1416.2 16645.9 +#rsa 1024 bits 0.0036s 0.0002s 274.4 5380.6 +#rsa 2048 bits 0.0222s 0.0006s 45.1 1589.5 +#rsa 4096 bits 0.1469s 0.0022s 6.8 449.6 +#dsa 512 bits 0.0006s 0.0007s 1664.2 1376.2 +#dsa 1024 bits 0.0018s 0.0023s 545.0 442.2 +#dsa 2048 bits 0.0061s 0.0075s 163.5 132.8 +# +# Performance increase of ~60% +# +# If you have comments or suggestions to improve code send +# me a note at schari@us.ibm.com +# + +$opf = shift; + +if ($opf =~ /32\.s/) { + $BITS= 32; + $BNSZ= $BITS/8; + $ISA= "\"ppc\""; + + $LD= "lwz"; # load + $LDU= "lwzu"; # load and update + $ST= "stw"; # store + $STU= "stwu"; # store and update + $UMULL= "mullw"; # unsigned multiply low + $UMULH= "mulhwu"; # unsigned multiply high + $UDIV= "divwu"; # unsigned divide + $UCMPI= "cmplwi"; # unsigned compare with immediate + $UCMP= "cmplw"; # unsigned compare + $CNTLZ= "cntlzw"; # count leading zeros + $SHL= "slw"; # shift left + $SHR= "srw"; # unsigned shift right + $SHRI= "srwi"; # unsigned shift right by immediate + $SHLI= "slwi"; # shift left by immediate + $CLRU= "clrlwi"; # clear upper bits + $INSR= "insrwi"; # insert right + $ROTL= "rotlwi"; # rotate left by immediate + $TR= "tw"; # conditional trap +} elsif ($opf =~ /64\.s/) { + $BITS= 64; + $BNSZ= $BITS/8; + $ISA= "\"ppc64\""; + + # same as above, but 64-bit mnemonics... + $LD= "ld"; # load + $LDU= "ldu"; # load and update + $ST= "std"; # store + $STU= "stdu"; # store and update + $UMULL= "mulld"; # unsigned multiply low + $UMULH= "mulhdu"; # unsigned multiply high + $UDIV= "divdu"; # unsigned divide + $UCMPI= "cmpldi"; # unsigned compare with immediate + $UCMP= "cmpld"; # unsigned compare + $CNTLZ= "cntlzd"; # count leading zeros + $SHL= "sld"; # shift left + $SHR= "srd"; # unsigned shift right + $SHRI= "srdi"; # unsigned shift right by immediate + $SHLI= "sldi"; # shift left by immediate + $CLRU= "clrldi"; # clear upper bits + $INSR= "insrdi"; # insert right + $ROTL= "rotldi"; # rotate left by immediate + $TR= "td"; # conditional trap +} else { die "nonsense $opf"; } + +( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!"; + +# function entry points from the AIX code +# +# There are other, more elegant, ways to handle this. We (IBM) chose +# this approach as it plays well with scripts we run to 'namespace' +# OpenSSL .i.e. we add a prefix to all the public symbols so we can +# co-exist in the same process with other implementations of OpenSSL. +# 'cleverer' ways of doing these substitutions tend to hide data we +# need to be obvious. +# +my @items = ("bn_sqr_comba4", + "bn_sqr_comba8", + "bn_mul_comba4", + "bn_mul_comba8", + "bn_sub_words", + "bn_add_words", + "bn_div_words", + "bn_sqr_words", + "bn_mul_words", + "bn_mul_add_words"); + +if ($opf =~ /linux/) { do_linux(); } +elsif ($opf =~ /aix/) { do_aix(); } +elsif ($opf =~ /osx/) { do_osx(); } +else { do_bsd(); } + +sub do_linux { + $d=&data(); + + if ($BITS==64) { + foreach $t (@items) { + $d =~ s/\.$t:/\ +\t.section\t".opd","aw"\ +\t.align\t3\ +\t.globl\t$t\ +$t:\ +\t.quad\t.$t,.TOC.\@tocbase,0\ +\t.size\t$t,24\ +\t.previous\n\ +\t.type\t.$t,\@function\ +\t.globl\t.$t\ +.$t:/g; + } + } + else { + foreach $t (@items) { + $d=~s/\.$t/$t/g; + } + } + # hide internal labels to avoid pollution of name table... + $d=~s/Lppcasm_/.Lppcasm_/gm; + print $d; +} + +sub do_aix { + # AIX assembler is smart enough to please the linker without + # making us do something special... + print &data(); +} + +# MacOSX 32 bit +sub do_osx { + $d=&data(); + # Change the bn symbol prefix from '.' to '_' + foreach $t (@items) { + $d=~s/\.$t/_$t/g; + } + # Change .machine to something OS X asm will accept + $d=~s/\.machine.*/.text/g; + $d=~s/\#/;/g; # change comment from '#' to ';' + print $d; +} + +# BSD (Untested) +sub do_bsd { + $d=&data(); + foreach $t (@items) { + $d=~s/\.$t/_$t/g; + } + print $d; +} + +sub data { + local($data)=< 0 then result !=0 + # In either case carry bit is set. + bc BO_IF,CR0_EQ,Lppcasm_sub_adios + addi r4,r4,-$BNSZ + addi r3,r3,-$BNSZ + addi r5,r5,-$BNSZ + mtctr r6 +Lppcasm_sub_mainloop: + $LDU r7,$BNSZ(r4) + $LDU r8,$BNSZ(r5) + subfe r6,r8,r7 # r6 = r7+carry bit + onescomplement(r8) + # if carry = 1 this is r7-r8. Else it + # is r7-r8 -1 as we need. + $STU r6,$BNSZ(r3) + bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop +Lppcasm_sub_adios: + subfze r3,r0 # if carry bit is set then r3 = 0 else -1 + andi. r3,r3,1 # keep only last bit. + bclr BO_ALWAYS,CR0_LT + .long 0x00000000 + + +# +# NOTE: The following label name should be changed to +# "bn_add_words" i.e. remove the first dot +# for the gcc compiler. This should be automatically +# done in the build +# + +.align 4 +.bn_add_words: +# +# Handcoded version of bn_add_words +# +#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +# +# r3 = r +# r4 = a +# r5 = b +# r6 = n +# +# Note: No loop unrolling done since this is not a performance +# critical loop. + + xor r0,r0,r0 +# +# check for r6 = 0. Is this needed? +# + addic. r6,r6,0 #test r6 and clear carry bit. + bc BO_IF,CR0_EQ,Lppcasm_add_adios + addi r4,r4,-$BNSZ + addi r3,r3,-$BNSZ + addi r5,r5,-$BNSZ + mtctr r6 +Lppcasm_add_mainloop: + $LDU r7,$BNSZ(r4) + $LDU r8,$BNSZ(r5) + adde r8,r7,r8 + $STU r8,$BNSZ(r3) + bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop +Lppcasm_add_adios: + addze r3,r0 #return carry bit. + bclr BO_ALWAYS,CR0_LT + .long 0x00000000 + +# +# NOTE: The following label name should be changed to +# "bn_div_words" i.e. remove the first dot +# for the gcc compiler. This should be automatically +# done in the build +# + +.align 4 +.bn_div_words: +# +# This is a cleaned up version of code generated by +# the AIX compiler. The only optimization is to use +# the PPC instruction to count leading zeros instead +# of call to num_bits_word. Since this was compiled +# only at level -O2 we can possibly squeeze it more? +# +# r3 = h +# r4 = l +# r5 = d + + $UCMPI 0,r5,0 # compare r5 and 0 + bc BO_IF_NOT,CR0_EQ,Lppcasm_div1 # proceed if d!=0 + li r3,-1 # d=0 return -1 + bclr BO_ALWAYS,CR0_LT +Lppcasm_div1: + xor r0,r0,r0 #r0=0 + li r8,$BITS + $CNTLZ. r7,r5 #r7 = num leading 0s in d. + bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros + subf r8,r7,r8 #r8 = BN_num_bits_word(d) + $SHR. r9,r3,r8 #are there any bits above r8'th? + $TR 16,r9,r0 #if there're, signal to dump core... +Lppcasm_div2: + $UCMP 0,r3,r5 #h>=d? + bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not + subf r3,r5,r3 #h-=d ; +Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i + cmpi 0,0,r7,0 # is (i == 0)? + bc BO_IF,CR0_EQ,Lppcasm_div4 + $SHL r3,r3,r7 # h = (h<< i) + $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) + $SHL r5,r5,r7 # d<<=i + or r3,r3,r8 # h = (h<>(BN_BITS2-i)) + $SHL r4,r4,r7 # l <<=i +Lppcasm_div4: + $SHRI r9,r5,`$BITS/2` # r9 = dh + # dl will be computed when needed + # as it saves registers. + li r6,2 #r6=2 + mtctr r6 #counter will be in count. +Lppcasm_divouterloop: + $SHRI r8,r3,`$BITS/2` #r8 = (h>>BN_BITS4) + $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 + # compute here for innerloop. + $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh + bc BO_IF_NOT,CR0_EQ,Lppcasm_div5 # goto Lppcasm_div5 if not + + li r8,-1 + $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l + b Lppcasm_div6 +Lppcasm_div5: + $UDIV r8,r3,r9 #q = h/dh +Lppcasm_div6: + $UMULL r12,r9,r8 #th = q*dh + $CLRU r10,r5,`$BITS/2` #r10=dl + $UMULL r6,r8,r10 #tl = q*dl + +Lppcasm_divinnerloop: + subf r10,r12,r3 #t = h -th + $SHRI r7,r10,`$BITS/2` #r7= (t &BN_MASK2H), sort of... + addic. r7,r7,0 #test if r7 == 0. used below. + # now want to compute + # r7 = (t<>BN_BITS4) + # the following 2 instructions do that + $SHLI r7,r10,`$BITS/2` # r7 = (t<>BN_BITS4) + $UCMP 1,r6,r7 # compare (tl <= r7) + bc BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit + bc BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit + addi r8,r8,-1 #q-- + subf r12,r9,r12 #th -=dh + $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. + subf r6,r10,r6 #tl -=dl + b Lppcasm_divinnerloop +Lppcasm_divinnerexit: + $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) + $SHLI r11,r6,`$BITS/2` #tl=(tl<=tl) goto Lppcasm_div7 + addi r12,r12,1 # th++ +Lppcasm_div7: + subf r11,r11,r4 #r11=l-tl + $UCMP 1,r3,r12 #compare h and th + bc BO_IF_NOT,CR1_FX,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 + addi r8,r8,-1 # q-- + add r3,r5,r3 # h+=d +Lppcasm_div8: + subf r12,r12,r3 #r12 = h-th + $SHLI r4,r11,`$BITS/2` #l=(l&BN_MASK2l)<>BN_BITS4))&BN_MASK2 + # the following 2 instructions will do this. + $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. + $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 + bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ; + $SHLI r0,r8,`$BITS/2` #ret =q<> 2 + bc BO_IF,CR0_EQ,Lppcasm_mw_REM + mtctr r7 +Lppcasm_mw_LOOP: + #mul(rp[0],ap[0],w,c1); + $LD r8,`0*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + #addze r10,r10 #carry is NOT ignored. + #will be taken care of + #in second spin below + #using adde. + $ST r9,`0*$BNSZ`(r3) + #mul(rp[1],ap[1],w,c1); + $LD r8,`1*$BNSZ`(r4) + $UMULL r11,r6,r8 + $UMULH r12,r6,r8 + adde r11,r11,r10 + #addze r12,r12 + $ST r11,`1*$BNSZ`(r3) + #mul(rp[2],ap[2],w,c1); + $LD r8,`2*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + adde r9,r9,r12 + #addze r10,r10 + $ST r9,`2*$BNSZ`(r3) + #mul_add(rp[3],ap[3],w,c1); + $LD r8,`3*$BNSZ`(r4) + $UMULL r11,r6,r8 + $UMULH r12,r6,r8 + adde r11,r11,r10 + addze r12,r12 #this spin we collect carry into + #r12 + $ST r11,`3*$BNSZ`(r3) + + addi r3,r3,`4*$BNSZ` + addi r4,r4,`4*$BNSZ` + bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP + +Lppcasm_mw_REM: + andi. r5,r5,0x3 + bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + #mul(rp[0],ap[0],w,c1); + $LD r8,`0*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + addze r10,r10 + $ST r9,`0*$BNSZ`(r3) + addi r12,r10,0 + + addi r5,r5,-1 + cmpli 0,0,r5,0 + bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + + + #mul(rp[1],ap[1],w,c1); + $LD r8,`1*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + addze r10,r10 + $ST r9,`1*$BNSZ`(r3) + addi r12,r10,0 + + addi r5,r5,-1 + cmpli 0,0,r5,0 + bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + + #mul_add(rp[2],ap[2],w,c1); + $LD r8,`2*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + addze r10,r10 + $ST r9,`2*$BNSZ`(r3) + addi r12,r10,0 + +Lppcasm_mw_OVER: + addi r3,r12,0 + bclr BO_ALWAYS,CR0_LT + .long 0x00000000 + +# +# NOTE: The following label name should be changed to +# "bn_mul_add_words" i.e. remove the first dot +# for the gcc compiler. This should be automatically +# done in the build +# + +.align 4 +.bn_mul_add_words: +# +# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +# +# r3 = rp +# r4 = ap +# r5 = num +# r6 = w +# +# empirical evidence suggests that unrolled version performs best!! +# + xor r0,r0,r0 #r0 = 0 + xor r12,r12,r12 #r12 = 0 . used for carry + rlwinm. r7,r5,30,2,31 # num >> 2 + bc BO_IF,CR0_EQ,Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover + mtctr r7 +Lppcasm_maw_mainloop: + #mul_add(rp[0],ap[0],w,c1); + $LD r8,`0*$BNSZ`(r4) + $LD r11,`0*$BNSZ`(r3) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 #r12 is carry. + addze r10,r10 + addc r9,r9,r11 + #addze r10,r10 + #the above instruction addze + #is NOT needed. Carry will NOT + #be ignored. It's not affected + #by multiply and will be collected + #in the next spin + $ST r9,`0*$BNSZ`(r3) + + #mul_add(rp[1],ap[1],w,c1); + $LD r8,`1*$BNSZ`(r4) + $LD r9,`1*$BNSZ`(r3) + $UMULL r11,r6,r8 + $UMULH r12,r6,r8 + adde r11,r11,r10 #r10 is carry. + addze r12,r12 + addc r11,r11,r9 + #addze r12,r12 + $ST r11,`1*$BNSZ`(r3) + + #mul_add(rp[2],ap[2],w,c1); + $LD r8,`2*$BNSZ`(r4) + $UMULL r9,r6,r8 + $LD r11,`2*$BNSZ`(r3) + $UMULH r10,r6,r8 + adde r9,r9,r12 + addze r10,r10 + addc r9,r9,r11 + #addze r10,r10 + $ST r9,`2*$BNSZ`(r3) + + #mul_add(rp[3],ap[3],w,c1); + $LD r8,`3*$BNSZ`(r4) + $UMULL r11,r6,r8 + $LD r9,`3*$BNSZ`(r3) + $UMULH r12,r6,r8 + adde r11,r11,r10 + addze r12,r12 + addc r11,r11,r9 + addze r12,r12 + $ST r11,`3*$BNSZ`(r3) + addi r3,r3,`4*$BNSZ` + addi r4,r4,`4*$BNSZ` + bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop + +Lppcasm_maw_leftover: + andi. r5,r5,0x3 + bc BO_IF,CR0_EQ,Lppcasm_maw_adios + addi r3,r3,-$BNSZ + addi r4,r4,-$BNSZ + #mul_add(rp[0],ap[0],w,c1); + mtctr r5 + $LDU r8,$BNSZ(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + $LDU r11,$BNSZ(r3) + addc r9,r9,r11 + addze r10,r10 + addc r9,r9,r12 + addze r12,r10 + $ST r9,0(r3) + + bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + #mul_add(rp[1],ap[1],w,c1); + $LDU r8,$BNSZ(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + $LDU r11,$BNSZ(r3) + addc r9,r9,r11 + addze r10,r10 + addc r9,r9,r12 + addze r12,r10 + $ST r9,0(r3) + + bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + #mul_add(rp[2],ap[2],w,c1); + $LDU r8,$BNSZ(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + $LDU r11,$BNSZ(r3) + addc r9,r9,r11 + addze r10,r10 + addc r9,r9,r12 + addze r12,r10 + $ST r9,0(r3) + +Lppcasm_maw_adios: + addi r3,r12,0 + bclr BO_ALWAYS,CR0_LT + .long 0x00000000 + .align 4 +EOF + $data =~ s/\`([^\`]*)\`/eval $1/gem; + + # if some assembler chokes on some simplified mnemonic, + # this is the spot to fix it up, e.g.: + # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare + $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm; + # assembler X doesn't accept li, load immediate value + #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm; + return($data); +} diff --git a/crypto/openssl/crypto/bn/asm/sparcv8plus.S b/crypto/openssl/crypto/bn/asm/sparcv8plus.S index 0074dfd..8c56e2e 100644 --- a/crypto/openssl/crypto/bn/asm/sparcv8plus.S +++ b/crypto/openssl/crypto/bn/asm/sparcv8plus.S @@ -162,10 +162,14 @@ * BN_ULONG w; */ bn_mul_add_words: + sra %o2,%g0,%o2 ! signx %o2 brgz,a %o2,.L_bn_mul_add_words_proceed lduw [%o1],%g2 retl clr %o0 + nop + nop + nop .L_bn_mul_add_words_proceed: srl %o3,%g0,%o3 ! clruw %o3 @@ -260,10 +264,14 @@ bn_mul_add_words: * BN_ULONG w; */ bn_mul_words: + sra %o2,%g0,%o2 ! signx %o2 brgz,a %o2,.L_bn_mul_words_proceeed lduw [%o1],%g2 retl clr %o0 + nop + nop + nop .L_bn_mul_words_proceeed: srl %o3,%g0,%o3 ! clruw %o3 @@ -344,10 +352,14 @@ bn_mul_words: * int n; */ bn_sqr_words: + sra %o2,%g0,%o2 ! signx %o2 brgz,a %o2,.L_bn_sqr_words_proceeed lduw [%o1],%g2 retl clr %o0 + nop + nop + nop .L_bn_sqr_words_proceeed: andcc %o2,-4,%g0 @@ -445,6 +457,7 @@ bn_div_words: * int n; */ bn_add_words: + sra %o3,%g0,%o3 ! signx %o3 brgz,a %o3,.L_bn_add_words_proceed lduw [%o1],%o4 retl @@ -454,7 +467,6 @@ bn_add_words: andcc %o3,-4,%g0 bz,pn %icc,.L_bn_add_words_tail addcc %g0,0,%g0 ! clear carry flag - nop .L_bn_add_words_loop: ! wow! 32 aligned! dec 4,%o3 @@ -523,6 +535,7 @@ bn_add_words: * int n; */ bn_sub_words: + sra %o3,%g0,%o3 ! signx %o3 brgz,a %o3,.L_bn_sub_words_proceed lduw [%o1],%o4 retl @@ -532,7 +545,6 @@ bn_sub_words: andcc %o3,-4,%g0 bz,pn %icc,.L_bn_sub_words_tail addcc %g0,0,%g0 ! clear carry flag - nop .L_bn_sub_words_loop: ! wow! 32 aligned! dec 4,%o3 diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c index 450e8e4..7378344 100644 --- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c @@ -13,20 +13,42 @@ * A. Well, that's because this code is basically a quick-n-dirty * proof-of-concept hack. As you can see it's implemented with * inline assembler, which means that you're bound to GCC and that - * there must be a room for fine-tuning. + * there might be enough room for further improvement. * * Q. Why inline assembler? - * A. x86_64 features own ABI I'm not familiar with. Which is why - * I decided to let the compiler take care of subroutine - * prologue/epilogue as well as register allocation. + * A. x86_64 features own ABI which I'm not familiar with. This is + * why I decided to let the compiler take care of subroutine + * prologue/epilogue as well as register allocation. For reference. + * Win64 implements different ABI for AMD64, different from Linux. * * Q. How much faster does it get? - * A. Unfortunately people sitting on x86_64 hardware are prohibited - * to disclose the performance numbers, so they (SuSE labs to be - * specific) wouldn't tell me. However! Very similar coding technique - * (reaching out for 128-bit result from 64x64-bit multiplication) - * results in >3 times performance improvement on MIPS and I see no - * reason why gain on x86_64 would be so much different:-) + * A. 'apps/openssl speed rsa dsa' output with no-asm: + * + * sign verify sign/s verify/s + * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 + * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 + * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 + * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 + * sign verify sign/s verify/s + * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 + * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 + * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 + * + * 'apps/openssl speed rsa dsa' output with this module: + * + * sign verify sign/s verify/s + * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 + * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 + * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 + * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 + * sign verify sign/s verify/s + * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 + * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 + * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 + * + * For the reference. IA-32 assembler implementation performs + * very much like 64-bit code compiled with no-asm on the same + * machine. */ #define BN_ULONG unsigned long @@ -151,7 +173,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) } BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) -{ BN_ULONG ret,i; +{ BN_ULONG ret=0,i=0; if (n <= 0) return 0; @@ -164,7 +186,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" - : "+a"(ret),"+c"(n),"+r"(i) + : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) : "cc" ); @@ -174,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) #ifndef SIMICS BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) -{ BN_ULONG ret,i; +{ BN_ULONG ret=0,i=0; if (n <= 0) return 0; @@ -187,7 +209,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" - : "+a"(ret),"+c"(n),"+r"(i) + : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) : "cc" ); @@ -318,7 +340,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -423,7 +444,6 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -464,7 +484,6 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -541,7 +560,6 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) { - BN_ULONG bl,bh; BN_ULONG t1,t2; BN_ULONG c1,c2,c3; diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h index 3da6d8c..95c5d64 100644 --- a/crypto/openssl/crypto/bn/bn.h +++ b/crypto/openssl/crypto/bn/bn.h @@ -55,6 +55,19 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #ifndef HEADER_BN_H #define HEADER_BN_H @@ -63,14 +76,23 @@ #ifndef OPENSSL_NO_FP_API #include /* FILE */ #endif +#include #ifdef __cplusplus extern "C" { #endif -#ifdef OPENSSL_SYS_VMS -#undef BN_LLONG /* experimental, so far... */ -#endif +/* These preprocessor symbols control various aspects of the bignum headers and + * library code. They're not defined by any "normal" configuration, as they are + * intended for development and testing purposes. NB: defining all three can be + * useful for debugging application code as well as openssl itself. + * + * BN_DEBUG - turn on various debugging alterations to the bignum code + * BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ #define BN_MUL_COMBA #define BN_SQR_COMBA @@ -143,10 +165,12 @@ extern "C" { #endif #ifdef THIRTY_TWO_BIT -#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -#define BN_ULLONG unsigned _int64 -#else -#define BN_ULLONG unsigned long long +#ifdef BN_LLONG +# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# else +# define BN_ULLONG unsigned long long +# endif #endif #define BN_ULONG unsigned long #define BN_LONG long @@ -219,17 +243,39 @@ extern "C" { #define BN_DEFAULT_BITS 1280 -#ifdef BIGNUM -#undef BIGNUM -#endif - #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +#ifndef OPENSSL_NO_DEPRECATED #define BN_FLG_FREE 0x8000 /* used for debuging */ +#endif #define BN_set_flags(b,n) ((b)->flags|=(n)) #define BN_get_flags(b,n) ((b)->flags&(n)) -typedef struct bignum_st +/* get a clone of a BIGNUM with changed flags, for *temporary* use only + * (the two BIGNUMs cannot not be used in parallel!) */ +#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ + (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ + | ((b)->flags & ~BN_FLG_MALLOCED) \ + | BN_FLG_STATIC_DATA \ + | (n))) + +/* Already declared in ossl_typ.h */ +#if 0 +typedef struct bignum_st BIGNUM; +/* Used for temp variables (declaration hidden in bn_lcl.h) */ +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; +#endif + +struct bignum_st { BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ int top; /* Index of last used d +1. */ @@ -237,23 +283,10 @@ typedef struct bignum_st int dmax; /* Size of the d array. */ int neg; /* one if the number is negative */ int flags; - } BIGNUM; - -/* Used for temp variables (declaration hidden in bn_lcl.h) */ -typedef struct bignum_ctx BN_CTX; - -typedef struct bn_blinding_st - { - int init; - BIGNUM *A; - BIGNUM *Ai; - BIGNUM *mod; /* just a reference */ - unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; - * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ - } BN_BLINDING; + }; /* Used for montgomery multiplication */ -typedef struct bn_mont_ctx_st +struct bn_mont_ctx_st { int ri; /* number of bits in R */ BIGNUM RR; /* used to convert to montgomery form */ @@ -262,19 +295,47 @@ typedef struct bn_mont_ctx_st * (Ni is only stored for bignum algorithm) */ BN_ULONG n0; /* least significant word of Ni */ int flags; - } BN_MONT_CTX; + }; /* Used for reciprocal division/mod functions * It cannot be shared between threads */ -typedef struct bn_recp_ctx_st +struct bn_recp_ctx_st { BIGNUM N; /* the divisor */ BIGNUM Nr; /* the reciprocal */ int num_bits; int shift; int flags; - } BN_RECP_CTX; + }; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st + { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union + { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + } cb; + }; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); +/* Macro to populate a BN_GENCB structure with an "old"-style callback */ +#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 1; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_1 = (callback); } +/* Macro to populate a BN_GENCB structure with a "new"-style callback */ +#define BN_GENCB_set(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 2; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_2 = (callback); } #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -299,24 +360,33 @@ typedef struct bn_recp_ctx_st #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word does not work reliably for w == 0 */ -#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) -#define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +#define BN_is_zero(a) ((a)->top == 0) #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -#define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ - BN_is_zero((a))) +#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) #define BN_one(a) (BN_set_word((a),1)) +#define BN_zero_ex(a) \ + do { \ + BIGNUM *_tmp_bn = (a); \ + _tmp_bn->top = 0; \ + _tmp_bn->neg = 0; \ + } while(0) +#ifdef OPENSSL_NO_DEPRECATED +#define BN_zero(a) BN_zero_ex(a) +#else #define BN_zero(a) (BN_set_word((a),0)) - -/*#define BN_ascii2bn(a) BN_hex2bn(a) */ -/*#define BN_bn2ascii(a) BN_bn2hex(a) */ +#endif const BIGNUM *BN_value_one(void); char * BN_options(void); BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED void BN_CTX_init(BN_CTX *c); +#endif void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); @@ -342,6 +412,16 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +#define BN_is_negative(a) ((a)->neg != 0) int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); @@ -378,6 +458,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,BN_CTX *ctx); int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, @@ -413,6 +495,9 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + +/* Deprecated versions */ +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *),void *cb_arg); @@ -422,6 +507,14 @@ int BN_is_prime(const BIGNUM *p,int nchecks, int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, int do_trial_division); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); @@ -434,15 +527,34 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +#define BN_BLINDING_NO_UPDATE 0x00000001 +#define BN_BLINDING_NO_RECREATE 0x00000002 -BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); void BN_BLINDING_free(BN_BLINDING *b); int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); - +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +#ifndef OPENSSL_NO_DEPRECATED void BN_set_params(int mul,int high,int low,int mont); int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +#endif void BN_RECP_CTX_init(BN_RECP_CTX *recp); BN_RECP_CTX *BN_RECP_CTX_new(void); @@ -455,15 +567,162 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, BN_CTX *ctx); +/* Functions for arithmetic over binary polynomials represented by BIGNUMs. + * + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. + * + * Note that input arguments are not const so that their bit arrays can + * be expanded to the appropriate size if needed. + */ + +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ +#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r^2 + r = a mod p */ +#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/* Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); + /* r = a mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); +int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); + +/* faster mod functions for the 'NIST primes' + * 0 <= a < p^2 */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + /* library internal functions */ #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ - (a):bn_expand2((a),(bits)/BN_BITS2+1)) + (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) BIGNUM *bn_expand2(BIGNUM *a, int words); -BIGNUM *bn_dup_expand(const BIGNUM *a, int words); +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +#endif + +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include -#define bn_fix_top(a) \ +#ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +#ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf,int num); +#define BN_DEBUG_TRIX +#endif +#define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#ifdef BN_DEBUG_TRIX +#undef RAND_pseudo_bytes +#endif +#else +#define bn_pollute(a) +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +#define bn_fix_top(a) bn_check_top(a) + +#else /* !BN_DEBUG */ + +#define bn_pollute(a) +#define bn_check_top(a) +#define bn_fix_top(a) bn_correct_top(a) + +#endif + +#define bn_correct_top(a) \ { \ BN_ULONG *ftl; \ if ((a)->top > 0) \ @@ -471,6 +730,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ if (*(ftl--)) break; \ } \ + bn_pollute(a); \ } BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); @@ -480,15 +740,17 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); -#ifdef BN_DEBUG -void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n); -# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ - fprintf(stderr,"\n");} -# define bn_dump(a,n) bn_dump1(stderr,#a,a,n); -#else -# define bn_print(a) -# define bn_dump(a,b) -#endif +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); @@ -501,20 +763,35 @@ void ERR_load_BN_strings(void); /* Error codes for the BN functions. */ /* Function codes. */ -#define BN_F_BN_BLINDING_CONVERT 100 -#define BN_F_BN_BLINDING_INVERT 101 +#define BN_F_BNRAND 127 +#define BN_F_BN_BLINDING_CONVERT_EX 100 +#define BN_F_BN_BLINDING_CREATE_PARAM 128 +#define BN_F_BN_BLINDING_INVERT_EX 101 #define BN_F_BN_BLINDING_NEW 102 #define BN_F_BN_BLINDING_UPDATE 103 #define BN_F_BN_BN2DEC 104 #define BN_F_BN_BN2HEX 105 #define BN_F_BN_CTX_GET 116 #define BN_F_BN_CTX_NEW 106 +#define BN_F_BN_CTX_START 129 #define BN_F_BN_DIV 107 +#define BN_F_BN_DIV_RECP 130 +#define BN_F_BN_EXP 123 #define BN_F_BN_EXPAND2 108 #define BN_F_BN_EXPAND_INTERNAL 120 +#define BN_F_BN_GF2M_MOD 131 +#define BN_F_BN_GF2M_MOD_EXP 132 +#define BN_F_BN_GF2M_MOD_MUL 133 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +#define BN_F_BN_GF2M_MOD_SQR 136 +#define BN_F_BN_GF2M_MOD_SQRT 137 #define BN_F_BN_MOD_EXP2_MONT 118 #define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 #define BN_F_BN_MOD_EXP_MONT_WORD 117 +#define BN_F_BN_MOD_EXP_RECP 125 +#define BN_F_BN_MOD_EXP_SIMPLE 126 #define BN_F_BN_MOD_INVERSE 110 #define BN_F_BN_MOD_LSHIFT_QUICK 119 #define BN_F_BN_MOD_MUL_RECIPROCAL 111 @@ -539,6 +816,7 @@ void ERR_load_BN_strings(void); #define BN_R_NOT_A_SQUARE 111 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 +#define BN_R_NO_SOLUTION 116 #define BN_R_P_IS_NOT_PRIME 112 #define BN_R_TOO_MANY_ITERATIONS 113 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/crypto/openssl/crypto/bn/bn_add.c b/crypto/openssl/crypto/bn/bn_add.c index 6cba07e..9405163 100644 --- a/crypto/openssl/crypto/bn/bn_add.c +++ b/crypto/openssl/crypto/bn/bn_add.c @@ -64,7 +64,7 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { const BIGNUM *tmp; - int a_neg = a->neg; + int a_neg = a->neg, ret; bn_check_top(a); bn_check_top(b); @@ -95,20 +95,17 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) return(1); } - if (!BN_uadd(r,a,b)) return(0); - if (a_neg) /* both are neg */ - r->neg=1; - else - r->neg=0; - return(1); + ret = BN_uadd(r,a,b); + r->neg = a_neg; + bn_check_top(r); + return ret; } -/* unsigned add of b to a, r must be large enough */ +/* unsigned add of b to a */ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - register int i; - int max,min; - BN_ULONG *ap,*bp,*rp,carry,t1; + int max,min,dif; + BN_ULONG *ap,*bp,*rp,carry,t1,t2; const BIGNUM *tmp; bn_check_top(a); @@ -116,11 +113,12 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a->top < b->top) { tmp=a; a=b; b=tmp; } - max=a->top; - min=b->top; + max = a->top; + min = b->top; + dif = max - min; if (bn_wexpand(r,max+1) == NULL) - return(0); + return 0; r->top=max; @@ -128,46 +126,46 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) ap=a->d; bp=b->d; rp=r->d; - carry=0; carry=bn_add_words(rp,ap,bp,min); rp+=min; ap+=min; bp+=min; - i=min; if (carry) { - while (i < max) + while (dif) { - i++; - t1= *(ap++); - if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) + dif--; + t1 = *(ap++); + t2 = (t1+1) & BN_MASK2; + *(rp++) = t2; + if (t2) { carry=0; break; } } - if ((i >= max) && carry) + if (carry) { - *(rp++)=1; + /* carry != 0 => dif == 0 */ + *rp = 1; r->top++; } } - if (rp != ap) - { - for (; ineg = 0; - return(1); + bn_check_top(r); + return 1; } /* unsigned subtraction of b from a, a must be larger than b. */ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - int max,min; + int max,min,dif; register BN_ULONG t1,t2,*ap,*bp,*rp; int i,carry; #if defined(IRIX_CC_BUG) && !defined(LINT) @@ -177,14 +175,16 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - if (a->top < b->top) /* hmm... should not be happening */ + max = a->top; + min = b->top; + dif = max - min; + + if (dif < 0) /* hmm... should not be happening */ { BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); return(0); } - max=a->top; - min=b->top; if (bn_wexpand(r,max) == NULL) return(0); ap=a->d; @@ -193,7 +193,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) #if 1 carry=0; - for (i=0; i t2) break; + dif--; + t1 = *(ap++); + t2 = (t1-1)&BN_MASK2; + *(rp++) = t2; + if (t1) + break; } } #if 0 @@ -237,13 +240,13 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { for (;;) { - if (i++ >= max) break; + if (!dif--) break; rp[0]=ap[0]; - if (i++ >= max) break; + if (!dif--) break; rp[1]=ap[1]; - if (i++ >= max) break; + if (!dif--) break; rp[2]=ap[2]; - if (i++ >= max) break; + if (!dif--) break; rp[3]=ap[3]; rp+=4; ap+=4; @@ -253,7 +256,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) r->top=max; r->neg=0; - bn_fix_top(r); + bn_correct_top(r); return(1); } @@ -304,6 +307,7 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (!BN_usub(r,a,b)) return(0); r->neg=0; } + bn_check_top(r); return(1); } diff --git a/crypto/openssl/crypto/bn/bn_asm.c b/crypto/openssl/crypto/bn/bn_asm.c index be8aa3f..99bc2de 100644 --- a/crypto/openssl/crypto/bn/bn_asm.c +++ b/crypto/openssl/crypto/bn/bn_asm.c @@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) if (d == 0) return(BN_MASK2); i=BN_num_bits_word(d); - assert((i == BN_BITS2) || (h > (BN_ULONG)1<= d) h-=d; @@ -459,6 +459,34 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) #define sqr_add_c2(a,i,j,c0,c1,c2) \ mul_add_c2((a)[i],(a)[j],c0,c1,c2) +#elif defined(BN_UMULT_LOHI) + +#define mul_add_c(a,b,c0,c1,c2) { \ + BN_ULONG ta=(a),tb=(b); \ + BN_UMULT_LOHI(t1,t2,ta,tb); \ + c0 += t1; t2 += (c0A=BN_new()) == NULL) goto err; - if ((ret->Ai=BN_new()) == NULL) goto err; - if (!BN_copy(ret->A,A)) goto err; - if (!BN_copy(ret->Ai,Ai)) goto err; - ret->mod=mod; + if (A != NULL) + { + if ((ret->A = BN_dup(A)) == NULL) goto err; + } + if (Ai != NULL) + { + if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; + } + ret->mod = mod; + ret->counter = BN_BLINDING_COUNTER; return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); @@ -91,6 +166,7 @@ void BN_BLINDING_free(BN_BLINDING *r) if (r->A != NULL) BN_free(r->A ); if (r->Ai != NULL) BN_free(r->Ai); + if (r->e != NULL) BN_free(r->e ); OPENSSL_free(r); } @@ -103,42 +179,181 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); goto err; } - - if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; - if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; + + if (--(b->counter) == 0 && b->e != NULL && + !(b->flags & BN_BLINDING_NO_RECREATE)) + { + /* re-create blinding parameters */ + if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) + goto err; + } + else if (!(b->flags & BN_BLINDING_NO_UPDATE)) + { + if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; + if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; + } ret=1; err: + if (b->counter == 0) + b->counter = BN_BLINDING_COUNTER; return(ret); } int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) { + return BN_BLINDING_convert_ex(n, NULL, b, ctx); + } + +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) + { + int ret = 1; + bn_check_top(n); if ((b->A == NULL) || (b->Ai == NULL)) { - BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED); + BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); return(0); } - return(BN_mod_mul(n,n,b->A,b->mod,ctx)); + + if (r != NULL) + { + if (!BN_copy(r, b->Ai)) ret=0; + } + + if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; + + return ret; } int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) { + return BN_BLINDING_invert_ex(n, NULL, b, ctx); + } + +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) + { int ret; bn_check_top(n); if ((b->A == NULL) || (b->Ai == NULL)) { - BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED); + BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); return(0); } - if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) + + if (r != NULL) + ret = BN_mod_mul(n, n, r, b->mod, ctx); + else + ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + + if (ret >= 0) { if (!BN_BLINDING_update(b,ctx)) return(0); } + bn_check_top(n); return(ret); } +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) + { + return b->thread_id; + } + +void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) + { + b->thread_id = n; + } + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) + { + return b->flags; + } + +void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) + { + b->flags = flags; + } + +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx) +{ + int retry_counter = 32; + BN_BLINDING *ret = NULL; + + if (b == NULL) + ret = BN_BLINDING_new(NULL, NULL, m); + else + ret = b; + + if (ret == NULL) + goto err; + + if (ret->A == NULL && (ret->A = BN_new()) == NULL) + goto err; + if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) + goto err; + + if (e != NULL) + { + if (ret->e != NULL) + BN_free(ret->e); + ret->e = BN_dup(e); + } + if (ret->e == NULL) + goto err; + + if (bn_mod_exp != NULL) + ret->bn_mod_exp = bn_mod_exp; + if (m_ctx != NULL) + ret->m_ctx = m_ctx; + + do { + if (!BN_rand_range(ret->A, ret->mod)) goto err; + if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) + { + /* this should almost never happen for good RSA keys */ + unsigned long error = ERR_peek_last_error(); + if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) + { + if (retry_counter-- == 0) + { + BNerr(BN_F_BN_BLINDING_CREATE_PARAM, + BN_R_TOO_MANY_ITERATIONS); + goto err; + } + ERR_clear_error(); + } + else + goto err; + } + else + break; + } while (1); + + if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) + { + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) + goto err; + } + else + { + if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) + goto err; + } + + return ret; +err: + if (b == NULL && ret != NULL) + { + BN_BLINDING_free(ret); + ret = NULL; + } + + return ret; +} diff --git a/crypto/openssl/crypto/bn/bn_const.c b/crypto/openssl/crypto/bn/bn_const.c new file mode 100755 index 0000000..eb60a25 --- /dev/null +++ b/crypto/openssl/crypto/bn/bn_const.c @@ -0,0 +1,402 @@ +/* crypto/bn/knownprimes.c */ +/* Insert boilerplate */ + +#include "bn.h" + +/* "First Oakley Default Group" from RFC2409, section 6.1. + * + * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } + * + * RFC2409 specifies a generator of 2. + * RFC2412 specifies a generator of of 22. + */ + +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) + { + static const unsigned char RFC2409_PRIME_768[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn); + } + +/* "Second Oakley Default Group" from RFC2409, section 6.2. + * + * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. + * + * RFC2409 specifies a generator of 2. + * RFC2412 specifies a generator of 22. + */ + +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) + { + static const unsigned char RFC2409_PRIME_1024[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn); + } + +/* "1536-bit MODP Group" from RFC3526, Section 2. + * + * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } + * + * RFC3526 specifies a generator of 2. + * RFC2312 specifies a generator of 22. + */ + +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_1536[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn); + } + +/* "2048-bit MODP Group" from RFC3526, Section 3. + * + * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_2048[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, + 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, + 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, + 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn); + } + +/* "3072-bit MODP Group" from RFC3526, Section 4. + * + * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_3072[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, + 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, + 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, + 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, + 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, + 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, + 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, + 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, + 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, + 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, + 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, + 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, + 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn); + } + +/* "4096-bit MODP Group" from RFC3526, Section 5. + * + * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_4096[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, + 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, + 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, + 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, + 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, + 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, + 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, + 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, + 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, + 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, + 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, + 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, + 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, + 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, + 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, + 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, + 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, + 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, + 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, + 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, + 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, + 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, + 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn); + } + +/* "6144-bit MODP Group" from RFC3526, Section 6. + * + * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_6144[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, + 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, + 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, + 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, + 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, + 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, + 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, + 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, + 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, + 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, + 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, + 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, + 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, + 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, + 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, + 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, + 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, + 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, + 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, + 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, + 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, + 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, + 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, + 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, + 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, + 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, + 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, + 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, + 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, + 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, + 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, + 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, + 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, + 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, + 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, + 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, + 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, + 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, + 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, + 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, + 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, + 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, + 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, + 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, + 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn); + } + +/* "8192-bit MODP Group" from RFC3526, Section 7. + * + * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_8192[]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, + 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, + 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, + 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, + 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, + 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, + 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, + 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, + 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, + 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, + 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, + 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, + 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, + 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, + 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, + 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, + 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, + 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, + 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, + 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, + 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, + 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, + 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, + 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, + 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, + 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, + 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, + 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, + 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, + 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, + 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, + 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, + 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, + 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, + 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, + 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, + 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, + 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, + 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, + 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, + 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, + 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, + 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, + 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, + 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, + 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0, + 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00, + 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93, + 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, + 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB, + 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9, + 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8, + 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, + 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F, + 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A, + 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8, + 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, + 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5, + 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1, + 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3, + 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, + 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E, + 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47, + 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2, + 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, + 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn); + } + diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c index 7daf19e..b3452f1 100644 --- a/crypto/openssl/crypto/bn/bn_ctx.c +++ b/crypto/openssl/crypto/bn/bn_ctx.c @@ -1,7 +1,7 @@ /* crypto/bn/bn_ctx.c */ /* Written by Ulf Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -54,9 +54,10 @@ * */ -#ifndef BN_CTX_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +#ifndef NDEBUG +#define NDEBUG +#endif #endif #include @@ -65,91 +66,389 @@ #include "cryptlib.h" #include "bn_lcl.h" +/* TODO list + * + * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and + * check they can be safely removed. + * - Check +1 and other ugliness in BN_from_montgomery() + * + * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an + * appropriate 'block' size that will be honoured by bn_expand_internal() to + * prevent piddly little reallocations. OTOH, profiling bignum expansions in + * BN_CTX doesn't show this to be a big issue. + */ + +/* How many bignums are in each "pool item"; */ +#define BN_CTX_POOL_SIZE 16 +/* The stack frame info is resizing, set a first-time expansion size; */ +#define BN_CTX_START_FRAMES 32 -BN_CTX *BN_CTX_new(void) +/***********/ +/* BN_POOL */ +/***********/ + +/* A bundle of bignums that can be linked with other bundles */ +typedef struct bignum_pool_item + { + /* The bignum values */ + BIGNUM vals[BN_CTX_POOL_SIZE]; + /* Linked-list admin */ + struct bignum_pool_item *prev, *next; + } BN_POOL_ITEM; +/* A linked-list of bignums grouped in bundles */ +typedef struct bignum_pool + { + /* Linked-list admin */ + BN_POOL_ITEM *head, *current, *tail; + /* Stack depth and allocation size */ + unsigned used, size; + } BN_POOL; +static void BN_POOL_init(BN_POOL *); +static void BN_POOL_finish(BN_POOL *); +#ifndef OPENSSL_NO_DEPRECATED +static void BN_POOL_reset(BN_POOL *); +#endif +static BIGNUM * BN_POOL_get(BN_POOL *); +static void BN_POOL_release(BN_POOL *, unsigned int); + +/************/ +/* BN_STACK */ +/************/ + +/* A wrapper to manage the "stack frames" */ +typedef struct bignum_ctx_stack { - BN_CTX *ret; + /* Array of indexes into the bignum stack */ + unsigned int *indexes; + /* Number of stack frames, and the size of the allocated array */ + unsigned int depth, size; + } BN_STACK; +static void BN_STACK_init(BN_STACK *); +static void BN_STACK_finish(BN_STACK *); +#ifndef OPENSSL_NO_DEPRECATED +static void BN_STACK_reset(BN_STACK *); +#endif +static int BN_STACK_push(BN_STACK *, unsigned int); +static unsigned int BN_STACK_pop(BN_STACK *); + +/**********/ +/* BN_CTX */ +/**********/ + +/* The opaque BN_CTX type */ +struct bignum_ctx + { + /* The bignum bundles */ + BN_POOL pool; + /* The "stack frames", if you will */ + BN_STACK stack; + /* The number of bignums currently assigned */ + unsigned int used; + /* Depth of stack overflow */ + int err_stack; + /* Block "gets" until an "end" (compatibility behaviour) */ + int too_many; + }; - ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX)); - if (ret == NULL) +/* Enable this to find BN_CTX bugs */ +#ifdef BN_CTX_DEBUG +static const char *ctxdbg_cur = NULL; +static void ctxdbg(BN_CTX *ctx) + { + unsigned int bnidx = 0, fpidx = 0; + BN_POOL_ITEM *item = ctx->pool.head; + BN_STACK *stack = &ctx->stack; + fprintf(stderr,"(%08x): ", (unsigned int)ctx); + while(bnidx < ctx->used) { - BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); + fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); + if(!(bnidx % BN_CTX_POOL_SIZE)) + item = item->next; } - - BN_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); + fprintf(stderr,"\n"); + bnidx = 0; + fprintf(stderr," : "); + while(fpidx < stack->depth) + { + while(bnidx++ < stack->indexes[fpidx]) + fprintf(stderr," "); + fprintf(stderr,"^^ "); + bnidx++; + fpidx++; + } + fprintf(stderr,"\n"); } +#define CTXDBG_ENTRY(str, ctx) do { \ + ctxdbg_cur = (str); \ + fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ + ctxdbg(ctx); \ + } while(0) +#define CTXDBG_EXIT(ctx) do { \ + fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ + ctxdbg(ctx); \ + } while(0) +#define CTXDBG_RET(ctx,ret) +#else +#define CTXDBG_ENTRY(str, ctx) +#define CTXDBG_EXIT(ctx) +#define CTXDBG_RET(ctx,ret) +#endif +/* This function is an evil legacy and should not be used. This implementation + * is WYSIWYG, though I've done my best. */ +#ifndef OPENSSL_NO_DEPRECATED void BN_CTX_init(BN_CTX *ctx) { -#if 0 /* explicit version */ - int i; - ctx->tos = 0; - ctx->flags = 0; - ctx->depth = 0; + /* Assume the caller obtained the context via BN_CTX_new() and so is + * trying to reset it for use. Nothing else makes sense, least of all + * binary compatibility from a time when they could declare a static + * variable. */ + BN_POOL_reset(&ctx->pool); + BN_STACK_reset(&ctx->stack); + ctx->used = 0; + ctx->err_stack = 0; ctx->too_many = 0; - for (i = 0; i < BN_CTX_NUM; i++) - BN_init(&(ctx->bn[i])); -#else - memset(ctx, 0, sizeof *ctx); + } #endif + +BN_CTX *BN_CTX_new(void) + { + BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); + if(!ret) + { + BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); + return NULL; + } + /* Initialise the structure */ + BN_POOL_init(&ret->pool); + BN_STACK_init(&ret->stack); + ret->used = 0; + ret->err_stack = 0; + ret->too_many = 0; + return ret; } void BN_CTX_free(BN_CTX *ctx) { - int i; - - if (ctx == NULL) return; - assert(ctx->depth == 0); - - for (i=0; i < BN_CTX_NUM; i++) - BN_clear_free(&(ctx->bn[i])); - if (ctx->flags & BN_FLG_MALLOCED) - OPENSSL_free(ctx); + if (ctx == NULL) + return; +#ifdef BN_CTX_DEBUG + { + BN_POOL_ITEM *pool = ctx->pool.head; + fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n", + ctx->stack.size, ctx->pool.size); + fprintf(stderr,"dmaxs: "); + while(pool) { + unsigned loop = 0; + while(loop < BN_CTX_POOL_SIZE) + fprintf(stderr,"%02x ", pool->vals[loop++].dmax); + pool = pool->next; + } + fprintf(stderr,"\n"); + } +#endif + BN_STACK_finish(&ctx->stack); + BN_POOL_finish(&ctx->pool); + OPENSSL_free(ctx); } void BN_CTX_start(BN_CTX *ctx) { - if (ctx->depth < BN_CTX_NUM_POS) - ctx->pos[ctx->depth] = ctx->tos; - ctx->depth++; + CTXDBG_ENTRY("BN_CTX_start", ctx); + /* If we're already overflowing ... */ + if(ctx->err_stack || ctx->too_many) + ctx->err_stack++; + /* (Try to) get a new frame pointer */ + else if(!BN_STACK_push(&ctx->stack, ctx->used)) + { + BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES); + ctx->err_stack++; + } + CTXDBG_EXIT(ctx); } +void BN_CTX_end(BN_CTX *ctx) + { + CTXDBG_ENTRY("BN_CTX_end", ctx); + if(ctx->err_stack) + ctx->err_stack--; + else + { + unsigned int fp = BN_STACK_pop(&ctx->stack); + /* Does this stack frame have anything to release? */ + if(fp < ctx->used) + BN_POOL_release(&ctx->pool, ctx->used - fp); + ctx->used = fp; + /* Unjam "too_many" in case "get" had failed */ + ctx->too_many = 0; + } + CTXDBG_EXIT(ctx); + } BIGNUM *BN_CTX_get(BN_CTX *ctx) { - /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically, - * make sure that if BN_CTX_get fails once it will return NULL again - * until BN_CTX_end is called. (This is so that callers have to check - * only the last return value.) - */ - if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) + BIGNUM *ret; + CTXDBG_ENTRY("BN_CTX_get", ctx); + if(ctx->err_stack || ctx->too_many) return NULL; + if((ret = BN_POOL_get(&ctx->pool)) == NULL) + { + /* Setting too_many prevents repeated "get" attempts from + * cluttering the error stack. */ + ctx->too_many = 1; + BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); + return NULL; + } + /* OK, make sure the returned bignum is "zero" */ + BN_zero(ret); + ctx->used++; + CTXDBG_RET(ctx, ret); + return ret; + } + +/************/ +/* BN_STACK */ +/************/ + +static void BN_STACK_init(BN_STACK *st) + { + st->indexes = NULL; + st->depth = st->size = 0; + } + +static void BN_STACK_finish(BN_STACK *st) + { + if(st->size) OPENSSL_free(st->indexes); + } + +#ifndef OPENSSL_NO_DEPRECATED +static void BN_STACK_reset(BN_STACK *st) + { + st->depth = 0; + } +#endif + +static int BN_STACK_push(BN_STACK *st, unsigned int idx) + { + if(st->depth == st->size) + /* Need to expand */ + { + unsigned int newsize = (st->size ? + (st->size * 3 / 2) : BN_CTX_START_FRAMES); + unsigned int *newitems = OPENSSL_malloc(newsize * + sizeof(unsigned int)); + if(!newitems) return 0; + if(st->depth) + memcpy(newitems, st->indexes, st->depth * + sizeof(unsigned int)); + if(st->size) OPENSSL_free(st->indexes); + st->indexes = newitems; + st->size = newsize; + } + st->indexes[(st->depth)++] = idx; + return 1; + } + +static unsigned int BN_STACK_pop(BN_STACK *st) + { + return st->indexes[--(st->depth)]; + } + +/***********/ +/* BN_POOL */ +/***********/ + +static void BN_POOL_init(BN_POOL *p) + { + p->head = p->current = p->tail = NULL; + p->used = p->size = 0; + } + +static void BN_POOL_finish(BN_POOL *p) + { + while(p->head) { - if (!ctx->too_many) + unsigned int loop = 0; + BIGNUM *bn = p->head->vals; + while(loop++ < BN_CTX_POOL_SIZE) { - BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); - /* disable error code until BN_CTX_end is called: */ - ctx->too_many = 1; + if(bn->d) BN_clear_free(bn); + bn++; } - return NULL; + p->current = p->head->next; + OPENSSL_free(p->head); + p->head = p->current; } - return (&(ctx->bn[ctx->tos++])); } -void BN_CTX_end(BN_CTX *ctx) +#ifndef OPENSSL_NO_DEPRECATED +static void BN_POOL_reset(BN_POOL *p) { - if (ctx == NULL) return; - assert(ctx->depth > 0); - if (ctx->depth == 0) - /* should never happen, but we can tolerate it if not in - * debug mode (could be a 'goto err' in the calling function - * before BN_CTX_start was reached) */ - BN_CTX_start(ctx); + BN_POOL_ITEM *item = p->head; + while(item) + { + unsigned int loop = 0; + BIGNUM *bn = item->vals; + while(loop++ < BN_CTX_POOL_SIZE) + { + if(bn->d) BN_clear(bn); + bn++; + } + item = item->next; + } + p->current = p->head; + p->used = 0; + } +#endif - ctx->too_many = 0; - ctx->depth--; - if (ctx->depth < BN_CTX_NUM_POS) - ctx->tos = ctx->pos[ctx->depth]; +static BIGNUM *BN_POOL_get(BN_POOL *p) + { + if(p->used == p->size) + { + BIGNUM *bn; + unsigned int loop = 0; + BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); + if(!item) return NULL; + /* Initialise the structure */ + bn = item->vals; + while(loop++ < BN_CTX_POOL_SIZE) + BN_init(bn++); + item->prev = p->tail; + item->next = NULL; + /* Link it in */ + if(!p->head) + p->head = p->current = p->tail = item; + else + { + p->tail->next = item; + p->tail = item; + p->current = item; + } + p->size += BN_CTX_POOL_SIZE; + p->used++; + /* Return the first bignum from the new pool */ + return item->vals; + } + if(!p->used) + p->current = p->head; + else if((p->used % BN_CTX_POOL_SIZE) == 0) + p->current = p->current->next; + return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); + } + +static void BN_POOL_release(BN_POOL *p, unsigned int num) + { + unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; + p->used -= num; + while(num--) + { + bn_check_top(p->current->vals + offset); + if(!offset) + { + offset = BN_CTX_POOL_SIZE - 1; + p->current = p->current->prev; + } + else + offset--; + } } + diff --git a/crypto/openssl/crypto/bn/bn_depr.c b/crypto/openssl/crypto/bn/bn_depr.c new file mode 100644 index 0000000..27535e4 --- /dev/null +++ b/crypto/openssl/crypto/bn/bn_depr.c @@ -0,0 +1,112 @@ +/* crypto/bn/bn_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Support for deprecated functions goes here - static linkage will only slurp + * this code if applications are using them directly. */ + +#include +#include +#include "cryptlib.h" +#include "bn_lcl.h" +#include + +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + BIGNUM *rnd=NULL; + int found = 0; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (ret == NULL) + { + if ((rnd=BN_new()) == NULL) goto err; + } + else + rnd=ret; + if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) + goto err; + + /* we have a prime :-) */ + found = 1; +err: + if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); + return(found ? rnd : NULL); + } + +int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg) + { + BN_GENCB cb; + BN_GENCB_set_old(&cb, callback, cb_arg); + return BN_is_prime_ex(a, checks, ctx_passed, &cb); + } + +int BN_is_prime_fasttest(const BIGNUM *a, int checks, + void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg, + int do_trial_division) + { + BN_GENCB cb; + BN_GENCB_set_old(&cb, callback, cb_arg); + return BN_is_prime_fasttest_ex(a, checks, ctx_passed, + do_trial_division, &cb); + } +#endif diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c index 580d120..2857f44 100644 --- a/crypto/openssl/crypto/bn/bn_div.c +++ b/crypto/openssl/crypto/bn/bn_div.c @@ -179,12 +179,14 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift,i,j,loop; + int norm_shift,i,loop; BIGNUM *tmp,wnum,*snum,*sdiv,*res; BN_ULONG *resp,*wnump; BN_ULONG d0,d1; int num_n,div_n; + bn_check_top(dv); + bn_check_top(rm); bn_check_top(num); bn_check_top(divisor); @@ -210,7 +212,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, res=BN_CTX_get(ctx); else res=dv; if (sdiv == NULL || res == NULL) goto err; - tmp->neg=0; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); @@ -222,17 +223,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, div_n=sdiv->top; num_n=snum->top; loop=num_n-div_n; - /* Lets setup a 'window' into snum * This is the part that corresponds to the current * 'area' being divided */ - BN_init(&wnum); - wnum.d= &(snum->d[loop]); - wnum.top= div_n; - wnum.dmax= snum->dmax+1; /* a bit of a lie */ + wnum.neg = 0; + wnum.d = &(snum->d[loop]); + wnum.top = div_n; + /* only needed when BN_ucmp messes up the values between top and max */ + wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ /* Get the top 2 words of sdiv */ - /* i=sdiv->top; */ + /* div_n=sdiv->top; */ d0=sdiv->d[div_n-1]; d1=(div_n == 1)?0:sdiv->d[div_n-2]; @@ -250,19 +251,28 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (BN_ucmp(&wnum,sdiv) >= 0) { - if (!BN_usub(&wnum,&wnum,sdiv)) goto err; + /* If BN_DEBUG_RAND is defined BN_ucmp changes (via + * bn_pollute) the const bignum arguments => + * clean the values between top and max again */ + bn_clear_top2max(&wnum); + bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); *resp=1; - res->d[res->top-1]=1; } else res->top--; + /* if res->top == 0 then clear the neg value otherwise decrease + * the resp pointer */ if (res->top == 0) res->neg = 0; - resp--; + else + resp--; - for (i=0; i 0x%08X\n", #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); - wnum.d--; wnum.top++; tmp->d[div_n]=l0; - for (j=div_n+1; j>0; j--) - if (tmp->d[j-1]) break; - tmp->top=j; - - j=wnum.top; - if (!BN_sub(&wnum,&wnum,tmp)) goto err; - - snum->top=snum->top+wnum.top-j; - - if (wnum.neg) + wnum.d--; + /* ingore top values of the bignums just sub the two + * BN_ULONG arrays with bn_sub_words */ + if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) { + /* Note: As we have considered only the leading + * two BN_ULONGs in the calculation of q, sdiv * q + * might be greater than wnum (but then (q-1) * sdiv + * is less or equal than wnum) + */ q--; - j=wnum.top; - if (!BN_add(&wnum,&wnum,sdiv)) goto err; - snum->top+=wnum.top-j; + if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) + /* we can't have an overflow here (assuming + * that q != 0, but if q == 0 then tmp is + * zero anyway) */ + (*wnump)++; } - *(resp--)=q; - wnump--; + /* store part of the result */ + *resp = q; } + bn_correct_top(snum); if (rm != NULL) { /* Keep a copy of the neg flag in num because if rm==num @@ -376,10 +387,12 @@ X) -> 0x%08X\n", BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; + bn_check_top(rm); } BN_CTX_end(ctx); return(1); err: + bn_check_top(rm); BN_CTX_end(ctx); return(0); } diff --git a/crypto/openssl/crypto/bn/bn_err.c b/crypto/openssl/crypto/bn/bn_err.c index fb84ee9..a253959 100644 --- a/crypto/openssl/crypto/bn/bn_err.c +++ b/crypto/openssl/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,52 +64,72 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) + static ERR_STRING_DATA BN_str_functs[]= { -{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, -{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"}, -{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"}, -{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, -{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, -{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, -{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"}, -{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, -{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, -{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, -{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, -{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, -{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"}, -{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, -{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"}, -{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, -{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, -{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, -{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, -{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, +{ERR_FUNC(BN_F_BNRAND), "BNRAND"}, +{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, +{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, +{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, +{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, +{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, +{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, +{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, +{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, +{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, +{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, +{ERR_FUNC(BN_F_BN_DIV), "BN_div"}, +{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, +{ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, +{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, +{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, +{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, +{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, +{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, +{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, +{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, +{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, +{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, +{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, +{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, +{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, +{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, +{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, +{ERR_FUNC(BN_F_BN_NEW), "BN_new"}, +{ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, +{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, +{ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0,NULL} }; static ERR_STRING_DATA BN_str_reasons[]= { -{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, -{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, -{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, -{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, -{BN_R_DIV_BY_ZERO ,"div by zero"}, -{BN_R_ENCODING_ERROR ,"encoding error"}, -{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, -{BN_R_INPUT_NOT_REDUCED ,"input not reduced"}, -{BN_R_INVALID_LENGTH ,"invalid length"}, -{BN_R_INVALID_RANGE ,"invalid range"}, -{BN_R_NOT_A_SQUARE ,"not a square"}, -{BN_R_NOT_INITIALIZED ,"not initialized"}, -{BN_R_NO_INVERSE ,"no inverse"}, -{BN_R_P_IS_NOT_PRIME ,"p is not prime"}, -{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, -{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, +{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"}, +{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"}, +{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"}, +{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"}, +{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"}, +{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"}, +{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"}, +{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"}, +{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"}, +{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"}, +{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"}, +{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"}, +{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"}, +{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"}, +{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"}, +{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"}, +{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"}, {0,NULL} }; @@ -123,8 +143,8 @@ void ERR_load_BN_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_BN,BN_str_functs); - ERR_load_strings(ERR_LIB_BN,BN_str_reasons); + ERR_load_strings(0,BN_str_functs); + ERR_load_strings(0,BN_str_reasons); #endif } diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index afdfd58..8f8c694 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -113,6 +113,7 @@ #include "cryptlib.h" #include "bn_lcl.h" +/* maximum precomputation table size for *variable* sliding windows */ #define TABLE_SIZE 32 /* this one works - simple but works */ @@ -121,6 +122,13 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int i,bits,ret=0; BIGNUM *v,*rr; + if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + { + /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } + BN_CTX_start(ctx); if ((r == a) || (r == p)) rr = BN_CTX_get(ctx); @@ -147,6 +155,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) err: if (r != rr) BN_copy(r,rr); BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -204,7 +213,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD - if (a->top == 1 && !a->neg) + if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0)) { BN_ULONG A = a->d[0]; ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); @@ -221,6 +230,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, { ret=BN_mod_exp_simple(r,a,p,m,ctx); } #endif + bn_check_top(r); return(ret); } @@ -229,11 +239,19 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { int i,j,bits,ret=0,wstart,wend,window,wvalue; - int start=1,ts=0; + int start=1; BIGNUM *aa; - BIGNUM val[TABLE_SIZE]; + /* Table of variables obtained from 'ctx' */ + BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; + if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + { + /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } + bits=BN_num_bits(p); if (bits == 0) @@ -243,7 +261,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } BN_CTX_start(ctx); - if ((aa = BN_CTX_get(ctx)) == NULL) goto err; + aa = BN_CTX_get(ctx); + val[0] = BN_CTX_get(ctx); + if(!aa || !val[0]) goto err; BN_RECP_CTX_init(&recp); if (m->neg) @@ -258,29 +278,27 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; } - BN_init(&(val[0])); - ts=1; - - if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - if (BN_is_zero(&(val[0]))) + if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ + if (BN_is_zero(val[0])) { - ret = BN_zero(r); + BN_zero(r); + ret = 1; goto err; } window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) + if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx)) goto err; /* 2 */ j=1<<(window-1); for (i=1; i>1]),&recp,ctx)) + if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx)) goto err; /* move the 'window' down further */ @@ -344,9 +362,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ret=1; err: BN_CTX_end(ctx); - for (i=0; id[0] & 1)) + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); @@ -380,7 +403,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_CTX_start(ctx); d = BN_CTX_get(ctx); r = BN_CTX_get(ctx); - if (d == NULL || r == NULL) goto err; + val[0] = BN_CTX_get(ctx); + if (!d || !r || !val[0]) goto err; /* If this is not done, things will break in the montgomery * part */ @@ -393,35 +417,34 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; } - BN_init(&val[0]); - ts=1; if (a->neg || BN_ucmp(a,m) >= 0) { - if (!BN_nnmod(&(val[0]),a,m,ctx)) + if (!BN_nnmod(val[0],a,m,ctx)) goto err; - aa= &(val[0]); + aa= val[0]; } else aa=a; if (BN_is_zero(aa)) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; goto err; } - if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ + if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ + if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */ j=1<<(window-1); for (i=1; i>1]),mont,ctx)) + if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx)) goto err; /* move the 'window' down further */ @@ -488,8 +511,213 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); - for (i=0; itop < top) + { + b->d[b->top++] = 0; + } + + for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) + { + buf[j] = ((unsigned char*)b->d)[i]; + } + + bn_correct_top(b); + return 1; + } + +static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) + { + size_t i, j; + + if (bn_wexpand(b, top) == NULL) + return 0; + + for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) + { + ((unsigned char*)b->d)[i] = buf[j]; + } + + b->top = top; + bn_correct_top(b); + return 1; + } + +/* Given a pointer value, compute the next address that is a cache line multiple. */ +#define MOD_EXP_CTIME_ALIGN(x_) \ + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + +/* This variant of BN_mod_exp_mont() uses fixed windows and the special + * precomputation memory layout to limit data-dependency to a minimum + * to protect secret exponents (cf. the hyper-threading timing attacks + * pointed out by Colin Percival, + * http://www.daemonology.net/hyperthreading-considered-harmful/) + */ +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + { + int i,bits,ret=0,idx,window,wvalue; + int top; + BIGNUM *r; + const BIGNUM *aa; + BN_MONT_CTX *mont=NULL; + + int numPowers; + unsigned char *powerbufFree=NULL; + int powerbufLen = 0; + unsigned char *powerbuf=NULL; + BIGNUM *computeTemp=NULL, *am=NULL; + + bn_check_top(a); + bn_check_top(p); + bn_check_top(m); + + top = m->top; + + if (!(m->d[0] & 1)) + { + BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS); + return(0); + } + bits=BN_num_bits(p); + if (bits == 0) + { + ret = BN_one(rr); + return ret; + } + + /* Initialize BIGNUM context and allocate intermediate result */ + BN_CTX_start(ctx); + r = BN_CTX_get(ctx); + if (r == NULL) goto err; + + /* Allocate a montgomery context if it was not supplied by the caller. + * If this is not done, things will break in the montgomery part. + */ + if (in_mont != NULL) + mont=in_mont; + else + { + if ((mont=BN_MONT_CTX_new()) == NULL) goto err; + if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; + } + + /* Get the window size to use with size of p. */ + window = BN_window_bits_for_ctime_exponent_size(bits); + + /* Allocate a buffer large enough to hold all of the pre-computed + * powers of a. + */ + numPowers = 1 << window; + powerbufLen = sizeof(m->d[0])*top*numPowers; + if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) + goto err; + + powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); + memset(powerbuf, 0, powerbufLen); + + /* Initialize the intermediate result. Do this early to save double conversion, + * once each for a^0 and intermediate result. + */ + if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err; + + /* Initialize computeTemp as a^1 with montgomery precalcs */ + computeTemp = BN_CTX_get(ctx); + am = BN_CTX_get(ctx); + if (computeTemp==NULL || am==NULL) goto err; + + if (a->neg || BN_ucmp(a,m) >= 0) + { + if (!BN_mod(am,a,m,ctx)) + goto err; + aa= am; + } + else + aa=a; + if (!BN_to_montgomery(am,aa,mont,ctx)) goto err; + if (!BN_copy(computeTemp, am)) goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err; + + /* If the window size is greater than 1, then calculate + * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) + * (even powers could instead be computed as (a^(i/2))^2 + * to use the slight performance advantage of sqr over mul). + */ + if (window > 1) + { + for (i=2; i= 0) + { + wvalue=0; /* The 'value' of the window */ + + /* Scan the window, squaring the result as we go */ + for (i=0; itop == 0 || !(m->d[0] & 1)) + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); @@ -536,7 +771,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, } if (a == 0) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; return ret; } @@ -630,19 +866,27 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); + bn_check_top(rr); return(ret); } /* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx) { - int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; + int i,j,bits,ret=0,wstart,wend,window,wvalue; int start=1; BIGNUM *d; - BIGNUM val[TABLE_SIZE]; + /* Table of variables obtained from 'ctx' */ + BIGNUM *val[TABLE_SIZE]; + + if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) + { + /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } bits=BN_num_bits(p); @@ -653,30 +897,30 @@ int BN_mod_exp_simple(BIGNUM *r, } BN_CTX_start(ctx); - if ((d = BN_CTX_get(ctx)) == NULL) goto err; + d = BN_CTX_get(ctx); + val[0] = BN_CTX_get(ctx); + if(!d || !val[0]) goto err; - BN_init(&(val[0])); - ts=1; - if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - if (BN_is_zero(&(val[0]))) + if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ + if (BN_is_zero(val[0])) { - ret = BN_zero(r); + BN_zero(r); + ret = 1; goto err; } window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) + if (!BN_mod_mul(d,val[0],val[0],m,ctx)) goto err; /* 2 */ j=1<<(window-1); for (i=1; i>1]),m,ctx)) + if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx)) goto err; /* move the 'window' down further */ @@ -740,8 +984,7 @@ int BN_mod_exp_simple(BIGNUM *r, ret=1; err: BN_CTX_end(ctx); - for (i=0; ineg || BN_ucmp(a1,m) >= 0) { - if (!BN_mod(&(val1[0]),a1,m,ctx)) + if (!BN_mod(val1[0],a1,m,ctx)) goto err; - a_mod_m = &(val1[0]); + a_mod_m = val1[0]; } else a_mod_m = a1; if (BN_is_zero(a_mod_m)) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; goto err; } - if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err; + if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err; if (window1 > 1) { - if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err; + if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err; j=1<<(window1-1); for (i=1; ineg || BN_ucmp(a2,m) >= 0) { - if (!BN_mod(&(val2[0]),a2,m,ctx)) + if (!BN_mod(val2[0],a2,m,ctx)) goto err; - a_mod_m = &(val2[0]); + a_mod_m = val2[0]; } else a_mod_m = a2; if (BN_is_zero(a_mod_m)) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; goto err; } - if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; + if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err; if (window2 > 1) { - if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err; + if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err; j=1<<(window2-1); for (i=1; i>1]),mont,ctx)) + if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx)) goto err; wvalue1 = 0; r_is_one = 0; @@ -294,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, if (wvalue2 && b == wpos2) { /* wvalue2 is odd and < 2^window2 */ - if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx)) + if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx)) goto err; wvalue2 = 0; r_is_one = 0; @@ -305,9 +306,6 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); - for (i=0; i +#include +#include +#include "cryptlib.h" +#include "bn_lcl.h" + +/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */ +#define MAX_ITERATIONS 50 + +static const BN_ULONG SQR_tb[16] = + { 0, 1, 4, 5, 16, 17, 20, 21, + 64, 65, 68, 69, 80, 81, 84, 85 }; +/* Platform-specific macros to accelerate squaring. */ +#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +#define SQR1(w) \ + SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ + SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ + SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ + SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] +#define SQR0(w) \ + SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ + SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +#endif +#ifdef THIRTY_TWO_BIT +#define SQR1(w) \ + SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ + SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] +#define SQR0(w) \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +#endif +#ifdef SIXTEEN_BIT +#define SQR1(w) \ + SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF] +#define SQR0(w) \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +#endif +#ifdef EIGHT_BIT +#define SQR1(w) \ + SQR_tb[(w) >> 4 & 0xF] +#define SQR0(w) \ + SQR_tb[(w) & 15] +#endif + +/* Product of two polynomials a, b each with degree < BN_BITS2 - 1, + * result is a polynomial r with degree < 2 * BN_BITS - 1 + * The caller MUST ensure that the variables have the right amount + * of space allocated. + */ +#ifdef EIGHT_BIT +static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) + { + register BN_ULONG h, l, s; + BN_ULONG tab[4], top1b = a >> 7; + register BN_ULONG a1, a2; + + a1 = a & (0x7F); a2 = a1 << 1; + + tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; + + s = tab[b & 0x3]; l = s; + s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 6; + s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4; + s = tab[b >> 6 ]; l ^= s << 6; h ^= s >> 2; + + /* compensate for the top bit of a */ + + if (top1b & 01) { l ^= b << 7; h ^= b >> 1; } + + *r1 = h; *r0 = l; + } +#endif +#ifdef SIXTEEN_BIT +static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) + { + register BN_ULONG h, l, s; + BN_ULONG tab[4], top1b = a >> 15; + register BN_ULONG a1, a2; + + a1 = a & (0x7FFF); a2 = a1 << 1; + + tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; + + s = tab[b & 0x3]; l = s; + s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 14; + s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 12; + s = tab[b >> 6 & 0x3]; l ^= s << 6; h ^= s >> 10; + s = tab[b >> 8 & 0x3]; l ^= s << 8; h ^= s >> 8; + s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >> 6; + s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >> 4; + s = tab[b >>14 ]; l ^= s << 14; h ^= s >> 2; + + /* compensate for the top bit of a */ + + if (top1b & 01) { l ^= b << 15; h ^= b >> 1; } + + *r1 = h; *r0 = l; + } +#endif +#ifdef THIRTY_TWO_BIT +static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) + { + register BN_ULONG h, l, s; + BN_ULONG tab[8], top2b = a >> 30; + register BN_ULONG a1, a2, a4; + + a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1; + + tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; + tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4; + + s = tab[b & 0x7]; l = s; + s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29; + s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26; + s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23; + s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20; + s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17; + s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14; + s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11; + s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8; + s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5; + s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2; + + /* compensate for the top two bits of a */ + + if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } + if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } + + *r1 = h; *r0 = l; + } +#endif +#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) + { + register BN_ULONG h, l, s; + BN_ULONG tab[16], top3b = a >> 61; + register BN_ULONG a1, a2, a4, a8; + + a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1; + + tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2; + tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4; + tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8; + tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8; + + s = tab[b & 0xF]; l = s; + s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60; + s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56; + s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52; + s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48; + s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44; + s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40; + s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36; + s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32; + s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28; + s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24; + s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20; + s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16; + s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12; + s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8; + s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4; + + /* compensate for the top three bits of a */ + + if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } + if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } + if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } + + *r1 = h; *r0 = l; + } +#endif + +/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, + * result is a polynomial r with degree < 4 * BN_BITS2 - 1 + * The caller MUST ensure that the variables have the right amount + * of space allocated. + */ +static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0) + { + BN_ULONG m1, m0; + /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ + bn_GF2m_mul_1x1(r+3, r+2, a1, b1); + bn_GF2m_mul_1x1(r+1, r, a0, b0); + bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); + /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ + r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ + r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ + } + + +/* Add polynomials a and b and store result in r; r could be a or b, a and b + * could be equal; r is the bitwise XOR of a and b. + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + int i; + const BIGNUM *at, *bt; + + bn_check_top(a); + bn_check_top(b); + + if (a->top < b->top) { at = b; bt = a; } + else { at = a; bt = b; } + + bn_wexpand(r, at->top); + + for (i = 0; i < bt->top; i++) + { + r->d[i] = at->d[i] ^ bt->d[i]; + } + for (; i < at->top; i++) + { + r->d[i] = at->d[i]; + } + + r->top = at->top; + bn_correct_top(r); + + return 1; + } + + +/* Some functions allow for representation of the irreducible polynomials + * as an int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ + + +/* Performs modular reduction of a and store result in r. r could be a. */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) + { + int j, k; + int n, dN, d0, d1; + BN_ULONG zz, *z; + + bn_check_top(a); + + if (!p[0]) + { + /* reduction mod 1 => return 0 */ + BN_zero(r); + return 1; + } + + /* Since the algorithm does reduction in the r value, if a != r, copy + * the contents of a into r so we can do reduction in r. + */ + if (a != r) + { + if (!bn_wexpand(r, a->top)) return 0; + for (j = 0; j < a->top; j++) + { + r->d[j] = a->d[j]; + } + r->top = a->top; + } + z = r->d; + + /* start reduction */ + dN = p[0] / BN_BITS2; + for (j = r->top - 1; j > dN;) + { + zz = z[j]; + if (z[j] == 0) { j--; continue; } + z[j] = 0; + + for (k = 1; p[k] != 0; k++) + { + /* reducing component t^p[k] */ + n = p[0] - p[k]; + d0 = n % BN_BITS2; d1 = BN_BITS2 - d0; + n /= BN_BITS2; + z[j-n] ^= (zz>>d0); + if (d0) z[j-n-1] ^= (zz<> d0); + if (d0) z[j-n-1] ^= (zz << d1); + } + + /* final round of reduction */ + while (j == dN) + { + + d0 = p[0] % BN_BITS2; + zz = z[dN] >> d0; + if (zz == 0) break; + d1 = BN_BITS2 - d0; + + if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ + z[0] ^= zz; /* reduction t^0 component */ + + for (k = 1; p[k] != 0; k++) + { + BN_ULONG tmp_ulong; + + /* reducing component t^p[k]*/ + n = p[k] / BN_BITS2; + d0 = p[k] % BN_BITS2; + d1 = BN_BITS2 - d0; + z[n] ^= (zz << d0); + tmp_ulong = zz >> d1; + if (d0 && tmp_ulong) + z[n+1] ^= tmp_ulong; + } + + + } + + bn_correct_top(r); + return 1; + } + +/* Performs modular reduction of a by p and store result in r. r could be a. + * + * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_arr function. + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) + { + int ret = 0; + const int max = BN_num_bits(p); + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) + { + BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_arr(r, a, arr); + bn_check_top(r); +err: + if (arr) OPENSSL_free(arr); + return ret; + } + + +/* Compute the product of two polynomials a and b, reduce modulo p, and store + * the result in r. r could be a or b; a could be b. + */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) + { + int zlen, i, j, k, ret = 0; + BIGNUM *s; + BN_ULONG x1, x0, y1, y0, zz[4]; + + bn_check_top(a); + bn_check_top(b); + + if (a == b) + { + return BN_GF2m_mod_sqr_arr(r, a, p, ctx); + } + + BN_CTX_start(ctx); + if ((s = BN_CTX_get(ctx)) == NULL) goto err; + + zlen = a->top + b->top + 4; + if (!bn_wexpand(s, zlen)) goto err; + s->top = zlen; + + for (i = 0; i < zlen; i++) s->d[i] = 0; + + for (j = 0; j < b->top; j += 2) + { + y0 = b->d[j]; + y1 = ((j+1) == b->top) ? 0 : b->d[j+1]; + for (i = 0; i < a->top; i += 2) + { + x0 = a->d[i]; + x1 = ((i+1) == a->top) ? 0 : a->d[i+1]; + bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); + for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k]; + } + } + + bn_correct_top(s); + if (BN_GF2m_mod_arr(r, s, p)) + ret = 1; + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the product of two polynomials a and b, reduce modulo p, and store + * the result in r. r could be a or b; a could equal b. + * + * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_mul_arr function. + */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; + const int max = BN_num_bits(p); + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) + { + BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); + bn_check_top(r); +err: + if (arr) OPENSSL_free(arr); + return ret; + } + + +/* Square a, reduce the result mod p, and store it in a. r could be a. */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) + { + int i, ret = 0; + BIGNUM *s; + + bn_check_top(a); + BN_CTX_start(ctx); + if ((s = BN_CTX_get(ctx)) == NULL) return 0; + if (!bn_wexpand(s, 2 * a->top)) goto err; + + for (i = a->top - 1; i >= 0; i--) + { + s->d[2*i+1] = SQR1(a->d[i]); + s->d[2*i ] = SQR0(a->d[i]); + } + + s->top = 2 * a->top; + bn_correct_top(s); + if (!BN_GF2m_mod_arr(r, s, p)) goto err; + bn_check_top(r); + ret = 1; +err: + BN_CTX_end(ctx); + return ret; + } + +/* Square a, reduce the result mod p, and store it in a. r could be a. + * + * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_sqr_arr function. + */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; + const int max = BN_num_bits(p); + unsigned int *arr=NULL; + + bn_check_top(a); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) + { + BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); + bn_check_top(r); +err: + if (arr) OPENSSL_free(arr); + return ret; + } + + +/* Invert a, reduce modulo p, and store the result in r. r could be a. + * Uses Modified Almost Inverse Algorithm (Algorithm 10) from + * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation + * of Elliptic Curve Cryptography Over Binary Fields". + */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { + BIGNUM *b, *c, *u, *v, *tmp; + int ret = 0; + + bn_check_top(a); + bn_check_top(p); + + BN_CTX_start(ctx); + + b = BN_CTX_get(ctx); + c = BN_CTX_get(ctx); + u = BN_CTX_get(ctx); + v = BN_CTX_get(ctx); + if (v == NULL) goto err; + + if (!BN_one(b)) goto err; + if (!BN_GF2m_mod(u, a, p)) goto err; + if (!BN_copy(v, p)) goto err; + + if (BN_is_zero(u)) goto err; + + while (1) + { + while (!BN_is_odd(u)) + { + if (!BN_rshift1(u, u)) goto err; + if (BN_is_odd(b)) + { + if (!BN_GF2m_add(b, b, p)) goto err; + } + if (!BN_rshift1(b, b)) goto err; + } + + if (BN_abs_is_word(u, 1)) break; + + if (BN_num_bits(u) < BN_num_bits(v)) + { + tmp = u; u = v; v = tmp; + tmp = b; b = c; c = tmp; + } + + if (!BN_GF2m_add(u, u, v)) goto err; + if (!BN_GF2m_add(b, b, c)) goto err; + } + + + if (!BN_copy(r, b)) goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; + } + +/* Invert xx, reduce modulo p, and store the result in r. r could be xx. + * + * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_inv function. + */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) + { + BIGNUM *field; + int ret = 0; + + bn_check_top(xx); + BN_CTX_start(ctx); + if ((field = BN_CTX_get(ctx)) == NULL) goto err; + if (!BN_GF2m_arr2poly(p, field)) goto err; + + ret = BN_GF2m_mod_inv(r, xx, field, ctx); + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; + } + + +#ifndef OPENSSL_SUN_GF2M_DIV +/* Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. + */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) + { + BIGNUM *xinv = NULL; + int ret = 0; + + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + + BN_CTX_start(ctx); + xinv = BN_CTX_get(ctx); + if (xinv == NULL) goto err; + + if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; + if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; + } +#else +/* Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. + * Uses algorithm Modular_Division_GF(2^m) from + * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to + * the Great Divide". + */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) + { + BIGNUM *a, *b, *u, *v; + int ret = 0; + + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + + BN_CTX_start(ctx); + + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + u = BN_CTX_get(ctx); + v = BN_CTX_get(ctx); + if (v == NULL) goto err; + + /* reduce x and y mod p */ + if (!BN_GF2m_mod(u, y, p)) goto err; + if (!BN_GF2m_mod(a, x, p)) goto err; + if (!BN_copy(b, p)) goto err; + + while (!BN_is_odd(a)) + { + if (!BN_rshift1(a, a)) goto err; + if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; + if (!BN_rshift1(u, u)) goto err; + } + + do + { + if (BN_GF2m_cmp(b, a) > 0) + { + if (!BN_GF2m_add(b, b, a)) goto err; + if (!BN_GF2m_add(v, v, u)) goto err; + do + { + if (!BN_rshift1(b, b)) goto err; + if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err; + if (!BN_rshift1(v, v)) goto err; + } while (!BN_is_odd(b)); + } + else if (BN_abs_is_word(a, 1)) + break; + else + { + if (!BN_GF2m_add(a, a, b)) goto err; + if (!BN_GF2m_add(u, u, v)) goto err; + do + { + if (!BN_rshift1(a, a)) goto err; + if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; + if (!BN_rshift1(u, u)) goto err; + } while (!BN_is_odd(a)); + } + } while (1); + + if (!BN_copy(r, u)) goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; + } +#endif + +/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx + * or yy, xx could equal yy. + * + * This function calls down to the BN_GF2m_mod_div implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_div function. + */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) + { + BIGNUM *field; + int ret = 0; + + bn_check_top(yy); + bn_check_top(xx); + + BN_CTX_start(ctx); + if ((field = BN_CTX_get(ctx)) == NULL) goto err; + if (!BN_GF2m_arr2poly(p, field)) goto err; + + ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; + } + + +/* Compute the bth power of a, reduce modulo p, and store + * the result in r. r could be a. + * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363. + */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) + { + int ret = 0, i, n; + BIGNUM *u; + + bn_check_top(a); + bn_check_top(b); + + if (BN_is_zero(b)) + return(BN_one(r)); + + if (BN_abs_is_word(b, 1)) + return (BN_copy(r, a) != NULL); + + BN_CTX_start(ctx); + if ((u = BN_CTX_get(ctx)) == NULL) goto err; + + if (!BN_GF2m_mod_arr(u, a, p)) goto err; + + n = BN_num_bits(b) - 1; + for (i = n - 1; i >= 0; i--) + { + if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err; + if (BN_is_bit_set(b, i)) + { + if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err; + } + } + if (!BN_copy(r, u)) goto err; + bn_check_top(r); + ret = 1; +err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the bth power of a, reduce modulo p, and store + * the result in r. r could be a. + * + * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_exp_arr function. + */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; + const int max = BN_num_bits(p); + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) + { + BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); + bn_check_top(r); +err: + if (arr) OPENSSL_free(arr); + return ret; + } + +/* Compute the square root of a, reduce modulo p, and store + * the result in r. r could be a. + * Uses exponentiation as in algorithm A.4.1 from IEEE P1363. + */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) + { + int ret = 0; + BIGNUM *u; + + bn_check_top(a); + + if (!p[0]) + { + /* reduction mod 1 => return 0 */ + BN_zero(r); + return 1; + } + + BN_CTX_start(ctx); + if ((u = BN_CTX_get(ctx)) == NULL) goto err; + + if (!BN_set_bit(u, p[0] - 1)) goto err; + ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the square root of a, reduce modulo p, and store + * the result in r. r could be a. + * + * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_sqrt_arr function. + */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; + const int max = BN_num_bits(p); + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) + { + BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); + bn_check_top(r); +err: + if (arr) OPENSSL_free(arr); + return ret; + } + +/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. + * Uses algorithms A.4.7 and A.4.6 from IEEE P1363. + */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx) + { + int ret = 0, count = 0; + unsigned int j; + BIGNUM *a, *z, *rho, *w, *w2, *tmp; + + bn_check_top(a_); + + if (!p[0]) + { + /* reduction mod 1 => return 0 */ + BN_zero(r); + return 1; + } + + BN_CTX_start(ctx); + a = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + w = BN_CTX_get(ctx); + if (w == NULL) goto err; + + if (!BN_GF2m_mod_arr(a, a_, p)) goto err; + + if (BN_is_zero(a)) + { + BN_zero(r); + ret = 1; + goto err; + } + + if (p[0] & 0x1) /* m is odd */ + { + /* compute half-trace of a */ + if (!BN_copy(z, a)) goto err; + for (j = 1; j <= (p[0] - 1) / 2; j++) + { + if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; + if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; + if (!BN_GF2m_add(z, z, a)) goto err; + } + + } + else /* m is even */ + { + rho = BN_CTX_get(ctx); + w2 = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) goto err; + do + { + if (!BN_rand(rho, p[0], 0, 0)) goto err; + if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; + BN_zero(z); + if (!BN_copy(w, rho)) goto err; + for (j = 1; j <= p[0] - 1; j++) + { + if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; + if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err; + if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err; + if (!BN_GF2m_add(z, z, tmp)) goto err; + if (!BN_GF2m_add(w, w2, rho)) goto err; + } + count++; + } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); + if (BN_is_zero(w)) + { + BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS); + goto err; + } + } + + if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err; + if (!BN_GF2m_add(w, z, w)) goto err; + if (BN_GF2m_cmp(w, a)) + { + BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); + goto err; + } + + if (!BN_copy(r, z)) goto err; + bn_check_top(r); + + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; + } + +/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. + * + * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_solve_quad_arr function. + */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + { + int ret = 0; + const int max = BN_num_bits(p); + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * + max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) + { + BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); + bn_check_top(r); +err: + if (arr) OPENSSL_free(arr); + return ret; + } + +/* Convert the bit-string representation of a polynomial + * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array + * of integers corresponding to the bits with non-zero coefficient. + * Up to max elements of the array will be filled. Return value is total + * number of coefficients that would be extracted if array was large enough. + */ +int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) + { + int i, j, k = 0; + BN_ULONG mask; + + if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) + /* a_0 == 0 => return error (the unsigned int array + * must be terminated by 0) + */ + return 0; + + for (i = a->top - 1; i >= 0; i--) + { + if (!a->d[i]) + /* skip word if a->d[i] == 0 */ + continue; + mask = BN_TBIT; + for (j = BN_BITS2 - 1; j >= 0; j--) + { + if (a->d[i] & mask) + { + if (k < max) p[k] = BN_BITS2 * i + j; + k++; + } + mask >>= 1; + } + } + + return k; + } + +/* Convert the coefficient array representation of a polynomial to a + * bit-string. The array must be terminated by 0. + */ +int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) + { + int i; + + bn_check_top(a); + BN_zero(a); + for (i = 0; p[i] != 0; i++) + { + if (BN_set_bit(a, p[i]) == 0) + return 0; + } + BN_set_bit(a, 0); + bn_check_top(a); + + return 1; + } + diff --git a/crypto/openssl/crypto/bn/bn_kron.c b/crypto/openssl/crypto/bn/bn_kron.c index 49f7559..740359b 100644 --- a/crypto/openssl/crypto/bn/bn_kron.c +++ b/crypto/openssl/crypto/bn/bn_kron.c @@ -53,9 +53,9 @@ * */ +#include "cryptlib.h" #include "bn_lcl.h" - /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) @@ -74,6 +74,9 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) */ static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; + bn_check_top(a); + bn_check_top(b); + BN_CTX_start(ctx); A = BN_CTX_get(ctx); B = BN_CTX_get(ctx); @@ -172,8 +175,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) tmp = A; A = B; B = tmp; tmp->neg = 0; } - - end: +end: BN_CTX_end(ctx); if (err) return -2; diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h index 253e195..ad4ca7f 100644 --- a/crypto/openssl/crypto/bn/bn_lcl.h +++ b/crypto/openssl/crypto/bn/bn_lcl.h @@ -119,20 +119,6 @@ extern "C" { #endif -/* Used for temp variables */ -#define BN_CTX_NUM 32 -#define BN_CTX_NUM_POS 12 -struct bignum_ctx - { - int tos; - BIGNUM bn[BN_CTX_NUM]; - int flags; - int depth; - int pos[BN_CTX_NUM_POS]; - int too_many; - } /* BN_CTX */; - - /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * @@ -177,6 +163,45 @@ struct bignum_ctx +/* BN_mod_exp_mont_conttime is based on the assumption that the + * L1 data cache line width of the target processor is at least + * the following value. + */ +#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) +#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) + +/* Window sizes optimized for fixed window size modular exponentiation + * algorithm (BN_mod_exp_mont_consttime). + * + * To achieve the security goals of BN_mode_exp_mont_consttime, the + * maximum size of the window must not exceed + * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). + * + * Window size thresholds are defined for cache line sizes of 32 and 64, + * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A + * window size of 7 should only be used on processors that have a 128 + * byte or greater cache line size. + */ +#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 + +# define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 937 ? 6 : \ + (b) > 306 ? 5 : \ + (b) > 89 ? 4 : \ + (b) > 22 ? 3 : 1) +# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) + +#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 + +# define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 306 ? 5 : \ + (b) > 89 ? 4 : \ + (b) > 22 ? 3 : 1) +# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) + +#endif + + /* Pentium pro 16,16,16,32,64 */ /* Alpha 16,16,16,16.64 */ #define BN_MULL_SIZE_NORMAL (16) /* 32 */ @@ -245,6 +270,15 @@ struct bignum_ctx : "a"(a),"g"(b) \ : "cc"); # endif +# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) +# if defined(_MSC_VER) && _MSC_VER>=1400 + unsigned __int64 __umulh (unsigned __int64 a,unsigned __int64 b); + unsigned __int64 _umul128 (unsigned __int64 a,unsigned __int64 b, + unsigned __int64 *h); +# pragma intrinsic(__umulh,_umul128) +# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) +# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) +# endif # endif /* cpu */ #endif /* OPENSSL_NO_ASM */ @@ -254,44 +288,17 @@ struct bignum_ctx #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) -/* This is used for internal error checking and is not normally used */ -#ifdef BN_DEBUG -# include -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); -#else -# define bn_check_top(a) -#endif - -/* This macro is to add extra stuff for development checking */ -#ifdef BN_DEBUG -#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) -#else -#define bn_set_max(r) -#endif - -/* These macros are used to 'take' a section of a bignum for read only use */ -#define bn_set_low(r,a,n) \ - { \ - (r)->top=((a)->top > (n))?(n):(a)->top; \ - (r)->d=(a)->d; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - -#define bn_set_high(r,a,n) \ +#ifdef BN_DEBUG_RAND +#define bn_clear_top2max(a) \ { \ - if ((a)->top > (n)) \ - { \ - (r)->top=(a)->top-n; \ - (r)->d= &((a)->d[n]); \ - } \ - else \ - (r)->top=0; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ + int ind = (a)->dmax - (a)->top; \ + BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ + for (; ind != 0; ind--) \ + *(++ftl) = 0x0; \ } +#else +#define bn_clear_top2max(a) +#endif #ifdef BN_LLONG #define mul_add(r,a,w,c) { \ @@ -315,6 +322,33 @@ struct bignum_ctx (r1)=Hw(t); \ } +#elif defined(BN_UMULT_LOHI) +#define mul_add(r,a,w,c) { \ + BN_ULONG high,low,ret,tmp=(a); \ + ret = (r); \ + BN_UMULT_LOHI(low,high,w,tmp); \ + ret += (c); \ + (c) = (ret<(c))?1:0; \ + (c) += high; \ + ret += low; \ + (c) += (ret= 0) { - if (mult > (sizeof(int)*8)-1) + if (mult > (int)(sizeof(int)*8)-1) mult=sizeof(int)*8-1; bn_limit_bits=mult; bn_limit_num=1<= 0) { - if (high > (sizeof(int)*8)-1) + if (high > (int)(sizeof(int)*8)-1) high=sizeof(int)*8-1; bn_limit_bits_high=high; bn_limit_num_high=1<= 0) { - if (low > (sizeof(int)*8)-1) + if (low > (int)(sizeof(int)*8)-1) low=sizeof(int)*8-1; bn_limit_bits_low=low; bn_limit_num_low=1<= 0) { - if (mont > (sizeof(int)*8)-1) + if (mont > (int)(sizeof(int)*8)-1) mont=sizeof(int)*8-1; bn_limit_bits_mont=mont; bn_limit_num_mont=1<top - 1; bn_check_top(a); - if (a->top == 0) return(0); - l=a->d[a->top-1]; - assert(l != 0); - i=(a->top-1)*BN_BITS2; - return(i+BN_num_bits_word(l)); + if (BN_is_zero(a)) return 0; + return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); } void BN_clear_free(BIGNUM *a) @@ -261,6 +259,7 @@ void BN_clear_free(BIGNUM *a) int i; if (a == NULL) return; + bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); @@ -276,16 +275,24 @@ void BN_clear_free(BIGNUM *a) void BN_free(BIGNUM *a) { if (a == NULL) return; + bn_check_top(a); if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); - a->flags|=BN_FLG_FREE; /* REMOVE? */ if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); + else + { +#ifndef OPENSSL_NO_DEPRECATED + a->flags|=BN_FLG_FREE; +#endif + a->d = NULL; + } } void BN_init(BIGNUM *a) { memset(a,0,sizeof(BIGNUM)); + bn_check_top(a); } BIGNUM *BN_new(void) @@ -302,6 +309,7 @@ BIGNUM *BN_new(void) ret->neg=0; ret->dmax=0; ret->d=NULL; + bn_check_top(ret); return(ret); } @@ -313,19 +321,19 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; + bn_check_top(b); + if (words > (INT_MAX/(4*BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); return NULL; } - - bn_check_top(b); if (BN_get_flags(b,BN_FLG_STATIC_DATA)) { BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); return(NULL); } - a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1)); + a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words); if (A == NULL) { BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); @@ -363,19 +371,8 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) } } - /* Now need to zero any data between b->top and b->max */ - /* XXX Why? */ - - A= &(a[b->top]); - for (i=(words - b->top)>>3; i>0; i--,A+=8) - { - A[0]=0; A[1]=0; A[2]=0; A[3]=0; - A[4]=0; A[5]=0; A[6]=0; A[7]=0; - } - for (i=(words - b->top)&7; i>0; i--,A++) - A[0]=0; #else - memset(A,0,sizeof(BN_ULONG)*(words+1)); + memset(A,0,sizeof(BN_ULONG)*words); memcpy(A,b->d,sizeof(b->d[0])*b->top); #endif @@ -393,16 +390,19 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) * while bn_dup_expand() makes sure allocation is made only once. */ +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *bn_dup_expand(const BIGNUM *b, int words) { BIGNUM *r = NULL; + bn_check_top(b); + /* This function does not work if * words <= b->dmax && top < words * because BN_dup() does not preserve 'dmax'! * (But bn_dup_expand() is not used anywhere yet.) */ - + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); @@ -431,48 +431,67 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) r = BN_dup(b); } + bn_check_top(r); return r; } +#endif /* This is an internal function that should not be used in applications. - * It ensures that 'b' has enough room for a 'words' word number number. + * It ensures that 'b' has enough room for a 'words' word number + * and initialises any unused part of b->d with leading zeros. * It is mostly used by the various BIGNUM routines. If there is an error, * NULL is returned. If not, 'b' is returned. */ BIGNUM *bn_expand2(BIGNUM *b, int words) { + bn_check_top(b); + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); + if(!a) return NULL; + if(b->d) OPENSSL_free(b->d); + b->d=a; + b->dmax=words; + } - if (a) +/* None of this should be necessary because of what b->top means! */ +#if 0 + /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ + if (b->top < b->dmax) + { + int i; + BN_ULONG *A = &(b->d[b->top]); + for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) { - if (b->d) - OPENSSL_free(b->d); - b->d=a; - b->dmax=words; + A[0]=0; A[1]=0; A[2]=0; A[3]=0; + A[4]=0; A[5]=0; A[6]=0; A[7]=0; } - else - b = NULL; + for (i=(b->dmax - b->top)&7; i>0; i--,A++) + A[0]=0; + assert(A == &(b->d[b->dmax])); } +#endif + bn_check_top(b); return b; } BIGNUM *BN_dup(const BIGNUM *a) { - BIGNUM *r, *t; + BIGNUM *t; if (a == NULL) return NULL; - bn_check_top(a); t = BN_new(); - if (t == NULL) return(NULL); - r = BN_copy(t, a); - /* now r == t || r == NULL */ - if (r == NULL) + if (t == NULL) return NULL; + if(!BN_copy(t, a)) + { BN_free(t); - return r; + return NULL; + } + bn_check_top(t); + return t; } BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) @@ -506,11 +525,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d,b->d,sizeof(b->d[0])*b->top); #endif -/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ a->top=b->top; - if ((a->top == 0) && (a->d != NULL)) - a->d[0]=0; a->neg=b->neg; + bn_check_top(a); return(a); } @@ -520,6 +537,9 @@ void BN_swap(BIGNUM *a, BIGNUM *b) BN_ULONG *tmp_d; int tmp_top, tmp_dmax, tmp_neg; + bn_check_top(a); + bn_check_top(b); + flags_old_a = a->flags; flags_old_b = b->flags; @@ -540,11 +560,13 @@ void BN_swap(BIGNUM *a, BIGNUM *b) a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + bn_check_top(a); + bn_check_top(b); } - void BN_clear(BIGNUM *a) { + bn_check_top(a); if (a->d != NULL) memset(a->d,0,a->dmax*sizeof(a->d[0])); a->top=0; @@ -553,49 +575,22 @@ void BN_clear(BIGNUM *a) BN_ULONG BN_get_word(const BIGNUM *a) { - int i,n; - BN_ULONG ret=0; - - n=BN_num_bytes(a); - if (n > sizeof(BN_ULONG)) - return(BN_MASK2); - for (i=a->top-1; i>=0; i--) - { -#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ - ret<<=BN_BITS4; /* stops the compiler complaining */ - ret<<=BN_BITS4; -#else - ret=0; -#endif - ret|=a->d[i]; - } - return(ret); + if (a->top > 1) + return BN_MASK2; + else if (a->top == 1) + return a->d[0]; + /* a->top == 0 */ + return 0; } int BN_set_word(BIGNUM *a, BN_ULONG w) { - int i,n; - if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); - - n=sizeof(BN_ULONG)/BN_BYTES; - a->neg=0; - a->top=0; - a->d[0]=(BN_ULONG)w&BN_MASK2; - if (a->d[0] != 0) a->top=1; - for (i=1; i>=BN_BITS2 so compilers don't complain - * on builds where sizeof(long) == BN_TYPES */ -#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ - w>>=BN_BITS4; - w>>=BN_BITS4; -#else - w=0; -#endif - a->d[i]=(BN_ULONG)w&BN_MASK2; - if (a->d[i] != 0) a->top=i+1; - } + bn_check_top(a); + if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); + a->neg = 0; + a->d[0] = w; + a->top = (w ? 1 : 0); + bn_check_top(a); return(1); } @@ -604,9 +599,12 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) unsigned int i,m; unsigned int n; BN_ULONG l; + BIGNUM *bn = NULL; - if (ret == NULL) ret=BN_new(); + if (ret == NULL) + ret = bn = BN_new(); if (ret == NULL) return(NULL); + bn_check_top(ret); l=0; n=len; if (n == 0) @@ -614,13 +612,16 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) ret->top=0; return(ret); } - if (bn_expand(ret,(int)(n+2)*8) == NULL) - return(NULL); i=((n-1)/BN_BYTES)+1; m=((n-1)%(BN_BYTES)); + if (bn_wexpand(ret, (int)i) == NULL) + { + if (bn) BN_free(bn); + return NULL; + } ret->top=i; ret->neg=0; - while (n-- > 0) + while (n--) { l=(l<<8L)| *(s++); if (m-- == 0) @@ -632,7 +633,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* need to call this due to clear byte at top if avoiding * having the top bit set (-ve number) */ - bn_fix_top(ret); + bn_correct_top(ret); return(ret); } @@ -642,8 +643,9 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to) int n,i; BN_ULONG l; + bn_check_top(a); n=i=BN_num_bytes(a); - while (i-- > 0) + while (i--) { l=a->d[i/BN_BYTES]; *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; @@ -668,7 +670,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) t1= ap[i]; t2= bp[i]; if (t1 != t2) - return(t1 > t2?1:-1); + return((t1 > t2) ? 1 : -1); } return(0); } @@ -718,6 +720,9 @@ int BN_set_bit(BIGNUM *a, int n) { int i,j,k; + if (n < 0) + return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) @@ -729,6 +734,7 @@ int BN_set_bit(BIGNUM *a, int n) } a->d[i]|=(((BN_ULONG)1)<top <= i) return(0); a->d[i]&=(~(((BN_ULONG)1)<top <= i) return(0); + if (a->top <= i) return 0; return((a->d[i]&(((BN_ULONG)1)<= a->top) return(0); + if (w >= a->top) return 0; if (b == 0) a->top=w; else @@ -770,10 +783,18 @@ int BN_mask_bits(BIGNUM *a, int n) a->top=w+1; a->d[w]&= ~(BN_MASK2<neg = 1; + else + a->neg = 0; + } + int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) { int i; diff --git a/crypto/openssl/crypto/bn/bn_mod.c b/crypto/openssl/crypto/bn/bn_mod.c index 5cf8248..77d6ddb 100644 --- a/crypto/openssl/crypto/bn/bn_mod.c +++ b/crypto/openssl/crypto/bn/bn_mod.c @@ -149,7 +149,7 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_ * and less than m */ int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { - if (!BN_add(r, a, b)) return 0; + if (!BN_uadd(r, a, b)) return 0; if (BN_ucmp(r, m) >= 0) return BN_usub(r, r, m); return 1; @@ -192,6 +192,7 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, else { if (!BN_mul(t,a,b,ctx)) goto err; } if (!BN_nnmod(r,t,m,ctx)) goto err; + bn_check_top(r); ret=1; err: BN_CTX_end(ctx); @@ -210,6 +211,7 @@ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) { if (!BN_lshift1(r, a)) return 0; + bn_check_top(r); return BN_nnmod(r, r, m, ctx); } @@ -219,6 +221,7 @@ int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) { if (!BN_lshift1(r, a)) return 0; + bn_check_top(r); if (BN_cmp(r, m) >= 0) return BN_sub(r, r, m); return 1; @@ -240,6 +243,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ct } ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + bn_check_top(r); if (abs_m) BN_free(abs_m); @@ -291,6 +295,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) if (!BN_sub(r, r, m)) return 0; } } + bn_check_top(r); return 1; } diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c index c9ebdba..42376da 100644 --- a/crypto/openssl/crypto/bn/bn_mont.c +++ b/crypto/openssl/crypto/bn/bn_mont.c @@ -90,6 +90,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; + bn_check_top(r); ret=1; err: BN_CTX_end(ctx); @@ -172,7 +173,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; } } - bn_fix_top(r); + bn_correct_top(r); /* mont->ri will be a multiple of the word size */ #if 0 @@ -229,6 +230,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, if (!BN_usub(ret,ret,&(mont->N))) goto err; } retn=1; + bn_check_top(ret); err: BN_CTX_end(ctx); return(retn); @@ -269,11 +271,13 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { - BIGNUM Ri,*R; + int ret = 0; + BIGNUM *Ri,*R; - BN_init(&Ri); + BN_CTX_start(ctx); + if((Ri = BN_CTX_get(ctx)) == NULL) goto err; R= &(mont->RR); /* grab RR as a temp */ - BN_copy(&(mont->N),mod); /* Set N */ + if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ mont->N.neg = 0; #ifdef MONT_WORD @@ -282,57 +286,56 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_ULONG buf[2]; mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - if (!(BN_zero(R))) goto err; + BN_zero(R); if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ buf[0]=mod->d[0]; /* tmod = N mod word size */ buf[1]=0; tmod.d=buf; - tmod.top=1; + tmod.top = buf[0] != 0 ? 1 : 0; tmod.dmax=2; tmod.neg=0; /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) + if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) goto err; - if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */ - if (!BN_is_zero(&Ri)) + if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) { - if (!BN_sub_word(&Ri,1)) goto err; + if (!BN_sub_word(Ri,1)) goto err; } else /* if N mod word size == 1 */ { - if (!BN_set_word(&Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ + if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ } - if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err; + if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; /* Ni = (R*Ri-1)/N, * keep only least significant word: */ - mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0; - BN_free(&Ri); + mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; } #else /* !MONT_WORD */ { /* bignum version */ mont->ri=BN_num_bits(&mont->N); - if (!BN_zero(R)) goto err; + BN_zero(R); if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL) + if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) goto err; - if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */ - if (!BN_sub_word(&Ri,1)) goto err; + if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ + if (!BN_sub_word(Ri,1)) goto err; /* Ni = (R*Ri-1) / N */ - if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err; - BN_free(&Ri); + if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; } #endif /* setup RR for conversions */ - if (!BN_zero(&(mont->RR))) goto err; + BN_zero(&(mont->RR)); if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; - return(1); + ret = 1; err: - return(0); + BN_CTX_end(ctx); + return ret; } BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) @@ -347,3 +350,21 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) return(to); } +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { + if (*pmont) + return *pmont; + CRYPTO_w_lock(lock); + if (!*pmont) + { + BN_MONT_CTX *mtmp; + mtmp = BN_MONT_CTX_new(); + if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx)) + BN_MONT_CTX_free(mtmp); + else + *pmont = mtmp; + } + CRYPTO_w_unlock(lock); + return *pmont; + } diff --git a/crypto/openssl/crypto/bn/bn_mpi.c b/crypto/openssl/crypto/bn/bn_mpi.c index 05fa9d1..a054d21a 100644 --- a/crypto/openssl/crypto/bn/bn_mpi.c +++ b/crypto/openssl/crypto/bn/bn_mpi.c @@ -124,6 +124,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) { BN_clear_bit(a,BN_num_bits(a)-1); } + bn_check_top(a); return(a); } diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/openssl/crypto/bn/bn_mul.c index 3ae3822..aec1eaf 100644 --- a/crypto/openssl/crypto/bn/bn_mul.c +++ b/crypto/openssl/crypto/bn/bn_mul.c @@ -56,10 +56,325 @@ * [including the GNU Public Licence.] */ +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + #include +#include #include "cryptlib.h" #include "bn_lcl.h" +#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) +/* Here follows specialised variants of bn_add_words() and + bn_sub_words(). They have the property performing operations on + arrays of different sizes. The sizes of those arrays is expressed through + cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, + which is the delta between the two lengths, calculated as len(a)-len(b). + All lengths are the number of BN_ULONGs... For the operations that require + a result array as parameter, it must have the length cl+abs(dl). + These functions should probably end up in bn_asm.c as soon as there are + assembler counterparts for the systems that use assembler files. */ + +BN_ULONG bn_sub_part_words(BN_ULONG *r, + const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) + { + BN_ULONG c, t; + + assert(cl >= 0); + c = bn_sub_words(r, a, b, cl); + + if (dl == 0) + return c; + + r += cl; + a += cl; + b += cl; + + if (dl < 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); +#endif + for (;;) + { + t = b[0]; + r[0] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + t = b[1]; + r[1] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + t = b[2]; + r[2] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + t = b[3]; + r[3] = (0-t-c)&BN_MASK2; + if (t != 0) c=1; + if (++dl >= 0) break; + + b += 4; + r += 4; + } + } + else + { + int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); +#endif + while(c) + { + t = a[0]; + r[0] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + t = a[1]; + r[1] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + t = a[2]; + r[2] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + t = a[3]; + r[3] = (t-c)&BN_MASK2; + if (t != 0) c=0; + if (--dl <= 0) break; + + save_dl = dl; + a += 4; + r += 4; + } + if (dl > 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); +#endif + if (save_dl > dl) + { + switch (save_dl - dl) + { + case 1: + r[1] = a[1]; + if (--dl <= 0) break; + case 2: + r[2] = a[2]; + if (--dl <= 0) break; + case 3: + r[3] = a[3]; + if (--dl <= 0) break; + } + a += 4; + r += 4; + } + } + if (dl > 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); +#endif + for(;;) + { + r[0] = a[0]; + if (--dl <= 0) break; + r[1] = a[1]; + if (--dl <= 0) break; + r[2] = a[2]; + if (--dl <= 0) break; + r[3] = a[3]; + if (--dl <= 0) break; + + a += 4; + r += 4; + } + } + } + return c; + } +#endif + +BN_ULONG bn_add_part_words(BN_ULONG *r, + const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) + { + BN_ULONG c, l, t; + + assert(cl >= 0); + c = bn_add_words(r, a, b, cl); + + if (dl == 0) + return c; + + r += cl; + a += cl; + b += cl; + + if (dl < 0) + { + int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); +#endif + while (c) + { + l=(c+b[0])&BN_MASK2; + c=(l < c); + r[0]=l; + if (++dl >= 0) break; + + l=(c+b[1])&BN_MASK2; + c=(l < c); + r[1]=l; + if (++dl >= 0) break; + + l=(c+b[2])&BN_MASK2; + c=(l < c); + r[2]=l; + if (++dl >= 0) break; + + l=(c+b[3])&BN_MASK2; + c=(l < c); + r[3]=l; + if (++dl >= 0) break; + + save_dl = dl; + b+=4; + r+=4; + } + if (dl < 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); +#endif + if (save_dl < dl) + { + switch (dl - save_dl) + { + case 1: + r[1] = b[1]; + if (++dl >= 0) break; + case 2: + r[2] = b[2]; + if (++dl >= 0) break; + case 3: + r[3] = b[3]; + if (++dl >= 0) break; + } + b += 4; + r += 4; + } + } + if (dl < 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); +#endif + for(;;) + { + r[0] = b[0]; + if (++dl >= 0) break; + r[1] = b[1]; + if (++dl >= 0) break; + r[2] = b[2]; + if (++dl >= 0) break; + r[3] = b[3]; + if (++dl >= 0) break; + + b += 4; + r += 4; + } + } + } + else + { + int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); +#endif + while (c) + { + t=(a[0]+c)&BN_MASK2; + c=(t < c); + r[0]=t; + if (--dl <= 0) break; + + t=(a[1]+c)&BN_MASK2; + c=(t < c); + r[1]=t; + if (--dl <= 0) break; + + t=(a[2]+c)&BN_MASK2; + c=(t < c); + r[2]=t; + if (--dl <= 0) break; + + t=(a[3]+c)&BN_MASK2; + c=(t < c); + r[3]=t; + if (--dl <= 0) break; + + save_dl = dl; + a+=4; + r+=4; + } +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); +#endif + if (dl > 0) + { + if (save_dl > dl) + { + switch (save_dl - dl) + { + case 1: + r[1] = a[1]; + if (--dl <= 0) break; + case 2: + r[2] = a[2]; + if (--dl <= 0) break; + case 3: + r[3] = a[3]; + if (--dl <= 0) break; + } + a += 4; + r += 4; + } + } + if (dl > 0) + { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); +#endif + for(;;) + { + r[0] = a[0]; + if (--dl <= 0) break; + r[1] = a[1]; + if (--dl <= 0) break; + r[2] = a[2]; + if (--dl <= 0) break; + r[3] = a[3]; + if (--dl <= 0) break; + + a += 4; + r += 4; + } + } + } + return c; + } + #ifdef BN_RECURSION /* Karatsuba recursive multiplication algorithm * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ @@ -75,14 +390,15 @@ * a[1]*b[1] */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) + int dna, int dnb, BN_ULONG *t) { int n=n2/2,c1,c2; + int tna=n+dna, tnb=n+dnb; unsigned int neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT - printf(" bn_mul_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); # endif # ifdef BN_MUL_COMBA # if 0 @@ -92,34 +408,40 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, return; } # endif - if (n2 == 8) + /* Only call bn_mul_comba 8 if n2 == 8 and the + * two arrays are complete [steve] + */ + if (n2 == 8 && dna == 0 && dnb == 0) { bn_mul_comba8(r,a,b); return; } # endif /* BN_MUL_COMBA */ + /* Else do normal multiply */ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { - /* This should not happen */ - bn_mul_normal(r,a,n2,b,n2); + bn_mul_normal(r,a,n2+dna,b,n2+dnb); + if ((dna + dnb) < 0) + memset(&r[2*n2 + dna + dnb], 0, + sizeof(BN_ULONG) * -(dna + dnb)); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - c2=bn_cmp_words(&(b[n]),b,n); + c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); + c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); zero=neg=0; switch (c1*3+c2) { case -4: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: zero=1; break; case -2: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ neg=1; break; case -1: @@ -128,21 +450,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, zero=1; break; case 2: - bn_sub_words(t, a, &(a[n]),n); /* + */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ neg=1; break; case 3: zero=1; break; case 4: - bn_sub_words(t, a, &(a[n]),n); - bn_sub_words(&(t[n]),&(b[n]),b, n); + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); break; } # ifdef BN_MUL_COMBA - if (n == 4) + if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take + extra args to do this well */ { if (!zero) bn_mul_comba4(&(t[n2]),t,&(t[n])); @@ -152,7 +475,9 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, bn_mul_comba4(r,a,b); bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); } - else if (n == 8) + else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could + take extra args to do this + well */ { if (!zero) bn_mul_comba8(&(t[n2]),t,&(t[n])); @@ -167,11 +492,11 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, { p= &(t[n2*2]); if (!zero) - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); + bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); else memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); - bn_mul_recursive(r,a,b,n,p); - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p); + bn_mul_recursive(r,a,b,n,0,0,p); + bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); } /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign @@ -220,39 +545,39 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, /* n+tn is the word length * t needs to be n*4 is size, as does r */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, - int n, BN_ULONG *t) +void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT - printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n); + fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", + tna, n, tnb, n); # endif if (n < 8) { - i=tn+n; - bn_mul_normal(r,a,i,b,i); + bn_mul_normal(r,a,n+tna,b,n+tnb); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - c2=bn_cmp_words(&(b[n]),b,n); + c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); + c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); zero=neg=0; switch (c1*3+c2) { case -4: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: zero=1; /* break; */ case -2: - bn_sub_words(t, &(a[n]),a, n); /* - */ - bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ + bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ neg=1; break; case -1: @@ -261,16 +586,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, zero=1; /* break; */ case 2: - bn_sub_words(t, a, &(a[n]),n); /* + */ - bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ + bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ neg=1; break; case 3: zero=1; /* break; */ case 4: - bn_sub_words(t, a, &(a[n]),n); - bn_sub_words(&(t[n]),&(b[n]),b, n); + bn_sub_part_words(t, a, &(a[n]),tna,n-tna); + bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); break; } /* The zero case isn't yet implemented here. The speedup @@ -289,54 +614,59 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, { bn_mul_comba8(&(t[n2]),t,&(t[n])); bn_mul_comba8(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); - memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); + bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); + memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); } else { p= &(t[n2*2]); - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); - bn_mul_recursive(r,a,b,n,p); + bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); + bn_mul_recursive(r,a,b,n,0,0,p); i=n/2; /* If there is only a bottom half to the number, * just do it */ - j=tn-i; + if (tna > tnb) + j = tna - i; + else + j = tnb - i; if (j == 0) { - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p); + bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), + i,tna-i,tnb-i,p); memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); } else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ { bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), - j,i,p); - memset(&(r[n2+tn*2]),0, - sizeof(BN_ULONG)*(n2-tn*2)); + i,tna-i,tnb-i,p); + memset(&(r[n2+tna+tnb]),0, + sizeof(BN_ULONG)*(n2-tna-tnb)); } else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ { memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); - if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL) + if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL + && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); + bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); } else { for (;;) { i/=2; - if (i < tn) + if (i < tna && i < tnb) { bn_mul_part_recursive(&(r[n2]), &(a[n]),&(b[n]), - tn-i,i,p); + i,tna-i,tnb-i,p); break; } - else if (i == tn) + else if (i <= tna && i <= tnb) { bn_mul_recursive(&(r[n2]), &(a[n]),&(b[n]), - i,p); + i,tna-i,tnb-i,p); break; } } @@ -397,10 +727,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int n=n2/2; # ifdef BN_COUNT - printf(" bn_mul_low_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); # endif - bn_mul_recursive(r,a,b,n,&(t[0])); + bn_mul_recursive(r,a,b,n,0,0,&(t[0])); if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); @@ -431,7 +761,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, BN_ULONG ll,lc,*lp,*mp; # ifdef BN_COUNT - printf(" bn_mul_high %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); # endif n=n2/2; @@ -484,8 +814,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, else # endif { - bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2])); - bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2])); + bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); + bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); } /* s0 == low(al*bl) @@ -610,19 +940,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { + int ret=0; int top,al,bl; BIGNUM *rr; - int ret = 0; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) int i; #endif #ifdef BN_RECURSION - BIGNUM *t; - int j,k; + BIGNUM *t=NULL; + int j=0,k; #endif #ifdef BN_COUNT - printf("BN_mul %d * %d\n",a->top,b->top); + fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); #endif bn_check_top(a); @@ -634,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if ((al == 0) || (bl == 0)) { - if (!BN_zero(r)) goto err; + BN_zero(r); return(1); } top=al+bl; @@ -675,21 +1005,55 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #ifdef BN_RECURSION if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { - if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bldmax) + if (i >= -1 && i <= 1) { -#if 0 /* tribute to const-ification, bldmax above covers for this */ - if (bn_wexpand(b,al) == NULL) goto err; -#endif - b->d[bl]=0; + int sav_j =0; + /* Find out the power of two lower or equal + to the longest of the two numbers */ + if (i >= 0) + { + j = BN_num_bits_word((BN_ULONG)al); + } + if (i == -1) + { + j = BN_num_bits_word((BN_ULONG)bl); + } + sav_j = j; + j = 1<<(j-1); + assert(j <= al || j <= bl); + k = j+j; + t = BN_CTX_get(ctx); + if (al > j || bl > j) + { + bn_wexpand(t,k*4); + bn_wexpand(rr,k*4); + bn_mul_part_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } + else /* al <= j || bl <= j */ + { + bn_wexpand(t,k*2); + bn_wexpand(rr,k*2); + bn_mul_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } + rr->top=top; + goto end; + } +#if 0 + if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) + { + BIGNUM *tmp_bn = (BIGNUM *)b; + if (bn_wexpand(tmp_bn,al) == NULL) goto err; + tmp_bn->d[bl]=0; bl++; i--; } - else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && aldmax) + else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) { -#if 0 /* tribute to const-ification, aldmax above covers for this */ - if (bn_wexpand(a,bl) == NULL) goto err; -#endif - a->d[al]=0; + BIGNUM *tmp_bn = (BIGNUM *)a; + if (bn_wexpand(tmp_bn,bl) == NULL) goto err; + tmp_bn->d[al]=0; al++; i++; } @@ -706,26 +1070,17 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if (bn_wexpand(t,k*2) == NULL) goto err; if (bn_wexpand(rr,k*2) == NULL) goto err; bn_mul_recursive(rr->d,a->d,b->d,al,t->d); - rr->top=top; - goto end; } -#if 0 /* tribute to const-ification, rsa/dsa performance is not affected */ else { - if (bn_wexpand(a,k) == NULL ) goto err; - if (bn_wexpand(b,k) == NULL ) goto err; - if (bn_wexpand(t,k*4) == NULL ) goto err; - if (bn_wexpand(rr,k*4) == NULL ) goto err; - for (i=a->top; id[i]=0; - for (i=b->top; id[i]=0; + if (bn_wexpand(t,k*4) == NULL) goto err; + if (bn_wexpand(rr,k*4) == NULL) goto err; bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); } rr->top=top; goto end; -#endif } +#endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr,top) == NULL) goto err; @@ -735,10 +1090,11 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_fix_top(rr); + bn_correct_top(rr); if (r != rr) BN_copy(r,rr); ret=1; err: + bn_check_top(r); BN_CTX_end(ctx); return(ret); } @@ -748,7 +1104,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) BN_ULONG *rr; #ifdef BN_COUNT - printf(" bn_mul_normal %d * %d\n",na,nb); + fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); #endif if (na < nb) @@ -761,7 +1117,13 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) } rr= &(r[na]); - rr[0]=bn_mul_words(r,a,na,b[0]); + if (nb <= 0) + { + (void)bn_mul_words(r,a,na,0); + return; + } + else + rr[0]=bn_mul_words(r,a,na,b[0]); for (;;) { @@ -782,7 +1144,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { #ifdef BN_COUNT - printf(" bn_mul_low_normal %d * %d\n",n,n); + fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); #endif bn_mul_words(r,a,n,b[0]); diff --git a/crypto/openssl/crypto/bn/bn_nist.c b/crypto/openssl/crypto/bn/bn_nist.c new file mode 100644 index 0000000..f8e306b --- /dev/null +++ b/crypto/openssl/crypto/bn/bn_nist.c @@ -0,0 +1,775 @@ +/* crypto/bn/bn_nist.c */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "bn_lcl.h" +#include "cryptlib.h" + +#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 + +#if BN_BITS2 == 64 +static const BN_ULONG _nist_p_192[] = + {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL}; +static const BN_ULONG _nist_p_224[] = + {0x0000000000000001ULL,0xFFFFFFFF00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}; +static const BN_ULONG _nist_p_256[] = + {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}; +static const BN_ULONG _nist_p_384[] = + {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL, + 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}; +static const BN_ULONG _nist_p_521[] = + {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0x00000000000001FFULL}; +#elif BN_BITS2 == 32 +static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; +static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; +static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF}; +static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000, + 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; +static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0x000001FF}; +#elif BN_BITS2 == 16 +static const BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE, + 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; +static const BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000, + 0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; +static const BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, + 0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF, + 0xFFFF}; +static const BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000, + 0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, + 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; +static const BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, + 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, + 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, + 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF}; +#elif BN_BITS2 == 8 +static const BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF}; +static const BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; +static const BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF}; +static const BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; +static const BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0x01}; +#endif + +const BIGNUM *BN_get0_nist_prime_192(void) + { + static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, + BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_192; + } + +const BIGNUM *BN_get0_nist_prime_224(void) + { + static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, + BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_224; + } + +const BIGNUM *BN_get0_nist_prime_256(void) + { + static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, + BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_256; + } + +const BIGNUM *BN_get0_nist_prime_384(void) + { + static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, + BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_384; + } + +const BIGNUM *BN_get0_nist_prime_521(void) + { + static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_521; + } + +/* some misc internal functions */ +#if BN_BITS2 != 64 +static BN_ULONG _256_data[BN_NIST_256_TOP*6]; +static int _is_set_256_data = 0; +static void _init_256_data(void); + +static BN_ULONG _384_data[BN_NIST_384_TOP*8]; +static int _is_set_384_data = 0; +static void _init_384_data(void); +#endif + +#define BN_NIST_ADD_ONE(a) while (!(++(*(a)))) ++(a); + +static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) + { + int i; + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + for (i = (max) - (top); i != 0; i--) + *_tmp1++ = (BN_ULONG) 0; + } + +static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) + { + int i; + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + } + +#if BN_BITS2 == 64 +#define bn_cp_64(to, n, from, m) (to)[n] = (from)[m]; +#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; +/* TBD */ +#define bn_cp_32(to, n, from, m) (to)[n] = (from)[m]; +#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +#else +#define bn_cp_64(to, n, from, m) \ + { \ + bn_cp_32(to, (n)*2, from, (m)*2); \ + bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ + } +#define bn_64_set_0(to, n) \ + { \ + bn_32_set_0(to, (n)*2); \ + bn_32_set_0(to, (n)*2+1); \ + } +#if BN_BITS2 == 32 +#define bn_cp_32(to, n, from, m) (to)[n] = (from)[m]; +#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +#elif BN_BITS2 == 16 +#define bn_cp_32(to, n, from, m) \ + { \ + (to)[(n)*2] = (from)[(m)*2]; \ + (to)[(n)*2+1] = (from)[(m)*2+1];\ + } +#define bn_32_set_0(to, n) { (to)[(n)*2] = 0; (to)[(n)*2+1] = 0; } +#elif BN_BITS2 == 8 +#define bn_cp_32(to, n, from, m) \ + { \ + (to)[(n)*4] = (from)[(m)*4]; \ + (to)[(n)*4+1] = (from)[(m)*4+1];\ + (to)[(n)*4+2] = (from)[(m)*4+2];\ + (to)[(n)*4+3] = (from)[(m)*4+3];\ + } +#define bn_32_set_0(to, n) \ + { (to)[(n)*4] = (BN_ULONG)0; (to)[(n)*4+1] = (BN_ULONG)0; \ + (to)[(n)*4+2] = (BN_ULONG)0; (to)[(n)*4+3] = (BN_ULONG)0; } +#endif +#endif /* BN_BITS2 != 64 */ + + +#define nist_set_192(to, from, a1, a2, a3) \ + { \ + if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\ + bn_cp_64(to, 1, from, (a2) - 3) \ + if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\ + } + +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + BN_CTX *ctx) + { + int top = a->top, i; + BN_ULONG carry = 0; + register BN_ULONG *r_d, *a_d = a->d; + BN_ULONG t_d[BN_NIST_192_TOP], + buf[BN_NIST_192_TOP]; + + i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else if (i > 0) + return (r == a) ? 1 : (BN_copy(r ,a) != NULL); + + if (top == BN_NIST_192_TOP) + return BN_usub(r, a, field); + + if (r != a) + { + if (!bn_wexpand(r, BN_NIST_192_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); + } + else + r_d = a_d; + + nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); + +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma message save +# pragma message disable BADSUBSCRIPT +#endif + + nist_set_192(t_d, buf, 0, 3, 3); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) + ++carry; + + nist_set_192(t_d, buf, 4, 4, 0); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) + ++carry; + +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma message restore +#endif + + nist_set_192(t_d, buf, 5, 5, 5) + if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) + ++carry; + + while (carry) + { + if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP)) + --carry; + } + r->top = BN_NIST_192_TOP; + bn_correct_top(r); + if (BN_ucmp(r, field) >= 0) + { + bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); + bn_correct_top(r); + } + + bn_check_top(r); + return 1; + } + +#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ + { \ + if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\ + if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\ + if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\ + if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\ + if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\ + if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\ + if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\ + } + +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + BN_CTX *ctx) + { +#if BN_BITS2 != 64 + int top = a->top, i; + int carry = 0; + BN_ULONG *r_d, *a_d = a->d; + BN_ULONG t_d[BN_NIST_224_TOP], + buf[BN_NIST_224_TOP]; + + i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else if (i > 0) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); + + if (top == BN_NIST_224_TOP) + return BN_usub(r, a, field); + + if (r != a) + { + if (!bn_wexpand(r, BN_NIST_224_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); + } + else + r_d = a_d; + + nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); + + nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) + ++carry; + nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) + ++carry; + nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) + --carry; + nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) + --carry; + + if (carry > 0) + while (carry) + { + if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) + --carry; + } + else if (carry < 0) + while (carry) + { + if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) + ++carry; + } + + r->top = BN_NIST_224_TOP; + bn_correct_top(r); + if (BN_ucmp(r, field) >= 0) + { + bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); + bn_correct_top(r); + } + bn_check_top(r); + return 1; +#else + return 0; +#endif + } + +#if BN_BITS2 != 64 +static void _init_256_data(void) + { + int i; + BN_ULONG *tmp1 = _256_data; + const BN_ULONG *tmp2 = tmp1; + + memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG)); + tmp1 += BN_NIST_256_TOP; + + for (i=0; i<5; i++) + { + bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP); + tmp2 = tmp1; + tmp1 += BN_NIST_256_TOP; + } + _is_set_256_data = 1; + } +#endif + +#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ + { \ + if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\ + if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\ + if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\ + if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\ + if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\ + if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\ + if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\ + if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\ + } + +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + BN_CTX *ctx) + { +#if BN_BITS2 != 64 + int i, top = a->top; + int carry = 0; + register BN_ULONG *a_d = a->d, *r_d; + BN_ULONG t_d[BN_NIST_256_TOP], + t_d2[BN_NIST_256_TOP], + buf[BN_NIST_256_TOP]; + + if (!_is_set_256_data) + { + CRYPTO_w_lock(CRYPTO_LOCK_BN); + + if (!_is_set_256_data) + _init_256_data(); + + CRYPTO_w_unlock(CRYPTO_LOCK_BN); + } + + i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else if (i > 0) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); + + if (top == BN_NIST_256_TOP) + return BN_usub(r, a, field); + + if (r != a) + { + if (!bn_wexpand(r, BN_NIST_256_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); + } + else + r_d = a_d; + + nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP); + + /*S1*/ + nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); + /*S2*/ + nist_set_256(t_d2,buf, 0, 15, 14, 13, 12, 0, 0, 0); + if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP)) + carry = 2; + /* left shift */ + { + register BN_ULONG *ap,t,c; + ap = t_d; + c=0; + for (i = BN_NIST_256_TOP; i != 0; --i) + { + t= *ap; + *(ap++)=((t<<1)|c)&BN_MASK2; + c=(t & BN_TBIT)?1:0; + } + if (c) + ++carry; + } + + if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + ++carry; + /*S3*/ + nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + ++carry; + /*S4*/ + nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + ++carry; + /*D1*/ + nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + --carry; + /*D2*/ + nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + --carry; + /*D3*/ + nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + --carry; + /*D4*/ + nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) + --carry; + + if (carry) + { + if (carry > 0) + bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP * + --carry, BN_NIST_256_TOP); + else + { + carry = -carry; + bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP * + --carry, BN_NIST_256_TOP); + } + } + + r->top = BN_NIST_256_TOP; + bn_correct_top(r); + if (BN_ucmp(r, field) >= 0) + { + bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); + bn_correct_top(r); + } + bn_check_top(r); + return 1; +#else + return 0; +#endif + } + +#if BN_BITS2 != 64 +static void _init_384_data(void) + { + int i; + BN_ULONG *tmp1 = _384_data; + const BN_ULONG *tmp2 = tmp1; + + memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG)); + tmp1 += BN_NIST_384_TOP; + + for (i=0; i<7; i++) + { + bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP); + tmp2 = tmp1; + tmp1 += BN_NIST_384_TOP; + } + _is_set_384_data = 1; + } +#endif + +#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ + { \ + if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\ + if (a11 != 0) bn_cp_32(to, 1, from, (a11) - 12) else bn_32_set_0(to, 1)\ + if (a10 != 0) bn_cp_32(to, 2, from, (a10) - 12) else bn_32_set_0(to, 2)\ + if (a9 != 0) bn_cp_32(to, 3, from, (a9) - 12) else bn_32_set_0(to, 3)\ + if (a8 != 0) bn_cp_32(to, 4, from, (a8) - 12) else bn_32_set_0(to, 4)\ + if (a7 != 0) bn_cp_32(to, 5, from, (a7) - 12) else bn_32_set_0(to, 5)\ + if (a6 != 0) bn_cp_32(to, 6, from, (a6) - 12) else bn_32_set_0(to, 6)\ + if (a5 != 0) bn_cp_32(to, 7, from, (a5) - 12) else bn_32_set_0(to, 7)\ + if (a4 != 0) bn_cp_32(to, 8, from, (a4) - 12) else bn_32_set_0(to, 8)\ + if (a3 != 0) bn_cp_32(to, 9, from, (a3) - 12) else bn_32_set_0(to, 9)\ + if (a2 != 0) bn_cp_32(to, 10, from, (a2) - 12) else bn_32_set_0(to, 10)\ + if (a1 != 0) bn_cp_32(to, 11, from, (a1) - 12) else bn_32_set_0(to, 11)\ + } + +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + BN_CTX *ctx) + { +#if BN_BITS2 != 64 + int i, top = a->top; + int carry = 0; + register BN_ULONG *r_d, *a_d = a->d; + BN_ULONG t_d[BN_NIST_384_TOP], + buf[BN_NIST_384_TOP]; + + if (!_is_set_384_data) + { + CRYPTO_w_lock(CRYPTO_LOCK_BN); + + if (!_is_set_384_data) + _init_384_data(); + + CRYPTO_w_unlock(CRYPTO_LOCK_BN); + } + + i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else if (i > 0) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); + + if (top == BN_NIST_384_TOP) + return BN_usub(r, a, field); + + if (r != a) + { + if (!bn_wexpand(r, BN_NIST_384_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); + } + else + r_d = a_d; + + nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP); + + /*S1*/ + nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4); + /* left shift */ + { + register BN_ULONG *ap,t,c; + ap = t_d; + c=0; + for (i = BN_NIST_256_TOP; i != 0; --i) + { + t= *ap; + *(ap++)=((t<<1)|c)&BN_MASK2; + c=(t & BN_TBIT)?1:0; + } + } + if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + t_d, BN_NIST_256_TOP)) + ++carry; + /*S2 */ + if (bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP)) + ++carry; + /*S3*/ + nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + ++carry; + /*S4*/ + nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + ++carry; + /*S5*/ + nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4); + if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + t_d, BN_NIST_256_TOP)) + ++carry; + /*S6*/ + nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); + if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + ++carry; + /*D1*/ + nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + --carry; + /*D2*/ + nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + --carry; + /*D3*/ + nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); + if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) + --carry; + + if (carry) + { + if (carry > 0) + bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP * + --carry, BN_NIST_384_TOP); + else + { + carry = -carry; + bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP * + --carry, BN_NIST_384_TOP); + } + } + + r->top = BN_NIST_384_TOP; + bn_correct_top(r); + if (BN_ucmp(r, field) >= 0) + { + bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); + bn_correct_top(r); + } + bn_check_top(r); + return 1; +#else + return 0; +#endif + } + +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + BN_CTX *ctx) + { +#if BN_BITS2 == 64 +#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF +#elif BN_BITS2 == 32 +#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF +#elif BN_BITS2 == 16 +#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF +#elif BN_BITS2 == 8 +#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1 +#endif + int top, ret = 0; + BN_ULONG *r_d; + BIGNUM *tmp; + + /* check whether a reduction is necessary */ + top = a->top; + if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && + (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); + + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + if (!tmp) + goto err; + + if (!bn_wexpand(tmp, BN_NIST_521_TOP)) + goto err; + nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP); + + tmp->top = BN_NIST_521_TOP; + tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + bn_correct_top(tmp); + + if (!BN_rshift(r, a, 521)) + goto err; + + if (!BN_uadd(r, tmp, r)) + goto err; + top = r->top; + r_d = r->d; + if (top == BN_NIST_521_TOP && + (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) + { + BN_NIST_ADD_ONE(r_d) + r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + } + bn_correct_top(r); + + ret = 1; +err: + BN_CTX_end(ctx); + + bn_check_top(r); + return ret; + } diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c index e072d92..d57f658 100644 --- a/crypto/openssl/crypto/bn/bn_prime.c +++ b/crypto/openssl/crypto/bn/bn_prime.c @@ -115,6 +115,11 @@ #include "bn_lcl.h" #include +/* NB: these functions have been "upgraded", the deprecated versions (which are + * compatibility wrappers using these functions) are in bn_depr.c. + * - Geoff + */ + /* The quick sieve algorithm approach to weeding out primes is * Philip Zimmermann's, as implemented in PGP. I have had a read of * his comments and implemented my own version. @@ -129,51 +134,69 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback)(int,int,void *), void *cb_arg) +int BN_GENCB_call(BN_GENCB *cb, int a, int b) + { + /* No callback means continue */ + if(!cb) return 1; + switch(cb->ver) + { + case 1: + /* Deprecated-style callbacks */ + if(!cb->cb.cb_1) + return 1; + cb->cb.cb_1(a, b, cb->arg); + return 1; + case 2: + /* New-style callbacks */ + return cb->cb.cb_2(a, b, cb); + default: + break; + } + /* Unrecognised callback type */ + return 0; + } + +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) { - BIGNUM *rnd=NULL; - BIGNUM t; + BIGNUM *t; int found=0; int i,j,c1=0; BN_CTX *ctx; int checks = BN_prime_checks_for_size(bits); - BN_init(&t); ctx=BN_CTX_new(); if (ctx == NULL) goto err; - if (ret == NULL) - { - if ((rnd=BN_new()) == NULL) goto err; - } - else - rnd=ret; + BN_CTX_start(ctx); + t = BN_CTX_get(ctx); + if(!t) goto err; loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(rnd,bits)) goto err; + if (!probable_prime(ret,bits)) goto err; } else { if (safe) { - if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) + if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) goto err; } else { - if (!probable_prime_dh(rnd,bits,add,rem,ctx)) + if (!probable_prime_dh(ret,bits,add,rem,ctx)) goto err; } } - /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ - if (callback != NULL) callback(0,c1++,cb_arg); + /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ + if(!BN_GENCB_call(cb, 0, c1++)) + /* aborted */ + goto err; if (!safe) { - i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); + i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); if (i == -1) goto err; if (i == 0) goto loop; } @@ -183,41 +206,42 @@ loop: * check that (p-1)/2 is prime. * Since a prime is odd, We just * need to divide by 2 */ - if (!BN_rshift1(&t,rnd)) goto err; + if (!BN_rshift1(t,ret)) goto err; for (i=0; i a is prime if and only if a == 2 */ + return BN_is_word(a, 2); if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) if (BN_mod_word(a, primes[i]) == 0) return 0; - if (callback != NULL) callback(1, -1, cb_arg); + if(!BN_GENCB_call(cb, 1, -1)) + goto err; } if (ctx_passed != NULL) @@ -306,7 +332,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, ret=0; goto err; } - if (callback != NULL) callback(1,i,cb_arg); + if(!BN_GENCB_call(cb, 1, i)) + goto err; } ret=1; err: @@ -343,6 +370,7 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, } /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', * and it is neither -1 nor +1 -- so 'a' cannot be prime */ + bn_check_top(w); return 1; } @@ -374,6 +402,7 @@ again: } } if (!BN_add_word(rnd,delta)) return(0); + bn_check_top(rnd); return(1); } @@ -411,6 +440,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, ret=1; err: BN_CTX_end(ctx); + bn_check_top(rnd); return(ret); } @@ -462,5 +492,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, ret=1; err: BN_CTX_end(ctx); + bn_check_top(p); return(ret); } diff --git a/crypto/openssl/crypto/bn/bn_prime.pl b/crypto/openssl/crypto/bn/bn_prime.pl index 9fc3765..e583d1d 100644 --- a/crypto/openssl/crypto/bn/bn_prime.pl +++ b/crypto/openssl/crypto/bn/bn_prime.pl @@ -11,7 +11,7 @@ loop: while ($#primes < $num-1) $p+=2; $s=int(sqrt($p)); - for ($i=0; $primes[$i]<=$s; $i++) + for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) { next loop if (($p%$primes[$i]) == 0); } diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c index 0d94260..055d048 100644 --- a/crypto/openssl/crypto/bn/bn_print.c +++ b/crypto/openssl/crypto/bn/bn_print.c @@ -79,7 +79,7 @@ char *BN_bn2hex(const BIGNUM *a) } p=buf; if (a->neg) *(p++)='-'; - if (a->top == 0) *(p++)='0'; + if (BN_is_zero(a)) *(p++)='0'; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-8; j >= 0; j-=8) @@ -102,14 +102,19 @@ err: /* Must 'OPENSSL_free' the returned data */ char *BN_bn2dec(const BIGNUM *a) { - int i=0,num; + int i=0,num, ok = 0; char *buf=NULL; char *p; BIGNUM *t=NULL; BN_ULONG *bn_data=NULL,*lp; + /* get an upper bound for the length of the decimal integer + * num <= (BN_num_bits(a) + 1) * log(2) + * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) + * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 + */ i=BN_num_bits(a)*3; - num=(i/10+i/1000+3)+1; + num=(i/10+i/1000+1)+1; bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); buf=(char *)OPENSSL_malloc(num+3); if ((buf == NULL) || (bn_data == NULL)) @@ -122,14 +127,16 @@ char *BN_bn2dec(const BIGNUM *a) #define BUF_REMAIN (num+3 - (size_t)(p - buf)) p=buf; lp=bn_data; - if (t->neg) *(p++)='-'; - if (t->top == 0) + if (BN_is_zero(t)) { *(p++)='0'; *(p++)='\0'; } else { + if (BN_is_negative(t)) + *p++ = '-'; + i=0; while (!BN_is_zero(t)) { @@ -149,9 +156,16 @@ char *BN_bn2dec(const BIGNUM *a) while (*p) p++; } } + ok = 1; err: if (bn_data != NULL) OPENSSL_free(bn_data); if (t != NULL) BN_free(t); + if (!ok && buf) + { + OPENSSL_free(buf); + buf = NULL; + } + return(buf); } @@ -211,10 +225,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a) j-=(BN_BYTES*2); } ret->top=h; - bn_fix_top(ret); + bn_correct_top(ret); ret->neg=neg; *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); @@ -270,8 +285,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) } ret->neg=neg; - bn_fix_top(ret); + bn_correct_top(ret); *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); @@ -300,7 +316,7 @@ int BN_print(BIO *bp, const BIGNUM *a) int ret=0; if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; - if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end; + if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-4; j >= 0; j-=4) @@ -320,14 +336,3 @@ end: return(ret); } #endif - -#ifdef BN_DEBUG -void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n) - { - int i; - fprintf(o, "%s=", a); - for (i=n-1;i>=0;i--) - fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */ - fprintf(o, "\n"); - } -#endif diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c index 893c9d2..f51830b 100644 --- a/crypto/openssl/crypto/bn/bn_rand.c +++ b/crypto/openssl/crypto/bn/bn_rand.c @@ -134,13 +134,13 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf=(unsigned char *)OPENSSL_malloc(bytes); if (buf == NULL) { - BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE); + BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE); goto err; } /* make a random number and set the top and bottom bits */ time(&tim); - RAND_add(&tim,sizeof(tim),0); + RAND_add(&tim,sizeof(tim),0.0); if (pseudorand) { @@ -204,6 +204,7 @@ err: OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } + bn_check_top(rnd); return(ret); } @@ -230,6 +231,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) { int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; int n; + int count = 100; if (range->neg || BN_is_zero(range)) { @@ -242,9 +244,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) /* BN_is_bit_set(range, n - 1) always holds */ if (n == 1) - { - if (!BN_zero(r)) return 0; - } + BN_zero(r); else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { /* range = 100..._2, @@ -263,6 +263,13 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) if (BN_cmp(r, range) >= 0) if (!BN_sub(r, r, range)) return 0; } + + if (!--count) + { + BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); + return 0; + } + } while (BN_cmp(r, range) >= 0); } @@ -272,10 +279,17 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) { /* range = 11..._2 or range = 101..._2 */ if (!bn_rand(r, n, -1, 0)) return 0; + + if (!--count) + { + BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); + return 0; + } } while (BN_cmp(r, range) >= 0); } + bn_check_top(r); return 1; } diff --git a/crypto/openssl/crypto/bn/bn_recp.c b/crypto/openssl/crypto/bn/bn_recp.c index ef5fdd4..2e8efb8 100644 --- a/crypto/openssl/crypto/bn/bn_recp.c +++ b/crypto/openssl/crypto/bn/bn_recp.c @@ -94,7 +94,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp) int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) { if (!BN_copy(&(recp->N),d)) return 0; - if (!BN_zero(&(recp->Nr))) return 0; + BN_zero(&(recp->Nr)); recp->num_bits=BN_num_bits(d); recp->shift=0; return(1); @@ -123,6 +123,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ret = BN_div_recp(NULL,r,ca,recp,ctx); err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -147,7 +148,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (BN_ucmp(m,&(recp->N)) < 0) { - if (!BN_zero(d)) return 0; + BN_zero(d); if (!BN_copy(r,m)) return 0; BN_CTX_end(ctx); return(1); @@ -190,7 +191,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, { if (j++ > 2) { - BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL); + BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL); goto err; } if (!BN_usub(r,r,&(recp->N))) goto err; @@ -203,6 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ret=1; err: BN_CTX_end(ctx); + bn_check_top(dv); + bn_check_top(rem); return(ret); } @@ -214,17 +217,18 @@ err: int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) { int ret= -1; - BIGNUM t; + BIGNUM *t; - BN_init(&t); + BN_CTX_start(ctx); + if((t = BN_CTX_get(ctx)) == NULL) goto err; - if (!BN_zero(&t)) goto err; - if (!BN_set_bit(&t,len)) goto err; + if (!BN_set_bit(t,len)) goto err; - if (!BN_div(r,NULL,&t,m,ctx)) goto err; + if (!BN_div(r,NULL,t,m,ctx)) goto err; ret=len; err: - BN_free(&t); + bn_check_top(r); + BN_CTX_end(ctx); return(ret); } diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/openssl/crypto/bn/bn_shift.c index 70f785e..de9312d 100644 --- a/crypto/openssl/crypto/bn/bn_shift.c +++ b/crypto/openssl/crypto/bn/bn_shift.c @@ -65,6 +65,9 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) register BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (r != a) { r->neg=a->neg; @@ -89,6 +92,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) *rp=1; r->top++; } + bn_check_top(r); return(1); } @@ -97,6 +101,9 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (BN_is_zero(a)) { BN_zero(r); @@ -117,7 +124,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) rp[i]=((t>>1)&BN_MASK2)|c; c=(t&1)?BN_TBIT:0; } - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -127,6 +135,9 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l; + bn_check_top(r); + bn_check_top(a); + r->neg=a->neg; nw=n/BN_BITS2; if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); @@ -149,7 +160,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) /* for (i=0; itop=a->top+nw+1; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -159,6 +171,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l,tmp; + bn_check_top(r); + bn_check_top(a); + nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; @@ -185,13 +200,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if (rb == 0) { - for (i=j+1; i > 0; i--) + for (i=j; i != 0; i--) *(t++)= *(f++); } else { l= *(f++); - for (i=1; i>rb)&BN_MASK2; l= *(f++); @@ -199,7 +214,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) } *(t++) =(l>>rb)&BN_MASK2; } - *t=0; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/openssl/crypto/bn/bn_sqr.c index c1d0cca..270d0cd 100644 --- a/crypto/openssl/crypto/bn/bn_sqr.c +++ b/crypto/openssl/crypto/bn/bn_sqr.c @@ -77,16 +77,16 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) if (al <= 0) { r->top=0; - return(1); + return 1; } BN_CTX_start(ctx); rr=(a != r) ? r : BN_CTX_get(ctx); tmp=BN_CTX_get(ctx); - if (tmp == NULL) goto err; + if (!rr || !tmp) goto err; - max=(al+al); - if (bn_wexpand(rr,max+1) == NULL) goto err; + max = 2 * al; /* Non-zero (from above) */ + if (bn_wexpand(rr,max) == NULL) goto err; if (al == 4) { @@ -138,12 +138,18 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) #endif } - rr->top=max; rr->neg=0; - if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; + /* If the most-significant half of the top word of 'a' is zero, then + * the square of 'a' will max-1 words. */ + if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) + rr->top = max - 1; + else + rr->top = max; if (rr != r) BN_copy(r,rr); ret = 1; err: + bn_check_top(rr); + bn_check_top(tmp); BN_CTX_end(ctx); return(ret); } diff --git a/crypto/openssl/crypto/bn/bn_sqrt.c b/crypto/openssl/crypto/bn/bn_sqrt.c index e2a1105..6beaf9e 100644 --- a/crypto/openssl/crypto/bn/bn_sqrt.c +++ b/crypto/openssl/crypto/bn/bn_sqrt.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_mod.c */ +/* crypto/bn/bn_sqrt.c */ /* Written by Lenka Fibikova * and Bodo Moeller for the OpenSSL project. */ /* ==================================================================== @@ -65,14 +65,12 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course * in Algebraic Computational Number Theory", algorithm 1.5.1). * 'p' must be prime! - * If 'a' is not a square, this is not necessarily detected by - * the algorithms; a bogus result must be expected in this case. */ { BIGNUM *ret = in; int err = 1; int r; - BIGNUM *b, *q, *t, *x, *y; + BIGNUM *A, *b, *q, *t, *x, *y; int e, i, j; if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) @@ -85,9 +83,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { - BN_free(ret); + if (ret != in) + BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -103,23 +103,16 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; if (!BN_set_word(ret, BN_is_one(a))) { - BN_free(ret); + if (ret != in) + BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } -#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */ - r = BN_kronecker(a, p, ctx); - if (r < -1) return NULL; - if (r == -1) - { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); - return(NULL); - } -#endif - BN_CTX_start(ctx); + A = BN_CTX_get(ctx); b = BN_CTX_get(ctx); q = BN_CTX_get(ctx); t = BN_CTX_get(ctx); @@ -131,6 +124,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_new(); if (ret == NULL) goto end; + /* A = a mod p */ + if (!BN_nnmod(A, a, p, ctx)) goto end; + /* now write |p| - 1 as 2^e*q where q is odd */ e = 1; while (!BN_is_bit_set(p, e)) @@ -149,9 +145,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_rshift(q, p, 2)) goto end; q->neg = 0; if (!BN_add_word(q, 1)) goto end; - if (!BN_mod_exp(ret, a, q, p, ctx)) goto end; + if (!BN_mod_exp(ret, A, q, p, ctx)) goto end; err = 0; - goto end; + goto vrfy; } if (e == 2) @@ -182,15 +178,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * November 1992.) */ - /* make sure that a is reduced modulo p */ - if (a->neg || BN_ucmp(a, p) >= 0) - { - if (!BN_nnmod(x, a, p, ctx)) goto end; - a = x; /* use x as temporary variable */ - } - /* t := 2*a */ - if (!BN_mod_lshift1_quick(t, a, p)) goto end; + if (!BN_mod_lshift1_quick(t, A, p)) goto end; /* b := (2*a)^((|p|-5)/8) */ if (!BN_rshift(q, p, 3)) goto end; @@ -205,12 +194,12 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_sub_word(t, 1)) goto end; /* x = a*b*t */ - if (!BN_mod_mul(x, a, b, p, ctx)) goto end; + if (!BN_mod_mul(x, A, b, p, ctx)) goto end; if (!BN_mod_mul(x, x, t, p, ctx)) goto end; if (!BN_copy(ret, x)) goto end; err = 0; - goto end; + goto vrfy; } /* e > 2, so we really have to use the Tonelli/Shanks algorithm. @@ -297,11 +286,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* x := a^((q-1)/2) */ if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ { - if (!BN_nnmod(t, a, p, ctx)) goto end; + if (!BN_nnmod(t, A, p, ctx)) goto end; if (BN_is_zero(t)) { /* special case: a == 0 (mod p) */ - if (!BN_zero(ret)) goto end; + BN_zero(ret); err = 0; goto end; } @@ -310,11 +299,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } else { - if (!BN_mod_exp(x, a, t, p, ctx)) goto end; + if (!BN_mod_exp(x, A, t, p, ctx)) goto end; if (BN_is_zero(x)) { /* special case: a == 0 (mod p) */ - if (!BN_zero(ret)) goto end; + BN_zero(ret); err = 0; goto end; } @@ -322,10 +311,10 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* b := a*x^2 (= a^q) */ if (!BN_mod_sqr(b, x, p, ctx)) goto end; - if (!BN_mod_mul(b, b, a, p, ctx)) goto end; + if (!BN_mod_mul(b, b, A, p, ctx)) goto end; /* x := a*x (= a^((q+1)/2)) */ - if (!BN_mod_mul(x, x, a, p, ctx)) goto end; + if (!BN_mod_mul(x, x, A, p, ctx)) goto end; while (1) { @@ -342,7 +331,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { if (!BN_copy(ret, x)) goto end; err = 0; - goto end; + goto vrfy; } @@ -373,6 +362,22 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) e = i; } + vrfy: + if (!err) + { + /* verify the result -- the input might have been not a square + * (test added in 0.9.8) */ + + if (!BN_mod_sqr(x, ret, p, ctx)) + err = 1; + + if (!err && 0 != BN_cmp(x, A)) + { + BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); + err = 1; + } + } + end: if (err) { @@ -383,5 +388,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = NULL; } BN_CTX_end(ctx); + bn_check_top(ret); return ret; } diff --git a/crypto/openssl/crypto/bn/bn_word.c b/crypto/openssl/crypto/bn/bn_word.c index 988e0ca..ee7b87c 100644 --- a/crypto/openssl/crypto/bn/bn_word.c +++ b/crypto/openssl/crypto/bn/bn_word.c @@ -69,6 +69,10 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) #endif int i; + if (w == 0) + return (BN_ULONG)-1; + + bn_check_top(a); w&=BN_MASK2; for (i=a->top-1; i>=0; i--) { @@ -85,12 +89,24 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) { - BN_ULONG ret; - int i; + BN_ULONG ret = 0; + int i, j; + + bn_check_top(a); + w &= BN_MASK2; + + if (!w) + /* actually this an error (division by zero) */ + return (BN_ULONG)-1; + if (a->top == 0) + return 0; + + /* normalize input (so bn_div_words doesn't complain) */ + j = BN_BITS2 - BN_num_bits_word(w); + w <<= j; + if (!BN_lshift(a, a, j)) + return (BN_ULONG)-1; - if (a->top == 0) return(0); - ret=0; - w&=BN_MASK2; for (i=a->top-1; i>=0; i--) { BN_ULONG l,d; @@ -102,6 +118,8 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) } if ((a->top > 0) && (a->d[a->top-1] == 0)) a->top--; + ret >>= j; + bn_check_top(a); return(ret); } @@ -110,6 +128,14 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) BN_ULONG l; int i; + bn_check_top(a); + w &= BN_MASK2; + + /* degenerate case: w is zero */ + if (!w) return 1; + /* degenerate case: a is zero */ + if(BN_is_zero(a)) return BN_set_word(a, w); + /* handle 'a' when negative */ if (a->neg) { a->neg=0; @@ -118,15 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - w&=BN_MASK2; - if (bn_wexpand(a,a->top+1) == NULL) return(0); + /* Only expand (and risk failing) if it's possibly necessary */ + if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && + (bn_wexpand(a,a->top+1) == NULL)) + return(0); i=0; for (;;) { if (i >= a->top) l=w; else - l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; + l=(a->d[i]+w)&BN_MASK2; a->d[i]=l; if (w > l) w=1; @@ -136,6 +164,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) } if (i >= a->top) a->top++; + bn_check_top(a); return(1); } @@ -143,7 +172,21 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) { int i; - if (BN_is_zero(a) || a->neg) + bn_check_top(a); + w &= BN_MASK2; + + /* degenerate case: w is zero */ + if (!w) return 1; + /* degenerate case: a is zero */ + if(BN_is_zero(a)) + { + i = BN_set_word(a,w); + if (i != 0) + BN_set_negative(a, 1); + return i; + } + /* handle 'a' when negative */ + if (a->neg) { a->neg=0; i=BN_add_word(a,w); @@ -151,7 +194,6 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) return(i); } - w&=BN_MASK2; if ((a->top == 1) && (a->d[0] < w)) { a->d[0]=w-a->d[0]; @@ -175,6 +217,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) } if ((a->d[i] == 0) && (i == (a->top-1))) a->top--; + bn_check_top(a); return(1); } @@ -182,6 +225,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) { BN_ULONG ll; + bn_check_top(a); w&=BN_MASK2; if (a->top) { @@ -197,6 +241,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) } } } + bn_check_top(a); return(1); } diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c index 28cd333..c885300 100644 --- a/crypto/openssl/crypto/bn/bntest.c +++ b/crypto/openssl/crypto/bn/bntest.c @@ -55,6 +55,25 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif #include #include @@ -79,6 +98,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_); int test_rshift1(BIO *bp); int test_rshift(BIO *bp,BN_CTX *ctx); int test_div(BIO *bp,BN_CTX *ctx); +int test_div_word(BIO *bp); int test_div_recp(BIO *bp,BN_CTX *ctx); int test_mul(BIO *bp); int test_sqr(BIO *bp,BN_CTX *ctx); @@ -86,7 +106,17 @@ int test_mont(BIO *bp,BN_CTX *ctx); int test_mod(BIO *bp,BN_CTX *ctx); int test_mod_mul(BIO *bp,BN_CTX *ctx); int test_mod_exp(BIO *bp,BN_CTX *ctx); +int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx); int test_exp(BIO *bp,BN_CTX *ctx); +int test_gf2m_add(BIO *bp); +int test_gf2m_mod(BIO *bp); +int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx); +int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx); +int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx); +int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx); +int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx); +int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx); +int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx); int test_kron(BIO *bp,BN_CTX *ctx); int test_sqrt(BIO *bp,BN_CTX *ctx); int rand_neg(void); @@ -193,6 +223,10 @@ int main(int argc, char *argv[]) if (!test_div(out,ctx)) goto err; BIO_flush(out); + message(out,"BN_div_word"); + if (!test_div_word(out)) goto err; + BIO_flush(out); + message(out,"BN_div_recp"); if (!test_div_recp(out,ctx)) goto err; BIO_flush(out); @@ -213,6 +247,10 @@ int main(int argc, char *argv[]) if (!test_mod_exp(out,ctx)) goto err; BIO_flush(out); + message(out,"BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(out,ctx)) goto err; + BIO_flush(out); + message(out,"BN_exp"); if (!test_exp(out,ctx)) goto err; BIO_flush(out); @@ -225,6 +263,42 @@ int main(int argc, char *argv[]) if (!test_sqrt(out,ctx)) goto err; BIO_flush(out); + message(out,"BN_GF2m_add"); + if (!test_gf2m_add(out)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod"); + if (!test_gf2m_mod(out)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_mul"); + if (!test_gf2m_mod_mul(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_sqr"); + if (!test_gf2m_mod_sqr(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_inv"); + if (!test_gf2m_mod_inv(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_div"); + if (!test_gf2m_mod_div(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_exp"); + if (!test_gf2m_mod_exp(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_sqrt"); + if (!test_gf2m_mod_sqrt(out,ctx)) goto err; + BIO_flush(out); + + message(out,"BN_GF2m_mod_solve_quad"); + if (!test_gf2m_mod_solve_quad(out,ctx)) goto err; + BIO_flush(out); + BN_CTX_free(ctx); BIO_free(out); @@ -232,7 +306,7 @@ int main(int argc, char *argv[]) EXIT(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices - * the failure, see test_bn in test/Makefile */ + * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); @@ -399,6 +473,78 @@ int test_div(BIO *bp, BN_CTX *ctx) return(1); } +static void print_word(BIO *bp,BN_ULONG w) + { +#ifdef SIXTY_FOUR_BIT + if (sizeof(w) > sizeof(unsigned long)) + { + unsigned long h=(unsigned long)(w>>32), + l=(unsigned long)(w); + + if (h) BIO_printf(bp,"%lX%08lX",h,l); + else BIO_printf(bp,"%lX",l); + return; + } +#endif + BIO_printf(bp,"%lX",w); + } + +int test_div_word(BIO *bp) + { + BIGNUM a,b; + BN_ULONG r,s; + int i; + + BN_init(&a); + BN_init(&b); + + for (i=0; ineg = rand_neg(); putc('\n', stderr); @@ -967,6 +1741,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) int test_sqrt(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*p,*r; int i, j; int ret = 0; @@ -975,7 +1750,9 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) p = BN_new(); r = BN_new(); if (a == NULL || p == NULL || r == NULL) goto err; - + + BN_GENCB_set(&cb, genprime_cb, NULL); + for (i = 0; i < 16; i++) { if (i < 8) @@ -989,7 +1766,7 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) if (!BN_set_word(a, 32)) goto err; if (!BN_set_word(r, 2*i + 1)) goto err; - if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err; putc('\n', stderr); } p->neg = rand_neg(); diff --git a/crypto/openssl/crypto/bn/expspeed.c b/crypto/openssl/crypto/bn/expspeed.c index 07a1bcf..4d5f221 100644 --- a/crypto/openssl/crypto/bn/expspeed.c +++ b/crypto/openssl/crypto/bn/expspeed.c @@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) #else /* TEST_SQRT */ "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d" #endif - " -> %8.3fms %5.1f (%ld)\n", + " -> %8.6fms %5.1f (%ld)\n", #ifdef TEST_SQRT P_MOD_64, #endif diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c index b09cf88..f598a07 100644 --- a/crypto/openssl/crypto/bn/exptest.c +++ b/crypto/openssl/crypto/bn/exptest.c @@ -77,7 +77,7 @@ int main(int argc, char *argv[]) BIO *out=NULL; int i,ret; unsigned char c; - BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m; + BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m; RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't * even check its return value @@ -88,6 +88,7 @@ int main(int argc, char *argv[]) ctx=BN_CTX_new(); if (ctx == NULL) EXIT(1); r_mont=BN_new(); + r_mont_const=BN_new(); r_recp=BN_new(); r_simple=BN_new(); a=BN_new(); @@ -143,8 +144,17 @@ int main(int argc, char *argv[]) EXIT(1); } + ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL); + if (ret <= 0) + { + printf("BN_mod_exp_mont_consttime() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + if (BN_cmp(r_simple, r_mont) == 0 - && BN_cmp(r_simple,r_recp) == 0) + && BN_cmp(r_simple,r_recp) == 0 + && BN_cmp(r_simple,r_mont_const) == 0) { printf("."); fflush(stdout); @@ -153,6 +163,8 @@ int main(int argc, char *argv[]) { if (BN_cmp(r_simple,r_mont) != 0) printf("\nsimple and mont results differ\n"); + if (BN_cmp(r_simple,r_mont) != 0) + printf("\nsimple and mont const time results differ\n"); if (BN_cmp(r_simple,r_recp) != 0) printf("\nsimple and recp results differ\n"); @@ -162,11 +174,13 @@ int main(int argc, char *argv[]) printf("\nsimple ="); BN_print(out,r_simple); printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); + printf("\nmont_ct ="); BN_print(out,r_mont_const); printf("\n"); EXIT(1); } } BN_free(r_mont); + BN_free(r_mont_const); BN_free(r_recp); BN_free(r_simple); BN_free(a); @@ -181,6 +195,9 @@ int main(int argc, char *argv[]) err: ERR_load_crypto_strings(); ERR_print_errors(out); +#ifdef OPENSSL_SYS_NETWARE + printf("ERROR\n"); +#endif EXIT(1); return(1); } diff --git a/crypto/openssl/crypto/buffer/Makefile b/crypto/openssl/crypto/buffer/Makefile index 8593dce..9f3a88d 100644 --- a/crypto/openssl/crypto/buffer/Makefile +++ b/crypto/openssl/crypto/buffer/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/buffer/Makefile +# OpenSSL/crypto/buffer/Makefile # DIR= buffer @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -81,12 +78,13 @@ buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_err.o: ../../include/openssl/symhacks.h buf_err.c +buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +buf_err.o: buf_err.c buffer.o: ../../e_os.h ../../include/openssl/bio.h buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -buffer.o: ../cryptlib.h buffer.c +buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +buffer.o: ../../include/openssl/symhacks.h ../cryptlib.h buffer.c diff --git a/crypto/openssl/crypto/buffer/buf_err.c b/crypto/openssl/crypto/buffer/buf_err.c index 5eee653..8fc67d3 100644 --- a/crypto/openssl/crypto/buffer/buf_err.c +++ b/crypto/openssl/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* crypto/buffer/buf_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,11 +64,18 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) + static ERR_STRING_DATA BUF_str_functs[]= { -{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, -{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, -{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, +{ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, +{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, +{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, +{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, +{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, +{ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, {0,NULL} }; @@ -87,8 +94,8 @@ void ERR_load_BUF_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); - ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons); + ERR_load_strings(0,BUF_str_functs); + ERR_load_strings(0,BUF_str_reasons); #endif } diff --git a/crypto/openssl/crypto/buffer/buffer.c b/crypto/openssl/crypto/buffer/buffer.c index d96487e..3bf03c7 100644 --- a/crypto/openssl/crypto/buffer/buffer.c +++ b/crypto/openssl/crypto/buffer/buffer.c @@ -149,7 +149,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) ret=OPENSSL_realloc_clean(str->data,str->max,n); if (ret == NULL) { - BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); + BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); len=0; } else @@ -164,22 +164,41 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) char *BUF_strdup(const char *str) { + if (str == NULL) return(NULL); + return BUF_strndup(str, strlen(str)); + } + +char *BUF_strndup(const char *str, size_t siz) + { char *ret; - int n; if (str == NULL) return(NULL); - n=strlen(str); - ret=OPENSSL_malloc(n+1); + ret=OPENSSL_malloc(siz+1); if (ret == NULL) { - BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); + BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); return(NULL); } - memcpy(ret,str,n+1); + BUF_strlcpy(ret,str,siz+1); return(ret); } +void *BUF_memdup(const void *data, size_t siz) + { + void *ret; + + if (data == NULL) return(NULL); + + ret=OPENSSL_malloc(siz); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + return memcpy(ret, data, siz); + } + size_t BUF_strlcpy(char *dst, const char *src, size_t size) { size_t l = 0; diff --git a/crypto/openssl/crypto/buffer/buffer.h b/crypto/openssl/crypto/buffer/buffer.h index 465dc34..1db9607 100644 --- a/crypto/openssl/crypto/buffer/buffer.h +++ b/crypto/openssl/crypto/buffer/buffer.h @@ -59,25 +59,35 @@ #ifndef HEADER_BUFFER_H #define HEADER_BUFFER_H +#include + #ifdef __cplusplus extern "C" { #endif #include + +#if !defined(NO_SYS_TYPES_H) #include +#endif + +/* Already declared in ossl_typ.h */ +/* typedef struct buf_mem_st BUF_MEM; */ -typedef struct buf_mem_st +struct buf_mem_st { int length; /* current number of bytes */ char *data; int max; /* size of buffer */ - } BUF_MEM; + }; BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +char * BUF_strndup(const char *str, size_t siz); +void * BUF_memdup(const void *data, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst,const char *src,size_t siz); @@ -93,9 +103,12 @@ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ /* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 #define BUF_F_BUF_MEM_GROW 100 +#define BUF_F_BUF_MEM_GROW_CLEAN 105 #define BUF_F_BUF_MEM_NEW 101 #define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 /* Reason codes. */ diff --git a/crypto/openssl/crypto/cast/Makefile b/crypto/openssl/crypto/cast/Makefile index f338e88..149956e 100644 --- a/crypto/openssl/crypto/cast/Makefile +++ b/crypto/openssl/crypto/cast/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/cast/Makefile +# OpenSSL/crypto/cast/Makefile # DIR= cast @@ -8,23 +8,14 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r CAST_ENC=c_enc.o -# or use -#CAST_ENC=asm/cx86-elf.o -#CAST_ENC=asm/cx86-out.o -#CAST_ENC=asm/cx86-sol.o -#CAST_ENC=asm/cx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=casttest.c @@ -51,20 +42,15 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s) - +# ELF +cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@) +# COFF +cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@) # a.out -asm/cx86-out.o: asm/cx86unix.cpp - $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o - -# bsdi -asm/cx86bsdi.o: asm/cx86unix.cpp - $(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o - -asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp) +cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -75,7 +61,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -90,6 +77,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -97,7 +85,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/cast/cast.h b/crypto/openssl/crypto/cast/cast.h index b28e4e4..90b45b9 100644 --- a/crypto/openssl/crypto/cast/cast.h +++ b/crypto/openssl/crypto/cast/cast.h @@ -63,6 +63,8 @@ extern "C" { #endif +#include + #ifdef OPENSSL_NO_CAST #error CAST is disabled. #endif diff --git a/crypto/openssl/crypto/cast/cast_lcl.h b/crypto/openssl/crypto/cast/cast_lcl.h index 37f41cc..e756021 100644 --- a/crypto/openssl/crypto/cast/cast_lcl.h +++ b/crypto/openssl/crypto/cast/cast_lcl.h @@ -64,11 +64,6 @@ #endif -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif - #undef c2l #define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ l|=((unsigned long)(*((c)++)))<< 8L, \ @@ -222,11 +217,11 @@ } #endif -OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256]; +extern const CAST_LONG CAST_S_table0[256]; +extern const CAST_LONG CAST_S_table1[256]; +extern const CAST_LONG CAST_S_table2[256]; +extern const CAST_LONG CAST_S_table3[256]; +extern const CAST_LONG CAST_S_table4[256]; +extern const CAST_LONG CAST_S_table5[256]; +extern const CAST_LONG CAST_S_table6[256]; +extern const CAST_LONG CAST_S_table7[256]; diff --git a/crypto/openssl/crypto/cast/cast_spd.c b/crypto/openssl/crypto/cast/cast_spd.c index 76abf50..d650af4 100644 --- a/crypto/openssl/crypto/cast/cast_spd.c +++ b/crypto/openssl/crypto/cast/cast_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/cast/castopts.c b/crypto/openssl/crypto/cast/castopts.c index 1b858d1..33b2c7b 100644 --- a/crypto/openssl/crypto/cast/castopts.c +++ b/crypto/openssl/crypto/cast/castopts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/cast/casttest.c b/crypto/openssl/crypto/cast/casttest.c index 83e5a16..0d020d6 100644 --- a/crypto/openssl/crypto/cast/casttest.c +++ b/crypto/openssl/crypto/cast/casttest.c @@ -59,6 +59,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_CAST is defined */ #include "../e_os.h" diff --git a/crypto/openssl/crypto/comp/Makefile b/crypto/openssl/crypto/comp/Makefile index 1f0fcb7..efda832 100644 --- a/crypto/openssl/crypto/comp/Makefile +++ b/crypto/openssl/crypto/comp/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/comp/Makefile +# OpenSSL/crypto/comp/Makefile # DIR= comp @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -54,7 +49,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -69,6 +65,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: @@ -81,32 +78,31 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c +c_rle.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h +c_rle.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +c_rle.o: ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_zlib.o: c_zlib.c +c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h +c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h comp_err.o: ../../include/openssl/opensslconf.h -comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -comp_err.o: comp_err.c +comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +comp_err.o: ../../include/openssl/symhacks.h comp_err.c comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -comp_lib.o: ../../include/openssl/opensslconf.h +comp_lib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h +comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/openssl/crypto/comp/c_zlib.c index 345b59d..941b807 100644 --- a/crypto/openssl/crypto/comp/c_zlib.c +++ b/crypto/openssl/crypto/comp/c_zlib.c @@ -3,6 +3,7 @@ #include #include #include +#include COMP_METHOD *COMP_zlib(void ); @@ -23,6 +24,14 @@ static COMP_METHOD zlib_method_nozlib={ #include +static int zlib_stateful_init(COMP_CTX *ctx); +static void zlib_stateful_finish(COMP_CTX *ctx); +static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen); +static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen); + +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, @@ -31,7 +40,7 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen); -static COMP_METHOD zlib_method={ +static COMP_METHOD zlib_stateless_method={ NID_zlib_compression, LN_zlib_compression, NULL, @@ -41,56 +50,195 @@ static COMP_METHOD zlib_method={ NULL, NULL, }; +#endif + +static COMP_METHOD zlib_stateful_method={ + NID_zlib_compression, + LN_zlib_compression, + zlib_stateful_init, + zlib_stateful_finish, + zlib_stateful_compress_block, + zlib_stateful_expand_block, + NULL, + NULL, + }; /* * When OpenSSL is built on Windows, we do not want to require that * the ZLIB.DLL be available in order for the OpenSSL DLLs to * work. Therefore, all ZLIB routines are loaded at run time - * and we do not link to a .LIB file. + * and we do not link to a .LIB file when ZLIB_SHARED is set. */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # include - -# define Z_CALLCONV _stdcall -# define ZLIB_SHARED -#else -# define Z_CALLCONV #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ #ifdef ZLIB_SHARED #include -/* Prototypes for built in stubs */ -static int stub_compress(Bytef *dest,uLongf *destLen, - const Bytef *source, uLong sourceLen); -static int stub_inflateEnd(z_streamp strm); -static int stub_inflate(z_streamp strm, int flush); -static int stub_inflateInit_(z_streamp strm, const char * version, - int stream_size); - /* Function pointers */ -typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, +typedef int (*compress_ft)(Bytef *dest,uLongf *destLen, const Bytef *source, uLong sourceLen); -typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); -typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); -typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, +typedef int (*inflateEnd_ft)(z_streamp strm); +typedef int (*inflate_ft)(z_streamp strm, int flush); +typedef int (*inflateInit__ft)(z_streamp strm, + const char * version, int stream_size); +typedef int (*deflateEnd_ft)(z_streamp strm); +typedef int (*deflate_ft)(z_streamp strm, int flush); +typedef int (*deflateInit__ft)(z_streamp strm, int level, const char * version, int stream_size); static compress_ft p_compress=NULL; static inflateEnd_ft p_inflateEnd=NULL; static inflate_ft p_inflate=NULL; static inflateInit__ft p_inflateInit_=NULL; +static deflateEnd_ft p_deflateEnd=NULL; +static deflate_ft p_deflate=NULL; +static deflateInit__ft p_deflateInit_=NULL; static int zlib_loaded = 0; /* only attempt to init func pts once */ static DSO *zlib_dso = NULL; -#define compress stub_compress -#define inflateEnd stub_inflateEnd -#define inflate stub_inflate -#define inflateInit_ stub_inflateInit_ +#define compress p_compress +#define inflateEnd p_inflateEnd +#define inflate p_inflate +#define inflateInit_ p_inflateInit_ +#define deflateEnd p_deflateEnd +#define deflate p_deflate +#define deflateInit_ p_deflateInit_ #endif /* ZLIB_SHARED */ +struct zlib_state + { + z_stream istream; + z_stream ostream; + }; + +static int zlib_stateful_ex_idx = -1; + +static void zlib_stateful_free_ex_data(void *obj, void *item, + CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) + { + struct zlib_state *state = (struct zlib_state *)item; + inflateEnd(&state->istream); + deflateEnd(&state->ostream); + OPENSSL_free(state); + } + +static int zlib_stateful_init(COMP_CTX *ctx) + { + int err; + struct zlib_state *state = + (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); + + if (state == NULL) + goto err; + + state->istream.zalloc = Z_NULL; + state->istream.zfree = Z_NULL; + state->istream.opaque = Z_NULL; + state->istream.next_in = Z_NULL; + state->istream.next_out = Z_NULL; + state->istream.avail_in = 0; + state->istream.avail_out = 0; + err = inflateInit_(&state->istream, + ZLIB_VERSION, sizeof(z_stream)); + if (err != Z_OK) + goto err; + + state->ostream.zalloc = Z_NULL; + state->ostream.zfree = Z_NULL; + state->ostream.opaque = Z_NULL; + state->ostream.next_in = Z_NULL; + state->ostream.next_out = Z_NULL; + state->ostream.avail_in = 0; + state->ostream.avail_out = 0; + err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, + ZLIB_VERSION, sizeof(z_stream)); + if (err != Z_OK) + goto err; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); + if (zlib_stateful_ex_idx == -1) + { + CRYPTO_w_lock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, + 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + goto err; + } + CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); + return 1; + err: + if (state) OPENSSL_free(state); + return 0; + } + +static void zlib_stateful_finish(COMP_CTX *ctx) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); + } + +static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen) + { + int err = Z_OK; + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); + + if (state == NULL) + return -1; + + state->ostream.next_in = in; + state->ostream.avail_in = ilen; + state->ostream.next_out = out; + state->ostream.avail_out = olen; + if (ilen > 0) + err = deflate(&state->ostream, Z_SYNC_FLUSH); + if (err != Z_OK) + return -1; +#ifdef DEBUG_ZLIB + fprintf(stderr,"compress(%4d)->%4d %s\n", + ilen,olen - state->ostream.avail_out, + (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); +#endif + return olen - state->ostream.avail_out; + } + +static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen) + { + int err = Z_OK; + + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); + + if (state == NULL) + return 0; + + state->istream.next_in = in; + state->istream.avail_in = ilen; + state->istream.next_out = out; + state->istream.avail_out = olen; + if (ilen > 0) + err = inflate(&state->istream, Z_SYNC_FLUSH); + if (err != Z_OK) + return -1; +#ifdef DEBUG_ZLIB + fprintf(stderr,"expand(%4d)->%4d %s\n", + ilen,olen - state->istream.avail_out, + (ilen != olen - state->istream.avail_out)?"zlib":"clear"); +#endif + return olen - state->istream.avail_out; + } + +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen) + unsigned int olen, unsigned char *in, unsigned int ilen) { unsigned long l; int i; @@ -123,7 +271,7 @@ static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, } static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen) + unsigned int olen, unsigned char *in, unsigned int ilen) { unsigned long l; int i; @@ -165,7 +313,8 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; - err = inflateInit(&stream); + err = inflateInit_(&stream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) return err; err = inflate(&stream, Z_FINISH); @@ -178,6 +327,7 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, err = inflateEnd(&stream); return err; } +#endif #endif @@ -190,16 +340,6 @@ COMP_METHOD *COMP_zlib(void) { #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); - if (!zlib_dso) - { - zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); - if (zlib_dso) - { - /* Clear the errors from the first failed - DSO_load() */ - ERR_clear_error(); - } - } #else zlib_dso = DSO_load(NULL, "z", NULL, 0); #endif @@ -217,54 +357,31 @@ COMP_METHOD *COMP_zlib(void) p_inflateInit_ = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_"); - zlib_loaded++; + p_deflateEnd + = (deflateEnd_ft) DSO_bind_func(zlib_dso, + "deflateEnd"); + p_deflate + = (deflate_ft) DSO_bind_func(zlib_dso, + "deflate"); + p_deflateInit_ + = (deflateInit__ft) DSO_bind_func(zlib_dso, + "deflateInit_"); + + if (p_compress && p_inflateEnd && p_inflate + && p_inflateInit_ && p_deflateEnd + && p_deflate && p_deflateInit_) + zlib_loaded++; } } #endif +#ifdef ZLIB_SHARED + if (zlib_loaded) +#endif #if defined(ZLIB) || defined(ZLIB_SHARED) - meth = &zlib_method; + meth = &zlib_stateful_method; #endif return(meth); } -#ifdef ZLIB_SHARED -/* Stubs for each function to be dynamicly loaded */ -static int -stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) - { - if (p_compress) - return(p_compress(dest,destLen,source,sourceLen)); - else - return(Z_MEM_ERROR); - } - -static int -stub_inflateEnd(z_streamp strm) - { - if ( p_inflateEnd ) - return(p_inflateEnd(strm)); - else - return(Z_MEM_ERROR); - } - -static int -stub_inflate(z_streamp strm, int flush) - { - if ( p_inflate ) - return(p_inflate(strm,flush)); - else - return(Z_MEM_ERROR); - } - -static int -stub_inflateInit_(z_streamp strm, const char * version, int stream_size) - { - if ( p_inflateInit_ ) - return(p_inflateInit_(strm,version,stream_size)); - else - return(Z_MEM_ERROR); - } - -#endif /* ZLIB_SHARED */ diff --git a/crypto/openssl/crypto/comp/comp.h b/crypto/openssl/crypto/comp/comp.h index ab48b78..5d59354 100644 --- a/crypto/openssl/crypto/comp/comp.h +++ b/crypto/openssl/crypto/comp/comp.h @@ -8,19 +8,26 @@ extern "C" { #endif +typedef struct comp_ctx_st COMP_CTX; + typedef struct comp_method_st { int type; /* NID for compression library */ const char *name; /* A text string to identify the library */ - int (*init)(); - void (*finish)(); - int (*compress)(); - int (*expand)(); - long (*ctrl)(); - long (*callback_ctrl)(); + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); } COMP_METHOD; -typedef struct comp_ctx_st +struct comp_ctx_st { COMP_METHOD *meth; unsigned long compress_in; @@ -29,7 +36,7 @@ typedef struct comp_ctx_st unsigned long expand_out; CRYPTO_EX_DATA ex_data; - } COMP_CTX; + }; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); diff --git a/crypto/openssl/crypto/comp/comp_err.c b/crypto/openssl/crypto/comp/comp_err.c index 1652b8c2..bf7aa3a 100644 --- a/crypto/openssl/crypto/comp/comp_err.c +++ b/crypto/openssl/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* crypto/comp/comp_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,6 +64,10 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) + static ERR_STRING_DATA COMP_str_functs[]= { {0,NULL} @@ -84,8 +88,8 @@ void ERR_load_COMP_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_COMP,COMP_str_functs); - ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons); + ERR_load_strings(0,COMP_str_functs); + ERR_load_strings(0,COMP_str_reasons); #endif } diff --git a/crypto/openssl/crypto/comp/comp_lib.c b/crypto/openssl/crypto/comp/comp_lib.c index beb98ce..b60ae37 100644 --- a/crypto/openssl/crypto/comp/comp_lib.c +++ b/crypto/openssl/crypto/comp/comp_lib.c @@ -20,17 +20,11 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) OPENSSL_free(ret); ret=NULL; } -#if 0 - else - CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); -#endif return(ret); } void COMP_CTX_free(COMP_CTX *ctx) { - /* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */ - if(ctx == NULL) return; diff --git a/crypto/openssl/crypto/conf/Makefile b/crypto/openssl/crypto/conf/Makefile index 155cc6c..78bb324 100644 --- a/crypto/openssl/crypto/conf/Makefile +++ b/crypto/openssl/crypto/conf/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/conf/Makefile +# OpenSSL/crypto/conf/Makefile # DIR= conf @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -54,7 +49,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -69,6 +65,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: @@ -84,98 +81,72 @@ conf_api.o: ../../e_os.h ../../include/openssl/bio.h conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_api.o: conf_api.c +conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_api.o: ../../include/openssl/symhacks.h conf_api.c conf_def.o: ../../e_os.h ../../include/openssl/bio.h conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_def.o: ../cryptlib.h conf_def.c conf_def.h +conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c +conf_def.o: conf_def.h conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h conf_err.o: ../../include/openssl/opensslconf.h -conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_err.o: conf_err.c +conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_err.o: ../../include/openssl/symhacks.h conf_err.c conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_lib.o: conf_lib.c -conf_mall.o: ../../e_os.h ../../include/openssl/aes.h -conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +conf_lib.o: ../../include/openssl/symhacks.h conf_lib.c +conf_mall.o: ../../e_os.h ../../include/openssl/asn1.h +conf_mall.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -conf_mall.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -conf_mall.o: ../../include/openssl/engine.h ../../include/openssl/err.h -conf_mall.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -conf_mall.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -conf_mall.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h +conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h conf_mall.o: ../../include/openssl/objects.h conf_mall.o: ../../include/openssl/opensslconf.h conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -conf_mall.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -conf_mall.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_mall.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c -conf_mod.o: ../../e_os.h ../../include/openssl/aes.h -conf_mod.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -conf_mod.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h +conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -conf_mod.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -conf_mod.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_mod.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -conf_mod.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -conf_mod.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h conf_mod.o: ../../include/openssl/opensslconf.h conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -conf_mod.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -conf_mod.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_mod.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_mod.o: ../cryptlib.h conf_mod.c -conf_sap.o: ../../e_os.h ../../include/openssl/aes.h -conf_sap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -conf_sap.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +conf_mod.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +conf_mod.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mod.c +conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h +conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -conf_sap.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h -conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -conf_sap.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -conf_sap.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h +conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -conf_sap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -conf_sap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_sap.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c diff --git a/crypto/openssl/crypto/conf/conf.h b/crypto/openssl/crypto/conf/conf.h index f467144..4c073dd 100644 --- a/crypto/openssl/crypto/conf/conf.h +++ b/crypto/openssl/crypto/conf/conf.h @@ -65,6 +65,8 @@ #include #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -81,7 +83,6 @@ DECLARE_STACK_OF(CONF_MODULE) DECLARE_STACK_OF(CONF_IMODULE) struct conf_st; -typedef struct conf_st CONF; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; @@ -212,6 +213,8 @@ void ERR_load_CONF_strings(void); #define CONF_F_CONF_LOAD_BIO 102 #define CONF_F_CONF_LOAD_FP 103 #define CONF_F_CONF_MODULES_LOAD 116 +#define CONF_F_DEF_LOAD 120 +#define CONF_F_DEF_LOAD_BIO 121 #define CONF_F_MODULE_INIT 115 #define CONF_F_MODULE_LOAD_DSO 117 #define CONF_F_MODULE_RUN 118 diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c index b5a876a..8083a00 100644 --- a/crypto/openssl/crypto/conf/conf_def.c +++ b/crypto/openssl/crypto/conf/conf_def.c @@ -60,6 +60,7 @@ #include #include +#include "cryptlib.h" #include #include #include @@ -67,7 +68,6 @@ #include "conf_def.h" #include #include -#include "cryptlib.h" static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); @@ -194,9 +194,9 @@ static int def_load(CONF *conf, const char *name, long *line) if (in == NULL) { if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) - CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE); + CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE); else - CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); + CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB); return 0; } @@ -225,28 +225,28 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if ((buff=BUF_MEM_new()) == NULL) { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); + CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); goto err; } section=(char *)OPENSSL_malloc(10); if (section == NULL) { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); + CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); goto err; } BUF_strlcpy(section,"default",10); if (_CONF_new_data(conf) == 0) { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); + CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); goto err; } sv=_CONF_new_section(conf,section); if (sv == NULL) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } @@ -258,7 +258,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) { if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); + CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); goto err; } p= &(buff->data[bufnum]); @@ -329,7 +329,7 @@ again: ss=p; goto again; } - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); goto err; } @@ -339,7 +339,7 @@ again: sv=_CONF_new_section(conf,section); if (sv == NULL) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } @@ -362,7 +362,7 @@ again: p=eat_ws(conf, end); if (*p != '=') { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); goto err; } @@ -379,7 +379,7 @@ again: if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -388,7 +388,7 @@ again: v->value=NULL; if (v->name == NULL) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -402,7 +402,7 @@ again: tv=_CONF_new_section(conf,psection); if (tv == NULL) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } @@ -416,7 +416,7 @@ again: #if 1 if (_CONF_add_string(conf, tv, v) == 0) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -424,7 +424,7 @@ again: v->section=tv->section; if (!sk_CONF_VALUE_push(ts,v)) { - CONFerr(CONF_F_CONF_LOAD_BIO, + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) e++; } /* So at this point we have - * ns which is the start of the name string which is + * np which is the start of the name string which is * '\0' terminated. - * cs which is the start of the section string which is + * cp which is the start of the section string which is * '\0' terminated. * e is the 'next point after'. - * r and s are the chars replaced by the '\0' - * rp and sp is where 'r' and 's' came from. + * r and rr are the chars replaced by the '\0' + * rp and rrp is where 'r' and 'rr' came from. */ p=_CONF_get_string(conf,cp,np); if (rrp != NULL) *rrp=rr; @@ -629,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); while (*p) buf->data[to++]= *(p++); @@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) points at. /RL */ len -= e-from; from=e; + + /* In case there were no braces or parenthesis around + the variable reference, we have to put back the + character that was replaced with a '\0'. /RL */ + *rp = r; } else buf->data[to++]= *(from++); diff --git a/crypto/openssl/crypto/conf/conf_err.c b/crypto/openssl/crypto/conf/conf_err.c index ee07bfe..6250689 100644 --- a/crypto/openssl/crypto/conf/conf_err.c +++ b/crypto/openssl/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* crypto/conf/conf_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,47 +64,53 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) + static ERR_STRING_DATA CONF_str_functs[]= { -{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"}, -{ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, -{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"}, -{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"}, -{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"}, -{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"}, -{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"}, -{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"}, -{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, -{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, -{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, -{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"}, -{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"}, -{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"}, -{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"}, -{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"}, -{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"}, -{ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"}, -{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, +{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, +{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, +{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, +{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, +{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, +{ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, +{ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, +{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, +{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, +{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, +{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, +{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, +{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, +{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, +{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, +{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, +{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"}, +{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, +{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, +{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, +{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, {0,NULL} }; static ERR_STRING_DATA CONF_str_reasons[]= { -{CONF_R_ERROR_LOADING_DSO ,"error loading dso"}, -{CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, -{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, -{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"}, -{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"}, -{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"}, -{CONF_R_NO_CLOSE_BRACE ,"no close brace"}, -{CONF_R_NO_CONF ,"no conf"}, -{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, -{CONF_R_NO_SECTION ,"no section"}, -{CONF_R_NO_SUCH_FILE ,"no such file"}, -{CONF_R_NO_VALUE ,"no value"}, -{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, -{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"}, -{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, +{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"}, +{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"}, +{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"}, +{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"}, +{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"}, +{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"}, +{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"}, +{ERR_REASON(CONF_R_NO_CONF) ,"no conf"}, +{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"}, +{ERR_REASON(CONF_R_NO_SECTION) ,"no section"}, +{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"}, +{ERR_REASON(CONF_R_NO_VALUE) ,"no value"}, +{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"}, +{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"}, +{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"}, {0,NULL} }; @@ -118,8 +124,8 @@ void ERR_load_CONF_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_CONF,CONF_str_functs); - ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons); + ERR_load_strings(0,CONF_str_functs); + ERR_load_strings(0,CONF_str_reasons); #endif } diff --git a/crypto/openssl/crypto/conf/conf_lib.c b/crypto/openssl/crypto/conf/conf_lib.c index 6a3cf10..a55a545 100644 --- a/crypto/openssl/crypto/conf/conf_lib.c +++ b/crypto/openssl/crypto/conf/conf_lib.c @@ -184,7 +184,7 @@ long CONF_get_number(LHASH *conf,const char *group,const char *name) if (status == 0) { /* This function does not believe in errors... */ - ERR_get_error(); + ERR_clear_error(); } return result; } diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c index d45adea..587211a 100644 --- a/crypto/openssl/crypto/conf/conf_mod.c +++ b/crypto/openssl/crypto/conf/conf_mod.c @@ -231,7 +231,7 @@ static int module_run(const CONF *cnf, char *name, char *value, if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret)+1]; - CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); + CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } @@ -254,7 +254,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, path = NCONF_get_string(cnf, value, "path"); if (!path) { - ERR_get_error(); + ERR_clear_error(); path = name; } dso = DSO_load(NULL, path, NULL, 0); diff --git a/crypto/openssl/crypto/cpt_err.c b/crypto/openssl/crypto/cpt_err.c index 1b4a1cb..06a6109 100644 --- a/crypto/openssl/crypto/cpt_err.c +++ b/crypto/openssl/crypto/cpt_err.c @@ -1,6 +1,6 @@ /* crypto/cpt_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,23 +64,27 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) + static ERR_STRING_DATA CRYPTO_str_functs[]= { -{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"}, -{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"}, -{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"}, -{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"}, -{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"}, -{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"}, -{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"}, -{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"}, -{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"}, +{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, +{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, +{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, +{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, +{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, +{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, +{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, +{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, +{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, {0,NULL} }; static ERR_STRING_DATA CRYPTO_str_reasons[]= { -{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"}, +{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"}, {0,NULL} }; @@ -94,8 +98,8 @@ void ERR_load_CRYPTO_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs); - ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons); + ERR_load_strings(0,CRYPTO_str_functs); + ERR_load_strings(0,CRYPTO_str_reasons); #endif } diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index b8e700c..315559c 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -1,4 +1,57 @@ /* crypto/cryptlib.c */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,11 +108,13 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ -#include -#include #include "cryptlib.h" -#include #include #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) @@ -104,10 +159,14 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "dynlock", "engine", "ui", - "hwcrhk", /* This is a HACK which will disappear in 0.9.8 */ - "fips", - "fips2", -#if CRYPTO_NUM_LOCKS != 35 + "ecdsa", + "ec", + "ecdh", + "bn", + "ec_pre_comp", + "store", + "comp", +#if CRYPTO_NUM_LOCKS != 39 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; @@ -480,18 +539,74 @@ const char *CRYPTO_get_lock_name(int type) return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); } -#ifdef _DLL -#ifdef OPENSSL_SYS_WIN32 +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) + +unsigned long OPENSSL_ia32cap_P=0; +unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } + +#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +#define OPENSSL_CPUID_SETUP +void OPENSSL_cpuid_setup(void) +{ static int trigger=0; + unsigned long OPENSSL_ia32_cpuid(void); + char *env; + + if (trigger) return; + + trigger=1; + if ((env=getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10); + else + OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10); + /* + * |(1<<10) sets a reserved bit to signal that variable + * was initialized already... This is to avoid interference + * with cpuid snippets in ELF .init segment. + */ +} +#endif + +#else +unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } +#endif +int OPENSSL_NONPIC_relocated = 0; +#if !defined(OPENSSL_CPUID_SETUP) +void OPENSSL_cpuid_setup(void) {} +#endif + +#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) +#ifdef __CYGWIN__ +/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ +#include +#endif /* All we really need to do is remove the 'error' state when a thread * detaches */ -BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, +BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch(fdwReason) { case DLL_PROCESS_ATTACH: + OPENSSL_cpuid_setup(); +#if defined(_WIN32_WINNT) + { + IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; + IMAGE_NT_HEADERS *nt_headers; + + if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) + { + nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header + + dos_header->e_lfanew); + if (nt_headers->Signature==IMAGE_NT_SIGNATURE && + hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase)) + OPENSSL_NONPIC_relocated=1; + } + } +#endif break; case DLL_THREAD_ATTACH: break; @@ -505,131 +620,139 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, } #endif -#endif +#if defined(_WIN32) && !defined(__CYGWIN__) +#include -void OpenSSLDie(const char *file,int line,const char *assertion) - { - fprintf(stderr, - "%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); - abort(); - } +#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 +int OPENSSL_isservice(void) +{ HWINSTA h; + DWORD len; + WCHAR *name; -#ifdef OPENSSL_FIPS -static int fips_started = 0; -static int fips_mode = 0; -static void *fips_rand_check = 0; -static unsigned long fips_thread = 0; + (void)GetDesktopWindow(); /* return value is ignored */ -void fips_set_started(void) - { - fips_started = 1; - } + h = GetProcessWindowStation(); + if (h==NULL) return -1; -int fips_is_started(void) - { - return fips_started; - } - -int fips_is_owning_thread(void) - { - int ret = 0; - - if (fips_is_started()) - { - CRYPTO_r_lock(CRYPTO_LOCK_FIPS2); - if (fips_thread != 0 && fips_thread == CRYPTO_thread_id()) - ret = 1; - CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2); - } - return ret; - } - -int fips_set_owning_thread(void) - { - int ret = 0; + if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) || + GetLastError() != ERROR_INSUFFICIENT_BUFFER) + return -1; - if (fips_is_started()) - { - CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); - if (fips_thread == 0) - { - fips_thread = CRYPTO_thread_id(); - ret = 1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); - } - return ret; - } - -int fips_clear_owning_thread(void) - { - int ret = 0; - - if (fips_is_started()) - { - CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); - if (fips_thread == CRYPTO_thread_id()) - { - fips_thread = 0; - ret = 1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); - } - return ret; - } - -void fips_set_mode(int onoff) - { - int owning_thread = fips_is_owning_thread(); - - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); - fips_mode = onoff; - if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); - } - } + if (len>512) return -1; /* paranoia */ + len++,len&=~1; /* paranoia */ +#ifdef _MSC_VER + name=(WCHAR *)_alloca(len+sizeof(WCHAR)); +#else + name=(WCHAR *)alloca(len+sizeof(WCHAR)); +#endif + if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) + return -1; + + len++,len&=~1; /* paranoia */ + name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */ +#if 1 + /* This doesn't cover "interactive" services [working with real + * WinSta0's] nor programs started non-interactively by Task + * Scheduler [those are working with SAWinSta]. */ + if (wcsstr(name,L"Service-0x")) return 1; +#else + /* This covers all non-interactive programs such as services. */ + if (!wcsstr(name,L"WinSta0")) return 1; +#endif + else return 0; +} +#else +int OPENSSL_isservice(void) { return 0; } +#endif -void fips_set_rand_check(void *rand_check) - { - int owning_thread = fips_is_owning_thread(); +void OPENSSL_showfatal (const char *fmta,...) +{ va_list ap; + TCHAR buf[256]; + const TCHAR *fmt; +#ifdef STD_ERROR_HANDLE /* what a dirty trick! */ + HANDLE h; + + if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && + GetFileType(h)!=FILE_TYPE_UNKNOWN) + { /* must be console application */ + va_start (ap,fmta); + vfprintf (stderr,fmta,ap); + va_end (ap); + return; + } +#endif - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); - fips_rand_check = rand_check; - if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); - } - } + if (sizeof(TCHAR)==sizeof(char)) + fmt=(const TCHAR *)fmta; + else do + { int keepgoing; + size_t len_0=strlen(fmta)+1,i; + WCHAR *fmtw; -int FIPS_mode(void) - { - int ret = 0; - int owning_thread = fips_is_owning_thread(); +#ifdef _MSC_VER + fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); +#else + fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); +#endif + if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); - ret = fips_mode; - if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); +#ifndef OPENSSL_NO_MULTIBYTE + if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0)) +#endif + for (i=0;i=0x0333 + /* this -------------v--- guards NT-specific calls */ + if (GetVersion() < 0x80000000 && OPENSSL_isservice()) + { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); + const TCHAR *pmsg=buf; + ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); + DeregisterEventSource(h); + } + else +#endif + MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); +} +#else +void OPENSSL_showfatal (const char *fmta,...) +{ va_list ap; + + va_start (ap,fmta); + vfprintf (stderr,fmta,ap); + va_end (ap); +} +int OPENSSL_isservice (void) { return 0; } +#endif -void *FIPS_rand_check(void) +void OpenSSLDie(const char *file,int line,const char *assertion) { - void *ret = 0; - int owning_thread = fips_is_owning_thread(); - - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); - ret = fips_rand_check; - if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); - } - return ret; + OPENSSL_showfatal( + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); } -#endif /* OPENSSL_FIPS */ - +void *OPENSSL_stderr(void) { return stderr; } diff --git a/crypto/openssl/crypto/cryptlib.h b/crypto/openssl/crypto/cryptlib.h index 0d6b9d5..5ceaa96 100644 --- a/crypto/openssl/crypto/cryptlib.h +++ b/crypto/openssl/crypto/cryptlib.h @@ -64,6 +64,11 @@ #include "e_os.h" +#ifdef OPENSSL_USE_APPLINK +#define BIO_FLAGS_UPLINK 0x8000 +#include "ms/uplink.h" +#endif + #include #include #include @@ -93,6 +98,13 @@ extern "C" { #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) #define HEX_SIZE(type) (sizeof(type)*2) +void OPENSSL_cpuid_setup(void); +extern unsigned long OPENSSL_ia32cap_P; +void OPENSSL_showfatal(const char *,...); +void *OPENSSL_stderr(void); +extern int OPENSSL_NONPIC_relocated; +int OPENSSL_isservice(void); + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/crypto.h b/crypto/openssl/crypto/crypto.h index b779a14..d2b5ffe 100644 --- a/crypto/openssl/crypto/crypto.h +++ b/crypto/openssl/crypto/crypto.h @@ -1,4 +1,57 @@ /* crypto/crypto.h */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,12 +108,19 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_CRYPTO_H #define HEADER_CRYPTO_H #include +#include + #ifndef OPENSSL_NO_FP_API #include #endif @@ -68,6 +128,7 @@ #include #include #include +#include #ifdef CHARSET_EBCDIC #include @@ -92,15 +153,39 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 +/* Already declared in ossl_typ.h */ +#if 0 +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Called when a new object is created */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when an object is free()ed */ +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when we need to dup an object */ +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); +#endif + +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st + { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ + } OPENSSL_ITEM; + + /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock * names in cryptlib.c */ -#define CRYPTO_LOCK_ERR 1 -#define CRYPTO_LOCK_EX_DATA 2 -#define CRYPTO_LOCK_X509 3 -#define CRYPTO_LOCK_X509_INFO 4 -#define CRYPTO_LOCK_X509_PKEY 5 +#define CRYPTO_LOCK_ERR 1 +#define CRYPTO_LOCK_EX_DATA 2 +#define CRYPTO_LOCK_X509 3 +#define CRYPTO_LOCK_X509_INFO 4 +#define CRYPTO_LOCK_X509_PKEY 5 #define CRYPTO_LOCK_X509_CRL 6 #define CRYPTO_LOCK_X509_REQ 7 #define CRYPTO_LOCK_DSA 8 @@ -127,10 +212,14 @@ extern "C" { #define CRYPTO_LOCK_DYNLOCK 29 #define CRYPTO_LOCK_ENGINE 30 #define CRYPTO_LOCK_UI 31 -#define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ -#define CRYPTO_LOCK_FIPS 33 -#define CRYPTO_LOCK_FIPS2 34 -#define CRYPTO_NUM_LOCKS 35 +#define CRYPTO_LOCK_ECDSA 32 +#define CRYPTO_LOCK_EC 33 +#define CRYPTO_LOCK_ECDH 34 +#define CRYPTO_LOCK_BN 35 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_NUM_LOCKS 39 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -191,21 +280,11 @@ typedef struct /* predec of the BIO type */ typedef struct bio_st BIO_dummy; -typedef struct crypto_ex_data_st +struct crypto_ex_data_st { STACK *sk; int dummy; /* gcc is screwing up this data structure :-( */ - } CRYPTO_EX_DATA; - -/* Called when a new object is created */ -typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when an object is free()ed */ -typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when we need to dup an object */ -typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); + }; /* This stuff is basically class callback functions * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ @@ -237,6 +316,10 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) #define CRYPTO_EX_INDEX_ENGINE 9 #define CRYPTO_EX_INDEX_X509 10 #define CRYPTO_EX_INDEX_UI 11 +#define CRYPTO_EX_INDEX_ECDSA 12 +#define CRYPTO_EX_INDEX_ECDH 13 +#define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 /* Dynamically assigned indexes start from this value (don't use directly, use * via CRYPTO_ex_data_new_class). */ @@ -434,12 +517,10 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); /* die if we have to */ void OpenSSLDie(const char *file,int line,const char *assertion); -#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) +#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) -#ifdef OPENSSL_FIPS -int FIPS_mode(void); -void *FIPS_rand_check(void); -#endif /* def OPENSSL_FIPS */ +unsigned long *OPENSSL_ia32cap_loc(void); +#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/openssl/crypto/cversion.c b/crypto/openssl/crypto/cversion.c index beeeb14..ea9f25f 100644 --- a/crypto/openssl/crypto/cversion.c +++ b/crypto/openssl/crypto/cversion.c @@ -56,10 +56,7 @@ * [including the GNU Public Licence.] */ -#include -#include #include "cryptlib.h" -#include #ifndef NO_WINDOWS_BRAINDEATH #include "buildinf.h" diff --git a/crypto/openssl/crypto/des/FILES0 b/crypto/openssl/crypto/des/FILES0 index 1c2e1f7..4c7ea2d 100644 --- a/crypto/openssl/crypto/des/FILES0 +++ b/crypto/openssl/crypto/des/FILES0 @@ -8,7 +8,7 @@ README - What this package is. VERSION - Which version this is and what was changed. KERBEROS - Kerberos version 4 notes. Makefile.PL - An old makefile to build with perl5, not current. -Makefile - The SSLeay makefile +Makefile.ssl - The SSLeay makefile Makefile.uni - The normal unix makefile. GNUmakefile - The makefile for use with glibc. makefile.bc - A Borland C makefile diff --git a/crypto/openssl/crypto/des/Makefile b/crypto/openssl/crypto/des/Makefile index b6c2b9a..523dfe3 100644 --- a/crypto/openssl/crypto/des/Makefile +++ b/crypto/openssl/crypto/des/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/des/Makefile +# OpenSSL/crypto/des/Makefile # DIR= des @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES=-I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r RANLIB= ranlib @@ -22,6 +17,7 @@ DES_ENC= des_enc.o fcrypt_b.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=destest.c @@ -65,32 +61,24 @@ lib: $(LIBOBJ) des: des.o cbc3_enc.o lib $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) -# elf -asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s) - -asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s) - +des_enc-sparc.S: asm/des_enc.m4 + m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S + +# ELF +dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@) +yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@) +# COFF +dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@) +yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@) # a.out -asm/dx86-out.o: asm/dx86unix.cpp - $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o - -asm/yx86-out.o: asm/yx86unix.cpp - $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o - -# bsdi -asm/dx86bsdi.o: asm/dx86unix.cpp - $(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o - -asm/yx86bsdi.o: asm/yx86unix.cpp - $(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o - -asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp) - -asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp) +dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@) +yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -100,10 +88,12 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) -install: installs - -installs: - @for i in $(EXHEADER) ; \ +# We need to use force because 'install' matches 'INSTALL' on case +# insensitive systems +FRC.install: +install: FRC.install + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -118,6 +108,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -125,83 +116,77 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cbc_cksm.o: ../../include/openssl/opensslconf.h -cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cbc_cksm.o: cbc_cksm.c des_locl.h -cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c -cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c +cfb64ede.o: ../../e_os.h ../../include/openssl/des.h cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h cfb64ede.o: ../../include/openssl/opensslconf.h -cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64ede.o: cfb64ede.c des_locl.h -cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb64enc.o: ../../include/openssl/opensslconf.h -cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64enc.o: cfb64enc.c des_locl.h -cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h -cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -cfb_enc.o: cfb_enc.c des_locl.h -des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c -des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cfb_enc.o: ../../e_os.h ../../include/openssl/des.h +cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h +cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h +des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +des_enc.o: des_enc.c des_locl.h ncbc_enc.c +des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h des_old.o: ../../include/openssl/ui_compat.h des_old.c -des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -des_old2.o: ../../include/openssl/opensslconf.h -des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -des_old2.o: des_old2.c -ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ecb3_enc.o: ../../include/openssl/opensslconf.h -ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +des_old2.o: ../../include/openssl/ui_compat.h des_old2.c +ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ecb3_enc.o: des_locl.h ecb3_enc.c ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h -ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c +ecb_enc.o: spr.h +ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ede_cbcm_enc.o: ../../include/openssl/e_os2.h ede_cbcm_enc.o: ../../include/openssl/opensslconf.h -ede_cbcm_enc.o: ../../include/openssl/opensslv.h +ede_cbcm_enc.o: ../../include/openssl/ossl_typ.h ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c @@ -210,10 +195,11 @@ enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -enc_read.o: ../cryptlib.h des_locl.h enc_read.c +enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +enc_read.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h +enc_read.o: enc_read.c enc_writ.o: ../../e_os.h ../../include/openssl/bio.h enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h @@ -224,91 +210,83 @@ enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c -fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c -fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -fcrypt_b.o: ../../include/openssl/opensslconf.h -fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +fcrypt.o: des_locl.h fcrypt.c +fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h fcrypt_b.o: des_locl.h fcrypt_b.c -ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ofb64ede.o: ../../include/openssl/opensslconf.h -ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ofb64ede.o: des_locl.h ofb64ede.c -ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ofb64enc.o: ../../include/openssl/opensslconf.h -ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ofb64enc.o: des_locl.h ofb64enc.c -ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c -pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -pcbc_enc.o: ../../include/openssl/opensslconf.h -pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +ofb_enc.o: des_locl.h ofb_enc.c +pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h pcbc_enc.o: des_locl.h pcbc_enc.c -qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -qud_cksm.o: ../../include/openssl/opensslconf.h -qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h qud_cksm.o: des_locl.h qud_cksm.c -rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -rand_key.o: ../../include/openssl/opensslconf.h -rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_key.o: rand_key.c +rand_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rand_key.o: ../../include/openssl/ui_compat.h rand_key.c read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h read2pwd.o: ../../include/openssl/opensslconf.h -read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -read2pwd.o: read2pwd.c -rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h -rpc_enc.o: rpc_enc.c -set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c +read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c +rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c +set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c -xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -xcbc_enc.o: ../../include/openssl/opensslconf.h -xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +str2key.o: des_locl.h str2key.c +xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h xcbc_enc.o: des_locl.h xcbc_enc.c diff --git a/crypto/openssl/crypto/des/asm/des_enc.m4 b/crypto/openssl/crypto/des/asm/des_enc.m4 new file mode 100644 index 0000000..f5b1928 --- /dev/null +++ b/crypto/openssl/crypto/des/asm/des_enc.m4 @@ -0,0 +1,1980 @@ +! des_enc.m4 +! des_enc.S (generated from des_enc.m4) +! +! UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file. +! +! Version 1.0. 32-bit version. +! +! June 8, 2000. +! +! Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation +! by Andy Polyakov. +! +! January 1, 2003. +! +! Assembler version: Copyright Svend Olaf Mikkelsen. +! +! Original C code: Copyright Eric A. Young. +! +! This code can be freely used by LibDES/SSLeay/OpenSSL users. +! +! The LibDES/SSLeay/OpenSSL copyright notices must be respected. +! +! This version can be redistributed. +! +! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S +! +! Global registers 1 to 5 are used. This is the same as done by the +! cc compiler. The UltraSPARC load/store little endian feature is used. +! +! Instruction grouping often refers to one CPU cycle. +! +! Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S +! +! Assemble through cc: cc -c -xarch=v8plusa -o des_enc.o des_enc.S +! +! Performance improvement according to './apps/openssl speed des' +! +! 32-bit build: +! 23% faster than cc-5.2 -xarch=v8plus -xO5 +! 115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5 +! 64-bit build: +! 50% faster than cc-5.2 -xarch=v9 -xO5 +! 100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5 +! + +.ident "des_enc.m4 2.1" + +#if defined(__SUNPRO_C) && defined(__sparcv9) +# define ABI64 /* They've said -xarch=v9 at command line */ +#elif defined(__GNUC__) && defined(__arch64__) +# define ABI64 /* They've said -m64 at command line */ +#endif + +#ifdef ABI64 + .register %g2,#scratch + .register %g3,#scratch +# define FRAME -192 +# define BIAS 2047 +# define LDPTR ldx +# define STPTR stx +# define ARG0 128 +# define ARGSZ 8 +# ifndef OPENSSL_SYSNAME_ULTRASPARC +# define OPENSSL_SYSNAME_ULTRASPARC +# endif +#else +# define FRAME -96 +# define BIAS 0 +# define LDPTR ld +# define STPTR st +# define ARG0 68 +# define ARGSZ 4 +#endif + +#define LOOPS 7 + +#define global0 %g0 +#define global1 %g1 +#define global2 %g2 +#define global3 %g3 +#define global4 %g4 +#define global5 %g5 + +#define local0 %l0 +#define local1 %l1 +#define local2 %l2 +#define local3 %l3 +#define local4 %l4 +#define local5 %l5 +#define local7 %l6 +#define local6 %l7 + +#define in0 %i0 +#define in1 %i1 +#define in2 %i2 +#define in3 %i3 +#define in4 %i4 +#define in5 %i5 +#define in6 %i6 +#define in7 %i7 + +#define out0 %o0 +#define out1 %o1 +#define out2 %o2 +#define out3 %o3 +#define out4 %o4 +#define out5 %o5 +#define out6 %o6 +#define out7 %o7 + +#define stub stb + +changequote({,}) + + +! Macro definitions: + + +! {ip_macro} +! +! The logic used in initial and final permutations is the same as in +! the C code. The permutations are done with a clever shift, xor, and +! technique. +! +! The macro also loads address sbox 1 to 5 to global 1 to 5, address +! sbox 6 to local6, and addres sbox 8 to out3. +! +! Rotates the halfs 3 left to bring the sbox bits in convenient positions. +! +! Loads key first round from address in parameter 5 to out0, out1. +! +! After the the original LibDES initial permutation, the resulting left +! is in the variable initially used for right and vice versa. The macro +! implements the possibility to keep the halfs in the original registers. +! +! parameter 1 left +! parameter 2 right +! parameter 3 result left (modify in first round) +! parameter 4 result right (use in first round) +! parameter 5 key address +! parameter 6 1/2 for include encryption/decryption +! parameter 7 1 for move in1 to in3 +! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 +! parameter 9 1 for load ks3 and ks2 to in4 and in3 + +define(ip_macro, { + +! {ip_macro} +! $1 $2 $4 $3 $5 $6 $7 $8 $9 + + ld [out2+256], local1 + srl $2, 4, local4 + + xor local4, $1, local4 + ifelse($7,1,{mov in1, in3},{nop}) + + ld [out2+260], local2 + and local4, local1, local4 + ifelse($8,1,{mov in3, in4},{}) + ifelse($8,2,{mov in4, in3},{}) + + ld [out2+280], out4 ! loop counter + sll local4, 4, local1 + xor $1, local4, $1 + + ld [out2+264], local3 + srl $1, 16, local4 + xor $2, local1, $2 + + ifelse($9,1,{LDPTR KS3, in4},{}) + xor local4, $2, local4 + nop !sethi %hi(DES_SPtrans), global1 ! sbox addr + + ifelse($9,1,{LDPTR KS2, in3},{}) + and local4, local2, local4 + nop !or global1, %lo(DES_SPtrans), global1 ! sbox addr + + sll local4, 16, local1 + xor $2, local4, $2 + + srl $2, 2, local4 + xor $1, local1, $1 + + sethi %hi(16711680), local5 + xor local4, $1, local4 + + and local4, local3, local4 + or local5, 255, local5 + + sll local4, 2, local2 + xor $1, local4, $1 + + srl $1, 8, local4 + xor $2, local2, $2 + + xor local4, $2, local4 + add global1, 768, global4 + + and local4, local5, local4 + add global1, 1024, global5 + + ld [out2+272], local7 + sll local4, 8, local1 + xor $2, local4, $2 + + srl $2, 1, local4 + xor $1, local1, $1 + + ld [$5], out0 ! key 7531 + xor local4, $1, local4 + add global1, 256, global2 + + ld [$5+4], out1 ! key 8642 + and local4, local7, local4 + add global1, 512, global3 + + sll local4, 1, local1 + xor $1, local4, $1 + + sll $1, 3, local3 + xor $2, local1, $2 + + sll $2, 3, local2 + add global1, 1280, local6 ! address sbox 8 + + srl $1, 29, local4 + add global1, 1792, out3 ! address sbox 8 + + srl $2, 29, local1 + or local4, local3, $4 + + or local2, local1, $3 + + ifelse($6, 1, { + + ld [out2+284], local5 ! 0x0000FC00 used in the rounds + or local2, local1, $3 + xor $4, out0, local1 + + call .des_enc.1 + and local1, 252, local1 + + },{}) + + ifelse($6, 2, { + + ld [out2+284], local5 ! 0x0000FC00 used in the rounds + or local2, local1, $3 + xor $4, out0, local1 + + call .des_dec.1 + and local1, 252, local1 + + },{}) +}) + + +! {rounds_macro} +! +! The logic used in the DES rounds is the same as in the C code, +! except that calculations for sbox 1 and sbox 5 begin before +! the previous round is finished. +! +! In each round one half (work) is modified based on key and the +! other half (use). +! +! In this version we do two rounds in a loop repeated 7 times +! and two rounds seperately. +! +! One half has the bits for the sboxes in the following positions: +! +! 777777xx555555xx333333xx111111xx +! +! 88xx666666xx444444xx222222xx8888 +! +! The bits for each sbox are xor-ed with the key bits for that box. +! The above xx bits are cleared, and the result used for lookup in +! the sbox table. Each sbox entry contains the 4 output bits permuted +! into 32 bits according to the P permutation. +! +! In the description of DES, left and right are switched after +! each round, except after last round. In this code the original +! left and right are kept in the same register in all rounds, meaning +! that after the 16 rounds the result for right is in the register +! originally used for left. +! +! parameter 1 first work (left in first round) +! parameter 2 first use (right in first round) +! parameter 3 enc/dec 1/-1 +! parameter 4 loop label +! parameter 5 key address register +! parameter 6 optional address for key next encryption/decryption +! parameter 7 not empty for include retl +! +! also compares in2 to 8 + +define(rounds_macro, { + +! {rounds_macro} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + xor $2, out0, local1 + + ld [out2+284], local5 ! 0x0000FC00 + ba $4 + and local1, 252, local1 + + .align 32 + +$4: + ! local6 is address sbox 6 + ! out3 is address sbox 8 + ! out4 is loop counter + + ld [global1+local1], local1 + xor $2, out1, out1 ! 8642 + xor $2, out0, out0 ! 7531 + fmovs %f0, %f0 ! fxor used for alignment + + srl out1, 4, local0 ! rotate 4 right + and out0, local5, local3 ! 3 + fmovs %f0, %f0 + + ld [$5+$3*8], local7 ! key 7531 next round + srl local3, 8, local3 ! 3 + and local0, 252, local2 ! 2 + fmovs %f0, %f0 + + ld [global3+local3],local3 ! 3 + sll out1, 28, out1 ! rotate + xor $1, local1, $1 ! 1 finished, local1 now sbox 7 + + ld [global2+local2], local2 ! 2 + srl out0, 24, local1 ! 7 + or out1, local0, out1 ! rotate + + ldub [out2+local1], local1 ! 7 (and 0xFC) + srl out1, 24, local0 ! 8 + and out1, local5, local4 ! 4 + + ldub [out2+local0], local0 ! 8 (and 0xFC) + srl local4, 8, local4 ! 4 + xor $1, local2, $1 ! 2 finished local2 now sbox 6 + + ld [global4+local4],local4 ! 4 + srl out1, 16, local2 ! 6 + xor $1, local3, $1 ! 3 finished local3 now sbox 5 + + ld [out3+local0],local0 ! 8 + and local2, 252, local2 ! 6 + add global1, 1536, local5 ! address sbox 7 + + ld [local6+local2], local2 ! 6 + srl out0, 16, local3 ! 5 + xor $1, local4, $1 ! 4 finished + + ld [local5+local1],local1 ! 7 + and local3, 252, local3 ! 5 + xor $1, local0, $1 ! 8 finished + + ld [global5+local3],local3 ! 5 + xor $1, local2, $1 ! 6 finished + subcc out4, 1, out4 + + ld [$5+$3*8+4], out0 ! key 8642 next round + xor $1, local7, local2 ! sbox 5 next round + xor $1, local1, $1 ! 7 finished + + srl local2, 16, local2 ! sbox 5 next round + xor $1, local3, $1 ! 5 finished + + ld [$5+$3*16+4], out1 ! key 8642 next round again + and local2, 252, local2 ! sbox5 next round +! next round + xor $1, local7, local7 ! 7531 + + ld [global5+local2], local2 ! 5 + srl local7, 24, local3 ! 7 + xor $1, out0, out0 ! 8642 + + ldub [out2+local3], local3 ! 7 (and 0xFC) + srl out0, 4, local0 ! rotate 4 right + and local7, 252, local1 ! 1 + + sll out0, 28, out0 ! rotate + xor $2, local2, $2 ! 5 finished local2 used + + srl local0, 8, local4 ! 4 + and local0, 252, local2 ! 2 + ld [local5+local3], local3 ! 7 + + srl local0, 16, local5 ! 6 + or out0, local0, out0 ! rotate + ld [global2+local2], local2 ! 2 + + srl out0, 24, local0 + ld [$5+$3*16], out0 ! key 7531 next round + and local4, 252, local4 ! 4 + + and local5, 252, local5 ! 6 + ld [global4+local4], local4 ! 4 + xor $2, local3, $2 ! 7 finished local3 used + + and local0, 252, local0 ! 8 + ld [local6+local5], local5 ! 6 + xor $2, local2, $2 ! 2 finished local2 now sbox 3 + + srl local7, 8, local2 ! 3 start + ld [out3+local0], local0 ! 8 + xor $2, local4, $2 ! 4 finished + + and local2, 252, local2 ! 3 + ld [global1+local1], local1 ! 1 + xor $2, local5, $2 ! 6 finished local5 used + + ld [global3+local2], local2 ! 3 + xor $2, local0, $2 ! 8 finished + add $5, $3*16, $5 ! enc add 8, dec add -8 to key pointer + + ld [out2+284], local5 ! 0x0000FC00 + xor $2, out0, local4 ! sbox 1 next round + xor $2, local1, $2 ! 1 finished + + xor $2, local2, $2 ! 3 finished +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bne,pt %icc, $4 +#else + bne $4 +#endif + and local4, 252, local1 ! sbox 1 next round + +! two rounds more: + + ld [global1+local1], local1 + xor $2, out1, out1 + xor $2, out0, out0 + + srl out1, 4, local0 ! rotate + and out0, local5, local3 + + ld [$5+$3*8], local7 ! key 7531 + srl local3, 8, local3 + and local0, 252, local2 + + ld [global3+local3],local3 + sll out1, 28, out1 ! rotate + xor $1, local1, $1 ! 1 finished, local1 now sbox 7 + + ld [global2+local2], local2 + srl out0, 24, local1 + or out1, local0, out1 ! rotate + + ldub [out2+local1], local1 + srl out1, 24, local0 + and out1, local5, local4 + + ldub [out2+local0], local0 + srl local4, 8, local4 + xor $1, local2, $1 ! 2 finished local2 now sbox 6 + + ld [global4+local4],local4 + srl out1, 16, local2 + xor $1, local3, $1 ! 3 finished local3 now sbox 5 + + ld [out3+local0],local0 + and local2, 252, local2 + add global1, 1536, local5 ! address sbox 7 + + ld [local6+local2], local2 + srl out0, 16, local3 + xor $1, local4, $1 ! 4 finished + + ld [local5+local1],local1 + and local3, 252, local3 + xor $1, local0, $1 + + ld [global5+local3],local3 + xor $1, local2, $1 ! 6 finished + cmp in2, 8 + + ifelse($6,{}, {}, {ld [out2+280], out4}) ! loop counter + xor $1, local7, local2 ! sbox 5 next round + xor $1, local1, $1 ! 7 finished + + ld [$5+$3*8+4], out0 + srl local2, 16, local2 ! sbox 5 next round + xor $1, local3, $1 ! 5 finished + + and local2, 252, local2 +! next round (two rounds more) + xor $1, local7, local7 ! 7531 + + ld [global5+local2], local2 + srl local7, 24, local3 + xor $1, out0, out0 ! 8642 + + ldub [out2+local3], local3 + srl out0, 4, local0 ! rotate + and local7, 252, local1 + + sll out0, 28, out0 ! rotate + xor $2, local2, $2 ! 5 finished local2 used + + srl local0, 8, local4 + and local0, 252, local2 + ld [local5+local3], local3 + + srl local0, 16, local5 + or out0, local0, out0 ! rotate + ld [global2+local2], local2 + + srl out0, 24, local0 + ifelse($6,{}, {}, {ld [$6], out0}) ! key next encryption/decryption + and local4, 252, local4 + + and local5, 252, local5 + ld [global4+local4], local4 + xor $2, local3, $2 ! 7 finished local3 used + + and local0, 252, local0 + ld [local6+local5], local5 + xor $2, local2, $2 ! 2 finished local2 now sbox 3 + + srl local7, 8, local2 ! 3 start + ld [out3+local0], local0 + xor $2, local4, $2 + + and local2, 252, local2 + ld [global1+local1], local1 + xor $2, local5, $2 ! 6 finished local5 used + + ld [global3+local2], local2 + srl $1, 3, local3 + xor $2, local0, $2 + + ifelse($6,{}, {}, {ld [$6+4], out1}) ! key next encryption/decryption + sll $1, 29, local4 + xor $2, local1, $2 + + ifelse($7,{}, {}, {retl}) + xor $2, local2, $2 +}) + + +! {fp_macro} +! +! parameter 1 right (original left) +! parameter 2 left (original right) +! parameter 3 1 for optional store to [in0] +! parameter 4 1 for load input/output address to local5/7 +! +! The final permutation logic switches the halfes, meaning that +! left and right ends up the the registers originally used. + +define(fp_macro, { + +! {fp_macro} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! initially undo the rotate 3 left done after initial permutation + ! original left is received shifted 3 right and 29 left in local3/4 + + sll $2, 29, local1 + or local3, local4, $1 + + srl $2, 3, $2 + sethi %hi(0x55555555), local2 + + or $2, local1, $2 + or local2, %lo(0x55555555), local2 + + srl $2, 1, local3 + sethi %hi(0x00ff00ff), local1 + xor local3, $1, local3 + or local1, %lo(0x00ff00ff), local1 + and local3, local2, local3 + sethi %hi(0x33333333), local4 + sll local3, 1, local2 + + xor $1, local3, $1 + + srl $1, 8, local3 + xor $2, local2, $2 + xor local3, $2, local3 + or local4, %lo(0x33333333), local4 + and local3, local1, local3 + sethi %hi(0x0000ffff), local1 + sll local3, 8, local2 + + xor $2, local3, $2 + + srl $2, 2, local3 + xor $1, local2, $1 + xor local3, $1, local3 + or local1, %lo(0x0000ffff), local1 + and local3, local4, local3 + sethi %hi(0x0f0f0f0f), local4 + sll local3, 2, local2 + + ifelse($4,1, {LDPTR INPUT, local5}) + xor $1, local3, $1 + + ifelse($4,1, {LDPTR OUTPUT, local7}) + srl $1, 16, local3 + xor $2, local2, $2 + xor local3, $2, local3 + or local4, %lo(0x0f0f0f0f), local4 + and local3, local1, local3 + sll local3, 16, local2 + + xor $2, local3, local1 + + srl local1, 4, local3 + xor $1, local2, $1 + xor local3, $1, local3 + and local3, local4, local3 + sll local3, 4, local2 + + xor $1, local3, $1 + + ! optional store: + + ifelse($3,1, {st $1, [in0]}) + + xor local1, local2, $2 + + ifelse($3,1, {st $2, [in0+4]}) + +}) + + +! {fp_ip_macro} +! +! Does initial permutation for next block mixed with +! final permutation for current block. +! +! parameter 1 original left +! parameter 2 original right +! parameter 3 left ip +! parameter 4 right ip +! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 +! 2: mov in4 to in3 +! +! also adds -8 to length in2 and loads loop counter to out4 + +define(fp_ip_macro, { + +! {fp_ip_macro} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + define({temp1},{out4}) + define({temp2},{local3}) + + define({ip1},{local1}) + define({ip2},{local2}) + define({ip4},{local4}) + define({ip5},{local5}) + + ! $1 in local3, local4 + + ld [out2+256], ip1 + sll out5, 29, temp1 + or local3, local4, $1 + + srl out5, 3, $2 + ifelse($5,2,{mov in4, in3}) + + ld [out2+272], ip5 + srl $4, 4, local0 + or $2, temp1, $2 + + srl $2, 1, temp1 + xor temp1, $1, temp1 + + and temp1, ip5, temp1 + xor local0, $3, local0 + + sll temp1, 1, temp2 + xor $1, temp1, $1 + + and local0, ip1, local0 + add in2, -8, in2 + + sll local0, 4, local7 + xor $3, local0, $3 + + ld [out2+268], ip4 + srl $1, 8, temp1 + xor $2, temp2, $2 + ld [out2+260], ip2 + srl $3, 16, local0 + xor $4, local7, $4 + xor temp1, $2, temp1 + xor local0, $4, local0 + and temp1, ip4, temp1 + and local0, ip2, local0 + sll temp1, 8, temp2 + xor $2, temp1, $2 + sll local0, 16, local7 + xor $4, local0, $4 + + srl $2, 2, temp1 + xor $1, temp2, $1 + + ld [out2+264], temp2 ! ip3 + srl $4, 2, local0 + xor $3, local7, $3 + xor temp1, $1, temp1 + xor local0, $3, local0 + and temp1, temp2, temp1 + and local0, temp2, local0 + sll temp1, 2, temp2 + xor $1, temp1, $1 + sll local0, 2, local7 + xor $3, local0, $3 + + srl $1, 16, temp1 + xor $2, temp2, $2 + srl $3, 8, local0 + xor $4, local7, $4 + xor temp1, $2, temp1 + xor local0, $4, local0 + and temp1, ip2, temp1 + and local0, ip4, local0 + sll temp1, 16, temp2 + xor $2, temp1, local4 + sll local0, 8, local7 + xor $4, local0, $4 + + srl $4, 1, local0 + xor $3, local7, $3 + + srl local4, 4, temp1 + xor local0, $3, local0 + + xor $1, temp2, $1 + and local0, ip5, local0 + + sll local0, 1, local7 + xor temp1, $1, temp1 + + xor $3, local0, $3 + xor $4, local7, $4 + + sll $3, 3, local5 + and temp1, ip1, temp1 + + sll temp1, 4, temp2 + xor $1, temp1, $1 + + ifelse($5,1,{LDPTR KS2, in4}) + sll $4, 3, local2 + xor local4, temp2, $2 + + ! reload since used as temporar: + + ld [out2+280], out4 ! loop counter + + srl $3, 29, local0 + ifelse($5,1,{add in4, 120, in4}) + + ifelse($5,1,{LDPTR KS1, in3}) + srl $4, 29, local7 + + or local0, local5, $4 + or local2, local7, $3 + +}) + + + +! {load_little_endian} +! +! parameter 1 address +! parameter 2 destination left +! parameter 3 destination right +! parameter 4 temporar +! parameter 5 label + +define(load_little_endian, { + +! {load_little_endian} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! first in memory to rightmost in register + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + andcc $1, 3, global0 + bne,pn %icc, $5 + nop + + lda [$1] 0x88, $2 + add $1, 4, $4 + + ba,pt %icc, $5a + lda [$4] 0x88, $3 +#endif + +$5: + ldub [$1+3], $2 + + ldub [$1+2], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+1], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+0], $4 + sll $2, 8, $2 + or $2, $4, $2 + + + ldub [$1+3+4], $3 + + ldub [$1+2+4], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+1+4], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+0+4], $4 + sll $3, 8, $3 + or $3, $4, $3 +$5a: + +}) + + +! {load_little_endian_inc} +! +! parameter 1 address +! parameter 2 destination left +! parameter 3 destination right +! parameter 4 temporar +! parameter 4 label +! +! adds 8 to address + +define(load_little_endian_inc, { + +! {load_little_endian_inc} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! first in memory to rightmost in register + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + andcc $1, 3, global0 + bne,pn %icc, $5 + nop + + lda [$1] 0x88, $2 + add $1, 4, $1 + + lda [$1] 0x88, $3 + ba,pt %icc, $5a + add $1, 4, $1 +#endif + +$5: + ldub [$1+3], $2 + + ldub [$1+2], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+1], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+0], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+3+4], $3 + add $1, 8, $1 + + ldub [$1+2+4-8], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+1+4-8], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+0+4-8], $4 + sll $3, 8, $3 + or $3, $4, $3 +$5a: + +}) + + +! {load_n_bytes} +! +! Loads 1 to 7 bytes little endian +! Remaining bytes are zeroed. +! +! parameter 1 address +! parameter 2 length +! parameter 3 destination register left +! parameter 4 destination register right +! parameter 5 temp +! parameter 6 temp2 +! parameter 7 label +! parameter 8 return label + +define(load_n_bytes, { + +! {load_n_bytes} +! $1 $2 $5 $6 $7 $8 $7 $8 $9 + +$7.0: call .+8 + sll $2, 2, $6 + + add %o7,$7.jmp.table-$7.0,$5 + + add $5, $6, $5 + mov 0, $4 + + ld [$5], $5 + + jmp %o7+$5 + mov 0, $3 + +$7.7: + ldub [$1+6], $5 + sll $5, 16, $5 + or $3, $5, $3 +$7.6: + ldub [$1+5], $5 + sll $5, 8, $5 + or $3, $5, $3 +$7.5: + ldub [$1+4], $5 + or $3, $5, $3 +$7.4: + ldub [$1+3], $5 + sll $5, 24, $5 + or $4, $5, $4 +$7.3: + ldub [$1+2], $5 + sll $5, 16, $5 + or $4, $5, $4 +$7.2: + ldub [$1+1], $5 + sll $5, 8, $5 + or $4, $5, $4 +$7.1: + ldub [$1+0], $5 + ba $8 + or $4, $5, $4 + + .align 4 + +$7.jmp.table: + .word 0 + .word $7.1-$7.0 + .word $7.2-$7.0 + .word $7.3-$7.0 + .word $7.4-$7.0 + .word $7.5-$7.0 + .word $7.6-$7.0 + .word $7.7-$7.0 +}) + + +! {store_little_endian} +! +! parameter 1 address +! parameter 2 source left +! parameter 3 source right +! parameter 4 temporar + +define(store_little_endian, { + +! {store_little_endian} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! rightmost in register to first in memory + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + andcc $1, 3, global0 + bne,pn %icc, $5 + nop + + sta $2, [$1] 0x88 + add $1, 4, $4 + + ba,pt %icc, $5a + sta $3, [$4] 0x88 +#endif + +$5: + and $2, 255, $4 + stub $4, [$1+0] + + srl $2, 8, $4 + and $4, 255, $4 + stub $4, [$1+1] + + srl $2, 16, $4 + and $4, 255, $4 + stub $4, [$1+2] + + srl $2, 24, $4 + stub $4, [$1+3] + + + and $3, 255, $4 + stub $4, [$1+0+4] + + srl $3, 8, $4 + and $4, 255, $4 + stub $4, [$1+1+4] + + srl $3, 16, $4 + and $4, 255, $4 + stub $4, [$1+2+4] + + srl $3, 24, $4 + stub $4, [$1+3+4] + +$5a: + +}) + + +! {store_n_bytes} +! +! Stores 1 to 7 bytes little endian +! +! parameter 1 address +! parameter 2 length +! parameter 3 source register left +! parameter 4 source register right +! parameter 5 temp +! parameter 6 temp2 +! parameter 7 label +! parameter 8 return label + +define(store_n_bytes, { + +! {store_n_bytes} +! $1 $2 $5 $6 $7 $8 $7 $8 $9 + +$7.0: call .+8 + sll $2, 2, $6 + + add %o7,$7.jmp.table-$7.0,$5 + + add $5, $6, $5 + + ld [$5], $5 + + jmp %o7+$5 + nop + +$7.7: + srl $3, 16, $5 + and $5, 0xff, $5 + stub $5, [$1+6] +$7.6: + srl $3, 8, $5 + and $5, 0xff, $5 + stub $5, [$1+5] +$7.5: + and $3, 0xff, $5 + stub $5, [$1+4] +$7.4: + srl $4, 24, $5 + stub $5, [$1+3] +$7.3: + srl $4, 16, $5 + and $5, 0xff, $5 + stub $5, [$1+2] +$7.2: + srl $4, 8, $5 + and $5, 0xff, $5 + stub $5, [$1+1] +$7.1: + and $4, 0xff, $5 + + + ba $8 + stub $5, [$1] + + .align 4 + +$7.jmp.table: + + .word 0 + .word $7.1-$7.0 + .word $7.2-$7.0 + .word $7.3-$7.0 + .word $7.4-$7.0 + .word $7.5-$7.0 + .word $7.6-$7.0 + .word $7.7-$7.0 +}) + + +define(testvalue,{1}) + +define(register_init, { + +! For test purposes: + + sethi %hi(testvalue), local0 + or local0, %lo(testvalue), local0 + + ifelse($1,{},{}, {mov local0, $1}) + ifelse($2,{},{}, {mov local0, $2}) + ifelse($3,{},{}, {mov local0, $3}) + ifelse($4,{},{}, {mov local0, $4}) + ifelse($5,{},{}, {mov local0, $5}) + ifelse($6,{},{}, {mov local0, $6}) + ifelse($7,{},{}, {mov local0, $7}) + ifelse($8,{},{}, {mov local0, $8}) + + mov local0, local1 + mov local0, local2 + mov local0, local3 + mov local0, local4 + mov local0, local5 + mov local0, local7 + mov local0, local6 + mov local0, out0 + mov local0, out1 + mov local0, out2 + mov local0, out3 + mov local0, out4 + mov local0, out5 + mov local0, global1 + mov local0, global2 + mov local0, global3 + mov local0, global4 + mov local0, global5 + +}) + +.section ".text" + + .align 32 + +.des_enc: + + ! key address in3 + ! loads key next encryption/decryption first round from [in4] + + rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl) + + + .align 32 + +.des_dec: + + ! implemented with out5 as first parameter to avoid + ! register exchange in ede modes + + ! key address in4 + ! loads key next encryption/decryption first round from [in3] + + rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl) + + + +! void DES_encrypt1(data, ks, enc) +! ******************************* + + .align 32 + .global DES_encrypt1 + .type DES_encrypt1,#function + +DES_encrypt1: + + save %sp, FRAME, %sp + + call .PIC.me.up + mov .PIC.me.up-(.-4),out0 + + ld [in0], in5 ! left + cmp in2, 0 ! enc + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .encrypt.dec ! enc/dec +#else + be .encrypt.dec +#endif + ld [in0+4], out5 ! right + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for move in1 to in3 + ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 + + ip_macro(in5, out5, in5, out5, in3, 0, 1, 1) + + rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used + + fp_macro(in5, out5, 1) ! 1 for store to [in0] + + ret + restore + +.encrypt.dec: + + add in1, 120, in3 ! use last subkey for first round + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for move in1 to in3 + ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec, ks in4 + + fp_macro(out5, in5, 1) ! 1 for store to [in0] + + ret + restore + +.DES_encrypt1.end: + .size DES_encrypt1,.DES_encrypt1.end-DES_encrypt1 + + +! void DES_encrypt2(data, ks, enc) +!********************************* + + ! encrypts/decrypts without initial/final permutation + + .align 32 + .global DES_encrypt2 + .type DES_encrypt2,#function + +DES_encrypt2: + + save %sp, FRAME, %sp + + call .PIC.me.up + mov .PIC.me.up-(.-4),out0 + + ! Set sbox address 1 to 6 and rotate halfs 3 left + ! Errors caught by destest? Yes. Still? *NO* + + !sethi %hi(DES_SPtrans), global1 ! address sbox 1 + + !or global1, %lo(DES_SPtrans), global1 ! sbox 1 + + add global1, 256, global2 ! sbox 2 + add global1, 512, global3 ! sbox 3 + + ld [in0], out5 ! right + add global1, 768, global4 ! sbox 4 + add global1, 1024, global5 ! sbox 5 + + ld [in0+4], in5 ! left + add global1, 1280, local6 ! sbox 6 + add global1, 1792, out3 ! sbox 8 + + ! rotate + + sll in5, 3, local5 + mov in1, in3 ! key address to in3 + + sll out5, 3, local7 + srl in5, 29, in5 + + srl out5, 29, out5 + add in5, local5, in5 + + add out5, local7, out5 + cmp in2, 0 + + ! we use our own stackframe + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .encrypt2.dec ! decryption +#else + be .encrypt2.dec +#endif + STPTR in0, [%sp+BIAS+ARG0+0*ARGSZ] + + ld [in3], out0 ! key 7531 first round + mov LOOPS, out4 ! loop counter + + ld [in3+4], out1 ! key 8642 first round + sethi %hi(0x0000FC00), local5 + + call .des_enc + mov in3, in4 + + ! rotate + sll in5, 29, in0 + srl in5, 3, in5 + sll out5, 29, in1 + add in5, in0, in5 + srl out5, 3, out5 + LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 + add out5, in1, out5 + st in5, [in0] + st out5, [in0+4] + + ret + restore + + +.encrypt2.dec: + + add in3, 120, in4 + + ld [in4], out0 ! key 7531 first round + mov LOOPS, out4 ! loop counter + + ld [in4+4], out1 ! key 8642 first round + sethi %hi(0x0000FC00), local5 + + mov in5, local1 ! left expected in out5 + mov out5, in5 + + call .des_dec + mov local1, out5 + +.encrypt2.finish: + + ! rotate + sll in5, 29, in0 + srl in5, 3, in5 + sll out5, 29, in1 + add in5, in0, in5 + srl out5, 3, out5 + LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 + add out5, in1, out5 + st out5, [in0] + st in5, [in0+4] + + ret + restore + +.DES_encrypt2.end: + .size DES_encrypt2, .DES_encrypt2.end-DES_encrypt2 + + +! void DES_encrypt3(data, ks1, ks2, ks3) +! ************************************** + + .align 32 + .global DES_encrypt3 + .type DES_encrypt3,#function + +DES_encrypt3: + + save %sp, FRAME, %sp + + call .PIC.me.up + mov .PIC.me.up-(.-4),out0 + + ld [in0], in5 ! left + add in2, 120, in4 ! ks2 + + ld [in0+4], out5 ! right + mov in3, in2 ! save ks3 + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + ! parameter 9 1 for load ks3 and ks2 to in4 and in3 + + ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0) + + call .des_dec + mov in2, in3 ! preload ks3 + + call .des_enc + nop + + fp_macro(in5, out5, 1) + + ret + restore + +.DES_encrypt3.end: + .size DES_encrypt3,.DES_encrypt3.end-DES_encrypt3 + + +! void DES_decrypt3(data, ks1, ks2, ks3) +! ************************************** + + .align 32 + .global DES_decrypt3 + .type DES_decrypt3,#function + +DES_decrypt3: + + save %sp, FRAME, %sp + + call .PIC.me.up + mov .PIC.me.up-(.-4),out0 + + ld [in0], in5 ! left + add in3, 120, in4 ! ks3 + + ld [in0+4], out5 ! right + mov in2, in3 ! ks2 + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + ! parameter 9 1 for load ks3 and ks2 to in4 and in3 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0) + + call .des_enc + add in1, 120, in4 ! preload ks1 + + call .des_dec + nop + + fp_macro(out5, in5, 1) + + ret + restore + +.DES_decrypt3.end: + .size DES_decrypt3,.DES_decrypt3.end-DES_decrypt3 + + .align 256 + .type .des_and,#object + .size .des_and,284 + +.des_and: + +! This table is used for AND 0xFC when it is known that register +! bits 8-31 are zero. Makes it possible to do three arithmetic +! operations in one cycle. + + .byte 0, 0, 0, 0, 4, 4, 4, 4 + .byte 8, 8, 8, 8, 12, 12, 12, 12 + .byte 16, 16, 16, 16, 20, 20, 20, 20 + .byte 24, 24, 24, 24, 28, 28, 28, 28 + .byte 32, 32, 32, 32, 36, 36, 36, 36 + .byte 40, 40, 40, 40, 44, 44, 44, 44 + .byte 48, 48, 48, 48, 52, 52, 52, 52 + .byte 56, 56, 56, 56, 60, 60, 60, 60 + .byte 64, 64, 64, 64, 68, 68, 68, 68 + .byte 72, 72, 72, 72, 76, 76, 76, 76 + .byte 80, 80, 80, 80, 84, 84, 84, 84 + .byte 88, 88, 88, 88, 92, 92, 92, 92 + .byte 96, 96, 96, 96, 100, 100, 100, 100 + .byte 104, 104, 104, 104, 108, 108, 108, 108 + .byte 112, 112, 112, 112, 116, 116, 116, 116 + .byte 120, 120, 120, 120, 124, 124, 124, 124 + .byte 128, 128, 128, 128, 132, 132, 132, 132 + .byte 136, 136, 136, 136, 140, 140, 140, 140 + .byte 144, 144, 144, 144, 148, 148, 148, 148 + .byte 152, 152, 152, 152, 156, 156, 156, 156 + .byte 160, 160, 160, 160, 164, 164, 164, 164 + .byte 168, 168, 168, 168, 172, 172, 172, 172 + .byte 176, 176, 176, 176, 180, 180, 180, 180 + .byte 184, 184, 184, 184, 188, 188, 188, 188 + .byte 192, 192, 192, 192, 196, 196, 196, 196 + .byte 200, 200, 200, 200, 204, 204, 204, 204 + .byte 208, 208, 208, 208, 212, 212, 212, 212 + .byte 216, 216, 216, 216, 220, 220, 220, 220 + .byte 224, 224, 224, 224, 228, 228, 228, 228 + .byte 232, 232, 232, 232, 236, 236, 236, 236 + .byte 240, 240, 240, 240, 244, 244, 244, 244 + .byte 248, 248, 248, 248, 252, 252, 252, 252 + + ! 5 numbers for initil/final permutation + + .word 0x0f0f0f0f ! offset 256 + .word 0x0000ffff ! 260 + .word 0x33333333 ! 264 + .word 0x00ff00ff ! 268 + .word 0x55555555 ! 272 + + .word 0 ! 276 + .word LOOPS ! 280 + .word 0x0000FC00 ! 284 +.PIC.DES_SPtrans: + .word %r_disp32(DES_SPtrans) + +! input: out0 offset between .PIC.me.up and caller +! output: out0 pointer to .PIC.me.up +! out2 pointer to .des_and +! global1 pointer to DES_SPtrans + .align 32 +.PIC.me.up: + add out0,%o7,out0 ! pointer to .PIC.me.up +#if 1 + ld [out0+(.PIC.DES_SPtrans-.PIC.me.up)],global1 + add global1,(.PIC.DES_SPtrans-.PIC.me.up),global1 + add global1,out0,global1 +#else +# ifdef OPENSSL_PIC + ! In case anybody wonders why this code is same for both ABI. + ! To start with it is not. Do note LDPTR below. But of course + ! you must be wondering why the rest of it does not contain + ! things like %hh, %hm and %lm. Well, those are needed only + ! if OpenSSL library *itself* will become larger than 4GB, + ! which is not going to happen any time soon. + sethi %hi(DES_SPtrans),global1 + or global1,%lo(DES_SPtrans),global1 + sethi %hi(_GLOBAL_OFFSET_TABLE_-(.PIC.me.up-.)),out2 + add global1,out0,global1 + add out2,%lo(_GLOBAL_OFFSET_TABLE_-(.PIC.me.up-.)),out2 + LDPTR [out2+global1],global1 +# elif 0 + setn DES_SPtrans,out2,global1 ! synthetic instruction ! +# elif defined(ABI64) + sethi %hh(DES_SPtrans),out2 + or out2,%hm(DES_SPtrans),out2 + sethi %lm(DES_SPtrans),global1 + or global1,%lo(DES_SPtrans),global1 + sllx out2,32,out2 + or out2,global1,global1 +# else + sethi %hi(DES_SPtrans),global1 + or global1,%lo(DES_SPtrans),global1 +# endif +#endif + retl + add out0,.des_and-.PIC.me.up,out2 + +! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc) +! ***************************************************************** + + + .align 32 + .global DES_ncbc_encrypt + .type DES_ncbc_encrypt,#function + +DES_ncbc_encrypt: + + save %sp, FRAME, %sp + + define({INPUT}, { [%sp+BIAS+ARG0+0*ARGSZ] }) + define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] }) + define({IVEC}, { [%sp+BIAS+ARG0+4*ARGSZ] }) + + call .PIC.me.up + mov .PIC.me.up-(.-4),out0 + + cmp in5, 0 ! enc + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .ncbc.dec +#else + be .ncbc.dec +#endif + STPTR in4, IVEC + + ! addr left right temp label + load_little_endian(in4, in5, out5, local3, .LLE1) ! iv + + addcc in2, -8, in2 ! bytes missing when first block done + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ncbc.enc.seven.or.less +#else + bl .ncbc.enc.seven.or.less +#endif + mov in3, in4 ! schedule + +.ncbc.enc.next.block: + + load_little_endian(in0, out4, global4, local3, .LLE2) ! block + +.ncbc.enc.next.block_1: + + xor in5, out4, in5 ! iv xor + xor out5, global4, out5 ! iv xor + + ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 + ip_macro(in5, out5, in5, out5, in3, 0, 0, 2) + +.ncbc.enc.next.block_2: + +!// call .des_enc ! compares in2 to 8 +! rounds inlined for alignment purposes + + add global1, 768, global4 ! address sbox 4 since register used below + + rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ncbc.enc.next.block_fp +#else + bl .ncbc.enc.next.block_fp +#endif + add in0, 8, in0 ! input address + + ! If 8 or more bytes are to be encrypted after this block, + ! we combine final permutation for this block with initial + ! permutation for next block. Load next block: + + load_little_endian(in0, global3, global4, local5, .LLE12) + + ! parameter 1 original left + ! parameter 2 original right + ! parameter 3 left ip + ! parameter 4 right ip + ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 + ! 2: mov in4 to in3 + ! + ! also adds -8 to length in2 and loads loop counter to out4 + + fp_ip_macro(out0, out1, global3, global4, 2) + + store_little_endian(in1, out0, out1, local3, .SLE10) ! block + + ld [in3], out0 ! key 7531 first round next block + mov in5, local1 + xor global3, out5, in5 ! iv xor next block + + ld [in3+4], out1 ! key 8642 + add global1, 512, global3 ! address sbox 3 since register used + xor global4, local1, out5 ! iv xor next block + + ba .ncbc.enc.next.block_2 + add in1, 8, in1 ! output adress + +.ncbc.enc.next.block_fp: + + fp_macro(in5, out5) + + store_little_endian(in1, in5, out5, local3, .SLE1) ! block + + addcc in2, -8, in2 ! bytes missing when next block done + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bpos,pt %icc, .ncbc.enc.next.block ! also jumps if 0 +#else + bpos .ncbc.enc.next.block +#endif + add in1, 8, in1 + +.ncbc.enc.seven.or.less: + + cmp in2, -8 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble,pt %icc, .ncbc.enc.finish +#else + ble .ncbc.enc.finish +#endif + nop + + add in2, 8, local1 ! bytes to load + + ! addr, length, dest left, dest right, temp, temp2, label, ret label + load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1) + + ! Loads 1 to 7 bytes little endian to global4, out4 + + +.ncbc.enc.finish: + + LDPTR IVEC, local4 + store_little_endian(local4, in5, out5, local5, .SLE2) ! ivec + + ret + restore + + +.ncbc.dec: + + STPTR in0, INPUT + cmp in2, 0 ! length + add in3, 120, in3 + + LDPTR IVEC, local7 ! ivec +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble,pn %icc, .ncbc.dec.finish +#else + ble .ncbc.dec.finish +#endif + mov in3, in4 ! schedule + + STPTR in1, OUTPUT + mov in0, local5 ! input + + load_little_endian(local7, in0, in1, local3, .LLE3) ! ivec + +.ncbc.dec.next.block: + + load_little_endian(local5, in5, out5, local3, .LLE4) ! block + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion ks in4 + + fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7 + + ! in2 is bytes left to be stored + ! in2 is compared to 8 in the rounds + + xor out5, in0, out4 ! iv xor +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ncbc.dec.seven.or.less +#else + bl .ncbc.dec.seven.or.less +#endif + xor in5, in1, global4 ! iv xor + + ! Load ivec next block now, since input and output address might be the same. + + load_little_endian_inc(local5, in0, in1, local3, .LLE5) ! iv + + store_little_endian(local7, out4, global4, local3, .SLE3) + + STPTR local5, INPUT + add local7, 8, local7 + addcc in2, -8, in2 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bg,pt %icc, .ncbc.dec.next.block +#else + bg .ncbc.dec.next.block +#endif + STPTR local7, OUTPUT + + +.ncbc.dec.store.iv: + + LDPTR IVEC, local4 ! ivec + store_little_endian(local4, in0, in1, local5, .SLE4) + +.ncbc.dec.finish: + + ret + restore + +.ncbc.dec.seven.or.less: + + load_little_endian_inc(local5, in0, in1, local3, .LLE13) ! ivec + + store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv) + + +.DES_ncbc_encrypt.end: + .size DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt + + +! void DES_ede3_cbc_encrypt(input, output, lenght, ks1, ks2, ks3, ivec, enc) +! ************************************************************************** + + + .align 32 + .global DES_ede3_cbc_encrypt + .type DES_ede3_cbc_encrypt,#function + +DES_ede3_cbc_encrypt: + + save %sp, FRAME, %sp + + define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] }) + define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] }) + define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] }) + + call .PIC.me.up + mov .PIC.me.up-(.-4),out0 + + LDPTR [%fp+BIAS+ARG0+7*ARGSZ], local3 ! enc + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec + cmp local3, 0 ! enc + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .ede3.dec +#else + be .ede3.dec +#endif + STPTR in4, KS2 + + STPTR in5, KS3 + + load_little_endian(local4, in5, out5, local3, .LLE6) ! ivec + + addcc in2, -8, in2 ! bytes missing after next block + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ede3.enc.seven.or.less +#else + bl .ede3.enc.seven.or.less +#endif + STPTR in3, KS1 + +.ede3.enc.next.block: + + load_little_endian(in0, out4, global4, local3, .LLE7) + +.ede3.enc.next.block_1: + + LDPTR KS2, in4 + xor in5, out4, in5 ! iv xor + xor out5, global4, out5 ! iv xor + + LDPTR KS1, in3 + add in4, 120, in4 ! for decryption we use last subkey first + nop + + ip_macro(in5, out5, in5, out5, in3) + +.ede3.enc.next.block_2: + + call .des_enc ! ks1 in3 + nop + + call .des_dec ! ks2 in4 + LDPTR KS3, in3 + + call .des_enc ! ks3 in3 compares in2 to 8 + nop + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ede3.enc.next.block_fp +#else + bl .ede3.enc.next.block_fp +#endif + add in0, 8, in0 + + ! If 8 or more bytes are to be encrypted after this block, + ! we combine final permutation for this block with initial + ! permutation for next block. Load next block: + + load_little_endian(in0, global3, global4, local5, .LLE11) + + ! parameter 1 original left + ! parameter 2 original right + ! parameter 3 left ip + ! parameter 4 right ip + ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 + ! 2: mov in4 to in3 + ! + ! also adds -8 to length in2 and loads loop counter to out4 + + fp_ip_macro(out0, out1, global3, global4, 1) + + store_little_endian(in1, out0, out1, local3, .SLE9) ! block + + mov in5, local1 + xor global3, out5, in5 ! iv xor next block + + ld [in3], out0 ! key 7531 + add global1, 512, global3 ! address sbox 3 + xor global4, local1, out5 ! iv xor next block + + ld [in3+4], out1 ! key 8642 + add global1, 768, global4 ! address sbox 4 + ba .ede3.enc.next.block_2 + add in1, 8, in1 + +.ede3.enc.next.block_fp: + + fp_macro(in5, out5) + + store_little_endian(in1, in5, out5, local3, .SLE5) ! block + + addcc in2, -8, in2 ! bytes missing when next block done + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bpos,pt %icc, .ede3.enc.next.block +#else + bpos .ede3.enc.next.block +#endif + add in1, 8, in1 + +.ede3.enc.seven.or.less: + + cmp in2, -8 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble,pt %icc, .ede3.enc.finish +#else + ble .ede3.enc.finish +#endif + nop + + add in2, 8, local1 ! bytes to load + + ! addr, length, dest left, dest right, temp, temp2, label, ret label + load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1) + +.ede3.enc.finish: + + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec + store_little_endian(local4, in5, out5, local5, .SLE6) ! ivec + + ret + restore + +.ede3.dec: + + STPTR in0, INPUT + add in5, 120, in5 + + STPTR in1, OUTPUT + mov in0, local5 + add in3, 120, in3 + + STPTR in3, KS1 + cmp in2, 0 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble %icc, .ede3.dec.finish +#else + ble .ede3.dec.finish +#endif + STPTR in5, KS3 + + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local7 ! iv + load_little_endian(local7, in0, in1, local3, .LLE8) + +.ede3.dec.next.block: + + load_little_endian(local5, in5, out5, local3, .LLE9) + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + ! parameter 9 1 for load ks3 and ks2 to in4 and in3 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4 + + call .des_enc ! ks2 in3 + LDPTR KS1, in4 + + call .des_dec ! ks1 in4 + nop + + fp_macro(out5, in5, 0, 1) ! 1 for input and output address local5/7 + + ! in2 is bytes left to be stored + ! in2 is compared to 8 in the rounds + + xor out5, in0, out4 +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ede3.dec.seven.or.less +#else + bl .ede3.dec.seven.or.less +#endif + xor in5, in1, global4 + + load_little_endian_inc(local5, in0, in1, local3, .LLE10) ! iv next block + + store_little_endian(local7, out4, global4, local3, .SLE7) ! block + + STPTR local5, INPUT + addcc in2, -8, in2 + add local7, 8, local7 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bg,pt %icc, .ede3.dec.next.block +#else + bg .ede3.dec.next.block +#endif + STPTR local7, OUTPUT + +.ede3.dec.store.iv: + + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec + store_little_endian(local4, in0, in1, local5, .SLE8) ! ivec + +.ede3.dec.finish: + + ret + restore + +.ede3.dec.seven.or.less: + + load_little_endian_inc(local5, in0, in1, local3, .LLE14) ! iv + + store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv) + + +.DES_ede3_cbc_encrypt.end: + .size DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt diff --git a/crypto/openssl/crypto/des/cfb64ede.c b/crypto/openssl/crypto/des/cfb64ede.c index f422fef..de34ecc 100644 --- a/crypto/openssl/crypto/des/cfb64ede.c +++ b/crypto/openssl/crypto/des/cfb64ede.c @@ -57,6 +57,7 @@ */ #include "des_locl.h" +#include "e_os.h" /* The input and output encrypted as though 64bit cfb mode is being * used. The extra state information to record how much of the @@ -151,8 +152,8 @@ void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, DES_cblock *ivec,int enc) { register DES_LONG d0,d1,v0,v1; - register long l=length; - register int num=numbits,n=(numbits+7)/8,i; + register unsigned long l=length,n=((unsigned int)numbits+7)/8; + register int num=numbits,i; DES_LONG ti[2]; unsigned char *iv; unsigned char ovec[16]; diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/openssl/crypto/des/cfb_enc.c index 03cabb2..720f29a 100644 --- a/crypto/openssl/crypto/des/cfb_enc.c +++ b/crypto/openssl/crypto/des/cfb_enc.c @@ -58,6 +58,7 @@ #include "e_os.h" #include "des_locl.h" +#include /* The input and output are loaded in multiples of 8 bits. * What this means is that if you hame numbits=12 and length=2 @@ -72,19 +73,29 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, int enc) { register DES_LONG d0,d1,v0,v1; - register unsigned long l=length,n=(numbits+7)/8; - register int num=numbits,i; + register unsigned long l=length; + register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8; DES_LONG ti[2]; unsigned char *iv; +#ifndef L_ENDIAN unsigned char ovec[16]; +#else + unsigned int sh[4]; + unsigned char *ovec=(unsigned char *)sh; - if (num > 64) return; + /* I kind of count that compiler optimizes away this assertioni,*/ + assert (sizeof(sh[0])==4); /* as this holds true for all, */ + /* but 16-bit platforms... */ + +#endif + + if (numbits<=0 || numbits > 64) return; iv = &(*ivec)[0]; c2l(iv,v0); c2l(iv,v1); if (enc) { - while (l >= n) + while (l >= (unsigned long)n) { l-=n; ti[0]=v0; @@ -98,35 +109,40 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, out+=n; /* 30-08-94 - eay - changed because l>>32 and * l<<32 are bad under gcc :-( */ - if (num == 32) + if (numbits == 32) { v0=v1; v1=d0; } - else if (num == 64) + else if (numbits == 64) { v0=d0; v1=d1; } else { +#ifndef L_ENDIAN iv=&ovec[0]; l2c(v0,iv); l2c(v1,iv); l2c(d0,iv); l2c(d1,iv); - /* shift ovec left most of the bits... */ - memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); - /* now the remaining bits */ - if(num%8 != 0) +#else + sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; +#endif + if (rem==0) + memmove(ovec,ovec+num,8); + else for(i=0 ; i < 8 ; ++i) - { - ovec[i]<<=num%8; - ovec[i]|=ovec[i+1]>>(8-num%8); - } + ovec[i]=ovec[i+num]<>(8-rem); +#ifdef L_ENDIAN + v0=sh[0], v1=sh[1]; +#else iv=&ovec[0]; c2l(iv,v0); c2l(iv,v1); +#endif } } } else { - while (l >= n) + while (l >= (unsigned long)n) { l-=n; ti[0]=v0; @@ -136,29 +152,34 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, in+=n; /* 30-08-94 - eay - changed because l>>32 and * l<<32 are bad under gcc :-( */ - if (num == 32) + if (numbits == 32) { v0=v1; v1=d0; } - else if (num == 64) + else if (numbits == 64) { v0=d0; v1=d1; } else { +#ifndef L_ENDIAN iv=&ovec[0]; l2c(v0,iv); l2c(v1,iv); l2c(d0,iv); l2c(d1,iv); - /* shift ovec left most of the bits... */ - memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); - /* now the remaining bits */ - if(num%8 != 0) +#else + sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; +#endif + if (rem==0) + memmove(ovec,ovec+num,8); + else for(i=0 ; i < 8 ; ++i) - { - ovec[i]<<=num%8; - ovec[i]|=ovec[i+1]>>(8-num%8); - } + ovec[i]=ovec[i+num]<>(8-rem); +#ifdef L_ENDIAN + v0=sh[0], v1=sh[1]; +#else iv=&ovec[0]; c2l(iv,v0); c2l(iv,v1); +#endif } d0^=ti[0]; d1^=ti[1]; diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h index c5df1c9..3cbc2b5 100644 --- a/crypto/openssl/crypto/des/des.h +++ b/crypto/openssl/crypto/des/des.h @@ -59,13 +59,13 @@ #ifndef HEADER_NEW_DES_H #define HEADER_NEW_DES_H +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, + DES_LONG (via openssl/opensslconf.h */ + #ifdef OPENSSL_NO_DES #error DES is disabled. #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ - #ifdef OPENSSL_BUILD_SHLIBCRYPTO # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT @@ -128,7 +128,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) const char *DES_options(void); -void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output, +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1,DES_key_schedule *ks2, DES_key_schedule *ks3, int enc); DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, diff --git a/crypto/openssl/crypto/des/des_enc.c b/crypto/openssl/crypto/des/des_enc.c index 8dd30e2..1c37ab9 100644 --- a/crypto/openssl/crypto/des/des_enc.c +++ b/crypto/openssl/crypto/des/des_enc.c @@ -58,8 +58,6 @@ #include "des_locl.h" -#ifndef OPENSSL_FIPS - void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { register DES_LONG l,r,t,u; @@ -289,12 +287,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, data[1]=r; } -#endif /* ndef OPENSSL_FIPS */ - #ifndef DES_DEFAULT_OPTIONS -#if !defined(OPENSSL_FIPS) || !defined(I386_ONLY) - #undef CBC_ENC_C__DONT_UPDATE_IV #include "ncbc_enc.c" /* DES_ncbc_encrypt */ @@ -410,6 +404,4 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, tin[0]=tin[1]=0; } -#endif /* !defined(OPENSSL_FIPS) || !defined(I386_ONLY) */ - #endif /* DES_DEFAULT_OPTIONS */ diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/openssl/crypto/des/des_locl.h index e44e8e9..4b9ecff 100644 --- a/crypto/openssl/crypto/des/des_locl.h +++ b/crypto/openssl/crypto/des/des_locl.h @@ -160,7 +160,7 @@ } \ } -#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) +#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC) #define ROTATE(a,n) (_lrotr(a,n)) #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) @@ -421,7 +421,7 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } -OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64]; +extern const DES_LONG DES_SPtrans[8][64]; void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, DES_LONG Eswap0, DES_LONG Eswap1); diff --git a/crypto/openssl/crypto/des/des_old.c b/crypto/openssl/crypto/des/des_old.c index 88e9802..7e4cd71 100644 --- a/crypto/openssl/crypto/des/des_old.c +++ b/crypto/openssl/crypto/des/des_old.c @@ -84,7 +84,7 @@ void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc) { - DES_ecb3_encrypt((const unsigned char *)input, (unsigned char *)output, + DES_ecb3_encrypt((const_DES_cblock *)input, output, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, enc); } diff --git a/crypto/openssl/crypto/des/des_old.h b/crypto/openssl/crypto/des/des_old.h index 1d840b4..1b0620c 100644 --- a/crypto/openssl/crypto/des/des_old.h +++ b/crypto/openssl/crypto/des/des_old.h @@ -91,6 +91,8 @@ #ifndef HEADER_DES_H #define HEADER_DES_H +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ + #ifdef OPENSSL_NO_DES #error DES is disabled. #endif @@ -103,8 +105,6 @@ #error replaces . #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ #include #ifdef OPENSSL_BUILD_SHLIBCRYPTO @@ -116,6 +116,10 @@ extern "C" { #endif +#ifdef _ +#undef _ +#endif + typedef unsigned char _ossl_old_des_cblock[8]; typedef struct _ossl_old_des_ks_struct { @@ -171,9 +175,9 @@ typedef struct _ossl_old_des_ks_struct DES_enc_write((f),(b),(l),&(k),(iv)) #define des_fcrypt(b,s,r)\ DES_fcrypt((b),(s),(r)) +#if 0 #define des_crypt(b,s)\ DES_crypt((b),(s)) -#if 0 #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) #define crypt(b,s)\ DES_crypt((b),(s)) diff --git a/crypto/openssl/crypto/des/des_opts.c b/crypto/openssl/crypto/des/des_opts.c index 79278b9..2df8296 100644 --- a/crypto/openssl/crypto/des/des_opts.c +++ b/crypto/openssl/crypto/des/des_opts.c @@ -71,7 +71,11 @@ #include extern void exit(); #endif + +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c index e3e9d77..64b92a3 100644 --- a/crypto/openssl/crypto/des/destest.c +++ b/crypto/openssl/crypto/des/destest.c @@ -84,7 +84,7 @@ int main(int argc, char *argv[]) #else #include -#define crypt(c,s) (des_crypt((c),(s))) +#define crypt(c,s) (DES_crypt((c),(s))) /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ @@ -333,7 +333,8 @@ static int cfb64_test(unsigned char *cfb_cipher); static int ede_cfb64_test(unsigned char *cfb_cipher); int main(int argc, char *argv[]) { - int i,j,err=0; + int j,err=0; + unsigned int i; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; @@ -391,7 +392,7 @@ int main(int argc, char *argv[]) DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) @@ -439,8 +440,8 @@ int main(int argc, char *argv[]) memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); - des_ecb2_encrypt(in,out,ks,ks2,DES_ENCRYPT); - des_ecb2_encrypt(out,outin,ks,ks2,DES_DECRYPT); + des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); + des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { @@ -540,7 +541,7 @@ int main(int argc, char *argv[]) if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) @@ -556,7 +557,7 @@ int main(int argc, char *argv[]) des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) @@ -820,6 +821,9 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]); printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif printf("\n"); return(err); } diff --git a/crypto/openssl/crypto/des/ecb3_enc.c b/crypto/openssl/crypto/des/ecb3_enc.c index fa0c9c4..c3437bc 100644 --- a/crypto/openssl/crypto/des/ecb3_enc.c +++ b/crypto/openssl/crypto/des/ecb3_enc.c @@ -58,13 +58,15 @@ #include "des_locl.h" -void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out, +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, int enc) { register DES_LONG l0,l1; DES_LONG ll[2]; + const unsigned char *in = &(*input)[0]; + unsigned char *out = &(*output)[0]; c2l(in,l0); c2l(in,l1); diff --git a/crypto/openssl/crypto/des/ede_cbcm_enc.c b/crypto/openssl/crypto/des/ede_cbcm_enc.c index fa45aa2..adfcb75 100644 --- a/crypto/openssl/crypto/des/ede_cbcm_enc.c +++ b/crypto/openssl/crypto/des/ede_cbcm_enc.c @@ -68,6 +68,8 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz */ +#include /* To see if OPENSSL_NO_DESCBCM is defined */ + #ifndef OPENSSL_NO_DESCBCM #include "des_locl.h" diff --git a/crypto/openssl/crypto/des/fcrypt.c b/crypto/openssl/crypto/des/fcrypt.c index 2758c32..ccbdff2 100644 --- a/crypto/openssl/crypto/des/fcrypt.c +++ b/crypto/openssl/crypto/des/fcrypt.c @@ -58,9 +58,6 @@ static unsigned const char cov_2char[64]={ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A }; -void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - char *DES_crypt(const char *buf, const char *salt) { static char buff[14]; diff --git a/crypto/openssl/crypto/des/read2pwd.c b/crypto/openssl/crypto/des/read2pwd.c index 3a63c40..ee6969f 100644 --- a/crypto/openssl/crypto/des/read2pwd.c +++ b/crypto/openssl/crypto/des/read2pwd.c @@ -112,6 +112,7 @@ #include #include #include +#include int DES_read_password(DES_cblock *key, const char *prompt, int verify) { diff --git a/crypto/openssl/crypto/des/set_key.c b/crypto/openssl/crypto/des/set_key.c index 8881d46..55efe03 100644 --- a/crypto/openssl/crypto/des/set_key.c +++ b/crypto/openssl/crypto/des/set_key.c @@ -65,8 +65,6 @@ */ #include "des_locl.h" -#ifndef OPENSSL_FIPS - OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ static const unsigned char odd_parity[256]={ @@ -89,7 +87,7 @@ static const unsigned char odd_parity[256]={ void DES_set_odd_parity(DES_cblock *key) { - int i; + unsigned int i; for (i=0; i +#define crypt(c,s) (des_crypt((c),(s))) +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/des/str2key.c b/crypto/openssl/crypto/des/str2key.c index 0373db4..9c2054b 100644 --- a/crypto/openssl/crypto/des/str2key.c +++ b/crypto/openssl/crypto/des/str2key.c @@ -57,6 +57,7 @@ */ #include "des_locl.h" +#include void DES_string_to_key(const char *str, DES_cblock *key) { diff --git a/crypto/openssl/crypto/dh/Makefile b/crypto/openssl/crypto/dh/Makefile index a0e8217..d368e33 100644 --- a/crypto/openssl/crypto/dh/Makefile +++ b/crypto/openssl/crypto/dh/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/dh/Makefile +# OpenSSL/crypto/dh/Makefile # DIR= dh @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -22,8 +17,8 @@ TEST= dhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o SRC= $(LIBSRC) @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -95,13 +92,21 @@ dh_check.o: ../../include/openssl/opensslconf.h dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c -dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_err.o: ../../include/openssl/symhacks.h dh_err.c +dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_depr.o: ../cryptlib.h dh_depr.c +dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dh_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_err.o: dh_err.c dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h @@ -118,14 +123,11 @@ dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c -dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dh_lib.o: ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c diff --git a/crypto/openssl/crypto/dh/dh.h b/crypto/openssl/crypto/dh/dh.h index 05851f8..4d0c565 100644 --- a/crypto/openssl/crypto/dh/dh.h +++ b/crypto/openssl/crypto/dh/dh.h @@ -59,6 +59,8 @@ #ifndef HEADER_DH_H #define HEADER_DH_H +#include + #ifdef OPENSSL_NO_DH #error DH is disabled. #endif @@ -66,19 +68,30 @@ #ifndef OPENSSL_NO_BIO #include #endif -#include -#include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif -#define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ #ifdef __cplusplus extern "C" { #endif -typedef struct dh_st DH; +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ -typedef struct dh_method { +struct dh_method + { const char *name; /* Methods here */ int (*generate_key)(DH *dh); @@ -91,7 +104,9 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; -} DH_METHOD; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); + }; struct dh_st { @@ -106,7 +121,7 @@ struct dh_st BIGNUM *priv_key; /* x */ int flags; - char *method_mont_p; + BN_MONT_CTX *method_mont_p; /* Place holders if we want to do X9.42 DH */ BIGNUM *q; BIGNUM *j; @@ -130,25 +145,21 @@ struct dh_st #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 #define DH_NOT_SUITABLE_GENERATOR 0x08 +/* DH_check_pub_key error codes */ +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 + /* primes p where (p-1)/2 is prime too are called "safe"; we define this for backward compatibility: */ #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ - (char *(*)())d2i_DHparams,(char *)(x)) +#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) -#ifdef __cplusplus -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#else -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#endif +#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) const DH_METHOD *DH_OpenSSL(void); @@ -165,9 +176,18 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len,int generator, void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + int DH_check(const DH *dh,int *codes); +int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); @@ -190,15 +210,17 @@ void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ /* Function codes. */ +#define DH_F_COMPUTE_KEY 102 #define DH_F_DHPARAMS_PRINT 100 #define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_COMPUTE_KEY 102 -#define DH_F_DH_GENERATE_KEY 103 -#define DH_F_DH_GENERATE_PARAMETERS 104 +#define DH_F_DH_BUILTIN_GENPARAMS 106 #define DH_F_DH_NEW_METHOD 105 +#define DH_F_GENERATE_KEY 103 +#define DH_F_GENERATE_PARAMETERS 104 /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_INVALID_PUBKEY 102 #define DH_R_NO_PRIVATE_VALUE 100 #ifdef __cplusplus diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c index a7e9920..058aec7 100644 --- a/crypto/openssl/crypto/dh/dh_check.c +++ b/crypto/openssl/crypto/dh/dh_check.c @@ -70,8 +70,6 @@ * should hold. */ -#ifndef OPENSSL_FIPS - int DH_check(const DH *dh, int *ret) { int ok=0; @@ -106,12 +104,12 @@ int DH_check(const DH *dh, int *ret) else *ret|=DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) + if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) *ret|=DH_CHECK_P_NOT_PRIME; else { if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) + if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) *ret|=DH_CHECK_P_NOT_SAFE_PRIME; } ok=1; @@ -121,4 +119,24 @@ err: return(ok); } -#endif +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + { + int ok=0; + BIGNUM *q=NULL; + + *ret=0; + q=BN_new(); + if (q == NULL) goto err; + BN_set_word(q,1); + if (BN_cmp(pub_key,q) <= 0) + *ret|=DH_CHECK_PUBKEY_TOO_SMALL; + BN_copy(q,dh->p); + BN_sub_word(q,1); + if (BN_cmp(pub_key,q) >= 0) + *ret|=DH_CHECK_PUBKEY_TOO_LARGE; + + ok = 1; +err: + if (q != NULL) BN_free(q); + return(ok); + } diff --git a/crypto/openssl/crypto/dh/dh_depr.c b/crypto/openssl/crypto/dh/dh_depr.c new file mode 100644 index 0000000..acc05f2 --- /dev/null +++ b/crypto/openssl/crypto/dh/dh_depr.c @@ -0,0 +1,83 @@ +/* crypto/dh/dh_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +/* This file contains deprecated functions as wrappers to the new ones */ + +#include +#include "cryptlib.h" +#include +#include + +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + DH *ret=NULL; + + if((ret=DH_new()) == NULL) + return NULL; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) + return ret; + DH_free(ret); + return NULL; + } +#endif diff --git a/crypto/openssl/crypto/dh/dh_err.c b/crypto/openssl/crypto/dh/dh_err.c index c271504..b14a94f 100644 --- a/crypto/openssl/crypto/dh/dh_err.c +++ b/crypto/openssl/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,21 +64,27 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) + static ERR_STRING_DATA DH_str_functs[]= { -{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, -{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"}, -{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, -{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, -{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, -{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"}, +{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, +{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, +{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, +{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, +{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, {0,NULL} }; static ERR_STRING_DATA DH_str_reasons[]= { -{DH_R_BAD_GENERATOR ,"bad generator"}, -{DH_R_NO_PRIVATE_VALUE ,"no private value"}, +{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {0,NULL} }; @@ -92,8 +98,8 @@ void ERR_load_DH_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_DH,DH_str_functs); - ERR_load_strings(ERR_LIB_DH,DH_str_reasons); + ERR_load_strings(0,DH_str_functs); + ERR_load_strings(0,DH_str_reasons); #endif } diff --git a/crypto/openssl/crypto/dh/dh_gen.c b/crypto/openssl/crypto/dh/dh_gen.c index a49b6f9..cfd5b11 100644 --- a/crypto/openssl/crypto/dh/dh_gen.c +++ b/crypto/openssl/crypto/dh/dh_gen.c @@ -56,11 +56,25 @@ * [including the GNU Public Licence.] */ +/* NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. + * - Geoff + */ + #include #include "cryptlib.h" #include #include +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q @@ -86,29 +100,26 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ - -#ifndef OPENSSL_FIPS - -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) { - BIGNUM *p=NULL,*t1,*t2; - DH *ret=NULL; + BIGNUM *t1,*t2; int g,ok= -1; BN_CTX *ctx=NULL; - ret=DH_new(); - if (ret == NULL) goto err; ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; + + /* Make sure 'ret' has the necessary elements */ + if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; + if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; if (generator <= 1) { - DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); goto err; } if (generator == DH_GENERATOR_2) @@ -144,17 +155,14 @@ DH *DH_generate_parameters(int prime_len, int generator, g=generator; } - p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); - if (p == NULL) goto err; - if (callback != NULL) callback(3,0,cb_arg); - ret->p=p; - ret->g=BN_new(); + if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; + if(!BN_GENCB_call(cb, 3, 0)) goto err; if (!BN_set_word(ret->g,g)) goto err; ok=1; err: if (ok == -1) { - DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB); + DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); ok=0; } @@ -163,12 +171,5 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (!ok && (ret != NULL)) - { - DH_free(ret); - ret=NULL; - } - return(ret); + return ok; } - -#endif diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index ff125c2..79984e1 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -62,8 +62,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -91,6 +89,7 @@ dh_bn_mod_exp, dh_init, dh_finish, 0, +NULL, NULL }; @@ -105,7 +104,7 @@ static int generate_key(DH *dh) int generate_new_key=0; unsigned l; BN_CTX *ctx; - BN_MONT_CTX *mont; + BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; ctx = BN_CTX_new(); @@ -128,28 +127,43 @@ static int generate_key(DH *dh) else pub_key=dh->pub_key; - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,ctx)) goto err; + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; } - mont=(BN_MONT_CTX *)dh->method_mont_p; if (generate_new_key) { l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ if (!BN_rand(priv_key, l, 0, 0)) goto err; } - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) - goto err; + + { + BIGNUM local_prk; + BIGNUM *prk; + + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) + { + BN_init(&local_prk); + prk = &local_prk; + BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + } + else + prk = priv_key; + + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; + } dh->pub_key=pub_key; dh->priv_key=priv_key; ok=1; err: if (ok != 1) - DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); + DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); @@ -160,9 +174,10 @@ err: static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { BN_CTX *ctx; - BN_MONT_CTX *mont; + BN_MONT_CTX *mont=NULL; BIGNUM *tmp; int ret= -1; + int check_result; ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -171,27 +186,42 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (dh->priv_key == NULL) { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); + DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); goto err; } - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,ctx)) goto err; + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) + { + /* XXX */ + BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); + } + if (!mont) + goto err; + } + + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); + goto err; } - mont=(BN_MONT_CTX *)dh->method_mont_p; if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { - DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); + DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); goto err; } ret=BN_bn2bin(tmp,key); err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return(ret); } @@ -200,7 +230,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { - if (a->top == 1) + /* If a is only one word long and constant time is false, use the faster + * exponenentiation function. + */ + if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { BN_ULONG A = a->d[0]; return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); @@ -219,8 +252,6 @@ static int dh_init(DH *dh) static int dh_finish(DH *dh) { if(dh->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); + BN_MONT_CTX_free(dh->method_mont_p); return(1); } - -#endif diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/openssl/crypto/dh/dhtest.c index d75077f..882f5c3 100644 --- a/crypto/openssl/crypto/dh/dhtest.c +++ b/crypto/openssl/crypto/dh/dhtest.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include @@ -83,12 +89,13 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK cb(int p, int n, void *arg); +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) { + BN_GENCB _cb; DH *a; DH *b=NULL; char buf[12]; @@ -110,8 +117,10 @@ int main(int argc, char *argv[]) if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); - a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); - if (a == NULL) goto err; + BN_GENCB_set(&_cb, &cb, out); + if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, &_cb)) + goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) @@ -136,6 +145,10 @@ int main(int argc, char *argv[]) b->g=BN_dup(a->g); if ((b->p == NULL) || (b->g == NULL)) goto err; + /* Set a to run with normal modexp and b to use constant time */ + a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; + b->flags |= DH_FLAG_NO_EXP_CONSTTIME; + if (!DH_generate_key(a)) goto err; BIO_puts(out,"pri 1="); BN_print(out,a->priv_key); @@ -188,14 +201,14 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } -static void MS_CALLBACK cb(int p, int n, void *arg) +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -203,10 +216,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/openssl/crypto/dsa/Makefile b/crypto/openssl/crypto/dsa/Makefile index 418db98..676baf7 100644 --- a/crypto/openssl/crypto/dsa/Makefile +++ b/crypto/openssl/crypto/dsa/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/dsa/Makefile +# OpenSSL/crypto/dsa/Makefile # DIR= dsa @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -23,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c + dsa_err.c dsa_ossl.c dsa_depr.c LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o + dsa_err.o dsa_ossl.o dsa_depr.o SRC= $(LIBSRC) @@ -53,7 +48,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -68,6 +64,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -81,51 +78,50 @@ clean: dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_asn1.o: ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c -dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c +dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_err.o: dsa_err.c -dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h -dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c +dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_key.o: ../cryptlib.h dsa_key.c +dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -133,16 +129,15 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c +dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_ossl.o: ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h @@ -150,24 +145,20 @@ dsa_ossl.o: ../cryptlib.h dsa_ossl.c dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h -dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_sign.o: ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../cryptlib.h dsa_vrf.c diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/openssl/crypto/dsa/dsa.h index 225ff39..b12db98 100644 --- a/crypto/openssl/crypto/dsa/dsa.h +++ b/crypto/openssl/crypto/dsa/dsa.h @@ -65,6 +65,8 @@ #ifndef HEADER_DSA_H #define HEADER_DSA_H +#include + #ifdef OPENSSL_NO_DSA #error DSA is disabled. #endif @@ -72,24 +74,32 @@ #ifndef OPENSSL_NO_BIO #include #endif -#include #include #include + +#ifndef OPENSSL_NO_DEPRECATED +#include #ifndef OPENSSL_NO_DH # include #endif +#endif #define DSA_FLAG_CACHE_MONT_P 0x01 - -#if defined(OPENSSL_FIPS) -#define FIPS_DSA_SIZE_T int -#endif +#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ #ifdef __cplusplus extern "C" { #endif -typedef struct dsa_st DSA; +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ typedef struct DSA_SIG_st { @@ -97,7 +107,8 @@ typedef struct DSA_SIG_st BIGNUM *s; } DSA_SIG; -typedef struct dsa_method { +struct dsa_method + { const char *name; DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, @@ -114,7 +125,14 @@ typedef struct dsa_method { int (*finish)(DSA *dsa); int flags; char *app_data; -} DSA_METHOD; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); + }; struct dsa_st { @@ -135,7 +153,7 @@ struct dsa_st int flags; /* Normally used to cache montgomery values */ - char *method_mont_p; + BN_MONT_CTX *method_mont_p; int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; @@ -143,16 +161,13 @@ struct dsa_st ENGINE *engine; }; -#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ - (char *(*)())d2i_DSAparams,(char *)(x)) +#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ (unsigned char *)(x)) -#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x)) -#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ - (unsigned char *)(x)) +#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) DSA_SIG * DSA_SIG_new(void); @@ -190,10 +205,20 @@ void *DSA_get_ex_data(DSA *d, int idx); DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_key(DSA *a); int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); diff --git a/crypto/openssl/crypto/dsa/dsa_depr.c b/crypto/openssl/crypto/dsa/dsa_depr.c new file mode 100644 index 0000000..f2da680 --- /dev/null +++ b/crypto/openssl/crypto/dsa/dsa_depr.c @@ -0,0 +1,106 @@ +/* crypto/dsa/dsa_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* This file contains deprecated function(s) that are now wrappers to the new + * version(s). */ + +#undef GENUINE_DSA + +#ifdef GENUINE_DSA +/* Parameter generation follows the original release of FIPS PUB 186, + * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ +#define HASH EVP_sha() +#else +/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, + * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in + * FIPS PUB 180-1) */ +#define HASH EVP_sha1() +#endif + +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_SHA + +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED +DSA *DSA_generate_parameters(int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg) + { + BN_GENCB cb; + DSA *ret; + + if ((ret=DSA_new()) == NULL) return NULL; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, + counter_ret, h_ret, &cb)) + return ret; + DSA_free(ret); + return NULL; + } +#endif +#endif diff --git a/crypto/openssl/crypto/dsa/dsa_err.c b/crypto/openssl/crypto/dsa/dsa_err.c index 79aa4ff..fd42053 100644 --- a/crypto/openssl/crypto/dsa/dsa_err.c +++ b/crypto/openssl/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* crypto/dsa/dsa_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,29 +64,33 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) + static ERR_STRING_DATA DSA_str_functs[]= { -{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, -{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, -{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, -{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, -{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, -{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, -{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, -{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, -{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, -{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, -{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, -{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"}, +{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, +{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, +{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, +{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, +{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, +{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, +{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, +{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, +{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, +{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, +{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, +{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, +{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, {0,NULL} }; static ERR_STRING_DATA DSA_str_reasons[]= { -{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, +{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {0,NULL} }; @@ -100,8 +104,8 @@ void ERR_load_DSA_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); - ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); + ERR_load_strings(0,DSA_str_functs); + ERR_load_strings(0,DSA_str_reasons); #endif } diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c index e307beb..6a6be3b 100644 --- a/crypto/openssl/crypto/dsa/dsa_gen.c +++ b/crypto/openssl/crypto/dsa/dsa_gen.c @@ -69,6 +69,8 @@ #define HASH EVP_sha1() #endif +#include /* To see if OPENSSL_NO_SHA is defined */ + #ifndef OPENSSL_NO_SHA #include @@ -80,12 +82,24 @@ #include #include -#ifndef OPENSSL_FIPS -DSA *DSA_generate_parameters(int bits, +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +int DSA_generate_parameters_ex(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) + { + if(ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + } + +static int dsa_builtin_paramgen(DSA *ret, int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; @@ -97,9 +111,8 @@ DSA *DSA_generate_parameters(int bits, int k,n=0,i,b,m=0; int counter=0; int r=0; - BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; + BN_CTX *ctx=NULL; unsigned int h=2; - DSA *ret=NULL; if (bits < 512) bits=512; bits=(bits+63)/64*64; @@ -113,23 +126,21 @@ DSA *DSA_generate_parameters(int bits, memcpy(seed,seed_in,seed_len); if ((ctx=BN_CTX_new()) == NULL) goto err; - if ((ctx2=BN_CTX_new()) == NULL) goto err; - if ((ctx3=BN_CTX_new()) == NULL) goto err; - if ((ret=DSA_new()) == NULL) goto err; if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - BN_CTX_start(ctx2); - r0 = BN_CTX_get(ctx2); - g = BN_CTX_get(ctx2); - W = BN_CTX_get(ctx2); - q = BN_CTX_get(ctx2); - X = BN_CTX_get(ctx2); - c = BN_CTX_get(ctx2); - p = BN_CTX_get(ctx2); - test = BN_CTX_get(ctx2); + BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + W = BN_CTX_get(ctx); + q = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + c = BN_CTX_get(ctx); + p = BN_CTX_get(ctx); + test = BN_CTX_get(ctx); - BN_lshift(test,BN_value_one(),bits-1); + if (!BN_lshift(test,BN_value_one(),bits-1)) + goto err; for (;;) { @@ -138,7 +149,8 @@ DSA *DSA_generate_parameters(int bits, int seed_is_random; /* step 1 */ - if (callback != NULL) callback(0,m++,cb_arg); + if(!BN_GENCB_call(cb, 0, m++)) + goto err; if (!seed_len) { @@ -171,7 +183,8 @@ DSA *DSA_generate_parameters(int bits, if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; /* step 4 */ - r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, + seed_is_random, cb); if (r > 0) break; if (r != 0) @@ -181,8 +194,8 @@ DSA *DSA_generate_parameters(int bits, /* step 5 */ } - if (callback != NULL) callback(2,0,cb_arg); - if (callback != NULL) callback(3,0,cb_arg); + if(!BN_GENCB_call(cb, 2, 0)) goto err; + if(!BN_GENCB_call(cb, 3, 0)) goto err; /* step 6 */ counter=0; @@ -193,8 +206,8 @@ DSA *DSA_generate_parameters(int bits, for (;;) { - if (callback != NULL && counter != 0) - callback(0,counter,cb_arg); + if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + goto err; /* step 7 */ BN_zero(W); @@ -213,26 +226,27 @@ DSA *DSA_generate_parameters(int bits, /* step 8 */ if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) goto err; - BN_lshift(r0,r0,160*k); - BN_add(W,W,r0); + if (!BN_lshift(r0,r0,160*k)) goto err; + if (!BN_add(W,W,r0)) goto err; } /* more of step 8 */ - BN_mask_bits(W,bits-1); - BN_copy(X,W); /* this should be ok */ - BN_add(X,X,test); /* this should be ok */ + if (!BN_mask_bits(W,bits-1)) goto err; + if (!BN_copy(X,W)) goto err; + if (!BN_add(X,X,test)) goto err; /* step 9 */ - BN_lshift1(r0,q); - BN_mod(c,X,r0,ctx); - BN_sub(r0,c,BN_value_one()); - BN_sub(p,X,r0); + if (!BN_lshift1(r0,q)) goto err; + if (!BN_mod(c,X,r0,ctx)) goto err; + if (!BN_sub(r0,c,BN_value_one())) goto err; + if (!BN_sub(p,X,r0)) goto err; /* step 10 */ if (BN_cmp(p,test) >= 0) { /* step 11 */ - r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); + r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, + ctx, 1, cb); if (r > 0) goto end; /* found it */ if (r != 0) @@ -248,52 +262,54 @@ DSA *DSA_generate_parameters(int bits, } } end: - if (callback != NULL) callback(2,1,cb_arg); + if(!BN_GENCB_call(cb, 2, 1)) + goto err; /* We now need to generate g */ /* Set r0=(p-1)/q */ - BN_sub(test,p,BN_value_one()); - BN_div(r0,NULL,test,q,ctx); + if (!BN_sub(test,p,BN_value_one())) goto err; + if (!BN_div(r0,NULL,test,q,ctx)) goto err; - BN_set_word(test,h); - BN_MONT_CTX_set(mont,p,ctx); + if (!BN_set_word(test,h)) goto err; + if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; for (;;) { /* g=test^r0%p */ - BN_mod_exp_mont(g,test,r0,p,ctx,mont); + if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; if (!BN_is_one(g)) break; - BN_add(test,test,BN_value_one()); + if (!BN_add(test,test,BN_value_one())) goto err; h++; } - if (callback != NULL) callback(3,1,cb_arg); + if(!BN_GENCB_call(cb, 3, 1)) + goto err; ok=1; err: - if (!ok) - { - if (ret != NULL) DSA_free(ret); - } - else + if (ok) { + if(ret->p) BN_free(ret->p); + if(ret->q) BN_free(ret->q); + if(ret->g) BN_free(ret->g); ret->p=BN_dup(p); ret->q=BN_dup(q); ret->g=BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) + { + ok=0; + goto err; + } if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; } - if (ctx != NULL) BN_CTX_free(ctx); - if (ctx2 != NULL) + if(ctx) { - BN_CTX_end(ctx2); - BN_CTX_free(ctx2); + BN_CTX_end(ctx); + BN_CTX_free(ctx); } - if (ctx3 != NULL) BN_CTX_free(ctx3); if (mont != NULL) BN_MONT_CTX_free(mont); - return(ok?ret:NULL); + return ok; } -#endif /* ndef OPENSSL_FIPS */ -#endif /* ndef OPENSSL_NO_SHA */ - +#endif diff --git a/crypto/openssl/crypto/dsa/dsa_key.c b/crypto/openssl/crypto/dsa/dsa_key.c index 30607ca..0423f2e 100644 --- a/crypto/openssl/crypto/dsa/dsa_key.c +++ b/crypto/openssl/crypto/dsa/dsa_key.c @@ -56,17 +56,25 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include #include "cryptlib.h" +#ifndef OPENSSL_NO_SHA #include #include #include -#ifndef OPENSSL_FIPS +static int dsa_builtin_keygen(DSA *dsa); + int DSA_generate_key(DSA *dsa) { + if(dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); + } + +static int dsa_builtin_keygen(DSA *dsa) + { int ok=0; BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -90,8 +98,22 @@ int DSA_generate_key(DSA *dsa) } else pub_key=dsa->pub_key; + + { + BIGNUM local_prk; + BIGNUM *prk; - if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err; + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) + { + BN_init(&local_prk); + prk = &local_prk; + BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + } + else + prk = priv_key; + + if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; + } dsa->priv_key=priv_key; dsa->pub_key=pub_key; @@ -104,4 +126,3 @@ err: return(ok); } #endif -#endif diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index 4171af2..b982579 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -66,6 +66,9 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#ifndef OPENSSL_NO_DH +#include +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c index f1a85af..3fd8a35 100644 --- a/crypto/openssl/crypto/dsa/dsa_ossl.c +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -65,33 +65,63 @@ #include #include -#ifndef OPENSSL_FIPS static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", dsa_do_sign, dsa_sign_setup, dsa_do_verify, -dsa_mod_exp, -dsa_bn_mod_exp, +NULL, /* dsa_mod_exp, */ +NULL, /* dsa_bn_mod_exp, */ dsa_init, dsa_finish, 0, +NULL, +NULL, NULL }; +/* These macro wrappers replace attempts to use the dsa_mod_exp() and + * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of + * having a the macro work as an expression by bundling an "err_instr". So; + * + * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + * dsa->method_mont_p)) goto err; + * + * can be replaced by; + * + * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, + * dsa->method_mont_p); + */ + +#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ + do { \ + int _tmp_res53; \ + if((dsa)->meth->dsa_mod_exp) \ + _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ + (a2), (p2), (m), (ctx), (in_mont)); \ + else \ + _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ + (m), (ctx), (in_mont)); \ + if(!_tmp_res53) err_instr; \ + } while(0) +#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ + do { \ + int _tmp_res53; \ + if((dsa)->meth->bn_mod_exp) \ + _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ + (m), (ctx), (m_ctx)); \ + else \ + _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ + if(!_tmp_res53) err_instr; \ + } while(0) + const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; @@ -172,7 +202,7 @@ err: static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { BN_CTX *ctx; - BIGNUM k,*kinv=NULL,*r=NULL; + BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; int ret=0; if (!dsa->p || !dsa->q || !dsa->g) @@ -182,6 +212,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } BN_init(&k); + BN_init(&kq); if (ctx_in == NULL) { @@ -191,23 +222,50 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) ctx=ctx_in; if ((r=BN_new()) == NULL) goto err; - kinv=NULL; /* Get random k */ do if (!BN_rand_range(&k, dsa->q)) goto err; while (BN_is_zero(&k)); + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) + { + BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); + } - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; + if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, + CRYPTO_LOCK_DSA, + dsa->p, ctx)) + goto err; } /* Compute r = (g^k mod p) mod q */ - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, - (BN_MONT_CTX *)dsa->method_mont_p)) goto err; + + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) + { + if (!BN_copy(&kq, &k)) goto err; + + /* We do not want timing information to leak the length of k, + * so we compute g^k using an equivalent exponent of fixed length. + * + * (This is a kludge that we need because the BN_mod_exp_mont() + * does not let us specify the desired timing behaviour.) */ + + if (!BN_add(&kq, &kq, dsa->q)) goto err; + if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) + { + if (!BN_add(&kq, &kq, dsa->q)) goto err; + } + + K = &kq; + } + else + { + K = &k; + } + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, + dsa->method_mont_p); if (!BN_mod(r,r,dsa->q,ctx)) goto err; /* Compute part of 's = inv(k) (m + xr) mod q' */ @@ -229,6 +287,7 @@ err: if (ctx_in == NULL) BN_CTX_free(ctx); if (kinv != NULL) BN_clear_free(kinv); BN_clear_free(&k); + BN_clear_free(&kq); return(ret); } @@ -251,12 +310,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, if ((ctx=BN_CTX_new()) == NULL) goto err; - if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; goto err; } - if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || + BN_ucmp(sig->s, dsa->q) >= 0) { ret = 0; goto err; @@ -275,44 +336,28 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, /* u2 = r * w mod q */ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; + mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, + CRYPTO_LOCK_DSA, dsa->p, ctx); + if (!mont) + goto err; } - mont=(BN_MONT_CTX *)dsa->method_mont_p; -#if 0 - { - BIGNUM t2; - - BN_init(&t2); - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; - BN_free(&t2); - } - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; -#else - { - if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, - dsa->p,ctx,mont)) goto err; + + DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; - } -#endif + /* V is now in u1. If the signature is correct, it will be * equal to R. */ ret=(BN_ucmp(&u1, sig->r) == 0); err: + /* XXX: surely this is wrong - if ret is 0, it just didn't verify; + there is no error in BN. Test should be ret == -1 (Ben) */ if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); if (ctx != NULL) BN_CTX_free(ctx); BN_free(&u1); @@ -330,21 +375,7 @@ static int dsa_init(DSA *dsa) static int dsa_finish(DSA *dsa) { if(dsa->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); + BN_MONT_CTX_free(dsa->method_mont_p); return(1); } -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); -} - -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -} -#endif diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c index 3c9753b..8920502 100644 --- a/crypto/openssl/crypto/dsa/dsa_sign.c +++ b/crypto/openssl/crypto/dsa/dsa_sign.c @@ -64,17 +64,9 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif -#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !FIPS_dsa_check(dsa)) - return NULL; -#endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } @@ -95,10 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !FIPS_dsa_check(dsa)) - return 0; -#endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c index 8ef0c45..c4aeddd 100644 --- a/crypto/openssl/crypto/dsa/dsa_vrf.c +++ b/crypto/openssl/crypto/dsa/dsa_vrf.c @@ -65,18 +65,10 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif -#include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !FIPS_dsa_check(dsa)) - return -1; -#endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c index 4734ce4..912317b 100644 --- a/crypto/openssl/crypto/dsa/dsatest.c +++ b/crypto/openssl/crypto/dsa/dsatest.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include @@ -68,6 +74,7 @@ #include #include #include +#include #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) @@ -84,7 +91,7 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -129,6 +136,7 @@ static BIO *bio_err=NULL; int main(int argc, char **argv) { + BN_GENCB cb; DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; @@ -148,7 +156,10 @@ int main(int argc, char **argv) BIO_printf(bio_err,"test generation of DSA parameters\n"); - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); + BN_GENCB_set(&cb, dsa_cb, bio_err); + if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, + seed, 20, &counter, &h, &cb)) + goto end; BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) @@ -156,7 +167,7 @@ int main(int argc, char **argv) BIO_printf(bio_err,"%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } - BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); + BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); if (dsa == NULL) goto end; DSA_print(bio_err,dsa,0); @@ -194,10 +205,19 @@ int main(int argc, char **argv) BIO_printf(bio_err,"g value is wrong\n"); goto end; } + + dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; + DSA_generate_key(dsa); + DSA_sign(0, str1, 20, sig, &siglen, dsa); + if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) + ret=1; + + dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret=1; + end: if (!ret) ERR_print_errors(bio_err); @@ -211,17 +231,14 @@ end: BIO_free(bio_err); bio_err = NULL; } +#ifdef OPENSSL_SYS_NETWARE + if (!ret) printf("ERROR\n"); +#endif EXIT(!ret); return(0); } -static int cb_exit(int ec) - { - EXIT(ec); - return(0); /* To keep some compilers quiet */ - } - -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) { char c='*'; static int ok=0,num=0; @@ -230,13 +247,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) { c='*'; ok++; } if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - cb_exit(1); + return 0; } + return 1; } #endif diff --git a/crypto/openssl/crypto/dso/Makefile b/crypto/openssl/crypto/dso/Makefile index dd8d243..07f5d8d 100644 --- a/crypto/openssl/crypto/dso/Makefile +++ b/crypto/openssl/crypto/dso/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/dso/Makefile +# OpenSSL/crypto/dso/Makefile # DIR= dso @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -53,7 +48,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -68,6 +64,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -84,43 +81,47 @@ dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c +dso_dl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dso_dl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dso_dl.o: ../cryptlib.h dso_dl.c dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_dlfcn.o: ../../include/openssl/opensslconf.h -dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c +dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_dlfcn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_dlfcn.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dlfcn.c dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_err.o: ../../include/openssl/symhacks.h dso_err.c +dso_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dso_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dso_err.o: dso_err.c dso_lib.o: ../../e_os.h ../../include/openssl/bio.h dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c +dso_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dso_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dso_lib.o: ../cryptlib.h dso_lib.c dso_null.o: ../../e_os.h ../../include/openssl/bio.h dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_null.o: ../../include/openssl/opensslconf.h -dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_null.o: ../cryptlib.h dso_null.c +dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_null.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_null.c dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_openssl.o: ../../include/openssl/opensslconf.h dso_openssl.o: ../../include/openssl/opensslv.h +dso_openssl.o: ../../include/openssl/ossl_typ.h dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c dso_vms.o: ../../e_os.h ../../include/openssl/bio.h @@ -128,13 +129,14 @@ dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c +dso_vms.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dso_vms.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dso_vms.o: ../cryptlib.h dso_vms.c dso_win32.o: ../../e_os.h ../../include/openssl/bio.h dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_win32.o: ../../include/openssl/opensslconf.h -dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_win32.o: ../cryptlib.h dso_win32.c +dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_win32.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_win32.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_win32.c diff --git a/crypto/openssl/crypto/dso/dso.h b/crypto/openssl/crypto/dso/dso.h index aa721f7..3e51913 100644 --- a/crypto/openssl/crypto/dso/dso.h +++ b/crypto/openssl/crypto/dso/dso.h @@ -1,4 +1,4 @@ -/* dso.h */ +/* dso.h -*- mode:C; c-file-style: "eay" -*- */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -95,6 +95,13 @@ extern "C" { */ #define DSO_FLAG_UPCASE_SYMBOL 0x10 +/* This flag loads the library with public symbols. + * Meaning: The exported symbols of this library are public + * to all libraries loaded after this library. + * At the moment only implemented in unix. + */ +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + typedef void (*DSO_FUNC_TYPE)(void); @@ -107,6 +114,22 @@ typedef struct dso_st DSO; * condition) or a newly allocated string containing the transformed form that * the caller will need to free with OPENSSL_free() when done. */ typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +/* The function prototype used for method functions (or caller-provided + * callbacks) that merge two file specifications. They are passed a + * DSO structure pointer (or NULL if they are to be used independantly of + * a DSO object) and two file specifications to merge. They should + * either return NULL (if there is an error condition) or a newly allocated + * string containing the result of merging that the caller will need + * to free with OPENSSL_free() when done. + * Here, merging means that bits and pieces are taken from each of the + * file specifications and added together in whatever fashion that is + * sensible for the DSO method in question. The only rule that really + * applies is that if the two specification contain pieces of the same + * type, the copy from the first string takes priority. One could see + * it as the first specification is the one given by the user and the + * second being a bunch of defaults to add on if they're missing in the + * first. */ +typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *); typedef struct dso_meth_st { @@ -140,6 +163,9 @@ typedef struct dso_meth_st /* The default DSO_METHOD-specific function for converting filenames to * a canonical native form. */ DSO_NAME_CONVERTER_FUNC dso_name_converter; + /* The default DSO_METHOD-specific function for converting filenames to + * a canonical native form. */ + DSO_MERGER_FUNC dso_merger; /* [De]Initialisation handlers. */ int (*init)(DSO *dso); @@ -164,9 +190,13 @@ struct dso_st * don't touch meth_data! */ CRYPTO_EX_DATA ex_data; /* If this callback function pointer is set to non-NULL, then it will - * be used on DSO_load() in place of meth->dso_name_converter. NB: This + * be used in DSO_load() in place of meth->dso_name_converter. NB: This * should normally set using DSO_set_name_converter(). */ DSO_NAME_CONVERTER_FUNC name_converter; + /* If this callback function pointer is set to non-NULL, then it will + * be used in DSO_load() in place of meth->dso_merger. NB: This + * should normally set using DSO_set_merger(). */ + DSO_MERGER_FUNC merger; /* This is populated with (a copy of) the platform-independant * filename used for this DSO. */ char *filename; @@ -209,6 +239,11 @@ int DSO_set_filename(DSO *dso, const char *filename); * caller-created DSO_METHODs can do the same thing. A non-NULL return value * will need to be OPENSSL_free()'d. */ char *DSO_convert_filename(DSO *dso, const char *filename); +/* This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be + * OPENSSL_free()'d. */ +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); /* If the DSO is currently loaded, this returns the filename that it was loaded * under, otherwise it returns NULL. So it is also useful as a test as to * whether the DSO is currently loaded. NB: This will not necessarily return @@ -273,11 +308,13 @@ void ERR_load_DSO_strings(void); #define DSO_F_DLFCN_BIND_FUNC 100 #define DSO_F_DLFCN_BIND_VAR 101 #define DSO_F_DLFCN_LOAD 102 +#define DSO_F_DLFCN_MERGER 130 #define DSO_F_DLFCN_NAME_CONVERTER 123 #define DSO_F_DLFCN_UNLOAD 103 #define DSO_F_DL_BIND_FUNC 104 #define DSO_F_DL_BIND_VAR 105 #define DSO_F_DL_LOAD 106 +#define DSO_F_DL_MERGER 131 #define DSO_F_DL_NAME_CONVERTER 124 #define DSO_F_DL_UNLOAD 107 #define DSO_F_DSO_BIND_FUNC 108 @@ -288,27 +325,36 @@ void ERR_load_DSO_strings(void); #define DSO_F_DSO_GET_FILENAME 127 #define DSO_F_DSO_GET_LOADED_FILENAME 128 #define DSO_F_DSO_LOAD 112 +#define DSO_F_DSO_MERGE 132 #define DSO_F_DSO_NEW_METHOD 113 #define DSO_F_DSO_SET_FILENAME 129 #define DSO_F_DSO_SET_NAME_CONVERTER 122 #define DSO_F_DSO_UP_REF 114 -#define DSO_F_VMS_BIND_VAR 115 +#define DSO_F_VMS_BIND_SYM 115 #define DSO_F_VMS_LOAD 116 +#define DSO_F_VMS_MERGER 133 #define DSO_F_VMS_UNLOAD 117 #define DSO_F_WIN32_BIND_FUNC 118 #define DSO_F_WIN32_BIND_VAR 119 +#define DSO_F_WIN32_JOINER 135 #define DSO_F_WIN32_LOAD 120 +#define DSO_F_WIN32_MERGER 134 #define DSO_F_WIN32_NAME_CONVERTER 125 +#define DSO_F_WIN32_SPLITTER 136 #define DSO_F_WIN32_UNLOAD 121 /* Reason codes. */ #define DSO_R_CTRL_FAILED 100 #define DSO_R_DSO_ALREADY_LOADED 110 +#define DSO_R_EMPTY_FILE_STRUCTURE 113 +#define DSO_R_FAILURE 114 #define DSO_R_FILENAME_TOO_BIG 101 #define DSO_R_FINISH_FAILED 102 +#define DSO_R_INCORRECT_FILE_SYNTAX 115 #define DSO_R_LOAD_FAILED 103 #define DSO_R_NAME_TRANSLATION_FAILED 109 #define DSO_R_NO_FILENAME 111 +#define DSO_R_NO_FILE_SPECIFICATION 116 #define DSO_R_NULL_HANDLE 104 #define DSO_R_SET_FILENAME_FAILED 112 #define DSO_R_STACK_ERROR 105 diff --git a/crypto/openssl/crypto/dso/dso_dl.c b/crypto/openssl/crypto/dso/dso_dl.c index 79d2cb4..417abb6 100644 --- a/crypto/openssl/crypto/dso/dso_dl.c +++ b/crypto/openssl/crypto/dso/dso_dl.c @@ -1,4 +1,4 @@ -/* dso_dl.c */ +/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2000. */ @@ -84,6 +84,7 @@ static int dl_finish(DSO *dso); static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif static char *dl_name_converter(DSO *dso, const char *filename); +static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); static DSO_METHOD dso_meth_dl = { "OpenSSL 'dl' shared library method", @@ -98,6 +99,7 @@ static DSO_METHOD dso_meth_dl = { #endif NULL, /* ctrl */ dl_name_converter, + dl_merger, NULL, /* init */ NULL /* finish */ }; @@ -126,7 +128,8 @@ static int dl_load(DSO *dso) DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L); + ptr = shl_load(filename, BIND_IMMEDIATE | + (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L); if(ptr == NULL) { DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); @@ -238,6 +241,72 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) return((DSO_FUNC_TYPE)sym); } +static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) + { + char *merged; + + if(!filespec1 && !filespec2) + { + DSOerr(DSO_F_DL_MERGER, + ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + /* If the first file specification is a rooted path, it rules. + same goes if the second file specification is missing. */ + if (!filespec2 || filespec1[0] == '/') + { + merged = OPENSSL_malloc(strlen(filespec1) + 1); + if(!merged) + { + DSOerr(DSO_F_DL_MERGER, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(merged, filespec1); + } + /* If the first file specification is missing, the second one rules. */ + else if (!filespec1) + { + merged = OPENSSL_malloc(strlen(filespec2) + 1); + if(!merged) + { + DSOerr(DSO_F_DL_MERGER, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(merged, filespec2); + } + else + /* This part isn't as trivial as it looks. It assumes that + the second file specification really is a directory, and + makes no checks whatsoever. Therefore, the result becomes + the concatenation of filespec2 followed by a slash followed + by filespec1. */ + { + int spec2len, len; + + spec2len = (filespec2 ? strlen(filespec2) : 0); + len = spec2len + (filespec1 ? strlen(filespec1) : 0); + + if(filespec2 && filespec2[spec2len - 1] == '/') + { + spec2len--; + len--; + } + merged = OPENSSL_malloc(len + 2); + if(!merged) + { + DSOerr(DSO_F_DL_MERGER, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(merged, filespec2); + merged[spec2len] = '/'; + strcpy(&merged[spec2len + 1], filespec1); + } + return(merged); + } + /* This function is identical to the one in dso_dlfcn.c, but as it is highly * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the * same time, there's no great duplicating the code. Figuring out an elegant diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c index 9d49ebc..1fd1010 100644 --- a/crypto/openssl/crypto/dso/dso_dlfcn.c +++ b/crypto/openssl/crypto/dso/dso_dlfcn.c @@ -1,4 +1,4 @@ -/* dso_dlfcn.c */ +/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -85,6 +85,8 @@ static int dlfcn_finish(DSO *dso); static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif static char *dlfcn_name_converter(DSO *dso, const char *filename); +static char *dlfcn_merger(DSO *dso, const char *filespec1, + const char *filespec2); static DSO_METHOD dso_meth_dlfcn = { "OpenSSL 'dlfcn' shared library method", @@ -99,6 +101,7 @@ static DSO_METHOD dso_meth_dlfcn = { #endif NULL, /* ctrl */ dlfcn_name_converter, + dlfcn_merger, NULL, /* init */ NULL /* finish */ }; @@ -141,13 +144,19 @@ static int dlfcn_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); + int flags = DLOPEN_FLAG; if(filename == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = dlopen(filename, DLOPEN_FLAG); + +#ifdef RTLD_GLOBAL + if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) + flags |= RTLD_GLOBAL; +#endif + ptr = dlopen(filename, flags); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); @@ -228,7 +237,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) { void *ptr; - DSO_FUNC_TYPE sym; + DSO_FUNC_TYPE sym, *tsym = &sym; if((dso == NULL) || (symname == NULL)) { @@ -246,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - sym = (DSO_FUNC_TYPE)dlsym(ptr, symname); + *(void **)(tsym) = dlsym(ptr, symname); if(sym == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); @@ -256,6 +265,73 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) return(sym); } +static char *dlfcn_merger(DSO *dso, const char *filespec1, + const char *filespec2) + { + char *merged; + + if(!filespec1 && !filespec2) + { + DSOerr(DSO_F_DLFCN_MERGER, + ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + /* If the first file specification is a rooted path, it rules. + same goes if the second file specification is missing. */ + if (!filespec2 || filespec1[0] == '/') + { + merged = OPENSSL_malloc(strlen(filespec1) + 1); + if(!merged) + { + DSOerr(DSO_F_DLFCN_MERGER, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(merged, filespec1); + } + /* If the first file specification is missing, the second one rules. */ + else if (!filespec1) + { + merged = OPENSSL_malloc(strlen(filespec2) + 1); + if(!merged) + { + DSOerr(DSO_F_DLFCN_MERGER, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(merged, filespec2); + } + else + /* This part isn't as trivial as it looks. It assumes that + the second file specification really is a directory, and + makes no checks whatsoever. Therefore, the result becomes + the concatenation of filespec2 followed by a slash followed + by filespec1. */ + { + int spec2len, len; + + spec2len = (filespec2 ? strlen(filespec2) : 0); + len = spec2len + (filespec1 ? strlen(filespec1) : 0); + + if(filespec2 && filespec2[spec2len - 1] == '/') + { + spec2len--; + len--; + } + merged = OPENSSL_malloc(len + 2); + if(!merged) + { + DSOerr(DSO_F_DLFCN_MERGER, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(merged, filespec2); + merged[spec2len] = '/'; + strcpy(&merged[spec2len + 1], filespec1); + } + return(merged); + } + static char *dlfcn_name_converter(DSO *dso, const char *filename) { char *translated; diff --git a/crypto/openssl/crypto/dso/dso_err.c b/crypto/openssl/crypto/dso/dso_err.c index cf452de..aa91170 100644 --- a/crypto/openssl/crypto/dso/dso_err.c +++ b/crypto/openssl/crypto/dso/dso_err.c @@ -1,6 +1,6 @@ /* crypto/dso/dso_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,56 +64,71 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) + static ERR_STRING_DATA DSO_str_functs[]= { -{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, -{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, -{ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, -{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"}, -{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, -{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, -{ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, -{ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, -{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"}, -{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, -{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, -{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, -{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"}, -{ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, -{ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, -{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"}, -{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"}, -{ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, -{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, -{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"}, -{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"}, -{ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"}, -{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, -{ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, -{ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"}, -{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, -{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, -{ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, -{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"}, -{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, +{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, +{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, +{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, +{ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, +{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, +{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, +{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, +{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, +{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, +{ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, +{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, +{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, +{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, +{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, +{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, +{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, +{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, +{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, +{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, +{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, +{ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, +{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, +{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, +{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, +{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, +{ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, +{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, +{ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, +{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, +{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, +{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, +{ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, +{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, +{ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, +{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, +{ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, +{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, {0,NULL} }; static ERR_STRING_DATA DSO_str_reasons[]= { -{DSO_R_CTRL_FAILED ,"control command failed"}, -{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"}, -{DSO_R_FILENAME_TOO_BIG ,"filename too big"}, -{DSO_R_FINISH_FAILED ,"cleanup method function failed"}, -{DSO_R_LOAD_FAILED ,"could not load the shared library"}, -{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"}, -{DSO_R_NO_FILENAME ,"no filename"}, -{DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, -{DSO_R_SET_FILENAME_FAILED ,"set filename failed"}, -{DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, -{DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, -{DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, -{DSO_R_UNSUPPORTED ,"functionality not supported"}, +{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"}, +{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"}, +{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE) ,"empty file structure"}, +{ERR_REASON(DSO_R_FAILURE) ,"failure"}, +{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"}, +{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"}, +{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"}, +{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"}, +{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"}, +{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"}, +{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"}, +{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"}, +{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"}, +{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"}, +{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"}, +{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"}, +{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"}, {0,NULL} }; @@ -127,8 +142,8 @@ void ERR_load_DSO_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_DSO,DSO_str_functs); - ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons); + ERR_load_strings(0,DSO_str_functs); + ERR_load_strings(0,DSO_str_reasons); #endif } diff --git a/crypto/openssl/crypto/dso/dso_lib.c b/crypto/openssl/crypto/dso/dso_lib.c index 48d9fdb..49bdd71 100644 --- a/crypto/openssl/crypto/dso/dso_lib.c +++ b/crypto/openssl/crypto/dso/dso_lib.c @@ -1,4 +1,4 @@ -/* dso_lib.c */ +/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -390,6 +390,33 @@ int DSO_set_filename(DSO *dso, const char *filename) return(1); } +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) + { + char *result = NULL; + + if(dso == NULL || filespec1 == NULL) + { + DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + if(filespec1 == NULL) + filespec1 = dso->filename; + if(filespec1 == NULL) + { + DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); + return(NULL); + } + if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) + { + if(dso->merger != NULL) + result = dso->merger(dso, filespec1, filespec2); + else if(dso->meth->dso_merger != NULL) + result = dso->meth->dso_merger(dso, + filespec1, filespec2); + } + return(result); + } + char *DSO_convert_filename(DSO *dso, const char *filename) { char *result = NULL; diff --git a/crypto/openssl/crypto/dso/dso_null.c b/crypto/openssl/crypto/dso/dso_null.c index fa13a7c..4972984 100644 --- a/crypto/openssl/crypto/dso/dso_null.c +++ b/crypto/openssl/crypto/dso/dso_null.c @@ -75,6 +75,8 @@ static DSO_METHOD dso_meth_null = { NULL, /* unbind_func */ #endif NULL, /* ctrl */ + NULL, /* dso_name_converter */ + NULL, /* dso_merger */ NULL, /* init */ NULL /* finish */ }; diff --git a/crypto/openssl/crypto/ebcdic.c b/crypto/openssl/crypto/ebcdic.c index d1bece8..43e53bc 100644 --- a/crypto/openssl/crypto/ebcdic.c +++ b/crypto/openssl/crypto/ebcdic.c @@ -1,6 +1,14 @@ /* crypto/ebcdic.c */ -#ifdef CHARSET_EBCDIC +#ifndef CHARSET_EBCDIC + +#include +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#else /*CHARSET_EBCDIC*/ + #include "ebcdic.h" /* Initial Port for Apache-1.3 by * Adapted for OpenSSL-0.9.4 by @@ -210,9 +218,4 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) return dest; } -#else /*CHARSET_EBCDIC*/ -#include -#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy=&dummy; -#endif #endif diff --git a/crypto/openssl/crypto/ec/Makefile b/crypto/openssl/crypto/ec/Makefile index 92272f2..42f7bb7 100644 --- a/crypto/openssl/crypto/ec/Makefile +++ b/crypto/openssl/crypto/ec/Makefile @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -22,11 +17,13 @@ TEST=ectest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_err.c +LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\ + ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\ + ec2_smpl.c ec2_smpt.c ec2_mult.c -LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \ - ec_err.o +LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\ + ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\ + ec2_smpl.o ec2_mult.o SRC= $(LIBSRC) @@ -54,7 +51,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -69,6 +67,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -80,47 +79,115 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h +ec2_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec2_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec2_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec2_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h +ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h +ec2_smpt.o: ec2_smpt.c +ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h +ec_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ec_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ec_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_asn1.o: ../../include/openssl/symhacks.h ec_asn1.c ec_lcl.h +ec_check.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_check.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_check.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec_check.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_check.o: ../../include/openssl/symhacks.h ec_check.c ec_lcl.h +ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_curve.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_curve.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h +ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_cvt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec_cvt.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_cvt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_cvt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h -ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ec_err.o: ec_err.c -ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ec_lib.o: ec_lcl.h ec_lib.c -ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ec_mult.o: ec_lcl.h ec_mult.c -ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecp_mont.o: ec_lcl.h ecp_mont.c -ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h +ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_err.o: ../../include/openssl/symhacks.h ec_err.c +ec_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_key.o: ../../include/openssl/symhacks.h ec_key.c ec_lcl.h +ec_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_lib.o: ../../include/openssl/symhacks.h ec_lcl.h ec_lib.c +ec_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c +ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c +ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecp_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecp_mont.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecp_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecp_mont.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_mont.c +ecp_nist.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ecp_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecp_nist.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c -ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h -ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c -ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecp_smpl.o: ec_lcl.h ecp_smpl.c +ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecp_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecp_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecp_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecp_smpl.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_smpl.c diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/openssl/crypto/ec/ec.h index 6d6a9b7..919c736 100644 --- a/crypto/openssl/crypto/ec/ec.h +++ b/crypto/openssl/crypto/ec/ec.h @@ -1,6 +1,9 @@ /* crypto/ec/ec.h */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,19 +55,41 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #ifndef HEADER_EC_H #define HEADER_EC_H +#include + #ifdef OPENSSL_NO_EC #error EC is disabled. #endif -#include +#include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif #ifdef __cplusplus extern "C" { +#elif defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif #endif @@ -84,7 +109,8 @@ typedef struct ec_group_st -- field definition -- curve coefficients -- optional generator with associated information (order, cofactor) - -- optional extra data (TODO: precomputed table for fast computation of multiples of generator) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff */ EC_GROUP; @@ -96,40 +122,84 @@ typedef struct ec_point_st EC_POINT; */ const EC_METHOD *EC_GFp_simple_method(void); const EC_METHOD *EC_GFp_mont_method(void); -#if 0 -const EC_METHOD *EC_GFp_recp_method(void); /* TODO */ -const EC_METHOD *EC_GFp_nist_method(void); /* TODO */ -#endif +const EC_METHOD *EC_GFp_nist_method(void); + +/* EC_METHOD for curves over GF(2^m). + */ +const EC_METHOD *EC_GF2m_simple_method(void); EC_GROUP *EC_GROUP_new(const EC_METHOD *); void EC_GROUP_free(EC_GROUP *); void EC_GROUP_clear_free(EC_GROUP *); int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); +EC_GROUP *EC_GROUP_dup(const EC_GROUP *); const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); - +int EC_METHOD_get_field_type(const EC_METHOD *); + +int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); +int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); +int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + +void EC_GROUP_set_curve_name(EC_GROUP *, int nid); +int EC_GROUP_get_curve_name(const EC_GROUP *); + +void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); -/* We don't have types for field specifications and field elements in general. - * Otherwise we could declare - * int EC_GROUP_set_curve(EC_GROUP *, .....); - */ int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); + +/* returns the number of bits needed to represent a field element */ +int EC_GROUP_get_degree(const EC_GROUP *); + +/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the + * elliptic curve is not zero, 0 otherwise */ +int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); + +/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ +int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); -/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp() +/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() * after choosing an appropriate EC_METHOD */ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + +/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure + * specified by a curve name (in form of a NID) */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +/* handling of internal curves */ +typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; +/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number + * of all available curves or zero if a error occurred. + * In case r ist not zero nitems EC_builtin_curve structures + * are filled with the data of the first nitems internal groups */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); -int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); -EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); -int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); -int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + +/* EC_POINT functions */ EC_POINT *EC_POINT_new(const EC_GROUP *); void EC_POINT_free(EC_POINT *); void EC_POINT_clear_free(EC_POINT *); int EC_POINT_copy(EC_POINT *, const EC_POINT *); +EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); const EC_METHOD *EC_POINT_method_of(const EC_POINT *); @@ -145,11 +215,28 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, const BIGNUM *x, int y_bit, BN_CTX *); +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, BN_CTX *); +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, BN_CTX *); + size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, unsigned char *buf, size_t len, BN_CTX *); int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, const unsigned char *buf, size_t len, BN_CTX *); +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); @@ -164,9 +251,112 @@ int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); + +/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *); + + +/* ASN1 stuff */ +/* EC_GROUP_get_basis_type() returns the NID of the basis type + * used to represent the field elements */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + +#define OPENSSL_EC_NAMED_CURVE 0x001 + +typedef struct ecpk_parameters_st ECPKPARAMETERS; + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +#ifndef OPENSSL_NO_BIO +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +#endif +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +#endif + +/* the EC_KEY stuff */ +typedef struct ec_key_st EC_KEY; + +/* some values for the encoding_flag */ +#define EC_PKEY_NO_PARAMETERS 0x001 +#define EC_PKEY_NO_PUBKEY 0x002 + +EC_KEY *EC_KEY_new(void); +EC_KEY *EC_KEY_new_by_curve_name(int nid); +void EC_KEY_free(EC_KEY *); +EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); +EC_KEY *EC_KEY_dup(const EC_KEY *); + +int EC_KEY_up_ref(EC_KEY *); + +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); +int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); +int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); +int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); +unsigned EC_KEY_get_enc_flags(const EC_KEY *); +void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); +void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); +/* functions to set/get method specific data */ +void *EC_KEY_get_key_method_data(EC_KEY *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_KEY_insert_key_method_data(EC_KEY *, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *, int); +int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); + +/* EC_KEY_generate_key() creates a ec private (public) key */ +int EC_KEY_generate_key(EC_KEY *); +/* EC_KEY_check_key() */ +int EC_KEY_check_key(const EC_KEY *); + +/* de- and encoding functions for SEC1 ECPrivateKey */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); +int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC parameters */ +EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); +int i2d_ECParameters(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC public key + * (octet string, not DER -- hence 'o2i' and 'i2o') */ +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); + +#ifndef OPENSSL_NO_BIO +int ECParameters_print(BIO *bp, const EC_KEY *x); +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); +#endif +#ifndef OPENSSL_NO_FP_API +int ECParameters_print_fp(FILE *fp, const EC_KEY *x); +int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); +#endif + +#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +#ifndef __cplusplus +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -178,51 +368,122 @@ void ERR_load_EC_strings(void); /* Function codes. */ #define EC_F_COMPUTE_WNAF 143 +#define EC_F_D2I_ECPARAMETERS 144 +#define EC_F_D2I_ECPKPARAMETERS 145 +#define EC_F_D2I_ECPRIVATEKEY 146 +#define EC_F_ECPARAMETERS_PRINT 147 +#define EC_F_ECPARAMETERS_PRINT_FP 148 +#define EC_F_ECPKPARAMETERS_PRINT 149 +#define EC_F_ECPKPARAMETERS_PRINT_FP 150 +#define EC_F_ECP_NIST_MOD_192 203 +#define EC_F_ECP_NIST_MOD_224 204 +#define EC_F_ECP_NIST_MOD_256 205 +#define EC_F_ECP_NIST_MOD_521 206 +#define EC_F_EC_ASN1_GROUP2CURVE 153 +#define EC_F_EC_ASN1_GROUP2FIELDID 154 +#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 +#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 #define EC_F_EC_GFP_MONT_FIELD_DECODE 133 #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 #define EC_F_EC_GFP_MONT_FIELD_MUL 131 +#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 #define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 #define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 #define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 #define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +#define EC_F_EC_GROUP_CHECK 170 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 #define EC_F_EC_GROUP_COPY 106 #define EC_F_EC_GROUP_GET0_GENERATOR 139 #define EC_F_EC_GROUP_GET_COFACTOR 140 +#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 +#define EC_F_EC_GROUP_GET_DEGREE 173 #define EC_F_EC_GROUP_GET_ORDER 141 +#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 #define EC_F_EC_GROUP_NEW 108 +#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +#define EC_F_EC_GROUP_NEW_FROM_DATA 175 #define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 #define EC_F_EC_GROUP_SET_CURVE_GFP 109 #define EC_F_EC_GROUP_SET_EXTRA_DATA 110 #define EC_F_EC_GROUP_SET_GENERATOR 111 +#define EC_F_EC_KEY_CHECK_KEY 177 +#define EC_F_EC_KEY_COPY 178 +#define EC_F_EC_KEY_GENERATE_KEY 179 +#define EC_F_EC_KEY_NEW 182 +#define EC_F_EC_KEY_PRINT 180 +#define EC_F_EC_KEY_PRINT_FP 181 #define EC_F_EC_POINTS_MAKE_AFFINE 136 #define EC_F_EC_POINTS_MUL 138 #define EC_F_EC_POINT_ADD 112 #define EC_F_EC_POINT_CMP 113 #define EC_F_EC_POINT_COPY 114 #define EC_F_EC_POINT_DBL 115 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 #define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 #define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +#define EC_F_EC_POINT_INVERT 210 #define EC_F_EC_POINT_IS_AT_INFINITY 118 #define EC_F_EC_POINT_IS_ON_CURVE 119 #define EC_F_EC_POINT_MAKE_AFFINE 120 +#define EC_F_EC_POINT_MUL 184 #define EC_F_EC_POINT_NEW 121 #define EC_F_EC_POINT_OCT2POINT 122 #define EC_F_EC_POINT_POINT2OCT 123 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 #define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_TO_INFINITY 127 -#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_PRE_COMP_DUP 207 +#define EC_F_EC_WNAF_MUL 187 +#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +#define EC_F_I2D_ECPARAMETERS 190 +#define EC_F_I2D_ECPKPARAMETERS 191 +#define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_O2I_ECPUBLICKEY 152 /* Reason codes. */ +#define EC_R_ASN1_ERROR 115 +#define EC_R_ASN1_UNKNOWN_FIELD 116 #define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +#define EC_R_DISCRIMINANT_IS_ZERO 118 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 @@ -230,12 +491,26 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_ENCODING 102 #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 +#define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_MISSING_PARAMETERS 124 +#define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 +#define EC_R_NO_FIELD_MOD 133 +#define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 #define EC_R_SLOT_FULL 108 #define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_GROUP 129 #define EC_R_UNKNOWN_ORDER 114 +#define EC_R_UNSUPPORTED_FIELD 131 +#define EC_R_WRONG_ORDER 130 #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/ec/ec2_mult.c b/crypto/openssl/crypto/ec/ec2_mult.c new file mode 100644 index 0000000..ff368fd --- /dev/null +++ b/crypto/openssl/crypto/ec/ec2_mult.c @@ -0,0 +1,380 @@ +/* crypto/ec/ec2_mult.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "ec_lcl.h" + + +/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective + * coordinates. + * Uses algorithm Mdouble in appendix of + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * modified to not require precomputation of c=b^{2^{m-1}}. + */ +static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) + { + BIGNUM *t1; + int ret = 0; + + /* Since Mdouble is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + if (t1 == NULL) goto err; + + if (!group->meth->field_sqr(group, x, x, ctx)) goto err; + if (!group->meth->field_sqr(group, t1, z, ctx)) goto err; + if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err; + if (!group->meth->field_sqr(group, x, x, ctx)) goto err; + if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err; + if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err; + if (!BN_GF2m_add(x, x, t1)) goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery + * projective coordinates. + * Uses algorithm Madd in appendix of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + */ +static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, + const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) + { + BIGNUM *t1, *t2; + int ret = 0; + + /* Since Madd is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t2 == NULL) goto err; + + if (!BN_copy(t1, x)) goto err; + if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err; + if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err; + if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err; + if (!BN_GF2m_add(z1, z1, x1)) goto err; + if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err; + if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err; + if (!BN_GF2m_add(x1, x1, t2)) goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; + } + +/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) + * using Montgomery point multiplication algorithm Mxy() in appendix of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * Returns: + * 0 on error + * 1 if return value should be the point at infinity + * 2 otherwise + */ +static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, + BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx) + { + BIGNUM *t3, *t4, *t5; + int ret = 0; + + if (BN_is_zero(z1)) + { + BN_zero(x2); + BN_zero(z2); + return 1; + } + + if (BN_is_zero(z2)) + { + if (!BN_copy(x2, x)) return 0; + if (!BN_GF2m_add(z2, x, y)) return 0; + return 2; + } + + /* Since Mxy is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + t3 = BN_CTX_get(ctx); + t4 = BN_CTX_get(ctx); + t5 = BN_CTX_get(ctx); + if (t5 == NULL) goto err; + + if (!BN_one(t5)) goto err; + + if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err; + + if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err; + if (!BN_GF2m_add(z1, z1, x1)) goto err; + if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err; + if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err; + if (!BN_GF2m_add(z2, z2, x2)) goto err; + + if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err; + if (!group->meth->field_sqr(group, t4, x, ctx)) goto err; + if (!BN_GF2m_add(t4, t4, y)) goto err; + if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err; + if (!BN_GF2m_add(t4, t4, z2)) goto err; + + if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err; + if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err; + if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err; + if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err; + if (!BN_GF2m_add(z2, x2, x)) goto err; + + if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err; + if (!BN_GF2m_add(z2, z2, y)) goto err; + + ret = 2; + + err: + BN_CTX_end(ctx); + return ret; + } + +/* Computes scalar*point and stores the result in r. + * point can not equal r. + * Uses algorithm 2P of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + */ +static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *ctx) + { + BIGNUM *x1, *x2, *z1, *z2; + int ret = 0, i, j; + BN_ULONG mask; + + if (r == point) + { + ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); + return 0; + } + + /* if result should be point at infinity */ + if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || + EC_POINT_is_at_infinity(group, point)) + { + return EC_POINT_set_to_infinity(group, r); + } + + /* only support affine coordinates */ + if (!point->Z_is_one) return 0; + + /* Since point_multiply is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + x1 = BN_CTX_get(ctx); + z1 = BN_CTX_get(ctx); + if (z1 == NULL) goto err; + + x2 = &r->X; + z2 = &r->Y; + + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ + if (!BN_one(z1)) goto err; /* z1 = 1 */ + if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ + if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err; + if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ + + /* find top most bit and go one past it */ + i = scalar->top - 1; j = BN_BITS2 - 1; + mask = BN_TBIT; + while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } + mask >>= 1; j--; + /* if top most bit was at word break, go to next word */ + if (!mask) + { + i--; j = BN_BITS2 - 1; + mask = BN_TBIT; + } + + for (; i >= 0; i--) + { + for (; j >= 0; j--) + { + if (scalar->d[i] & mask) + { + if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; + if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; + } + else + { + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + } + mask >>= 1; + } + j = BN_BITS2 - 1; + mask = BN_TBIT; + } + + /* convert out of "projective" coordinates */ + i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); + if (i == 0) goto err; + else if (i == 1) + { + if (!EC_POINT_set_to_infinity(group, r)) goto err; + } + else + { + if (!BN_one(&r->Z)) goto err; + r->Z_is_one = 1; + } + + /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ + BN_set_negative(&r->X, 0); + BN_set_negative(&r->Y, 0); + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; + } + + +/* Computes the sum + * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] + * gracefully ignoring NULL scalar values. + */ +int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; + int ret = 0; + size_t i; + EC_POINT *p=NULL; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + /* This implementation is more efficient than the wNAF implementation for 2 + * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, + * or if we can perform a fast multiplication based on precomputation. + */ + if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) + { + ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + goto err; + } + + if ((p = EC_POINT_new(group)) == NULL) goto err; + + if (!EC_POINT_set_to_infinity(group, r)) goto err; + + if (scalar) + { + if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; + if (BN_is_negative(scalar)) + if (!group->meth->invert(group, p, ctx)) goto err; + if (!group->meth->add(group, r, r, p, ctx)) goto err; + } + + for (i = 0; i < num; i++) + { + if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; + if (BN_is_negative(scalars[i])) + if (!group->meth->invert(group, p, ctx)) goto err; + if (!group->meth->add(group, r, r, p, ctx)) goto err; + } + + ret = 1; + + err: + if (p) EC_POINT_free(p); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } + + +/* Precomputation for point multiplication: fall back to wNAF methods + * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ + +int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + return ec_wNAF_precompute_mult(group, ctx); + } + +int ec_GF2m_have_precompute_mult(const EC_GROUP *group) + { + return ec_wNAF_have_precompute_mult(group); + } diff --git a/crypto/openssl/crypto/ec/ec2_smpl.c b/crypto/openssl/crypto/ec/ec2_smpl.c new file mode 100644 index 0000000..5cd1eac --- /dev/null +++ b/crypto/openssl/crypto/ec/ec2_smpl.c @@ -0,0 +1,971 @@ +/* crypto/ec/ec2_smpl.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "ec_lcl.h" + + +const EC_METHOD *EC_GF2m_simple_method(void) + { + static const EC_METHOD ret = { + NID_X9_62_characteristic_two_field, + ec_GF2m_simple_group_init, + ec_GF2m_simple_group_finish, + ec_GF2m_simple_group_clear_finish, + ec_GF2m_simple_group_copy, + ec_GF2m_simple_group_set_curve, + ec_GF2m_simple_group_get_curve, + ec_GF2m_simple_group_get_degree, + ec_GF2m_simple_group_check_discriminant, + ec_GF2m_simple_point_init, + ec_GF2m_simple_point_finish, + ec_GF2m_simple_point_clear_finish, + ec_GF2m_simple_point_copy, + ec_GF2m_simple_point_set_to_infinity, + 0 /* set_Jprojective_coordinates_GFp */, + 0 /* get_Jprojective_coordinates_GFp */, + ec_GF2m_simple_point_set_affine_coordinates, + ec_GF2m_simple_point_get_affine_coordinates, + ec_GF2m_simple_set_compressed_coordinates, + ec_GF2m_simple_point2oct, + ec_GF2m_simple_oct2point, + ec_GF2m_simple_add, + ec_GF2m_simple_dbl, + ec_GF2m_simple_invert, + ec_GF2m_simple_is_at_infinity, + ec_GF2m_simple_is_on_curve, + ec_GF2m_simple_cmp, + ec_GF2m_simple_make_affine, + ec_GF2m_simple_points_make_affine, + + /* the following three method functions are defined in ec2_mult.c */ + ec_GF2m_simple_mul, + ec_GF2m_precompute_mult, + ec_GF2m_have_precompute_mult, + + ec_GF2m_simple_field_mul, + ec_GF2m_simple_field_sqr, + ec_GF2m_simple_field_div, + 0 /* field_encode */, + 0 /* field_decode */, + 0 /* field_set_to_one */ }; + + return &ret; + } + + +/* Initialize a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_new. + */ +int ec_GF2m_simple_group_init(EC_GROUP *group) + { + BN_init(&group->field); + BN_init(&group->a); + BN_init(&group->b); + return 1; + } + + +/* Free a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_free. + */ +void ec_GF2m_simple_group_finish(EC_GROUP *group) + { + BN_free(&group->field); + BN_free(&group->a); + BN_free(&group->b); + } + + +/* Clear and free a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_clear_free. + */ +void ec_GF2m_simple_group_clear_finish(EC_GROUP *group) + { + BN_clear_free(&group->field); + BN_clear_free(&group->a); + BN_clear_free(&group->b); + group->poly[0] = 0; + group->poly[1] = 0; + group->poly[2] = 0; + group->poly[3] = 0; + group->poly[4] = 0; + } + + +/* Copy a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_copy. + */ +int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) + { + int i; + if (!BN_copy(&dest->field, &src->field)) return 0; + if (!BN_copy(&dest->a, &src->a)) return 0; + if (!BN_copy(&dest->b, &src->b)) return 0; + dest->poly[0] = src->poly[0]; + dest->poly[1] = src->poly[1]; + dest->poly[2] = src->poly[2]; + dest->poly[3] = src->poly[3]; + dest->poly[4] = src->poly[4]; + bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; + for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; + return 1; + } + + +/* Set the curve parameters of an EC_GROUP structure. */ +int ec_GF2m_simple_group_set_curve(EC_GROUP *group, + const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + int ret = 0, i; + + /* group->field */ + if (!BN_copy(&group->field, p)) goto err; + i = BN_GF2m_poly2arr(&group->field, group->poly, 5); + if ((i != 5) && (i != 3)) + { + ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); + goto err; + } + + /* group->a */ + if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; + bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; + + /* group->b */ + if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; + bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; + + ret = 1; + err: + return ret; + } + + +/* Get the curve parameters of an EC_GROUP structure. + * If p, a, or b are NULL then there values will not be set but the method will return with success. + */ +int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) + { + int ret = 0; + + if (p != NULL) + { + if (!BN_copy(p, &group->field)) return 0; + } + + if (a != NULL) + { + if (!BN_copy(a, &group->a)) goto err; + } + + if (b != NULL) + { + if (!BN_copy(b, &group->b)) goto err; + } + + ret = 1; + + err: + return ret; + } + + +/* Gets the degree of the field. For a curve over GF(2^m) this is the value m. */ +int ec_GF2m_simple_group_get_degree(const EC_GROUP *group) + { + return BN_num_bits(&group->field)-1; + } + + +/* Checks the discriminant of the curve. + * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) + */ +int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) + { + int ret = 0; + BIGNUM *b; + BN_CTX *new_ctx = NULL; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + { + ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); + goto err; + } + } + BN_CTX_start(ctx); + b = BN_CTX_get(ctx); + if (b == NULL) goto err; + + if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err; + + /* check the discriminant: + * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) + */ + if (BN_is_zero(b)) goto err; + + ret = 1; + +err: + if (ctx != NULL) + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } + + +/* Initializes an EC_POINT. */ +int ec_GF2m_simple_point_init(EC_POINT *point) + { + BN_init(&point->X); + BN_init(&point->Y); + BN_init(&point->Z); + return 1; + } + + +/* Frees an EC_POINT. */ +void ec_GF2m_simple_point_finish(EC_POINT *point) + { + BN_free(&point->X); + BN_free(&point->Y); + BN_free(&point->Z); + } + + +/* Clears and frees an EC_POINT. */ +void ec_GF2m_simple_point_clear_finish(EC_POINT *point) + { + BN_clear_free(&point->X); + BN_clear_free(&point->Y); + BN_clear_free(&point->Z); + point->Z_is_one = 0; + } + + +/* Copy the contents of one EC_POINT into another. Assumes dest is initialized. */ +int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) + { + if (!BN_copy(&dest->X, &src->X)) return 0; + if (!BN_copy(&dest->Y, &src->Y)) return 0; + if (!BN_copy(&dest->Z, &src->Z)) return 0; + dest->Z_is_one = src->Z_is_one; + + return 1; + } + + +/* Set an EC_POINT to the point at infinity. + * A point at infinity is represented by having Z=0. + */ +int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) + { + point->Z_is_one = 0; + BN_zero(&point->Z); + return 1; + } + + +/* Set the coordinates of an EC_POINT using affine coordinates. + * Note that the simple implementation only uses affine coordinates. + */ +int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) + { + int ret = 0; + if (x == NULL || y == NULL) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!BN_copy(&point->X, x)) goto err; + BN_set_negative(&point->X, 0); + if (!BN_copy(&point->Y, y)) goto err; + BN_set_negative(&point->Y, 0); + if (!BN_copy(&point->Z, BN_value_one())) goto err; + BN_set_negative(&point->Z, 0); + point->Z_is_one = 1; + ret = 1; + + err: + return ret; + } + + +/* Gets the affine coordinates of an EC_POINT. + * Note that the simple implementation only uses affine coordinates. + */ +int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) + { + int ret = 0; + + if (EC_POINT_is_at_infinity(group, point)) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); + return 0; + } + + if (BN_cmp(&point->Z, BN_value_one())) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (x != NULL) + { + if (!BN_copy(x, &point->X)) goto err; + BN_set_negative(x, 0); + } + if (y != NULL) + { + if (!BN_copy(y, &point->Y)) goto err; + BN_set_negative(y, 0); + } + ret = 1; + + err: + return ret; + } + + +/* Include patented algorithms. */ +#include "ec2_smpt.c" + + +/* Converts an EC_POINT to an octet string. + * If buf is NULL, the encoded length will be returned. + * If the length len of buf is smaller than required an error will be returned. + * + * The point compression section of this function is patented by Certicom Corp. + * under US Patent 6,141,420. Point compression is disabled by default and can + * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at + * Configure-time. + */ +size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx) + { + size_t ret; + BN_CTX *new_ctx = NULL; + int used_ctx = 0; + BIGNUM *x, *y, *yxi; + size_t field_len, i, skip; + +#ifndef OPENSSL_EC_BIN_PT_COMP + if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID)) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED); + goto err; + } +#endif + + if ((form != POINT_CONVERSION_COMPRESSED) + && (form != POINT_CONVERSION_UNCOMPRESSED) + && (form != POINT_CONVERSION_HYBRID)) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); + goto err; + } + + if (EC_POINT_is_at_infinity(group, point)) + { + /* encodes to a single 0 octet */ + if (buf != NULL) + { + if (len < 1) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); + return 0; + } + buf[0] = 0; + } + return 1; + } + + + /* ret := required output buffer length */ + field_len = (EC_GROUP_get_degree(group) + 7) / 8; + ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; + + /* if 'buf' is NULL, just return required length */ + if (buf != NULL) + { + if (len < ret) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); + goto err; + } + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + BN_CTX_start(ctx); + used_ctx = 1; + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + yxi = BN_CTX_get(ctx); + if (yxi == NULL) goto err; + + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; + + buf[0] = form; +#ifdef OPENSSL_EC_BIN_PT_COMP + if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) + { + if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; + if (BN_is_odd(yxi)) buf[0]++; + } +#endif + + i = 1; + + skip = field_len - BN_num_bytes(x); + if (skip > field_len) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); + goto err; + } + while (skip > 0) + { + buf[i++] = 0; + skip--; + } + skip = BN_bn2bin(x, buf + i); + i += skip; + if (i != 1 + field_len) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) + { + skip = field_len - BN_num_bytes(y); + if (skip > field_len) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); + goto err; + } + while (skip > 0) + { + buf[i++] = 0; + skip--; + } + skip = BN_bn2bin(y, buf + i); + i += skip; + } + + if (i != ret) + { + ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (used_ctx) + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + + err: + if (used_ctx) + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return 0; + } + + +/* Converts an octet string representation to an EC_POINT. + * Note that the simple implementation only uses affine coordinates. + */ +int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, + const unsigned char *buf, size_t len, BN_CTX *ctx) + { + point_conversion_form_t form; + int y_bit; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y, *yxi; + size_t field_len, enc_len; + int ret = 0; + + if (len == 0) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); + return 0; + } + form = buf[0]; + y_bit = form & 1; + form = form & ~1U; + if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) + && (form != POINT_CONVERSION_UNCOMPRESSED) + && (form != POINT_CONVERSION_HYBRID)) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + return 0; + } + if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + return 0; + } + + if (form == 0) + { + if (len != 1) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + return 0; + } + + return EC_POINT_set_to_infinity(group, point); + } + + field_len = (EC_GROUP_get_degree(group) + 7) / 8; + enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; + + if (len != enc_len) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + return 0; + } + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + BN_CTX_start(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + yxi = BN_CTX_get(ctx); + if (yxi == NULL) goto err; + + if (!BN_bin2bn(buf + 1, field_len, x)) goto err; + if (BN_ucmp(x, &group->field) >= 0) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + goto err; + } + + if (form == POINT_CONVERSION_COMPRESSED) + { + if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err; + } + else + { + if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; + if (BN_ucmp(y, &group->field) >= 0) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + goto err; + } + if (form == POINT_CONVERSION_HYBRID) + { + if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; + if (y_bit != BN_is_odd(yxi)) + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); + goto err; + } + } + + if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; + } + + if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ + { + ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + + ret = 1; + + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } + + +/* Computes a + b and stores the result in r. r could be a or b, a could be b. + * Uses algorithm A.10.2 of IEEE P1363. + */ +int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; + BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; + int ret = 0; + + if (EC_POINT_is_at_infinity(group, a)) + { + if (!EC_POINT_copy(r, b)) return 0; + return 1; + } + + if (EC_POINT_is_at_infinity(group, b)) + { + if (!EC_POINT_copy(r, a)) return 0; + return 1; + } + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + BN_CTX_start(ctx); + x0 = BN_CTX_get(ctx); + y0 = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + y1 = BN_CTX_get(ctx); + x2 = BN_CTX_get(ctx); + y2 = BN_CTX_get(ctx); + s = BN_CTX_get(ctx); + t = BN_CTX_get(ctx); + if (t == NULL) goto err; + + if (a->Z_is_one) + { + if (!BN_copy(x0, &a->X)) goto err; + if (!BN_copy(y0, &a->Y)) goto err; + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err; + } + if (b->Z_is_one) + { + if (!BN_copy(x1, &b->X)) goto err; + if (!BN_copy(y1, &b->Y)) goto err; + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err; + } + + + if (BN_GF2m_cmp(x0, x1)) + { + if (!BN_GF2m_add(t, x0, x1)) goto err; + if (!BN_GF2m_add(s, y0, y1)) goto err; + if (!group->meth->field_div(group, s, s, t, ctx)) goto err; + if (!group->meth->field_sqr(group, x2, s, ctx)) goto err; + if (!BN_GF2m_add(x2, x2, &group->a)) goto err; + if (!BN_GF2m_add(x2, x2, s)) goto err; + if (!BN_GF2m_add(x2, x2, t)) goto err; + } + else + { + if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) + { + if (!EC_POINT_set_to_infinity(group, r)) goto err; + ret = 1; + goto err; + } + if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err; + if (!BN_GF2m_add(s, s, x1)) goto err; + + if (!group->meth->field_sqr(group, x2, s, ctx)) goto err; + if (!BN_GF2m_add(x2, x2, s)) goto err; + if (!BN_GF2m_add(x2, x2, &group->a)) goto err; + } + + if (!BN_GF2m_add(y2, x1, x2)) goto err; + if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err; + if (!BN_GF2m_add(y2, y2, x2)) goto err; + if (!BN_GF2m_add(y2, y2, y1)) goto err; + + if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } + + +/* Computes 2 * a and stores the result in r. r could be a. + * Uses algorithm A.10.2 of IEEE P1363. + */ +int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) + { + return ec_GF2m_simple_add(group, r, a, a, ctx); + } + + +int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) + { + if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) + /* point is its own inverse */ + return 1; + + if (!EC_POINT_make_affine(group, point, ctx)) return 0; + return BN_GF2m_add(&point->Y, &point->X, &point->Y); + } + + +/* Indicates whether the given point is the point at infinity. */ +int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) + { + return BN_is_zero(&point->Z); + } + + +/* Determines whether the given EC_POINT is an actual point on the curve defined + * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation: + * y^2 + x*y = x^3 + a*x^2 + b. + */ +int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) + { + int ret = -1; + BN_CTX *new_ctx = NULL; + BIGNUM *lh, *y2; + int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + + if (EC_POINT_is_at_infinity(group, point)) + return 1; + + field_mul = group->meth->field_mul; + field_sqr = group->meth->field_sqr; + + /* only support affine coordinates */ + if (!point->Z_is_one) goto err; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return -1; + } + + BN_CTX_start(ctx); + y2 = BN_CTX_get(ctx); + lh = BN_CTX_get(ctx); + if (lh == NULL) goto err; + + /* We have a curve defined by a Weierstrass equation + * y^2 + x*y = x^3 + a*x^2 + b. + * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 + * <=> ((x + a) * x + y ) * x + b + y^2 = 0 + */ + if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err; + if (!field_mul(group, lh, lh, &point->X, ctx)) goto err; + if (!BN_GF2m_add(lh, lh, &point->Y)) goto err; + if (!field_mul(group, lh, lh, &point->X, ctx)) goto err; + if (!BN_GF2m_add(lh, lh, &group->b)) goto err; + if (!field_sqr(group, y2, &point->Y, ctx)) goto err; + if (!BN_GF2m_add(lh, lh, y2)) goto err; + ret = BN_is_zero(lh); + err: + if (ctx) BN_CTX_end(ctx); + if (new_ctx) BN_CTX_free(new_ctx); + return ret; + } + + +/* Indicates whether two points are equal. + * Return values: + * -1 error + * 0 equal (in affine coordinates) + * 1 not equal + */ +int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) + { + BIGNUM *aX, *aY, *bX, *bY; + BN_CTX *new_ctx = NULL; + int ret = -1; + + if (EC_POINT_is_at_infinity(group, a)) + { + return EC_POINT_is_at_infinity(group, b) ? 0 : 1; + } + + if (a->Z_is_one && b->Z_is_one) + { + return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; + } + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return -1; + } + + BN_CTX_start(ctx); + aX = BN_CTX_get(ctx); + aY = BN_CTX_get(ctx); + bX = BN_CTX_get(ctx); + bY = BN_CTX_get(ctx); + if (bY == NULL) goto err; + + if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err; + if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err; + ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; + + err: + if (ctx) BN_CTX_end(ctx); + if (new_ctx) BN_CTX_free(new_ctx); + return ret; + } + + +/* Forces the given EC_POINT to internally use affine coordinates. */ +int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y; + int ret = 0; + + if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) + return 1; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + BN_CTX_start(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + if (y == NULL) goto err; + + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; + if (!BN_copy(&point->X, x)) goto err; + if (!BN_copy(&point->Y, y)) goto err; + if (!BN_one(&point->Z)) goto err; + + ret = 1; + + err: + if (ctx) BN_CTX_end(ctx); + if (new_ctx) BN_CTX_free(new_ctx); + return ret; + } + + +/* Forces each of the EC_POINTs in the given array to use affine coordinates. */ +int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) + { + size_t i; + + for (i = 0; i < num; i++) + { + if (!group->meth->make_affine(group, points[i], ctx)) return 0; + } + + return 1; + } + + +/* Wrapper to simple binary polynomial field multiplication implementation. */ +int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); + } + + +/* Wrapper to simple binary polynomial field squaring implementation. */ +int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) + { + return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); + } + + +/* Wrapper to simple binary polynomial field division implementation. */ +int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + return BN_GF2m_mod_div(r, a, b, &group->field, ctx); + } diff --git a/crypto/openssl/crypto/ec/ec2_smpt.c b/crypto/openssl/crypto/ec/ec2_smpt.c new file mode 100644 index 0000000..72a8d57 --- /dev/null +++ b/crypto/openssl/crypto/ec/ec2_smpt.c @@ -0,0 +1,141 @@ +/* crypto/ec/ec2_smpt.c */ +/* This code was originally written by Douglas Stebila + * for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +/* Calaculates and sets the affine coordinates of an EC_POINT from the given + * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. + * Note that the simple implementation only uses affine coordinates. + * + * This algorithm is patented by Certicom Corp. under US Patent 6,141,420 + * (for licensing information, contact licensing@certicom.com). + * This function is disabled by default and can be enabled by defining the + * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. + */ +int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x_, int y_bit, BN_CTX *ctx) + { +#ifndef OPENSSL_EC_BIN_PT_COMP + ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED); + return 0; +#else + BN_CTX *new_ctx = NULL; + BIGNUM *tmp, *x, *y, *z; + int ret = 0, z0; + + /* clear error queue */ + ERR_clear_error(); + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + y_bit = (y_bit != 0) ? 1 : 0; + + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + if (z == NULL) goto err; + + if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err; + if (BN_is_zero(x)) + { + if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err; + } + else + { + if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err; + if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err; + if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err; + if (!BN_GF2m_add(tmp, x, tmp)) goto err; + if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) + { + unsigned long err = ERR_peek_last_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) + { + ERR_clear_error(); + ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); + } + else + ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); + goto err; + } + z0 = (BN_is_odd(z)) ? 1 : 0; + if (!group->meth->field_mul(group, y, x, z, ctx)) goto err; + if (z0 != y_bit) + { + if (!BN_GF2m_add(y, y, x)) goto err; + } + } + + if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; +#endif + } diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c new file mode 100644 index 0000000..dec913b --- /dev/null +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -0,0 +1,1379 @@ +/* crypto/ec/ec_asn1.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "ec_lcl.h" +#include +#include +#include + + +int EC_GROUP_get_basis_type(const EC_GROUP *group) + { + int i=0; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_characteristic_two_field) + /* everything else is currently not supported */ + return 0; + + while (group->poly[i] != 0) + i++; + + if (i == 4) + return NID_X9_62_ppBasis; + else if (i == 2) + return NID_X9_62_tpBasis; + else + /* everything else is currently not supported */ + return 0; + } + +int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) + { + if (group == NULL) + return 0; + + if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve + || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) + { + ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + if (k) + *k = group->poly[1]; + + return 1; + } + +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, + unsigned int *k2, unsigned int *k3) + { + if (group == NULL) + return 0; + + if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve + || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) + { + ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + if (k1) + *k1 = group->poly[3]; + if (k2) + *k2 = group->poly[2]; + if (k3) + *k3 = group->poly[1]; + + return 1; + } + + + +/* some structures needed for the asn1 encoding */ +typedef struct x9_62_pentanomial_st { + long k1; + long k2; + long k3; + } X9_62_PENTANOMIAL; + +typedef struct x9_62_characteristic_two_st { + long m; + ASN1_OBJECT *type; + union { + char *ptr; + /* NID_X9_62_onBasis */ + ASN1_NULL *onBasis; + /* NID_X9_62_tpBasis */ + ASN1_INTEGER *tpBasis; + /* NID_X9_62_ppBasis */ + X9_62_PENTANOMIAL *ppBasis; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_CHARACTERISTIC_TWO; + +typedef struct x9_62_fieldid_st { + ASN1_OBJECT *fieldType; + union { + char *ptr; + /* NID_X9_62_prime_field */ + ASN1_INTEGER *prime; + /* NID_X9_62_characteristic_two_field */ + X9_62_CHARACTERISTIC_TWO *char_two; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_FIELDID; + +typedef struct x9_62_curve_st { + ASN1_OCTET_STRING *a; + ASN1_OCTET_STRING *b; + ASN1_BIT_STRING *seed; + } X9_62_CURVE; + +typedef struct ec_parameters_st { + long version; + X9_62_FIELDID *fieldID; + X9_62_CURVE *curve; + ASN1_OCTET_STRING *base; + ASN1_INTEGER *order; + ASN1_INTEGER *cofactor; + } ECPARAMETERS; + +struct ecpk_parameters_st { + int type; + union { + ASN1_OBJECT *named_curve; + ECPARAMETERS *parameters; + ASN1_NULL *implicitlyCA; + } value; + }/* ECPKPARAMETERS */; + +/* SEC1 ECPrivateKey */ +typedef struct ec_privatekey_st { + long version; + ASN1_OCTET_STRING *privateKey; + ECPKPARAMETERS *parameters; + ASN1_BIT_STRING *publicKey; + } EC_PRIVATEKEY; + +/* the OpenSSL ASN.1 definitions */ +ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { + ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), + ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), + ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) +} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) + +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) + +ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { + ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), + ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) +} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); + +ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) +} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) + +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) + +ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_FIELDID) = { + ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) +} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); + +ASN1_SEQUENCE(X9_62_FIELDID) = { + ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_FIELDID) +} ASN1_SEQUENCE_END(X9_62_FIELDID) + +ASN1_SEQUENCE(X9_62_CURVE) = { + ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), + ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), + ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(X9_62_CURVE) + +ASN1_SEQUENCE(ECPARAMETERS) = { + ASN1_SIMPLE(ECPARAMETERS, version, LONG), + ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), + ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), + ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), + ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), + ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) +} ASN1_SEQUENCE_END(ECPARAMETERS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +ASN1_CHOICE(ECPKPARAMETERS) = { + ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), + ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), + ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) +} ASN1_CHOICE_END(ECPKPARAMETERS) + +DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) +IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) + +ASN1_SEQUENCE(EC_PRIVATEKEY) = { + ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), + ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), + ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), + ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) +} ASN1_SEQUENCE_END(EC_PRIVATEKEY) + +DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY) +IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) + +/* some declarations of internal function */ + +/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ +static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ +static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +/* ec_asn1_parameters2group() creates a EC_GROUP object from a + * ECPARAMETERS object */ +static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); +/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a + * EC_GROUP object */ +static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *); +/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a + * ECPKPARAMETERS object */ +static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); +/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a + * EC_GROUP object */ +static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, + ECPKPARAMETERS *); + + +/* the function definitions */ + +static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) + { + int ok=0, nid; + BIGNUM *tmp = NULL; + + if (group == NULL || field == NULL) + return 0; + + /* clear the old values (if necessary) */ + if (field->fieldType != NULL) + ASN1_OBJECT_free(field->fieldType); + if (field->p.other != NULL) + ASN1_TYPE_free(field->p.other); + + nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + /* set OID for the field */ + if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); + goto err; + } + + if (nid == NID_X9_62_prime_field) + { + if ((tmp = BN_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } + /* the parameters are specified by the prime number p */ + if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); + goto err; + } + /* set the prime number */ + field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); + if (field->p.prime == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); + goto err; + } + } + else /* nid == NID_X9_62_characteristic_two_field */ + { + int field_type; + X9_62_CHARACTERISTIC_TWO *char_two; + + field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); + char_two = field->p.char_two; + + if (char_two == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } + + char_two->m = (long)EC_GROUP_get_degree(group); + + field_type = EC_GROUP_get_basis_type(group); + + if (field_type == 0) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); + goto err; + } + /* set base type OID */ + if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); + goto err; + } + + if (field_type == NID_X9_62_tpBasis) + { + unsigned int k; + + if (!EC_GROUP_get_trinomial_basis(group, &k)) + goto err; + + char_two->p.tpBasis = ASN1_INTEGER_new(); + if (!char_two->p.tpBasis) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, + ERR_R_ASN1_LIB); + goto err; + } + } + else if (field_type == NID_X9_62_ppBasis) + { + unsigned int k1, k2, k3; + + if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) + goto err; + + char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); + if (!char_two->p.ppBasis) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* set k? values */ + char_two->p.ppBasis->k1 = (long)k1; + char_two->p.ppBasis->k2 = (long)k2; + char_two->p.ppBasis->k3 = (long)k3; + } + else /* field_type == NID_X9_62_onBasis */ + { + /* for ONB the parameters are (asn1) NULL */ + char_two->p.onBasis = ASN1_NULL_new(); + if (!char_two->p.onBasis) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } + } + } + + ok = 1; + +err : if (tmp) + BN_free(tmp); + return(ok); +} + +static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) + { + int ok=0, nid; + BIGNUM *tmp_1=NULL, *tmp_2=NULL; + unsigned char *buffer_1=NULL, *buffer_2=NULL, + *a_buf=NULL, *b_buf=NULL; + size_t len_1, len_2; + unsigned char char_zero = 0; + + if (!group || !curve || !curve->a || !curve->b) + return 0; + + if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; + } + + nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + + /* get a and b */ + if (nid == NID_X9_62_prime_field) + { + if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); + goto err; + } + } + else /* nid == NID_X9_62_characteristic_two_field */ + { + if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); + goto err; + } + } + + len_1 = (size_t)BN_num_bytes(tmp_1); + len_2 = (size_t)BN_num_bytes(tmp_2); + + if (len_1 == 0) + { + /* len_1 == 0 => a == 0 */ + a_buf = &char_zero; + len_1 = 1; + } + else + { + if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, + ERR_R_MALLOC_FAILURE); + goto err; + } + if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); + goto err; + } + a_buf = buffer_1; + } + + if (len_2 == 0) + { + /* len_2 == 0 => b == 0 */ + b_buf = &char_zero; + len_2 = 1; + } + else + { + if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, + ERR_R_MALLOC_FAILURE); + goto err; + } + if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); + goto err; + } + b_buf = buffer_2; + } + + /* set a and b */ + if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || + !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); + goto err; + } + + /* set the seed (optional) */ + if (group->seed) + { + if (!curve->seed) + if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_BIT_STRING_set(curve->seed, group->seed, + (int)group->seed_len)) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); + goto err; + } + } + else + { + if (curve->seed) + { + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; + } + } + + ok = 1; + +err: if (buffer_1) + OPENSSL_free(buffer_1); + if (buffer_2) + OPENSSL_free(buffer_2); + if (tmp_1) + BN_free(tmp_1); + if (tmp_2) + BN_free(tmp_2); + return(ok); + } + +static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, + ECPARAMETERS *param) + { + int ok=0; + size_t len=0; + ECPARAMETERS *ret=NULL; + BIGNUM *tmp=NULL; + unsigned char *buffer=NULL; + const EC_POINT *point=NULL; + point_conversion_form_t form; + + if ((tmp = BN_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (param == NULL) + { + if ((ret = ECPARAMETERS_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, + ERR_R_MALLOC_FAILURE); + goto err; + } + } + else + ret = param; + + /* set the version (always one) */ + ret->version = (long)0x1; + + /* set the fieldID */ + if (!ec_asn1_group2fieldid(group, ret->fieldID)) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); + goto err; + } + + /* set the curve */ + if (!ec_asn1_group2curve(group, ret->curve)) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); + goto err; + } + + /* set the base point */ + if ((point = EC_GROUP_get0_generator(group)) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); + goto err; + } + + form = EC_GROUP_get_point_conversion_form(group); + + len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); + if (len == 0) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); + goto err; + } + if ((buffer = OPENSSL_malloc(len)) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); + goto err; + } + if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); + goto err; + } + + /* set the order */ + if (!EC_GROUP_get_order(group, tmp, NULL)) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); + goto err; + } + ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); + if (ret->order == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); + goto err; + } + + /* set the cofactor (optional) */ + if (EC_GROUP_get_cofactor(group, tmp, NULL)) + { + ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + if (ret->cofactor == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); + goto err; + } + } + + ok = 1; + +err : if(!ok) + { + if (ret && !param) + ECPARAMETERS_free(ret); + ret = NULL; + } + if (tmp) + BN_free(tmp); + if (buffer) + OPENSSL_free(buffer); + return(ret); + } + +ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params) + { + int ok = 1, tmp; + ECPKPARAMETERS *ret = params; + + if (ret == NULL) + { + if ((ret = ECPKPARAMETERS_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, + ERR_R_MALLOC_FAILURE); + return NULL; + } + } + else + { + if (ret->type == 0 && ret->value.named_curve) + ASN1_OBJECT_free(ret->value.named_curve); + else if (ret->type == 1 && ret->value.parameters) + ECPARAMETERS_free(ret->value.parameters); + } + + if (EC_GROUP_get_asn1_flag(group)) + { + /* use the asn1 OID to describe the + * the elliptic curve parameters + */ + tmp = EC_GROUP_get_curve_name(group); + if (tmp) + { + ret->type = 0; + if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ok = 0; + } + else + /* we don't kmow the nid => ERROR */ + ok = 0; + } + else + { + /* use the ECPARAMETERS structure */ + ret->type = 1; + if ((ret->value.parameters = ec_asn1_group2parameters( + group, NULL)) == NULL) + ok = 0; + } + + if (!ok) + { + ECPKPARAMETERS_free(ret); + return NULL; + } + return ret; + } + +static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) + { + int ok = 0, tmp; + EC_GROUP *ret = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + EC_POINT *point=NULL; + + if (!params->fieldID || !params->fieldID->fieldType || + !params->fieldID->p.ptr) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + + /* now extract the curve parameters a and b */ + if (!params->curve || !params->curve->a || + !params->curve->a->data || !params->curve->b || + !params->curve->b->data) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); + if (a == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); + goto err; + } + b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); + if (b == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); + goto err; + } + + /* get the field parameters */ + tmp = OBJ_obj2nid(params->fieldID->fieldType); + + if (tmp == NID_X9_62_characteristic_two_field) + { + X9_62_CHARACTERISTIC_TWO *char_two; + + char_two = params->fieldID->p.char_two; + + if ((p = BN_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* get the base type */ + tmp = OBJ_obj2nid(char_two->type); + + if (tmp == NID_X9_62_tpBasis) + { + long tmp_long; + + if (!char_two->p.tpBasis) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + + tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); + /* create the polynomial */ + if (!BN_set_bit(p, (int)char_two->m)) + goto err; + if (!BN_set_bit(p, (int)tmp_long)) + goto err; + if (!BN_set_bit(p, 0)) + goto err; + } + else if (tmp == NID_X9_62_ppBasis) + { + X9_62_PENTANOMIAL *penta; + + penta = char_two->p.ppBasis; + if (!penta) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + /* create the polynomial */ + if (!BN_set_bit(p, (int)char_two->m)) goto err; + if (!BN_set_bit(p, (int)penta->k1)) goto err; + if (!BN_set_bit(p, (int)penta->k2)) goto err; + if (!BN_set_bit(p, (int)penta->k3)) goto err; + if (!BN_set_bit(p, 0)) goto err; + } + else if (tmp == NID_X9_62_onBasis) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); + goto err; + } + else /* error */ + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + + /* create the EC_GROUP structure */ + ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); + } + else if (tmp == NID_X9_62_prime_field) + { + /* we have a curve over a prime field */ + /* extract the prime number */ + if (!params->fieldID->p.prime) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); + if (p == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + /* create the EC_GROUP structure */ + ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); + } + else + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); + goto err; + } + + if (ret == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); + goto err; + } + + /* extract seed (optional) */ + if (params->curve->seed != NULL) + { + if (ret->seed != NULL) + OPENSSL_free(ret->seed); + if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, + ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(ret->seed, params->curve->seed->data, + params->curve->seed->length); + ret->seed_len = params->curve->seed->length; + } + + if (!params->order || !params->base || !params->base->data) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } + + if ((point = EC_POINT_new(ret)) == NULL) goto err; + + /* set the point conversion form */ + EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) + (params->base->data[0] & ~0x01)); + + /* extract the ec point */ + if (!EC_POINT_oct2point(ret, point, params->base->data, + params->base->length, NULL)) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); + goto err; + } + + /* extract the order */ + if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + + /* extract the cofactor (optional) */ + if (params->cofactor == NULL) + { + if (b) + { + BN_free(b); + b = NULL; + } + } + else + if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + /* set the generator, order and cofactor (if present) */ + if (!EC_GROUP_set_generator(ret, point, a, b)) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); + goto err; + } + + ok = 1; + +err: if (!ok) + { + if (ret) + EC_GROUP_clear_free(ret); + ret = NULL; + } + + if (p) + BN_free(p); + if (a) + BN_free(a); + if (b) + BN_free(b); + if (point) + EC_POINT_free(point); + return(ret); +} + +EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) + { + EC_GROUP *ret=NULL; + int tmp=0; + + if (params == NULL) + { + ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, + EC_R_MISSING_PARAMETERS); + return NULL; + } + + if (params->type == 0) + { /* the curve is given by an OID */ + tmp = OBJ_obj2nid(params->value.named_curve); + if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) + { + ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, + EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); + return NULL; + } + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); + } + else if (params->type == 1) + { /* the parameters are given by a ECPARAMETERS + * structure */ + ret = ec_asn1_parameters2group(params->value.parameters); + if (!ret) + { + ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); + return NULL; + } + EC_GROUP_set_asn1_flag(ret, 0x0); + } + else if (params->type == 2) + { /* implicitlyCA */ + return NULL; + } + else + { + ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); + return NULL; + } + + return ret; + } + +/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) + { + EC_GROUP *group = NULL; + ECPKPARAMETERS *params = NULL; + + if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) + { + ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); + ECPKPARAMETERS_free(params); + return NULL; + } + + if ((group = ec_asn1_pkparameters2group(params)) == NULL) + { + ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); + return NULL; + } + + + if (a && *a) + EC_GROUP_clear_free(*a); + if (a) + *a = group; + + ECPKPARAMETERS_free(params); + return(group); + } + +int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) + { + int ret=0; + ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); + if (tmp == NULL) + { + ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); + return 0; + } + if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) + { + ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); + ECPKPARAMETERS_free(tmp); + return 0; + } + ECPKPARAMETERS_free(tmp); + return(ret); + } + +/* some EC_KEY functions */ + +EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) + { + int ok=0; + EC_KEY *ret=NULL; + EC_PRIVATEKEY *priv_key=NULL; + + if ((priv_key = EC_PRIVATEKEY_new()) == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + EC_PRIVATEKEY_free(priv_key); + return NULL; + } + + if (a == NULL || *a == NULL) + { + if ((ret = EC_KEY_new()) == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (a) + *a = ret; + } + else + ret = *a; + + if (priv_key->parameters) + { + if (ret->group) + EC_GROUP_clear_free(ret->group); + ret->group = ec_asn1_pkparameters2group(priv_key->parameters); + } + + if (ret->group == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + + ret->version = priv_key->version; + + if (priv_key->privateKey) + { + ret->priv_key = BN_bin2bn( + M_ASN1_STRING_data(priv_key->privateKey), + M_ASN1_STRING_length(priv_key->privateKey), + ret->priv_key); + if (ret->priv_key == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, + ERR_R_BN_LIB); + goto err; + } + } + else + { + ECerr(EC_F_D2I_ECPRIVATEKEY, + EC_R_MISSING_PRIVATE_KEY); + goto err; + } + + if (priv_key->publicKey) + { + const unsigned char *pub_oct; + size_t pub_oct_len; + + if (ret->pub_key) + EC_POINT_clear_free(ret->pub_key); + ret->pub_key = EC_POINT_new(ret->group); + if (ret->pub_key == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + pub_oct = M_ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); + if (!EC_POINT_oct2point(ret->group, ret->pub_key, + pub_oct, pub_oct_len, NULL)) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + } + + ok = 1; +err: + if (!ok) + { + if (ret) + EC_KEY_free(ret); + ret = NULL; + } + + if (priv_key) + EC_PRIVATEKEY_free(priv_key); + + return(ret); + } + +int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) + { + int ret=0, ok=0; + unsigned char *buffer=NULL; + size_t buf_len=0, tmp_len; + EC_PRIVATEKEY *priv_key=NULL; + + if (a == NULL || a->group == NULL || a->priv_key == NULL) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, + ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + + if ((priv_key = EC_PRIVATEKEY_new()) == NULL) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + priv_key->version = a->version; + + buf_len = (size_t)BN_num_bytes(a->priv_key); + buffer = OPENSSL_malloc(buf_len); + if (buffer == NULL) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!BN_bn2bin(a->priv_key, buffer)) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); + goto err; + } + + if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); + goto err; + } + + if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) + { + if ((priv_key->parameters = ec_asn1_group2pkparameters( + a->group, priv_key->parameters)) == NULL) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + } + + if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) + { + priv_key->publicKey = M_ASN1_BIT_STRING_new(); + if (priv_key->publicKey == NULL) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + tmp_len = EC_POINT_point2oct(a->group, a->pub_key, + a->conv_form, NULL, 0, NULL); + + if (tmp_len > buf_len) + { + unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); + if (!tmp_buffer) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); + goto err; + } + buffer = tmp_buffer; + buf_len = tmp_len; + } + + if (!EC_POINT_point2oct(a->group, a->pub_key, + a->conv_form, buffer, buf_len, NULL)) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + + if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, + buf_len)) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); + goto err; + } + } + + if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) + { + ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + ok=1; +err: + if (buffer) + OPENSSL_free(buffer); + if (priv_key) + EC_PRIVATEKEY_free(priv_key); + return(ok?ret:0); + } + +int i2d_ECParameters(EC_KEY *a, unsigned char **out) + { + if (a == NULL) + { + ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return i2d_ECPKParameters(a->group, out); + } + +EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) + { + EC_KEY *ret; + + if (in == NULL || *in == NULL) + { + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + if (a == NULL || *a == NULL) + { + if ((ret = EC_KEY_new()) == NULL) + { + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (a) + *a = ret; + } + else + ret = *a; + + if (!d2i_ECPKParameters(&ret->group, in, len)) + { + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + return NULL; + } + + return ret; + } + +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) + { + EC_KEY *ret=NULL; + + if (a == NULL || (*a) == NULL || (*a)->group == NULL) + { + /* sorry, but a EC_GROUP-structur is necessary + * to set the public key */ + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ret = *a; + if (ret->pub_key == NULL && + (ret->pub_key = EC_POINT_new(ret->group)) == NULL) + { + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) + { + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); + return 0; + } + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); + *in += len; + return ret; + } + +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) + { + size_t buf_len=0; + int new_buffer = 0; + + if (a == NULL) + { + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + buf_len = EC_POINT_point2oct(a->group, a->pub_key, + a->conv_form, NULL, 0, NULL); + + if (out == NULL || buf_len == 0) + /* out == NULL => just return the length of the octet string */ + return buf_len; + + if (*out == NULL) + { + if ((*out = OPENSSL_malloc(buf_len)) == NULL) + { + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); + return 0; + } + new_buffer = 1; + } + if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, + *out, buf_len, NULL)) + { + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); + OPENSSL_free(*out); + *out = NULL; + return 0; + } + if (!new_buffer) + *out += buf_len; + return buf_len; + } diff --git a/crypto/openssl/crypto/ec/ec_check.c b/crypto/openssl/crypto/ec/ec_check.c new file mode 100644 index 0000000..0e316b4 --- /dev/null +++ b/crypto/openssl/crypto/ec/ec_check.c @@ -0,0 +1,123 @@ +/* crypto/ec/ec_check.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ec_lcl.h" +#include + +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) + { + int ret = 0; + BIGNUM *order; + BN_CTX *new_ctx = NULL; + EC_POINT *point = NULL; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + { + ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); + goto err; + } + } + BN_CTX_start(ctx); + if ((order = BN_CTX_get(ctx)) == NULL) goto err; + + /* check the discriminant */ + if (!EC_GROUP_check_discriminant(group, ctx)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); + goto err; + } + + /* check the generator */ + if (group->generator == NULL) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); + goto err; + } + if (!EC_POINT_is_on_curve(group, group->generator, ctx)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + + /* check the order of the generator */ + if ((point = EC_POINT_new(group)) == NULL) goto err; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; + if (BN_is_zero(order)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); + goto err; + } + + if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; + if (!EC_POINT_is_at_infinity(group, point)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); + goto err; + } + + ret = 1; + +err: + if (ctx != NULL) + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + if (point) + EC_POINT_free(point); + return ret; + } diff --git a/crypto/openssl/crypto/ec/ec_curve.c b/crypto/openssl/crypto/ec/ec_curve.c new file mode 100644 index 0000000..beac209 --- /dev/null +++ b/crypto/openssl/crypto/ec/ec_curve.c @@ -0,0 +1,1270 @@ +/* crypto/ec/ec_curve.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include "ec_lcl.h" +#include +#include + +typedef struct ec_curve_data_st { + int field_type; /* either NID_X9_62_prime_field or + * NID_X9_62_characteristic_two_field */ + const char *p; /* either a prime number or a polynomial */ + const char *a; + const char *b; + const char *x; /* the x coordinate of the generator */ + const char *y; /* the y coordinate of the generator */ + const char *order; /* the order of the group generated by the + * generator */ + const BN_ULONG cofactor;/* the cofactor */ + const unsigned char *seed;/* the seed (optional) */ + size_t seed_len; + const char *comment; /* a short description of the curve */ +} EC_CURVE_DATA; + +/* the nist prime curves */ +static const unsigned char _EC_NIST_PRIME_192_SEED[] = { + 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, + 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5}; +static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", + "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", + "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, + _EC_NIST_PRIME_192_SEED, 20, + "NIST/X9.62/SECG curve over a 192 bit prime field" + }; + +static const unsigned char _EC_NIST_PRIME_224_SEED[] = { + 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, + 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5}; +static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1, + _EC_NIST_PRIME_224_SEED, 20, + "NIST/SECG curve over a 224 bit prime field" + }; + +static const unsigned char _EC_NIST_PRIME_384_SEED[] = { + 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, + 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73}; +static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" + "FFF0000000000000000FFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" + "FFF0000000000000000FFFFFFFC", + "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" + "98D8A2ED19D2A85C8EDD3EC2AEF", + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" + "25DBF55296C3A545E3872760AB7", + "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" + "1ce1d7e819d7a431d7c90ea0e5f", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" + "DB248B0A77AECEC196ACCC52973",1, + _EC_NIST_PRIME_384_SEED, 20, + "NIST/SECG curve over a 384 bit prime field" + }; + +static const unsigned char _EC_NIST_PRIME_521_SEED[] = { + 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, + 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA}; +static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { + NID_X9_62_prime_field, + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", + "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" + "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" + "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" + "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" + "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1, + _EC_NIST_PRIME_521_SEED, 20, + "NIST/SECG curve over a 521 bit prime field" + }; +/* the x9.62 prime curves (minus the nist prime curves) */ +static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { + 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, + 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6}; +static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", + "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", + "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", + "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, + _EC_X9_62_PRIME_192V2_SEED, 20, + "X9.62 curve over a 192 bit prime field" + }; + +static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { + 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, + 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E}; +static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", + "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", + "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", + "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, + _EC_X9_62_PRIME_192V3_SEED, 20, + "X9.62 curve over a 192 bit prime field" + }; + +static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { + 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, + 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D}; +static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { + NID_X9_62_prime_field, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", + "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", + "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, + _EC_X9_62_PRIME_239V1_SEED, 20, + "X9.62 curve over a 239 bit prime field" + }; + +static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { + 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, + 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16}; +static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { + NID_X9_62_prime_field, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", + "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", + "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", + "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, + _EC_X9_62_PRIME_239V2_SEED, 20, + "X9.62 curve over a 239 bit prime field" + }; + +static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { + 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, + 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF}; +static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { + NID_X9_62_prime_field, + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", + "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", + "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, + _EC_X9_62_PRIME_239V3_SEED, 20, + "X9.62 curve over a 239 bit prime field" + }; + +static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { + 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, + 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90}; +static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { + NID_X9_62_prime_field, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, + _EC_X9_62_PRIME_256V1_SEED, 20, + "X9.62/SECG curve over a 256 bit prime field" + }; +/* the secg prime curves (minus the nist and x9.62 prime curves) */ +static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { + 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, + 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1}; +static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { + NID_X9_62_prime_field, + "DB7C2ABF62E35E668076BEAD208B", + "DB7C2ABF62E35E668076BEAD2088", + "659EF8BA043916EEDE8911702B22", + "09487239995A5EE76B55F9C2F098", + "a89ce5af8724c0a23e0e0ff77500", + "DB7C2ABF62E35E7628DFAC6561C5",1, + _EC_SECG_PRIME_112R1_SEED, 20, + "SECG/WTLS curve over a 112 bit prime field" + }; + +static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { + 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, + 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4}; +static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { + NID_X9_62_prime_field, + "DB7C2ABF62E35E668076BEAD208B", + "6127C24C05F38A0AAAF65C0EF02C", + "51DEF1815DB5ED74FCC34C85D709", + "4BA30AB5E892B4E1649DD0928643", + "adcd46f5882e3747def36e956e97", + "36DF0AAFD8B8D7597CA10520D04B",4, + _EC_SECG_PRIME_112R2_SEED, 20, + "SECG curve over a 112 bit prime field" + }; + +static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { + 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, + 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79}; +static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { + NID_X9_62_prime_field, + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", + "E87579C11079F43DD824993C2CEE5ED3", + "161FF7528B899B2D0C28607CA52C5B86", + "cf5ac8395bafeb13c02da292dded7a83", + "FFFFFFFE0000000075A30D1B9038A115",1, + _EC_SECG_PRIME_128R1_SEED, 20, + "SECG curve over a 128 bit prime field" + }; + +static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { + 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, + 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4}; +static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { + NID_X9_62_prime_field, + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", + "D6031998D1B3BBFEBF59CC9BBFF9AEE1", + "5EEEFCA380D02919DC2C6558BB6D8A5D", + "7B6AA5D85E572983E6FB32A7CDEBC140", + "27b6916a894d3aee7106fe805fc34b44", + "3FFFFFFF7FFFFFFFBE0024720613B5A3",4, + _EC_SECG_PRIME_128R2_SEED, 20, + "SECG curve over a 128 bit prime field" + }; + +static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "0", + "7", + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", + "938cf935318fdced6bc28286531733c3f03c4fee", + "0100000000000000000001B8FA16DFAB9ACA16B6B3",1, + NULL, 0, + "SECG curve over a 160 bit prime field" + }; + +static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { + 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45}; +static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", + "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", + "4A96B5688EF573284664698968C38BB913CBFC82", + "23a628553168947d59dcc912042351377ac5fb32", + "0100000000000000000001F4C8F927AED3CA752257",1, + _EC_SECG_PRIME_160R1_SEED, 20, + "SECG curve over a 160 bit prime field" + }; + +static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { + 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, + 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51}; +static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", + "B4E134D3FB59EB8BAB57274904664D5AF50388BA", + "52DCB034293A117E1F4FF11B30F7199D3144CE6D", + "feaffef2e331f296e071fa0df9982cfea7d43f2e", + "0100000000000000000000351EE786A818F3A1A16B",1, + _EC_SECG_PRIME_160R2_SEED, 20, + "SECG/WTLS curve over a 160 bit prime field" + }; + +static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", + "0", + "3", + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", + "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", + "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1, + NULL, 20, + "SECG curve over a 192 bit prime field" + }; + +static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", + "0", + "5", + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", + "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", + "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1, + NULL, 20, + "SECG curve over a 224 bit prime field" + }; + +static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", + "0", + "7", + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1, + NULL, 20, + "SECG curve over a 256 bit prime field" + }; + +/* some wap/wtls curves */ +static const EC_CURVE_DATA _EC_WTLS_8 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", + "0", + "3", + "1", + "2", + "0100000000000001ECEA551AD837E9",1, + NULL, 20, + "WTLS curve over a 112 bit prime field" + }; + +static const EC_CURVE_DATA _EC_WTLS_9 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", + "0", + "3", + "1", + "2", + "0100000000000000000001CDC98AE0E2DE574ABF33",1, + NULL, 20, + "WTLS curve over a 160 bit prime field" + }; + +static const EC_CURVE_DATA _EC_WTLS_12 = { + NID_X9_62_prime_field, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, + NULL, 0, + "WTLS curvs over a 224 bit prime field" + }; + +/* characteristic two curves */ +static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = { + 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, + 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000201", + "003088250CA6E7C7FE649CE85820F7", + "00E8BEE4D3E2260744188BE0E9C723", + "009D73616F35F4AB1407D73562C10F", + "00A52830277958EE84D1315ED31886", + "0100000000000000D9CCEC8A39E56F", 2, + _EC_SECG_CHAR2_113R1_SEED, 20, + "SECG curve over a 113 bit binary field" + }; + +static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { + 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, + 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000201", + "00689918DBEC7E5A0DD6DFC0AA55C7", + "0095E9A9EC9B297BD4BF36E059184F", + "01A57A6A7B26CA5EF52FCDB8164797", + "00B3ADC94ED1FE674C06E695BABA1D", + "010000000000000108789B2496AF93", 2, + _EC_SECG_CHAR2_113R2_SEED, 20, + "SECG curve over a 113 bit binary field" + }; + +static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { + 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, + 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000010D", + "07A11B09A76B562144418FF3FF8C2570B8", + "0217C05610884B63B9C6C7291678F9D341", + "0081BAF91FDF9833C40F9C181343638399", + "078C6E7EA38C001F73C8134B1B4EF9E150", + "0400000000000000023123953A9464B54D", 2, + _EC_SECG_CHAR2_131R1_SEED, 20, + "SECG/WTLS curve over a 131 bit binary field" + }; + +static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { + 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000010D", + "03E5A88919D7CAFCBF415F07C2176573B2", + "04B8266A46C55657AC734CE38F018F2192", + "0356DCD8F2F95031AD652D23951BB366A8", + "0648F06D867940A5366D9E265DE9EB240F", + "0400000000000000016954A233049BA98F", 2, + _EC_SECG_CHAR2_131R2_SEED, 20, + "SECG curve over a 131 bit binary field" + }; + +static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { + NID_X9_62_characteristic_two_field, + "0800000000000000000000000000000000000000C9", + "1", + "1", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + "04000000000000000000020108A2E0CC0D99F8A5EF", 2, + NULL, 0, + "NIST/SECG/WTLS curve over a 163 bit binary field" + }; + +static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { + 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, + 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { + NID_X9_62_characteristic_two_field, + "0800000000000000000000000000000000000000C9", + "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", + "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", + "0369979697AB43897789566789567F787A7876A654", + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", + "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, +/* The algorithm used to derive the curve parameters from + * the seed used here is slightly different than the + * algorithm described in X9.62 . + */ +#if 0 + _EC_SECG_CHAR2_163R1_SEED, 20, +#else + NULL, 0, +#endif + "SECG curve over a 163 bit binary field" + }; + +static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { + 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, + 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68}; +static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={ + NID_X9_62_characteristic_two_field, + "0800000000000000000000000000000000000000C9", + "1", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + "040000000000000000000292FE77E70C12A4234C33", 2, +/* The seed here was used to created the curve parameters in normal + * basis representation (and not the polynomial representation used here) + */ +#if 0 + _EC_NIST_CHAR2_163B_SEED, 20, +#else + NULL, 0, +#endif + "NIST/SECG curve over a 163 bit binary field" + }; + +static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { + 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, + 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { + NID_X9_62_characteristic_two_field, + "02000000000000000000000000000000000000000000008001", + "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", + "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", + "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, + _EC_SECG_CHAR2_193R1_SEED, 20, + "SECG curve over a 193 bit binary field" + }; + +static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { + 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, + 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11}; +static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { + NID_X9_62_characteristic_two_field, + "02000000000000000000000000000000000000000000008001", + "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", + "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", + "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, + _EC_SECG_CHAR2_193R2_SEED, 20, + "SECG curve over a 193 bit binary field" + }; + +static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000000000000004000000000000000001", + "0", + "1", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, + NULL, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" + }; + +static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { + 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, + 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3}; +static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, + _EC_NIST_CHAR2_233B_SEED, 20, + "NIST/SECG/WTLS curve over a 233 bit binary field" + }; + +static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { + NID_X9_62_characteristic_two_field, + "800000000000000000004000000000000000000000000000000000000001", + "0", + "1", + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", + "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, + NULL, 0, + "SECG curve over a 239 bit binary field" + }; + +static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000000000000000000000000000000000000000001" + "0A1", + "0", + "1", + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" + "836", + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" + "259", + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" + "C61", 4, + NULL, 20, + "NIST/SECG curve over a 283 bit binary field" + }; + +static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { + 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, + 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE}; +static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000000000000000000000000000000000000000001" + "0A1", + "000000000000000000000000000000000000000000000000000000000000000000000" + "001", + "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" + "2F5", + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" + "053", + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" + "2F4", + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" + "307", 2, + _EC_NIST_CHAR2_283B_SEED, 20, + "NIST/SECG curve over a 283 bit binary field" + }; + +static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000000000000000000000000000000000000000000" + "00000000000008000000000000000000001", + "0", + "1", + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" + "89EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" + "C42E9C55215AA9CA27A5863EC48D8E0286B", + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" + "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, + NULL, 0, + "NIST/SECG curve over a 409 bit binary field" + }; + +static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { + 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, + 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B}; +static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000000000000000000000000000000000000000000" + "00000000000008000000000000000000001", + "000000000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" + "7B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" + "A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" + "F1FDF4B4F40D2181B3681C364BA0273C706", + "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" + "7BE5FA47C3C9E052F838164CD37D9A21173", 2, + _EC_NIST_CHAR2_409B_SEED, 20, + "NIST/SECG curve over a 409 bit binary field" + }; + +static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000" + "00425", + "0", + "1", + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" + "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" + "1C8972", + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" + "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" + "F1C7A3", + "020000000000000000000000000000000000000000000000000000000000000000000" + "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" + "7C1001", 4, + NULL, 0, + "NIST/SECG curve over a 571 bit binary field" + }; + +static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { + 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, + 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10}; +static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000" + "00425", + "000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000" + "000001", + "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" + "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" + "55727A", + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" + "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" + "EC2D19", + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" + "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" + "8AC15B", + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" + "E84E47", 2, + _EC_NIST_CHAR2_571B_SEED, 20, + "NIST/SECG curve over a 571 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { + 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, + 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000000000000107", + "072546B5435234A422E0789675F432C89435DE5242", + "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", + "07AF69989546103D79329FCC3D74880F33BBE803CB", + "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", + "0400000000000000000001E60FC8821CC74DAEAFC1", 2, + _EC_X9_62_CHAR2_163V1_SEED, 20, + "X9.62 curve over a 163 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { + 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000000000000107", + "0108B39E77C4B108BED981ED0E890E117C511CF072", + "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", + "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", + "079F684DDF6684C5CD258B3890021B2386DFD19FC5", + "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, + _EC_X9_62_CHAR2_163V2_SEED, 20, + "X9.62 curve over a 163 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { + 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, + 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { + NID_X9_62_characteristic_two_field, + "080000000000000000000000000000000000000107", + "07A526C63D3E25A256A007699F5447E32AE456B50E", + "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", + "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", + "05B935590C155E17EA48EB3FF3718B893DF59A05D0", + "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, + _EC_X9_62_CHAR2_163V3_SEED, 20, + "X9.62 curve over a 163 bit binary field" + }; + +static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { + NID_X9_62_characteristic_two_field, + "0100000000000000000000000000000000080000000007", + "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", + "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", + "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", + "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", + "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, + NULL, 0, + "X9.62 curve over a 176 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { + 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000201", + "2866537B676752636A68F56554E12640276B649EF7526267", + "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", + "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", + "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", + "40000000000000000000000004A20E90C39067C893BBB9A5", 2, + _EC_X9_62_CHAR2_191V1_SEED, 20, + "X9.62 curve over a 191 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { + 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000201", + "401028774D7777C7B7666D1366EA432071274F89FF01E718", + "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", + "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", + "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", + "20000000000000000000000050508CB89F652824E06B8173", 4, + _EC_X9_62_CHAR2_191V2_SEED, 20, + "X9.62 curve over a 191 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { + 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000201", + "6C01074756099122221056911C77D77E77A777E7E7E77FCB", + "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", + "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", + "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", + "155555555555555555555555610C0B196812BFB6288A3EA3", 6, + _EC_X9_62_CHAR2_191V3_SEED, 20, + "X9.62 curve over a 191 bit binary field" + }; + +static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { + NID_X9_62_characteristic_two_field, + "010000000000000000000000000000000800000000000000000007", + "0000000000000000000000000000000000000000000000000000", + "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", + "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", + "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", + "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, + NULL, 0, + "X9.62 curve over a 208 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { + 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, + 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000001000000001", + "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", + "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", + "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", + "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", + "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, + _EC_X9_62_CHAR2_239V1_SEED, 20, + "X9.62 curve over a 239 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { + 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000001000000001", + "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", + "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", + "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", + "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", + "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, + _EC_X9_62_CHAR2_239V2_SEED, 20, + "X9.62 curve over a 239 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { + 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, + 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000001000000001", + "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", + "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", + "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", + "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", + "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, + _EC_X9_62_CHAR2_239V3_SEED, 20, + "X9.62 curve over a 239 bit binary field" + }; + +static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { + NID_X9_62_characteristic_two_field, + "010000000000000000000000000000000000000000000000000000010000000000000" + "B", + "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", + "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", + "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", + "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", + "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", + 0xFF06, + NULL, 0, + "X9.62 curve over a 272 bit binary field" + }; + +static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { + NID_X9_62_characteristic_two_field, + "010000000000000000000000000000000000000000000000000000000000000000000" + "000000807", + "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" + "6C8E681", + "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" + "27340BE", + "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" + "40A2614", + "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" + "B92C03B", + "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" + "443051D", 0xFE2E, + NULL, 0, + "X9.62 curve over a 304 bit binary field" + }; + +static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { + 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, + 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6}; +static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000000000000000000000000" + "000100000000000000001", + "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" + "656FB549016A96656A557", + "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" + "7742B6329E70680231988", + "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" + "8E8E707C07A2239B1B097", + "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" + "4AE2DE211305A407104BD", + "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" + "64FE7719E74F490758D3B", 0x4C, + _EC_X9_62_CHAR2_359V1_SEED, 20, + "X9.62 curve over a 359 bit binary field" + }; + +static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { + NID_X9_62_characteristic_two_field, + "010000000000000000000000000000000000000000000000000000000000000000000" + "0002000000000000000000007", + "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" + "F0AB7519CCD2A1A906AE30D", + "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" + "D84D164F444F8F74786046A", + "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" + "9E927BE216F02E1FB136A5F", + "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" + "ADAA81E2A0750B80FDA2310", + "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" + "9AE40A6F131E9CFCE5BD967", 0xFF70, + NULL, 0, + "X9.62 curve over a 368 bit binary field" + }; + +static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { + NID_X9_62_characteristic_two_field, + "800000000000000000000000000000000000000000000000000000000000000000000" + "000000001000000000000000000000000000001", + "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" + "B9906D0957F6C6FEACD615468DF104DE296CD8F", + "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" + "26D4E50A8DD731B107A9962381FB5D807BF2618", + "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" + "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", + "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" + "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", + "0340340340340340340340340340340340340340340340340340340323C313FAB5058" + "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, + NULL, 0, + "X9.62 curve over a 431 bit binary field" + }; + +static const EC_CURVE_DATA _EC_WTLS_1 = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000201", + "1", + "1", + "01667979A40BA497E5D5C270780617", + "00F44B4AF1ECC2630E08785CEBCC15", + "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, + NULL, 0, + "WTLS curve over a 113 bit binary field" + }; + +/* IPSec curves */ +/* NOTE: The of curves over a extension field of non prime degree + * is not recommended (Weil-descent). + * As the group order is not a prime this curve is not suitable + * for ECDSA. + */ +static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { + NID_X9_62_characteristic_two_field, + "0800000000000000000000004000000000000001", + "0", + "07338f", + "7b", + "1c8", + "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, + NULL, 0, + "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" + }; + +/* NOTE: The of curves over a extension field of non prime degree + * is not recommended (Weil-descent). + * As the group order is not a prime this curve is not suitable + * for ECDSA. + */ +static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000200000000000000001", + "0", + "1ee9", + "18", + "0d", + "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, + NULL, 0, + "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" + }; + +typedef struct _ec_list_element_st { + int nid; + const EC_CURVE_DATA *data; + } ec_list_element; + +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ + { NID_secp112r1, &_EC_SECG_PRIME_112R1}, + { NID_secp112r2, &_EC_SECG_PRIME_112R2}, + { NID_secp128r1, &_EC_SECG_PRIME_128R1}, + { NID_secp128r2, &_EC_SECG_PRIME_128R2}, + { NID_secp160k1, &_EC_SECG_PRIME_160K1}, + { NID_secp160r1, &_EC_SECG_PRIME_160R1}, + { NID_secp160r2, &_EC_SECG_PRIME_160R2}, + /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ + { NID_secp192k1, &_EC_SECG_PRIME_192K1}, + { NID_secp224k1, &_EC_SECG_PRIME_224K1}, + { NID_secp224r1, &_EC_NIST_PRIME_224}, + { NID_secp256k1, &_EC_SECG_PRIME_256K1}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + { NID_secp384r1, &_EC_NIST_PRIME_384}, + { NID_secp521r1, &_EC_NIST_PRIME_521}, + /* X9.62 curves */ + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, + { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, + { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, + { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, + { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, + { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, + /* characteristic two field curves */ + /* NIST/SECG curves */ + { NID_sect113r1, &_EC_SECG_CHAR2_113R1}, + { NID_sect113r2, &_EC_SECG_CHAR2_113R2}, + { NID_sect131r1, &_EC_SECG_CHAR2_131R1}, + { NID_sect131r2, &_EC_SECG_CHAR2_131R2}, + { NID_sect163k1, &_EC_NIST_CHAR2_163K }, + { NID_sect163r1, &_EC_SECG_CHAR2_163R1}, + { NID_sect163r2, &_EC_NIST_CHAR2_163B }, + { NID_sect193r1, &_EC_SECG_CHAR2_193R1}, + { NID_sect193r2, &_EC_SECG_CHAR2_193R2}, + { NID_sect233k1, &_EC_NIST_CHAR2_233K }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B }, + { NID_sect239k1, &_EC_SECG_CHAR2_239K1}, + { NID_sect283k1, &_EC_NIST_CHAR2_283K }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B }, + /* X9.62 curves */ + { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, + { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, + { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, + { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, + { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, + { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, + { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, + { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, + { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, + { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, + { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, + { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, + { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, + { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, + { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, + { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, + /* the WAP/WTLS curves + * [unlike SECG, spec has its own OIDs for curves from X9.62] */ + { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, + { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, + { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, + { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, + { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, + { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, + { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, + { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 }, + { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, + { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, + { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, + /* IPSec curves */ + { NID_ipsec3, &_EC_IPSEC_155_ID3}, + { NID_ipsec4, &_EC_IPSEC_185_ID4}, +}; + +static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); + +static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) + { + EC_GROUP *group=NULL; + EC_POINT *P=NULL; + BN_CTX *ctx=NULL; + BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; + int ok=0; + + if ((ctx = BN_CTX_new()) == NULL) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); + goto err; + } + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || + (b = BN_new()) == NULL || (x = BN_new()) == NULL || + (y = BN_new()) == NULL || (order = BN_new()) == NULL) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) + || !BN_hex2bn(&b, data->b)) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + goto err; + } + + if (data->field_type == NID_X9_62_prime_field) + { + if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } + else + { /* field_type == NID_X9_62_characteristic_two_field */ + if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } + + if ((P = EC_POINT_new(group)) == NULL) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + + if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + goto err; + } + if (!EC_GROUP_set_generator(group, P, order, x)) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + if (data->seed) + { + if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } + ok=1; +err: + if (!ok) + { + EC_GROUP_free(group); + group = NULL; + } + if (P) + EC_POINT_free(P); + if (ctx) + BN_CTX_free(ctx); + if (p) + BN_free(p); + if (a) + BN_free(a); + if (b) + BN_free(b); + if (order) + BN_free(order); + if (x) + BN_free(x); + if (y) + BN_free(y); + return group; + } + +EC_GROUP *EC_GROUP_new_by_curve_name(int nid) + { + size_t i; + EC_GROUP *ret = NULL; + + if (nid <= 0) + return NULL; + + for (i=0; icomment; + } + + return curve_list_length; + } diff --git a/crypto/openssl/crypto/ec/ec_cvt.c b/crypto/openssl/crypto/ec/ec_cvt.c index 45b0ec3..d45640b 100644 --- a/crypto/openssl/crypto/ec/ec_cvt.c +++ b/crypto/openssl/crypto/ec/ec_cvt.c @@ -1,6 +1,9 @@ /* crypto/ec/ec_cvt.c */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,7 +55,21 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ +#include #include "ec_lcl.h" @@ -60,11 +77,8 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM { const EC_METHOD *meth; EC_GROUP *ret; - - /* Finally, this will use EC_GFp_nist_method if 'p' is a special - * prime with optimized modular arithmetics (for NIST curves) - */ - meth = EC_GFp_mont_method(); + + meth = EC_GFp_nist_method(); ret = EC_GROUP_new(meth); if (ret == NULL) @@ -72,6 +86,56 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + unsigned long err; + + err = ERR_peek_last_error(); + + if (!(ERR_GET_LIB(err) == ERR_LIB_EC && + ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || + (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) + { + /* real error */ + + EC_GROUP_clear_free(ret); + return NULL; + } + + + /* not an actual error, we just cannot use EC_GFp_nist_method */ + + ERR_clear_error(); + + EC_GROUP_clear_free(ret); + meth = EC_GFp_mont_method(); + + ret = EC_GROUP_new(meth); + if (ret == NULL) + return NULL; + + if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) + { + EC_GROUP_clear_free(ret); + return NULL; + } + } + + return ret; + } + + +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + const EC_METHOD *meth; + EC_GROUP *ret; + + meth = EC_GF2m_simple_method(); + + ret = EC_GROUP_new(meth); + if (ret == NULL) + return NULL; + + if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) + { EC_GROUP_clear_free(ret); return NULL; } diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/openssl/crypto/ec/ec_err.c index d37b6ab..38302b9 100644 --- a/crypto/openssl/crypto/ec/ec_err.c +++ b/crypto/openssl/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,70 +64,159 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) + static ERR_STRING_DATA EC_str_functs[]= { -{ERR_PACK(0,EC_F_COMPUTE_WNAF,0), "COMPUTE_WNAF"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0), "ec_GFp_mont_field_decode"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0), "ec_GFp_simple_oct2point"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0), "ec_GFp_simple_point2oct"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0), "ec_GFp_simple_points_make_affine"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, -{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"}, -{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"}, -{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0), "EC_GROUP_set_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0), "EC_GROUP_set_extra_data"}, -{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0), "EC_GROUP_set_generator"}, -{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0), "EC_POINTs_make_affine"}, -{ERR_PACK(0,EC_F_EC_POINTS_MUL,0), "EC_POINTs_mul"}, -{ERR_PACK(0,EC_F_EC_POINT_ADD,0), "EC_POINT_add"}, -{ERR_PACK(0,EC_F_EC_POINT_CMP,0), "EC_POINT_cmp"}, -{ERR_PACK(0,EC_F_EC_POINT_COPY,0), "EC_POINT_copy"}, -{ERR_PACK(0,EC_F_EC_POINT_DBL,0), "EC_POINT_dbl"}, -{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0), "EC_POINT_get_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_get_Jprojective_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0), "EC_POINT_is_at_infinity"}, -{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0), "EC_POINT_is_on_curve"}, -{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0), "EC_POINT_make_affine"}, -{ERR_PACK(0,EC_F_EC_POINT_NEW,0), "EC_POINT_new"}, -{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"}, -{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0), "EC_POINT_set_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, -{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0), "GFP_MONT_GROUP_SET_CURVE_GFP"}, +{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, +{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, +{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, +{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, +{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, +{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, +{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, +{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, +{ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, +{ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, +{ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, +{ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, +{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, +{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, +{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, +{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, +{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, +{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, +{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, +{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"}, +{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"}, +{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, +{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, +{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, +{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"}, +{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, +{ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, +{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"}, +{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, +{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, +{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, +{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, +{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, +{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, +{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, +{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, +{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, +{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, +{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, +{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, +{ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, +{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, +{ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, +{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, +{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, +{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, +{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, +{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, +{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, +{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, +{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, +{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"}, +{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"}, +{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"}, +{ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, +{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, +{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, +{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, +{ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, +{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, +{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, +{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, +{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"}, +{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"}, +{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"}, +{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"}, +{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, +{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, +{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, +{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, +{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, +{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, +{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, +{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, +{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, +{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, {0,NULL} }; static ERR_STRING_DATA EC_str_reasons[]= { -{EC_R_BUFFER_TOO_SMALL ,"buffer too small"}, -{EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, -{EC_R_INVALID_ARGUMENT ,"invalid argument"}, -{EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, -{EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, -{EC_R_INVALID_ENCODING ,"invalid encoding"}, -{EC_R_INVALID_FIELD ,"invalid field"}, -{EC_R_INVALID_FORM ,"invalid form"}, -{EC_R_NOT_INITIALIZED ,"not initialized"}, -{EC_R_POINT_AT_INFINITY ,"point at infinity"}, -{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, -{EC_R_SLOT_FULL ,"slot full"}, -{EC_R_UNDEFINED_GENERATOR ,"undefined generator"}, -{EC_R_UNKNOWN_ORDER ,"unknown order"}, +{ERR_REASON(EC_R_ASN1_ERROR) ,"asn1 error"}, +{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"}, +{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, +{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"}, +{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"}, +{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"}, +{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"}, +{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"}, +{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"}, +{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, +{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, +{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"}, +{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, +{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, +{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, +{ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"}, +{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"}, +{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"}, +{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"}, +{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"}, +{ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"}, +{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, +{ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"}, +{ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"}, +{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"}, +{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, +{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"}, +{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"}, +{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"}, +{ERR_REASON(EC_R_UNDEFINED_ORDER) ,"undefined order"}, +{ERR_REASON(EC_R_UNKNOWN_GROUP) ,"unknown group"}, +{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"}, +{ERR_REASON(EC_R_UNSUPPORTED_FIELD) ,"unsupported field"}, +{ERR_REASON(EC_R_WRONG_ORDER) ,"wrong order"}, {0,NULL} }; @@ -141,8 +230,8 @@ void ERR_load_EC_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_EC,EC_str_functs); - ERR_load_strings(ERR_LIB_EC,EC_str_reasons); + ERR_load_strings(0,EC_str_functs); + ERR_load_strings(0,EC_str_reasons); #endif } diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/openssl/crypto/ec/ec_key.c new file mode 100644 index 0000000..3d6c900 --- /dev/null +++ b/crypto/openssl/crypto/ec/ec_key.c @@ -0,0 +1,465 @@ +/* crypto/ec/ec_key.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + +#include +#include "ec_lcl.h" +#include +#include + +EC_KEY *EC_KEY_new(void) + { + EC_KEY *ret; + + ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); + if (ret == NULL) + { + ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->version = 1; + ret->group = NULL; + ret->pub_key = NULL; + ret->priv_key= NULL; + ret->enc_flag= 0; + ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; + ret->references= 1; + ret->method_data = NULL; + return(ret); + } + +EC_KEY *EC_KEY_new_by_curve_name(int nid) + { + EC_KEY *ret = EC_KEY_new(); + if (ret == NULL) + return NULL; + ret->group = EC_GROUP_new_by_curve_name(nid); + if (ret->group == NULL) + { + EC_KEY_free(ret); + return NULL; + } + return ret; + } + +void EC_KEY_free(EC_KEY *r) + { + int i; + + if (r == NULL) return; + + i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC); +#ifdef REF_PRINT + REF_PRINT("EC_KEY",r); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"EC_KEY_free, bad reference count\n"); + abort(); + } +#endif + + if (r->group != NULL) + EC_GROUP_free(r->group); + if (r->pub_key != NULL) + EC_POINT_free(r->pub_key); + if (r->priv_key != NULL) + BN_clear_free(r->priv_key); + + EC_EX_DATA_free_all_data(&r->method_data); + + OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); + + OPENSSL_free(r); + } + +EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) + { + EC_EXTRA_DATA *d; + + if (dest == NULL || src == NULL) + { + ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + /* copy the parameters */ + if (src->group) + { + const EC_METHOD *meth = EC_GROUP_method_of(src->group); + /* clear the old group */ + if (dest->group) + EC_GROUP_free(dest->group); + dest->group = EC_GROUP_new(meth); + if (dest->group == NULL) + return NULL; + if (!EC_GROUP_copy(dest->group, src->group)) + return NULL; + } + /* copy the public key */ + if (src->pub_key && src->group) + { + if (dest->pub_key) + EC_POINT_free(dest->pub_key); + dest->pub_key = EC_POINT_new(src->group); + if (dest->pub_key == NULL) + return NULL; + if (!EC_POINT_copy(dest->pub_key, src->pub_key)) + return NULL; + } + /* copy the private key */ + if (src->priv_key) + { + if (dest->priv_key == NULL) + { + dest->priv_key = BN_new(); + if (dest->priv_key == NULL) + return NULL; + } + if (!BN_copy(dest->priv_key, src->priv_key)) + return NULL; + } + /* copy method/extra data */ + EC_EX_DATA_free_all_data(&dest->method_data); + + for (d = src->method_data; d != NULL; d = d->next) + { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; + } + + /* copy the rest */ + dest->enc_flag = src->enc_flag; + dest->conv_form = src->conv_form; + dest->version = src->version; + + return dest; + } + +EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) + { + EC_KEY *ret = EC_KEY_new(); + if (ret == NULL) + return NULL; + if (EC_KEY_copy(ret, ec_key) == NULL) + { + EC_KEY_free(ret); + return NULL; + } + return ret; + } + +int EC_KEY_up_ref(EC_KEY *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); +#ifdef REF_PRINT + REF_PRINT("EC_KEY",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "EC_KEY_up, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); + } + +int EC_KEY_generate_key(EC_KEY *eckey) + { + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *priv_key = NULL, *order = NULL; + EC_POINT *pub_key = NULL; + + if (!eckey || !eckey->group) + { + ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((order = BN_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) goto err; + + if (eckey->priv_key == NULL) + { + priv_key = BN_new(); + if (priv_key == NULL) + goto err; + } + else + priv_key = eckey->priv_key; + + if (!EC_GROUP_get_order(eckey->group, order, ctx)) + goto err; + + do + if (!BN_rand_range(priv_key, order)) + goto err; + while (BN_is_zero(priv_key)); + + if (eckey->pub_key == NULL) + { + pub_key = EC_POINT_new(eckey->group); + if (pub_key == NULL) + goto err; + } + else + pub_key = eckey->pub_key; + + if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) + goto err; + + eckey->priv_key = priv_key; + eckey->pub_key = pub_key; + + ok=1; + +err: + if (order) + BN_free(order); + if (pub_key != NULL && eckey->pub_key == NULL) + EC_POINT_free(pub_key); + if (priv_key != NULL && eckey->priv_key == NULL) + BN_free(priv_key); + if (ctx != NULL) + BN_CTX_free(ctx); + return(ok); + } + +int EC_KEY_check_key(const EC_KEY *eckey) + { + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *order = NULL; + EC_POINT *point = NULL; + + if (!eckey || !eckey->group || !eckey->pub_key) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if ((point = EC_POINT_new(eckey->group)) == NULL) + goto err; + + /* testing whether the pub_key is on the elliptic curve */ + if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + /* testing whether pub_key * order is the point at infinity */ + if (!EC_GROUP_get_order(eckey->group, order, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); + goto err; + } + if (!EC_POINT_copy(point, eckey->pub_key)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); + goto err; + } + if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); + goto err; + } + if (!EC_POINT_is_at_infinity(eckey->group, point)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); + goto err; + } + /* in case the priv_key is present : + * check if generator * priv_key == pub_key + */ + if (eckey->priv_key) + { + if (BN_cmp(eckey->priv_key, order) >= 0) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); + goto err; + } + if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, + NULL, NULL, ctx)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, + ctx) != 0) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); + goto err; + } + } + ok = 1; +err: + if (ctx != NULL) + BN_CTX_free(ctx); + if (order != NULL) + BN_free(order); + if (point != NULL) + EC_POINT_free(point); + return(ok); + } + +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) + { + return key->group; + } + +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) + { + if (key->group != NULL) + EC_GROUP_free(key->group); + key->group = EC_GROUP_dup(group); + return (key->group == NULL) ? 0 : 1; + } + +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) + { + return key->priv_key; + } + +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) + { + if (key->priv_key) + BN_clear_free(key->priv_key); + key->priv_key = BN_dup(priv_key); + return (key->priv_key == NULL) ? 0 : 1; + } + +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) + { + return key->pub_key; + } + +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) + { + if (key->pub_key != NULL) + EC_POINT_free(key->pub_key); + key->pub_key = EC_POINT_dup(pub_key, key->group); + return (key->pub_key == NULL) ? 0 : 1; + } + +unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) + { + return key->enc_flag; + } + +void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) + { + key->enc_flag = flags; + } + +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) + { + return key->conv_form; + } + +void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) + { + key->conv_form = cform; + if (key->group != NULL) + EC_GROUP_set_point_conversion_form(key->group, cform); + } + +void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + } + +void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA *ex_data; + CRYPTO_w_lock(CRYPTO_LOCK_EC); + ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + if (ex_data == NULL) + EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); + CRYPTO_w_unlock(CRYPTO_LOCK_EC); + } + +void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) + { + if (key->group != NULL) + EC_GROUP_set_asn1_flag(key->group, flag); + } + +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) + { + if (key->group == NULL) + return 0; + return EC_GROUP_precompute_mult(key->group, ctx); + } diff --git a/crypto/openssl/crypto/ec/ec_lcl.h b/crypto/openssl/crypto/ec/ec_lcl.h index cc4cf27..fdd7aa2 100644 --- a/crypto/openssl/crypto/ec/ec_lcl.h +++ b/crypto/openssl/crypto/ec/ec_lcl.h @@ -1,6 +1,9 @@ /* crypto/ec/ec_lcl.h */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,35 +55,56 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #include +#include #include +#include +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +#endif /* Structure details are not part of the exported interface, * so all this may change in future versions. */ struct ec_method_st { + /* used by EC_METHOD_get_field_type: */ + int field_type; /* a NID */ + /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */ int (*group_init)(EC_GROUP *); void (*group_finish)(EC_GROUP *); void (*group_clear_finish)(EC_GROUP *); int (*group_copy)(EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */ - int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); - int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); + /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ + /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ + int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); - /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator, - * EC_GROUP_get_order, EC_GROUP_get_cofactor: - */ - int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor); - EC_POINT *(*group_get0_generator)(const EC_GROUP *); - int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *); - int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + /* used by EC_GROUP_get_degree: */ + int (*group_get_degree)(const EC_GROUP *); + + /* used by EC_GROUP_check: */ + int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ int (*point_init)(EC_POINT *); @@ -89,20 +113,22 @@ struct ec_method_st { int (*point_copy)(EC_POINT *, const EC_POINT *); /* used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, - * EC_POINT_set_compressed_coordinates_GFp: + * EC_POINT_set_Jprojective_coordinates_GFp, + * EC_POINT_get_Jprojective_coordinates_GFp, + * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: */ int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); - int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *, + int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); - int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, + int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); - int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *, + int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, int y_bit, BN_CTX *); /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ @@ -125,34 +151,65 @@ struct ec_method_st { int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); + /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult + * (default implementations are used if the 'mul' pointer is 0): */ + int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); + int (*precompute_mult)(EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult)(const EC_GROUP *group); + /* internal functions */ - /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that + /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that * the same implementations of point operations can be used with different * optimized implementations of expensive field operations: */ int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); } /* EC_METHOD */; +typedef struct ec_extra_data_st { + struct ec_extra_data_st *next; + void *data; + void *(*dup_func)(void *); + void (*free_func)(void *); + void (*clear_free_func)(void *); +} EC_EXTRA_DATA; /* used in EC_GROUP */ struct ec_group_st { const EC_METHOD *meth; - void *extra_data; - void *(*extra_data_dup_func)(void *); - void (*extra_data_free_func)(void *); - void (*extra_data_clear_free_func)(void *); + EC_POINT *generator; /* optional */ + BIGNUM order, cofactor; + + int curve_name;/* optional NID for named curve */ + int asn1_flag; /* flag to control the asn1 encoding */ + point_conversion_form_t asn1_form; + + unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ + size_t seed_len; - /* All members except 'meth' and 'extra_data...' are handled by - * the method functions, even if they appear generic */ + EC_EXTRA_DATA *extra_data; /* linked list */ + + /* The following members are handled by the method functions, + * even if they appear generic */ BIGNUM field; /* Field specification. - * For curves over GF(p), this is the modulus. */ + * For curves over GF(p), this is the modulus; + * for curves over GF(2^m), this is the + * irreducible polynomial defining the field. + */ + + unsigned int poly[5]; /* Field specification for curves over GF(2^m). + * The irreducible f(t) is then of the form: + * t^poly[0] + t^poly[1] + ... + t^poly[k] + * where m = poly[0] > poly[1] > ... > poly[k] = 0. + */ BIGNUM a, b; /* Curve coefficients. * (Here the assumption is that BIGNUMs can be used @@ -160,29 +217,49 @@ struct ec_group_st { * For characteristic > 3, the curve is defined * by a Weierstrass equation of the form * y^2 = x^3 + a*x + b. + * For characteristic 2, the curve is defined by + * an equation of the form + * y^2 + x*y = x^3 + a*x^2 + b. */ - int a_is_minus3; /* enable optimized point arithmetics for special case */ - EC_POINT *generator; /* optional */ - BIGNUM order, cofactor; + int a_is_minus3; /* enable optimized point arithmetics for special case */ void *field_data1; /* method-specific (e.g., Montgomery structure) */ void *field_data2; /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ } /* EC_GROUP */; +struct ec_key_st { + int version; + + EC_GROUP *group; + + EC_POINT *pub_key; + BIGNUM *priv_key; + + unsigned int enc_flag; + point_conversion_form_t conv_form; -/* Basically a 'mixin' for extra data, but available for EC_GROUPs only + int references; + + EC_EXTRA_DATA *method_data; +} /* EC_KEY */; + +/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only * (with visibility limited to 'package' level for now). * We use the function pointers as index for retrieval; this obviates * global ex_data-style index tables. - * (Currently, we have one slot only, but is is possible to extend this - * if necessary.) */ -int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void EC_GROUP_free_extra_data(EC_GROUP *); -void EC_GROUP_clear_free_extra_data(EC_GROUP *); + */ +int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_EX_DATA_free_data(EC_EXTRA_DATA **, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); +void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); @@ -201,18 +278,23 @@ struct ec_point_st { +/* method functions in ec_mult.c + * (ec_lib.c uses these as defaults if group->method->mul is 0) */ +int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +int ec_wNAF_have_precompute_mult(const EC_GROUP *group); + + /* method functions in ecp_smpl.c */ int ec_GFp_simple_group_init(EC_GROUP *); void ec_GFp_simple_group_finish(EC_GROUP *); void ec_GFp_simple_group_clear_finish(EC_GROUP *); int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor); -EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *); -int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); -int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int ec_GFp_simple_group_get_degree(const EC_GROUP *); +int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); int ec_GFp_simple_point_init(EC_POINT *); void ec_GFp_simple_point_finish(EC_POINT *); void ec_GFp_simple_point_clear_finish(EC_POINT *); @@ -222,11 +304,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); -int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, +int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); -int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, +int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); -int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, +int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, const BIGNUM *x, int y_bit, BN_CTX *); size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, unsigned char *buf, size_t len, BN_CTX *); @@ -246,7 +328,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX /* method functions in ecp_mont.c */ int ec_GFp_mont_group_init(EC_GROUP *); -int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); void ec_GFp_mont_group_finish(EC_GROUP *); void ec_GFp_mont_group_clear_finish(EC_GROUP *); int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); @@ -257,21 +339,52 @@ int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CT int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); -/* method functions in ecp_recp.c */ -int ec_GFp_recp_group_init(EC_GROUP *); -int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -void ec_GFp_recp_group_finish(EC_GROUP *); -void ec_GFp_recp_group_clear_finish(EC_GROUP *); -int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - - /* method functions in ecp_nist.c */ -int ec_GFp_nist_group_init(EC_GROUP *); -int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -void ec_GFp_nist_group_finish(EC_GROUP *); -void ec_GFp_nist_group_clear_finish(EC_GROUP *); -int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); +int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + + +/* method functions in ec2_smpl.c */ +int ec_GF2m_simple_group_init(EC_GROUP *); +void ec_GF2m_simple_group_finish(EC_GROUP *); +void ec_GF2m_simple_group_clear_finish(EC_GROUP *); +int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_group_get_degree(const EC_GROUP *); +int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); +int ec_GF2m_simple_point_init(EC_POINT *); +void ec_GF2m_simple_point_finish(EC_POINT *); +void ec_GF2m_simple_point_clear_finish(EC_POINT *); +int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); +int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); +int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, BN_CTX *); +int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); +int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, BN_CTX *); +size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); +int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, + const unsigned char *buf, size_t len, BN_CTX *); +int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); +int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + + +/* method functions in ec2_mult.c */ +int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GF2m_have_precompute_mult(const EC_GROUP *group); diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c index deb5220..5af8437 100644 --- a/crypto/openssl/crypto/ec/ec_lib.c +++ b/crypto/openssl/crypto/ec/ec_lib.c @@ -1,6 +1,9 @@ /* crypto/ec/ec_lib.c */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include @@ -90,10 +98,18 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->meth = meth; ret->extra_data = NULL; - ret->extra_data_dup_func = 0; - ret->extra_data_free_func = 0; - ret->extra_data_clear_free_func = 0; - + + ret->generator = NULL; + BN_init(&ret->order); + BN_init(&ret->cofactor); + + ret->curve_name = 0; + ret->asn1_flag = 0; + ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; + + ret->seed = NULL; + ret->seed_len = 0; + if (!meth->group_init(ret)) { OPENSSL_free(ret); @@ -111,7 +127,15 @@ void EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_free_extra_data(group); + EC_EX_DATA_free_all_data(&group->extra_data); + + if (group->generator != NULL) + EC_POINT_free(group->generator); + BN_free(&group->order); + BN_free(&group->cofactor); + + if (group->seed) + OPENSSL_free(group->seed); OPENSSL_free(group); } @@ -123,10 +147,21 @@ void EC_GROUP_clear_free(EC_GROUP *group) if (group->meth->group_clear_finish != 0) group->meth->group_clear_finish(group); - else if (group->meth != NULL && group->meth->group_finish != 0) + else if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_clear_free_extra_data(group); + EC_EX_DATA_clear_free_all_data(&group->extra_data); + + if (group->generator != NULL) + EC_POINT_clear_free(group->generator); + BN_clear_free(&group->order); + BN_clear_free(&group->cofactor); + + if (group->seed) + { + OPENSSL_cleanse(group->seed, group->seed_len); + OPENSSL_free(group->seed); + } OPENSSL_cleanse(group, sizeof *group); OPENSSL_free(group); @@ -135,6 +170,8 @@ void EC_GROUP_clear_free(EC_GROUP *group) int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { + EC_EXTRA_DATA *d; + if (dest->meth->group_copy == 0) { ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -148,161 +185,507 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_GROUP_clear_free_extra_data(dest); - if (src->extra_data_dup_func) + EC_EX_DATA_free_all_data(&dest->extra_data); + + for (d = src->extra_data; d != NULL; d = d->next) { - if (src->extra_data != NULL) + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; + } + + if (src->generator != NULL) + { + if (dest->generator == NULL) + { + dest->generator = EC_POINT_new(dest); + if (dest->generator == NULL) return 0; + } + if (!EC_POINT_copy(dest->generator, src->generator)) return 0; + } + else + { + /* src->generator == NULL */ + if (dest->generator != NULL) { - dest->extra_data = src->extra_data_dup_func(src->extra_data); - if (dest->extra_data == NULL) - return 0; + EC_POINT_clear_free(dest->generator); + dest->generator = NULL; } + } + + if (!BN_copy(&dest->order, &src->order)) return 0; + if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; - dest->extra_data_dup_func = src->extra_data_dup_func; - dest->extra_data_free_func = src->extra_data_free_func; - dest->extra_data_clear_free_func = src->extra_data_clear_free_func; + dest->curve_name = src->curve_name; + dest->asn1_flag = src->asn1_flag; + dest->asn1_form = src->asn1_form; + + if (src->seed) + { + if (dest->seed) + OPENSSL_free(dest->seed); + dest->seed = OPENSSL_malloc(src->seed_len); + if (dest->seed == NULL) + return 0; + if (!memcpy(dest->seed, src->seed, src->seed_len)) + return 0; + dest->seed_len = src->seed_len; + } + else + { + if (dest->seed) + OPENSSL_free(dest->seed); + dest->seed = NULL; + dest->seed_len = 0; } + return dest->meth->group_copy(dest, src); } +EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) + { + EC_GROUP *t = NULL; + int ok = 0; + + if (a == NULL) return NULL; + + if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); + if (!EC_GROUP_copy(t, a)) goto err; + + ok = 1; + + err: + if (!ok) + { + if (t) EC_GROUP_free(t); + return NULL; + } + else return t; + } + + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) { return group->meth; } +int EC_METHOD_get_field_type(const EC_METHOD *meth) + { + return meth->field_type; + } + + +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) + { + if (generator == NULL) + { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); + return 0 ; + } + + if (group->generator == NULL) + { + group->generator = EC_POINT_new(group); + if (group->generator == NULL) return 0; + } + if (!EC_POINT_copy(group->generator, generator)) return 0; + + if (order != NULL) + { if (!BN_copy(&group->order, order)) return 0; } + else + BN_zero(&group->order); + + if (cofactor != NULL) + { if (!BN_copy(&group->cofactor, cofactor)) return 0; } + else + BN_zero(&group->cofactor); + + return 1; + } + + +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) + { + return group->generator; + } + + +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) + { + if (!BN_copy(order, &group->order)) + return 0; + + return !BN_is_zero(order); + } + + +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) + { + if (!BN_copy(cofactor, &group->cofactor)) + return 0; + + return !BN_is_zero(&group->cofactor); + } + + +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) + { + group->curve_name = nid; + } + + +int EC_GROUP_get_curve_name(const EC_GROUP *group) + { + return group->curve_name; + } + + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) + { + group->asn1_flag = flag; + } + + +int EC_GROUP_get_asn1_flag(const EC_GROUP *group) + { + return group->asn1_flag; + } + + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form) + { + group->asn1_form = form; + } + + +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) + { + return group->asn1_form; + } + + +size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) + { + if (group->seed) + { + OPENSSL_free(group->seed); + group->seed = NULL; + group->seed_len = 0; + } + + if (!len || !p) + return 1; + + if ((group->seed = OPENSSL_malloc(len)) == NULL) + return 0; + memcpy(group->seed, p, len); + group->seed_len = len; + + return len; + } + + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) + { + return group->seed; + } + + +size_t EC_GROUP_get_seed_len(const EC_GROUP *group) + { + return group->seed_len; + } + + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_set_curve_GFp == 0) + if (group->meth->group_set_curve == 0) { ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_set_curve_GFp(group, p, a, b, ctx); + return group->meth->group_set_curve(group, p, a, b, ctx); } int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_get_curve_GFp == 0) + if (group->meth->group_get_curve == 0) { ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_get_curve_GFp(group, p, a, b, ctx); + return group->meth->group_get_curve(group, p, a, b, ctx); } -int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_set_generator == 0) + if (group->meth->group_set_curve == 0) { - ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_set_generator(group, generator, order, cofactor); + return group->meth->group_set_curve(group, p, a, b, ctx); } -EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_get0_generator == 0) + if (group->meth->group_get_curve == 0) { - ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_get0_generator(group); + return group->meth->group_get_curve(group, p, a, b, ctx); } -int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) +int EC_GROUP_get_degree(const EC_GROUP *group) { - if (group->meth->group_get_order == 0) + if (group->meth->group_get_degree == 0) { - ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_get_order(group, order, ctx); + return group->meth->group_get_degree(group); } -int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { - if (group->meth->group_get_cofactor == 0) + if (group->meth->group_check_discriminant == 0) { - ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_get_cofactor(group, cofactor, ctx); + return group->meth->group_check_discriminant(group, ctx); } -/* this has 'package' visibility */ -int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) { - if ((group->extra_data != NULL) - || (group->extra_data_dup_func != 0) - || (group->extra_data_free_func != 0) - || (group->extra_data_clear_free_func != 0)) - { - ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + int r = 0; + BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; + BN_CTX *ctx_new = NULL; + + /* compare the field types*/ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; + /* compare the curve name (if present) */ + if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && + EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) return 0; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); + if (!ctx) + return -1; + + BN_CTX_start(ctx); + a1 = BN_CTX_get(ctx); + a2 = BN_CTX_get(ctx); + a3 = BN_CTX_get(ctx); + b1 = BN_CTX_get(ctx); + b2 = BN_CTX_get(ctx); + b3 = BN_CTX_get(ctx); + if (!b3) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; } - group->extra_data = extra_data; - group->extra_data_dup_func = extra_data_dup_func; - group->extra_data_free_func = extra_data_free_func; - group->extra_data_clear_free_func = extra_data_clear_free_func; - return 1; + /* XXX This approach assumes that the external representation + * of curves over the same field type is the same. + */ + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || + !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + r = 1; + + if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + r = 1; + + /* XXX EC_POINT_cmp() assumes that the methods are equal */ + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), + EC_GROUP_get0_generator(b), ctx)) + r = 1; + + if (!r) + { + /* compare the order and cofactor */ + if (!EC_GROUP_get_order(a, a1, ctx) || + !EC_GROUP_get_order(b, b1, ctx) || + !EC_GROUP_get_cofactor(a, a2, ctx) || + !EC_GROUP_get_cofactor(b, b2, ctx)) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + r = 1; + } + + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + + return r; } /* this has 'package' visibility */ -void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data_dup_func != extra_data_dup_func) - || (group->extra_data_free_func != extra_data_free_func) - || (group->extra_data_clear_free_func != extra_data_clear_free_func)) + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return 0; + + for (d = *ex_data; d != NULL; d = d->next) { -#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ - ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA); -#endif - return NULL; + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + { + ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); + return 0; + } } - return group->extra_data; + if (data == NULL) + /* no explicit entry needed */ + return 1; + + d = OPENSSL_malloc(sizeof *d); + if (d == NULL) + return 0; + + d->data = data; + d->dup_func = dup_func; + d->free_func = free_func; + d->clear_free_func = clear_free_func; + + d->next = *ex_data; + *ex_data = d; + + return 1; } +/* this has 'package' visibility */ +void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + const EC_EXTRA_DATA *d; + + for (d = ex_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + return d->data; + } + + return NULL; + } /* this has 'package' visibility */ -void EC_GROUP_free_extra_data(EC_GROUP *group) +void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); - group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; + EC_EXTRA_DATA **p; + + if (ex_data == NULL) + return; + + for (p = ex_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } } +/* this has 'package' visibility */ +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (ex_data == NULL) + return; + + for (p = ex_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->clear_free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } + } /* this has 'package' visibility */ -void EC_GROUP_clear_free_extra_data(EC_GROUP *group) +void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) { - if (group->extra_data_clear_free_func) - group->extra_data_clear_free_func(group->extra_data); - else if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); - group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return; + + d = *ex_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->free_func(d->data); + OPENSSL_free(d); + + d = next; + } + *ex_data = NULL; } +/* this has 'package' visibility */ +void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) + { + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return; + + d = *ex_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->clear_free_func(d->data); + OPENSSL_free(d); + + d = next; + } + *ex_data = NULL; + } /* functions for EC_POINT objects */ @@ -382,6 +765,25 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) } +EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) + { + EC_POINT *t; + int r; + + if (a == NULL) return NULL; + + t = EC_POINT_new(group); + if (t == NULL) return(NULL); + r = EC_POINT_copy(t, a); + if (!r) + { + EC_POINT_free(t); + return NULL; + } + else return t; + } + + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) { return point->meth; @@ -441,7 +843,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POI int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates_GFp == 0) + if (group->meth->point_set_affine_coordinates == 0) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -451,14 +853,31 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx); + return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + } + + +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) + { + if (group->meth->point_set_affine_coordinates == 0) + { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); } int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates_GFp == 0) + if (group->meth->point_get_affine_coordinates == 0) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -468,14 +887,31 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx); + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + } + + +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) + { + if (group->meth->point_get_affine_coordinates == 0) + { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates_GFp == 0) + if (group->meth->point_set_compressed_coordinates == 0) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -485,7 +921,24 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *poi ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx); + return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); + } + + +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) + { + if (group->meth->point_set_compressed_coordinates == 0) + { + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) + { + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); } @@ -559,12 +1012,12 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { if (group->meth->dbl == 0) { - ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != a->meth) { - ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); + ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->invert(group, a, ctx); @@ -654,3 +1107,58 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], } return group->meth->points_make_affine(group, num, points, ctx); } + + +/* Functions for point multiplication. + * + * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; + * otherwise we dispatch through methods. + */ + +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + } + +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) + { + /* just a convenient interface to EC_POINTs_mul() */ + + const EC_POINT *points[1]; + const BIGNUM *scalars[1]; + + points[0] = point; + scalars[0] = p_scalar; + + return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); + } + +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_precompute_mult(group, ctx); + + if (group->meth->precompute_mult != 0) + return group->meth->precompute_mult(group, ctx); + else + return 1; /* nothing to do, so report success */ + } + +int EC_GROUP_have_precompute_mult(const EC_GROUP *group) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_have_precompute_mult(group); + + if (group->meth->have_precompute_mult != 0) + return group->meth->have_precompute_mult(group); + else + return 0; /* cannot tell whether precomputation has been performed */ + } diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c index 16822a7..a045139 100644 --- a/crypto/openssl/crypto/ec/ec_mult.c +++ b/crypto/openssl/crypto/ec/ec_mult.c @@ -1,6 +1,9 @@ /* crypto/ec/ec_mult.c */ +/* + * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,41 +55,145 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ + +#include #include #include "ec_lcl.h" -/* TODO: optional precomputation of multiples of the generator */ +/* + * This file implements the wNAF-based interleaving multi-exponentation method + * (); + * for multiplication with precomputation, we use wNAF splitting + * (). + */ -/* - * wNAF-based interleaving multi-exponentation method - * () - */ +/* structure for precomputed multiples of the generator */ +typedef struct ec_pre_comp_st { + const EC_GROUP *group; /* parent EC_GROUP object */ + size_t blocksize; /* block size for wNAF splitting */ + size_t numblocks; /* max. number of blocks for which we have precomputation */ + size_t w; /* window size */ + EC_POINT **points; /* array with pre-calculated multiples of generator: + * 'num' pointers to EC_POINT objects followed by a NULL */ + size_t num; /* numblocks * 2^(w-1) */ + int references; +} EC_PRE_COMP; + +/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ +static void *ec_pre_comp_dup(void *); +static void ec_pre_comp_free(void *); +static void ec_pre_comp_clear_free(void *); + +static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) + { + EC_PRE_COMP *ret = NULL; + + if (!group) + return NULL; + + ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); + if (!ret) + return ret; + ret->group = group; + ret->blocksize = 8; /* default */ + ret->numblocks = 0; + ret->w = 4; /* default */ + ret->points = NULL; + ret->num = 0; + ret->references = 1; + return ret; + } + +static void *ec_pre_comp_dup(void *src_) + { + EC_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; + } + +static void ec_pre_comp_free(void *pre_) + { + int i; + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->points) + { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(pre->points); + } + OPENSSL_free(pre); + } + +static void ec_pre_comp_clear_free(void *pre_) + { + int i; + EC_PRE_COMP *pre = pre_; -/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->points) + { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_clear_free(*p); + OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_free(pre->points); + } + OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_free(pre); + } + + + + +/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying * scalar = \sum_j r[j]*2^j - * where at most one of any w+1 consecutive digits is non-zero. + * where at most one of any w+1 consecutive digits is non-zero + * with the exception that the most significant digit may be only + * w-1 zeros away from that next non-zero digit. */ -static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx) +static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { - BIGNUM *c; + int window_val; int ok = 0; signed char *r = NULL; int sign = 1; int bit, next_bit, mask; size_t len = 0, j; - BN_CTX_start(ctx); - c = BN_CTX_get(ctx); - if (c == NULL) goto err; - if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ { ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); @@ -96,60 +203,86 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B next_bit = bit << 1; /* at most 256 */ mask = next_bit - 1; /* at most 255 */ - if (!BN_copy(c, scalar)) goto err; - if (c->neg) + if (BN_is_negative(scalar)) { sign = -1; - c->neg = 0; } - len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */ - r = OPENSSL_malloc(len); + len = BN_num_bits(scalar); + r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation + * (*ret_len will be set to the actual length, i.e. at most + * BN_num_bits(scalar) + 1) */ if (r == NULL) goto err; + if (scalar->d == NULL || scalar->top == 0) + { + ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + window_val = scalar->d[0] & mask; j = 0; - while (!BN_is_zero(c)) + while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ { - int u = 0; + int digit = 0; + + /* 0 <= window_val <= 2^(w+1) */ - if (BN_is_odd(c)) + if (window_val & 1) { - if (c->d == NULL || c->top == 0) + /* 0 < window_val < 2^(w+1) */ + + if (window_val & bit) { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; + digit = window_val - next_bit; /* -2^w < digit < 0 */ + +#if 1 /* modified wNAF */ + if (j + w + 1 >= len) + { + /* special case for generating modified wNAFs: + * no new bits will be added into window_val, + * so using a positive digit here will decrease + * the total length of the representation */ + + digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ + } +#endif } - u = c->d[0] & mask; - if (u & bit) + else { - u -= next_bit; - /* u < 0 */ - if (!BN_add_word(c, -u)) goto err; + digit = window_val; /* 0 < digit < 2^w */ } - else + + if (digit <= -bit || digit >= bit || !(digit & 1)) { - /* u > 0 */ - if (!BN_sub_word(c, u)) goto err; + ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; } - if (u <= -bit || u >= bit || !(u & 1) || c->neg) + window_val -= digit; + + /* now window_val is 0 or 2^(w+1) in standard wNAF generation; + * for modified window NAFs, it may also be 2^w + */ + if (window_val != 0 && window_val != next_bit && window_val != bit) { ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); goto err; } } - r[j++] = sign * u; - - if (BN_is_odd(c)) + r[j++] = sign * digit; + + window_val >>= 1; + window_val += bit * BN_is_bit_set(scalar, j + w); + + if (window_val > next_bit) { ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); goto err; } - if (!BN_rshift1(c, c)) goto err; } - if (j > len) + if (j > len + 1) { ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); goto err; @@ -158,7 +291,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B ok = 1; err: - BN_CTX_end(ctx); if (!ok) { OPENSSL_free(r); @@ -181,7 +313,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B (b) >= 300 ? 4 : \ (b) >= 70 ? 3 : \ (b) >= 20 ? 2 : \ - 1)) + 1)) /* Compute * \sum scalars[i]*points[i], @@ -189,13 +321,15 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B * scalar*generator * in the addition if scalar != NULL */ -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - EC_POINT *generator = NULL; + const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; + size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ + size_t pre_points_per_block = 0; size_t i, j; int k; int r_is_inverted = 0; @@ -207,12 +341,15 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num_val; EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ + EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ + const EC_PRE_COMP *pre_comp = NULL; + int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, + * i.e. precomputation is not available */ int ret = 0; if (group->meth != r->meth) { - ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -221,59 +358,218 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, return EC_POINT_set_to_infinity(group, r); } - if (scalar != NULL) - { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR); - return 0; - } - } - for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) { - ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } } - totalnum = num + (scalar != NULL); + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + } - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); - if (wNAF != NULL) + if (scalar != NULL) { - wNAF[0] = NULL; /* preliminary pivot */ + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); + goto err; + } + + /* look if we can use precomputed multiples of generator */ + + pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) + { + blocksize = pre_comp->blocksize; + + /* determine maximum number of blocks that wNAF splitting may yield + * (NB: maximum wNAF length is bit length plus one) */ + numblocks = (BN_num_bits(scalar) / blocksize) + 1; + + /* we cannot use more blocks than we have precomputation for */ + if (numblocks > pre_comp->numblocks) + numblocks = pre_comp->numblocks; + + pre_points_per_block = 1u << (pre_comp->w - 1); + + /* check that pre_comp looks sane */ + if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + } + else + { + /* can't use precomputation */ + pre_comp = NULL; + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ + } } - if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err; + + totalnum = num + numblocks; - /* num_val := total number of points to precompute */ + wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); + wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ + val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + + if (!wsize || !wNAF_len || !wNAF || !val_sub) + goto err; + + wNAF[0] = NULL; /* preliminary pivot */ + + /* num_val will be the total number of temporarily precomputed points */ num_val = 0; - for (i = 0; i < totalnum; i++) + + for (i = 0; i < num + num_scalar; i++) { size_t bits; bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); num_val += 1u << (wsize[i] - 1); + wNAF[i + 1] = NULL; /* make sure we always have a pivot */ + wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); + if (wNAF[i] == NULL) + goto err; + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + } + + if (numblocks) + { + /* we go here iff scalar != NULL */ + + if (pre_comp == NULL) + { + if (num_scalar != 1) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + /* we have already generated a wNAF for 'scalar' */ + } + else + { + signed char *tmp_wNAF = NULL; + size_t tmp_len = 0; + + if (num_scalar != 0) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + + /* use the window size for which we have precomputation */ + wsize[num] = pre_comp->w; + tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); + if (!tmp_wNAF) + goto err; + + if (tmp_len <= max_len) + { + /* One of the other wNAFs is at least as long + * as the wNAF belonging to the generator, + * so wNAF splitting will not buy us anything. */ + + numblocks = 1; + totalnum = num + 1; /* don't use wNAF splitting */ + wNAF[num] = tmp_wNAF; + wNAF[num + 1] = NULL; + wNAF_len[num] = tmp_len; + if (tmp_len > max_len) + max_len = tmp_len; + /* pre_comp->points starts with the points that we need here: */ + val_sub[num] = pre_comp->points; + } + else + { + /* don't include tmp_wNAF directly into wNAF array + * - use wNAF splitting and include the blocks */ + + signed char *pp; + EC_POINT **tmp_points; + + if (tmp_len < numblocks * blocksize) + { + /* possibly we can do with fewer blocks than estimated */ + numblocks = (tmp_len + blocksize - 1) / blocksize; + if (numblocks > pre_comp->numblocks) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + totalnum = num + numblocks; + } + + /* split wNAF in 'numblocks' parts */ + pp = tmp_wNAF; + tmp_points = pre_comp->points; + + for (i = num; i < totalnum; i++) + { + if (i < totalnum - 1) + { + wNAF_len[i] = blocksize; + if (tmp_len < blocksize) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + tmp_len -= blocksize; + } + else + /* last block gets whatever is left + * (this could be more or less than 'blocksize'!) */ + wNAF_len[i] = tmp_len; + + wNAF[i + 1] = NULL; + wNAF[i] = OPENSSL_malloc(wNAF_len[i]); + if (wNAF[i] == NULL) + { + OPENSSL_free(tmp_wNAF); + goto err; + } + memcpy(wNAF[i], pp, wNAF_len[i]); + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + + if (*tmp_points == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); + goto err; + } + val_sub[i] = tmp_points; + tmp_points += pre_points_per_block; + pp += blocksize; + } + OPENSSL_free(tmp_wNAF); + } + } } - /* all precomputed points go into a single array 'val', - * 'val_sub[i]' is a pointer to the subarray for the i-th point */ + /* All points we precompute now go into a single array 'val'. + * 'val_sub[i]' is a pointer to the subarray for the i-th point, + * or to a subarray of 'pre_comp->points' if we already have precomputation. */ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); if (val == NULL) goto err; val[num_val] = NULL; /* pivot element */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); - if (val_sub == NULL) goto err; - /* allocate points for precomputation */ v = val; - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { val_sub[i] = v; for (j = 0; j < (1u << (wsize[i] - 1)); j++) @@ -285,19 +581,12 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if (!(v == val + num_val)) { - ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); goto err; } - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - - tmp = EC_POINT_new(group); - if (tmp == NULL) goto err; + if (!(tmp = EC_POINT_new(group))) + goto err; /* prepare precomputed values: * val_sub[i][0] := points[i] @@ -305,7 +594,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * val_sub[i][2] := 5 * points[i] * ... */ - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { if (i < num) { @@ -324,16 +613,11 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; } } - - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx); - if (wNAF[i] == NULL) goto err; - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; } #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + goto err; #endif r_is_at_infinity = 1; @@ -429,57 +713,198 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) - { - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; - - points[0] = point; - scalars[0] = p_scalar; - - return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); - } - - -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +/* ec_wNAF_precompute_mult() + * creates an EC_PRE_COMP object with preprecomputed multiples of the generator + * for use with wNAF splitting as implemented in ec_wNAF_mul(). + * + * 'pre_comp->points' is an array of multiples of the generator + * of the following form: + * points[0] = generator; + * points[1] = 3 * generator; + * ... + * points[2^(w-1)-1] = (2^(w-1)-1) * generator; + * points[2^(w-1)] = 2^blocksize * generator; + * points[2^(w-1)+1] = 3 * 2^blocksize * generator; + * ... + * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator + * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator + * ... + * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator + * points[2^(w-1)*numblocks] = NULL + */ +int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { const EC_POINT *generator; + EC_POINT *tmp_point = NULL, *base = NULL, **var; BN_CTX *new_ctx = NULL; BIGNUM *order; + size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; + EC_POINT **points = NULL; + EC_PRE_COMP *pre_comp; int ret = 0; + /* if there is an old EC_PRE_COMP object, throw it away */ + EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if ((pre_comp = ec_pre_comp_new(group)) == NULL) + return 0; + generator = EC_GROUP_get0_generator(group); if (generator == NULL) { - ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); - return 0; + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); + goto err; } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) - return 0; + goto err; } BN_CTX_start(ctx); order = BN_CTX_get(ctx); if (order == NULL) goto err; - if (!EC_GROUP_get_order(group, order, ctx)) return 0; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; if (BN_is_zero(order)) { - ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); goto err; } - /* TODO */ + bits = BN_num_bits(order); + /* The following parameters mean we precompute (approximately) + * one point per bit. + * + * TBD: The combination 8, 4 is perfect for 160 bits; for other + * bit lengths, other parameter combinations might provide better + * efficiency. + */ + blocksize = 8; + w = 4; + if (EC_window_bits_for_scalar_size(bits) > w) + { + /* let's not make the window too small ... */ + w = EC_window_bits_for_scalar_size(bits); + } - ret = 1; + numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ + + pre_points_per_block = 1u << (w - 1); + num = pre_points_per_block * numblocks; /* number of points to compute and store */ + + points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); + if (!points) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + var = points; + var[num] = NULL; /* pivot */ + for (i = 0; i < num; i++) + { + if ((var[i] = EC_POINT_new(group)) == NULL) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_copy(base, generator)) + goto err; + + /* do the precomputation */ + for (i = 0; i < numblocks; i++) + { + size_t j; + + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + goto err; + + if (!EC_POINT_copy(*var++, base)) + goto err; + + for (j = 1; j < pre_points_per_block; j++, var++) + { + /* calculate odd multiples of the current base point */ + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + goto err; + } + + if (i < numblocks - 1) + { + /* get the next base (multiply current one by 2^blocksize) */ + size_t k; + + if (blocksize <= 2) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + goto err; + for (k = 2; k < blocksize; k++) + { + if (!EC_POINT_dbl(group,base,base,ctx)) + goto err; + } + } + } + + if (!EC_POINTs_make_affine(group, num, points, ctx)) + goto err; + pre_comp->group = group; + pre_comp->blocksize = blocksize; + pre_comp->numblocks = numblocks; + pre_comp->w = w; + pre_comp->points = points; + points = NULL; + pre_comp->num = num; + + if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, + ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + pre_comp = NULL; + + ret = 1; err: - BN_CTX_end(ctx); + if (ctx != NULL) + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); + if (pre_comp) + ec_pre_comp_free(pre_comp); + if (points) + { + EC_POINT **p; + + for (p = points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(points); + } + if (tmp_point) + EC_POINT_free(tmp_point); + if (base) + EC_POINT_free(base); return ret; } + + +int ec_wNAF_have_precompute_mult(const EC_GROUP *group) + { + if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) + return 1; + else + return 0; + } diff --git a/crypto/openssl/crypto/ec/ec_print.c b/crypto/openssl/crypto/ec/ec_print.c new file mode 100644 index 0000000..f7c8a30 --- /dev/null +++ b/crypto/openssl/crypto/ec/ec_print.c @@ -0,0 +1,195 @@ +/* crypto/ec/ec_print.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "ec_lcl.h" + +BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, + const EC_POINT *point, + point_conversion_form_t form, + BIGNUM *ret, + BN_CTX *ctx) + { + size_t buf_len=0; + unsigned char *buf; + + buf_len = EC_POINT_point2oct(group, point, form, + NULL, 0, ctx); + if (buf_len == 0) + return NULL; + + if ((buf = OPENSSL_malloc(buf_len)) == NULL) + return NULL; + + if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) + { + OPENSSL_free(buf); + return NULL; + } + + ret = BN_bin2bn(buf, buf_len, ret); + + OPENSSL_free(buf); + + return ret; +} + +EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, + const BIGNUM *bn, + EC_POINT *point, + BN_CTX *ctx) + { + size_t buf_len=0; + unsigned char *buf; + EC_POINT *ret; + + if ((buf_len = BN_num_bytes(bn)) == 0) return NULL; + buf = OPENSSL_malloc(buf_len); + if (buf == NULL) + return NULL; + + if (!BN_bn2bin(bn, buf)) + { + OPENSSL_free(buf); + return NULL; + } + + if (point == NULL) + { + if ((ret = EC_POINT_new(group)) == NULL) + { + OPENSSL_free(buf); + return NULL; + } + } + else + ret = point; + + if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) + { + if (point == NULL) + EC_POINT_clear_free(ret); + OPENSSL_free(buf); + return NULL; + } + + OPENSSL_free(buf); + return ret; + } + +static const char *HEX_DIGITS = "0123456789ABCDEF"; + +/* the return value must be freed (using OPENSSL_free()) */ +char *EC_POINT_point2hex(const EC_GROUP *group, + const EC_POINT *point, + point_conversion_form_t form, + BN_CTX *ctx) + { + char *ret, *p; + size_t buf_len=0,i; + unsigned char *buf, *pbuf; + + buf_len = EC_POINT_point2oct(group, point, form, + NULL, 0, ctx); + if (buf_len == 0) + return NULL; + + if ((buf = OPENSSL_malloc(buf_len)) == NULL) + return NULL; + + if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) + { + OPENSSL_free(buf); + return NULL; + } + + ret = (char *)OPENSSL_malloc(buf_len*2+2); + if (ret == NULL) + { + OPENSSL_free(buf); + return NULL; + } + p = ret; + pbuf = buf; + for (i=buf_len; i > 0; i--) + { + int v = (int) *(pbuf++); + *(p++)=HEX_DIGITS[v>>4]; + *(p++)=HEX_DIGITS[v&0x0F]; + } + *p='\0'; + + OPENSSL_free(buf); + + return ret; + } + +EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, + const char *buf, + EC_POINT *point, + BN_CTX *ctx) + { + EC_POINT *ret=NULL; + BIGNUM *tmp_bn=NULL; + + if (!BN_hex2bn(&tmp_bn, buf)) + return NULL; + + ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); + + BN_clear_free(tmp_bn); + + return ret; + } diff --git a/crypto/openssl/crypto/ec/ecp_mont.c b/crypto/openssl/crypto/ec/ecp_mont.c index 7b30d4c..9fc4a46 100644 --- a/crypto/openssl/crypto/ec/ecp_mont.c +++ b/crypto/openssl/crypto/ec/ecp_mont.c @@ -1,4 +1,7 @@ /* crypto/ec/ecp_mont.c */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -52,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ #include @@ -61,16 +69,15 @@ const EC_METHOD *EC_GFp_mont_method(void) { static const EC_METHOD ret = { + NID_X9_62_prime_field, ec_GFp_mont_group_init, ec_GFp_mont_group_finish, ec_GFp_mont_group_clear_finish, ec_GFp_mont_group_copy, - ec_GFp_mont_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, + ec_GFp_mont_group_set_curve, + ec_GFp_simple_group_get_curve, + ec_GFp_simple_group_get_degree, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, @@ -78,9 +85,9 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_point_set_to_infinity, ec_GFp_simple_set_Jprojective_coordinates_GFp, ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, + ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_simple_point_get_affine_coordinates, + ec_GFp_simple_set_compressed_coordinates, ec_GFp_simple_point2oct, ec_GFp_simple_oct2point, ec_GFp_simple_add, @@ -91,8 +98,12 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_mont_field_mul, ec_GFp_mont_field_sqr, + 0 /* field_div */, ec_GFp_mont_field_encode, ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; @@ -112,66 +123,6 @@ int ec_GFp_mont_group_init(EC_GROUP *group) } -int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { - BN_CTX *new_ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *one = NULL; - int ret = 0; - - if (group->field_data1 != NULL) - { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) - { - BN_free(group->field_data2); - group->field_data2 = NULL; - } - - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - mont = BN_MONT_CTX_new(); - if (mont == NULL) goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) - { - ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB); - goto err; - } - one = BN_new(); - if (one == NULL) goto err; - if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; - - group->field_data1 = mont; - mont = NULL; - group->field_data2 = one; - one = NULL; - - ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx); - - if (!ret) - { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - BN_free(group->field_data2); - group->field_data2 = NULL; - } - - err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (mont != NULL) - BN_MONT_CTX_free(mont); - return ret; - } - - void ec_GFp_mont_group_finish(EC_GROUP *group) { if (group->field_data1 != NULL) @@ -243,6 +194,66 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) } +int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; + BN_MONT_CTX *mont = NULL; + BIGNUM *one = NULL; + int ret = 0; + + if (group->field_data1 != NULL) + { + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + } + if (group->field_data2 != NULL) + { + BN_free(group->field_data2); + group->field_data2 = NULL; + } + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + + mont = BN_MONT_CTX_new(); + if (mont == NULL) goto err; + if (!BN_MONT_CTX_set(mont, p, ctx)) + { + ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); + goto err; + } + one = BN_new(); + if (one == NULL) goto err; + if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; + + group->field_data1 = mont; + mont = NULL; + group->field_data2 = one; + one = NULL; + + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + + if (!ret) + { + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_free(group->field_data2); + group->field_data2 = NULL; + } + + err: + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + if (mont != NULL) + BN_MONT_CTX_free(mont); + return ret; + } + + int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (group->field_data1 == NULL) @@ -295,7 +306,7 @@ int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) { if (group->field_data2 == NULL) { - ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); + ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); return 0; } diff --git a/crypto/openssl/crypto/ec/ecp_nist.c b/crypto/openssl/crypto/ec/ecp_nist.c index ed07748..71893d5 100644 --- a/crypto/openssl/crypto/ec/ecp_nist.c +++ b/crypto/openssl/crypto/ec/ecp_nist.c @@ -1,6 +1,9 @@ /* crypto/ec/ecp_nist.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,23 +55,30 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ +#include + +#include +#include #include "ec_lcl.h" -#if 0 const EC_METHOD *EC_GFp_nist_method(void) { static const EC_METHOD ret = { - ec_GFp_nist_group_init, - ec_GFp_nist_group_finish, - ec_GFp_nist_group_clear_finish, + NID_X9_62_prime_field, + ec_GFp_simple_group_init, + ec_GFp_simple_group_finish, + ec_GFp_simple_group_clear_finish, ec_GFp_nist_group_copy, - ec_GFp_nist_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, + ec_GFp_nist_group_set_curve, + ec_GFp_simple_group_get_curve, + ec_GFp_simple_group_get_degree, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, @@ -76,9 +86,9 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_point_set_to_infinity, ec_GFp_simple_set_Jprojective_coordinates_GFp, ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, + ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_simple_point_get_affine_coordinates, + ec_GFp_simple_set_compressed_coordinates, ec_GFp_simple_point2oct, ec_GFp_simple_oct2point, ec_GFp_simple_add, @@ -89,46 +99,138 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, + 0 /* field_div */, 0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */ }; return &ret; } -#endif +#if BN_BITS2 == 64 +#define NO_32_BIT_TYPE +#endif -int ec_GFp_nist_group_init(EC_GROUP *group) +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) { - int ok; + dest->field_mod_func = src->field_mod_func; - ok = ec_GFp_simple_group_init(group); - group->field_data1 = NULL; - return ok; + return ec_GFp_simple_group_copy(dest, src); } - -int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ - - -void ec_GFp_nist_group_finish(EC_GROUP *group); -/* TODO */ - - -void ec_GFp_nist_group_clear_finish(EC_GROUP *group); -/* TODO */ - - -int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); -/* TODO */ +int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + { + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *tmp_bn; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; + + BN_CTX_start(ctx); + if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err; + + if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) + group->field_mod_func = BN_nist_mod_192; + else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) + { +#ifndef NO_32_BIT_TYPE + group->field_mod_func = BN_nist_mod_224; +#else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); + goto err; +#endif + } + else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) + { +#ifndef NO_32_BIT_TYPE + group->field_mod_func = BN_nist_mod_256; +#else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); + goto err; +#endif + } + else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) + { +#ifndef NO_32_BIT_TYPE + group->field_mod_func = BN_nist_mod_384; +#else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); + goto err; +#endif + } + else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) + /* this one works in the NO_32_BIT_TYPE case */ + group->field_mod_func = BN_nist_mod_521; + else + { + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); + goto err; + } + + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; + } -int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ +int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) + { + int ret=0; + BN_CTX *ctx_new=NULL; + + if (!group || !r || !a || !b) + { + ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if (!ctx) + if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; + + if (!BN_mul(r, a, b, ctx)) goto err; + if (!group->field_mod_func(r, r, &group->field, ctx)) + goto err; + + ret=1; +err: + if (ctx_new) + BN_CTX_free(ctx_new); + return ret; + } -int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -/* TODO */ +int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) + { + int ret=0; + BN_CTX *ctx_new=NULL; + + if (!group || !r || !a) + { + ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); + goto err; + } + if (!ctx) + if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; + + if (!BN_sqr(r, a, ctx)) goto err; + if (!group->field_mod_func(r, r, &group->field, ctx)) + goto err; + + ret=1; +err: + if (ctx_new) + BN_CTX_free(ctx_new); + return ret; + } diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c index e9a51fb..4d26f8b 100644 --- a/crypto/openssl/crypto/ec/ecp_smpl.c +++ b/crypto/openssl/crypto/ec/ecp_smpl.c @@ -1,8 +1,10 @@ /* crypto/ec/ecp_smpl.c */ /* Includes code written by Lenka Fibikova - * for the OpenSSL project. */ + * for the OpenSSL project. + * Includes code written by Bodo Moeller for the OpenSSL project. +*/ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -54,25 +56,29 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ #include +#include #include "ec_lcl.h" - const EC_METHOD *EC_GFp_simple_method(void) { static const EC_METHOD ret = { + NID_X9_62_prime_field, ec_GFp_simple_group_init, ec_GFp_simple_group_finish, ec_GFp_simple_group_clear_finish, ec_GFp_simple_group_copy, - ec_GFp_simple_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, + ec_GFp_simple_group_set_curve, + ec_GFp_simple_group_get_curve, + ec_GFp_simple_group_get_degree, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, @@ -80,9 +86,9 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_point_set_to_infinity, ec_GFp_simple_set_Jprojective_coordinates_GFp, ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, + ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_simple_point_get_affine_coordinates, + ec_GFp_simple_set_compressed_coordinates, ec_GFp_simple_point2oct, ec_GFp_simple_oct2point, ec_GFp_simple_add, @@ -93,8 +99,12 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr, + 0 /* field_div */, 0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */ }; @@ -103,15 +113,26 @@ const EC_METHOD *EC_GFp_simple_method(void) } +/* Most method functions in this file are designed to work with + * non-trivial representations of field elements if necessary + * (see ecp_mont.c): while standard modular addition and subtraction + * are used, the field_mul and field_sqr methods will be used for + * multiplication, and field_encode and field_decode (if defined) + * will be used for converting between representations. + + * Functions ec_GFp_simple_points_make_affine() and + * ec_GFp_simple_point_get_affine_coordinates() specifically assume + * that if a non-trivial representation is used, it is a Montgomery + * representation (i.e. 'encoding' means multiplying by some factor R). + */ + + int ec_GFp_simple_group_init(EC_GROUP *group) { BN_init(&group->field); BN_init(&group->a); BN_init(&group->b); group->a_is_minus3 = 0; - group->generator = NULL; - BN_init(&group->order); - BN_init(&group->cofactor); return 1; } @@ -121,10 +142,6 @@ void ec_GFp_simple_group_finish(EC_GROUP *group) BN_free(&group->field); BN_free(&group->a); BN_free(&group->b); - if (group->generator != NULL) - EC_POINT_free(group->generator); - BN_free(&group->order); - BN_free(&group->cofactor); } @@ -133,13 +150,6 @@ void ec_GFp_simple_group_clear_finish(EC_GROUP *group) BN_clear_free(&group->field); BN_clear_free(&group->a); BN_clear_free(&group->b); - if (group->generator != NULL) - { - EC_POINT_clear_free(group->generator); - group->generator = NULL; - } - BN_clear_free(&group->order); - BN_clear_free(&group->cofactor); } @@ -151,33 +161,11 @@ int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) dest->a_is_minus3 = src->a_is_minus3; - if (src->generator != NULL) - { - if (dest->generator == NULL) - { - dest->generator = EC_POINT_new(dest); - if (dest->generator == NULL) return 0; - } - if (!EC_POINT_copy(dest->generator, src->generator)) return 0; - } - else - { - /* src->generator == NULL */ - if (dest->generator != NULL) - { - EC_POINT_clear_free(dest->generator); - dest->generator = NULL; - } - } - - if (!BN_copy(&dest->order, &src->order)) return 0; - if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; - return 1; } -int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, +int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { int ret = 0; @@ -187,7 +175,7 @@ int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, /* p must be a prime > 3 */ if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD); + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); return 0; } @@ -204,7 +192,7 @@ int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, /* group->field */ if (!BN_copy(&group->field, p)) goto err; - group->field.neg = 0; + BN_set_negative(&group->field, 0); /* group->a */ if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; @@ -232,7 +220,7 @@ int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, } -int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { int ret = 0; BN_CTX *new_ctx = NULL; @@ -283,58 +271,76 @@ int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM * } +int ec_GFp_simple_group_get_degree(const EC_GROUP *group) + { + return BN_num_bits(&group->field); + } + -int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor) +int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { - if (generator == NULL) + int ret = 0; + BIGNUM *a,*b,*order,*tmp_1,*tmp_2; + const BIGNUM *p = &group->field; + BN_CTX *new_ctx = NULL; + + if (ctx == NULL) { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); - return 0 ; + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); + goto err; + } } + BN_CTX_start(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + tmp_1 = BN_CTX_get(ctx); + tmp_2 = BN_CTX_get(ctx); + order = BN_CTX_get(ctx); + if (order == NULL) goto err; - if (group->generator == NULL) + if (group->meth->field_decode) { - group->generator = EC_POINT_new(group); - if (group->generator == NULL) return 0; + if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; + if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; } - if (!EC_POINT_copy(group->generator, generator)) return 0; - - if (order != NULL) - { if (!BN_copy(&group->order, order)) return 0; } - else - { if (!BN_zero(&group->order)) return 0; } - - if (cofactor != NULL) - { if (!BN_copy(&group->cofactor, cofactor)) return 0; } else - { if (!BN_zero(&group->cofactor)) return 0; } - - return 1; - } - - -EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group) - { - return group->generator; - } - - -int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) - { - if (!BN_copy(order, &group->order)) - return 0; - - return !BN_is_zero(&group->order); - } + { + if (!BN_copy(a, &group->a)) goto err; + if (!BN_copy(b, &group->b)) goto err; + } + + /* check the discriminant: + * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) + * 0 =< a, b < p */ + if (BN_is_zero(a)) + { + if (BN_is_zero(b)) goto err; + } + else if (!BN_is_zero(b)) + { + if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err; + if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err; + if (!BN_lshift(tmp_1, tmp_2, 2)) goto err; + /* tmp_1 = 4*a^3 */ + if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err; + if (!BN_mul_word(tmp_2, 27)) goto err; + /* tmp_2 = 27*b^2 */ -int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) - { - if (!BN_copy(cofactor, &group->cofactor)) - return 0; + if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err; + if (BN_is_zero(a)) goto err; + } + ret = 1; - return !BN_is_zero(&group->cofactor); +err: + if (ctx != NULL) + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + return ret; } @@ -380,7 +386,8 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) { point->Z_is_one = 0; - return (BN_zero(&point->Z)); + BN_zero(&point->Z); + return 1; } @@ -497,13 +504,13 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const E } -int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, +int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { if (x == NULL || y == NULL) { /* unlike for projective coordinates, we do not tolerate this */ - ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -511,17 +518,17 @@ int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POI } -int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, +int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3; - const BIGNUM *X_, *Y_, *Z_; + BIGNUM *Z, *Z_1, *Z_2, *Z_3; + const BIGNUM *Z_; int ret = 0; if (EC_POINT_is_at_infinity(group, point)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY); + ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); return 0; } @@ -533,8 +540,6 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const } BN_CTX_start(ctx); - X = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); Z = BN_CTX_get(ctx); Z_1 = BN_CTX_get(ctx); Z_2 = BN_CTX_get(ctx); @@ -545,34 +550,44 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const if (group->meth->field_decode) { - if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err; - if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err; if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err; - X_ = X; Y_ = Y; Z_ = Z; + Z_ = Z; } else { - X_ = &point->X; - Y_ = &point->Y; Z_ = &point->Z; } if (BN_is_one(Z_)) { - if (x != NULL) + if (group->meth->field_decode) { - if (!BN_copy(x, X_)) goto err; + if (x != NULL) + { + if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; + } + if (y != NULL) + { + if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; + } } - if (y != NULL) + else { - if (!BN_copy(y, Y_)) goto err; + if (x != NULL) + { + if (!BN_copy(x, &point->X)) goto err; + } + if (y != NULL) + { + if (!BN_copy(y, &point->Y)) goto err; + } } } else { if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB); + ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); goto err; } @@ -588,15 +603,8 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const if (x != NULL) { - if (group->meth->field_encode == 0) - { - /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err; - } - else - { - if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err; - } + /* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */ + if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err; } if (y != NULL) @@ -605,14 +613,14 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const { /* field_mul works on standard representation */ if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; - if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err; - } else { if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err; - if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err; } + + /* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */ + if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err; } } @@ -626,13 +634,16 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const } -int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, +int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x_, int y_bit, BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BIGNUM *tmp1, *tmp2, *x, *y; int ret = 0; + /* clear error queue*/ + ERR_clear_error(); + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); @@ -704,19 +715,17 @@ int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { - unsigned long err = ERR_peek_error(); + unsigned long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { - (void)ERR_get_error(); - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT); + ERR_clear_error(); + ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); } else - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB); + ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); goto err; } - /* If tmp1 is not a square (i.e. there is no point on the curve with - * our x), then y now is a nonsense value too */ if (y_bit != BN_is_odd(y)) { @@ -728,16 +737,17 @@ int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT if (kron == -2) goto err; if (kron == 1) - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT); + ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT); else - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT); + /* BN_mod_sqrt() should have cought this error (not a square) */ + ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); goto err; } if (!BN_usub(y, &group->field, y)) goto err; } if (y_bit != BN_is_odd(y)) { - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR); + ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR); goto err; } @@ -1088,7 +1098,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, con else { /* a is the inverse of b */ - if (!BN_zero(&r->Z)) goto end; + BN_zero(&r->Z); r->Z_is_one = 0; ret = 1; goto end; @@ -1164,7 +1174,7 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_ if (EC_POINT_is_at_infinity(group, a)) { - if (!BN_zero(&r->Z)) return 0; + BN_zero(&r->Z); r->Z_is_one = 0; return 1; } @@ -1292,7 +1302,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); const BIGNUM *p; BN_CTX *new_ctx = NULL; - BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6; + BIGNUM *rh, *tmp, *Z4, *Z6; int ret = -1; if (EC_POINT_is_at_infinity(group, point)) @@ -1311,8 +1321,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C BN_CTX_start(ctx); rh = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); Z4 = BN_CTX_get(ctx); Z6 = BN_CTX_get(ctx); if (Z6 == NULL) goto err; @@ -1326,59 +1335,49 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C * To test this, we add up the right-hand side in 'rh'. */ - /* rh := X^3 */ + /* rh := X^2 */ if (!field_sqr(group, rh, &point->X, ctx)) goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; if (!point->Z_is_one) { - if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err; - if (!field_sqr(group, Z4, tmp1, ctx)) goto err; - if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err; + if (!field_sqr(group, tmp, &point->Z, ctx)) goto err; + if (!field_sqr(group, Z4, tmp, ctx)) goto err; + if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err; - /* rh := rh + a*X*Z^4 */ - if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err; + /* rh := (rh + a*Z^4)*X */ if (group->a_is_minus3) { - if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err; - if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err; - if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err; + if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err; + if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err; + if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err; + if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; } else { - if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err; - if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err; + if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err; + if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; + if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; } /* rh := rh + b*Z^6 */ - if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err; - if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err; + if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err; + if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; } else { /* point->Z_is_one */ - /* rh := rh + a*X */ - if (group->a_is_minus3) - { - if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err; - if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err; - if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err; - } - else - { - if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err; - if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err; - } - + /* rh := (rh + a)*X */ + if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err; + if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; /* rh := rh + b */ if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err; } /* 'lh' := Y^2 */ - if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err; + if (!field_sqr(group, tmp, &point->Y, ctx)) goto err; - ret = (0 == BN_cmp(tmp1, rh)); + ret = (0 == BN_ucmp(tmp, rh)); err: BN_CTX_end(ctx); diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c index 345d3e4..9d469f1 100644 --- a/crypto/openssl/crypto/ec/ectest.c +++ b/crypto/openssl/crypto/ec/ectest.c @@ -1,4 +1,7 @@ /* crypto/ec/ectest.c */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -52,6 +55,19 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #include #include @@ -74,6 +90,15 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include #endif #include +#include +#include +#include +#include + +#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) +/* suppress "too big too optimize" warning */ +#pragma warning(disable:4959) +#endif #define ABORT do { \ fflush(stdout); \ @@ -82,47 +107,59 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur EXIT(1); \ } while (0) +void prime_field_tests(void); +void char2_field_tests(void); +void internal_curve_test(void); + +#define TIMING_BASE_PT 0 +#define TIMING_RAND_PT 1 +#define TIMING_SIMUL 2 + #if 0 -static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) +static void timings(EC_GROUP *group, int type, BN_CTX *ctx) { clock_t clck; int i, j; - BIGNUM *s, *s0; + BIGNUM *s; + BIGNUM *r[10], *r0[10]; EC_POINT *P; s = BN_new(); - s0 = BN_new(); - if (s == NULL || s0 == NULL) ABORT; + if (s == NULL) ABORT; - if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT; - fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s)); + fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group)); if (!EC_GROUP_get_order(group, s, ctx)) ABORT; - fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s)); + fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s)); fflush(stdout); P = EC_POINT_new(group); if (P == NULL) ABORT; EC_POINT_copy(P, EC_GROUP_get0_generator(group)); - clck = clock(); for (i = 0; i < 10; i++) { - if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT; - if (multi) + if ((r[i] = BN_new()) == NULL) ABORT; + if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT; + if (type != TIMING_BASE_PT) { - if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT; + if ((r0[i] = BN_new()) == NULL) ABORT; + if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT; } + } + + clck = clock(); + for (i = 0; i < 10; i++) + { for (j = 0; j < 10; j++) { - if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT; + if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, + (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT; } - fprintf(stdout, "."); - fflush(stdout); } - fprintf(stdout, "\n"); - clck = clock() - clck; + fprintf(stdout, "\n"); + #ifdef CLOCKS_PER_SEC /* "To determine the time in seconds, the value returned * by the clock function should be divided by the value @@ -136,43 +173,40 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) # define CLOCKS_PER_SEC 1 #endif - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, - multi ? "s*P+t*Q operations" : "point multiplications", - (double)clck/CLOCKS_PER_SEC); + if (type == TIMING_BASE_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "base point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_RAND_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "random point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_SIMUL) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC); + } fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); EC_POINT_free(P); BN_free(s); - BN_free(s0); + for (i = 0; i < 10; i++) + { + BN_free(r[i]); + if (type != TIMING_BASE_PT) BN_free(r0[i]); + } } #endif -int main(int argc, char *argv[]) +void prime_field_tests() { BN_CTX *ctx = NULL; BIGNUM *p, *a, *b; EC_GROUP *group; - EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; BIGNUM *x, *y, *z; unsigned char buf[100]; size_t i, len; int k; - /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) - { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } - else - { - /* OPENSSL_DEBUG_MEMORY=off */ - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ERR_load_crypto_strings(); - #if 1 /* optional */ ctx = BN_CTX_new(); if (!ctx) ABORT; @@ -197,7 +231,7 @@ int main(int argc, char *argv[]) EC_GROUP *tmp; tmp = EC_GROUP_new(EC_GROUP_method_of(group)); if (!tmp) ABORT; - if (!EC_GROUP_copy(tmp, group)); + if (!EC_GROUP_copy(tmp, group)) ABORT; EC_GROUP_free(group); group = tmp; } @@ -317,10 +351,56 @@ int main(int argc, char *argv[]) if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; + /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) + * -- not a NIST curve, but commonly used */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; + if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; + + if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; + if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; + if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (0 != BN_cmp(y, z)) ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 160) ABORT; + fprintf(stdout, " ok\n"); + + fprintf(stdout, "verify group order ..."); + fflush(stdout); + if (!EC_GROUP_get_order(group, z, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, "."); + fflush(stdout); + if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, " ok\n"); + + if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; + if (!EC_GROUP_copy(P_160, group)) ABORT; + + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; @@ -340,6 +420,10 @@ int main(int argc, char *argv[]) /* G_y value taken from the standard: */ if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT; if (0 != BN_cmp(y, z)) ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 192) ABORT; + fprintf(stdout, " ok\n"); fprintf(stdout, "verify group order ..."); fflush(stdout); @@ -348,7 +432,9 @@ int main(int argc, char *argv[]) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); +#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; +#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -360,7 +446,7 @@ int main(int argc, char *argv[]) /* Curve P-224 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; @@ -381,6 +467,10 @@ int main(int argc, char *argv[]) if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT; if (0 != BN_cmp(y, z)) ABORT; + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 224) ABORT; + fprintf(stdout, " ok\n"); + fprintf(stdout, "verify group order ..."); fflush(stdout); if (!EC_GROUP_get_order(group, z, ctx)) ABORT; @@ -388,7 +478,9 @@ int main(int argc, char *argv[]) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); +#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; +#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -400,7 +492,7 @@ int main(int argc, char *argv[]) /* Curve P-256 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; @@ -422,6 +514,10 @@ int main(int argc, char *argv[]) if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT; if (0 != BN_cmp(y, z)) ABORT; + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 256) ABORT; + fprintf(stdout, " ok\n"); + fprintf(stdout, "verify group order ..."); fflush(stdout); if (!EC_GROUP_get_order(group, z, ctx)) ABORT; @@ -429,7 +525,9 @@ int main(int argc, char *argv[]) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); +#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; +#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -442,7 +540,7 @@ int main(int argc, char *argv[]) if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" @@ -468,6 +566,10 @@ int main(int argc, char *argv[]) "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT; if (0 != BN_cmp(y, z)) ABORT; + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 384) ABORT; + fprintf(stdout, " ok\n"); + fprintf(stdout, "verify group order ..."); fflush(stdout); if (!EC_GROUP_get_order(group, z, ctx)) ABORT; @@ -475,7 +577,9 @@ int main(int argc, char *argv[]) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); +#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; +#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -489,7 +593,7 @@ int main(int argc, char *argv[]) if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; @@ -520,6 +624,10 @@ int main(int argc, char *argv[]) "7086A272C24088BE94769FD16650")) ABORT; if (0 != BN_cmp(y, z)) ABORT; + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 521) ABORT; + fprintf(stdout, " ok\n"); + fprintf(stdout, "verify group order ..."); fflush(stdout); if (!EC_GROUP_get_order(group, z, ctx)) ABORT; @@ -527,7 +635,9 @@ int main(int argc, char *argv[]) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); +#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; +#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -577,7 +687,7 @@ int main(int argc, char *argv[]) if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; if (!BN_add(z, z, y)) ABORT; - z->neg = 1; + BN_set_negative(z, 1); scalars[0] = y; scalars[1] = z; /* z = -(order + y) */ @@ -589,7 +699,7 @@ int main(int argc, char *argv[]) if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; if (!BN_add(z, x, y)) ABORT; - z->neg = 1; + BN_set_negative(z, 1); scalars[0] = x; scalars[1] = y; scalars[2] = z; /* z = -(x+y) */ @@ -602,16 +712,24 @@ int main(int argc, char *argv[]) #if 0 - timings(P_192, 0, ctx); - timings(P_192, 1, ctx); - timings(P_224, 0, ctx); - timings(P_224, 1, ctx); - timings(P_256, 0, ctx); - timings(P_256, 1, ctx); - timings(P_384, 0, ctx); - timings(P_384, 1, ctx); - timings(P_521, 0, ctx); - timings(P_521, 1, ctx); + timings(P_160, TIMING_BASE_PT, ctx); + timings(P_160, TIMING_RAND_PT, ctx); + timings(P_160, TIMING_SIMUL, ctx); + timings(P_192, TIMING_BASE_PT, ctx); + timings(P_192, TIMING_RAND_PT, ctx); + timings(P_192, TIMING_SIMUL, ctx); + timings(P_224, TIMING_BASE_PT, ctx); + timings(P_224, TIMING_RAND_PT, ctx); + timings(P_224, TIMING_SIMUL, ctx); + timings(P_256, TIMING_BASE_PT, ctx); + timings(P_256, TIMING_RAND_PT, ctx); + timings(P_256, TIMING_SIMUL, ctx); + timings(P_384, TIMING_BASE_PT, ctx); + timings(P_384, TIMING_RAND_PT, ctx); + timings(P_384, TIMING_SIMUL, ctx); + timings(P_521, TIMING_BASE_PT, ctx); + timings(P_521, TIMING_RAND_PT, ctx); + timings(P_521, TIMING_SIMUL, ctx); #endif @@ -624,12 +742,587 @@ int main(int argc, char *argv[]) EC_POINT_free(R); BN_free(x); BN_free(y); BN_free(z); + if (P_160) EC_GROUP_free(P_160); if (P_192) EC_GROUP_free(P_192); if (P_224) EC_GROUP_free(P_224); if (P_256) EC_GROUP_free(P_256); if (P_384) EC_GROUP_free(P_384); if (P_521) EC_GROUP_free(P_521); + } + +/* Change test based on whether binary point compression is enabled or not. */ +#ifdef OPENSSL_EC_BIN_PT_COMP +#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (!BN_hex2bn(&z, _order)) ABORT; \ + if (!BN_hex2bn(&cof, _cof)) ABORT; \ + if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ + if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ + fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ + BN_print_fp(stdout, x); \ + fprintf(stdout, "\n y = 0x"); \ + BN_print_fp(stdout, y); \ + fprintf(stdout, "\n"); \ + /* G_y value taken from the standard: */ \ + if (!BN_hex2bn(&z, _y)) ABORT; \ + if (0 != BN_cmp(y, z)) ABORT; +#else +#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (!BN_hex2bn(&z, _order)) ABORT; \ + if (!BN_hex2bn(&cof, _cof)) ABORT; \ + if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ + fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ + BN_print_fp(stdout, x); \ + fprintf(stdout, "\n y = 0x"); \ + BN_print_fp(stdout, y); \ + fprintf(stdout, "\n"); +#endif + +#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&p, _p)) ABORT; \ + if (!BN_hex2bn(&a, _a)) ABORT; \ + if (!BN_hex2bn(&b, _b)) ABORT; \ + if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \ + CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + fprintf(stdout, "verify degree ..."); \ + if (EC_GROUP_get_degree(group) != _degree) ABORT; \ + fprintf(stdout, " ok\n"); \ + fprintf(stdout, "verify group order ..."); \ + fflush(stdout); \ + if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \ + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ + fprintf(stdout, "."); \ + fflush(stdout); \ + /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \ + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ + fprintf(stdout, " ok\n"); \ + if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \ + if (!EC_GROUP_copy(_variable, group)) ABORT; + +void char2_field_tests() + { + BN_CTX *ctx = NULL; + BIGNUM *p, *a, *b; + EC_GROUP *group; + EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL; + EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL; + EC_POINT *P, *Q, *R; + BIGNUM *x, *y, *z, *cof; + unsigned char buf[100]; + size_t i, len; + int k; + +#if 1 /* optional */ + ctx = BN_CTX_new(); + if (!ctx) ABORT; +#endif + + p = BN_new(); + a = BN_new(); + b = BN_new(); + if (!p || !a || !b) ABORT; + + if (!BN_hex2bn(&p, "13")) ABORT; + if (!BN_hex2bn(&a, "3")) ABORT; + if (!BN_hex2bn(&b, "1")) ABORT; + + group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m + * so that the library gets to choose the EC_METHOD */ + if (!group) ABORT; + if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; + + { + EC_GROUP *tmp; + tmp = EC_GROUP_new(EC_GROUP_method_of(group)); + if (!tmp) ABORT; + if (!EC_GROUP_copy(tmp, group)) ABORT; + EC_GROUP_free(group); + group = tmp; + } + + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT; + + fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); + BN_print_fp(stdout, p); + fprintf(stdout, ")\n a = 0x"); + BN_print_fp(stdout, a); + fprintf(stdout, "\n b = 0x"); + BN_print_fp(stdout, b); + fprintf(stdout, "\n(0x... means binary polynomial)\n"); + + P = EC_POINT_new(group); + Q = EC_POINT_new(group); + R = EC_POINT_new(group); + if (!P || !Q || !R) ABORT; + + if (!EC_POINT_set_to_infinity(group, P)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; + + buf[0] = 0; + if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; + + if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; + + x = BN_new(); + y = BN_new(); + z = BN_new(); + cof = BN_new(); + if (!x || !y || !z || !cof) ABORT; + + if (!BN_hex2bn(&x, "6")) ABORT; +/* Change test based on whether binary point compression is enabled or not. */ +#ifdef OPENSSL_EC_BIN_PT_COMP + if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT; +#else + if (!BN_hex2bn(&y, "8")) ABORT; + if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; +#endif + if (!EC_POINT_is_on_curve(group, Q, ctx)) + { +/* Change test based on whether binary point compression is enabled or not. */ +#ifdef OPENSSL_EC_BIN_PT_COMP + if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; +#endif + fprintf(stderr, "Point is not on curve: x = 0x"); + BN_print_fp(stderr, x); + fprintf(stderr, ", y = 0x"); + BN_print_fp(stderr, y); + fprintf(stderr, "\n"); + ABORT; + } + + fprintf(stdout, "A cyclic subgroup:\n"); + k = 100; + do + { + if (k-- == 0) ABORT; + + if (EC_POINT_is_at_infinity(group, P)) + fprintf(stdout, " point at infinity\n"); + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; + + fprintf(stdout, " x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + } + + if (!EC_POINT_copy(R, P)) ABORT; + if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; + } + while (!EC_POINT_is_at_infinity(group, P)); + + if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; + +/* Change test based on whether binary point compression is enabled or not. */ +#ifdef OPENSSL_EC_BIN_PT_COMP + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); + if (len == 0) ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; + fprintf(stdout, "Generator as octet string, compressed form:\n "); + for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); +#endif + + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); + if (len == 0) ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; + fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); + for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); + +/* Change test based on whether binary point compression is enabled or not. */ +#ifdef OPENSSL_EC_BIN_PT_COMP + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); + if (len == 0) ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; + fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); + for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); +#endif + + fprintf(stdout, "\n"); + + if (!EC_POINT_invert(group, P, ctx)) ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; + + + /* Curve K-163 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve K-163", + "0800000000000000000000000000000000000000C9", + "1", + "1", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + 1, + "04000000000000000000020108A2E0CC0D99F8A5EF", + "2", + 163, + C2_K163 + ); + + /* Curve B-163 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve B-163", + "0800000000000000000000000000000000000000C9", + "1", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + 1, + "040000000000000000000292FE77E70C12A4234C33", + "2", + 163, + C2_B163 + ); + + /* Curve K-233 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve K-233", + "020000000000000000000000000000000000000004000000000000000001", + "0", + "1", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + 0, + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", + "4", + 233, + C2_K233 + ); + + /* Curve B-233 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve B-233", + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + 1, + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", + "2", + 233, + C2_B233 + ); + + /* Curve K-283 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve K-283", + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "0", + "1", + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", + 0, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", + "4", + 283, + C2_K283 + ); + + /* Curve B-283 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve B-283", + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", + 1, + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", + "2", + 283, + C2_B283 + ); + + /* Curve K-409 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve K-409", + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "0", + "1", + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", + 1, + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", + "4", + 409, + C2_K409 + ); + + /* Curve B-409 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve B-409", + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", + 1, + "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", + "2", + 409, + C2_B409 + ); + + /* Curve K-571 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve K-571", + "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "0", + "1", + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", + 0, + "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", + "4", + 571, + C2_K571 + ); + + /* Curve B-571 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ( + "NIST curve B-571", + "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", + 1, + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", + "2", + 571, + C2_B571 + ); + + /* more tests using the last curve */ + + if (!EC_POINT_copy(Q, P)) ABORT; + if (EC_POINT_is_at_infinity(group, Q)) ABORT; + if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; + if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ + + if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; + if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ + + { + const EC_POINT *points[3]; + const BIGNUM *scalars[3]; + + if (EC_POINT_is_at_infinity(group, Q)) ABORT; + points[0] = Q; + points[1] = Q; + points[2] = Q; + + if (!BN_add(y, z, BN_value_one())) ABORT; + if (BN_is_odd(y)) ABORT; + if (!BN_rshift1(y, y)) ABORT; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + fprintf(stdout, "combined multiplication ..."); + fflush(stdout); + + /* z is still the group order */ + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; + if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; + if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; + if (!BN_add(z, z, y)) ABORT; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; + if (!BN_add(z, x, y)) ABORT; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; + + fprintf(stdout, " ok\n\n"); + } + + +#if 0 + timings(C2_K163, TIMING_BASE_PT, ctx); + timings(C2_K163, TIMING_RAND_PT, ctx); + timings(C2_K163, TIMING_SIMUL, ctx); + timings(C2_B163, TIMING_BASE_PT, ctx); + timings(C2_B163, TIMING_RAND_PT, ctx); + timings(C2_B163, TIMING_SIMUL, ctx); + timings(C2_K233, TIMING_BASE_PT, ctx); + timings(C2_K233, TIMING_RAND_PT, ctx); + timings(C2_K233, TIMING_SIMUL, ctx); + timings(C2_B233, TIMING_BASE_PT, ctx); + timings(C2_B233, TIMING_RAND_PT, ctx); + timings(C2_B233, TIMING_SIMUL, ctx); + timings(C2_K283, TIMING_BASE_PT, ctx); + timings(C2_K283, TIMING_RAND_PT, ctx); + timings(C2_K283, TIMING_SIMUL, ctx); + timings(C2_B283, TIMING_BASE_PT, ctx); + timings(C2_B283, TIMING_RAND_PT, ctx); + timings(C2_B283, TIMING_SIMUL, ctx); + timings(C2_K409, TIMING_BASE_PT, ctx); + timings(C2_K409, TIMING_RAND_PT, ctx); + timings(C2_K409, TIMING_SIMUL, ctx); + timings(C2_B409, TIMING_BASE_PT, ctx); + timings(C2_B409, TIMING_RAND_PT, ctx); + timings(C2_B409, TIMING_SIMUL, ctx); + timings(C2_K571, TIMING_BASE_PT, ctx); + timings(C2_K571, TIMING_RAND_PT, ctx); + timings(C2_K571, TIMING_SIMUL, ctx); + timings(C2_B571, TIMING_BASE_PT, ctx); + timings(C2_B571, TIMING_RAND_PT, ctx); + timings(C2_B571, TIMING_SIMUL, ctx); +#endif + + + if (ctx) + BN_CTX_free(ctx); + BN_free(p); BN_free(a); BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); BN_free(y); BN_free(z); BN_free(cof); + + if (C2_K163) EC_GROUP_free(C2_K163); + if (C2_B163) EC_GROUP_free(C2_B163); + if (C2_K233) EC_GROUP_free(C2_K233); + if (C2_B233) EC_GROUP_free(C2_B233); + if (C2_K283) EC_GROUP_free(C2_K283); + if (C2_B283) EC_GROUP_free(C2_B283); + if (C2_K409) EC_GROUP_free(C2_K409); + if (C2_B409) EC_GROUP_free(C2_B409); + if (C2_K571) EC_GROUP_free(C2_K571); + if (C2_B571) EC_GROUP_free(C2_B571); + + } + +void internal_curve_test(void) + { + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + int ok = 1; + + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); + + if (curves == NULL) + return; + + if (!EC_get_builtin_curves(curves, crv_len)) + { + OPENSSL_free(curves); + return; + } + + fprintf(stdout, "testing internal curves: "); + + for (n = 0; n < crv_len; n++) + { + EC_GROUP *group = NULL; + int nid = curves[n].nid; + if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) + { + ok = 0; + fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" + " curve %s\n", OBJ_nid2sn(nid)); + /* try next curve */ + continue; + } + if (!EC_GROUP_check(group, NULL)) + { + ok = 0; + fprintf(stdout, "\nEC_GROUP_check() failed with" + " curve %s\n", OBJ_nid2sn(nid)); + EC_GROUP_free(group); + /* try the next curve */ + continue; + } + fprintf(stdout, "."); + fflush(stdout); + EC_GROUP_free(group); + } + if (ok) + fprintf(stdout, " ok\n"); + else + fprintf(stdout, " failed\n"); + OPENSSL_free(curves); + return; + } + +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) + { + + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) + { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } + else + { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + ERR_load_crypto_strings(); + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + + prime_field_tests(); + puts(""); + char2_field_tests(); + /* test the internal curves */ + internal_curve_test(); + #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif diff --git a/crypto/openssl/crypto/ecdh/Makefile b/crypto/openssl/crypto/ecdh/Makefile new file mode 100644 index 0000000..95aa69f --- /dev/null +++ b/crypto/openssl/crypto/ecdh/Makefile @@ -0,0 +1,111 @@ +# +# crypto/ecdh/Makefile +# + +DIR= ecdh +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g -Wall +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=ecdhtest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c + +LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o + +SRC= $(LIBSRC) + +EXHEADER= ecdh.h +HEADER= ech_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_err.o: ech_err.c +ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h +ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h +ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h +ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h +ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_ossl.o: ../../include/openssl/opensslconf.h +ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c diff --git a/crypto/openssl/crypto/ecdh/ecdh.h b/crypto/openssl/crypto/ecdh/ecdh.h new file mode 100644 index 0000000..b4b58ee --- /dev/null +++ b/crypto/openssl/crypto/ecdh/ecdh.h @@ -0,0 +1,123 @@ +/* crypto/ecdh/ecdh.h */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDH_H +#define HEADER_ECDH_H + +#include + +#ifdef OPENSSL_NO_ECDH +#error ECDH is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +const ECDH_METHOD *ECDH_OpenSSL(void); + +void ECDH_set_default_method(const ECDH_METHOD *); +const ECDH_METHOD *ECDH_get_default_method(void); +int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDH_get_ex_data(EC_KEY *d, int idx); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDH_strings(void); + +/* Error codes for the ECDH functions. */ + +/* Function codes. */ +#define ECDH_F_ECDH_COMPUTE_KEY 100 +#define ECDH_F_ECDH_DATA_NEW_METHOD 101 + +/* Reason codes. */ +#define ECDH_R_KDF_FAILED 102 +#define ECDH_R_NO_PRIVATE_VALUE 100 +#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/openssl/crypto/ecdh/ecdhtest.c b/crypto/openssl/crypto/ecdh/ecdhtest.c new file mode 100644 index 0000000..01baa5f --- /dev/null +++ b/crypto/openssl/crypto/ecdh/ecdhtest.c @@ -0,0 +1,368 @@ +/* crypto/ecdh/ecdhtest.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include "../e_os.h" + +#include /* for OPENSSL_NO_ECDH */ +#include +#include +#include +#include +#include +#include +#include + +#ifdef OPENSSL_NO_ECDH +int main(int argc, char *argv[]) +{ + printf("No ECDH support\n"); + return(0); +} +#else +#include +#include + +#ifdef OPENSSL_SYS_WIN16 +#define MS_CALLBACK _far _loadds +#else +#define MS_CALLBACK +#endif + +#if 0 +static void MS_CALLBACK cb(int p, int n, void *arg); +#endif + +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) + { +#ifndef OPENSSL_NO_SHA + if (*outlen < SHA_DIGEST_LENGTH) + return NULL; + else + *outlen = SHA_DIGEST_LENGTH; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + + +static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) + { + EC_KEY *a=NULL; + EC_KEY *b=NULL; + BIGNUM *x_a=NULL, *y_a=NULL, + *x_b=NULL, *y_b=NULL; + char buf[12]; + unsigned char *abuf=NULL,*bbuf=NULL; + int i,alen,blen,aout,bout,ret=0; + const EC_GROUP *group; + + a = EC_KEY_new_by_curve_name(nid); + b = EC_KEY_new_by_curve_name(nid); + if (a == NULL || b == NULL) + goto err; + + group = EC_KEY_get0_group(a); + + if ((x_a=BN_new()) == NULL) goto err; + if ((y_a=BN_new()) == NULL) goto err; + if ((x_b=BN_new()) == NULL) goto err; + if ((y_b=BN_new()) == NULL) goto err; + + BIO_puts(out,"Testing key generation with "); + BIO_puts(out,text); +#ifdef NOISY + BIO_puts(out,"\n"); +#else + BIO_flush(out); +#endif + + if (!EC_KEY_generate_key(a)) goto err; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(group, + EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; + } +#ifdef NOISY + BIO_puts(out," pri 1="); + BN_print(out,a->priv_key); + BIO_puts(out,"\n pub 1="); + BN_print(out,x_a); + BIO_puts(out,","); + BN_print(out,y_a); + BIO_puts(out,"\n"); +#else + BIO_printf(out," ."); + BIO_flush(out); +#endif + + if (!EC_KEY_generate_key(b)) goto err; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(group, + EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; + } + +#ifdef NOISY + BIO_puts(out," pri 2="); + BN_print(out,b->priv_key); + BIO_puts(out,"\n pub 2="); + BN_print(out,x_b); + BIO_puts(out,","); + BN_print(out,y_b); + BIO_puts(out,"\n"); +#else + BIO_printf(out,"."); + BIO_flush(out); +#endif + + alen=KDF1_SHA1_len; + abuf=(unsigned char *)OPENSSL_malloc(alen); + aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); + +#ifdef NOISY + BIO_puts(out," key1 ="); + for (i=0; i +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) + +static ERR_STRING_DATA ECDH_str_functs[]= + { +{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, +{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"}, +{0,NULL} + }; + +static ERR_STRING_DATA ECDH_str_reasons[]= + { +{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"}, +{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"}, +{0,NULL} + }; + +#endif + +void ERR_load_ECDH_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(0,ECDH_str_functs); + ERR_load_strings(0,ECDH_str_reasons); +#endif + + } + } diff --git a/crypto/openssl/crypto/ecdh/ech_key.c b/crypto/openssl/crypto/ecdh/ech_key.c new file mode 100644 index 0000000..f44da92 --- /dev/null +++ b/crypto/openssl/crypto/ecdh/ech_key.c @@ -0,0 +1,83 @@ +/* crypto/ecdh/ecdh_key.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ech_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *eckey, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) +{ + ECDH_DATA *ecdh = ecdh_check(eckey); + if (ecdh == NULL) + return 0; + return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); +} diff --git a/crypto/openssl/crypto/ecdh/ech_lib.c b/crypto/openssl/crypto/ecdh/ech_lib.c new file mode 100644 index 0000000..01e75e2 --- /dev/null +++ b/crypto/openssl/crypto/ecdh/ech_lib.c @@ -0,0 +1,247 @@ +/* crypto/ecdh/ech_lib.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ech_locl.h" +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include + +const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT; + +static const ECDH_METHOD *default_ECDH_method = NULL; + +static void *ecdh_data_new(void); +static void *ecdh_data_dup(void *); +static void ecdh_data_free(void *); + +void ECDH_set_default_method(const ECDH_METHOD *meth) + { + default_ECDH_method = meth; + } + +const ECDH_METHOD *ECDH_get_default_method(void) + { + if(!default_ECDH_method) + default_ECDH_method = ECDH_OpenSSL(); + return default_ECDH_method; + } + +int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) + { + const ECDH_METHOD *mtmp; + ECDH_DATA *ecdh; + + ecdh = ecdh_check(eckey); + + if (ecdh == NULL) + return 0; + + mtmp = ecdh->meth; +#if 0 + if (mtmp->finish) + mtmp->finish(eckey); +#endif +#ifndef OPENSSL_NO_ENGINE + if (ecdh->engine) + { + ENGINE_finish(ecdh->engine); + ecdh->engine = NULL; + } +#endif + ecdh->meth = meth; +#if 0 + if (meth->init) + meth->init(eckey); +#endif + return 1; + } + +static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) + { + ECDH_DATA *ret; + + ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); + if (ret == NULL) + { + ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->init = NULL; + + ret->meth = ECDH_get_default_method(); + ret->engine = engine; +#ifndef OPENSSL_NO_ENGINE + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDH(); + if (ret->engine) + { + ret->meth = ENGINE_get_ECDH(ret->engine); + if (!ret->meth) + { + ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } +#endif + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); +#if 0 + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } +#endif + return(ret); + } + +static void *ecdh_data_new(void) + { + return (void *)ECDH_DATA_new_method(NULL); + } + +static void *ecdh_data_dup(void *data) +{ + ECDH_DATA *r = (ECDH_DATA *)data; + + /* XXX: dummy operation */ + if (r == NULL) + return NULL; + + return (void *)ecdh_data_new(); +} + +void ecdh_data_free(void *data) + { + ECDH_DATA *r = (ECDH_DATA *)data; + +#ifndef OPENSSL_NO_ENGINE + if (r->engine) + ENGINE_finish(r->engine); +#endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); + + OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); + + OPENSSL_free(r); + } + +ECDH_DATA *ecdh_check(EC_KEY *key) + { + ECDH_DATA *ecdh_data; + + void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, + ecdh_data_free, ecdh_data_free); + if (data == NULL) + { + ecdh_data = (ECDH_DATA *)ecdh_data_new(); + if (ecdh_data == NULL) + return NULL; + EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, ecdh_data_free); + } + else + ecdh_data = (ECDH_DATA *)data; + + + return ecdh_data; + } + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, + new_func, dup_func, free_func); + } + +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) + { + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return 0; + return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); + } + +void *ECDH_get_ex_data(EC_KEY *d, int idx) + { + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return NULL; + return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); + } diff --git a/crypto/openssl/crypto/ecdh/ech_locl.h b/crypto/openssl/crypto/ecdh/ech_locl.h new file mode 100644 index 0000000..f658526 --- /dev/null +++ b/crypto/openssl/crypto/ecdh/ech_locl.h @@ -0,0 +1,94 @@ +/* crypto/ecdh/ech_locl.h */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ECH_LOCL_H +#define HEADER_ECH_LOCL_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct ecdh_method + { + const char *name; + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif + int flags; + char *app_data; + }; + +typedef struct ecdh_data_st { + /* EC_KEY_METH_DATA part */ + int (*init)(EC_KEY *); + /* method specific part */ + ENGINE *engine; + int flags; + const ECDH_METHOD *meth; + CRYPTO_EX_DATA ex_data; +} ECDH_DATA; + +ECDH_DATA *ecdh_check(EC_KEY *); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_ECH_LOCL_H */ diff --git a/crypto/openssl/crypto/ecdh/ech_ossl.c b/crypto/openssl/crypto/ecdh/ech_ossl.c new file mode 100644 index 0000000..2a40ff1 --- /dev/null +++ b/crypto/openssl/crypto/ecdh/ech_ossl.c @@ -0,0 +1,213 @@ +/* crypto/ecdh/ech_ossl.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include + +#include "cryptlib.h" + +#include "ech_locl.h" +#include +#include +#include +#include + +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + +static ECDH_METHOD openssl_ecdh_meth = { + "OpenSSL ECDH method", + ecdh_compute_key, +#if 0 + NULL, /* init */ + NULL, /* finish */ +#endif + 0, /* flags */ + NULL /* app_data */ +}; + +const ECDH_METHOD *ECDH_OpenSSL(void) + { + return &openssl_ecdh_meth; + } + + +/* This implementation is based on the following primitives in the IEEE 1363 standard: + * - ECKAS-DH1 + * - ECSVDP-DH + * Finally an optional KDF is applied. + */ +static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) + { + BN_CTX *ctx; + EC_POINT *tmp=NULL; + BIGNUM *x=NULL, *y=NULL; + const BIGNUM *priv_key; + const EC_GROUP* group; + int ret= -1; + size_t buflen, len; + unsigned char *buf=NULL; + + if (outlen > INT_MAX) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ + return -1; + } + + if ((ctx = BN_CTX_new()) == NULL) goto err; + BN_CTX_start(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + + priv_key = EC_KEY_get0_private_key(ecdh); + if (priv_key == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); + goto err; + } + + group = EC_KEY_get0_group(ecdh); + if ((tmp=EC_POINT_new(group)) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } + + buflen = (EC_GROUP_get_degree(group) + 7)/8; + len = BN_num_bytes(x); + if (len > buflen) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); + goto err; + } + if ((buf = OPENSSL_malloc(buflen)) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; + } + + memset(buf, 0, buflen - len); + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); + goto err; + } + + if (KDF != 0) + { + if (KDF(buf, buflen, out, &outlen) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); + goto err; + } + ret = outlen; + } + else + { + /* no KDF, just copy as much as we can */ + if (outlen > buflen) + outlen = buflen; + memcpy(out, buf, outlen); + ret = outlen; + } + +err: + if (tmp) EC_POINT_free(tmp); + if (ctx) BN_CTX_end(ctx); + if (ctx) BN_CTX_free(ctx); + if (buf) OPENSSL_free(buf); + return(ret); + } diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/openssl/crypto/ecdsa/Makefile new file mode 100644 index 0000000..16a93cd --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/Makefile @@ -0,0 +1,125 @@ +# +# crypto/ecdsa/Makefile +# + +DIR= ecdsa +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g -Wall +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=ecdsatest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c + +LIBOBJ= ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o + +SRC= $(LIBSRC) + +EXHEADER= ecdsa.h +HEADER= ecs_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +ecs_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecs_asn1.o: ../../include/openssl/symhacks.h ecs_asn1.c ecs_locl.h +ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h +ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_err.o: ecs_err.c +ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_lib.o: ecs_lib.c ecs_locl.h +ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_ossl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_ossl.o: ../../include/openssl/opensslconf.h +ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c +ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c +ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c diff --git a/crypto/openssl/crypto/ecdsa/ecdsa.h b/crypto/openssl/crypto/ecdsa/ecdsa.h new file mode 100644 index 0000000..76c5a4a --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecdsa.h @@ -0,0 +1,270 @@ +/* crypto/ecdsa/ecdsa.h */ +/** + * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions + * \author Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDSA_H +#define HEADER_ECDSA_H + +#include + +#ifdef OPENSSL_NO_ECDSA +#error ECDSA is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct ECDSA_SIG_st + { + BIGNUM *r; + BIGNUM *s; + } ECDSA_SIG; + +/** ECDSA_SIG *ECDSA_SIG_new(void) + * allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** ECDSA_SIG_free + * frees a ECDSA_SIG structure + * \param a pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *a); + +/** i2d_ECDSA_SIG + * DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param a pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); + +/** d2i_ECDSA_SIG + * decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param v pointer to ECDSA_SIG pointer (may be NULL) + * \param pp buffer with the DER encoded signature + * \param len bufferlength + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); + +/** ECDSA_do_sign + * computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); + +/** ECDSA_do_sign_ex + * computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv optional pointer to a pre-computed inverse k + * \param rp optional pointer to the pre-computed rp value (see + * ECDSA_sign_setup + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** ECDSA_do_verify + * verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig pointer to the ECDSA_SIG structure + * \param eckey pointer to the EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY* eckey); + +const ECDSA_METHOD *ECDSA_OpenSSL(void); + +/** ECDSA_set_default_method + * sets the default ECDSA method + * \param meth the new default ECDSA_METHOD + */ +void ECDSA_set_default_method(const ECDSA_METHOD *meth); + +/** ECDSA_get_default_method + * returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method + */ +const ECDSA_METHOD *ECDSA_get_default_method(void); + +/** ECDSA_set_method + * sets method to be used for the ECDSA operations + * \param eckey pointer to the EC_KEY object + * \param meth pointer to the new method + * \return 1 on success and 0 otherwise + */ +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + +/** ECDSA_size + * returns the maximum length of the DER encoded signature + * \param eckey pointer to a EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/** ECDSA_sign_setup + * precompute parts of the signing operation. + * \param eckey pointer to the EC_KEY object containing a private EC key + * \param ctx pointer to a BN_CTX object (may be NULL) + * \param kinv pointer to a BIGNUM pointer for the inverse of k + * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **rp); + +/** ECDSA_sign + * computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + + +/** ECDSA_sign_ex + * computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv optional pointer to a pre-computed inverse k + * \param rp optional pointer to the pre-computed rp value (see + * ECDSA_sign_setup + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); + +/** ECDSA_verify + * verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey pointer to the EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* the standard ex_data functions */ +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDSA_get_ex_data(EC_KEY *d, int idx); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDSA_strings(void); + +/* Error codes for the ECDSA functions. */ + +/* Function codes. */ +#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 +#define ECDSA_F_ECDSA_DO_SIGN 101 +#define ECDSA_F_ECDSA_DO_VERIFY 102 +#define ECDSA_F_ECDSA_SIGN_SETUP 103 + +/* Reason codes. */ +#define ECDSA_R_BAD_SIGNATURE 100 +#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +#define ECDSA_R_ERR_EC_LIB 102 +#define ECDSA_R_MISSING_PARAMETERS 103 +#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/openssl/crypto/ecdsa/ecdsatest.c b/crypto/openssl/crypto/ecdsa/ecdsatest.c new file mode 100644 index 0000000..59be39b --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecdsatest.c @@ -0,0 +1,500 @@ +/* crypto/ecdsa/ecdsatest.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include +#include +#include + +#include /* To see if OPENSSL_NO_ECDSA is defined */ + +#ifdef OPENSSL_NO_ECDSA +int main(int argc, char * argv[]) + { + puts("Elliptic curves are disabled."); + return 0; + } +#else + +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include +#include + +static const char rnd_seed[] = "string to make the random number generator " + "think it has entropy"; + +/* declaration of the test functions */ +int x9_62_tests(BIO *); +int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); +int test_builtin(BIO *); + +/* functions to change the RAND_METHOD */ +int change_rand(void); +int restore_rand(void); +int fbytes(unsigned char *buf, int num); + +RAND_METHOD fake_rand; +const RAND_METHOD *old_rand; + +int change_rand(void) + { + /* save old rand method */ + if ((old_rand = RAND_get_rand_method()) == NULL) + return 0; + + fake_rand.seed = old_rand->seed; + fake_rand.cleanup = old_rand->cleanup; + fake_rand.add = old_rand->add; + fake_rand.status = old_rand->status; + /* use own random function */ + fake_rand.bytes = fbytes; + fake_rand.pseudorand = old_rand->bytes; + /* set new RAND_METHOD */ + if (!RAND_set_rand_method(&fake_rand)) + return 0; + return 1; + } + +int restore_rand(void) + { + if (!RAND_set_rand_method(old_rand)) + return 0; + else + return 1; + } + +static int fbytes_counter = 0; +static const char *numbers[8] = { + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" + "55657156756655", + "1275552191113212300012030439187146164646146646466749494799", + "1542725565216523985789236956265265265235675811949404040041", + "1456427555219115346513212300075341203043918714616464614664" + "64667494947990", + "1712787255652165239672857892369562652652652356758119494040" + "40041670216363"}; + +int fbytes(unsigned char *buf, int num) + { + int ret; + BIGNUM *tmp = NULL; + + if (fbytes_counter >= 8) + return 0; + tmp = BN_new(); + if (!tmp) + return 0; + if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) + { + BN_free(tmp); + return 0; + } + fbytes_counter ++; + ret = BN_bn2bin(tmp, buf); + if (ret == 0 || ret != num) + ret = 0; + else + ret = 1; + if (tmp) + BN_free(tmp); + return ret; + } + +/* some tests from the X9.62 draft */ +int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) + { + int ret = 0; + const char message[] = "abc"; + unsigned char digest[20]; + unsigned int dgst_len = 0; + EVP_MD_CTX md_ctx; + EC_KEY *key = NULL; + ECDSA_SIG *signature = NULL; + BIGNUM *r = NULL, *s = NULL; + + EVP_MD_CTX_init(&md_ctx); + /* get the message digest */ + EVP_DigestInit(&md_ctx, EVP_ecdsa()); + EVP_DigestUpdate(&md_ctx, (const void*)message, 3); + EVP_DigestFinal(&md_ctx, digest, &dgst_len); + + BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + /* create the key */ + if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) + goto x962_int_err; + if (!EC_KEY_generate_key(key)) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* create the signature */ + signature = ECDSA_do_sign(digest, 20, key); + if (signature == NULL) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* compare the created signature with the expected signature */ + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + goto x962_int_err; + if (!BN_dec2bn(&r, r_in) || + !BN_dec2bn(&s, s_in)) + goto x962_int_err; + if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + /* verify the signature */ + if (ECDSA_do_verify(digest, 20, signature, key) != 1) + goto x962_int_err; + BIO_printf(out, "."); + BIO_flush(out); + + BIO_printf(out, " ok\n"); + ret = 1; +x962_int_err: + if (!ret) + BIO_printf(out, " failed\n"); + if (key) + EC_KEY_free(key); + if (signature) + ECDSA_SIG_free(signature); + if (r) + BN_free(r); + if (s) + BN_free(s); + EVP_MD_CTX_cleanup(&md_ctx); + return ret; + } + +int x9_62_tests(BIO *out) + { + int ret = 0; + + BIO_printf(out, "some tests from X9.62:\n"); + + /* set own rand method */ + if (!change_rand()) + goto x962_err; + + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" + "62058306432176", + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" + "5876922391552", + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174")) + goto x962_err; + + ret = 1; +x962_err: + if (!restore_rand()) + ret = 0; + return ret; + } + +int test_builtin(BIO *out) + { + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + EC_GROUP *group; + unsigned char digest[20], wrong_digest[20]; + unsigned char *signature = NULL; + unsigned int sig_len; + int nid, ret = 0; + + /* fill digest values with some random data */ + if (!RAND_pseudo_bytes(digest, 20) || + !RAND_pseudo_bytes(wrong_digest, 20)) + { + BIO_printf(out, "ERROR: unable to get random data\n"); + goto builtin_err; + } + + /* create and verify a ecdsa signature with every availble curve + * (with ) */ + BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " + "with some internal curves:\n"); + + /* get a list of all internal curves */ + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); + + if (curves == NULL) + { + BIO_printf(out, "malloc error\n"); + goto builtin_err; + } + + if (!EC_get_builtin_curves(curves, crv_len)) + { + BIO_printf(out, "unable to get internal curves\n"); + goto builtin_err; + } + + /* now create and verify a signature for every curve */ + for (n = 0; n < crv_len; n++) + { + unsigned char dirt, offset; + + nid = curves[n].nid; + if (nid == NID_ipsec4) + continue; + /* create new ecdsa key (== EC_KEY) */ + if ((eckey = EC_KEY_new()) == NULL) + goto builtin_err; + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + goto builtin_err; + if (EC_KEY_set_group(eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); + if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160) + /* drop the curve */ + { + EC_KEY_free(eckey); + eckey = NULL; + continue; + } + BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); + /* create key */ + if (!EC_KEY_generate_key(eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* create second key */ + if ((wrong_eckey = EC_KEY_new()) == NULL) + goto builtin_err; + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + goto builtin_err; + if (EC_KEY_set_group(wrong_eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); + if (!EC_KEY_generate_key(wrong_eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + BIO_printf(out, "."); + BIO_flush(out); + /* check key */ + if (!EC_KEY_check_key(eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* create signature */ + sig_len = ECDSA_size(eckey); + if ((signature = OPENSSL_malloc(sig_len)) == NULL) + goto builtin_err; + if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* verify signature */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* verify signature with the wrong key */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, + wrong_eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* wrong digest */ + if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, + eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + /* modify a single byte of the signature */ + offset = signature[10] % sig_len; + dirt = signature[11]; + signature[offset] ^= dirt ? dirt : 1; + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + BIO_flush(out); + + BIO_printf(out, " ok\n"); + /* cleanup */ + OPENSSL_free(signature); + signature = NULL; + EC_KEY_free(eckey); + eckey = NULL; + EC_KEY_free(wrong_eckey); + wrong_eckey = NULL; + } + + ret = 1; +builtin_err: + if (eckey) + EC_KEY_free(eckey); + if (wrong_eckey) + EC_KEY_free(wrong_eckey); + if (signature) + OPENSSL_free(signature); + if (curves) + OPENSSL_free(curves); + + return ret; + } + +int main(void) + { + int ret = 1; + BIO *out; + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && + (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) + { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } + else + { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* initialize the prng */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + /* the tests */ + if (!x9_62_tests(out)) goto err; + if (!test_builtin(out)) goto err; + + ret = 0; +err: + if (ret) + BIO_printf(out, "\nECDSA test failed\n"); + else + BIO_printf(out, "\nECDSA test passed\n"); + if (ret) + ERR_print_errors(out); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_state(0); + ERR_free_strings(); + CRYPTO_mem_leaks(out); + if (out != NULL) + BIO_free(out); + return ret; + } +#endif diff --git a/crypto/openssl/crypto/ecdsa/ecs_asn1.c b/crypto/openssl/crypto/ecdsa/ecs_asn1.c new file mode 100644 index 0000000..b295489 --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_asn1.c @@ -0,0 +1,67 @@ +/* crypto/ecdsa/ecs_asn1.c */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecs_locl.h" +#include +#include + +ASN1_SEQUENCE(ECDSA_SIG) = { + ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), + ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) +} ASN1_SEQUENCE_END(ECDSA_SIG) + +DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG) +IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG) diff --git a/crypto/openssl/crypto/ecdsa/ecs_err.c b/crypto/openssl/crypto/ecdsa/ecs_err.c new file mode 100644 index 0000000..90f1942 --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_err.c @@ -0,0 +1,106 @@ +/* crypto/ecdsa/ecs_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) + +static ERR_STRING_DATA ECDSA_str_functs[]= + { +{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_new_method"}, +{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, +{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, +{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, +{0,NULL} + }; + +static ERR_STRING_DATA ECDSA_str_reasons[]= + { +{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"}, +{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"}, +{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"}, +{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"}, +{0,NULL} + }; + +#endif + +void ERR_load_ECDSA_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(0,ECDSA_str_functs); + ERR_load_strings(0,ECDSA_str_reasons); +#endif + + } + } diff --git a/crypto/openssl/crypto/ecdsa/ecs_lib.c b/crypto/openssl/crypto/ecdsa/ecs_lib.c new file mode 100644 index 0000000..1fb9bc9 --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_lib.c @@ -0,0 +1,261 @@ +/* crypto/ecdsa/ecs_lib.c */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "ecs_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include +#include + +const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT; + +static const ECDSA_METHOD *default_ECDSA_method = NULL; + +static void *ecdsa_data_new(void); +static void *ecdsa_data_dup(void *); +static void ecdsa_data_free(void *); + +void ECDSA_set_default_method(const ECDSA_METHOD *meth) +{ + default_ECDSA_method = meth; +} + +const ECDSA_METHOD *ECDSA_get_default_method(void) +{ + if(!default_ECDSA_method) + default_ECDSA_method = ECDSA_OpenSSL(); + return default_ECDSA_method; +} + +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) +{ + const ECDSA_METHOD *mtmp; + ECDSA_DATA *ecdsa; + + ecdsa = ecdsa_check(eckey); + + if (ecdsa == NULL) + return 0; + + mtmp = ecdsa->meth; +#ifndef OPENSSL_NO_ENGINE + if (ecdsa->engine) + { + ENGINE_finish(ecdsa->engine); + ecdsa->engine = NULL; + } +#endif + ecdsa->meth = meth; + + return 1; +} + +static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) +{ + ECDSA_DATA *ret; + + ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); + if (ret == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->init = NULL; + + ret->meth = ECDSA_get_default_method(); + ret->engine = engine; +#ifndef OPENSSL_NO_ENGINE + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDSA(); + if (ret->engine) + { + ret->meth = ENGINE_get_ECDSA(ret->engine); + if (!ret->meth) + { + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } +#endif + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); +#if 0 + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } +#endif + return(ret); +} + +static void *ecdsa_data_new(void) +{ + return (void *)ECDSA_DATA_new_method(NULL); +} + +static void *ecdsa_data_dup(void *data) +{ + ECDSA_DATA *r = (ECDSA_DATA *)data; + + /* XXX: dummy operation */ + if (r == NULL) + return NULL; + + return ecdsa_data_new(); +} + +static void ecdsa_data_free(void *data) +{ + ECDSA_DATA *r = (ECDSA_DATA *)data; + +#ifndef OPENSSL_NO_ENGINE + if (r->engine) + ENGINE_finish(r->engine); +#endif + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); + + OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); + + OPENSSL_free(r); +} + +ECDSA_DATA *ecdsa_check(EC_KEY *key) +{ + ECDSA_DATA *ecdsa_data; + + void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, + ecdsa_data_free, ecdsa_data_free); + if (data == NULL) + { + ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); + if (ecdsa_data == NULL) + return NULL; + EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + } + else + ecdsa_data = (ECDSA_DATA *)data; + + + return ecdsa_data; +} + +int ECDSA_size(const EC_KEY *r) +{ + int ret,i; + ASN1_INTEGER bs; + BIGNUM *order=NULL; + unsigned char buf[4]; + const EC_GROUP *group; + + if (r == NULL) + return 0; + group = EC_KEY_get0_group(r); + if (group == NULL) + return 0; + + if ((order = BN_new()) == NULL) return 0; + if (!EC_GROUP_get_order(group,order,NULL)) + { + BN_clear_free(order); + return 0; + } + i=BN_num_bits(order); + bs.length=(i+7)/8; + bs.data=buf; + bs.type=V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0]=0xff; + + i=i2d_ASN1_INTEGER(&bs,NULL); + i+=i; /* r and s */ + ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); + BN_clear_free(order); + return(ret); +} + + +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, + new_func, dup_func, free_func); +} + +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) +{ + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return 0; + return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); +} + +void *ECDSA_get_ex_data(EC_KEY *d, int idx) +{ + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return NULL; + return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); +} diff --git a/crypto/openssl/crypto/ecdsa/ecs_locl.h b/crypto/openssl/crypto/ecdsa/ecs_locl.h new file mode 100644 index 0000000..3a69a84 --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_locl.h @@ -0,0 +1,107 @@ +/* crypto/ecdsa/ecs_locl.h */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ECS_LOCL_H +#define HEADER_ECS_LOCL_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct ecdsa_method + { + const char *name; + ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); + int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **r); + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif + int flags; + char *app_data; + }; + +typedef struct ecdsa_data_st { + /* EC_KEY_METH_DATA part */ + int (*init)(EC_KEY *); + /* method (ECDSA) specific part */ + ENGINE *engine; + int flags; + const ECDSA_METHOD *meth; + CRYPTO_EX_DATA ex_data; +} ECDSA_DATA; + +/** ecdsa_check + * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure + * and if not it removes the old meth_data and creates a ECDSA_DATA structure. + * \param eckey pointer to a EC_KEY object + * \return pointer to a ECDSA_DATA structure + */ +ECDSA_DATA *ecdsa_check(EC_KEY *eckey); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_ECS_LOCL_H */ diff --git a/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/crypto/openssl/crypto/ecdsa/ecs_ossl.c new file mode 100644 index 0000000..8be45dd --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_ossl.c @@ -0,0 +1,442 @@ +/* crypto/ecdsa/ecs_ossl.c */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecs_locl.h" +#include +#include +#include + +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + const BIGNUM *, const BIGNUM *, EC_KEY *eckey); +static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +static ECDSA_METHOD openssl_ecdsa_meth = { + "OpenSSL ECDSA method", + ecdsa_do_sign, + ecdsa_sign_setup, + ecdsa_do_verify, +#if 0 + NULL, /* init */ + NULL, /* finish */ +#endif + 0, /* flags */ + NULL /* app_data */ +}; + +const ECDSA_METHOD *ECDSA_OpenSSL(void) +{ + return &openssl_ecdsa_meth; +} + +static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) +{ + BN_CTX *ctx = NULL; + BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; + EC_POINT *tmp_point=NULL; + const EC_GROUP *group; + int ret = 0; + + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (ctx_in == NULL) + { + if ((ctx = BN_CTX_new()) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + ctx = ctx_in; + + k = BN_new(); /* this value is later returned in *kinvp */ + r = BN_new(); /* this value is later returned in *rp */ + order = BN_new(); + X = BN_new(); + if (!k || !r || !order || !X) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + goto err; + } + if ((tmp_point = EC_POINT_new(group)) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + if (!EC_GROUP_get_order(group, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + + do + { + /* get random k */ + do + if (!BN_rand_range(k, order)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, + ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + goto err; + } + while (BN_is_zero(k)); + + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(group, + tmp_point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); + goto err; + } + } + else /* NID_X9_62_characteristic_two_field */ + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + tmp_point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); + goto err; + } + } + if (!BN_nnmod(r, X, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + } + while (BN_is_zero(r)); + + /* compute the inverse of k */ + if (!BN_mod_inverse(k, k, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + /* clear old values if necessary */ + if (*rp != NULL) + BN_clear_free(*rp); + if (*kinvp != NULL) + BN_clear_free(*kinvp); + /* save the pre-computed values */ + *rp = r; + *kinvp = k; + ret = 1; +err: + if (!ret) + { + if (k != NULL) BN_clear_free(k); + if (r != NULL) BN_clear_free(r); + } + if (ctx_in == NULL) + BN_CTX_free(ctx); + if (order != NULL) + BN_free(order); + if (tmp_point != NULL) + EC_POINT_free(tmp_point); + if (X) + BN_clear_free(X); + return(ret); +} + + +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +{ + int ok = 0; + BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; + const BIGNUM *ckinv; + BN_CTX *ctx = NULL; + const EC_GROUP *group; + ECDSA_SIG *ret; + ECDSA_DATA *ecdsa; + const BIGNUM *priv_key; + + ecdsa = ecdsa_check(eckey); + group = EC_KEY_get0_group(eckey); + priv_key = EC_KEY_get0_private_key(eckey); + + if (group == NULL || priv_key == NULL || ecdsa == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + ret = ECDSA_SIG_new(); + if (!ret) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + return NULL; + } + s = ret->s; + + if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || + (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_GROUP_get_order(group, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); + goto err; + } + if (dgst_len > BN_num_bytes(order)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, + ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + + if (!BN_bin2bn(dgst, dgst_len, m)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + do + { + if (in_kinv == NULL || in_r == NULL) + { + if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB); + goto err; + } + ckinv = kinv; + } + else + { + ckinv = in_kinv; + if (BN_copy(ret->r, in_r) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_add_quick(s, tmp, m, order)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, ckinv, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + } + while (BN_is_zero(s)); + + ok = 1; +err: + if (!ok) + { + ECDSA_SIG_free(ret); + ret = NULL; + } + if (ctx) + BN_CTX_free(ctx); + if (m) + BN_clear_free(m); + if (tmp) + BN_clear_free(tmp); + if (order) + BN_free(order); + if (kinv) + BN_clear_free(kinv); + return ret; +} + +static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) +{ + int ret = -1; + BN_CTX *ctx; + BIGNUM *order, *u1, *u2, *m, *X; + EC_POINT *point = NULL; + const EC_GROUP *group; + const EC_POINT *pub_key; + + /* check input values */ + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || + (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); + return -1; + } + + ctx = BN_CTX_new(); + if (!ctx) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + return -1; + } + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + u1 = BN_CTX_get(ctx); + u2 = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + if (!X) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + + if (!EC_GROUP_get_order(group, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || + BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); + ret = 0; /* signature is invalid */ + goto err; + } + /* calculate tmp1 = inv(S) mod order */ + if (!BN_mod_inverse(u2, sig->s, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* digest -> m */ + if (!BN_bin2bn(dgst, dgst_len, m)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* u1 = m * tmp mod order */ + if (!BN_mod_mul(u1, m, u2, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* u2 = r * w mod q */ + if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + + if ((point = EC_POINT_new(group)) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(group, + point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + } + else /* NID_X9_62_characteristic_two_field */ + { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + } + + if (!BN_nnmod(u1, X, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* if the signature is correct u1 is equal to sig->r */ + ret = (BN_ucmp(u1, sig->r) == 0); +err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + if (point) + EC_POINT_free(point); + return ret; +} diff --git a/crypto/openssl/crypto/ecdsa/ecs_sign.c b/crypto/openssl/crypto/ecdsa/ecs_sign.c new file mode 100644 index 0000000..74b1fe8 --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_sign.c @@ -0,0 +1,104 @@ +/* crypto/ecdsa/ecdsa_sign.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecs_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) +{ + return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); +} + +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) +{ + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return NULL; + return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); +} + +int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, EC_KEY *eckey) +{ + return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); +} + +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey) +{ + ECDSA_SIG *s; + s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); + if (s == NULL) + { + *siglen=0; + return 0; + } + *siglen = i2d_ECDSA_SIG(s, &sig); + ECDSA_SIG_free(s); + return 1; +} + +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) +{ + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); +} diff --git a/crypto/openssl/crypto/ecdsa/ecs_vrf.c b/crypto/openssl/crypto/ecdsa/ecs_vrf.c new file mode 100644 index 0000000..ef9acf7 --- /dev/null +++ b/crypto/openssl/crypto/ecdsa/ecs_vrf.c @@ -0,0 +1,96 @@ +/* crypto/ecdsa/ecdsa_vrf.c */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecs_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) + { + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); + } + +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) + { + ECDSA_SIG *s; + int ret=-1; + + s = ECDSA_SIG_new(); + if (s == NULL) return(ret); + if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); +err: + ECDSA_SIG_free(s); + return(ret); + } diff --git a/crypto/openssl/crypto/engine/Makefile b/crypto/openssl/crypto/engine/Makefile index 61942ac..13f211a 100644 --- a/crypto/openssl/crypto/engine/Makefile +++ b/crypto/openssl/crypto/engine/Makefile @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -24,16 +19,14 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \ - eng_openssl.c eng_dyn.c eng_cnf.c \ - hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ - hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c \ + eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \ - eng_openssl.o eng_dyn.o eng_cnf.o \ - hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ - hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ + tb_cipher.o tb_digest.o \ + eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o SRC= $(LIBSRC) @@ -61,7 +54,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -70,16 +64,13 @@ install: tags: ctags $(SRC) -errors: - $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \ - -nostatic -staticloader -write hw_*.c - tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -91,446 +82,207 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_all.o: ../../e_os.h ../../include/openssl/bio.h +eng_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h -eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h -eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_all.o: ../cryptlib.h eng_all.c eng_int.h +eng_cnf.o: ../../e_os.h ../../include/openssl/bio.h eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_cnf.o: ../cryptlib.h eng_cnf.c -eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h -eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_cnf.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_cnf.c eng_int.h +eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/objects.h +eng_cryptodev.o: ../../include/openssl/opensslconf.h +eng_cryptodev.o: ../../include/openssl/opensslv.h +eng_cryptodev.o: ../../include/openssl/ossl_typ.h +eng_cryptodev.o: ../../include/openssl/safestack.h +eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cryptodev.o: eng_cryptodev.c +eng_ctrl.o: ../../e_os.h ../../include/openssl/bio.h eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_ctrl.o: ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h -eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h -eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_ctrl.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_ctrl.c eng_int.h +eng_dyn.o: ../../e_os.h ../../include/openssl/bio.h eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h -eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_dyn.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_dyn.c eng_int.h +eng_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_err.o: ../../include/openssl/ui.h eng_err.c -eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h -eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_err.o: eng_err.c +eng_fat.o: ../../e_os.h ../../include/openssl/bio.h eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h -eng_init.o: ../../e_os.h ../../include/openssl/asn1.h -eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_fat.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_fat.c eng_int.h +eng_init.o: ../../e_os.h ../../include/openssl/bio.h eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_init.o: ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_init.o: ../cryptlib.h eng_init.c eng_int.h -eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h -eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_init.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_init.c eng_int.h +eng_lib.o: ../../e_os.h ../../include/openssl/bio.h eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c -eng_list.o: ../../e_os.h ../../include/openssl/asn1.h -eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_lib.c +eng_list.o: ../../e_os.h ../../include/openssl/bio.h eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_list.o: ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_list.o: ../cryptlib.h eng_int.h eng_list.c -eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h -eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +eng_list.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_list.c +eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_openssl.o: ../../include/openssl/opensslconf.h eng_openssl.o: ../../include/openssl/opensslv.h eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_openssl.o: ../cryptlib.h eng_openssl.c -eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h +eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c +eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_padlock.o: ../../include/openssl/opensslconf.h +eng_padlock.o: ../../include/openssl/opensslv.h +eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_padlock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_padlock.o: ../../include/openssl/symhacks.h eng_padlock.c +eng_pkey.o: ../../e_os.h ../../include/openssl/bio.h eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h eng_pkey.o: ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c -eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_pkey.c +eng_table.o: ../../e_os.h ../../include/openssl/asn1.h +eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -eng_table.o: ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -eng_table.o: eng_int.h eng_table.c -hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h -hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h -hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hw_4758_cca.o: ../../include/openssl/opensslconf.h -hw_4758_cca.o: ../../include/openssl/opensslv.h -hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h -hw_4758_cca.o: vendor_defns/hw_4758_cca.h -hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h -hw_aep.o: vendor_defns/aep.h -hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h -hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h -hw_atalla.o: vendor_defns/atalla.h -hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -hw_cryptodev.o: ../../include/openssl/objects.h -hw_cryptodev.o: ../../include/openssl/opensslconf.h -hw_cryptodev.o: ../../include/openssl/opensslv.h -hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c -hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h -hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h -hw_cswift.o: vendor_defns/cswift.h -hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h -hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h -hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hw_ncipher.o: ../../include/openssl/opensslconf.h -hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c -hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h -hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h -hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h -hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h -hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h -hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hw_sureware.o: ../../include/openssl/opensslconf.h -hw_sureware.o: ../../include/openssl/opensslv.h -hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c -hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h -hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h -hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h -hw_ubsec.o: vendor_defns/hw_ubsec.h -tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -tb_cipher.o: ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +eng_table.o: eng_table.c +tb_cipher.o: ../../e_os.h ../../include/openssl/bio.h +tb_cipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -tb_cipher.o: eng_int.h tb_cipher.c -tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +tb_cipher.o: tb_cipher.c +tb_dh.o: ../../e_os.h ../../include/openssl/bio.h +tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_dh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h -tb_dh.o: tb_dh.c -tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -tb_digest.o: ../../include/openssl/objects.h +tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c +tb_digest.o: ../../e_os.h ../../include/openssl/bio.h +tb_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/lhash.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -tb_digest.o: eng_int.h tb_digest.c -tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +tb_digest.o: tb_digest.c +tb_dsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -tb_dsa.o: eng_int.h tb_dsa.c -tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c +tb_ecdh.o: ../../e_os.h ../../include/openssl/bio.h +tb_ecdh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_ecdsa.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_ecdsa.c +tb_rand.o: ../../e_os.h ../../include/openssl/bio.h +tb_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -tb_rand.o: eng_int.h tb_rand.c -tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c +tb_rsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -tb_rsa.o: eng_int.h tb_rsa.c +tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c +tb_store.o: ../../e_os.h ../../include/openssl/bio.h +tb_store.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +tb_store.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_store.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_store.o: ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_store.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_store.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_store.c diff --git a/crypto/openssl/crypto/engine/eng_all.c b/crypto/openssl/crypto/engine/eng_all.c index 0f6992a..86b2f9a 100644 --- a/crypto/openssl/crypto/engine/eng_all.c +++ b/crypto/openssl/crypto/engine/eng_all.c @@ -56,8 +56,7 @@ * */ -#include -#include +#include "cryptlib.h" #include "eng_int.h" void ENGINE_load_builtin_engines(void) @@ -70,34 +69,42 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_openssl(); #endif ENGINE_load_dynamic(); +#ifndef OPENSSL_NO_STATIC_ENGINE #ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_4758_CCA + ENGINE_load_4758cca(); +#endif +#ifndef OPENSSL_NO_HW_AEP + ENGINE_load_aep(); +#endif +#ifndef OPENSSL_NO_HW_ATALLA + ENGINE_load_atalla(); +#endif #ifndef OPENSSL_NO_HW_CSWIFT ENGINE_load_cswift(); #endif #ifndef OPENSSL_NO_HW_NCIPHER ENGINE_load_chil(); #endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif #ifndef OPENSSL_NO_HW_NURON ENGINE_load_nuron(); #endif +#ifndef OPENSSL_NO_HW_SUREWARE + ENGINE_load_sureware(); +#endif #ifndef OPENSSL_NO_HW_UBSEC ENGINE_load_ubsec(); #endif -#ifndef OPENSSL_NO_HW_AEP - ENGINE_load_aep(); +#ifndef OPENSSL_NO_HW_PADLOCK + ENGINE_load_padlock(); #endif -#ifndef OPENSSL_NO_HW_SUREWARE - ENGINE_load_sureware(); -#endif -#ifndef OPENSSL_NO_HW_4758_CCA - ENGINE_load_4758cca(); #endif #if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif +#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) + ENGINE_load_gmp(); +#endif #endif } diff --git a/crypto/openssl/crypto/engine/eng_cnf.c b/crypto/openssl/crypto/engine/eng_cnf.c index cdf6709..a97e01e 100644 --- a/crypto/openssl/crypto/engine/eng_cnf.c +++ b/crypto/openssl/crypto/engine/eng_cnf.c @@ -56,11 +56,8 @@ * */ -#include -#include -#include "cryptlib.h" +#include "eng_int.h" #include -#include /* #define ENGINE_CONF_DEBUG */ @@ -158,7 +155,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) */ if (!strcmp(ctrlvalue, "EMPTY")) ctrlvalue = NULL; - else if (!strcmp(ctrlname, "init")) + if (!strcmp(ctrlname, "init")) { if (!NCONF_get_number_e(cnf, value, "init", &do_init)) goto err; @@ -210,7 +207,7 @@ static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) if (!elist) { - ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); + ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); return 0; } diff --git a/crypto/openssl/crypto/engine/eng_cryptodev.c b/crypto/openssl/crypto/engine/eng_cryptodev.c new file mode 100644 index 0000000..ab38cd5 --- /dev/null +++ b/crypto/openssl/crypto/engine/eng_cryptodev.c @@ -0,0 +1,1133 @@ +/* + * Copyright (c) 2002 Bob Beck + * Copyright (c) 2002 Theo de Raadt + * Copyright (c) 2002 Markus Friedl + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include +#include + +#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ + (defined(OpenBSD) || defined(__FreeBSD_version)) +#include +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) +# define HAVE_CRYPTODEV +# endif +# if (OpenBSD >= 200110) +# define HAVE_SYSLOG_R +# endif +#endif + +#ifndef HAVE_CRYPTODEV + +void +ENGINE_load_cryptodev(void) +{ + /* This is a NOP on platforms without /dev/crypto */ + return; +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct dev_crypto_state { + struct session_op d_sess; + int d_fd; +}; + +static u_int32_t cryptodev_asymfeat = 0; + +static int get_asym_dev_crypto(void); +static int open_dev_crypto(void); +static int get_dev_crypto(void); +static int cryptodev_max_iv(int cipher); +static int cryptodev_key_length_valid(int cipher, int len); +static int cipher_nid_to_cryptodev(int nid); +static int get_cryptodev_ciphers(const int **cnids); +static int get_cryptodev_digests(const int **cnids); +static int cryptodev_usable_ciphers(const int **nids); +static int cryptodev_usable_digests(const int **nids); +static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl); +static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); +static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); +static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid); +static int bn2crparam(const BIGNUM *a, struct crparam *crp); +static int crparam2bn(struct crparam *crp, BIGNUM *a); +static void zapparams(struct crypt_kop *kop); +static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, + int slen, BIGNUM *s); + +static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, + RSA *rsa); +static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); +static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, + BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, + BN_CTX *ctx, BN_MONT_CTX *mont); +static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, + int dlen, DSA *dsa); +static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); +static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); +static int cryptodev_dh_compute_key(unsigned char *key, + const BIGNUM *pub_key, DH *dh); +static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f)()); +void ENGINE_load_cryptodev(void); + +static const ENGINE_CMD_DEFN cryptodev_defns[] = { + { 0, NULL, NULL, 0 } +}; + +static struct { + int id; + int nid; + int ivmax; + int keylen; +} ciphers[] = { + { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, + { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, + { 0, NID_undef, 0, 0, }, +}; + +static struct { + int id; + int nid; +} digests[] = { + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, + { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, + { CRYPTO_MD5_KPDK, NID_undef, }, + { CRYPTO_SHA1_KPDK, NID_undef, }, + { CRYPTO_MD5, NID_md5, }, + { CRYPTO_SHA1, NID_undef, }, + { 0, NID_undef, }, +}; + +/* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +static int +open_dev_crypto(void) +{ + static int fd = -1; + + if (fd == -1) { + if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) + return (-1); + /* close on exec */ + if (fcntl(fd, F_SETFD, 1) == -1) { + close(fd); + fd = -1; + return (-1); + } + } + return (fd); +} + +static int +get_dev_crypto(void) +{ + int fd, retfd; + + if ((fd = open_dev_crypto()) == -1) + return (-1); + if (ioctl(fd, CRIOGET, &retfd) == -1) + return (-1); + + /* close on exec */ + if (fcntl(retfd, F_SETFD, 1) == -1) { + close(retfd); + return (-1); + } + return (retfd); +} + +/* Caching version for asym operations */ +static int +get_asym_dev_crypto(void) +{ + static int fd = -1; + + if (fd == -1) + fd = get_dev_crypto(); + return fd; +} + +/* + * XXXX this needs to be set for each alg - and determined from + * a running card. + */ +static int +cryptodev_max_iv(int cipher) +{ + int i; + + for (i = 0; ciphers[i].id; i++) + if (ciphers[i].id == cipher) + return (ciphers[i].ivmax); + return (0); +} + +/* + * XXXX this needs to be set for each alg - and determined from + * a running card. For now, fake it out - but most of these + * for real devices should return 1 for the supported key + * sizes the device can handle. + */ +static int +cryptodev_key_length_valid(int cipher, int len) +{ + int i; + + for (i = 0; ciphers[i].id; i++) + if (ciphers[i].id == cipher) + return (ciphers[i].keylen == len); + return (0); +} + +/* convert libcrypto nids to cryptodev */ +static int +cipher_nid_to_cryptodev(int nid) +{ + int i; + + for (i = 0; ciphers[i].id; i++) + if (ciphers[i].nid == nid) + return (ciphers[i].id); + return (0); +} + +/* + * Find out what ciphers /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_ciphers routine + */ +static int +get_cryptodev_ciphers(const int **cnids) +{ + static int nids[CRYPTO_ALGORITHM_MAX]; + struct session_op sess; + int fd, i, count = 0; + + if ((fd = get_dev_crypto()) < 0) { + *cnids = NULL; + return (0); + } + memset(&sess, 0, sizeof(sess)); + sess.key = (caddr_t)"123456781234567812345678"; + + for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (ciphers[i].nid == NID_undef) + continue; + sess.cipher = ciphers[i].id; + sess.keylen = ciphers[i].keylen; + sess.mac = 0; + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = ciphers[i].nid; + } + close(fd); + + if (count > 0) + *cnids = nids; + else + *cnids = NULL; + return (count); +} + +/* + * Find out what digests /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_digests routine + */ +static int +get_cryptodev_digests(const int **cnids) +{ + static int nids[CRYPTO_ALGORITHM_MAX]; + struct session_op sess; + int fd, i, count = 0; + + if ((fd = get_dev_crypto()) < 0) { + *cnids = NULL; + return (0); + } + memset(&sess, 0, sizeof(sess)); + for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (digests[i].nid == NID_undef) + continue; + sess.mac = digests[i].id; + sess.cipher = 0; + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = digests[i].nid; + } + close(fd); + + if (count > 0) + *cnids = nids; + else + *cnids = NULL; + return (count); +} + +/* + * Find the useable ciphers|digests from dev/crypto - this is the first + * thing called by the engine init crud which determines what it + * can use for ciphers from this engine. We want to return + * only what we can do, anythine else is handled by software. + * + * If we can't initialize the device to do anything useful for + * any reason, we want to return a NULL array, and 0 length, + * which forces everything to be done is software. By putting + * the initalization of the device in here, we ensure we can + * use this engine as the default, and if for whatever reason + * /dev/crypto won't do what we want it will just be done in + * software + * + * This can (should) be greatly expanded to perhaps take into + * account speed of the device, and what we want to do. + * (although the disabling of particular alg's could be controlled + * by the device driver with sysctl's.) - this is where we + * want most of the decisions made about what we actually want + * to use from /dev/crypto. + */ +static int +cryptodev_usable_ciphers(const int **nids) +{ + return (get_cryptodev_ciphers(nids)); +} + +static int +cryptodev_usable_digests(const int **nids) +{ + /* + * XXXX just disable all digests for now, because it sucks. + * we need a better way to decide this - i.e. I may not + * want digests on slow cards like hifn on fast machines, + * but might want them on slow or loaded machines, etc. + * will also want them when using crypto cards that don't + * suck moose gonads - would be nice to be able to decide something + * as reasonable default without having hackery that's card dependent. + * of course, the default should probably be just do everything, + * with perhaps a sysctl to turn algoritms off (or have them off + * by default) on cards that generally suck like the hifn. + */ + *nids = NULL; + return (0); +} + +static int +cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; + void *iiv; + unsigned char save_iv[EVP_MAX_IV_LENGTH]; + + if (state->d_fd < 0) + return (0); + if (!inl) + return (1); + if ((inl % ctx->cipher->block_size) != 0) + return (0); + + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = inl; + cryp.src = (caddr_t) in; + cryp.dst = (caddr_t) out; + cryp.mac = 0; + + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; + + if (ctx->cipher->iv_len) { + cryp.iv = (caddr_t) ctx->iv; + if (!ctx->encrypt) { + iiv = (void *) in + inl - ctx->cipher->iv_len; + memcpy(save_iv, iiv, ctx->cipher->iv_len); + } + } else + cryp.iv = NULL; + + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { + /* XXX need better errror handling + * this can fail for a number of different reasons. + */ + return (0); + } + + if (ctx->cipher->iv_len) { + if (ctx->encrypt) + iiv = (void *) out + inl - ctx->cipher->iv_len; + else + iiv = save_iv; + memcpy(ctx->iv, iiv, ctx->cipher->iv_len); + } + return (1); +} + +static int +cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; + int cipher; + + if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) + return (0); + + if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) + return (0); + + if (!cryptodev_key_length_valid(cipher, ctx->key_len)) + return (0); + + memset(sess, 0, sizeof(struct session_op)); + + if ((state->d_fd = get_dev_crypto()) < 0) + return (0); + + sess->key = (unsigned char *)key; + sess->keylen = ctx->key_len; + sess->cipher = cipher; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { + close(state->d_fd); + state->d_fd = -1; + return (0); + } + return (1); +} + +/* + * free anything we allocated earlier when initting a + * session, and close the session. + */ +static int +cryptodev_cleanup(EVP_CIPHER_CTX *ctx) +{ + int ret = 0; + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; + + if (state->d_fd < 0) + return (0); + + /* XXX if this ioctl fails, someting's wrong. the invoker + * may have called us with a bogus ctx, or we could + * have a device that for whatever reason just doesn't + * want to play ball - it's not clear what's right + * here - should this be an error? should it just + * increase a counter, hmm. For right now, we return + * 0 - I don't believe that to be "right". we could + * call the gorpy openssl lib error handlers that + * print messages to users of the library. hmm.. + */ + + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { + ret = 0; + } else { + ret = 1; + } + close(state->d_fd); + state->d_fd = -1; + + return (ret); +} + +/* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine + * gets called when libcrypto requests a cipher NID. + */ + +/* DES CBC EVP */ +const EVP_CIPHER cryptodev_des_cbc = { + NID_des_cbc, + 8, 8, 8, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +/* 3DES CBC EVP */ +const EVP_CIPHER cryptodev_3des_cbc = { + NID_des_ede3_cbc, + 8, 24, 8, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_bf_cbc = { + NID_bf_cbc, + 8, 16, 8, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_cast_cbc = { + NID_cast5_cbc, + 8, 16, 8, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_aes_cbc = { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +/* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the + * top level - note, that list is restricted by what we answer with + */ +static int +cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) +{ + if (!cipher) + return (cryptodev_usable_ciphers(nids)); + + switch (nid) { + case NID_des_ede3_cbc: + *cipher = &cryptodev_3des_cbc; + break; + case NID_des_cbc: + *cipher = &cryptodev_des_cbc; + break; + case NID_bf_cbc: + *cipher = &cryptodev_bf_cbc; + break; + case NID_cast5_cbc: + *cipher = &cryptodev_cast_cbc; + break; + case NID_aes_128_cbc: + *cipher = &cryptodev_aes_cbc; + break; + default: + *cipher = NULL; + break; + } + return (*cipher != NULL); +} + +static int +cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) +{ + if (!digest) + return (cryptodev_usable_digests(nids)); + + switch (nid) { + case NID_md5: + *digest = NULL; /* need to make a clean md5 critter */ + break; + default: + *digest = NULL; + break; + } + return (*digest != NULL); +} + +/* + * Convert a BIGNUM to the representation that /dev/crypto needs. + * Upon completion of use, the caller is responsible for freeing + * crp->crp_p. + */ +static int +bn2crparam(const BIGNUM *a, struct crparam *crp) +{ + int i, j, k; + ssize_t words, bytes, bits; + u_char *b; + + crp->crp_p = NULL; + crp->crp_nbits = 0; + + bits = BN_num_bits(a); + bytes = (bits + 7) / 8; + + b = malloc(bytes); + if (b == NULL) + return (1); + + crp->crp_p = b; + crp->crp_nbits = bits; + + for (i = 0, j = 0; i < a->top; i++) { + for (k = 0; k < BN_BITS2 / 8; k++) { + if ((j + k) >= bytes) + return (0); + b[j + k] = a->d[i] >> (k * 8); + } + j += BN_BITS2 / 8; + } + return (0); +} + +/* Convert a /dev/crypto parameter to a BIGNUM */ +static int +crparam2bn(struct crparam *crp, BIGNUM *a) +{ + u_int8_t *pd; + int i, bytes; + + bytes = (crp->crp_nbits + 7) / 8; + + if (bytes == 0) + return (-1); + + if ((pd = (u_int8_t *) malloc(bytes)) == NULL) + return (-1); + + for (i = 0; i < bytes; i++) + pd[i] = crp->crp_p[bytes - i - 1]; + + BN_bin2bn(pd, bytes, a); + free(pd); + + return (0); +} + +static void +zapparams(struct crypt_kop *kop) +{ + int i; + + for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { + if (kop->crk_param[i].crp_p) + free(kop->crk_param[i].crp_p); + kop->crk_param[i].crp_p = NULL; + kop->crk_param[i].crp_nbits = 0; + } +} + +static int +cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) +{ + int fd, ret = -1; + + if ((fd = get_asym_dev_crypto()) < 0) + return (ret); + + if (r) { + kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); + kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; + kop->crk_oparams++; + } + if (s) { + kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); + kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; + kop->crk_oparams++; + } + + if (ioctl(fd, CIOCKEY, kop) == 0) { + if (r) + crparam2bn(&kop->crk_param[kop->crk_iparams], r); + if (s) + crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); + ret = 0; + } + + return (ret); +} + +static int +cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +{ + struct crypt_kop kop; + int ret = 1; + + /* Currently, we know we can do mod exp iff we can do any + * asymmetric operations at all. + */ + if (cryptodev_asymfeat == 0) { + ret = BN_mod_exp(r, a, p, m, ctx); + return (ret); + } + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_MOD_EXP; + + /* inputs: a^p % m */ + if (bn2crparam(a, &kop.crk_param[0])) + goto err; + if (bn2crparam(p, &kop.crk_param[1])) + goto err; + if (bn2crparam(m, &kop.crk_param[2])) + goto err; + kop.crk_iparams = 3; + + if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); + } +err: + zapparams(&kop); + return (ret); +} + +static int +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +{ + int r; + BN_CTX *ctx; + + ctx = BN_CTX_new(); + r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); + BN_CTX_free(ctx); + return (r); +} + +static int +cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) +{ + struct crypt_kop kop; + int ret = 1; + + if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { + /* XXX 0 means failure?? */ + return (0); + } + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_MOD_EXP_CRT; + /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ + if (bn2crparam(rsa->p, &kop.crk_param[0])) + goto err; + if (bn2crparam(rsa->q, &kop.crk_param[1])) + goto err; + if (bn2crparam(I, &kop.crk_param[2])) + goto err; + if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) + goto err; + if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) + goto err; + if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) + goto err; + kop.crk_iparams = 6; + + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); + } +err: + zapparams(&kop); + return (ret); +} + +static RSA_METHOD cryptodev_rsa = { + "cryptodev RSA method", + NULL, /* rsa_pub_enc */ + NULL, /* rsa_pub_dec */ + NULL, /* rsa_priv_enc */ + NULL, /* rsa_priv_dec */ + NULL, + NULL, + NULL, /* init */ + NULL, /* finish */ + 0, /* flags */ + NULL, /* app_data */ + NULL, /* rsa_sign */ + NULL /* rsa_verify */ +}; + +static int +cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +} + +static int +cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, + BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, + BN_CTX *ctx, BN_MONT_CTX *mont) +{ + BIGNUM t2; + int ret = 0; + + BN_init(&t2); + + /* v = ( g^u1 * y^u2 mod p ) mod q */ + /* let t1 = g ^ u1 mod p */ + ret = 0; + + if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) + goto err; + + /* let t2 = y ^ u2 mod p */ + if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) + goto err; + /* let u1 = t1 * t2 mod p */ + if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) + goto err; + + BN_copy(t1,u1); + + ret = 1; +err: + BN_free(&t2); + return(ret); +} + +static DSA_SIG * +cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ + struct crypt_kop kop; + BIGNUM *r = NULL, *s = NULL; + DSA_SIG *dsaret = NULL; + + if ((r = BN_new()) == NULL) + goto err; + if ((s = BN_new()) == NULL) { + BN_free(r); + goto err; + } + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DSA_SIGN; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ + kop.crk_param[0].crp_p = (caddr_t)dgst; + kop.crk_param[0].crp_nbits = dlen * 8; + if (bn2crparam(dsa->p, &kop.crk_param[1])) + goto err; + if (bn2crparam(dsa->q, &kop.crk_param[2])) + goto err; + if (bn2crparam(dsa->g, &kop.crk_param[3])) + goto err; + if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) + goto err; + kop.crk_iparams = 5; + + if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, + BN_num_bytes(dsa->q), s) == 0) { + dsaret = DSA_SIG_new(); + dsaret->r = r; + dsaret->s = s; + } else { + const DSA_METHOD *meth = DSA_OpenSSL(); + BN_free(r); + BN_free(s); + dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); + } +err: + kop.crk_param[0].crp_p = NULL; + zapparams(&kop); + return (dsaret); +} + +static int +cryptodev_dsa_verify(const unsigned char *dgst, int dlen, + DSA_SIG *sig, DSA *dsa) +{ + struct crypt_kop kop; + int dsaret = 1; + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DSA_VERIFY; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ + kop.crk_param[0].crp_p = (caddr_t)dgst; + kop.crk_param[0].crp_nbits = dlen * 8; + if (bn2crparam(dsa->p, &kop.crk_param[1])) + goto err; + if (bn2crparam(dsa->q, &kop.crk_param[2])) + goto err; + if (bn2crparam(dsa->g, &kop.crk_param[3])) + goto err; + if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) + goto err; + if (bn2crparam(sig->r, &kop.crk_param[5])) + goto err; + if (bn2crparam(sig->s, &kop.crk_param[6])) + goto err; + kop.crk_iparams = 7; + + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { + dsaret = kop.crk_status; + } else { + const DSA_METHOD *meth = DSA_OpenSSL(); + + dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); + } +err: + kop.crk_param[0].crp_p = NULL; + zapparams(&kop); + return (dsaret); +} + +static DSA_METHOD cryptodev_dsa = { + "cryptodev DSA method", + NULL, + NULL, /* dsa_sign_setup */ + NULL, + NULL, /* dsa_mod_exp */ + NULL, + NULL, /* init */ + NULL, /* finish */ + 0, /* flags */ + NULL /* app_data */ +}; + +static int +cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx) +{ + return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +} + +static int +cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +{ + struct crypt_kop kop; + int dhret = 1; + int fd, keylen; + + if ((fd = get_asym_dev_crypto()) < 0) { + const DH_METHOD *meth = DH_OpenSSL(); + + return ((meth->compute_key)(key, pub_key, dh)); + } + + keylen = BN_num_bits(dh->p); + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DH_COMPUTE_KEY; + + /* inputs: dh->priv_key pub_key dh->p key */ + if (bn2crparam(dh->priv_key, &kop.crk_param[0])) + goto err; + if (bn2crparam(pub_key, &kop.crk_param[1])) + goto err; + if (bn2crparam(dh->p, &kop.crk_param[2])) + goto err; + kop.crk_iparams = 3; + + kop.crk_param[3].crp_p = key; + kop.crk_param[3].crp_nbits = keylen * 8; + kop.crk_oparams = 1; + + if (ioctl(fd, CIOCKEY, &kop) == -1) { + const DH_METHOD *meth = DH_OpenSSL(); + + dhret = (meth->compute_key)(key, pub_key, dh); + } +err: + kop.crk_param[3].crp_p = NULL; + zapparams(&kop); + return (dhret); +} + +static DH_METHOD cryptodev_dh = { + "cryptodev DH method", + NULL, /* cryptodev_dh_generate_key */ + NULL, + NULL, + NULL, + NULL, + 0, /* flags */ + NULL /* app_data */ +}; + +/* + * ctrl right now is just a wrapper that doesn't do much + * but I expect we'll want some options soon. + */ +static int +cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +{ +#ifdef HAVE_SYSLOG_R + struct syslog_data sd = SYSLOG_DATA_INIT; +#endif + + switch (cmd) { + default: +#ifdef HAVE_SYSLOG_R + syslog_r(LOG_ERR, &sd, + "cryptodev_ctrl: unknown command %d", cmd); +#else + syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +#endif + break; + } + return (1); +} + +void +ENGINE_load_cryptodev(void) +{ + ENGINE *engine = ENGINE_new(); + int fd; + + if (engine == NULL) + return; + if ((fd = get_dev_crypto()) < 0) { + ENGINE_free(engine); + return; + } + + /* + * find out what asymmetric crypto algorithms we support + */ + if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { + close(fd); + ENGINE_free(engine); + return; + } + close(fd); + + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || + !ENGINE_set_digests(engine, cryptodev_engine_digests) || + !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || + !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { + ENGINE_free(engine); + return; + } + + if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { + const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); + + cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; + cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; + cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; + cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; + cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; + cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; + if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_mod_exp; + else + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_nocrt_mod_exp; + } + } + + if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { + const DSA_METHOD *meth = DSA_OpenSSL(); + + memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); + if (cryptodev_asymfeat & CRF_DSA_SIGN) + cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; + cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; + } + if (cryptodev_asymfeat & CRF_DSA_VERIFY) + cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; + } + + if (ENGINE_set_DH(engine, &cryptodev_dh)){ + const DH_METHOD *dh_meth = DH_OpenSSL(); + + cryptodev_dh.generate_key = dh_meth->generate_key; + cryptodev_dh.compute_key = dh_meth->compute_key; + cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) + cryptodev_dh.compute_key = + cryptodev_dh_compute_key; + } + } + + ENGINE_add(engine); + ENGINE_free(engine); + ERR_clear_error(); +} + +#endif /* HAVE_CRYPTODEV */ diff --git a/crypto/openssl/crypto/engine/eng_ctrl.c b/crypto/openssl/crypto/engine/eng_ctrl.c index 412c73f..95b6b45 100644 --- a/crypto/openssl/crypto/engine/eng_ctrl.c +++ b/crypto/openssl/crypto/engine/eng_ctrl.c @@ -53,10 +53,7 @@ * */ -#include -#include "cryptlib.h" #include "eng_int.h" -#include /* When querying a ENGINE-specific control command's 'description', this string * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ @@ -103,7 +100,8 @@ static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) return -1; } -static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, + void (*f)(void)) { int idx; char *s = (char *)p; @@ -181,7 +179,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) return -1; } -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ctrl_exists, ref_exists; if(e == NULL) @@ -251,13 +249,13 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd) } int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional) + long i, void *p, void (*f)(void), int cmd_optional) { int num; if((e == NULL) || (cmd_name == NULL)) { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER); return 0; } diff --git a/crypto/openssl/crypto/engine/eng_dyn.c b/crypto/openssl/crypto/engine/eng_dyn.c index 4139a16..acb30c3 100644 --- a/crypto/openssl/crypto/engine/eng_dyn.c +++ b/crypto/openssl/crypto/engine/eng_dyn.c @@ -57,11 +57,7 @@ */ -#include -#include -#include "cryptlib.h" #include "eng_int.h" -#include #include /* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader @@ -70,7 +66,7 @@ /* Our ENGINE handlers */ static int dynamic_init(ENGINE *e); static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Predeclare our context type */ typedef struct st_dynamic_data_ctx dynamic_data_ctx; /* The implementation for the important control command */ @@ -80,7 +76,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); #define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) #define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) #define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4) +#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) +#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) +#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) /* The constants used when creating the ENGINE */ static const char *engine_dynamic_id = "dynamic"; @@ -102,6 +100,14 @@ static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { "LIST_ADD", "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", ENGINE_CMD_FLAG_NUMERIC}, + {DYNAMIC_CMD_DIR_LOAD, + "DIR_LOAD", + "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", + ENGINE_CMD_FLAG_NUMERIC}, + {DYNAMIC_CMD_DIR_ADD, + "DIR_ADD", + "Adds a directory from which ENGINEs can be loaded", + ENGINE_CMD_FLAG_STRING}, {DYNAMIC_CMD_LOAD, "LOAD", "Load up the ENGINE specified by other settings", @@ -136,12 +142,18 @@ struct st_dynamic_data_ctx const char *DYNAMIC_F1; /* The symbol name for the "initialise ENGINE structure" function */ const char *DYNAMIC_F2; + /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use + * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ + int dir_load; + /* A stack of directories from which ENGINEs could be loaded */ + STACK *dirs; }; /* This is the "ex_data" index we obtain and reserve for use with our context * structure. */ static int dynamic_ex_data_idx = -1; +static void int_free_str(void *s) { OPENSSL_free(s); } /* Because our ex_data element may or may not get allocated depending on whether * a "first-use" occurs before the ENGINE is freed, we have a memory leak * problem to solve. We can't declare a "new" handler for the ex_data as we @@ -161,6 +173,8 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); if(ctx->engine_id) OPENSSL_free((void*)ctx->engine_id); + if(ctx->dirs) + sk_pop_free(ctx->dirs, int_free_str); OPENSSL_free(ctx); } } @@ -175,7 +189,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); if(!c) { - ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); + ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); return 0; } memset(c, 0, sizeof(dynamic_data_ctx)); @@ -188,6 +202,14 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) c->list_add_value = 0; c->DYNAMIC_F1 = "v_check"; c->DYNAMIC_F2 = "bind_engine"; + c->dir_load = 1; + c->dirs = sk_new_null(); + if(!c->dirs) + { + ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); + OPENSSL_free(c); + return 0; + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx)) == NULL) @@ -290,7 +312,7 @@ static int dynamic_finish(ENGINE *e) return 0; } -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); int initialised; @@ -346,6 +368,34 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) return 1; case DYNAMIC_CMD_LOAD: return dynamic_load(e, ctx); + case DYNAMIC_CMD_DIR_LOAD: + if((i < 0) || (i > 2)) + { + ENGINEerr(ENGINE_F_DYNAMIC_CTRL, + ENGINE_R_INVALID_ARGUMENT); + return 0; + } + ctx->dir_load = (int)i; + return 1; + case DYNAMIC_CMD_DIR_ADD: + /* a NULL 'p' or a string of zero-length is the same thing */ + if(!p || (strlen((const char *)p) < 1)) + { + ENGINEerr(ENGINE_F_DYNAMIC_CTRL, + ENGINE_R_INVALID_ARGUMENT); + return 0; + } + { + char *tmp_str = BUF_strdup(p); + if(!tmp_str) + { + ENGINEerr(ENGINE_F_DYNAMIC_CTRL, + ERR_R_MALLOC_FAILURE); + return 0; + } + sk_insert(ctx->dirs, tmp_str, -1); + } + return 1; default: break; } @@ -353,16 +403,53 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) return 0; } +static int int_load(dynamic_data_ctx *ctx) + { + int num, loop; + /* Unless told not to, try a direct load */ + if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, + ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) + return 1; + /* If we're not allowed to use 'dirs' or we have none, fail */ + if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) + return 0; + for(loop = 0; loop < num; loop++) + { + const char *s = sk_value(ctx->dirs, loop); + char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); + if(!merge) + return 0; + if(DSO_load(ctx->dynamic_dso, merge, NULL, 0)) + { + /* Found what we're looking for */ + OPENSSL_free(merge); + return 1; + } + OPENSSL_free(merge); + } + return 0; + } + static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) { ENGINE cpy; dynamic_fns fns; - if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL, - ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL)) + if(!ctx->dynamic_dso) + ctx->dynamic_dso = DSO_new(); + if(!ctx->DYNAMIC_LIBNAME) + { + if(!ctx->engine_id) + return 0; + ctx->DYNAMIC_LIBNAME = + DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); + } + if(!int_load(ctx)) { ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND); + DSO_free(ctx->dynamic_dso); + ctx->dynamic_dso = NULL; return 0; } /* We have to find a bind function otherwise it'll always end badly */ @@ -409,6 +496,7 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * engine.h, much of this would be simplified if each area of code * provided its own "summary" structure of all related callbacks. It * would also increase opaqueness. */ + fns.static_state = ENGINE_get_static_state(); fns.err_fns = ERR_get_implementation(); fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, diff --git a/crypto/openssl/crypto/engine/eng_err.c b/crypto/openssl/crypto/engine/eng_err.c index 814d95e..62db507 100644 --- a/crypto/openssl/crypto/engine/eng_err.c +++ b/crypto/openssl/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,87 +64,92 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) + static ERR_STRING_DATA ENGINE_str_functs[]= { -{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, -{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, -{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, -{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, -{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, -{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, -{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0), "ENGINE_get_cipher"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0), "ENGINE_get_digest"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, -{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, -{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0), "ENGINE_MODULE_INIT"}, -{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, -{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0), "ENGINE_set_default_string"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, -{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, -{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, -{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, -{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, -{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, -{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, -{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, +{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, +{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, +{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, +{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, +{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, +{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, +{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, +{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, +{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, +{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, +{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, +{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, +{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, +{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, +{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, +{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, +{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, +{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, +{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, +{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, +{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, +{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, +{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, +{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, +{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, +{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, +{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, +{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, +{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, +{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, +{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, {0,NULL} }; static ERR_STRING_DATA ENGINE_str_reasons[]= { -{ENGINE_R_ALREADY_LOADED ,"already loaded"}, -{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"}, -{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"}, -{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"}, -{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, -{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, -{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, -{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, -{ENGINE_R_DSO_FAILURE ,"DSO failure"}, -{ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, -{ENGINE_R_ENGINES_SECTION_ERROR ,"engines section error"}, -{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"}, -{ENGINE_R_ENGINE_SECTION_ERROR ,"engine section error"}, -{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, -{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, -{ENGINE_R_FINISH_FAILED ,"finish failed"}, -{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"}, -{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"}, -{ENGINE_R_INIT_FAILED ,"init failed"}, -{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"}, -{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, -{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, -{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, -{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"}, -{ENGINE_R_INVALID_STRING ,"invalid string"}, -{ENGINE_R_NOT_INITIALISED ,"not initialised"}, -{ENGINE_R_NOT_LOADED ,"not loaded"}, -{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, -{ENGINE_R_NO_INDEX ,"no index"}, -{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, -{ENGINE_R_NO_REFERENCE ,"no reference"}, -{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, -{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, -{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, -{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, -{ENGINE_R_UNIMPLEMENTED_CIPHER ,"unimplemented cipher"}, -{ENGINE_R_UNIMPLEMENTED_DIGEST ,"unimplemented digest"}, -{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"}, +{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"}, +{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"}, +{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"}, +{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"}, +{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"}, +{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"}, +{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"}, +{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"}, +{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"}, +{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"}, +{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"}, +{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"}, +{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"}, +{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"}, +{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, +{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"}, +{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"}, +{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"}, +{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"}, +{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"}, +{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"}, +{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"}, +{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"}, +{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"}, +{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"}, +{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"}, +{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"}, +{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"}, +{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"}, +{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"}, +{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"}, +{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"}, +{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"}, +{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"}, +{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"}, +{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"}, +{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"}, +{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"}, +{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"}, {0,NULL} }; @@ -158,8 +163,8 @@ void ERR_load_ENGINE_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs); - ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons); + ERR_load_strings(0,ENGINE_str_functs); + ERR_load_strings(0,ENGINE_str_reasons); #endif } diff --git a/crypto/openssl/crypto/engine/eng_fat.c b/crypto/openssl/crypto/engine/eng_fat.c index 7ccf702..27c1662 100644 --- a/crypto/openssl/crypto/engine/eng_fat.c +++ b/crypto/openssl/crypto/engine/eng_fat.c @@ -52,11 +52,13 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ -#include -#include "cryptlib.h" #include "eng_int.h" -#include #include int ENGINE_set_default(ENGINE *e, unsigned int flags) @@ -77,6 +79,14 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif +#ifndef OPENSSL_NO_ECDH + if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) + return 0; +#endif +#ifndef OPENSSL_NO_ECDSA + if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) + return 0; +#endif if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; @@ -93,6 +103,10 @@ static int int_def_cb(const char *alg, int len, void *arg) *pflags |= ENGINE_METHOD_RSA; else if (!strncmp(alg, "DSA", len)) *pflags |= ENGINE_METHOD_DSA; + else if (!strncmp(alg, "ECDH", len)) + *pflags |= ENGINE_METHOD_ECDH; + else if (!strncmp(alg, "ECDSA", len)) + *pflags |= ENGINE_METHOD_ECDSA; else if (!strncmp(alg, "DH", len)) *pflags |= ENGINE_METHOD_DH; else if (!strncmp(alg, "RAND", len)) @@ -133,6 +147,12 @@ int ENGINE_register_complete(ENGINE *e) #ifndef OPENSSL_NO_DH ENGINE_register_DH(e); #endif +#ifndef OPENSSL_NO_ECDH + ENGINE_register_ECDH(e); +#endif +#ifndef OPENSSL_NO_ECDSA + ENGINE_register_ECDSA(e); +#endif ENGINE_register_RAND(e); return 1; } diff --git a/crypto/openssl/crypto/engine/eng_init.c b/crypto/openssl/crypto/engine/eng_init.c index 170c179..7633cf5 100644 --- a/crypto/openssl/crypto/engine/eng_init.c +++ b/crypto/openssl/crypto/engine/eng_init.c @@ -53,10 +53,7 @@ * */ -#include -#include "cryptlib.h" #include "eng_int.h" -#include /* Initialise a engine type for use (or up its functional reference count * if it's already in use). This version is only used internally. */ @@ -114,7 +111,7 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) /* Release the structural reference too */ if(!engine_free_util(e, 0)) { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED); return 0; } return to_return; diff --git a/crypto/openssl/crypto/engine/eng_int.h b/crypto/openssl/crypto/engine/eng_int.h index 38335f9..a5b1ede 100644 --- a/crypto/openssl/crypto/engine/eng_int.h +++ b/crypto/openssl/crypto/engine/eng_int.h @@ -55,10 +55,16 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_ENGINE_INT_H #define HEADER_ENGINE_INT_H +#include "cryptlib.h" /* Take public definitions from engine.h */ #include @@ -146,7 +152,10 @@ struct engine_st const RSA_METHOD *rsa_meth; const DSA_METHOD *dsa_meth; const DH_METHOD *dh_meth; + const ECDH_METHOD *ecdh_meth; + const ECDSA_METHOD *ecdsa_meth; const RAND_METHOD *rand_meth; + const STORE_METHOD *store_meth; /* Cipher handling is via this callback */ ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/openssl/crypto/engine/eng_lib.c index a66d0f0..5815b86 100644 --- a/crypto/openssl/crypto/engine/eng_lib.c +++ b/crypto/openssl/crypto/engine/eng_lib.c @@ -56,11 +56,8 @@ * */ -#include -#include "cryptlib.h" #include "eng_int.h" -#include /* FIXME: This shouldn't be needed */ -#include +#include /* The "new"/"free" stuff first */ @@ -92,6 +89,7 @@ void engine_set_all_null(ENGINE *e) e->dsa_meth = NULL; e->dh_meth = NULL; e->rand_meth = NULL; + e->store_meth = NULL; e->ciphers = NULL; e->digests = NULL; e->destroy = NULL; @@ -110,7 +108,7 @@ int engine_free_util(ENGINE *e, int locked) if(e == NULL) { - ENGINEerr(ENGINE_F_ENGINE_FREE, + ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -319,3 +317,13 @@ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) { return e->cmd_defns; } + +/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so + * put the "static_state" hack here. */ + +static int internal_static_hack = 0; + +void *ENGINE_get_static_state(void) + { + return &internal_static_hack; + } diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c index 1cc3217..bd51194 100644 --- a/crypto/openssl/crypto/engine/eng_list.c +++ b/crypto/openssl/crypto/engine/eng_list.c @@ -55,11 +55,13 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ -#include -#include "cryptlib.h" #include "eng_int.h" -#include /* The linked-list of pointers to engine types. engine_list_head * incorporates an implicit structural reference but engine_list_tail @@ -324,7 +326,14 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) #ifndef OPENSSL_NO_DH dest->dh_meth = src->dh_meth; #endif +#ifndef OPENSSL_NO_ECDH + dest->ecdh_meth = src->ecdh_meth; +#endif +#ifndef OPENSSL_NO_ECDSA + dest->ecdsa_meth = src->ecdsa_meth; +#endif dest->rand_meth = src->rand_meth; + dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; dest->destroy = src->destroy; @@ -340,6 +349,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) ENGINE *ENGINE_by_id(const char *id) { ENGINE *iterator; + char *load_dir = NULL; if(id == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, @@ -373,6 +383,7 @@ ENGINE *ENGINE_by_id(const char *id) } } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +#if 0 if(iterator == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, @@ -380,6 +391,32 @@ ENGINE *ENGINE_by_id(const char *id) ERR_add_error_data(2, "id=", id); } return iterator; +#else + /* EEK! Experimental code starts */ + if(iterator) return iterator; + /* Prevent infinite recusrion if we're looking for the dynamic engine. */ + if (strcmp(id, "dynamic")) + { +#ifdef OPENSSL_SYS_VMS + if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; +#else + if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; +#endif + iterator = ENGINE_by_id("dynamic"); + if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || + !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || + !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", + load_dir, 0) || + !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) + goto notfound; + return iterator; + } +notfound: + ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); + ERR_add_error_data(2, "id=", id); + return NULL; + /* EEK! Experimental code ends */ +#endif } int ENGINE_up_ref(ENGINE *e) diff --git a/crypto/openssl/crypto/engine/eng_openssl.c b/crypto/openssl/crypto/engine/eng_openssl.c index 54579ee..7c139ae 100644 --- a/crypto/openssl/crypto/engine/eng_openssl.c +++ b/crypto/openssl/crypto/engine/eng_openssl.c @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include @@ -64,6 +69,16 @@ #include #include #include +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -125,6 +140,12 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) #endif +#ifndef OPENSSL_NO_ECDH + || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) +#endif +#ifndef OPENSSL_NO_ECDSA + || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) +#endif #ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) #endif @@ -236,6 +257,7 @@ static const EVP_CIPHER test_r4_cipher= sizeof(TEST_RC4_KEY), NULL, NULL, + NULL, NULL }; static const EVP_CIPHER test_r4_40_cipher= @@ -249,6 +271,7 @@ static const EVP_CIPHER test_r4_40_cipher= sizeof(TEST_RC4_KEY), NULL, NULL, + NULL, NULL }; static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, @@ -290,7 +313,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx) #endif return SHA1_Init(ctx->md_data); } -static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count) { #ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); diff --git a/crypto/openssl/crypto/engine/eng_padlock.c b/crypto/openssl/crypto/engine/eng_padlock.c index db9c52b..8d92af6 100644 --- a/crypto/openssl/crypto/engine/eng_padlock.c +++ b/crypto/openssl/crypto/engine/eng_padlock.c @@ -65,17 +65,17 @@ #include #include -#include -#ifdef _MSC_VER -# define alloca _alloca -# define snprintf _snprintf -#endif +#include #include #include #include #include +#ifndef OPENSSL_NO_AES #include +#endif +#include +#include #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_PADLOCK @@ -101,13 +101,13 @@ compiler choice is limited to GCC and Microsoft C. */ #undef COMPILE_HW_PADLOCK #if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__i386__) || defined(__i386) || defined(_M_IX86) +# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ + (defined(_MSC_VER) && defined(_M_IX86)) # define COMPILE_HW_PADLOCK +static ENGINE *ENGINE_padlock (void); # endif #endif -static ENGINE *ENGINE_padlock (void); - void ENGINE_load_padlock (void) { /* On non-x86 CPUs it just returns. */ @@ -121,6 +121,15 @@ void ENGINE_load_padlock (void) } #ifdef COMPILE_HW_PADLOCK +/* We do these includes here to avoid header problems on platforms that + do not have the VIA padlock anyway... */ +#ifdef _MSC_VER +# include +# define alloca _alloca +#else +# include +#endif + /* Function for ENGINE detection and control */ static int padlock_available(void); static int padlock_init(ENGINE *e); @@ -129,7 +138,9 @@ static int padlock_init(ENGINE *e); static RAND_METHOD padlock_rand; /* Cipher Stuff */ +#ifndef OPENSSL_NO_AES static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); +#endif /* Engine names */ static const char *padlock_id = "padlock"; @@ -138,7 +149,9 @@ static char padlock_name[100]; /* Available features */ static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ static int padlock_use_rng = 0; /* Random Number Generator */ +#ifndef OPENSSL_NO_AES static int padlock_aes_align_required = 1; +#endif /* ===== Engine "management" functions ===== */ @@ -154,7 +167,8 @@ padlock_bind_helper(ENGINE *e) #endif /* Generate a nice engine name with available features */ - snprintf(padlock_name, sizeof(padlock_name), "VIA PadLock (%s, %s)", + BIO_snprintf(padlock_name, sizeof(padlock_name), + "VIA PadLock (%s, %s)", padlock_use_rng ? "RNG" : "no-RNG", padlock_use_ace ? "ACE" : "no-ACE"); @@ -163,8 +177,9 @@ padlock_bind_helper(ENGINE *e) !ENGINE_set_name(e, padlock_name) || !ENGINE_set_init_function(e, padlock_init) || - +#ifndef OPENSSL_NO_AES (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || +#endif (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { return 0; } @@ -222,6 +237,7 @@ IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn); /* ===== Here comes the "real" engine ===== */ +#ifndef OPENSSL_NO_AES /* Some AES-related constants */ #define AES_BLOCK_SIZE 16 #define AES_KEY_SIZE_128 16 @@ -241,10 +257,12 @@ struct padlock_cipher_data union { unsigned int pad[4]; struct { int rounds:4; - int algo:3; - int keygen:1; + int dgst:1; /* n/a in C3 */ + int align:1; /* n/a in C3 */ + int ciphr:1; /* n/a in C3 */ + unsigned int keygen:1; int interm:1; - int encdec:1; + unsigned int encdec:1; int ksize:2; } b; } cword; /* Control word */ @@ -258,6 +276,7 @@ struct padlock_cipher_data * so we accept the penatly... */ static volatile struct padlock_cipher_data *padlock_saved_context; +#endif /* * ======================================================= @@ -349,18 +368,20 @@ padlock_available(void) return padlock_use_ace + padlock_use_rng; } +#ifndef OPENSSL_NO_AES /* Our own htonl()/ntohl() */ static inline void padlock_bswapl(AES_KEY *ks) { size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); - unsigned long *key = ks->rd_key; + unsigned int *key = ks->rd_key; while (i--) { asm volatile ("bswapl %0" : "+r"(*key)); key++; } } +#endif /* Force key reload from memory to the CPU microcode. Loading EFLAGS from the stack clears EFLAGS[30] @@ -371,6 +392,7 @@ padlock_reload_key(void) asm volatile ("pushfl; popfl"); } +#ifndef OPENSSL_NO_AES /* * This is heuristic key context tracing. At first one * believes that one should use atomic swap instructions, @@ -385,14 +407,14 @@ padlock_verify_context(struct padlock_cipher_data *cdata) { asm volatile ( "pushfl\n" -" bt $30,(%%esp)\n" +" btl $30,(%%esp)\n" " jnc 1f\n" -" cmp %2,%1\n" +" cmpl %2,%1\n" " je 1f\n" -" mov %2,%0\n" " popfl\n" -" sub $4,%%esp\n" -"1: add $4,%%esp" +" subl $4,%%esp\n" +"1: addl $4,%%esp\n" +" movl %2,%0" :"+m"(padlock_saved_context) : "r"(padlock_saved_context), "r"(cdata) : "cc"); } @@ -420,10 +442,11 @@ static inline void *name(size_t cnt, \ } /* Generate all functions with appropriate opcodes */ -PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8"); /* rep xcryptecb */ -PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0"); /* rep xcryptcbc */ -PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0"); /* rep xcryptcfb */ -PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8"); /* rep xcryptofb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ +#endif /* The RNG call itself */ static inline unsigned int @@ -439,6 +462,29 @@ padlock_xstore(void *addr, unsigned int edx_in) return eax_out; } +/* Why not inline 'rep movsd'? I failed to find information on what + * value in Direction Flag one can expect and consequently have to + * apply "better-safe-than-sorry" approach and assume "undefined." + * I could explicitly clear it and restore the original value upon + * return from padlock_aes_cipher, but it's presumably too much + * trouble for too little gain... + * + * In case you wonder 'rep xcrypt*' instructions above are *not* + * affected by the Direction Flag and pointers advance toward + * larger addresses unconditionally. + */ +static inline unsigned char * +padlock_memcpy(void *dst,const void *src,size_t n) +{ + long *d=dst; + const long *s=src; + + n /= sizeof(*d); + do { *d++ = *s++; } while (--n); + + return dst; +} + #elif defined(_MSC_VER) /* * Unlike GCC these are real functions. In order to minimize impact @@ -492,10 +538,10 @@ padlock_verify_context(void *cdata) jnc skip cmp ecx,padlock_saved_context je skip - mov padlock_saved_context,ecx popfd sub esp,4 skip: add esp,4 + mov padlock_saved_context,ecx } } @@ -563,9 +609,15 @@ padlock_bswapl(void *key) popfd } } + +/* MS actually specifies status of Direction Flag and compiler even + * manages to compile following as 'rep movsd' all by itself... + */ +#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) #endif /* ===== AES encryption/decryption ===== */ +#ifndef OPENSSL_NO_AES #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) #define NID_aes_128_cfb NID_aes_128_cfb128 @@ -600,13 +652,13 @@ static int padlock_cipher_nids[] = { NID_aes_192_ecb, NID_aes_192_cbc, -// NID_aes_192_cfb, /* FIXME: AES192/256 CFB/OFB don't work. */ -// NID_aes_192_ofb, + NID_aes_192_cfb, + NID_aes_192_ofb, NID_aes_256_ecb, NID_aes_256_cbc, -// NID_aes_256_cfb, -// NID_aes_256_ofb, + NID_aes_256_cfb, + NID_aes_256_ofb, }; static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ sizeof(padlock_cipher_nids[0])); @@ -615,19 +667,24 @@ static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int nbytes); + const unsigned char *in, size_t nbytes); -#define NEAREST_ALIGNED(ptr) ( (char *)(ptr) + \ +#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) #define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ NEAREST_ALIGNED(ctx->cipher_data)) +#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_OFB 1 +#define EVP_CIPHER_block_size_CFB 1 + /* Declaring so many ciphers by hand would be a pain. Instead introduce a bit of preprocessor magic :-) */ #define DECLARE_AES_EVP(ksize,lmode,umode) \ static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ NID_aes_##ksize##_##lmode, \ - AES_BLOCK_SIZE, \ + EVP_CIPHER_block_size_##umode, \ AES_KEY_SIZE_##ksize, \ AES_BLOCK_SIZE, \ 0 | EVP_CIPH_##umode##_MODE, \ @@ -729,7 +786,10 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, memset(cdata, 0, sizeof(struct padlock_cipher_data)); /* Prepare Control word. */ - cdata->cword.b.encdec = (ctx->encrypt == 0); + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) + cdata->cword.b.encdec = 0; + else + cdata->cword.b.encdec = (ctx->encrypt == 0); cdata->cword.b.rounds = 10 + (key_len - 128) / 32; cdata->cword.b.ksize = (key_len - 128) / 64; @@ -749,14 +809,16 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, and is listed as hardware errata. They most likely will fix it at some point and then a check for stepping would be due here. */ - if (enc) + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || + EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || + enc) AES_set_encrypt_key(key, key_len, &cdata->ks); else AES_set_decrypt_key(key, key_len, &cdata->ks); - - /* OpenSSL internal functions use byte-swapped extended key. */ +#ifndef AES_ASM + /* OpenSSL C functions use byte-swapped extended key. */ padlock_bswapl(&cdata->ks); - +#endif cdata->cword.b.keygen = 1; break; @@ -824,7 +886,7 @@ padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, } #ifndef PADLOCK_CHUNK -# define PADLOCK_CHUNK 4096 /* Must be a power of 2 larger than 16 */ +# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ #endif #if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) # error "insane PADLOCK_CHUNK..." @@ -838,20 +900,68 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, { struct padlock_cipher_data *cdata; const void *inp; - char *out; + unsigned char *out; void *iv; int inp_misaligned, out_misaligned, realign_in_loop; size_t chunk, allocated=0; + /* ctx->num is maintained in byte-oriented modes, + such as CFB and OFB... */ + if ((chunk = ctx->num)) { /* borrow chunk variable */ + unsigned char *ivp=ctx->iv; + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_CFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + if (ctx->encrypt) + while (chunknum = chunk%AES_BLOCK_SIZE; + break; + case EVP_CIPH_OFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + while (chunknum = chunk%AES_BLOCK_SIZE; + break; + } + } + if (nbytes == 0) return 1; +#if 0 if (nbytes % AES_BLOCK_SIZE) return 0; /* are we expected to do tail processing? */ +#else + /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC + modes and arbitrary value in byte-oriented modes, such as + CFB and OFB... */ +#endif /* VIA promises CPUs that won't require alignment in the future. For now padlock_aes_align_required is initialized to 1 and the condition is never met... */ - if (!padlock_aes_align_required) + /* C7 core is capable to manage unaligned input in non-ECB[!] + mode, but performance penalties appear to be approximately + same as for software alignment below or ~3x. They promise to + improve it in the future, but for now we can just as well + pretend that it can only handle aligned input... */ + if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0) return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); inp_misaligned = (((size_t)in_arg) & 0x0F); @@ -863,7 +973,7 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, * in order to improve L1 cache utilization... */ realign_in_loop = out_misaligned|inp_misaligned; - if (!realign_in_loop) + if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0) return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); /* this takes one "if" out of the loops */ @@ -887,7 +997,7 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, case EVP_CIPH_ECB_MODE: do { if (inp_misaligned) - inp = memcpy(out, in_arg, chunk&~3); + inp = padlock_memcpy(out, in_arg, chunk); else inp = in_arg; in_arg += chunk; @@ -895,7 +1005,7 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp); if (out_misaligned) - out_arg = (char *)memcpy(out_arg, out, chunk&~3) + chunk; + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; else out = out_arg+=chunk; @@ -913,7 +1023,7 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, chunk = PADLOCK_CHUNK; cbc_shortcut: /* optimize for small input */ if (inp_misaligned) - inp = memcpy(out, in_arg, chunk&~3); + inp = padlock_memcpy(out, in_arg, chunk); else inp = in_arg; in_arg += chunk; @@ -921,7 +1031,7 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp); if (out_misaligned) - out_arg = (char *)memcpy(out_arg, out, chunk&~3) + chunk; + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; else out = out_arg+=chunk; @@ -930,15 +1040,17 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, break; case EVP_CIPH_CFB_MODE: - memcpy (cdata->iv, ctx->iv, AES_BLOCK_SIZE); - goto cfb_shortcut; + memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); + chunk &= ~(AES_BLOCK_SIZE-1); + if (chunk) goto cfb_shortcut; + else goto cfb_skiploop; do { if (iv != cdata->iv) memcpy(cdata->iv, iv, AES_BLOCK_SIZE); chunk = PADLOCK_CHUNK; cfb_shortcut: /* optimize for small input */ if (inp_misaligned) - inp = memcpy(out, in_arg, chunk&~3); + inp = padlock_memcpy(out, in_arg, chunk); else inp = in_arg; in_arg += chunk; @@ -946,19 +1058,53 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp); if (out_misaligned) - out_arg = (char *)memcpy(out_arg, out, chunk&~3) + chunk; + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; else out = out_arg+=chunk; - } while (nbytes -= chunk); + nbytes -= chunk; + } while (nbytes >= AES_BLOCK_SIZE); + + cfb_skiploop: + if (nbytes) { + unsigned char *ivp = cdata->iv; + + if (iv != ivp) { + memcpy(ivp, iv, AES_BLOCK_SIZE); + iv = ivp; + } + ctx->num = nbytes; + if (cdata->cword.b.encdec) { + cdata->cword.b.encdec=0; + padlock_reload_key(); + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + cdata->cword.b.encdec=1; + padlock_reload_key(); + while(nbytes) { + unsigned char c = *(in_arg++); + *(out_arg++) = c ^ *ivp; + *(ivp++) = c, nbytes--; + } + } + else { padlock_reload_key(); + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + padlock_reload_key(); + while (nbytes) { + *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + } + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); break; case EVP_CIPH_OFB_MODE: memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); - do { + chunk &= ~(AES_BLOCK_SIZE-1); + if (chunk) do { if (inp_misaligned) - inp = memcpy(out, in_arg, chunk&~3); + inp = padlock_memcpy(out, in_arg, chunk); else inp = in_arg; in_arg += chunk; @@ -966,13 +1112,27 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp); if (out_misaligned) - out_arg = (char *)memcpy(out_arg, out, chunk&~3) + chunk; + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; else out = out_arg+=chunk; nbytes -= chunk; chunk = PADLOCK_CHUNK; - } while (nbytes); + } while (nbytes >= AES_BLOCK_SIZE); + + if (nbytes) { + unsigned char *ivp = cdata->iv; + + ctx->num = nbytes; + padlock_reload_key(); /* empirically found */ + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + padlock_reload_key(); /* empirically found */ + while (nbytes) { + *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); break; @@ -992,6 +1152,8 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, return 1; } +#endif /* OPENSSL_NO_AES */ + /* ===== Random Number Generator ===== */ /* * This code is not engaged. The reason is that it does not comply diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/openssl/crypto/engine/eng_pkey.c index 8c69171..bc8b21a 100644 --- a/crypto/openssl/crypto/engine/eng_pkey.c +++ b/crypto/openssl/crypto/engine/eng_pkey.c @@ -53,10 +53,7 @@ * */ -#include -#include "cryptlib.h" #include "eng_int.h" -#include /* Basic get/set stuff */ diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c index c69a84a..a83c389 100644 --- a/crypto/openssl/crypto/engine/eng_table.c +++ b/crypto/openssl/crypto/engine/eng_table.c @@ -52,49 +52,31 @@ * */ +#include "cryptlib.h" #include -#include +#include #include "eng_int.h" -/* This is the type of item in the 'implementation' table. Each 'nid' hashes to - * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE* - * pointers. These pointers aren't references, because they're inserted and - * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs - * that *exist* (ie. have a structural reference count greater than zero) rather - * than ENGINEs that are *functional*. Each pointer in those stacks are to - * ENGINEs that implements the algorithm corresponding to each 'nid'. */ - /* The type of the items in the table */ typedef struct st_engine_pile { - /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents - * */ + /* The 'nid' of this algorithm/mode */ int nid; - /* A stack of ENGINE pointers for ENGINEs that support this - * algorithm/mode. In the event that 'funct' is NULL, the first entry in - * this stack that initialises will be set as 'funct' and assumed as the - * default for operations of this type. */ + /* ENGINEs that implement this algorithm/mode. */ STACK_OF(ENGINE) *sk; /* The default ENGINE to perform this algorithm/mode. */ ENGINE *funct; - /* This value optimises engine_table_select(). If it is called it sets - * this value to 1. Any changes to this ENGINE_PILE resets it to zero. - * As such, no ENGINE_init() thrashing is done unless ENGINEs - * continually register (and/or unregister). */ + /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */ int uptodate; } ENGINE_PILE; -/* The type of the hash table of ENGINE_PILE structures such that each are - * unique and keyed by the 'nid' value. */ +/* The type exposed in eng_int.h */ struct st_engine_table { LHASH piles; }; /* ENGINE_TABLE */ -/* This value stores global options controlling behaviour of (mostly) the - * engine_table_select() function. It's a bitmask of flag values of the form - * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the - * ENGINE_[get|set]_table_flags() function. */ +/* Global flags (ENGINE_TABLE_FLAG_***). */ static unsigned int table_flags = 0; /* API function manipulating 'table_flags' */ @@ -121,10 +103,8 @@ static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) static int int_table_check(ENGINE_TABLE **t, int create) { LHASH *lh; - if(*t) - return 1; - if(!create) - return 0; + if(*t) return 1; + if(!create) return 0; if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), LHASH_COMP_FN(engine_pile_cmp))) == NULL) return 0; @@ -154,9 +134,8 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if(!fnd) { fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); - if(!fnd) - goto end; - fnd->uptodate = 1; + if(!fnd) goto end; + fnd->uptodate = 0; fnd->nid = *nids; fnd->sk = sk_ENGINE_new_null(); if(!fnd->sk) @@ -164,7 +143,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, OPENSSL_free(fnd); goto end; } - fnd->funct= NULL; + fnd->funct = NULL; lh_insert(&(*table)->piles, fnd); } /* A registration shouldn't add duplciate entries */ @@ -173,7 +152,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if(!sk_ENGINE_push(fnd->sk, e)) goto end; /* "touch" this ENGINE_PILE */ - fnd->uptodate = 0; + fnd->uptodate = 1; if(setdefault) { if(!engine_unlocked_init(e)) @@ -201,7 +180,7 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) { sk_ENGINE_delete(pile->sk, n); /* "touch" this ENGINE_CIPHER */ - pile->uptodate = 0; + pile->uptodate = 1; } if(pile->funct == e) { @@ -239,9 +218,7 @@ void engine_table_cleanup(ENGINE_TABLE **table) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); } -/* Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given cipher 'nid' */ +/* return a functional reference for a given 'nid' */ #ifndef ENGINE_TABLE_DEBUG ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) #else @@ -252,25 +229,21 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in ENGINE_PILE tmplate, *fnd=NULL; int initres, loop = 0; - /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no - * ENGINEs have registered any implementations! */ if(!(*table)) { #ifdef ENGINE_TABLE_DEBUG - fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " - "registered for anything!\n", f, l, nid); + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " + "registered!\n", f, l, nid); #endif return NULL; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); /* Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a fprintf(stderr). */ - if(!int_table_check(table, 0)) - goto end; + if(!int_table_check(table, 0)) goto end; tmplate.nid = nid; fnd = lh_retrieve(&(*table)->piles, &tmplate); - if(!fnd) - goto end; + if(!fnd) goto end; if(fnd->funct && engine_unlocked_init(fnd->funct)) { #ifdef ENGINE_TABLE_DEBUG @@ -296,34 +269,19 @@ trynext: #endif goto end; } -#if 0 - /* Don't need to get a reference if we hold the lock. If the locking has - * to change in future, that would be different ... */ - ret->struct_ref++; engine_ref_debug(ret, 0, 1) -#endif - /* Try and initialise the ENGINE if it's already functional *or* if the - * ENGINE_TABLE_FLAG_NOINIT flag is not set. */ + /* Try to initialise the ENGINE? */ if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) initres = engine_unlocked_init(ret); else initres = 0; -#if 0 - /* Release the structural reference */ - ret->struct_ref--; engine_ref_debug(ret, 0, -1); -#endif if(initres) { - /* If we didn't have a default (functional reference) for this - * 'nid' (or we had one but for whatever reason we're now - * initialising a different one), use this opportunity to set - * 'funct'. */ + /* Update 'funct' */ if((fnd->funct != ret) && engine_unlocked_init(ret)) { /* If there was a previous default we release it. */ if(fnd->funct) engine_unlocked_finish(fnd->funct, 0); - /* We got an extra functional reference for the - * per-'nid' default */ fnd->funct = ret; #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " @@ -338,13 +296,9 @@ trynext: } goto trynext; end: - /* Whatever happened - we should "untouch" our uptodate file seeing as - * we have tried our best to find a functional reference for 'nid'. If - * it failed, it is unlikely to succeed again until some future - * registrations (or unregistrations) have taken place that affect that - * 'nid'. */ - if(fnd) - fnd->uptodate = 1; + /* If it failed, it is unlikely to succeed again until some future + * registrations have taken place. In all cases, we cache. */ + if(fnd) fnd->uptodate = 1; #ifdef ENGINE_TABLE_DEBUG if(ret) fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h index 900f75c..3ec5933 100644 --- a/crypto/openssl/crypto/engine/engine.h +++ b/crypto/openssl/crypto/engine/engine.h @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H @@ -65,7 +70,7 @@ #error ENGINE is disabled. #endif -#include +#ifndef OPENSSL_NO_DEPRECATED #include #ifndef OPENSSL_NO_RSA #include @@ -76,34 +81,36 @@ #ifndef OPENSSL_NO_DH #include #endif +#ifndef OPENSSL_NO_ECDH +#include +#endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif #include +#include #include -#include #include +#endif + +#include +#include #ifdef __cplusplus extern "C" { #endif -/* Fixups for missing algorithms */ -#ifdef OPENSSL_NO_RSA -typedef void RSA_METHOD; -#endif -#ifdef OPENSSL_NO_DSA -typedef void DSA_METHOD; -#endif -#ifdef OPENSSL_NO_DH -typedef void DH_METHOD; -#endif - /* These flags are used to control combinations of algorithm (methods) * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 #define ENGINE_METHOD_DSA (unsigned int)0x0002 #define ENGINE_METHOD_DH (unsigned int)0x0004 #define ENGINE_METHOD_RAND (unsigned int)0x0008 +#define ENGINE_METHOD_ECDH (unsigned int)0x0010 +#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -173,9 +180,15 @@ typedef void DH_METHOD; handles/connections etc. */ #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ /* These control commands allow an application to deal with an arbitrary engine * in a dynamic way. Warn: Negative return values indicate errors FOR THESE @@ -222,7 +235,7 @@ typedef void DH_METHOD; /* ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -#define ENGINE_CMD_BASE 200 +#define ENGINE_CMD_BASE 200 /* NB: These 2 nCipher "chil" control commands are deprecated, and their * functionality is now available through ENGINE-specific control commands @@ -257,11 +270,11 @@ typedef struct ENGINE_CMD_DEFN_st } ENGINE_CMD_DEFN; /* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR)(); +typedef int (*ENGINE_GEN_FUNC_PTR)(void); /* Generic function pointer taking no arguments */ typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); /* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); /* Generic load_key function pointer */ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, UI_METHOD *ui_method, void *callback_data); @@ -305,15 +318,21 @@ ENGINE *ENGINE_by_id(const char *id); /* Add all the built-in engines. */ void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); -void ENGINE_load_cswift(void); -void ENGINE_load_chil(void); +#ifndef OPENSSL_NO_STATIC_ENGINE +void ENGINE_load_4758cca(void); +void ENGINE_load_aep(void); void ENGINE_load_atalla(void); +void ENGINE_load_chil(void); +void ENGINE_load_cswift(void); +#ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +#endif void ENGINE_load_nuron(void); -void ENGINE_load_ubsec(void); -void ENGINE_load_aep(void); void ENGINE_load_sureware(void); -void ENGINE_load_4758cca(void); +void ENGINE_load_ubsec(void); +#endif void ENGINE_load_cryptodev(void); +void ENGINE_load_padlock(void); void ENGINE_load_builtin_engines(void); /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation @@ -337,6 +356,14 @@ int ENGINE_register_DSA(ENGINE *e); void ENGINE_unregister_DSA(ENGINE *e); void ENGINE_register_all_DSA(void); +int ENGINE_register_ECDH(ENGINE *e); +void ENGINE_unregister_ECDH(ENGINE *e); +void ENGINE_register_all_ECDH(void); + +int ENGINE_register_ECDSA(ENGINE *e); +void ENGINE_unregister_ECDSA(ENGINE *e); +void ENGINE_register_all_ECDSA(void); + int ENGINE_register_DH(ENGINE *e); void ENGINE_unregister_DH(ENGINE *e); void ENGINE_register_all_DH(void); @@ -345,6 +372,10 @@ int ENGINE_register_RAND(ENGINE *e); void ENGINE_unregister_RAND(ENGINE *e); void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + int ENGINE_register_ciphers(ENGINE *e); void ENGINE_unregister_ciphers(ENGINE *e); void ENGINE_register_all_ciphers(void); @@ -367,7 +398,7 @@ int ENGINE_register_all_complete(void); * reference to an engine, but many control commands may require the engine be * functional. The caller should be aware of trying commands that require an * operational ENGINE, and only use functional references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* This function tests if an ENGINE-specific command is usable as a "setting". * Eg. in an application's config file that gets processed through @@ -380,7 +411,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to * use the cmd_name and cmd_optional. */ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional); + long i, void *p, void (*f)(void), int cmd_optional); /* This function passes a command-name and argument to an ENGINE. The cmd_name * is converted to a command number and the control command is called using @@ -417,8 +448,11 @@ int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); +int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -429,11 +463,11 @@ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); -/* These functions (and the "get" function lower down) allow control over any - * per-structure ENGINE data. */ +/* These functions allow control over any per-structure ENGINE data. */ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); /* This function cleans up anything that needs it. Eg. the ENGINE_add() function * automatically ensures the list cleanup function is registered to be called @@ -449,8 +483,11 @@ const char *ENGINE_get_id(const ENGINE *e); const char *ENGINE_get_name(const ENGINE *e); const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -463,7 +500,6 @@ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); int ENGINE_get_flags(const ENGINE *e); -void *ENGINE_get_ex_data(const ENGINE *e, int idx); /* FUNCTIONAL functions. These functions deal with ENGINE structures * that have (or will) be initialised for use. Broadly speaking, the @@ -501,6 +537,8 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, ENGINE *ENGINE_get_default_RSA(void); /* Same for the other "methods" */ ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); /* These functions can be used to get a functional reference to perform @@ -516,6 +554,8 @@ int ENGINE_set_default_RSA(ENGINE *e); int ENGINE_set_default_string(ENGINE *e, const char *def_list); /* Same for the other "methods" */ int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_ECDH(ENGINE *e); +int ENGINE_set_default_ECDSA(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); @@ -538,17 +578,20 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure * type provides the calling application's (or library's) error functionality * and memory management function pointers to the loaded library. These should * be used/set in the loaded library code so that the loading application's - * 'state' will be used/changed in all operations. */ + * 'state' will be used/changed in all operations. The 'static_state' pointer + * allows the loaded library to know if it shares the same static data as the + * calling application (or library), and thus whether these callbacks need to be + * set or not. */ typedef void *(*dyn_MEM_malloc_cb)(size_t); typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); typedef void (*dyn_MEM_free_cb)(void *); @@ -576,6 +619,7 @@ typedef struct st_dynamic_LOCK_fns { } dynamic_LOCK_fns; /* The top-level structure */ typedef struct st_dynamic_fns { + void *static_state; const ERR_FNS *err_fns; const CRYPTO_EX_DATA_IMPL *ex_data_fns; dynamic_MEM_fns mem_fns; @@ -593,7 +637,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ - unsigned long v_check(unsigned long v) { \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -615,24 +659,35 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ - if (ERR_get_implementation() != fns->err_fns) \ - { \ - if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ - fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ - return 0; \ - CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ - CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ - CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ - CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ - CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ - if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ - return 0; \ - if(!ERR_set_implementation(fns->err_fns)) return 0; \ - } \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ + fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ + return 0; \ + CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ + CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ + CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ + CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ + CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ + if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ + return 0; \ + if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ if(!fn(e,id)) return 0; \ return 1; } +/* If the loading application (or library) and the loaded ENGINE library share + * the same static data (eg. they're both dynamically linked to the same + * libcrypto.so) we need a way to avoid trying to set system callbacks - this + * would fail, and for the same reason that it's unnecessary to try. If the + * loaded ENGINE has (or gets from through the loader) its own copy of the + * libcrypto static data, we will need to set the callbacks. The easiest way to + * detect this is to have a function that returns a pointer to some static data + * and let the loading application and loaded ENGINE compare their respective + * values. */ +void *ENGINE_get_static_state(void); + #if defined(__OpenBSD__) || defined(__FreeBSD__) void ENGINE_setup_bsd_cryptodev(void); #endif @@ -649,6 +704,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_DYNAMIC_CTRL 180 #define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 #define ENGINE_F_DYNAMIC_LOAD 182 +#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 #define ENGINE_F_ENGINE_ADD 105 #define ENGINE_F_ENGINE_BY_ID 106 #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 @@ -656,7 +712,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_CTRL_CMD 178 #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 #define ENGINE_F_ENGINE_FINISH 107 -#define ENGINE_F_ENGINE_FREE 108 +#define ENGINE_F_ENGINE_FREE_UTIL 108 #define ENGINE_F_ENGINE_GET_CIPHER 185 #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 #define ENGINE_F_ENGINE_GET_DIGEST 186 @@ -667,7 +723,6 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -#define ENGINE_F_ENGINE_MODULE_INIT 187 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 @@ -676,11 +731,12 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 #define ENGINE_F_ENGINE_UP_REF 190 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_INT_ENGINE_CONFIGURE 188 +#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 #define ENGINE_F_LOG_MESSAGE 141 -#define ENGINE_F_SET_DATA_CTX 183 /* Reason codes. */ #define ENGINE_R_ALREADY_LOADED 100 diff --git a/crypto/openssl/crypto/engine/enginetest.c b/crypto/openssl/crypto/engine/enginetest.c index c2d0297..cf82f49 100644 --- a/crypto/openssl/crypto/engine/enginetest.c +++ b/crypto/openssl/crypto/engine/enginetest.c @@ -72,7 +72,7 @@ int main(int argc, char *argv[]) #include #include -static void display_engine_list() +static void display_engine_list(void) { ENGINE *h; int loop; diff --git a/crypto/openssl/crypto/engine/tb_cipher.c b/crypto/openssl/crypto/engine/tb_cipher.c index 50b3cec..177fc1f 100644 --- a/crypto/openssl/crypto/engine/tb_cipher.c +++ b/crypto/openssl/crypto/engine/tb_cipher.c @@ -52,8 +52,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_cipher_engine(), the function that diff --git a/crypto/openssl/crypto/engine/tb_dh.c b/crypto/openssl/crypto/engine/tb_dh.c index e290e17..6e9d428 100644 --- a/crypto/openssl/crypto/engine/tb_dh.c +++ b/crypto/openssl/crypto/engine/tb_dh.c @@ -52,8 +52,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_DH(), the function that is diff --git a/crypto/openssl/crypto/engine/tb_digest.c b/crypto/openssl/crypto/engine/tb_digest.c index e82d2a1..d3f4bb2 100644 --- a/crypto/openssl/crypto/engine/tb_digest.c +++ b/crypto/openssl/crypto/engine/tb_digest.c @@ -52,8 +52,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_digest_engine(), the function that diff --git a/crypto/openssl/crypto/engine/tb_dsa.c b/crypto/openssl/crypto/engine/tb_dsa.c index 8017059..e4674f5 100644 --- a/crypto/openssl/crypto/engine/tb_dsa.c +++ b/crypto/openssl/crypto/engine/tb_dsa.c @@ -52,8 +52,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_DSA(), the function that is @@ -94,7 +92,7 @@ int ENGINE_set_default_DSA(ENGINE *e) { if(e->dsa_meth) return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 1); return 1; } diff --git a/crypto/openssl/crypto/engine/tb_ecdh.c b/crypto/openssl/crypto/engine/tb_ecdh.c new file mode 100644 index 0000000..59977f7 --- /dev/null +++ b/crypto/openssl/crypto/engine/tb_ecdh.c @@ -0,0 +1,133 @@ +/* crypto/engine/tb_ecdh.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH engine software is originally written by Nils Gura and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is + * used by ECDH to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_ECDH_DEBUG */ + +static ENGINE_TABLE *ecdh_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_ECDH(ENGINE *e) + { + engine_table_unregister(&ecdh_table, e); + } + +static void engine_unregister_all_ECDH(void) + { + engine_table_cleanup(&ecdh_table); + } + +int ENGINE_register_ECDH(ENGINE *e) + { + if(e->ecdh_meth) + return engine_table_register(&ecdh_table, + engine_unregister_all_ECDH, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_ECDH() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_ECDH(e); + } + +int ENGINE_set_default_ECDH(ENGINE *e) + { + if(e->ecdh_meth) + return engine_table_register(&ecdh_table, + engine_unregister_all_ECDH, e, &dummy_nid, 1, 0); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_ECDH(void) + { + return engine_table_select(&ecdh_table, dummy_nid); + } + +/* Obtains an ECDH implementation from an ENGINE functional reference */ +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e) + { + return e->ecdh_meth; + } + +/* Sets an ECDH implementation in an ENGINE structure */ +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth) + { + e->ecdh_meth = ecdh_meth; + return 1; + } diff --git a/crypto/openssl/crypto/engine/tb_ecdsa.c b/crypto/openssl/crypto/engine/tb_ecdsa.c new file mode 100644 index 0000000..e30b02e --- /dev/null +++ b/crypto/openssl/crypto/engine/tb_ecdsa.c @@ -0,0 +1,118 @@ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is + * used by ECDSA to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_ECDSA_DEBUG */ + +static ENGINE_TABLE *ecdsa_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_ECDSA(ENGINE *e) + { + engine_table_unregister(&ecdsa_table, e); + } + +static void engine_unregister_all_ECDSA(void) + { + engine_table_cleanup(&ecdsa_table); + } + +int ENGINE_register_ECDSA(ENGINE *e) + { + if(e->ecdsa_meth) + return engine_table_register(&ecdsa_table, + engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_ECDSA() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_ECDSA(e); + } + +int ENGINE_set_default_ECDSA(ENGINE *e) + { + if(e->ecdsa_meth) + return engine_table_register(&ecdsa_table, + engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_ECDSA(void) + { + return engine_table_select(&ecdsa_table, dummy_nid); + } + +/* Obtains an ECDSA implementation from an ENGINE functional reference */ +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e) + { + return e->ecdsa_meth; + } + +/* Sets an ECDSA implementation in an ENGINE structure */ +int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth) + { + e->ecdsa_meth = ecdsa_meth; + return 1; + } diff --git a/crypto/openssl/crypto/engine/tb_rand.c b/crypto/openssl/crypto/engine/tb_rand.c index 69b6711..f36f67c 100644 --- a/crypto/openssl/crypto/engine/tb_rand.c +++ b/crypto/openssl/crypto/engine/tb_rand.c @@ -52,8 +52,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_RAND(), the function that is diff --git a/crypto/openssl/crypto/engine/tb_rsa.c b/crypto/openssl/crypto/engine/tb_rsa.c index fee4867..fbc707f 100644 --- a/crypto/openssl/crypto/engine/tb_rsa.c +++ b/crypto/openssl/crypto/engine/tb_rsa.c @@ -52,8 +52,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_RSA(), the function that is diff --git a/crypto/openssl/crypto/engine/tb_store.c b/crypto/openssl/crypto/engine/tb_store.c new file mode 100644 index 0000000..8cc435c --- /dev/null +++ b/crypto/openssl/crypto/engine/tb_store.c @@ -0,0 +1,123 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is + * used by STORE to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_STORE_DEBUG */ + +static ENGINE_TABLE *store_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_STORE(ENGINE *e) + { + engine_table_unregister(&store_table, e); + } + +static void engine_unregister_all_STORE(void) + { + engine_table_cleanup(&store_table); + } + +int ENGINE_register_STORE(ENGINE *e) + { + if(e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_STORE() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_STORE(e); + } + +/* The following two functions are removed because they're useless. */ +#if 0 +int ENGINE_set_default_STORE(ENGINE *e) + { + if(e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 1); + return 1; + } +#endif + +#if 0 +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_STORE(void) + { + return engine_table_select(&store_table, dummy_nid); + } +#endif + +/* Obtains an STORE implementation from an ENGINE functional reference */ +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) + { + return e->store_meth; + } + +/* Sets an STORE implementation in an ENGINE structure */ +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) + { + e->store_meth = store_meth; + return 1; + } diff --git a/crypto/openssl/crypto/err/Makefile b/crypto/openssl/crypto/err/Makefile index 10a69fc..23e3840 100644 --- a/crypto/openssl/crypto/err/Makefile +++ b/crypto/openssl/crypto/err/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/err/Makefile +# OpenSSL/crypto/err/Makefile # DIR= err @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -81,38 +78,32 @@ err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c -err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -err_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err.o: ../cryptlib.h err.c +err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -err_all.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -err_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -err_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -err_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h err_all.o: err_all.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err_prn.o: ../cryptlib.h err_prn.c +err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c index 0f518f4..72e3f3a 100644 --- a/crypto/openssl/crypto/err/err.c +++ b/crypto/openssl/crypto/err/err.c @@ -112,9 +112,9 @@ #include #include #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" #include #include #include @@ -149,7 +149,6 @@ static ERR_STRING_DATA ERR_str_libraries[]= {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, -{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, {0,NULL}, }; @@ -209,6 +208,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, {ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, {ERR_R_INTERNAL_ERROR ,"internal error"}, +{ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, {0,NULL}, }; @@ -541,7 +541,7 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; * will be returned for SYSerr(), which always gets an errno * value and never one of those 'standard' reason codes. */ -static void build_SYS_str_reasons() +static void build_SYS_str_reasons(void) { /* OPENSSL_malloc cannot be used here, use static storage instead */ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; @@ -582,13 +582,24 @@ static void build_SYS_str_reasons() #endif #define err_clear_data(p,i) \ + do { \ if (((p)->err_data[i] != NULL) && \ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ { \ OPENSSL_free((p)->err_data[i]); \ (p)->err_data[i]=NULL; \ } \ - (p)->err_data_flags[i]=0; + (p)->err_data_flags[i]=0; \ + } while(0) + +#define err_clear(p,i) \ + do { \ + (p)->err_flags[i]=0; \ + (p)->err_buffer[i]=0; \ + err_clear_data(p,i); \ + (p)->err_file[i]=NULL; \ + (p)->err_line[i]= -1; \ + } while(0) static void ERR_STATE_free(ERR_STATE *s) { @@ -620,7 +631,8 @@ static void err_load_strings(int lib, ERR_STRING_DATA *str) { while (str->error) { - str->error|=ERR_PACK(lib,0,0); + if (lib) + str->error|=ERR_PACK(lib,0,0); ERRFN(err_set_item)(str); str++; } @@ -636,7 +648,8 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str) { while (str->error) { - str->error|=ERR_PACK(lib,0,0); + if (lib) + str->error|=ERR_PACK(lib,0,0); ERRFN(err_del_item)(str); str++; } @@ -679,6 +692,7 @@ void ERR_put_error(int lib, int func, int reason, const char *file, es->top=(es->top+1)%ERR_NUM_ERRORS; if (es->top == es->bottom) es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; + es->err_flags[es->top]=0; es->err_buffer[es->top]=ERR_PACK(lib,func,reason); es->err_file[es->top]=file; es->err_line[es->top]=line; @@ -694,10 +708,7 @@ void ERR_clear_error(void) for (i=0; ierr_buffer[i]=0; - err_clear_data(es,i); - es->err_file[i]=NULL; - es->err_line[i]= -1; + err_clear(es,i); } es->top=es->bottom=0; } @@ -934,7 +945,7 @@ static unsigned long err_hash(const void *a_void) { unsigned long ret,l; - l=((ERR_STRING_DATA *)a_void)->error; + l=((const ERR_STRING_DATA *)a_void)->error; ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); return(ret^ret%19*13); } @@ -942,21 +953,21 @@ static unsigned long err_hash(const void *a_void) /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ static int err_cmp(const void *a_void, const void *b_void) { - return((int)(((ERR_STRING_DATA *)a_void)->error - - ((ERR_STRING_DATA *)b_void)->error)); + return((int)(((const ERR_STRING_DATA *)a_void)->error - + ((const ERR_STRING_DATA *)b_void)->error)); } /* static unsigned long pid_hash(ERR_STATE *a) */ static unsigned long pid_hash(const void *a_void) { - return(((ERR_STATE *)a_void)->pid*13); + return(((const ERR_STATE *)a_void)->pid*13); } /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ static int pid_cmp(const void *a_void, const void *b_void) { - return((int)((long)((ERR_STATE *)a_void)->pid - - (long)((ERR_STATE *)b_void)->pid)); + return((int)((long)((const ERR_STATE *)a_void)->pid - + (long)((const ERR_STATE *)b_void)->pid)); } void ERR_remove_state(unsigned long pid) @@ -1066,7 +1077,7 @@ void ERR_add_error_data(int num, ...) else str=p; } - BUF_strlcat(str,a,s+1); + BUF_strlcat(str,a,(size_t)s+1); } } ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); @@ -1074,3 +1085,33 @@ void ERR_add_error_data(int num, ...) err: va_end(args); } + +int ERR_set_mark(void) + { + ERR_STATE *es; + + es=ERR_get_state(); + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]|=ERR_FLAG_MARK; + return 1; + } + +int ERR_pop_to_mark(void) + { + ERR_STATE *es; + + es=ERR_get_state(); + + while(es->bottom != es->top + && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) + { + err_clear(es,es->top); + es->top-=1; + if (es->top == -1) es->top=ERR_NUM_ERRORS-1; + } + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]&=~ERR_FLAG_MARK; + return 1; + } diff --git a/crypto/openssl/crypto/err/err.h b/crypto/openssl/crypto/err/err.h index 723c1f5..b723cd9 100644 --- a/crypto/openssl/crypto/err/err.h +++ b/crypto/openssl/crypto/err/err.h @@ -59,11 +59,14 @@ #ifndef HEADER_ERR_H #define HEADER_ERR_H +#include + #ifndef OPENSSL_NO_FP_API #include #include #endif +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -86,10 +89,13 @@ extern "C" { #define ERR_TXT_MALLOCED 0x01 #define ERR_TXT_STRING 0x02 +#define ERR_FLAG_MARK 0x01 + #define ERR_NUM_ERRORS 16 typedef struct err_state_st { unsigned long pid; + int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; int err_data_flags[ERR_NUM_ERRORS]; @@ -131,7 +137,9 @@ typedef struct err_state_st #define ERR_LIB_OCSP 39 #define ERR_LIB_UI 40 #define ERR_LIB_COMP 41 -#define ERR_LIB_FIPS 42 +#define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 #define ERR_LIB_USER 128 @@ -160,7 +168,9 @@ typedef struct err_state_st #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) -#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) +#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) +#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -213,6 +223,9 @@ typedef struct err_state_st #define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ +#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ +#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 @@ -227,6 +240,7 @@ typedef struct err_state_st #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +#define ERR_R_DISABLED (5|ERR_R_FATAL) /* 99 is the maximum possible ERR_R_... code, higher values * are reserved for the individual libraries */ @@ -285,8 +299,11 @@ void ERR_release_err_state_table(LHASH **hash); int ERR_get_next_error_library(void); -/* This opaque type encapsulates the low-level error-state functions */ -typedef struct st_ERR_FNS ERR_FNS; +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + +/* Already defined in ossl_typ.h */ +/* typedef struct st_ERR_FNS ERR_FNS; */ /* An application can use this function and provide the return value to loaded * modules that should use the application's ERR state/functionality */ const ERR_FNS *ERR_get_implementation(void); diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c index 4dc9300..bfb4c1a 100644 --- a/crypto/openssl/crypto/err/err_all.c +++ b/crypto/openssl/crypto/err/err_all.c @@ -73,6 +73,12 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#ifndef OPENSSL_NO_ECDH +#include +#endif #include #include #include @@ -85,9 +91,9 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include #include #include -#include void ERR_load_crypto_strings(void) { @@ -118,6 +124,12 @@ void ERR_load_crypto_strings(void) #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); #endif +#ifndef OPENSSL_NO_ECDSA + ERR_load_ECDSA_strings(); +#endif +#ifndef OPENSSL_NO_ECDH + ERR_load_ECDH_strings(); +#endif /* skip ERR_load_SSL_strings() because it is not in this library */ ERR_load_BIO_strings(); ERR_load_PKCS7_strings(); @@ -131,7 +143,4 @@ void ERR_load_crypto_strings(void) ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif -#ifdef OPENSSL_FIPS - ERR_load_FIPS_strings(); -#endif } diff --git a/crypto/openssl/crypto/err/err_prn.c b/crypto/openssl/crypto/err/err_prn.c index 81e34bd..2224a90 100644 --- a/crypto/openssl/crypto/err/err_prn.c +++ b/crypto/openssl/crypto/err/err_prn.c @@ -57,9 +57,9 @@ */ #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" #include #include @@ -86,7 +86,12 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), #ifndef OPENSSL_NO_FP_API static int print_fp(const char *str, size_t len, void *fp) { - return fprintf((FILE *)fp, "%s", str); + BIO bio; + + BIO_set(&bio,BIO_s_file()); + BIO_set_fp(&bio,fp,BIO_NOCLOSE); + + return BIO_printf(&bio, "%s", str); } void ERR_print_errors_fp(FILE *fp) { diff --git a/crypto/openssl/crypto/err/openssl.ec b/crypto/openssl/crypto/err/openssl.ec index 447a7f8..64200fc 100644 --- a/crypto/openssl/crypto/err/openssl.ec +++ b/crypto/openssl/crypto/err/openssl.ec @@ -27,7 +27,10 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c -L FIPS fips/fips.h fips/fips_err.h +L COMP crypto/comp/comp.h crypto/comp/comp_err.c +L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c +L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c +L STORE crypto/store/store.h crypto/store/str_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/openssl/crypto/evp/Makefile b/crypto/openssl/crypto/evp/Makefile index afe41fc..b4f4487 100644 --- a/crypto/openssl/crypto/evp/Makefile +++ b/crypto/openssl/crypto/evp/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/evp/Makefile +# OpenSSL/crypto/evp/Makefile # DIR= evp @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -28,7 +23,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ e_rc4.c e_aes.c names.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ - m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \ + m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -40,7 +35,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ e_rc4.o e_aes.o names.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ - m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \ + m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ @@ -74,7 +69,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -89,6 +85,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: @@ -100,977 +97,541 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -bio_b64.o: ../../e_os.h ../../include/openssl/aes.h -bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -bio_b64.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -bio_b64.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h +bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_b64.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -bio_b64.o: ../cryptlib.h bio_b64.c -bio_enc.o: ../../e_os.h ../../include/openssl/aes.h -bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -bio_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -bio_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c +bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h +bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -bio_enc.o: ../cryptlib.h bio_enc.c -bio_md.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -bio_md.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -bio_md.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -bio_md.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c +bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_md.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -bio_md.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -bio_md.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -bio_md.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -bio_md.o: ../../include/openssl/ui_compat.h ../cryptlib.h bio_md.c -bio_ok.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -bio_ok.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -bio_ok.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -bio_ok.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_md.o: ../cryptlib.h bio_md.c +bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -bio_ok.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -bio_ok.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_ok.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -bio_ok.o: ../cryptlib.h bio_ok.c -c_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -c_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c +c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -c_all.o: ../../include/openssl/ui_compat.h ../cryptlib.h c_all.c -c_allc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -c_allc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_allc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -c_allc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -c_allc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -c_allc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -c_allc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c +c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h +c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -c_allc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c -c_alld.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -c_alld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_alld.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -c_alld.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -c_alld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -c_alld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -c_alld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_allc.o: ../cryptlib.h c_allc.c +c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h +c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -c_alld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c -digest.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -digest.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -digest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_alld.o: ../cryptlib.h c_alld.c +digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -digest.o: ../../include/openssl/ui_compat.h ../cryptlib.h digest.c +digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +digest.o: ../../include/openssl/symhacks.h ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_aes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_aes.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -e_aes.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -e_aes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_aes.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -e_aes.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -e_aes.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -e_aes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -e_aes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_aes.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_aes.c +e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c e_aes.o: evp_locl.h -e_bf.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_bf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_bf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_bf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_bf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_bf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_bf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_bf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h +e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_bf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_bf.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_bf.c evp_locl.h -e_cast.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_cast.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_cast.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_cast.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_cast.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_cast.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h +e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h +e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_cast.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_cast.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_cast.c evp_locl.h -e_des.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_des.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_des.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h +e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_des.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_des.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_des.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h -e_des3.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_des3.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_des3.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_des3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_des3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h -e_idea.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_idea.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_idea.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_idea.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_idea.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_idea.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_idea.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_idea.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_idea.c evp_locl.h -e_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h +e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c -e_old.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_old.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_old.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -e_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -e_old.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -e_old.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -e_old.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_old.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -e_old.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -e_old.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -e_old.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -e_old.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -e_old.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -e_old.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_old.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_old.c -e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_rc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_rc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_null.o: ../cryptlib.h e_null.c +e_old.o: e_old.c +e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_rc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_rc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_rc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_rc2.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc2.c evp_locl.h -e_rc4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_rc4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_rc4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_rc4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h +e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h +e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_rc4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_rc4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c -e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_rc5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_rc5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h +e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c +e_rc5.o: ../../e_os.h ../../include/openssl/bio.h +e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -e_rc5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -e_rc5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_rc5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_rc5.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc5.c evp_locl.h -e_xcbc_d.o: ../../e_os.h ../../include/openssl/aes.h -e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c +e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h +e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -e_xcbc_d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_xcbc_d.o: ../../include/openssl/opensslconf.h +e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_xcbc_d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -e_xcbc_d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c -encode.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -encode.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -encode.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -encode.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -encode.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -encode.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -encode.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -encode.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -encode.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -encode.o: ../../include/openssl/ui_compat.h ../cryptlib.h encode.c -evp_acnf.o: ../../e_os.h ../../include/openssl/aes.h -evp_acnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_acnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +encode.o: ../cryptlib.h encode.c +evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h +evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_acnf.o: ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c -evp_enc.o: ../../e_os.h ../../include/openssl/aes.h -evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -evp_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -evp_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c +evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h +evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h -evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -evp_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -evp_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h -evp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -evp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -evp_err.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -evp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_enc.c evp_locl.h +evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -evp_err.o: evp_err.c -evp_key.o: ../../e_os.h ../../include/openssl/aes.h -evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -evp_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -evp_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_err.o: ../../include/openssl/symhacks.h evp_err.c +evp_key.o: ../../e_os.h ../../include/openssl/asn1.h +evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_key.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c -evp_lib.o: ../../e_os.h ../../include/openssl/aes.h -evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -evp_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -evp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h +evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -evp_lib.o: ../cryptlib.h evp_lib.c -evp_pbe.o: ../../e_os.h ../../include/openssl/aes.h -evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -evp_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -evp_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c +evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h +evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_pbe.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c -evp_pkey.o: ../../e_os.h ../../include/openssl/aes.h -evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -evp_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_pbe.o: ../cryptlib.h evp_pbe.c +evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_pkey.o: ../../include/openssl/opensslconf.h evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -evp_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -evp_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c -m_dss.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_dss.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_dss.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_dss.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_dss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_dss.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_dss.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_dss.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_dss.o: ../cryptlib.h m_dss.c -m_dss1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_dss1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_dss1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_dss1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_dss1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_dss1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_dss1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_dss1.o: ../cryptlib.h m_dss1.c -m_md2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_md2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_md2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_md2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_md2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h +m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_ecdsa.o: ../cryptlib.h m_ecdsa.c +m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_md2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_md2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md2.o: ../cryptlib.h m_md2.c -m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_md4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_md4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_md4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_md4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_md4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md4.o: ../cryptlib.h m_md4.c -m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_md5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_md5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_md5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_md5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_md5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md5.o: ../cryptlib.h m_md5.c -m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_mdc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c +m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h +m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c +m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h +m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c +m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h +m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_mdc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_mdc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_mdc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_mdc2.o: ../cryptlib.h m_mdc2.c -m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c +m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_null.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_null.o: ../cryptlib.h m_null.c -m_ripemd.o: ../../e_os.h ../../include/openssl/aes.h -m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -m_ripemd.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -m_ripemd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c +m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h +m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h m_ripemd.o: ../../include/openssl/opensslconf.h m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_ripemd.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_ripemd.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -m_ripemd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_ripemd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_ripemd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_ripemd.o: ../cryptlib.h m_ripemd.c -m_sha.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_sha.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_sha.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_sha.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_sha.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_sha.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_sha.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h +m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c +m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_sha.o: ../cryptlib.h m_sha.c -m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_sha1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -m_sha1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_sha1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -m_sha1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h m_sha1.o: ../cryptlib.h m_sha1.c -names.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -names.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -names.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -names.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -names.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -names.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -names.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -names.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -names.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +names.o: ../../include/openssl/err.h ../../include/openssl/evp.h +names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -names.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -names.o: ../cryptlib.h names.c -p5_crpt.o: ../../e_os.h ../../include/openssl/aes.h -p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p5_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p5_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c +p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h +p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p5_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c -p5_crpt2.o: ../../e_os.h ../../include/openssl/aes.h -p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p5_crpt2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p5_crpt2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h -p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_crpt.o: ../cryptlib.h p5_crpt.c +p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h +p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p5_crpt2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p5_crpt2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p5_crpt2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_crpt2.o: ../cryptlib.h p5_crpt2.c -p_dec.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -p_dec.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_dec.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p_dec.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p_dec.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p_dec.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p_dec.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c +p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p_dec.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c -p_enc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -p_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p_enc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c -p_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +p_lib.o: ../../e_os.h ../../include/openssl/asn1.h p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -p_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c -p_open.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -p_open.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_open.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p_open.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p_open.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p_open.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p_open.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p_open.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_open.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h p_open.o: ../cryptlib.h p_open.c -p_seal.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -p_seal.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_seal.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p_seal.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p_seal.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p_seal.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p_seal.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c -p_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -p_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_sign.o: ../cryptlib.h p_sign.c -p_verify.o: ../../e_os.h ../../include/openssl/aes.h -p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c +p_verify.o: ../../e_os.h ../../include/openssl/asn1.h +p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p_verify.o: ../../include/openssl/opensslconf.h p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_verify.o: ../cryptlib.h p_verify.c +p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c index 33349c2..fa5cbc7 100644 --- a/crypto/openssl/crypto/evp/bio_b64.c +++ b/crypto/openssl/crypto/evp/bio_b64.c @@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/openssl/crypto/evp/bio_enc.c index ab81851..f6ac94c 100644 --- a/crypto/openssl/crypto/evp/bio_enc.c +++ b/crypto/openssl/crypto/evp/bio_enc.c @@ -71,7 +71,7 @@ static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) -#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH +#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) typedef struct enc_struct { @@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c; } */ -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, - unsigned char *i, int e) +void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int e) { BIO_ENC_CTX *ctx; diff --git a/crypto/openssl/crypto/evp/bio_md.c b/crypto/openssl/crypto/evp/bio_md.c index e4a4d66..76ff9fe 100644 --- a/crypto/openssl/crypto/evp/bio_md.c +++ b/crypto/openssl/crypto/evp/bio_md.c @@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl) { if (ret > 0) { - EVP_DigestUpdate(ctx,(unsigned char *)in, + EVP_DigestUpdate(ctx,(const unsigned char *)in, (unsigned int)ret); } } @@ -200,12 +200,6 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) else ret=0; break; - case BIO_C_SET_MD_CTX: - if (b->init) - b->ptr=ptr; - else - ret=0; - break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); ret=BIO_ctrl(b->next_bio,cmd,num,ptr); diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c index 4e3f101..98bc1ab 100644 --- a/crypto/openssl/crypto/evp/bio_ok.c +++ b/crypto/openssl/crypto/evp/bio_ok.c @@ -119,6 +119,7 @@ #include #include +#include #include "cryptlib.h" #include #include @@ -141,22 +142,12 @@ static void block_in(BIO* b); #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." -#ifndef L_ENDIAN -#define swapem(x) \ - ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ - (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ - (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ - (((unsigned long int)(x) & 0xff000000U) >> 24))) -#else -#define swapem(x) (x) -#endif - typedef struct ok_struct { - int buf_len; - int buf_off; - int buf_len_save; - int buf_off_save; + size_t buf_len; + size_t buf_off; + size_t buf_len_save; + size_t buf_off_save; int cont; /* <= 0 when finished */ int finished; EVP_MD_CTX md; @@ -295,6 +286,8 @@ static int ok_write(BIO *b, const char *in, int inl) int ret=0,n,i; BIO_OK_CTX *ctx; + if (inl <= 0) return inl; + ctx=(BIO_OK_CTX *)b->ptr; ret=inl; @@ -330,7 +323,7 @@ static int ok_write(BIO *b, const char *in, int inl) if ((in == NULL) || (inl <= 0)) return(0); n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? - OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl; + (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl; memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); ctx->buf_len+= n; @@ -448,16 +441,18 @@ static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } -static void longswap(void *_ptr, int len) -{ -#ifndef L_ENDIAN - int i; - char *ptr=_ptr; +static void longswap(void *_ptr, size_t len) +{ const union { long one; char little; } is_endian = {1}; - for(i= 0;i < len;i+= 4){ - *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i]))); + if (is_endian.little) { + size_t i; + unsigned char *p=_ptr,c; + + for(i= 0;i < len;i+= 4) { + c=p[0],p[0]=p[3],p[3]=c; + c=p[1],p[1]=p[2],p[2]=c; + } } -#endif } static void sig_out(BIO* b) @@ -496,7 +491,7 @@ static void sig_in(BIO* b) ctx=b->ptr; md=&ctx->md; - if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; + if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; EVP_DigestInit_ex(md, md->digest, NULL); memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); @@ -533,9 +528,10 @@ static void block_out(BIO* b) md=&ctx->md; tl= ctx->buf_len- OK_BLOCK_BLOCK; - tl= swapem(tl); - memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); - tl= swapem(tl); + ctx->buf[0]=(unsigned char)(tl>>24); + ctx->buf[1]=(unsigned char)(tl>>16); + ctx->buf[2]=(unsigned char)(tl>>8); + ctx->buf[3]=(unsigned char)(tl); EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; @@ -546,14 +542,18 @@ static void block_in(BIO* b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - long tl= 0; + unsigned long tl= 0; unsigned char tmp[EVP_MAX_MD_SIZE]; ctx=b->ptr; md=&ctx->md; - memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK); - tl= swapem(tl); + assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */ + tl =ctx->buf[0]; tl<<=8; + tl|=ctx->buf[1]; tl<<=8; + tl|=ctx->buf[2]; tl<<=8; + tl|=ctx->buf[3]; + if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); diff --git a/crypto/openssl/crypto/evp/c_all.c b/crypto/openssl/crypto/evp/c_all.c index fa60a73..a5da52e 100644 --- a/crypto/openssl/crypto/evp/c_all.c +++ b/crypto/openssl/crypto/evp/c_all.c @@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void) void OPENSSL_add_all_algorithms_noconf(void) { + /* + * For the moment OPENSSL_cpuid_setup does something + * only on IA-32, but we reserve the option for all + * platforms... + */ + OPENSSL_cpuid_setup(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/openssl/crypto/evp/c_alld.c b/crypto/openssl/crypto/evp/c_alld.c index be91cdb..d270b0e 100644 --- a/crypto/openssl/crypto/evp/c_alld.c +++ b/crypto/openssl/crypto/evp/c_alld.c @@ -75,7 +75,7 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif -#ifndef OPENSSL_NO_SHA +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); @@ -91,6 +91,9 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif +#ifndef OPENSSL_NO_ECDSA + EVP_add_digest(EVP_ecdsa()); +#endif #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); @@ -100,4 +103,12 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); #endif +#ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); +#endif +#ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); +#endif } diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c index 0623ddf..762e6d3 100644 --- a/crypto/openssl/crypto/evp/digest.c +++ b/crypto/openssl/crypto/evp/digest.c @@ -159,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } } @@ -173,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if(!d) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private digest definition */ @@ -189,7 +189,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else if(!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); return 0; } #endif @@ -208,9 +208,9 @@ skip_to_init: } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, - unsigned int count) + size_t count) { - return ctx->digest->update(ctx,data,(unsigned long)count); + return ctx->digest->update(ctx,data,count); } /* The caller can assume that this removes any secret data from the context */ @@ -251,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) unsigned char *tmp_buf; if ((in == NULL) || (in->digest == NULL)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); return 0; } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; } #endif @@ -285,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) return 1; } -int EVP_Digest(void *data, unsigned int count, +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX ctx; diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c index 9844d7f..bd6c0a3 100644 --- a/crypto/openssl/crypto/evp/e_aes.c +++ b/crypto/openssl/crypto/evp/e_aes.c @@ -48,10 +48,12 @@ * */ +#include #ifndef OPENSSL_NO_AES #include #include #include +#include #include #include "evp_locl.h" diff --git a/crypto/openssl/crypto/evp/e_bf.c b/crypto/openssl/crypto/evp/e_bf.c index e743375..cc224e5 100644 --- a/crypto/openssl/crypto/evp/e_bf.c +++ b/crypto/openssl/crypto/evp/e_bf.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_BF #include #include "cryptlib.h" +#ifndef OPENSSL_NO_BF #include #include "evp_locl.h" #include diff --git a/crypto/openssl/crypto/evp/e_cast.c b/crypto/openssl/crypto/evp/e_cast.c index 3400fef..d77bcd9 100644 --- a/crypto/openssl/crypto/evp/e_cast.c +++ b/crypto/openssl/crypto/evp/e_cast.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_CAST - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_CAST #include #include #include "evp_locl.h" diff --git a/crypto/openssl/crypto/evp/e_des.c b/crypto/openssl/crypto/evp/e_des.c index f2554ec..8563236 100644 --- a/crypto/openssl/crypto/evp/e_des.c +++ b/crypto/openssl/crypto/evp/e_des.c @@ -63,9 +63,11 @@ #include #include "evp_locl.h" #include +#include static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ @@ -127,26 +129,48 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - 0, des_init_key, NULL, + EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des_ctrl) -BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,0,des_init_key,NULL, +BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, + EVP_CIPH_RAND_KEY, des_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv,des_ctrl) -BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,0,des_init_key,NULL, +BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, + EVP_CIPH_RAND_KEY,des_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv,des_ctrl) static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - +#ifdef EVP_CHECK_DES_KEY + if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) + return 0; +#else DES_set_key_unchecked(deskey,ctx->cipher_data); +#endif return 1; } +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + switch(type) + { + case EVP_CTRL_RAND_KEY: + if (RAND_bytes(ptr, 8) <= 0) + return 0; + DES_set_odd_parity((DES_cblock *)ptr); + return 1; + + default: + return -1; + } + } + #endif diff --git a/crypto/openssl/crypto/evp/e_des3.c b/crypto/openssl/crypto/evp/e_des3.c index b462d7c..ac148ef 100644 --- a/crypto/openssl/crypto/evp/e_des3.c +++ b/crypto/openssl/crypto/evp/e_des3.c @@ -63,6 +63,7 @@ #include #include "evp_locl.h" #include +#include static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); @@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + typedef struct { DES_key_schedule ks1;/* key schedule */ @@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt(in + i,out + i, + DES_ecb3_encrypt((const_DES_cblock *)(in + i), + (DES_cblock *)(out + i), &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); @@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - 0, des_ede_init_key, NULL, + EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher @@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - 0, des_ede3_init_key, NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des3_ctrl) -BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0, - des_ede3_init_key,NULL, +BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv, + des3_ctrl) -BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0, - des_ede3_init_key,NULL, +BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv, + des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - +#ifdef EVP_CHECK_DES_KEY + if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) + !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) + return 0; +#else DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); +#endif memcpy(&data(ctx)->ks3,&data(ctx)->ks1, sizeof(data(ctx)->ks1)); return 1; @@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } #endif /* KSSL_DEBUG */ +#ifdef EVP_CHECK_DES_KEY + if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) + || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) + || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) + return 0; +#else DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); - +#endif return 1; } +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + DES_cblock *deskey = ptr; + + switch(type) + { + case EVP_CTRL_RAND_KEY: + if (RAND_bytes(ptr, c->key_len) <= 0) + return 0; + DES_set_odd_parity(deskey); + if (c->key_len >= 16) + DES_set_odd_parity(deskey + 1); + if (c->key_len >= 24) + DES_set_odd_parity(deskey + 2); + return 1; + + default: + return -1; + } + } + const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; diff --git a/crypto/openssl/crypto/evp/e_idea.c b/crypto/openssl/crypto/evp/e_idea.c index b9efa75..48c33a7 100644 --- a/crypto/openssl/crypto/evp/e_idea.c +++ b/crypto/openssl/crypto/evp/e_idea.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_IDEA - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_IDEA #include #include #include "evp_locl.h" diff --git a/crypto/openssl/crypto/evp/e_null.c b/crypto/openssl/crypto/evp/e_null.c index 2420d7e..5205259 100644 --- a/crypto/openssl/crypto/evp/e_null.c +++ b/crypto/openssl/crypto/evp/e_null.c @@ -76,6 +76,7 @@ static const EVP_CIPHER n_cipher= 0, NULL, NULL, + NULL, NULL }; @@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { if (in != out) - memcpy((char *)out,(char *)in,(int)inl); + memcpy((char *)out,(const char *)in,(size_t)inl); return 1; } diff --git a/crypto/openssl/crypto/evp/e_old.c b/crypto/openssl/crypto/evp/e_old.c index 4f21736..1642af4 100644 --- a/crypto/openssl/crypto/evp/e_old.c +++ b/crypto/openssl/crypto/evp/e_old.c @@ -56,6 +56,10 @@ * */ +#ifdef OPENSSL_NO_DEPRECATED +static void *dummy = &dummy; +#else + #include /* Define some deprecated functions, so older programs @@ -66,43 +70,56 @@ #ifndef OPENSSL_NO_BF #undef EVP_bf_cfb +const EVP_CIPHER *EVP_bf_cfb(void); const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } #endif #ifndef OPENSSL_NO_DES #undef EVP_des_cfb +const EVP_CIPHER *EVP_des_cfb(void); const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } #undef EVP_des_ede3_cfb +const EVP_CIPHER *EVP_des_ede3_cfb(void); const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } #undef EVP_des_ede_cfb +const EVP_CIPHER *EVP_des_ede_cfb(void); const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } #endif #ifndef OPENSSL_NO_IDEA #undef EVP_idea_cfb +const EVP_CIPHER *EVP_idea_cfb(void); const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } #endif #ifndef OPENSSL_NO_RC2 #undef EVP_rc2_cfb +const EVP_CIPHER *EVP_rc2_cfb(void); const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } #endif -#ifndef OPENSSL_NO_CAST5 +#ifndef OPENSSL_NO_CAST #undef EVP_cast5_cfb +const EVP_CIPHER *EVP_cast5_cfb(void); const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } #endif #ifndef OPENSSL_NO_RC5 #undef EVP_rc5_32_12_16_cfb +const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } #endif #ifndef OPENSSL_NO_AES #undef EVP_aes_128_cfb +const EVP_CIPHER *EVP_aes_128_cfb(void); const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } #undef EVP_aes_192_cfb +const EVP_CIPHER *EVP_aes_192_cfb(void); const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } #undef EVP_aes_256_cfb +const EVP_CIPHER *EVP_aes_256_cfb(void); const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } #endif + +#endif diff --git a/crypto/openssl/crypto/evp/e_rc2.c b/crypto/openssl/crypto/evp/e_rc2.c index d42cbfd..d37726f 100644 --- a/crypto/openssl/crypto/evp/e_rc2.c +++ b/crypto/openssl/crypto/evp/e_rc2.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC2 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC2 + #include #include #include "evp_locl.h" @@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i) static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { long num=0; - int i=0,l; + int i=0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof iv); + OPENSSL_assert(l <= sizeof(iv)); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) + if (i != (int)l) return(-1); key_bits =rc2_magic_to_meth((int)num); if (!key_bits) diff --git a/crypto/openssl/crypto/evp/e_rc4.c b/crypto/openssl/crypto/evp/e_rc4.c index d58f507..67af850 100644 --- a/crypto/openssl/crypto/evp/e_rc4.c +++ b/crypto/openssl/crypto/evp/e_rc4.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC4 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC4 + #include #include #include @@ -89,6 +90,7 @@ static const EVP_CIPHER r4_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; @@ -103,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; diff --git a/crypto/openssl/crypto/evp/e_rc5.c b/crypto/openssl/crypto/evp/e_rc5.c index 3c7713b..19a10c6 100644 --- a/crypto/openssl/crypto/evp/e_rc5.c +++ b/crypto/openssl/crypto/evp/e_rc5.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC5 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC5 + #include #include #include "evp_locl.h" diff --git a/crypto/openssl/crypto/evp/e_xcbc_d.c b/crypto/openssl/crypto/evp/e_xcbc_d.c index a6f849e..8832da2 100644 --- a/crypto/openssl/crypto/evp/e_xcbc_d.c +++ b/crypto/openssl/crypto/evp/e_xcbc_d.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_DES + #include #include #include @@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher= sizeof(DESX_CBC_KEY), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL }; diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c index 0820935..5921f0d 100644 --- a/crypto/openssl/crypto/evp/encode.c +++ b/crypto/openssl/crypto/evp/encode.c @@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) } void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) + const unsigned char *in, int inl) { int i,j; unsigned int total=0; *outl=0; if (inl == 0) return; - OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) * 1 for full line */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) + const unsigned char *in, int inl) { int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; unsigned char *d; @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < sizeof ctx->enc_data); + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); d[n++]=tmp; ln++; } @@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* There will never be more than two '=' */ } - if ((v == B64_EOF) || (n >= 64)) + if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) { /* This is needed to work correctly on 64 byte input * lines. We process the line and then need to @@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, if (n > 0) { v=EVP_DecodeBlock(out,d,n); - if (v < 0) { rv=0; goto end; } n=0; + if (v < 0) { rv=0; goto end; } ret+=(v-eof); } else diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index 115878f..116a12f 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -74,48 +74,6 @@ #ifndef OPENSSL_NO_BIO #include #endif -#ifndef OPENSSL_NO_MD2 -#include -#endif -#ifndef OPENSSL_NO_MD4 -#include -#endif -#ifndef OPENSSL_NO_MD5 -#include -#endif -#ifndef OPENSSL_NO_SHA -#include -#endif -#ifndef OPENSSL_NO_RIPEMD -#include -#endif -#ifndef OPENSSL_NO_DES -#include -#endif -#ifndef OPENSSL_NO_RC4 -#include -#endif -#ifndef OPENSSL_NO_RC2 -#include -#endif -#ifndef OPENSSL_NO_RC5 -#include -#endif -#ifndef OPENSSL_NO_BF -#include -#endif -#ifndef OPENSSL_NO_CAST -#include -#endif -#ifndef OPENSSL_NO_IDEA -#include -#endif -#ifndef OPENSSL_NO_MDC2 -#include -#endif -#ifndef OPENSSL_NO_AES -#include -#endif /* #define EVP_RC2_KEY_SIZE 16 @@ -124,7 +82,7 @@ #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 */ -#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ #define EVP_MAX_KEY_LENGTH 32 #define EVP_MAX_IV_LENGTH 16 #define EVP_MAX_BLOCK_LENGTH 32 @@ -133,28 +91,18 @@ /* Default PKCS#5 iteration count */ #define PKCS5_DEFAULT_ITER 2048 -#ifndef OPENSSL_NO_RSA -#include -#endif - -#ifndef OPENSSL_NO_DSA -#include -#endif - -#ifndef OPENSSL_NO_DH -#include -#endif - #include #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 #define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 #define EVP_PKT_SIGN 0x0010 #define EVP_PKT_ENC 0x0020 #define EVP_PKT_EXCH 0x0040 #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef @@ -166,6 +114,7 @@ #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #ifdef __cplusplus extern "C" { @@ -190,6 +139,9 @@ struct evp_pkey_st #ifndef OPENSSL_NO_DH struct dh_st *dh; /* DH */ #endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +#endif } pkey; int save_parameters; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ @@ -275,38 +227,58 @@ struct env_md_st int md_size; unsigned long flags; int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); + int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); int (*final)(EVP_MD_CTX *ctx,unsigned char *md); int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); int (*cleanup)(EVP_MD_CTX *ctx); /* FIXME: prototype these some day */ - int (*sign)(); - int (*verify)(); + int (*sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, void *key); + int (*verify)(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + void *key); int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ } /* EVP_MD */; +typedef int evp_sign_method(int type,const unsigned char *m, + unsigned int m_length,unsigned char *sigret, + unsigned int *siglen, void *key); +typedef int evp_verify_method(int type,const unsigned char *m, + unsigned int m_length,const unsigned char *sigbuf, + unsigned int siglen, void *key); + #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ +#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ + (evp_verify_method *)DSA_verify, \ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ EVP_PKEY_DSA4,0} #else #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method #endif +#ifndef OPENSSL_NO_ECDSA +#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ + (evp_verify_method *)ECDSA_verify, \ + {EVP_PKEY_EC,0,0,0} +#else +#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +#endif + #ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ +#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ + (evp_verify_method *)RSA_verify, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - RSA_sign_ASN1_OCTET_STRING, \ - RSA_verify_ASN1_OCTET_STRING, \ + (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ + (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #else #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method @@ -373,6 +345,8 @@ struct evp_cipher_st #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ #define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +#define EVP_CIPH_RAND_KEY 0x200 /* ctrl() values */ @@ -382,6 +356,7 @@ struct evp_cipher_st #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 typedef struct evp_cipher_info_st { @@ -443,6 +418,11 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, (char *)(dh)) #endif +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +#endif + /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) @@ -499,7 +479,6 @@ void BIO_set_md(BIO *,const EVP_MD *md); #endif #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) -#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) @@ -524,9 +503,9 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, - unsigned int cnt); + size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -int EVP_Digest(void *data, unsigned int count, +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); @@ -534,7 +513,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); -void EVP_set_pw_prompt(char *prompt); +void EVP_set_pw_prompt(const char *prompt); char * EVP_get_pw_prompt(void); int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, @@ -573,43 +552,48 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, EVP_PKEY *pkey); -int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, +int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv); int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + const unsigned char *in,int inl); void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); + const unsigned char *in, int inl); int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, - unsigned char *i, int enc); +void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, + const unsigned char *i, int enc); #endif const EVP_MD *EVP_md_null(void); @@ -627,6 +611,15 @@ const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); +const EVP_MD *EVP_ecdsa(void); +#endif +#ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +#endif +#ifndef OPENSSL_NO_SHA512 +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); #endif #ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); @@ -770,10 +763,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); -int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, - int enc_key_len,EVP_PKEY *private_key); +int EVP_PKEY_decrypt(unsigned char *dec_key, + const unsigned char *enc_key,int enc_key_len, + EVP_PKEY *private_key); int EVP_PKEY_encrypt(unsigned char *enc_key, - unsigned char *key,int key_len,EVP_PKEY *pub_key); + const unsigned char *key,int key_len, + EVP_PKEY *pub_key); int EVP_PKEY_type(int type); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); @@ -794,24 +789,31 @@ struct dh_st; int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); #endif - +#ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +#endif EVP_PKEY * EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *pkey); -EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, + +EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); -EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, +EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); -EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, +EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_CIPHER_type(const EVP_CIPHER *ctx); @@ -828,7 +830,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, + const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, @@ -851,26 +853,31 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ -#define EVP_F_AES_INIT_KEY 129 +#define EVP_F_AES_INIT_KEY 133 #define EVP_F_D2I_PKEY 100 -#define EVP_F_EVP_CIPHERINIT 123 +#define EVP_F_DSAPKEY2PKCS8 134 +#define EVP_F_DSA_PKEY2PKCS8 135 +#define EVP_F_ECDSA_PKEY2PKCS8 129 +#define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -#define EVP_F_EVP_DECRYPTFINAL 101 -#define EVP_F_EVP_DIGESTINIT 128 -#define EVP_F_EVP_ENCRYPTFINAL 127 -#define EVP_F_EVP_MD_CTX_COPY 110 +#define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DIGESTINIT_EX 128 +#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_MD_CTX_COPY_EX 110 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 #define EVP_F_EVP_PBE_CIPHERINIT 116 #define EVP_F_EVP_PKCS82PKEY 111 -#define EVP_F_EVP_PKCS8_SET_BROKEN 112 -#define EVP_F_EVP_PKEY2PKCS8 113 +#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 #define EVP_F_EVP_PKEY_GET1_DH 119 #define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 #define EVP_F_EVP_PKEY_GET1_RSA 121 #define EVP_F_EVP_PKEY_NEW 106 #define EVP_F_EVP_RIJNDAEL 126 @@ -878,11 +885,13 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_PKCS8_SET_BROKEN 112 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 /* Reason codes. */ -#define EVP_R_AES_KEY_SETUP_FAILED 140 +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ASN1_LIB 140 #define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BAD_KEY_LENGTH 137 @@ -899,6 +908,8 @@ void ERR_load_EVP_strings(void); #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +#define EVP_R_EXPECTING_A_EC_KEY 142 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_KEY_LENGTH 130 diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index 8ea5aa9..f0b725d 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include #include +#include #ifndef OPENSSL_NO_ENGINE #include #endif @@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) /* ctx->cipher=NULL; */ } +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) + { + EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + if (ctx) + EVP_CIPHER_CTX_init(ctx); + return ctx; + } int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) @@ -116,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } } @@ -133,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp * control history, is that we should at least * be able to avoid using US mispellings of * "initialisation"? */ - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private cipher definition */ @@ -153,7 +161,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { - EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } } @@ -167,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } } } else if(!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); return 0; } #ifndef OPENSSL_NO_ENGINE @@ -199,7 +207,8 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -286,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; - OPENSSL_assert(bl <= sizeof ctx->buf); + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (i+inl < bl) @@ -332,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl,ret; + int n,ret; + unsigned int i, b, bl; b=ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->buf); @@ -346,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if(bl) { - EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *outl = 0; @@ -368,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int b, fix_len; + int fix_len; + unsigned int b; if (inl == 0) { @@ -421,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,b; - int n; + int i,n; + unsigned int b; *outl=0; b=ctx->cipher->block_size; @@ -430,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if(ctx->buf_len) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *outl = 0; @@ -440,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->buf_len || !ctx->final_used) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > b) + if (n == 0 || n > (int)b) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); } for (i=0; ifinal[--b] != n) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); } } @@ -468,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return(1); } +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) + { + if (ctx) + { + EVP_CIPHER_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } + } + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if (c->cipher != NULL) @@ -531,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } return ret; } + +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) + { + if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) + return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); + if (RAND_bytes(key, ctx->key_len) <= 0) + return 0; + return 1; + } + diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c index be6d442..e854aad 100644 --- a/crypto/openssl/crypto/evp/evp_err.c +++ b/crypto/openssl/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,83 +64,96 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) + static ERR_STRING_DATA EVP_str_functs[]= { -{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, -{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, -{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, -{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, -{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, -{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, -{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, -{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, -{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, -{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, -{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, -{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, -{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, -{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, -{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, -{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, -{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, -{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, -{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, -{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, -{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, -{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, +{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, +{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, +{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, +{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, +{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, +{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, +{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, +{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, +{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, +{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, +{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, +{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, +{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, +{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, +{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, +{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, +{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, +{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, +{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, +{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, {0,NULL} }; static ERR_STRING_DATA EVP_str_reasons[]= { -{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"}, -{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, -{EVP_R_BAD_DECRYPT ,"bad decrypt"}, -{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, -{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, -{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, -{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, -{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, -{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, -{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, -{EVP_R_DECODE_ERROR ,"decode error"}, -{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, -{EVP_R_ENCODE_ERROR ,"encode error"}, -{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, -{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, -{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, -{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, -{EVP_R_INITIALIZATION_ERROR ,"initialization error"}, -{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, -{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, -{EVP_R_IV_TOO_LARGE ,"iv too large"}, -{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, -{EVP_R_MISSING_PARAMETERS ,"missing parameters"}, -{EVP_R_NO_CIPHER_SET ,"no cipher set"}, -{EVP_R_NO_DIGEST_SET ,"no digest set"}, -{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, -{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, -{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, -{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, -{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, -{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, -{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, -{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, -{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, -{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, -{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, -{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, -{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, -{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, -{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, +{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, +{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, +{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, +{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, +{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, +{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, +{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, +{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, +{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, +{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, +{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, +{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, +{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, +{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, +{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, +{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, +{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, +{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, +{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, +{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, +{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, +{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, +{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, +{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, +{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, +{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, +{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, +{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, +{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, +{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"}, +{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"}, +{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"}, +{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"}, +{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, +{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, {0,NULL} }; @@ -154,8 +167,8 @@ void ERR_load_EVP_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); - ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); + ERR_load_strings(0,EVP_str_functs); + ERR_load_strings(0,EVP_str_reasons); #endif } diff --git a/crypto/openssl/crypto/evp/evp_key.c b/crypto/openssl/crypto/evp/evp_key.c index 5f387a9..361ea69 100644 --- a/crypto/openssl/crypto/evp/evp_key.c +++ b/crypto/openssl/crypto/evp/evp_key.c @@ -66,7 +66,7 @@ /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(char *prompt) +void EVP_set_pw_prompt(const char *prompt) { if (prompt == NULL) prompt_string[0]='\0'; @@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, EVP_MD_CTX_init(&c); for (;;) { - EVP_DigestInit_ex(&c,md, NULL); + if (!EVP_DigestInit_ex(&c,md, NULL)) + return 0; if (addmd++) EVP_DigestUpdate(&c,&(md_buf[0]),mds); EVP_DigestUpdate(&c,data,datal); diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/openssl/crypto/evp/evp_lib.c index a63ba19..3621396 100644 --- a/crypto/openssl/crypto/evp/evp_lib.c +++ b/crypto/openssl/crypto/evp/evp_lib.c @@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); else - return -1; + ret=-1; return(ret); } @@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); else - return -1; + ret=-1; return(ret); } int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,l; + int i=0; + unsigned int l; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof c->iv); + OPENSSL_assert(l <= sizeof(c->iv)); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) + if (i != (int)l) return(-1); else if (i > 0) memcpy(c->iv,c->oiv,l); @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,j; + int i=0; + unsigned int j; if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof c->iv); + OPENSSL_assert(j <= sizeof(c->iv)); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c index 91e545a..c26d2de 100644 --- a/crypto/openssl/crypto/evp/evp_pbe.c +++ b/crypto/openssl/crypto/evp/evp_pbe.c @@ -74,7 +74,7 @@ const EVP_MD *md; EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; -int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { @@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, static int pbe_cmp(const char * const *a, const char * const *b) { - EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; + const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, + * const *pbe2 = (const EVP_PBE_CTL * const *)b; return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); } diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/openssl/crypto/evp/evp_pkey.c index eb481ec..0147f3e 100644 --- a/crypto/openssl/crypto/evp/evp_pkey.c +++ b/crypto/openssl/crypto/evp/evp_pkey.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,14 +61,24 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#include #ifndef OPENSSL_NO_DSA static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); #endif +#ifndef OPENSSL_NO_EC +static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); +#endif /* Extract a private key from a PKCS8 structure */ -EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_RSA @@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; + ASN1_TYPE *t1, *t2; ASN1_INTEGER *privkey; - ASN1_TYPE *t1, *t2, *param = NULL; STACK_OF(ASN1_TYPE) *ndsa = NULL; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *eckey = NULL; + const unsigned char *p_tmp; +#endif +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) + ASN1_TYPE *param = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; - unsigned char *p; + const unsigned char *p; const unsigned char *cp; int pkeylen; + int nid; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { @@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) return NULL; } a = p8->pkeyalg; - switch (OBJ_obj2nid(a->algorithm)) + nid = OBJ_obj2nid(a->algorithm); + switch(nid) { #ifndef OPENSSL_NO_RSA case NID_rsaEncryption: @@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) return NULL; break; #endif +#ifndef OPENSSL_NO_EC + case NID_X9_62_id_ecPublicKey: + p_tmp = p; + /* extract the ec parameters */ + param = p8->pkeyalg->parameter; + + if (!param || ((param->type != V_ASN1_SEQUENCE) && + (param->type != V_ASN1_OBJECT))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + if (param->type == V_ASN1_SEQUENCE) + { + cp = p = param->value.sequence->data; + plen = param->value.sequence->length; + + if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, + EVP_R_DECODE_ERROR); + goto ecerr; + } + } + else + { + EC_GROUP *group; + cp = p = param->value.object->data; + plen = param->value.object->length; + + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, + ERR_R_MALLOC_FAILURE); + goto ecerr; + } + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); + if (group == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(eckey, group) == 0) + goto ecerr; + EC_GROUP_free(group); + } + + /* We have parameters now set private key */ + if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + /* calculate public key (if necessary) */ + if (EC_KEY_get0_public_key(eckey) == NULL) + { + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + group = EC_KEY_get0_group(eckey); + pub_key = EC_POINT_new(group); + if (pub_key == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + priv_key = EC_KEY_get0_private_key(eckey); + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (EC_KEY_set_public_key(eckey, pub_key) == 0) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + EC_POINT_free(pub_key); + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + if (ctx) + BN_CTX_free(ctx); + break; +ecerr: + if (ctx) + BN_CTX_free(ctx); + if (eckey) + EC_KEY_free(eckey); + if (pkey) + EVP_PKEY_free(pkey); + return NULL; +#endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); @@ -231,13 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) PKCS8_PRIV_KEY_INFO *p8; if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); return NULL; } p8->broken = broken; - ASN1_INTEGER_set (p8->version, 0); + if (!ASN1_INTEGER_set(p8->version, 0)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } @@ -250,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); p8->pkeyalg->parameter->type = V_ASN1_NULL; - if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, + if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } @@ -267,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!eckey_pkey2pkcs8(p8, pkey)) + { + PKCS8_PRIV_KEY_INFO_free(p8); + return(NULL); + } + break; +#endif default: - EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0); + p8->pkey->value.octet_string->length, 0.0); return p8; } @@ -293,39 +431,43 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) break; default: - EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); + EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); return NULL; - break; - } } #ifndef OPENSSL_NO_DSA static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { - ASN1_STRING *params; - ASN1_INTEGER *prkey; - ASN1_TYPE *ttmp; - STACK_OF(ASN1_TYPE) *ndsa; - unsigned char *p, *q; + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + ASN1_TYPE *ttmp = NULL; + STACK_OF(ASN1_TYPE) *ndsa = NULL; + unsigned char *p = NULL, *q; int len; p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); len = i2d_DSAparams (pkey->pkey.dsa, NULL); if (!(p = OPENSSL_malloc(len))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } q = p; i2d_DSAparams (pkey->pkey.dsa, &q); - params = ASN1_STRING_new(); - ASN1_STRING_set(params, p, len); + if (!(params = ASN1_STRING_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(params, p, len)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } OPENSSL_free(p); + p = NULL; /* Get private key into integer */ if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + goto err; } switch(p8->broken) { @@ -333,15 +475,16 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_OK: case PKCS8_NO_OCTET: - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, + if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free (prkey); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } M_ASN1_INTEGER_free (prkey); + prkey = NULL; p8->pkeyalg->parameter->value.sequence = params; + params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; break; @@ -349,32 +492,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_NS_DB: p8->pkeyalg->parameter->value.sequence = params; + params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); - if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - PKCS8_PRIV_KEY_INFO_free(p8); - return 0; + if (!(ndsa = sk_ASN1_TYPE_new_null())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp->value.integer = + BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + goto err; } ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } - ttmp = ASN1_TYPE_new(); + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.integer = prkey; + prkey = NULL; ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + ttmp = NULL; - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free(prkey); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); break; @@ -382,31 +544,251 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_EMBEDDED_PARAM: p8->pkeyalg->parameter->type = V_ASN1_NULL; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); + if (!(ndsa = sk_ASN1_TYPE_new_null())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.sequence = params; + params = NULL; ttmp->type = V_ASN1_SEQUENCE; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } - ttmp = ASN1_TYPE_new(); + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.integer = prkey; + prkey = NULL; ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + ttmp = NULL; - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free (prkey); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); break; } return 1; +err: + if (p != NULL) OPENSSL_free(p); + if (params != NULL) ASN1_STRING_free(params); + if (prkey != NULL) M_ASN1_INTEGER_free(prkey); + if (ttmp != NULL) ASN1_TYPE_free(ttmp); + if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + return 0; +} +#endif + +#ifndef OPENSSL_NO_EC +static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +{ + EC_KEY *ec_key; + const EC_GROUP *group; + unsigned char *p, *pp; + int nid, i, ret = 0; + unsigned int tmp_flags, old_flags; + + ec_key = pkey->pkey.ec; + if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); + return 0; + } + + /* set the ec parameters OID */ + if (p8->pkeyalg->algorithm) + ASN1_OBJECT_free(p8->pkeyalg->algorithm); + + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); + + /* set the ec parameters */ + + if (p8->pkeyalg->parameter) + { + ASN1_TYPE_free(p8->pkeyalg->parameter); + p8->pkeyalg->parameter = NULL; + } + + if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + { + /* we have a 'named curve' => just set the OID */ + p8->pkeyalg->parameter->type = V_ASN1_OBJECT; + p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); + } + else /* explicit parameters */ + { + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECParameters(ec_key, &pp)) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + if ((p8->pkeyalg->parameter->value.sequence + = ASN1_STRING_new()) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + OPENSSL_free(p); + return 0; + } + ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); + OPENSSL_free(p); + } + + /* set the private key */ + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); + tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; + EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); + i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); + if (!i) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + p = (unsigned char *) OPENSSL_malloc(i); + if (!p) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + /* restore old encoding flags */ + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + + switch(p8->broken) { + + case PKCS8_OK: + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!p8->pkey->value.octet_string || + !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, + (const void *)p, i)) + + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + } + else + ret = 1; + break; + case PKCS8_NO_OCTET: /* RSA specific */ + case PKCS8_NS_DB: /* DSA specific */ + case PKCS8_EMBEDDED_PARAM: /* DSA specific */ + default: + EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + } + OPENSSL_cleanse(p, (size_t)i); + OPENSSL_free(p); + return ret; } #endif + +/* EVP_PKEY attribute functions */ + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key) +{ + return X509at_get_attr_count(key->attributes); +} + +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(key->attributes, nid, lastpos); +} + +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); +} + +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) +{ + return X509at_get_attr(key->attributes, loc); +} + +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) +{ + return X509at_delete_attr(key->attributes, loc); +} + +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&key->attributes, attr)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&key->attributes, obj, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&key->attributes, nid, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&key->attributes, attrname, + type, bytes, len)) return 1; + return 0; +} diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c index a624cfd..3bf8e9a 100644 --- a/crypto/openssl/crypto/evp/evp_test.c +++ b/crypto/openssl/crypto/evp/evp_test.c @@ -52,6 +52,7 @@ #include "../e_os.h" +#include #include #ifndef OPENSSL_NO_ENGINE #include @@ -136,7 +137,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, const unsigned char *plaintext,int pn, const unsigned char *ciphertext,int cn, - int encdec,int multiplier) + int encdec) { EVP_CIPHER_CTX ctx; unsigned char out[4096]; @@ -167,7 +168,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, } EVP_CIPHER_CTX_set_padding(&ctx,0); - if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier)) + if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) { fprintf(stderr,"Encrypt failed\n"); ERR_print_errors_fp(stderr); @@ -180,7 +181,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, test1_exit(7); } - if(outl+outl2 != cn*multiplier) + if(outl+outl2 != cn) { fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", outl+outl2,cn); @@ -206,7 +207,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, } EVP_CIPHER_CTX_set_padding(&ctx,0); - if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier)) + if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) { fprintf(stderr,"Decrypt failed\n"); ERR_print_errors_fp(stderr); @@ -219,7 +220,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, test1_exit(7); } - if(outl+outl2 != cn*multiplier) + if(outl+outl2 != cn) { fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", outl+outl2,cn); @@ -244,7 +245,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, const unsigned char *iv,int in, const unsigned char *plaintext,int pn, const unsigned char *ciphertext,int cn, - int encdec,int multiplier) + int encdec) { const EVP_CIPHER *c; @@ -252,7 +253,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, if(!c) return 0; - test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier); + test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec); return 1; } @@ -368,7 +369,6 @@ int main(int argc,char **argv) unsigned char *iv,*key,*plaintext,*ciphertext; int encdec; int kn,in,pn,cn; - int multiplier=1; if(!fgets((char *)line,sizeof line,f)) break; @@ -393,17 +393,30 @@ int main(int argc,char **argv) pn=convert(plaintext); cn=convert(ciphertext); - if(strchr(cipher,'*')) - { - p=cipher; - sstrsep(&p,"*"); - multiplier=atoi(sstrsep(&p,"*")); - } - - if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec, - multiplier) + if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec) && !test_digest(cipher,plaintext,pn,ciphertext,cn)) { +#ifdef OPENSSL_NO_AES + if (strstr(cipher, "AES") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_DES + if (strstr(cipher, "DES") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_RC4 + if (strstr(cipher, "RC4") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif fprintf(stderr,"Can't find %s\n",cipher); EXIT(3); } diff --git a/crypto/openssl/crypto/evp/evptests.txt b/crypto/openssl/crypto/evp/evptests.txt index dfe91a5..80bd9c7 100644 --- a/crypto/openssl/crypto/evp/evptests.txt +++ b/crypto/openssl/crypto/evp/evptests.txt @@ -92,102 +92,7 @@ AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B - -# CFB1-AES128.Encrypt - -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1 -# all of the above packed into one... -# in: 0110 1011 1100 0001 = 6bc1 -# out: 0110 1000 1011 0011 = 68b3 -AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1 - -# CFB1-AES128.Decrypt -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0 -# all of the above packed into one... -# in: 0110 1000 1011 0011 = 68b3 -# out: 0110 1011 1100 0001 = 6bc1 -AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0 - -# TODO: CFB1-AES192 and 256 - -# CFB8-AES128.Encrypt - -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1 -# all of the above packed into one -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1 - -# CFB8-AES128.Decrypt - -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0 -# all of the above packed into one -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0 - -# TODO: 192 and 256 bit keys - +# We don't support CFB{1,8}-AESxxx.{En,De}crypt # For all CFB128 encrypts and decrypts, the transformed sequence is # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec # CFB128-AES128.Encrypt @@ -269,16 +174,6 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363 # DES EDE3 CBC tests (from destest) DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 -# DES CFB1 from FIPS 81 -# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77 -# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9 - -DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9 - -# DES CFB8 from FIPS 81 - -DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f - # RC4 tests (from rc4test) RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 diff --git a/crypto/openssl/crypto/evp/m_dss.c b/crypto/openssl/crypto/evp/m_dss.c index beb8d7f..a948c77 100644 --- a/crypto/openssl/crypto/evp/m_dss.c +++ b/crypto/openssl/crypto/evp/m_dss.c @@ -61,12 +61,16 @@ #include #include #include +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_SHA + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_dss1.c b/crypto/openssl/crypto/evp/m_dss1.c index f5668eb..c12e139 100644 --- a/crypto/openssl/crypto/evp/m_dss1.c +++ b/crypto/openssl/crypto/evp/m_dss1.c @@ -56,17 +56,22 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include +#ifndef OPENSSL_NO_DSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_ecdsa.c b/crypto/openssl/crypto/evp/m_ecdsa.c new file mode 100644 index 0000000..fad270f --- /dev/null +++ b/crypto/openssl/crypto/evp/m_ecdsa.c @@ -0,0 +1,148 @@ +/* crypto/evp/m_ecdsa.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include +#include + +#ifndef OPENSSL_NO_SHA +static int init(EVP_MD_CTX *ctx) + { return SHA1_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA1_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA1_Final(md,ctx->md_data); } + +static const EVP_MD ecdsa_md= + { + NID_ecdsa_with_SHA1, + NID_ecdsa_with_SHA1, + SHA_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + EVP_PKEY_ECDSA_method, + SHA_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA_CTX), + }; + +const EVP_MD *EVP_ecdsa(void) + { + return(&ecdsa_md); + } +#endif diff --git a/crypto/openssl/crypto/evp/m_md2.c b/crypto/openssl/crypto/evp/m_md2.c index 50914c8..5ce849f 100644 --- a/crypto/openssl/crypto/evp/m_md2.c +++ b/crypto/openssl/crypto/evp/m_md2.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD2 + #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD2_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_md4.c b/crypto/openssl/crypto/evp/m_md4.c index e19b663..1e0b7c5 100644 --- a/crypto/openssl/crypto/evp/m_md4.c +++ b/crypto/openssl/crypto/evp/m_md4.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD4 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD4 + #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD4_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_md5.c b/crypto/openssl/crypto/evp/m_md5.c index b00a03e..63c1421 100644 --- a/crypto/openssl/crypto/evp/m_md5.c +++ b/crypto/openssl/crypto/evp/m_md5.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD5 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD5 + #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD5_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_mdc2.c b/crypto/openssl/crypto/evp/m_mdc2.c index 9f6467c..36c4e9b 100644 --- a/crypto/openssl/crypto/evp/m_mdc2.c +++ b/crypto/openssl/crypto/evp/m_mdc2.c @@ -56,18 +56,21 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MDC2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MDC2 + #include #include #include #include +#include static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MDC2_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_null.c b/crypto/openssl/crypto/evp/m_null.c index f6f0a1d..cb07216 100644 --- a/crypto/openssl/crypto/evp/m_null.c +++ b/crypto/openssl/crypto/evp/m_null.c @@ -65,7 +65,7 @@ static int init(EVP_MD_CTX *ctx) { return 1; } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return 1; } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_ripemd.c b/crypto/openssl/crypto/evp/m_ripemd.c index 6472552..a1d60ee 100644 --- a/crypto/openssl/crypto/evp/m_ripemd.c +++ b/crypto/openssl/crypto/evp/m_ripemd.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RIPEMD #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RIPEMD + #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return RIPEMD160_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_sha.c b/crypto/openssl/crypto/evp/m_sha.c index 10697c7..acccc8f 100644 --- a/crypto/openssl/crypto/evp/m_sha.c +++ b/crypto/openssl/crypto/evp/m_sha.c @@ -56,17 +56,22 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) + #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return SHA_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/crypto/openssl/crypto/evp/m_sha1.c b/crypto/openssl/crypto/evp/m_sha1.c index d6be350..4679b1c 100644 --- a/crypto/openssl/crypto/evp/m_sha1.c +++ b/crypto/openssl/crypto/evp/m_sha1.c @@ -56,17 +56,22 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) @@ -93,3 +98,107 @@ const EVP_MD *EVP_sha1(void) return(&sha1_md); } #endif + +#ifndef OPENSSL_NO_SHA256 +static int init224(EVP_MD_CTX *ctx) + { return SHA224_Init(ctx->md_data); } +static int init256(EVP_MD_CTX *ctx) + { return SHA256_Init(ctx->md_data); } +/* + * Even though there're separate SHA224_[Update|Final], we call + * SHA256 functions even in SHA224 context. This is what happens + * there anyway, so we can spare few CPU cycles:-) + */ +static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA256_Update(ctx->md_data,data,count); } +static int final256(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA256_Final(md,ctx->md_data); } + +static const EVP_MD sha224_md= + { + NID_sha224, + NID_sha224WithRSAEncryption, + SHA224_DIGEST_LENGTH, + 0, + init224, + update256, + final256, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA256_CTX), + }; + +const EVP_MD *EVP_sha224(void) + { return(&sha224_md); } + +static const EVP_MD sha256_md= + { + NID_sha256, + NID_sha256WithRSAEncryption, + SHA256_DIGEST_LENGTH, + 0, + init256, + update256, + final256, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA256_CTX), + }; + +const EVP_MD *EVP_sha256(void) + { return(&sha256_md); } +#endif /* ifndef OPENSSL_NO_SHA256 */ + +#ifndef OPENSSL_NO_SHA512 +static int init384(EVP_MD_CTX *ctx) + { return SHA384_Init(ctx->md_data); } +static int init512(EVP_MD_CTX *ctx) + { return SHA512_Init(ctx->md_data); } +/* See comment in SHA224/256 section */ +static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA512_Update(ctx->md_data,data,count); } +static int final512(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA512_Final(md,ctx->md_data); } + +static const EVP_MD sha384_md= + { + NID_sha384, + NID_sha384WithRSAEncryption, + SHA384_DIGEST_LENGTH, + 0, + init384, + update512, + final512, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA512_CTX), + }; + +const EVP_MD *EVP_sha384(void) + { return(&sha384_md); } + +static const EVP_MD sha512_md= + { + NID_sha512, + NID_sha512WithRSAEncryption, + SHA512_DIGEST_LENGTH, + 0, + init512, + update512, + final512, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA512_CTX), + }; + +const EVP_MD *EVP_sha512(void) + { return(&sha512_md); } +#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/crypto/openssl/crypto/evp/names.c b/crypto/openssl/crypto/evp/names.c index eb9f432..88c1e78 100644 --- a/crypto/openssl/crypto/evp/names.c +++ b/crypto/openssl/crypto/evp/names.c @@ -66,9 +66,9 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; - r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); return(r); } @@ -78,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md) const char *name; name=OBJ_nid2sn(md->type); - r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); + r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); + r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); if (md->type != md->pkey_type) diff --git a/crypto/openssl/crypto/evp/p5_crpt.c b/crypto/openssl/crypto/evp/p5_crpt.c index a1874e8..48d5001 100644 --- a/crypto/openssl/crypto/evp/p5_crpt.c +++ b/crypto/openssl/crypto/evp/p5_crpt.c @@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, int i; PBEPARAM *pbe; int saltlen, iter; - unsigned char *salt, *pbuf; + unsigned char *salt; + const unsigned char *pbuf; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/openssl/crypto/evp/p5_crpt2.c index 1f94e1e..c969d5a 100644 --- a/crypto/openssl/crypto/evp/p5_crpt2.c +++ b/crypto/openssl/crypto/evp/p5_crpt2.c @@ -55,10 +55,10 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include "cryptlib.h" +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include @@ -77,7 +77,7 @@ */ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, + const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out) { unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; @@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; plen = param->value.sequence->length; - if(!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -194,11 +201,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now decode key derivation function */ + if(!pbe2->keyfunc->parameter || + (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) + { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + goto err; + } + pbuf = pbe2->keyfunc->parameter->value.sequence->data; plen = pbe2->keyfunc->parameter->value.sequence->length; - if(!pbe2->keyfunc->parameter || - (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) || - !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { + if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); goto err; } @@ -208,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; diff --git a/crypto/openssl/crypto/evp/p_dec.c b/crypto/openssl/crypto/evp/p_dec.c index 8af6204..f64901f 100644 --- a/crypto/openssl/crypto/evp/p_dec.c +++ b/crypto/openssl/crypto/evp/p_dec.c @@ -66,7 +66,7 @@ #include #include -int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, +int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) { int ret= -1; diff --git a/crypto/openssl/crypto/evp/p_enc.c b/crypto/openssl/crypto/evp/p_enc.c index 656883b..c2dfdc5 100644 --- a/crypto/openssl/crypto/evp/p_enc.c +++ b/crypto/openssl/crypto/evp/p_enc.c @@ -66,7 +66,7 @@ #include #include -int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, +int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) { int ret=0; diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index 215b942..22155ec 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -58,24 +58,60 @@ #include #include "cryptlib.h" +#include +#include #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif static void EVP_PKEY_free_it(EVP_PKEY *x); int EVP_PKEY_bits(EVP_PKEY *pkey) { + if (0) + return 0; #ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) + else if (pkey->type == EVP_PKEY_RSA) return(BN_num_bits(pkey->pkey.rsa->n)); - else #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) + else if (pkey->type == EVP_PKEY_DSA) return(BN_num_bits(pkey->pkey.dsa->p)); #endif +#ifndef OPENSSL_NO_EC + else if (pkey->type == EVP_PKEY_EC) + { + BIGNUM *order = BN_new(); + const EC_GROUP *group; + int ret; + + if (!order) + { + ERR_clear_error(); + return 0; + } + group = EC_KEY_get0_group(pkey->pkey.ec); + if (!EC_GROUP_get_order(group, order, NULL)) + { + ERR_clear_error(); + return 0; + } + + ret = BN_num_bits(order); + BN_free(order); + return ret; + } +#endif return(0); } @@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey) if (pkey->type == EVP_PKEY_DSA) return(DSA_size(pkey->pkey.dsa)); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + return(ECDSA_size(pkey->pkey.ec)); +#endif + return(0); } @@ -107,10 +148,20 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(ret); } #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + int ret = pkey->save_parameters; + + if (mode >= 0) + pkey->save_parameters = mode; + return(ret); + } +#endif return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { @@ -141,12 +192,23 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) to->pkey.dsa->g=a; } #endif +#ifndef OPENSSL_NO_EC + if (to->type == EVP_PKEY_EC) + { + EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) + goto err; + if (EC_KEY_set_group(to->pkey.ec, group) == 0) + goto err; + EC_GROUP_free(group); + } +#endif return(1); err: return(0); } -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) @@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) return(1); } #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + return(1); + } +#endif + return(0); } -int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { #ifndef OPENSSL_NO_DSA if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) @@ -174,9 +244,72 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) return(1); } #endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) + { + const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), + *group_b = EC_KEY_get0_group(b->pkey.ec); + if (EC_GROUP_cmp(group_a, group_b, NULL)) + return 0; + else + return 1; + } +#endif return(-1); } +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (a->type != b->type) + return -1; + + if (EVP_PKEY_cmp_parameters(a, b) == 0) + return 0; + + switch (a->type) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + { + int r; + const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); + const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), + *pb = EC_KEY_get0_public_key(b->pkey.ec); + r = EC_POINT_cmp(group, pa, pb, NULL); + if (r != 0) + { + if (r == 1) + return 0; + else + return -2; + } + } + break; +#endif +#ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + return -2; +#endif + default: + return -2; + } + + return 1; + } + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; @@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) } #endif +#ifndef OPENSSL_NO_EC + +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) +{ + int ret = EVP_PKEY_assign_EC_KEY(pkey,key); + if (ret) + EC_KEY_up_ref(key); + return ret; +} + +EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_EC) + { + EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } + EC_KEY_up_ref(pkey->pkey.ec); + return pkey->pkey.ec; +} +#endif + + #ifndef OPENSSL_NO_DH int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) @@ -282,6 +438,8 @@ int EVP_PKEY_type(int type) return(EVP_PKEY_DSA); case EVP_PKEY_DH: return(EVP_PKEY_DH); + case EVP_PKEY_EC: + return(EVP_PKEY_EC); default: return(NID_undef); } @@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x) } #endif EVP_PKEY_free_it(x); + if (x->attributes) + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); } @@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) DSA_free(x->pkey.dsa); break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + EC_KEY_free(x->pkey.ec); + break; +#endif #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: DH_free(x->pkey.dh); diff --git a/crypto/openssl/crypto/evp/p_open.c b/crypto/openssl/crypto/evp/p_open.c index 5a933d1..9935206 100644 --- a/crypto/openssl/crypto/evp/p_open.c +++ b/crypto/openssl/crypto/evp/p_open.c @@ -56,15 +56,19 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RSA + #include #include #include +#include -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, - int ekl, unsigned char *iv, EVP_PKEY *priv) +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv) { unsigned char *key=NULL; int i,size=0,ret=0; diff --git a/crypto/openssl/crypto/evp/p_seal.c b/crypto/openssl/crypto/evp/p_seal.c index 37e547f..8cc8fcb 100644 --- a/crypto/openssl/crypto/evp/p_seal.c +++ b/crypto/openssl/crypto/evp/p_seal.c @@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek } if ((npubk <= 0) || !pubk) return 1; - if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; if (EVP_CIPHER_CTX_iv_length(ctx)) RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); diff --git a/crypto/openssl/crypto/evp/p_verify.c b/crypto/openssl/crypto/evp/p_verify.c index d854d74..21a40a3 100644 --- a/crypto/openssl/crypto/evp/p_verify.c +++ b/crypto/openssl/crypto/evp/p_verify.c @@ -62,7 +62,7 @@ #include #include -int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c index 5b2e345..8914218 100644 --- a/crypto/openssl/crypto/ex_data.c +++ b/crypto/openssl/crypto/ex_data.c @@ -138,12 +138,8 @@ * */ -#include -#include -#include -#include -#include #include "cryptlib.h" +#include /* What an "implementation of ex_data functionality" looks like */ struct st_CRYPTO_EX_DATA_IMPL @@ -287,7 +283,7 @@ static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do * any locking. */ -static void def_cleanup_cb(const void *a_void) +static void def_cleanup_cb(void *a_void) { EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); diff --git a/crypto/openssl/crypto/hmac/Makefile b/crypto/openssl/crypto/hmac/Makefile index 6033f0a..01f10c3 100644 --- a/crypto/openssl/crypto/hmac/Makefile +++ b/crypto/openssl/crypto/hmac/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/md/Makefile +# OpenSSL/crypto/md/Makefile # DIR= hmac @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -77,23 +74,12 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -hmac.o: ../cryptlib.h hmac.c +hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c index 4c91f91..c45e001 100644 --- a/crypto/openssl/crypto/hmac/hmac.c +++ b/crypto/openssl/crypto/hmac/hmac.c @@ -58,8 +58,8 @@ #include #include #include -#include #include "cryptlib.h" +#include void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) @@ -79,7 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); - OPENSSL_assert(j <= sizeof ctx->key); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -89,7 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { - OPENSSL_assert(len <= sizeof ctx->key); + OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key)); memcpy(ctx->key,key,len); ctx->key_length=len; } @@ -121,7 +121,7 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, HMAC_Init_ex(ctx,key,len,md, NULL); } -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) +void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { EVP_DigestUpdate(&ctx->md_ctx,data,len); } @@ -156,7 +156,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) } unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, int n, unsigned char *md, + const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) { HMAC_CTX c; diff --git a/crypto/openssl/crypto/hmac/hmac.h b/crypto/openssl/crypto/hmac/hmac.h index 0364a1f..719fc40 100644 --- a/crypto/openssl/crypto/hmac/hmac.h +++ b/crypto/openssl/crypto/hmac/hmac.h @@ -58,13 +58,15 @@ #ifndef HEADER_HMAC_H #define HEADER_HMAC_H +#include + #ifdef OPENSSL_NO_HMAC #error HMAC is disabled. #endif #include -#define HMAC_MAX_MD_CBLOCK 64 +#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ #ifdef __cplusplus extern "C" { @@ -92,10 +94,10 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl); -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, int n, unsigned char *md, + const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); diff --git a/crypto/openssl/crypto/ia64cpuid.S b/crypto/openssl/crypto/ia64cpuid.S new file mode 100644 index 0000000..04fbb34 --- /dev/null +++ b/crypto/openssl/crypto/ia64cpuid.S @@ -0,0 +1,121 @@ +// Works on all IA-64 platforms: Linux, HP-UX, Win64i... +// On Win64i compile with ias.exe. +.text +.global OPENSSL_rdtsc# +.proc OPENSSL_rdtsc# +OPENSSL_rdtsc: +{ .mib; mov r8=ar.itc + br.ret.sptk.many b0 };; +.endp OPENSSL_rdtsc# + +.global OPENSSL_atomic_add# +.proc OPENSSL_atomic_add# +.align 32 +OPENSSL_atomic_add: +{ .mii; ld4 r2=[r32] + nop.i 0 + nop.i 0 };; +.Lspin: +{ .mii; mov ar.ccv=r2 + add r8=r2,r33 + mov r3=r2 };; +{ .mmi; mf + cmpxchg4.acq r2=[r32],r8,ar.ccv + nop.i 0 };; +{ .mib; cmp.ne p6,p0=r2,r3 + nop.i 0 +(p6) br.dpnt .Lspin };; +{ .mib; nop.m 0 + sxt4 r8=r8 + br.ret.sptk.many b0 };; +.endp OPENSSL_atomic_add# + +// Returns a structure comprising pointer to the top of stack of +// the caller and pointer beyond backing storage for the current +// register frame. The latter is required, because it might be +// insufficient to wipe backing storage for the current frame +// (as this procedure does), one might have to go further, toward +// higher addresses to reach for whole "retroactively" saved +// context... +.global OPENSSL_wipe_cpu# +.proc OPENSSL_wipe_cpu# +.align 32 +OPENSSL_wipe_cpu: + .prologue + .fframe 0 + .save ar.pfs,r2 + .save ar.lc,r3 +{ .mib; alloc r2=ar.pfs,0,96,0,96 + mov r3=ar.lc + brp.loop.imp .L_wipe_top,.L_wipe_end-16 + };; +{ .mii; mov r9=ar.bsp + mov r8=pr + mov ar.lc=96 };; + .body +{ .mii; add r9=96*8-8,r9 + mov ar.ec=1 };; + +// One can sweep double as fast, but then we can't quarantee +// that backing storage is wiped... +.L_wipe_top: +{ .mfi; st8 [r9]=r0,-8 + mov f127=f0 + mov r127=r0 } +{ .mfb; nop.m 0 + nop.f 0 + br.ctop.sptk .L_wipe_top };; +.L_wipe_end: + +{ .mfi; mov r11=r0 + mov f6=f0 + mov r14=r0 } +{ .mfi; mov r15=r0 + mov f7=f0 + mov r16=r0 } +{ .mfi; mov r17=r0 + mov f8=f0 + mov r18=r0 } +{ .mfi; mov r19=r0 + mov f9=f0 + mov r20=r0 } +{ .mfi; mov r21=r0 + mov f10=f0 + mov r22=r0 } +{ .mfi; mov r23=r0 + mov f11=f0 + mov r24=r0 } +{ .mfi; mov r25=r0 + mov f12=f0 + mov r26=r0 } +{ .mfi; mov r27=r0 + mov f13=f0 + mov r28=r0 } +{ .mfi; mov r29=r0 + mov f14=f0 + mov r30=r0 } +{ .mfi; mov r31=r0 + mov f15=f0 + nop.i 0 } +{ .mfi; mov f16=f0 } +{ .mfi; mov f17=f0 } +{ .mfi; mov f18=f0 } +{ .mfi; mov f19=f0 } +{ .mfi; mov f20=f0 } +{ .mfi; mov f21=f0 } +{ .mfi; mov f22=f0 } +{ .mfi; mov f23=f0 } +{ .mfi; mov f24=f0 } +{ .mfi; mov f25=f0 } +{ .mfi; mov f26=f0 } +{ .mfi; mov f27=f0 } +{ .mfi; mov f28=f0 } +{ .mfi; mov f29=f0 } +{ .mfi; mov f30=f0 } +{ .mfi; add r9=96*8+8,r9 + mov f31=f0 + mov pr=r8,0x1ffff } +{ .mib; mov r8=sp + mov ar.lc=r3 + br.ret.sptk b0 };; +.endp OPENSSL_wipe_cpu# diff --git a/crypto/openssl/crypto/idea/Makefile b/crypto/openssl/crypto/idea/Makefile index fbf8a16..b2e7add 100644 --- a/crypto/openssl/crypto/idea/Makefile +++ b/crypto/openssl/crypto/idea/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/idea/Makefile +# OpenSSL/crypto/idea/Makefile # DIR= idea @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/openssl/crypto/idea/i_skey.c index 1c95bc9..3b1bbd8 100644 --- a/crypto/openssl/crypto/idea/i_skey.c +++ b/crypto/openssl/crypto/idea/i_skey.c @@ -94,10 +94,11 @@ void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) } } -void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) +void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) { int r; - register IDEA_INT *fp,*tp,t; + register IDEA_INT *tp,t; + const IDEA_INT *fp; tp= &(dk->data[0][0]); fp= &(ek->data[8][0]); diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/openssl/crypto/idea/idea.h index 6713241..bf97a37 100644 --- a/crypto/openssl/crypto/idea/idea.h +++ b/crypto/openssl/crypto/idea/idea.h @@ -59,6 +59,8 @@ #ifndef HEADER_IDEA_H #define HEADER_IDEA_H +#include /* IDEA_INT, OPENSSL_NO_IDEA */ + #ifdef OPENSSL_NO_IDEA #error IDEA is disabled. #endif @@ -66,7 +68,6 @@ #define IDEA_ENCRYPT 1 #define IDEA_DECRYPT 0 -#include /* IDEA_INT */ #define IDEA_BLOCK 8 #define IDEA_KEY_LENGTH 16 @@ -83,7 +84,7 @@ const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/openssl/crypto/idea/idea_spd.c b/crypto/openssl/crypto/idea/idea_spd.c index 48ffaff..699353e 100644 --- a/crypto/openssl/crypto/idea/idea_spd.c +++ b/crypto/openssl/crypto/idea/idea_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/idea/ideatest.c b/crypto/openssl/crypto/idea/ideatest.c index 98f805d..e6ffc70 100644 --- a/crypto/openssl/crypto/idea/ideatest.c +++ b/crypto/openssl/crypto/idea/ideatest.c @@ -169,6 +169,9 @@ int main(int argc, char *argv[]) else printf("ok\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/openssl/crypto/krb5/Makefile b/crypto/openssl/crypto/krb5/Makefile index b931505a..1407739 100644 --- a/crypto/openssl/crypto/krb5/Makefile +++ b/crypto/openssl/crypto/krb5/Makefile @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -52,7 +47,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -67,6 +63,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: @@ -79,9 +76,8 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -krb5_asn.o: ../../include/openssl/krb5_asn.h +krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +krb5_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/krb5_asn.h krb5_asn.o: ../../include/openssl/opensslconf.h krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/crypto/openssl/crypto/krb5/krb5_asn.h b/crypto/openssl/crypto/krb5/krb5_asn.h index 3329477..41725d0 100644 --- a/crypto/openssl/crypto/krb5/krb5_asn.h +++ b/crypto/openssl/crypto/krb5/krb5_asn.h @@ -225,7 +225,7 @@ DECLARE_STACK_OF(KRB5_AUTHENTBODY) ** void name##_free(type *a); ** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = ** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = -** type *d2i_##name(type **a, unsigned char **in, long len); +** type *d2i_##name(type **a, const unsigned char **in, long len); ** int i2d_##name(type *a, unsigned char **out); ** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it */ diff --git a/crypto/openssl/crypto/lhash/Makefile b/crypto/openssl/crypto/lhash/Makefile index a38423a..82bddac 100644 --- a/crypto/openssl/crypto/lhash/Makefile +++ b/crypto/openssl/crypto/lhash/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/lhash/Makefile +# OpenSSL/crypto/lhash/Makefile # DIR= lhash @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -81,11 +78,11 @@ lh_stats.o: ../../e_os.h ../../include/openssl/bio.h lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -lh_stats.o: ../cryptlib.h lh_stats.c +lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +lh_stats.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +lh_stats.o: ../../include/openssl/symhacks.h ../cryptlib.h lh_stats.c lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -lhash.o: ../../include/openssl/symhacks.h lhash.c +lhash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +lhash.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h lhash.c diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c index 0a16fcf..55cb055 100644 --- a/crypto/openssl/crypto/lhash/lhash.c +++ b/crypto/openssl/crypto/lhash/lhash.c @@ -176,11 +176,11 @@ void lh_free(LHASH *lh) OPENSSL_free(lh); } -void *lh_insert(LHASH *lh, const void *data) +void *lh_insert(LHASH *lh, void *data) { unsigned long hash; LHASH_NODE *nn,**rn; - const void *ret; + void *ret; lh->error=0; if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) @@ -211,14 +211,14 @@ void *lh_insert(LHASH *lh, const void *data) (*rn)->data=data; lh->num_replace++; } - return((void *)ret); + return(ret); } void *lh_delete(LHASH *lh, const void *data) { unsigned long hash; LHASH_NODE *nn,**rn; - const void *ret; + void *ret; lh->error=0; rn=getrn(lh,data,&hash); @@ -242,14 +242,14 @@ void *lh_delete(LHASH *lh, const void *data) (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) contract(lh); - return((void *)ret); + return(ret); } void *lh_retrieve(LHASH *lh, const void *data) { unsigned long hash; LHASH_NODE **rn; - const void *ret; + void *ret; lh->error=0; rn=getrn(lh,data,&hash); @@ -264,7 +264,7 @@ void *lh_retrieve(LHASH *lh, const void *data) ret= (*rn)->data; lh->num_retrieve++; } - return((void *)ret); + return(ret); } static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, @@ -339,7 +339,7 @@ static void expand(LHASH *lh) { j=(int)lh->num_alloc_nodes*2; n=(LHASH_NODE **)OPENSSL_realloc(lh->b, - (unsigned int)sizeof(LHASH_NODE *)*j); + (int)(sizeof(LHASH_NODE *)*j)); if (n == NULL) { /* fputs("realloc error in lhash",stderr); */ @@ -401,7 +401,7 @@ static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) { LHASH_NODE **ret,*n1; unsigned long hash,nn; - int (*cf)(); + LHASH_COMP_FN_TYPE cf; hash=(*(lh->hash))(data); lh->num_hash_calls++; diff --git a/crypto/openssl/crypto/lhash/lhash.h b/crypto/openssl/crypto/lhash/lhash.h index dee8207..d392d0c 100644 --- a/crypto/openssl/crypto/lhash/lhash.h +++ b/crypto/openssl/crypto/lhash/lhash.h @@ -63,6 +63,7 @@ #ifndef HEADER_LHASH_H #define HEADER_LHASH_H +#include #ifndef OPENSSL_NO_FP_API #include #endif @@ -77,7 +78,7 @@ extern "C" { typedef struct lhash_node_st { - const void *data; + void *data; struct lhash_node_st *next; #ifndef OPENSSL_NO_HASH_COMP unsigned long hash; @@ -86,8 +87,8 @@ typedef struct lhash_node_st typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. * This way, callbacks can be provided to LHASH structures without function @@ -117,18 +118,18 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); /* Third: "doall" functions */ #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *); + void f_name##_LHASH_DOALL(void *); #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *arg) { \ + void f_name##_LHASH_DOALL(void *arg) { \ o_type a = (o_type)arg; \ f_name(a); } #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *, void *); + void f_name##_LHASH_DOALL_ARG(void *, void *); #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ + void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ o_type a = (o_type)arg1; \ a_type b = (a_type)arg2; \ f_name(a,b); } @@ -172,7 +173,7 @@ typedef struct lhash_st LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, const void *data); +void *lh_insert(LHASH *lh, void *data); void *lh_delete(LHASH *lh, const void *data); void *lh_retrieve(LHASH *lh, const void *data); void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); diff --git a/crypto/openssl/crypto/md2/Makefile b/crypto/openssl/crypto/md2/Makefile index 975eda2..17f878a 100644 --- a/crypto/openssl/crypto/md2/Makefile +++ b/crypto/openssl/crypto/md2/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/md/Makefile +# OpenSSL/crypto/md/Makefile # DIR= md2 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -79,13 +76,14 @@ clean: md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h -md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md2_dgst.o: md2_dgst.c +md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +md2_dgst.o: ../../include/openssl/symhacks.h md2_dgst.c md2_one.o: ../../e_os.h ../../include/openssl/bio.h md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c +md2_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +md2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md2_one.o: ../cryptlib.h md2_one.c diff --git a/crypto/openssl/crypto/md2/md2.h b/crypto/openssl/crypto/md2/md2.h index ad92414..5b71855 100644 --- a/crypto/openssl/crypto/md2/md2.h +++ b/crypto/openssl/crypto/md2/md2.h @@ -59,13 +59,13 @@ #ifndef HEADER_MD2_H #define HEADER_MD2_H +#include /* OPENSSL_NO_MD2, MD2_INT */ #ifdef OPENSSL_NO_MD2 #error MD2 is disabled. #endif #define MD2_DIGEST_LENGTH 16 #define MD2_BLOCK 16 -#include /* MD2_INT */ #ifdef __cplusplus extern "C" { @@ -73,7 +73,7 @@ extern "C" { typedef struct MD2state_st { - int num; + unsigned int num; unsigned char data[MD2_BLOCK]; MD2_INT cksm[MD2_BLOCK]; MD2_INT state[MD2_BLOCK]; @@ -81,9 +81,9 @@ typedef struct MD2state_st const char *MD2_options(void); int MD2_Init(MD2_CTX *c); -int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md); +unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md); #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/md2/md2_dgst.c b/crypto/openssl/crypto/md2/md2_dgst.c index ecb64f0..15e77d6 100644 --- a/crypto/openssl/crypto/md2/md2_dgst.c +++ b/crypto/openssl/crypto/md2/md2_dgst.c @@ -125,7 +125,7 @@ int MD2_Init(MD2_CTX *c) return 1; } -int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len) { register UCHAR *p; @@ -145,7 +145,7 @@ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) } else { - memcpy(&(p[c->num]),data,(int)len); + memcpy(&(p[c->num]),data,len); /* data+=len; */ c->num+=(int)len; return 1; @@ -159,7 +159,7 @@ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) data+=MD2_BLOCK; len-=MD2_BLOCK; } - memcpy(p,data,(int)len); + memcpy(p,data,len); c->num=(int)len; return 1; } diff --git a/crypto/openssl/crypto/md2/md2_one.c b/crypto/openssl/crypto/md2/md2_one.c index 835160e..f7fef5c 100644 --- a/crypto/openssl/crypto/md2/md2_one.c +++ b/crypto/openssl/crypto/md2/md2_one.c @@ -63,13 +63,14 @@ /* This is a separate file so that #defines in cryptlib.h can * map my MD functions to different names */ -unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) { MD2_CTX c; static unsigned char m[MD2_DIGEST_LENGTH]; if (md == NULL) md=m; - MD2_Init(&c); + if (!MD2_Init(&c)) + return NULL; #ifndef CHARSET_EBCDIC MD2_Update(&c,d,n); #else diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c index 9c1e28b..db5f5bc 100644 --- a/crypto/openssl/crypto/md2/md2test.c +++ b/crypto/openssl/crypto/md2/md2test.c @@ -110,7 +110,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL); + EVP_Digest((unsigned char *)*P,strlen(*P),md,NULL,EVP_md2(), NULL); p=pt(md); if (strcmp(p,*R) != 0) { @@ -124,7 +124,11 @@ int main(int argc, char *argv[]) R++; P++; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); + return err; } static char *pt(unsigned char *md) diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/openssl/crypto/md32_common.h index 8137c57..0e625a8 100644 --- a/crypto/openssl/crypto/md32_common.h +++ b/crypto/openssl/crypto/md32_common.h @@ -77,7 +77,7 @@ * ... * HASH_LONG Nl,Nh; * HASH_LONG data[HASH_LBLOCK]; - * int num; + * unsigned int num; * ... * } HASH_CTX; * HASH_UPDATE @@ -128,10 +128,6 @@ * */ -#include -#include -#include - #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) #error "DATA_ORDER must be defined!" #endif @@ -183,7 +179,7 @@ */ #undef ROTATE #ifndef PEDANTIC -# if 0 /* defined(_MSC_VER) */ +# if defined(_MSC_VER) || defined(__ICC) # define ROTATE(a,n) _lrotl(a,n) # elif defined(__MWERKS__) # if defined(__POWERPC__) @@ -199,7 +195,6 @@ * Some GNU C inline assembler templates. Note that these are * rotates by *constant* number of bits! But that's exactly * what we need here... - * * */ # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) @@ -211,7 +206,7 @@ : "cc"); \ ret; \ }) -# elif defined(__powerpc) || defined(__ppc) +# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) # define ROTATE(a,n) ({ register unsigned int ret; \ asm ( \ "rlwinm %0,%1,%2,0,31" \ @@ -221,39 +216,6 @@ }) # endif # endif - -/* - * Engage compiler specific "fetch in reverse byte order" - * intrinsic function if available. - */ -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) - /* some GNU C inline assembler templates by */ -# if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY) -# define BE_FETCH32(a) ({ register unsigned int l=(a);\ - asm ( \ - "bswapl %0" \ - : "=r"(l) : "0"(l)); \ - l; \ - }) -# elif defined(__powerpc) -# define LE_FETCH32(a) ({ register unsigned int l; \ - asm ( \ - "lwbrx %0,0,%1" \ - : "=r"(l) \ - : "r"(a)); \ - l; \ - }) - -# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) -# define LE_FETCH32(a) ({ register unsigned int l; \ - asm ( \ - "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ - : "=r"(l) \ - : "r"(a)); \ - l; \ - }) -# endif -# endif #endif /* PEDANTIC */ #if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ @@ -305,28 +267,12 @@ # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER # endif -# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# ifndef HOST_FETCH32 -# ifdef LE_FETCH32 -# define HOST_FETCH32(p,l) LE_FETCH32(p) -# elif defined(REVERSE_FETCH32) -# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) -# endif -# endif # endif #elif defined(L_ENDIAN) # if defined(DATA_ORDER_IS_LITTLE_ENDIAN) # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER # endif -# elif defined(DATA_ORDER_IS_BIG_ENDIAN) -# ifndef HOST_FETCH32 -# ifdef BE_FETCH32 -# define HOST_FETCH32(p,l) BE_FETCH32(p) -# elif defined(REVERSE_FETCH32) -# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) -# endif -# endif # endif #endif @@ -338,11 +284,33 @@ #if defined(DATA_ORDER_IS_BIG_ENDIAN) +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ + (defined(__x86_64) || defined(__x86_64__)) + /* + * This gives ~30-40% performance improvement in SHA-256 compiled + * with gcc [on P4]. Well, first macro to be frank. We can pull + * this trick on x86* platforms only, because these CPUs can fetch + * unaligned data without raising an exception. + */ +# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + (c)+=4; (l)=r; }) +# define HOST_l2c(l,c) ({ unsigned int r=(l); \ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + *((unsigned int *)(c))=r; (c)+=4; r; }) +# endif +# endif +#endif + +#ifndef HOST_c2l #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++))) ), \ l) +#endif #define HOST_p_c2l(c,l,n) { \ switch (n) { \ case 0: l =((unsigned long)(*((c)++)))<<24; \ @@ -366,19 +334,31 @@ case 2: l|=((unsigned long)(*(--(c))))<<16; \ case 1: l|=((unsigned long)(*(--(c))))<<24; \ } } +#ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff), \ l) +#endif #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# ifndef B_ENDIAN + /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +# endif +#endif + +#ifndef HOST_c2l #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<<24), \ l) +#endif #define HOST_p_c2l(c,l,n) { \ switch (n) { \ case 0: l =((unsigned long)(*((c)++))); \ @@ -402,11 +382,13 @@ case 2: l|=((unsigned long)(*(--(c))))<< 8; \ case 1: l|=((unsigned long)(*(--(c)))); \ } } +#ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ l) +#endif #endif @@ -414,21 +396,21 @@ * Time for some action:-) */ -int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) +int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) { const unsigned char *data=data_; register HASH_LONG * p; - register unsigned long l; - int sw,sc,ew,ec; + register HASH_LONG l; + size_t sw,sc,ew,ec; if (len==0) return 1; - l=(c->Nl+(len<<3))&0xffffffffL; + l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL; /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to * Wei Dai for pointing it out. */ if (l < c->Nl) /* overflow */ c->Nh++; - c->Nh+=(len>>29); + c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ c->Nl=l; if (c->num != 0) @@ -451,7 +433,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) } else { - c->num+=len; + c->num+=(unsigned int)len; if ((sc+len) < 4) /* ugly, add char's to a word */ { l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; @@ -485,10 +467,10 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined * only if sizeof(HASH_LONG)==4. */ - if ((((unsigned long)data)%4) == 0) + if ((((size_t)data)%4) == 0) { /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); sw*=HASH_CBLOCK; data+=sw; len-=sw; @@ -534,9 +516,9 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) { #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - if ((((unsigned long)data)%4) == 0) + if ((((size_t)data)%4) == 0) /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); else #if !defined(HASH_BLOCK_DATA_ORDER) { @@ -559,14 +541,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) static const unsigned char end[4]={0x80,0x00,0x00,0x00}; const unsigned char *cp=end; -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !FIPS_md5_allowed()) - { - FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); - return 0; - } -#endif - /* c->num should definitly have room for at least one more byte. */ p=c->data; i=c->num>>2; diff --git a/crypto/openssl/crypto/md4/Makefile b/crypto/openssl/crypto/md4/Makefile index f4b3869..ef97bb0 100644 --- a/crypto/openssl/crypto/md4/Makefile +++ b/crypto/openssl/crypto/md4/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/md4/Makefile +# OpenSSL/crypto/md4/Makefile # DIR= md4 @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -52,7 +47,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -67,6 +63,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -78,15 +75,12 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -md4_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md4_dgst.o: ../md32_common.h md4_dgst.c md4_locl.h +md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h +md4_dgst.o: ../../include/openssl/opensslconf.h +md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c +md4_dgst.o: md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h -md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md4_one.o: md4_one.c +md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +md4_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +md4_one.o: ../../include/openssl/symhacks.h md4_one.c diff --git a/crypto/openssl/crypto/md4/md4.h b/crypto/openssl/crypto/md4/md4.h index 7a7b236..b080cbd 100644 --- a/crypto/openssl/crypto/md4/md4.h +++ b/crypto/openssl/crypto/md4/md4.h @@ -101,13 +101,13 @@ typedef struct MD4state_st MD4_LONG A,B,C,D; MD4_LONG Nl,Nh; MD4_LONG data[MD4_LBLOCK]; - int num; + unsigned int num; } MD4_CTX; int MD4_Init(MD4_CTX *c); -int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); void MD4_Transform(MD4_CTX *c, const unsigned char *b); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/md4/md4_dgst.c b/crypto/openssl/crypto/md4/md4_dgst.c index 7afb718..d4c7057 100644 --- a/crypto/openssl/crypto/md4/md4_dgst.c +++ b/crypto/openssl/crypto/md4/md4_dgst.c @@ -83,7 +83,7 @@ int MD4_Init(MD4_CTX *c) } #ifndef md4_block_host_order -void md4_block_host_order (MD4_CTX *c, const void *data, int num) +void md4_block_host_order (MD4_CTX *c, const void *data, size_t num) { const MD4_LONG *X=data; register unsigned MD32_REG_T A,B,C,D; @@ -159,7 +159,7 @@ void md4_block_host_order (MD4_CTX *c, const void *data, int num) #ifdef X #undef X #endif -void md4_block_data_order (MD4_CTX *c, const void *data_, int num) +void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) { const unsigned char *data=data_; register unsigned MD32_REG_T A,B,C,D,l; diff --git a/crypto/openssl/crypto/md4/md4_locl.h b/crypto/openssl/crypto/md4/md4_locl.h index a8d31d7..abc7b9b 100644 --- a/crypto/openssl/crypto/md4/md4_locl.h +++ b/crypto/openssl/crypto/md4/md4_locl.h @@ -65,10 +65,11 @@ #define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif -void md4_block_host_order (MD4_CTX *c, const void *p,int num); -void md4_block_data_order (MD4_CTX *c, const void *p,int num); +void md4_block_host_order (MD4_CTX *c, const void *p,size_t num); +void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +# if !defined(B_ENDIAN) /* * *_block_host_order is expected to handle aligned data while * *_block_data_order - unaligned. As algorithm and host (x86) @@ -90,7 +91,8 @@ void md4_block_data_order (MD4_CTX *c, const void *p,int num); * * */ -#define md4_block_data_order md4_block_host_order +# define md4_block_data_order md4_block_host_order +# endif #endif #define DATA_ORDER_IS_LITTLE_ENDIAN diff --git a/crypto/openssl/crypto/md4/md4_one.c b/crypto/openssl/crypto/md4/md4_one.c index 0056550..bb64362 100644 --- a/crypto/openssl/crypto/md4/md4_one.c +++ b/crypto/openssl/crypto/md4/md4_one.c @@ -65,13 +65,14 @@ #include #endif -unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) { MD4_CTX c; static unsigned char m[MD4_DIGEST_LENGTH]; if (md == NULL) md=m; - MD4_Init(&c); + if (!MD4_Init(&c)) + return NULL; #ifndef CHARSET_EBCDIC MD4_Update(&c,d,n); #else diff --git a/crypto/openssl/crypto/md4/md4test.c b/crypto/openssl/crypto/md4/md4test.c index 21a77d9..5da5338 100644 --- a/crypto/openssl/crypto/md4/md4test.c +++ b/crypto/openssl/crypto/md4/md4test.c @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL); + EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { diff --git a/crypto/openssl/crypto/md5/Makefile b/crypto/openssl/crypto/md5/Makefile index 2d5d818..849a0a5 100644 --- a/crypto/openssl/crypto/md5/Makefile +++ b/crypto/openssl/crypto/md5/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/md5/Makefile +# OpenSSL/crypto/md5/Makefile # DIR= md5 @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES=-I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -20,6 +15,7 @@ MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=md5test.c @@ -46,24 +42,19 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s) - +# ELF +mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@) +# COFF +mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@) # a.out -asm/mx86-out.o: asm/mx86unix.cpp - $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o - -# bsdi -asm/mx86bsdi.o: asm/mx86unix.cpp - $(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o +mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) -asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp) - -asm/md5-sparcv8plus.o: asm/md5-sparcv9.S +md5-sparcv8plus.o: asm/md5-sparcv9.S $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \ - -o asm/md5-sparcv8plus.o asm/md5-sparcv9.S + -o md5-sparcv8plus.o asm/md5-sparcv9.S # Old GNU assembler doesn't understand V9 instructions, so we # hire /usr/ccs/bin/as to do the job. Note that option is called @@ -71,13 +62,15 @@ asm/md5-sparcv8plus.o: asm/md5-sparcv9.S # if they didn't bother to upgrade GNU assembler. Such users should # not choose this option, but be adviced to *remove* GNU assembler # or upgrade it. -asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S +md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \ - /usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o + /usr/ccs/bin/as -xarch=v8plus - -o md5-sparcv8plus-gcc27.o -asm/md5-sparcv9.o: asm/md5-sparcv9.S +md5-sparcv9.o: asm/md5-sparcv9.S $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \ - -o asm/md5-sparcv9.o asm/md5-sparcv9.S + -o md5-sparcv9.o asm/md5-sparcv9.S + +md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -88,7 +81,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -103,6 +97,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -110,19 +105,16 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -md5_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md5_dgst.o: ../md32_common.h md5_dgst.c md5_locl.h +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h +md5_dgst.o: ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c +md5_dgst.o: md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md5_one.o: md5_one.c +md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +md5_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +md5_one.o: ../../include/openssl/symhacks.h md5_one.c diff --git a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl b/crypto/openssl/crypto/md5/asm/md5-x86_64.pl new file mode 100755 index 0000000..c36a7fe --- /dev/null +++ b/crypto/openssl/crypto/md5/asm/md5-x86_64.pl @@ -0,0 +1,245 @@ +#!/usr/bin/perl -w +# +# MD5 optimized for AMD64. +# +# Author: Marc Bevand +# Licence: I hereby disclaim the copyright on this code and place it +# in the public domain. +# + +use strict; + +my $code; + +# round1_step() does: +# dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s) +# %r10d = X[k_next] +# %r11d = z' (copy of z for the next step) +# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC) +sub round1_step +{ + my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; + $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1); + $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); + $code .= <A + mov 1*4(%rbp), %ebx # ebx = ctx->B + mov 2*4(%rbp), %ecx # ecx = ctx->C + mov 3*4(%rbp), %edx # edx = ctx->D + # end is 'rdi' + # ptr is 'rsi' + # A is 'eax' + # B is 'ebx' + # C is 'ecx' + # D is 'edx' + + cmp %rdi, %rsi # cmp end with ptr + je .Lend # jmp if ptr == end + + # BEGIN of loop over 16-word blocks +.Lloop: # save old values of A, B, C, D + mov %eax, %r8d + mov %ebx, %r9d + mov %ecx, %r14d + mov %edx, %r15d +EOF +round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17'); +round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22'); +round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17'); +round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22'); +round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17'); +round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22'); +round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17'); +round1_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x49b40821','22'); + +round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14'); +round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20'); +round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14'); +round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20'); +round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14'); +round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20'); +round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14'); +round2_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x8d2a4c8a','20'); + +round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16'); +round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23'); +round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16'); +round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23'); +round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16'); +round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23'); +round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16'); +round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23'); + +round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15'); +round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21'); +round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15'); +round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21'); +round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15'); +round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21'); +round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15'); +round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21'); +$code .= <A = A + mov %ebx, 1*4(%rbp) # ctx->B = B + mov %ecx, 2*4(%rbp) # ctx->C = C + mov %edx, 3*4(%rbp) # ctx->D = D + + pop %r15 + pop %r14 + pop %rbx + pop %rbp + ret +.size md5_block_asm_host_order,.-md5_block_asm_host_order +EOF + +print $code; + +close STDOUT; diff --git a/crypto/openssl/crypto/md5/md5.h b/crypto/openssl/crypto/md5/md5.h index a252e02..6d283fe 100644 --- a/crypto/openssl/crypto/md5/md5.h +++ b/crypto/openssl/crypto/md5/md5.h @@ -101,13 +101,13 @@ typedef struct MD5state_st MD5_LONG A,B,C,D; MD5_LONG Nl,Nh; MD5_LONG data[MD5_LBLOCK]; - int num; + unsigned int num; } MD5_CTX; int MD5_Init(MD5_CTX *c); -int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); void MD5_Transform(MD5_CTX *c, const unsigned char *b); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/md5/md5_dgst.c b/crypto/openssl/crypto/md5/md5_dgst.c index 9c7abc3..f97f48e 100644 --- a/crypto/openssl/crypto/md5/md5_dgst.c +++ b/crypto/openssl/crypto/md5/md5_dgst.c @@ -83,7 +83,7 @@ int MD5_Init(MD5_CTX *c) } #ifndef md5_block_host_order -void md5_block_host_order (MD5_CTX *c, const void *data, int num) +void md5_block_host_order (MD5_CTX *c, const void *data, size_t num) { const MD5_LONG *X=data; register unsigned MD32_REG_T A,B,C,D; @@ -176,7 +176,7 @@ void md5_block_host_order (MD5_CTX *c, const void *data, int num) #ifdef X #undef X #endif -void md5_block_data_order (MD5_CTX *c, const void *data_, int num) +void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) { const unsigned char *data=data_; register unsigned MD32_REG_T A,B,C,D,l; diff --git a/crypto/openssl/crypto/md5/md5_locl.h b/crypto/openssl/crypto/md5/md5_locl.h index 9e360da..94f395f 100644 --- a/crypto/openssl/crypto/md5/md5_locl.h +++ b/crypto/openssl/crypto/md5/md5_locl.h @@ -66,18 +66,21 @@ #endif #ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define md5_block_host_order md5_block_asm_host_order +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__) +# if !defined(B_ENDIAN) +# define md5_block_host_order md5_block_asm_host_order +# endif # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) - void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num); + void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,size_t num); # define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned # endif #endif -void md5_block_host_order (MD5_CTX *c, const void *p,int num); -void md5_block_data_order (MD5_CTX *c, const void *p,int num); +void md5_block_host_order (MD5_CTX *c, const void *p,size_t num); +void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__) +# if !defined(B_ENDIAN) /* * *_block_host_order is expected to handle aligned data while * *_block_data_order - unaligned. As algorithm and host (x86) @@ -99,7 +102,8 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num); * * */ -#define md5_block_data_order md5_block_host_order +# define md5_block_data_order md5_block_host_order +# endif #endif #define DATA_ORDER_IS_LITTLE_ENDIAN diff --git a/crypto/openssl/crypto/md5/md5_one.c b/crypto/openssl/crypto/md5/md5_one.c index c5dd2d8..43fee89 100644 --- a/crypto/openssl/crypto/md5/md5_one.c +++ b/crypto/openssl/crypto/md5/md5_one.c @@ -65,13 +65,14 @@ #include #endif -unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) { MD5_CTX c; static unsigned char m[MD5_DIGEST_LENGTH]; if (md == NULL) md=m; - MD5_Init(&c); + if (!MD5_Init(&c)) + return NULL; #ifndef CHARSET_EBCDIC MD5_Update(&c,d,n); #else diff --git a/crypto/openssl/crypto/md5/md5test.c b/crypto/openssl/crypto/md5/md5test.c index bfd6262..0628053 100644 --- a/crypto/openssl/crypto/md5/md5test.c +++ b/crypto/openssl/crypto/md5/md5test.c @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL); + EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { @@ -120,6 +120,10 @@ int main(int argc, char *argv[]) R++; P++; } + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/openssl/crypto/mdc2/Makefile b/crypto/openssl/crypto/mdc2/Makefile index 7b70164..1d064f1 100644 --- a/crypto/openssl/crypto/mdc2/Makefile +++ b/crypto/openssl/crypto/mdc2/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/mdc2/Makefile +# OpenSSL/crypto/mdc2/Makefile # DIR= mdc2 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -83,14 +80,14 @@ mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h mdc2_one.o: ../../include/openssl/opensslconf.h -mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -mdc2_one.o: ../cryptlib.h mdc2_one.c -mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h -mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c +mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h +mdc2dgst.o: ../../include/openssl/opensslconf.h +mdc2dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h mdc2dgst.o: mdc2dgst.c diff --git a/crypto/openssl/crypto/mdc2/mdc2.h b/crypto/openssl/crypto/mdc2/mdc2.h index 793a8a0..72778a5 100644 --- a/crypto/openssl/crypto/mdc2/mdc2.h +++ b/crypto/openssl/crypto/mdc2/mdc2.h @@ -74,7 +74,7 @@ extern "C" { typedef struct mdc2_ctx_st { - int num; + unsigned int num; unsigned char data[MDC2_BLOCK]; DES_cblock h,hh; int pad_type; /* either 1 or 2, default 1 */ @@ -82,9 +82,9 @@ typedef struct mdc2_ctx_st int MDC2_Init(MDC2_CTX *c); -int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -unsigned char *MDC2(const unsigned char *d, unsigned long n, +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); #ifdef __cplusplus diff --git a/crypto/openssl/crypto/mdc2/mdc2_one.c b/crypto/openssl/crypto/mdc2/mdc2_one.c index 37f06c8..72647f6 100644 --- a/crypto/openssl/crypto/mdc2/mdc2_one.c +++ b/crypto/openssl/crypto/mdc2/mdc2_one.c @@ -60,13 +60,14 @@ #include "cryptlib.h" #include -unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md) { MDC2_CTX c; static unsigned char m[MDC2_DIGEST_LENGTH]; if (md == NULL) md=m; - MDC2_Init(&c); + if (!MDC2_Init(&c)) + return NULL; MDC2_Update(&c,d,n); MDC2_Final(md,&c); OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ diff --git a/crypto/openssl/crypto/mdc2/mdc2dgst.c b/crypto/openssl/crypto/mdc2/mdc2dgst.c index 32daa9b..4aa406e 100644 --- a/crypto/openssl/crypto/mdc2/mdc2dgst.c +++ b/crypto/openssl/crypto/mdc2/mdc2dgst.c @@ -74,7 +74,7 @@ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) -static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len); +static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); int MDC2_Init(MDC2_CTX *c) { c->num=0; @@ -84,9 +84,9 @@ int MDC2_Init(MDC2_CTX *c) return 1; } -int MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len) +int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) { - int i,j; + size_t i,j; i=c->num; if (i != 0) @@ -94,7 +94,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len) if (i+len < MDC2_BLOCK) { /* partial block */ - memcpy(&(c->data[i]),in,(int)len); + memcpy(&(c->data[i]),in,len); c->num+=(int)len; return 1; } @@ -109,25 +109,25 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len) mdc2_body(c,&(c->data[0]),MDC2_BLOCK); } } - i=(int)(len&(unsigned long)~(MDC2_BLOCK-1)); + i=len&~((size_t)MDC2_BLOCK-1); if (i > 0) mdc2_body(c,in,i); - j=(int)len-i; + j=len-i; if (j > 0) { memcpy(&(c->data[0]),&(in[i]),j); - c->num=j; + c->num=(int)j; } return 1; } -static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len) +static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len) { register DES_LONG tin0,tin1; register DES_LONG ttin0,ttin1; DES_LONG d[2],dd[2]; DES_key_schedule k; unsigned char *p; - unsigned int i; + size_t i; for (i=0; inum; j=c->pad_type; diff --git a/crypto/openssl/crypto/mdc2/mdc2test.c b/crypto/openssl/crypto/mdc2/mdc2test.c index c9abe99..017b31a 100644 --- a/crypto/openssl/crypto/mdc2/mdc2test.c +++ b/crypto/openssl/crypto/mdc2/mdc2test.c @@ -140,6 +140,9 @@ int main(int argc, char *argv[]) printf("pad2 - ok\n"); EVP_MD_CTX_cleanup(&c); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c index dd86733..6635167 100644 --- a/crypto/openssl/crypto/mem.c +++ b/crypto/openssl/crypto/mem.c @@ -324,8 +324,8 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); - if (num <= 0) return NULL; - + if (num <= 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -345,9 +345,9 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (str == NULL) return CRYPTO_malloc(num, file, line); - - if (num <= 0) return NULL; - + + if (num <= 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); diff --git a/crypto/openssl/crypto/mem_clr.c b/crypto/openssl/crypto/mem_clr.c index e4b7f54..75cbfb3 100644 --- a/crypto/openssl/crypto/mem_clr.c +++ b/crypto/openssl/crypto/mem_clr.c @@ -68,7 +68,7 @@ void OPENSSL_cleanse(void *ptr, size_t len) while(loop--) { *(p++) = cleanse_ctr; - cleanse_ctr += (17 + (unsigned char)((int)p & 0xF)); + cleanse_ctr += (17 + (unsigned char)((unsigned long)p & 0xF)); } if(memchr(ptr, cleanse_ctr, len)) cleanse_ctr += 63; diff --git a/crypto/openssl/crypto/mem_dbg.c b/crypto/openssl/crypto/mem_dbg.c index e212de2..8316485 100644 --- a/crypto/openssl/crypto/mem_dbg.c +++ b/crypto/openssl/crypto/mem_dbg.c @@ -59,11 +59,11 @@ #include #include #include +#include "cryptlib.h" #include #include #include #include -#include "cryptlib.h" static int mh_mode=CRYPTO_MEM_CHECK_OFF; /* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE @@ -252,8 +252,16 @@ long CRYPTO_dbg_get_options(void) /* static int mem_cmp(MEM *a, MEM *b) */ static int mem_cmp(const void *a_void, const void *b_void) { +#ifdef _WIN64 + const char *a=(const char *)((const MEM *)a_void)->addr, + *b=(const char *)((const MEM *)b_void)->addr; + if (a==b) return 0; + else if (a>b) return 1; + else return -1; +#else return((const char *)((const MEM *)a_void)->addr - (const char *)((const MEM *)b_void)->addr); +#endif } /* static unsigned long mem_hash(MEM *a) */ diff --git a/crypto/openssl/crypto/o_dir.c b/crypto/openssl/crypto/o_dir.c new file mode 100644 index 0000000..42891ea --- /dev/null +++ b/crypto/openssl/crypto/o_dir.c @@ -0,0 +1,83 @@ +/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +/* The routines really come from the Levitte Programming, so to make + life simple, let's just use the raw files and hack the symbols to + fit our namespace. */ +#define LP_DIR_CTX OPENSSL_DIR_CTX +#define LP_dir_context_st OPENSSL_dir_context_st +#define LP_find_file OPENSSL_DIR_read +#define LP_find_file_end OPENSSL_DIR_end + +#include "o_dir.h" + +#define LPDIR_H +#if defined OPENSSL_SYS_UNIX || defined DJGPP +#include "LPdir_unix.c" +#elif defined OPENSSL_SYS_VMS +#include "LPdir_vms.c" +#elif defined OPENSSL_SYS_WIN32 +#include "LPdir_win32.c" +#elif defined OPENSSL_SYS_WINCE +#include "LPdir_wince.c" +#else +#include "LPdir_nyi.c" +#endif diff --git a/crypto/openssl/crypto/o_dir.h b/crypto/openssl/crypto/o_dir.h new file mode 100644 index 0000000..4b725c0 --- /dev/null +++ b/crypto/openssl/crypto/o_dir.h @@ -0,0 +1,53 @@ +/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */ +/* Copied from Richard Levitte's (richard@levitte.org) LP library. All + * symbol names have been changed, with permission from the author. + */ + +/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +#ifndef O_DIR_H +#define O_DIR_H + +#ifdef __cplusplus +extern "C" { +#endif + + typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; + + /* returns NULL on error or end-of-directory. + If it is end-of-directory, errno will be zero */ + const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); + /* returns 1 on success, 0 on error */ + int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* LPDIR_H */ diff --git a/crypto/openssl/crypto/o_dir_test.c b/crypto/openssl/crypto/o_dir_test.c new file mode 100644 index 0000000..3d75ecb --- /dev/null +++ b/crypto/openssl/crypto/o_dir_test.c @@ -0,0 +1,70 @@ +/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */ +/* Copied from Richard Levitte's (richard@levitte.org) LP library. All + * symbol names have been changed, with permission from the author. + */ + +/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */ +/* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include "e_os2.h" +#include "o_dir.h" + +#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE +#define CURRDIR "." +#elif defined OPENSSL_SYS_VMS +#define CURRDIR "SYS$DISK:[]" +#else +#error "No supported platform defined!" +#endif + +int main() +{ + OPENSSL_DIR_CTX *ctx = NULL; + const char *result; + + while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL) + { + printf("%s\n", result); + } + + if (errno) + { + perror("test_dir"); + exit(1); + } + + if (!OPENSSL_DIR_end(&ctx)) + { + perror("test_dir"); + exit(2); + } + exit(0); +} diff --git a/crypto/openssl/crypto/o_str.c b/crypto/openssl/crypto/o_str.c index 7189d13..2db0993 100644 --- a/crypto/openssl/crypto/o_str.c +++ b/crypto/openssl/crypto/o_str.c @@ -57,20 +57,12 @@ */ #include -#include -#ifdef OPENSSL_SYS_WINDOWS -# include -#else -# include -#endif +#include #include "o_str.h" -#undef strncasecmp -#undef strcasecmp - int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) { -#if defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_IMPLEMENTS_strncasecmp) while (*str1 && *str2 && n) { int res = toupper(*str1) - toupper(*str2); @@ -86,20 +78,28 @@ int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) if (*str2) return -1; return 0; -#elif defined(OPENSSL_SYS_WINDOWS) - return _strnicmp(str1, str2, n); #else + /* Recursion hazard warning! Whenever strncasecmp is #defined as + * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be + * defined as well. */ return strncasecmp(str1, str2, n); #endif } int OPENSSL_strcasecmp(const char *str1, const char *str2) { -#if defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_IMPLEMENTS_strncasecmp) return OPENSSL_strncasecmp(str1, str2, (size_t)-1); -#elif defined(OPENSSL_SYS_WINDOWS) - return _stricmp(str1, str2); #else return strcasecmp(str1, str2); #endif } +int OPENSSL_memcmp(const void *v1,const void *v2,size_t n) + { + const unsigned char *c1=v1,*c2=v2; + int ret=0; + + while(n && (ret=*c1-*c2)==0) n--,c1++,c2++; + + return ret; + } diff --git a/crypto/openssl/crypto/o_str.h b/crypto/openssl/crypto/o_str.h index 4a70a9e..dfc9849 100644 --- a/crypto/openssl/crypto/o_str.h +++ b/crypto/openssl/crypto/o_str.h @@ -63,5 +63,6 @@ int OPENSSL_strcasecmp(const char *str1, const char *str2); int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); +int OPENSSL_memcmp(const void *p1,const void *p2,size_t n); #endif diff --git a/crypto/openssl/crypto/objects/Makefile b/crypto/openssl/crypto/objects/Makefile index 48a9128..08af092 100644 --- a/crypto/openssl/crypto/objects/Makefile +++ b/crypto/openssl/crypto/objects/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/objects/Makefile +# OpenSSL/crypto/objects/Makefile # DIR= objects @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r PERL= perl @@ -49,6 +44,7 @@ obj_dat.h: obj_dat.pl obj_mac.h # objects.pl both reads and writes obj_mac.num obj_mac.h: objects.pl objects.txt obj_mac.num $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h + @sleep 1; touch obj_mac.h; sleep 1 files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -59,7 +55,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -74,6 +71,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -86,36 +84,36 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h +o_names.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +o_names.o: ../../include/openssl/err.h ../../include/openssl/lhash.h o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h o_names.o: o_names.c obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h -obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h +obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_dat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +obj_dat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_dat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +obj_dat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +obj_dat.o: ../cryptlib.h obj_dat.c obj_dat.h obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_err.o: ../../include/openssl/symhacks.h obj_err.c +obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +obj_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +obj_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +obj_err.o: obj_err.c obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h -obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c +obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +obj_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +obj_lib.o: ../cryptlib.h obj_lib.c diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/openssl/crypto/objects/o_names.c index b4453b4..adb5731 100644 --- a/crypto/openssl/crypto/objects/o_names.c +++ b/crypto/openssl/crypto/objects/o_names.c @@ -2,6 +2,7 @@ #include #include +#include #include #include #include @@ -80,7 +81,11 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), MemCheck_off(); name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); MemCheck_on(); - if (!name_funcs) return(0); + if (!name_funcs) + { + OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE); + return(0); + } name_funcs->hash_func = lh_strhash; name_funcs->cmp_func = OPENSSL_strcmp; name_funcs->free_func = 0; /* NULL is often declared to @@ -106,8 +111,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), static int obj_name_cmp(const void *a_void, const void *b_void) { int ret; - OBJ_NAME *a = (OBJ_NAME *)a_void; - OBJ_NAME *b = (OBJ_NAME *)b_void; + const OBJ_NAME *a = (const OBJ_NAME *)a_void; + const OBJ_NAME *b = (const OBJ_NAME *)b_void; ret=a->type-b->type; if (ret == 0) @@ -128,7 +133,7 @@ static int obj_name_cmp(const void *a_void, const void *b_void) static unsigned long obj_name_hash(const void *a_void) { unsigned long ret; - OBJ_NAME *a = (OBJ_NAME *)a_void; + const OBJ_NAME *a = (const OBJ_NAME *)a_void; if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c index 4534dc0..7a95c77 100644 --- a/crypto/openssl/crypto/objects/obj_dat.c +++ b/crypto/openssl/crypto/objects/obj_dat.c @@ -58,6 +58,7 @@ #include #include +#include #include "cryptlib.h" #include #include @@ -115,7 +116,7 @@ static unsigned long add_hash(const void *ca_void) int i; unsigned long ret=0; unsigned char *p; - ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; + const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; a=ca->obj; switch (ca->type) @@ -149,8 +150,8 @@ static int add_cmp(const void *ca_void, const void *cb_void) { ASN1_OBJECT *a,*b; int i; - ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; - ADDED_OBJ *cb = (ADDED_OBJ *)cb_void; + const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; + const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; i=ca->type-cb->type; if (i) return(i); @@ -161,7 +162,7 @@ static int add_cmp(const void *ca_void, const void *cb_void) case ADDED_DATA: i=(a->length - b->length); if (i) return(i); - return(memcmp(a->data,b->data,a->length)); + return(memcmp(a->data,b->data,(size_t)a->length)); case ADDED_SNAME: if (a->sn == NULL) return(-1); else if (b->sn == NULL) return(1); @@ -236,13 +237,13 @@ int OBJ_add_object(const ASN1_OBJECT *obj) if (added == NULL) if (!init_added()) return(0); if ((o=OBJ_dup(obj)) == NULL) goto err; - if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err; + if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; if ((o->length != 0) && (obj->data != NULL)) - ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); + if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; if (o->sn != NULL) - ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); + if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; if (o->ln != NULL) - ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); + if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; for (i=ADDED_DATA; i<=ADDED_NID; i++) { @@ -260,6 +261,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) ASN1_OBJECT_FLAG_DYNAMIC_DATA); return(o->nid); +err2: + OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE); err: for (i=ADDED_DATA; i<=ADDED_NID; i++) if (ao[i] != NULL) OPENSSL_free(ao[i]); @@ -380,8 +383,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) adp=(ADDED_OBJ *)lh_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, - sizeof(ASN1_OBJECT *),obj_cmp); + op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs, + NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp); if (op == NULL) return(NID_undef); return((*op)->nid); @@ -397,7 +400,9 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) { int nid = NID_undef; ASN1_OBJECT *op=NULL; - unsigned char *buf,*p; + unsigned char *buf; + unsigned char *p; + const unsigned char *cp; int i, j; if(!no_name) { @@ -409,8 +414,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) /* Work out size of content octets */ i=a2d_ASN1_OBJECT(NULL,0,s,-1); if (i <= 0) { - /* Clear the error */ - ERR_get_error(); + /* Don't clear the error */ + /*ERR_clear_error();*/ return NULL; } /* Work out total size */ @@ -423,75 +428,170 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); /* Write out contents */ a2d_ASN1_OBJECT(p,i,s,-1); - - p=buf; - op=d2i_ASN1_OBJECT(NULL,&p,j); + + cp=buf; + op=d2i_ASN1_OBJECT(NULL,&cp,j); OPENSSL_free(buf); return op; } int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) { - int i,idx=0,n=0,len,nid; + int i,n=0,len,nid, first, use_bn; + BIGNUM *bl; unsigned long l; unsigned char *p; - const char *s; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if (buf_len <= 0) return(0); - if ((a == NULL) || (a->data == NULL)) { buf[0]='\0'; return(0); } - if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { - len=a->length; - p=a->data; - idx=0; - l=0; - while (idx < a->length) { - l|=(p[idx]&0x7f); - if (!(p[idx] & 0x80)) break; - l<<=7L; - idx++; + if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) + { + const char *s; + s=OBJ_nid2ln(nid); + if (s == NULL) + s=OBJ_nid2sn(nid); + if (buf) + BUF_strlcpy(buf,s,buf_len); + n=strlen(s); + return n; } - idx++; - i=(int)(l/40); - if (i > 2) i=2; - l-=(long)(i*40); - - BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); - i=strlen(tbuf); - BUF_strlcpy(buf,tbuf,buf_len); - buf_len-=i; - buf+=i; - n+=i; + + len=a->length; + p=a->data; + + first = 1; + bl = NULL; + + while (len > 0) + { l=0; - for (; idx (ULONG_MAX >> 7L))) + { + if (!bl && !(bl = BN_new())) + goto err; + if (!BN_set_word(bl, l)) + goto err; + use_bn = 1; + } + if (use_bn) + { + if (!BN_lshift(bl, bl, 7)) + goto err; + } + else + l<<=7L; + } + + if (first) + { + first = 0; + if (l >= 80) + { + i = 2; + if (use_bn) + { + if (!BN_sub_word(bl, 80)) + goto err; + } + else + l -= 80; + } + else + { + i=(int)(l/40); + l-=(long)(i*40); + } + if (buf && (buf_len > 0)) + { + *buf++ = i + '0'; + buf_len--; + } + n++; + } + + if (use_bn) + { + char *bndec; + bndec = BN_bn2dec(bl); + if (!bndec) + goto err; + i = strlen(bndec); + if (buf) + { if (buf_len > 0) - BUF_strlcpy(buf,tbuf,buf_len); - buf_len-=i; - buf+=i; - n+=i; - l=0; + { + *buf++ = '.'; + buf_len--; + } + BUF_strlcpy(buf,bndec,buf_len); + if (i > buf_len) + { + buf += buf_len; + buf_len = 0; + } + else + { + buf+=i; + buf_len-=i; + } + } + n++; + n += i; + OPENSSL_free(bndec); + } + else + { + BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); + i=strlen(tbuf); + if (buf && (buf_len > 0)) + { + BUF_strlcpy(buf,tbuf,buf_len); + if (i > buf_len) + { + buf += buf_len; + buf_len = 0; + } + else + { + buf+=i; + buf_len-=i; + } + } + n+=i; + l=0; } - l<<=7L; } - } else { - s=OBJ_nid2ln(nid); - if (s == NULL) - s=OBJ_nid2sn(nid); - BUF_strlcpy(buf,s,buf_len); - n=strlen(s); - } - return(n); + + if (bl) + BN_free(bl); + return n; + + err: + if (bl) + BN_free(bl); + return -1; } int OBJ_txt2nid(const char *s) @@ -517,7 +617,7 @@ int OBJ_ln2nid(const char *s) adp=(ADDED_OBJ *)lh_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN, sizeof(ASN1_OBJECT *),ln_cmp); if (op == NULL) return(NID_undef); return((*op)->nid); @@ -545,8 +645,8 @@ int OBJ_sn2nid(const char *s) static int obj_cmp(const void *ap, const void *bp) { int j; - ASN1_OBJECT *a= *(ASN1_OBJECT **)ap; - ASN1_OBJECT *b= *(ASN1_OBJECT **)bp; + const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap; + const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp; j=(a->length - b->length); if (j) return(j); @@ -556,8 +656,14 @@ static int obj_cmp(const void *ap, const void *bp) const char *OBJ_bsearch(const char *key, const char *base, int num, int size, int (*cmp)(const void *, const void *)) { - int l,h,i,c; - const char *p; + return OBJ_bsearch_ex(key, base, num, size, cmp, 0); + } + +const char *OBJ_bsearch_ex(const char *key, const char *base, int num, + int size, int (*cmp)(const void *, const void *), int flags) + { + int l,h,i=0,c=0; + const char *p = NULL; if (num == 0) return(NULL); l=0; @@ -572,20 +678,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, else if (c > 0) l=i+1; else - return(p); + break; } #ifdef CHARSET_EBCDIC /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and * I don't have perl (yet), we revert to a *LINEAR* search * when the object wasn't found in the binary search. */ - for (i=0; i 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) + i--; + p = &(base[i*size]); + } + return(p); } int OBJ_create_objects(BIO *in) @@ -648,7 +767,7 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) { - OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE); + OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE); return(0); } i=a2d_ASN1_OBJECT(buf,i,oid,-1); diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h index 9de7b12..db4400c 100644 --- a/crypto/openssl/crypto/objects/obj_dat.h +++ b/crypto/openssl/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 660 -#define NUM_SN 653 -#define NUM_LN 653 -#define NUM_OBJ 617 +#define NUM_NID 751 +#define NUM_SN 747 +#define NUM_LN 747 +#define NUM_OBJ 709 -static unsigned char lvalues[4455]={ +static unsigned char lvalues[5002]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -330,9 +330,9 @@ static unsigned char lvalues[4455]={ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbqp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbqp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbqp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */ @@ -432,7 +432,7 @@ static unsigned char lvalues[4455]={ 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ -0x50, /* [2894] OBJ_joint_iso_ccitt */ +0x00, /* [2894] OBJ_joint_iso_ccitt */ 0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ 0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ @@ -683,8 +683,100 @@ static unsigned char lvalues[4455]={ 0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4434] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4444] OBJ_ms_upn */ +0x00, /* [4434] OBJ_itu_t */ +0x50, /* [4435] OBJ_joint_iso_itu_t */ +0x67, /* [4436] OBJ_international_organizations */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4437] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4447] OBJ_ms_upn */ +0x55,0x04,0x09, /* [4457] OBJ_streetAddress */ +0x55,0x04,0x11, /* [4460] OBJ_postalCode */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4463] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4470] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4478] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4486] OBJ_id_ppl_inheritAll */ +0x55,0x1D,0x1E, /* [4494] OBJ_name_constraints */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4497] OBJ_Independent */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4505] OBJ_sha256WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4514] OBJ_sha384WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4523] OBJ_sha512WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4532] OBJ_sha224WithRSAEncryption */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4541] OBJ_sha256 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4550] OBJ_sha384 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4559] OBJ_sha512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4568] OBJ_sha224 */ +0x2B, /* [4577] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4578] OBJ_certicom_arc */ +0x67,0x2B, /* [4581] OBJ_wap */ +0x67,0x2B,0x0D, /* [4583] OBJ_wap_wsg */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4586] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4594] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4603] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4612] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4621] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4629] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4637] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4645] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4653] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4661] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4669] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4677] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4685] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4693] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4701] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4709] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4717] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4725] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4733] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4741] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4749] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4757] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4765] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4773] OBJ_X9_62_c2tnb431r1 */ +0x2B,0x81,0x04,0x00,0x06, /* [4781] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4786] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4791] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4796] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4801] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4806] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4811] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4816] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4821] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4826] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4831] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4836] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4841] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4846] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4851] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4856] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4861] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4866] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4871] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4876] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4881] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4886] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4891] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4896] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4901] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4906] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4911] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4916] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4921] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4926] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4931] OBJ_sect571r1 */ +0x67,0x2B,0x0D,0x04,0x01, /* [4936] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x03, /* [4941] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x0D,0x04,0x04, /* [4946] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x0D,0x04,0x05, /* [4951] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4956] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x07, /* [4961] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4966] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4971] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x0D,0x04,0x0A, /* [4976] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x0D,0x04,0x0B, /* [4981] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x0D,0x04,0x0C, /* [4986] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x55,0x1D,0x20,0x00, /* [4991] OBJ_any_policy */ +0x55,0x1D,0x21, /* [4995] OBJ_policy_mappings */ +0x55,0x1D,0x36, /* [4998] OBJ_inhibit_any_policy */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -732,21 +824,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0}, {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0}, {"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0}, -{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL}, +{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0}, {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0}, -{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL}, -{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL}, +{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0}, +{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0}, {"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0}, -{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL}, -{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL}, -{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL}, +{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0}, +{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0}, +{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0}, {"SHA","sha",NID_sha,5,&(lvalues[226]),0}, {"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, &(lvalues[231]),0}, -{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL}, +{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0}, {"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0}, {"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0}, -{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL}, +{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0}, {"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0}, {"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, &(lvalues[257]),0}, @@ -770,10 +862,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ NID_netscape_cert_extension,8,&(lvalues[345]),0}, {"nsDataType","Netscape Data Type",NID_netscape_data_type,8, &(lvalues[353]),0}, -{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL}, -{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL}, -{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL}, -{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL}, +{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0}, +{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0}, +{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0}, +{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, {"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0}, {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, &(lvalues[366]),0}, @@ -800,7 +892,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0}, {"nsCertSequence","Netscape Certificate Sequence", NID_netscape_cert_sequence,9,&(lvalues[480]),0}, -{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL}, +{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0}, {"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0}, {"subjectKeyIdentifier","X509v3 Subject Key Identifier", NID_subject_key_identifier,3,&(lvalues[491]),0}, @@ -819,17 +911,17 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"authorityKeyIdentifier","X509v3 Authority Key Identifier", NID_authority_key_identifier,3,&(lvalues[515]),0}, {"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0}, -{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL}, -{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL}, -{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL}, +{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0}, +{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0}, +{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0}, {"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0}, {"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0}, -{"RC4-40","rc4-40",NID_rc4_40,0,NULL}, -{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL}, +{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0}, +{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0}, {"GN","givenName",NID_givenName,3,&(lvalues[535]),0}, {"SN","surname",NID_surname,3,&(lvalues[538]),0}, {"initials","initials",NID_initials,3,&(lvalues[541]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"crlDistributionPoints","X509v3 CRL Distribution Points", NID_crl_distribution_points,3,&(lvalues[544]),0}, {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0}, @@ -837,23 +929,23 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"title","title",NID_title,3,&(lvalues[555]),0}, {"description","description",NID_description,3,&(lvalues[558]),0}, {"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0}, -{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL}, -{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL}, -{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL}, +{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, +{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, +{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0}, {"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0}, -{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL}, +{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, {"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0}, {"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0}, {"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, &(lvalues[603]),0}, {"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0}, -{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL}, -{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL}, -{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL}, +{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, +{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, +{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, {"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0}, {"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, @@ -917,7 +1009,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, &(lvalues[966]),0}, -{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL}, +{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, &(lvalues[974]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, @@ -1127,12 +1219,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2092]),0}, {"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0}, {"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0}, -{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8, +{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, &(lvalues[2116]),0}, -{"sbqp-autonomousSysNum","sbqp-autonomousSysNum", - NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0}, -{"sbqp-routerIdentifier","sbqp-routerIdentifier", - NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0}, +{"sbgp-autonomousSysNum","sbgp-autonomousSysNum", + NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0}, +{"sbgp-routerIdentifier","sbgp-routerIdentifier", + NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0}, {"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, &(lvalues[2148]),0}, @@ -1238,7 +1330,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2588]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, 8,&(lvalues[2596]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0}, @@ -1297,8 +1389,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, {"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, -{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, - &(lvalues[2894]),0}, +{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0}, {"selected-attribute-types","Selected Attribute Types", NID_selected_attribute_types,3,&(lvalues[2895]),0}, {"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, @@ -1316,7 +1407,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2941]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, &(lvalues[2944]),0}, -{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0}, +{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0}, {"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, {"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, {"characteristic-two-field","characteristic-two-field", @@ -1471,7 +1562,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"generationQualifier","generationQualifier",NID_generationQualifier, 3,&(lvalues[3877]),0}, {"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0}, -{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, &(lvalues[3883]),0}, {"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0}, @@ -1721,23 +1812,139 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0}, -{NULL,NULL,NID_undef,0,NULL}, -{NULL,NULL,NID_undef,0,NULL}, -{NULL,NULL,NID_undef,0,NULL}, +{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4434]),0}, +{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, + &(lvalues[4435]),0}, +{"international-organizations","International Organizations", + NID_international_organizations,1,&(lvalues[4436]),0}, {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4434]),0}, + 10,&(lvalues[4437]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4444]),0}, -{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL}, -{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL}, -{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL}, -{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL}, -{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL}, -{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL}, -{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL}, -{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL}, -{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL}, -{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL}, + &(lvalues[4447]),0}, +{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, +{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, +{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, +{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0}, +{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0}, +{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0}, +{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0}, +{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, +{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, +{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, +{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0}, +{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0}, +{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, + &(lvalues[4470]),0}, +{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, + &(lvalues[4478]),0}, +{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, + &(lvalues[4486]),0}, +{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, + &(lvalues[4494]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4497]),0}, +{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, + &(lvalues[4505]),0}, +{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, + &(lvalues[4514]),0}, +{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, + &(lvalues[4523]),0}, +{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, + &(lvalues[4532]),0}, +{"SHA256","sha256",NID_sha256,9,&(lvalues[4541]),0}, +{"SHA384","sha384",NID_sha384,9,&(lvalues[4550]),0}, +{"SHA512","sha512",NID_sha512,9,&(lvalues[4559]),0}, +{"SHA224","sha224",NID_sha224,9,&(lvalues[4568]),0}, +{"identified-organization","identified-organization", + NID_identified_organization,1,&(lvalues[4577]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4578]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4581]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4583]),0}, +{"id-characteristic-two-basis","id-characteristic-two-basis", + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4586]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4594]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4603]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4612]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4621]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4629]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4637]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4645]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4653]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4661]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4669]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4677]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4685]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4693]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4701]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4709]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4717]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4725]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4733]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4741]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4749]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4757]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4765]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4773]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4781]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4786]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4791]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4796]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4801]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4806]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4811]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4816]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4821]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4826]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4831]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4836]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4841]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4846]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4851]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4856]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4861]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4866]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4871]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4876]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4881]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4886]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4891]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4896]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4901]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4906]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4911]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4916]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4921]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4926]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4931]),0}, +{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4936]),0}, +{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", + NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4941]),0}, +{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", + NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4946]),0}, +{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", + NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4951]),0}, +{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4956]),0}, +{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", + NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4961]),0}, +{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4966]),0}, +{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4971]),0}, +{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", + NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4976]),0}, +{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", + NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4981]),0}, +{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", + NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4986]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4991]),0}, +{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, + &(lvalues[4995]),0}, +{"inhibitAnyPolicy","X509v3 Inhibit Any Policy", + NID_inhibit_any_policy,3,&(lvalues[4998]),0}, +{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, +{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1769,7 +1976,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[110]),/* "CAST5-CFB" */ &(nid_objs[109]),/* "CAST5-ECB" */ &(nid_objs[111]),/* "CAST5-OFB" */ -&(nid_objs[404]),/* "CCITT" */ &(nid_objs[13]),/* "CN" */ &(nid_objs[141]),/* "CRLReason" */ &(nid_objs[417]),/* "CSPName" */ @@ -1808,7 +2014,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[46]),/* "IDEA-OFB" */ &(nid_objs[181]),/* "ISO" */ &(nid_objs[183]),/* "ISO-US" */ -&(nid_objs[393]),/* "JOINT-ISO-CCITT" */ +&(nid_objs[645]),/* "ITU-T" */ +&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */ &(nid_objs[15]),/* "L" */ &(nid_objs[ 3]),/* "MD2" */ &(nid_objs[257]),/* "MD4" */ @@ -1816,6 +2023,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[114]),/* "MD5-SHA1" */ &(nid_objs[95]),/* "MDC2" */ &(nid_objs[388]),/* "Mail" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[57]),/* "Netscape" */ &(nid_objs[366]),/* "Nonce" */ &(nid_objs[17]),/* "O" */ @@ -1823,6 +2032,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[180]),/* "OCSPSigning" */ &(nid_objs[379]),/* "ORG" */ &(nid_objs[18]),/* "OU" */ +&(nid_objs[749]),/* "Oakley-EC2N-3" */ +&(nid_objs[750]),/* "Oakley-EC2N-4" */ &(nid_objs[ 9]),/* "PBE-MD2-DES" */ &(nid_objs[168]),/* "PBE-MD2-RC2-64" */ &(nid_objs[10]),/* "PBE-MD5-DES" */ @@ -1863,8 +2074,16 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[42]),/* "RSA-SHA" */ &(nid_objs[65]),/* "RSA-SHA1" */ &(nid_objs[115]),/* "RSA-SHA1-2" */ +&(nid_objs[671]),/* "RSA-SHA224" */ +&(nid_objs[668]),/* "RSA-SHA256" */ +&(nid_objs[669]),/* "RSA-SHA384" */ +&(nid_objs[670]),/* "RSA-SHA512" */ &(nid_objs[41]),/* "SHA" */ &(nid_objs[64]),/* "SHA1" */ +&(nid_objs[675]),/* "SHA224" */ +&(nid_objs[672]),/* "SHA256" */ +&(nid_objs[673]),/* "SHA384" */ +&(nid_objs[674]),/* "SHA512" */ &(nid_objs[188]),/* "SMIME" */ &(nid_objs[167]),/* "SMIME-CAPS" */ &(nid_objs[100]),/* "SN" */ @@ -1888,6 +2107,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[363]),/* "ad_timestamping" */ &(nid_objs[376]),/* "algorithm" */ &(nid_objs[405]),/* "ansi-X9-62" */ +&(nid_objs[746]),/* "anyPolicy" */ &(nid_objs[370]),/* "archiveCutoff" */ &(nid_objs[484]),/* "associatedDomain" */ &(nid_objs[485]),/* "associatedName" */ @@ -1898,10 +2118,31 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[365]),/* "basicOCSPResponse" */ &(nid_objs[285]),/* "biometricInfo" */ &(nid_objs[494]),/* "buildingName" */ +&(nid_objs[691]),/* "c2onb191v4" */ +&(nid_objs[692]),/* "c2onb191v5" */ +&(nid_objs[697]),/* "c2onb239v4" */ +&(nid_objs[698]),/* "c2onb239v5" */ +&(nid_objs[684]),/* "c2pnb163v1" */ +&(nid_objs[685]),/* "c2pnb163v2" */ +&(nid_objs[686]),/* "c2pnb163v3" */ +&(nid_objs[687]),/* "c2pnb176v1" */ +&(nid_objs[693]),/* "c2pnb208w1" */ +&(nid_objs[699]),/* "c2pnb272w1" */ +&(nid_objs[700]),/* "c2pnb304w1" */ +&(nid_objs[702]),/* "c2pnb368w1" */ +&(nid_objs[688]),/* "c2tnb191v1" */ +&(nid_objs[689]),/* "c2tnb191v2" */ +&(nid_objs[690]),/* "c2tnb191v3" */ +&(nid_objs[694]),/* "c2tnb239v1" */ +&(nid_objs[695]),/* "c2tnb239v2" */ +&(nid_objs[696]),/* "c2tnb239v3" */ +&(nid_objs[701]),/* "c2tnb359v1" */ +&(nid_objs[703]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[179]),/* "caIssuers" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[152]),/* "certBag" */ +&(nid_objs[677]),/* "certicom-arc" */ &(nid_objs[89]),/* "certificatePolicies" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ @@ -1974,6 +2215,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[362]),/* "id-cct-PKIResponse" */ &(nid_objs[360]),/* "id-cct-crs" */ &(nid_objs[81]),/* "id-ce" */ +&(nid_objs[680]),/* "id-characteristic-two-basis" */ &(nid_objs[263]),/* "id-cmc" */ &(nid_objs[334]),/* "id-cmc-addExtensions" */ &(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ @@ -2042,6 +2284,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[271]),/* "id-pkix1-explicit-93" */ &(nid_objs[270]),/* "id-pkix1-implicit-88" */ &(nid_objs[272]),/* "id-pkix1-implicit-93" */ +&(nid_objs[662]),/* "id-ppl" */ +&(nid_objs[664]),/* "id-ppl-anyLanguage" */ +&(nid_objs[667]),/* "id-ppl-independent" */ +&(nid_objs[665]),/* "id-ppl-inheritAll" */ &(nid_objs[267]),/* "id-qcs" */ &(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ &(nid_objs[259]),/* "id-qt" */ @@ -2126,8 +2372,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[194]),/* "id-smime-spq" */ &(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ +&(nid_objs[676]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ +&(nid_objs[748]),/* "inhibitAnyPolicy" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[647]),/* "international-organizations" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ &(nid_objs[295]),/* "ipsecTunnel" */ @@ -2160,6 +2409,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[649]),/* "msUPN" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ +&(nid_objs[666]),/* "nameConstraints" */ &(nid_objs[369]),/* "noCheck" */ &(nid_objs[403]),/* "noRevAvail" */ &(nid_objs[72]),/* "nsBaseUrl" */ @@ -2174,6 +2424,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[73]),/* "nsRevocationUrl" */ &(nid_objs[139]),/* "nsSGC" */ &(nid_objs[77]),/* "nsSslServerName" */ +&(nid_objs[681]),/* "onBasis" */ &(nid_objs[491]),/* "organizationalStatus" */ &(nid_objs[475]),/* "otherMailbox" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ @@ -2206,6 +2457,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ +&(nid_objs[747]),/* "policyMappings" */ +&(nid_objs[661]),/* "postalCode" */ +&(nid_objs[683]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ &(nid_objs[410]),/* "prime192v2" */ @@ -2216,6 +2470,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[415]),/* "prime256v1" */ &(nid_objs[385]),/* "private" */ &(nid_objs[84]),/* "privateKeyUsagePeriod" */ +&(nid_objs[663]),/* "proxyCertInfo" */ &(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ @@ -2230,12 +2485,43 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[ 1]),/* "rsadsi" */ &(nid_objs[482]),/* "sOARecord" */ &(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbqp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbqp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbqp-routerIdentifier" */ +&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ +&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ +&(nid_objs[292]),/* "sbgp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ +&(nid_objs[704]),/* "secp112r1" */ +&(nid_objs[705]),/* "secp112r2" */ +&(nid_objs[706]),/* "secp128r1" */ +&(nid_objs[707]),/* "secp128r2" */ +&(nid_objs[708]),/* "secp160k1" */ +&(nid_objs[709]),/* "secp160r1" */ +&(nid_objs[710]),/* "secp160r2" */ +&(nid_objs[711]),/* "secp192k1" */ +&(nid_objs[712]),/* "secp224k1" */ +&(nid_objs[713]),/* "secp224r1" */ +&(nid_objs[714]),/* "secp256k1" */ +&(nid_objs[715]),/* "secp384r1" */ +&(nid_objs[716]),/* "secp521r1" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[474]),/* "secretary" */ +&(nid_objs[717]),/* "sect113r1" */ +&(nid_objs[718]),/* "sect113r2" */ +&(nid_objs[719]),/* "sect131r1" */ +&(nid_objs[720]),/* "sect131r2" */ +&(nid_objs[721]),/* "sect163k1" */ +&(nid_objs[722]),/* "sect163r1" */ +&(nid_objs[723]),/* "sect163r2" */ +&(nid_objs[724]),/* "sect193r1" */ +&(nid_objs[725]),/* "sect193r2" */ +&(nid_objs[726]),/* "sect233k1" */ +&(nid_objs[727]),/* "sect233r1" */ +&(nid_objs[728]),/* "sect239k1" */ +&(nid_objs[729]),/* "sect283k1" */ +&(nid_objs[730]),/* "sect283r1" */ +&(nid_objs[731]),/* "sect409k1" */ +&(nid_objs[732]),/* "sect409r1" */ +&(nid_objs[733]),/* "sect571k1" */ +&(nid_objs[734]),/* "sect571r1" */ &(nid_objs[386]),/* "security" */ &(nid_objs[394]),/* "selected-attribute-types" */ &(nid_objs[105]),/* "serialNumber" */ @@ -2375,6 +2661,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[454]),/* "simpleSecurityObject" */ &(nid_objs[496]),/* "singleLevelQuality" */ &(nid_objs[387]),/* "snmpv2" */ +&(nid_objs[660]),/* "streetAddress" */ &(nid_objs[85]),/* "subjectAltName" */ &(nid_objs[398]),/* "subjectInfoAccess" */ &(nid_objs[82]),/* "subjectKeyIdentifier" */ @@ -2385,12 +2672,26 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[133]),/* "timeStamping" */ &(nid_objs[106]),/* "title" */ +&(nid_objs[682]),/* "tpBasis" */ &(nid_objs[375]),/* "trustRoot" */ &(nid_objs[436]),/* "ucl" */ &(nid_objs[55]),/* "unstructuredAddress" */ &(nid_objs[49]),/* "unstructuredName" */ &(nid_objs[465]),/* "userClass" */ &(nid_objs[373]),/* "valid" */ +&(nid_objs[678]),/* "wap" */ +&(nid_objs[679]),/* "wap-wsg" */ +&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ +&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ +&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ +&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ +&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ +&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ +&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ +&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ +&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ +&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ +&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ &(nid_objs[503]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ @@ -2400,6 +2701,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[363]),/* "AD Time Stamping" */ &(nid_objs[405]),/* "ANSI X9.62" */ &(nid_objs[368]),/* "Acceptable OCSP Responses" */ +&(nid_objs[664]),/* "Any language" */ &(nid_objs[177]),/* "Authority Information Access" */ &(nid_objs[365]),/* "Basic OCSP Response" */ &(nid_objs[285]),/* "Biometric Info" */ @@ -2422,6 +2724,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[296]),/* "IPSec User" */ &(nid_objs[182]),/* "ISO Member Body" */ &(nid_objs[183]),/* "ISO US Member Body" */ +&(nid_objs[667]),/* "Independent" */ +&(nid_objs[665]),/* "Inherit all" */ +&(nid_objs[647]),/* "International Organizations" */ &(nid_objs[142]),/* "Invalidity Date" */ &(nid_objs[504]),/* "MIME MHS" */ &(nid_objs[388]),/* "Mail" */ @@ -2435,6 +2740,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[648]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ &(nid_objs[649]),/* "Microsoft Universal Principal Name" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ @@ -2462,6 +2769,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[164]),/* "Policy Qualifier CPS" */ &(nid_objs[165]),/* "Policy Qualifier User Notice" */ &(nid_objs[385]),/* "Private" */ +&(nid_objs[663]),/* "Proxy Certificate Information" */ &(nid_objs[ 1]),/* "RSA Data Security, Inc." */ &(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */ &(nid_objs[188]),/* "S/MIME" */ @@ -2478,6 +2786,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[375]),/* "Trust Root" */ &(nid_objs[12]),/* "X509" */ &(nid_objs[402]),/* "X509v3 AC Targeting" */ +&(nid_objs[746]),/* "X509v3 Any Policy" */ &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ &(nid_objs[87]),/* "X509v3 Basic Constraints" */ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ @@ -2486,10 +2795,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[89]),/* "X509v3 Certificate Policies" */ &(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */ +&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ +&(nid_objs[666]),/* "X509v3 Name Constraints" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ +&(nid_objs[747]),/* "X509v3 Policy Mappings" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ @@ -2530,14 +2842,34 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[92]),/* "bf-ecb" */ &(nid_objs[94]),/* "bf-ofb" */ &(nid_objs[494]),/* "buildingName" */ +&(nid_objs[691]),/* "c2onb191v4" */ +&(nid_objs[692]),/* "c2onb191v5" */ +&(nid_objs[697]),/* "c2onb239v4" */ +&(nid_objs[698]),/* "c2onb239v5" */ +&(nid_objs[684]),/* "c2pnb163v1" */ +&(nid_objs[685]),/* "c2pnb163v2" */ +&(nid_objs[686]),/* "c2pnb163v3" */ +&(nid_objs[687]),/* "c2pnb176v1" */ +&(nid_objs[693]),/* "c2pnb208w1" */ +&(nid_objs[699]),/* "c2pnb272w1" */ +&(nid_objs[700]),/* "c2pnb304w1" */ +&(nid_objs[702]),/* "c2pnb368w1" */ +&(nid_objs[688]),/* "c2tnb191v1" */ +&(nid_objs[689]),/* "c2tnb191v2" */ +&(nid_objs[690]),/* "c2tnb191v3" */ +&(nid_objs[694]),/* "c2tnb239v1" */ +&(nid_objs[695]),/* "c2tnb239v2" */ +&(nid_objs[696]),/* "c2tnb239v3" */ +&(nid_objs[701]),/* "c2tnb359v1" */ +&(nid_objs[703]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[108]),/* "cast5-cbc" */ &(nid_objs[110]),/* "cast5-cfb" */ &(nid_objs[109]),/* "cast5-ecb" */ &(nid_objs[111]),/* "cast5-ofb" */ -&(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ +&(nid_objs[677]),/* "certicom-arc" */ &(nid_objs[517]),/* "certificate extensions" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ @@ -2630,6 +2962,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[362]),/* "id-cct-PKIResponse" */ &(nid_objs[360]),/* "id-cct-crs" */ &(nid_objs[81]),/* "id-ce" */ +&(nid_objs[680]),/* "id-characteristic-two-basis" */ &(nid_objs[263]),/* "id-cmc" */ &(nid_objs[334]),/* "id-cmc-addExtensions" */ &(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ @@ -2698,6 +3031,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[271]),/* "id-pkix1-explicit-93" */ &(nid_objs[270]),/* "id-pkix1-implicit-88" */ &(nid_objs[272]),/* "id-pkix1-implicit-93" */ +&(nid_objs[662]),/* "id-ppl" */ &(nid_objs[267]),/* "id-qcs" */ &(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ &(nid_objs[259]),/* "id-qt" */ @@ -2783,12 +3117,16 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[35]),/* "idea-cfb" */ &(nid_objs[36]),/* "idea-ecb" */ &(nid_objs[46]),/* "idea-ofb" */ +&(nid_objs[676]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[749]),/* "ipsec3" */ +&(nid_objs[750]),/* "ipsec4" */ &(nid_objs[181]),/* "iso" */ &(nid_objs[623]),/* "issuer capabilities" */ +&(nid_objs[645]),/* "itu-t" */ &(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[393]),/* "joint-iso-ccitt" */ +&(nid_objs[646]),/* "joint-iso-itu-t" */ &(nid_objs[150]),/* "keyBag" */ &(nid_objs[477]),/* "lastModifiedBy" */ &(nid_objs[476]),/* "lastModifiedTime" */ @@ -2815,6 +3153,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[488]),/* "mobileTelephoneNumber" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ +&(nid_objs[681]),/* "onBasis" */ &(nid_objs[379]),/* "org" */ &(nid_objs[17]),/* "organizationName" */ &(nid_objs[491]),/* "organizationalStatus" */ @@ -2861,6 +3200,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[22]),/* "pkcs7-signedData" */ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ +&(nid_objs[661]),/* "postalCode" */ +&(nid_objs[683]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ &(nid_objs[410]),/* "prime192v2" */ @@ -2899,12 +3240,43 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[124]),/* "run length compression" */ &(nid_objs[482]),/* "sOARecord" */ &(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbqp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbqp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbqp-routerIdentifier" */ +&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ +&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ +&(nid_objs[292]),/* "sbgp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ +&(nid_objs[704]),/* "secp112r1" */ +&(nid_objs[705]),/* "secp112r2" */ +&(nid_objs[706]),/* "secp128r1" */ +&(nid_objs[707]),/* "secp128r2" */ +&(nid_objs[708]),/* "secp160k1" */ +&(nid_objs[709]),/* "secp160r1" */ +&(nid_objs[710]),/* "secp160r2" */ +&(nid_objs[711]),/* "secp192k1" */ +&(nid_objs[712]),/* "secp224k1" */ +&(nid_objs[713]),/* "secp224r1" */ +&(nid_objs[714]),/* "secp256k1" */ +&(nid_objs[715]),/* "secp384r1" */ +&(nid_objs[716]),/* "secp521r1" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[474]),/* "secretary" */ +&(nid_objs[717]),/* "sect113r1" */ +&(nid_objs[718]),/* "sect113r2" */ +&(nid_objs[719]),/* "sect131r1" */ +&(nid_objs[720]),/* "sect131r2" */ +&(nid_objs[721]),/* "sect163k1" */ +&(nid_objs[722]),/* "sect163r1" */ +&(nid_objs[723]),/* "sect163r2" */ +&(nid_objs[724]),/* "sect193r1" */ +&(nid_objs[725]),/* "sect193r2" */ +&(nid_objs[726]),/* "sect233k1" */ +&(nid_objs[727]),/* "sect233r1" */ +&(nid_objs[728]),/* "sect239k1" */ +&(nid_objs[729]),/* "sect283k1" */ +&(nid_objs[730]),/* "sect283r1" */ +&(nid_objs[731]),/* "sect409k1" */ +&(nid_objs[732]),/* "sect409r1" */ +&(nid_objs[733]),/* "sect571k1" */ +&(nid_objs[734]),/* "sect571r1" */ &(nid_objs[635]),/* "secure device signature" */ &(nid_objs[105]),/* "serialNumber" */ &(nid_objs[625]),/* "set-addPolicy" */ @@ -3028,17 +3400,27 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[64]),/* "sha1" */ &(nid_objs[115]),/* "sha1WithRSA" */ &(nid_objs[65]),/* "sha1WithRSAEncryption" */ +&(nid_objs[675]),/* "sha224" */ +&(nid_objs[671]),/* "sha224WithRSAEncryption" */ +&(nid_objs[672]),/* "sha256" */ +&(nid_objs[668]),/* "sha256WithRSAEncryption" */ +&(nid_objs[673]),/* "sha384" */ +&(nid_objs[669]),/* "sha384WithRSAEncryption" */ +&(nid_objs[674]),/* "sha512" */ +&(nid_objs[670]),/* "sha512WithRSAEncryption" */ &(nid_objs[42]),/* "shaWithRSAEncryption" */ &(nid_objs[52]),/* "signingTime" */ &(nid_objs[454]),/* "simpleSecurityObject" */ &(nid_objs[496]),/* "singleLevelQuality" */ &(nid_objs[16]),/* "stateOrProvinceName" */ +&(nid_objs[660]),/* "streetAddress" */ &(nid_objs[498]),/* "subtreeMaximumQuality" */ &(nid_objs[497]),/* "subtreeMinimumQuality" */ &(nid_objs[100]),/* "surname" */ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[106]),/* "title" */ +&(nid_objs[682]),/* "tpBasis" */ &(nid_objs[436]),/* "ucl" */ &(nid_objs[ 0]),/* "undefined" */ &(nid_objs[55]),/* "unstructuredAddress" */ @@ -3046,6 +3428,19 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[465]),/* "userClass" */ &(nid_objs[458]),/* "userId" */ &(nid_objs[373]),/* "valid" */ +&(nid_objs[678]),/* "wap" */ +&(nid_objs[679]),/* "wap-wsg" */ +&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ +&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ +&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ +&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ +&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ +&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ +&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ +&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ +&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ +&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ +&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ &(nid_objs[503]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ @@ -3054,21 +3449,27 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[404]),/* OBJ_ccitt 0 */ +&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ +&(nid_objs[645]),/* OBJ_itu_t 0 */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ &(nid_objs[379]),/* OBJ_org 1 3 */ -&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ +&(nid_objs[676]),/* OBJ_identified_organization 1 3 */ +&(nid_objs[646]),/* OBJ_joint_iso_itu_t 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ +&(nid_objs[647]),/* OBJ_international_organizations 2 23 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ &(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ &(nid_objs[512]),/* OBJ_id_set 2 23 42 */ +&(nid_objs[678]),/* OBJ_wap 2 23 43 */ &(nid_objs[435]),/* OBJ_pss 0 9 2342 */ &(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ &(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ +&(nid_objs[677]),/* OBJ_certicom_arc 1 3 132 */ &(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */ &(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ &(nid_objs[100]),/* OBJ_surname 2 5 4 4 */ @@ -3076,10 +3477,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[14]),/* OBJ_countryName 2 5 4 6 */ &(nid_objs[15]),/* OBJ_localityName 2 5 4 7 */ &(nid_objs[16]),/* OBJ_stateOrProvinceName 2 5 4 8 */ +&(nid_objs[660]),/* OBJ_streetAddress 2 5 4 9 */ &(nid_objs[17]),/* OBJ_organizationName 2 5 4 10 */ &(nid_objs[18]),/* OBJ_organizationalUnitName 2 5 4 11 */ &(nid_objs[106]),/* OBJ_title 2 5 4 12 */ &(nid_objs[107]),/* OBJ_description 2 5 4 13 */ +&(nid_objs[661]),/* OBJ_postalCode 2 5 4 17 */ &(nid_objs[173]),/* OBJ_name 2 5 4 41 */ &(nid_objs[99]),/* OBJ_givenName 2 5 4 42 */ &(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ @@ -3099,11 +3502,14 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */ &(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ +&(nid_objs[666]),/* OBJ_name_constraints 2 5 29 30 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ +&(nid_objs[747]),/* OBJ_policy_mappings 2 5 29 33 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ +&(nid_objs[748]),/* OBJ_inhibit_any_policy 2 5 29 54 */ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ &(nid_objs[513]),/* OBJ_set_ctype 2 23 42 0 */ @@ -3112,6 +3518,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ &(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ &(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ +&(nid_objs[679]),/* OBJ_wap_wsg 2 23 43 13 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ &(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ @@ -3124,6 +3531,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +&(nid_objs[746]),/* OBJ_any_policy 2 5 29 32 0 */ &(nid_objs[519]),/* OBJ_setct_PANData 2 23 42 0 0 */ &(nid_objs[520]),/* OBJ_setct_PANToken 2 23 42 0 1 */ &(nid_objs[521]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ @@ -3255,6 +3663,37 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ &(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ &(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ +&(nid_objs[721]),/* OBJ_sect163k1 1 3 132 0 1 */ +&(nid_objs[722]),/* OBJ_sect163r1 1 3 132 0 2 */ +&(nid_objs[728]),/* OBJ_sect239k1 1 3 132 0 3 */ +&(nid_objs[717]),/* OBJ_sect113r1 1 3 132 0 4 */ +&(nid_objs[718]),/* OBJ_sect113r2 1 3 132 0 5 */ +&(nid_objs[704]),/* OBJ_secp112r1 1 3 132 0 6 */ +&(nid_objs[705]),/* OBJ_secp112r2 1 3 132 0 7 */ +&(nid_objs[709]),/* OBJ_secp160r1 1 3 132 0 8 */ +&(nid_objs[708]),/* OBJ_secp160k1 1 3 132 0 9 */ +&(nid_objs[714]),/* OBJ_secp256k1 1 3 132 0 10 */ +&(nid_objs[723]),/* OBJ_sect163r2 1 3 132 0 15 */ +&(nid_objs[729]),/* OBJ_sect283k1 1 3 132 0 16 */ +&(nid_objs[730]),/* OBJ_sect283r1 1 3 132 0 17 */ +&(nid_objs[719]),/* OBJ_sect131r1 1 3 132 0 22 */ +&(nid_objs[720]),/* OBJ_sect131r2 1 3 132 0 23 */ +&(nid_objs[724]),/* OBJ_sect193r1 1 3 132 0 24 */ +&(nid_objs[725]),/* OBJ_sect193r2 1 3 132 0 25 */ +&(nid_objs[726]),/* OBJ_sect233k1 1 3 132 0 26 */ +&(nid_objs[727]),/* OBJ_sect233r1 1 3 132 0 27 */ +&(nid_objs[706]),/* OBJ_secp128r1 1 3 132 0 28 */ +&(nid_objs[707]),/* OBJ_secp128r2 1 3 132 0 29 */ +&(nid_objs[710]),/* OBJ_secp160r2 1 3 132 0 30 */ +&(nid_objs[711]),/* OBJ_secp192k1 1 3 132 0 31 */ +&(nid_objs[712]),/* OBJ_secp224k1 1 3 132 0 32 */ +&(nid_objs[713]),/* OBJ_secp224r1 1 3 132 0 33 */ +&(nid_objs[715]),/* OBJ_secp384r1 1 3 132 0 34 */ +&(nid_objs[716]),/* OBJ_secp521r1 1 3 132 0 35 */ +&(nid_objs[731]),/* OBJ_sect409k1 1 3 132 0 36 */ +&(nid_objs[732]),/* OBJ_sect409r1 1 3 132 0 37 */ +&(nid_objs[733]),/* OBJ_sect571k1 1 3 132 0 38 */ +&(nid_objs[734]),/* OBJ_sect571r1 1 3 132 0 39 */ &(nid_objs[624]),/* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ &(nid_objs[625]),/* OBJ_set_addPolicy 2 23 42 3 0 1 */ &(nid_objs[626]),/* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ @@ -3263,6 +3702,17 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ &(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ &(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ +&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 13 4 1 */ +&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 13 4 3 */ +&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 13 4 4 */ +&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 13 4 5 */ +&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 13 4 6 */ +&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 13 4 7 */ +&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 13 4 8 */ +&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 13 4 9 */ +&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 13 4 10 */ +&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ +&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ &(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ @@ -3300,6 +3750,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[266]),/* OBJ_id_aca 1 3 6 1 5 5 7 10 */ &(nid_objs[267]),/* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ &(nid_objs[268]),/* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +&(nid_objs[662]),/* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ &(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ &(nid_objs[507]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ &(nid_objs[508]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ @@ -3319,6 +3770,27 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ &(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ &(nid_objs[643]),/* OBJ_des_cdmf 1 2 840 113549 3 10 */ +&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ +&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ +&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ +&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ +&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ +&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ +&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ +&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ +&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ +&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ +&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ +&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ +&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ +&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ +&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ +&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ +&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ +&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ +&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ +&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ +&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ &(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ &(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ &(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ @@ -3348,11 +3820,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ &(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ &(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ +&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ +&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ &(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ &(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ +&(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ &(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ &(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ &(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -3423,6 +3896,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ &(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ &(nid_objs[362]),/* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ +&(nid_objs[665]),/* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ +&(nid_objs[667]),/* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ &(nid_objs[178]),/* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ &(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ &(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ @@ -3441,6 +3917,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ &(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ +&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ +&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ +&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ +&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ &(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ &(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ @@ -3471,6 +3951,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[188]),/* OBJ_SMIME 1 2 840 113549 1 9 16 */ &(nid_objs[156]),/* OBJ_friendlyName 1 2 840 113549 1 9 20 */ &(nid_objs[157]),/* OBJ_localKeyID 1 2 840 113549 1 9 21 */ +&(nid_objs[681]),/* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ +&(nid_objs[682]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ +&(nid_objs[683]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ &(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ &(nid_objs[390]),/* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ &(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ @@ -3505,6 +3988,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ &(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ &(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ +&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ +&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ +&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ &(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ &(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ &(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/openssl/crypto/objects/obj_dat.pl index d037166..8a09a46 100644 --- a/crypto/openssl/crypto/objects/obj_dat.pl +++ b/crypto/openssl/crypto/objects/obj_dat.pl @@ -94,7 +94,7 @@ for ($i=0; $i<$n; $i++) { if (!defined($nid{$i})) { - push(@out,"{NULL,NULL,NID_undef,0,NULL},\n"); + push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n"); } else { @@ -138,7 +138,7 @@ for ($i=0; $i<$n; $i++) } else { - $out.="0,NULL"; + $out.="0,NULL,0"; } $out.="},\n"; push(@out,$out); diff --git a/crypto/openssl/crypto/objects/obj_err.c b/crypto/openssl/crypto/objects/obj_err.c index 80ab685..0682979 100644 --- a/crypto/openssl/crypto/objects/obj_err.c +++ b/crypto/openssl/crypto/objects/obj_err.c @@ -1,6 +1,6 @@ /* crypto/objects/obj_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,20 +64,26 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) + static ERR_STRING_DATA OBJ_str_functs[]= { -{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, -{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, -{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, -{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, -{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, +{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"}, +{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"}, +{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"}, +{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"}, +{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"}, +{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"}, +{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"}, {0,NULL} }; static ERR_STRING_DATA OBJ_str_reasons[]= { -{OBJ_R_MALLOC_FAILURE ,"malloc failure"}, -{OBJ_R_UNKNOWN_NID ,"unknown nid"}, +{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"}, +{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"}, {0,NULL} }; @@ -91,8 +97,8 @@ void ERR_load_OBJ_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); - ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); + ERR_load_strings(0,OBJ_str_functs); + ERR_load_strings(0,OBJ_str_reasons); #endif } diff --git a/crypto/openssl/crypto/objects/obj_lib.c b/crypto/openssl/crypto/objects/obj_lib.c index b0b0f2f..706fa0b 100644 --- a/crypto/openssl/crypto/objects/obj_lib.c +++ b/crypto/openssl/crypto/objects/obj_lib.c @@ -82,7 +82,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) r->data=OPENSSL_malloc(o->length); if (r->data == NULL) goto err; - memcpy(r->data,o->data,o->length); + if (o->data != NULL) + memcpy(r->data,o->data,o->length); r->length=o->length; r->nid=o->nid; r->ln=r->sn=NULL; diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h index ceeaaa3..e4d63e5 100644 --- a/crypto/openssl/crypto/objects/obj_mac.h +++ b/crypto/openssl/crypto/objects/obj_mac.h @@ -67,30 +67,57 @@ #define NID_undef 0 #define OBJ_undef 0L -#define SN_ccitt "CCITT" -#define LN_ccitt "ccitt" +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + #define NID_ccitt 404 -#define OBJ_ccitt 0L +#define OBJ_ccitt OBJ_itu_t #define SN_iso "ISO" #define LN_iso "iso" #define NID_iso 181 #define OBJ_iso 1L -#define SN_joint_iso_ccitt "JOINT-ISO-CCITT" -#define LN_joint_iso_ccitt "joint-iso-ccitt" +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + #define NID_joint_iso_ccitt 393 -#define OBJ_joint_iso_ccitt 2L +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t #define SN_member_body "member-body" #define LN_member_body "ISO Member Body" #define NID_member_body 182 #define OBJ_member_body OBJ_iso,2L +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,13L + #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" #define NID_selected_attribute_types 394 -#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L #define SN_clearance "clearance" #define NID_clearance 395 @@ -136,6 +163,22 @@ #define NID_X9_62_characteristic_two_field 407 #define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + #define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L #define SN_X9_62_id_ecPublicKey "id-ecPublicKey" @@ -146,6 +189,86 @@ #define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + #define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L #define SN_X9_62_prime192v1 "prime192v1" @@ -182,6 +305,178 @@ #define NID_ecdsa_with_SHA1 416 #define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + #define SN_cast5_cbc "CAST5-CBC" #define LN_cast5_cbc "cast5-cbc" #define NID_cast5_cbc 108 @@ -241,6 +536,26 @@ #define NID_sha1WithRSAEncryption 65 #define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + #define SN_pkcs3 "pkcs3" #define NID_pkcs3 27 #define OBJ_pkcs3 OBJ_pkcs,3L @@ -950,6 +1265,10 @@ #define NID_id_cct 268 #define OBJ_id_cct OBJ_id_pkix,12L +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + #define SN_id_ad "id-ad" #define NID_id_ad 176 #define OBJ_id_ad OBJ_id_pkix,48L @@ -1044,17 +1363,17 @@ #define NID_aaControls 289 #define OBJ_aaControls OBJ_id_pe,6L -#define SN_sbqp_ipAddrBlock "sbqp-ipAddrBlock" -#define NID_sbqp_ipAddrBlock 290 -#define OBJ_sbqp_ipAddrBlock OBJ_id_pe,7L +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L -#define SN_sbqp_autonomousSysNum "sbqp-autonomousSysNum" -#define NID_sbqp_autonomousSysNum 291 -#define OBJ_sbqp_autonomousSysNum OBJ_id_pe,8L +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L -#define SN_sbqp_routerIdentifier "sbqp-routerIdentifier" -#define NID_sbqp_routerIdentifier 292 -#define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L #define SN_ac_proxying "ac-proxying" #define NID_ac_proxying 397 @@ -1065,6 +1384,11 @@ #define NID_sinfo_access 398 #define OBJ_sinfo_access OBJ_id_pe,11L +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 @@ -1389,6 +1713,21 @@ #define NID_id_cct_PKIResponse 362 #define OBJ_id_cct_PKIResponse OBJ_id_cct,3L +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + #define SN_ad_OCSP "OCSP" #define LN_ad_OCSP "OCSP" #define NID_ad_OCSP 178 @@ -1619,6 +1958,10 @@ #define NID_stateOrProvinceName 16 #define OBJ_stateOrProvinceName OBJ_X509,8L +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + #define SN_organizationName "O" #define LN_organizationName "organizationName" #define NID_organizationName 17 @@ -1637,6 +1980,10 @@ #define NID_description 107 #define OBJ_description OBJ_X509,13L +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + #define SN_name "name" #define LN_name "name" #define NID_name 173 @@ -1747,6 +2094,11 @@ #define NID_delta_crl 140 #define OBJ_delta_crl OBJ_id_ce,27L +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + #define SN_crl_distribution_points "crlDistributionPoints" #define LN_crl_distribution_points "X509v3 CRL Distribution Points" #define NID_crl_distribution_points 103 @@ -1757,6 +2109,16 @@ #define NID_certificate_policies 89 #define OBJ_certificate_policies OBJ_id_ce,32L +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + #define SN_authority_key_identifier "authorityKeyIdentifier" #define LN_authority_key_identifier "X509v3 Authority Key Identifier" #define NID_authority_key_identifier 90 @@ -1772,6 +2134,11 @@ #define NID_ext_key_usage 126 #define OBJ_ext_key_usage OBJ_id_ce,37L +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + #define SN_target_information "targetInformation" #define LN_target_information "X509v3 AC Targeting" #define NID_target_information 402 @@ -2049,6 +2416,28 @@ #define LN_des_ede3_cfb8 "des-ede3-cfb8" #define NID_des_ede3_cfb8 659 +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + #define SN_hold_instruction_code "holdInstructionCode" #define LN_hold_instruction_code "Hold Instruction Code" #define NID_hold_instruction_code 430 @@ -2073,7 +2462,7 @@ #define SN_data "data" #define NID_data 434 -#define OBJ_data OBJ_ccitt,9L +#define OBJ_data OBJ_itu_t,9L #define SN_pss "pss" #define NID_pss 435 @@ -2362,7 +2751,7 @@ #define SN_id_set "id-set" #define LN_id_set "Secure Electronic Transactions" #define NID_id_set 512 -#define OBJ_id_set 2L,23L,42L +#define OBJ_id_set OBJ_international_organizations,42L #define SN_set_ctype "set-ctype" #define LN_set_ctype "content types" @@ -2906,3 +3295,11 @@ #define NID_rsaOAEPEncryptionSET 644 #define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + diff --git a/crypto/openssl/crypto/objects/obj_mac.num b/crypto/openssl/crypto/objects/obj_mac.num index 4dffeae..56a2bf7 100644 --- a/crypto/openssl/crypto/objects/obj_mac.num +++ b/crypto/openssl/crypto/objects/obj_mac.num @@ -287,9 +287,9 @@ qcStatements 286 ac_auditEntity 287 ac_targeting 288 aaControls 289 -sbqp_ipAddrBlock 290 -sbqp_autonomousSysNum 291 -sbqp_routerIdentifier 292 +sbgp_ipAddrBlock 290 +sbgp_autonomousSysNum 291 +sbgp_routerIdentifier 292 textNotice 293 ipsecEndSystem 294 ipsecTunnel 295 @@ -657,3 +657,94 @@ des_cfb1 656 des_cfb8 657 des_ede3_cfb1 658 des_ede3_cfb8 659 +streetAddress 660 +postalCode 661 +id_ppl 662 +proxyCertInfo 663 +id_ppl_anyLanguage 664 +id_ppl_inheritAll 665 +name_constraints 666 +Independent 667 +sha256WithRSAEncryption 668 +sha384WithRSAEncryption 669 +sha512WithRSAEncryption 670 +sha224WithRSAEncryption 671 +sha256 672 +sha384 673 +sha512 674 +sha224 675 +identified_organization 676 +certicom_arc 677 +wap 678 +wap_wsg 679 +X9_62_id_characteristic_two_basis 680 +X9_62_onBasis 681 +X9_62_tpBasis 682 +X9_62_ppBasis 683 +X9_62_c2pnb163v1 684 +X9_62_c2pnb163v2 685 +X9_62_c2pnb163v3 686 +X9_62_c2pnb176v1 687 +X9_62_c2tnb191v1 688 +X9_62_c2tnb191v2 689 +X9_62_c2tnb191v3 690 +X9_62_c2onb191v4 691 +X9_62_c2onb191v5 692 +X9_62_c2pnb208w1 693 +X9_62_c2tnb239v1 694 +X9_62_c2tnb239v2 695 +X9_62_c2tnb239v3 696 +X9_62_c2onb239v4 697 +X9_62_c2onb239v5 698 +X9_62_c2pnb272w1 699 +X9_62_c2pnb304w1 700 +X9_62_c2tnb359v1 701 +X9_62_c2pnb368w1 702 +X9_62_c2tnb431r1 703 +secp112r1 704 +secp112r2 705 +secp128r1 706 +secp128r2 707 +secp160k1 708 +secp160r1 709 +secp160r2 710 +secp192k1 711 +secp224k1 712 +secp224r1 713 +secp256k1 714 +secp384r1 715 +secp521r1 716 +sect113r1 717 +sect113r2 718 +sect131r1 719 +sect131r2 720 +sect163k1 721 +sect163r1 722 +sect163r2 723 +sect193r1 724 +sect193r2 725 +sect233k1 726 +sect233r1 727 +sect239k1 728 +sect283k1 729 +sect283r1 730 +sect409k1 731 +sect409r1 732 +sect571k1 733 +sect571r1 734 +wap_wsg_idm_ecid_wtls1 735 +wap_wsg_idm_ecid_wtls3 736 +wap_wsg_idm_ecid_wtls4 737 +wap_wsg_idm_ecid_wtls5 738 +wap_wsg_idm_ecid_wtls6 739 +wap_wsg_idm_ecid_wtls7 740 +wap_wsg_idm_ecid_wtls8 741 +wap_wsg_idm_ecid_wtls9 742 +wap_wsg_idm_ecid_wtls10 743 +wap_wsg_idm_ecid_wtls11 744 +wap_wsg_idm_ecid_wtls12 745 +any_policy 746 +policy_mappings 747 +inhibit_any_policy 748 +ipsec3 749 +ipsec4 750 diff --git a/crypto/openssl/crypto/objects/objects.h b/crypto/openssl/crypto/objects/objects.h index de10532..7242f76 100644 --- a/crypto/openssl/crypto/objects/objects.h +++ b/crypto/openssl/crypto/objects/objects.h @@ -966,7 +966,10 @@ #define OBJ_NAME_TYPE_COMP_METH 0x04 #define OBJ_NAME_TYPE_NUM 0x05 -#define OBJ_NAME_ALIAS 0x8000 +#define OBJ_NAME_ALIAS 0x8000 + +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 #ifdef __cplusplus @@ -1010,6 +1013,8 @@ int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); const char * OBJ_bsearch(const char *key,const char *base,int num,int size, int (*cmp)(const void *, const void *)); +const char * OBJ_bsearch_ex(const char *key,const char *base,int num, + int size, int (*cmp)(const void *, const void *), int flags); int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); @@ -1026,8 +1031,10 @@ void ERR_load_OBJ_strings(void); /* Error codes for the OBJ functions. */ /* Function codes. */ +#define OBJ_F_OBJ_ADD_OBJECT 105 #define OBJ_F_OBJ_CREATE 100 #define OBJ_F_OBJ_DUP 101 +#define OBJ_F_OBJ_NAME_NEW_INDEX 106 #define OBJ_F_OBJ_NID2LN 102 #define OBJ_F_OBJ_NID2OBJ 103 #define OBJ_F_OBJ_NID2SN 104 diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt index cd315d0..0aec79b 100644 --- a/crypto/openssl/crypto/objects/objects.txt +++ b/crypto/openssl/crypto/objects/objects.txt @@ -1,12 +1,24 @@ -0 : CCITT : ccitt +# CCITT was renamed to ITU-T quite some time ago +0 : ITU-T : itu-t +!Alias ccitt itu-t 1 : ISO : iso -2 : JOINT-ISO-CCITT : joint-iso-ccitt +2 : JOINT-ISO-ITU-T : joint-iso-itu-t +!Alias joint-iso-ccitt joint-iso-itu-t iso 2 : member-body : ISO Member Body -joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types +iso 3 : identified-organization + +identified-organization 132 : certicom-arc + +joint-iso-itu-t 23 : international-organizations : International Organizations + +international-organizations 43 : wap +wap 13 : wap-wsg + +joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -24,12 +36,34 @@ ISO-US 10045 : ansi-X9-62 : ANSI X9.62 !Alias id-fieldType ansi-X9-62 1 X9-62_id-fieldType 1 : prime-field X9-62_id-fieldType 2 : characteristic-two-field -# ... characteristic-two-field OID subtree +X9-62_characteristic-two-field 3 : id-characteristic-two-basis +X9-62_id-characteristic-two-basis 1 : onBasis +X9-62_id-characteristic-two-basis 2 : tpBasis +X9-62_id-characteristic-two-basis 3 : ppBasis !Alias id-publicKeyType ansi-X9-62 2 X9-62_id-publicKeyType 1 : id-ecPublicKey !Alias ellipticCurve ansi-X9-62 3 !Alias c-TwoCurve X9-62_ellipticCurve 0 -# ... characteristic 2 curve OIDs +X9-62_c-TwoCurve 1 : c2pnb163v1 +X9-62_c-TwoCurve 2 : c2pnb163v2 +X9-62_c-TwoCurve 3 : c2pnb163v3 +X9-62_c-TwoCurve 4 : c2pnb176v1 +X9-62_c-TwoCurve 5 : c2tnb191v1 +X9-62_c-TwoCurve 6 : c2tnb191v2 +X9-62_c-TwoCurve 7 : c2tnb191v3 +X9-62_c-TwoCurve 8 : c2onb191v4 +X9-62_c-TwoCurve 9 : c2onb191v5 +X9-62_c-TwoCurve 10 : c2pnb208w1 +X9-62_c-TwoCurve 11 : c2tnb239v1 +X9-62_c-TwoCurve 12 : c2tnb239v2 +X9-62_c-TwoCurve 13 : c2tnb239v3 +X9-62_c-TwoCurve 14 : c2onb239v4 +X9-62_c-TwoCurve 15 : c2onb239v5 +X9-62_c-TwoCurve 16 : c2pnb272w1 +X9-62_c-TwoCurve 17 : c2pnb304w1 +X9-62_c-TwoCurve 18 : c2tnb359v1 +X9-62_c-TwoCurve 19 : c2pnb368w1 +X9-62_c-TwoCurve 20 : c2tnb431r1 !Alias primeCurve X9-62_ellipticCurve 1 X9-62_primeCurve 1 : prime192v1 X9-62_primeCurve 2 : prime192v2 @@ -42,6 +76,60 @@ X9-62_primeCurve 7 : prime256v1 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 +# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" +# (http://www.secg.org/) +!Alias secg_ellipticCurve certicom-arc 0 +# SECG prime curves OIDs +secg-ellipticCurve 6 : secp112r1 +secg-ellipticCurve 7 : secp112r2 +secg-ellipticCurve 28 : secp128r1 +secg-ellipticCurve 29 : secp128r2 +secg-ellipticCurve 9 : secp160k1 +secg-ellipticCurve 8 : secp160r1 +secg-ellipticCurve 30 : secp160r2 +secg-ellipticCurve 31 : secp192k1 +# NOTE: the curve secp192r1 is the same as prime192v1 defined above +# and is therefore omitted +secg-ellipticCurve 32 : secp224k1 +secg-ellipticCurve 33 : secp224r1 +secg-ellipticCurve 10 : secp256k1 +# NOTE: the curve secp256r1 is the same as prime256v1 defined above +# and is therefore omitted +secg-ellipticCurve 34 : secp384r1 +secg-ellipticCurve 35 : secp521r1 +# SECG characteristic two curves OIDs +secg-ellipticCurve 4 : sect113r1 +secg-ellipticCurve 5 : sect113r2 +secg-ellipticCurve 22 : sect131r1 +secg-ellipticCurve 23 : sect131r2 +secg-ellipticCurve 1 : sect163k1 +secg-ellipticCurve 2 : sect163r1 +secg-ellipticCurve 15 : sect163r2 +secg-ellipticCurve 24 : sect193r1 +secg-ellipticCurve 25 : sect193r2 +secg-ellipticCurve 26 : sect233k1 +secg-ellipticCurve 27 : sect233r1 +secg-ellipticCurve 3 : sect239k1 +secg-ellipticCurve 16 : sect283k1 +secg-ellipticCurve 17 : sect283r1 +secg-ellipticCurve 36 : sect409k1 +secg-ellipticCurve 37 : sect409r1 +secg-ellipticCurve 38 : sect571k1 +secg-ellipticCurve 39 : sect571r1 + +# WAP/TLS curve OIDs (http://www.wapforum.org/) +!Alias wap-wsg-idm-ecid wap-wsg 4 +wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1 +wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3 +wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4 +wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5 +wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6 +wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7 +wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8 +wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9 +wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10 +wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11 +wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12 ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc @@ -63,6 +151,11 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption pkcs1 3 : RSA-MD4 : md4WithRSAEncryption pkcs1 4 : RSA-MD5 : md5WithRSAEncryption pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption +# According to PKCS #1 version 2.1 +pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption +pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption +pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption +pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption pkcs 3 : pkcs3 pkcs3 1 : : dhKeyAgreement @@ -312,6 +405,7 @@ id-pkix 9 : id-pda id-pkix 10 : id-aca id-pkix 11 : id-qcs id-pkix 12 : id-cct +id-pkix 21 : id-ppl id-pkix 48 : id-ad # PKIX Modules @@ -340,12 +434,13 @@ id-pe 3 : qcStatements id-pe 4 : ac-auditEntity id-pe 5 : ac-targeting id-pe 6 : aaControls -id-pe 7 : sbqp-ipAddrBlock -id-pe 8 : sbqp-autonomousSysNum -id-pe 9 : sbqp-routerIdentifier +id-pe 7 : sbgp-ipAddrBlock +id-pe 8 : sbgp-autonomousSysNum +id-pe 9 : sbgp-routerIdentifier id-pe 10 : ac-proxying !Cname sinfo-access id-pe 11 : subjectInfoAccess : Subject Information Access +id-pe 14 : proxyCertInfo : Proxy Certificate Information # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS @@ -461,6 +556,11 @@ id-cct 1 : id-cct-crs id-cct 2 : id-cct-PKIData id-cct 3 : id-cct-PKIResponse +# Predefined Proxy Certificate policy languages +id-ppl 0 : id-ppl-anyLanguage : Any language +id-ppl 1 : id-ppl-inheritAll : Inherit all +id-ppl 2 : id-ppl-independent : Independent + # access descriptors for authority info access extension !Cname ad-OCSP id-ad 1 : OCSP : OCSP @@ -536,10 +636,12 @@ X509 5 : : serialNumber X509 6 : C : countryName X509 7 : L : localityName X509 8 : ST : stateOrProvinceName +X509 9 : : streetAddress X509 10 : O : organizationName X509 11 : OU : organizationalUnitName X509 12 : : title X509 13 : : description +X509 17 : : postalCode X509 41 : name : name X509 42 : GN : givenName X509 43 : : initials @@ -575,16 +677,24 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator +!Cname name-constraints +id-ce 30 : nameConstraints : X509v3 Name Constraints !Cname crl-distribution-points id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies id-ce 32 : certificatePolicies : X509v3 Certificate Policies +!Cname any-policy +certificate-policies 0 : anyPolicy : X509v3 Any Policy +!Cname policy-mappings +id-ce 33 : policyMappings : X509v3 Policy Mappings !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname inhibit-any-policy +id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information id-ce 55 : targetInformation : X509v3 AC Targeting !Cname no-rev-avail @@ -694,6 +804,13 @@ aes 44 : AES-256-CFB : aes-256-cfb : DES-EDE3-CFB1 : des-ede3-cfb1 : DES-EDE3-CFB8 : des-ede3-cfb8 +# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. +!Alias nist_hashalgs nistAlgorithms 2 +nist_hashalgs 1 : SHA256 : sha256 +nist_hashalgs 2 : SHA384 : sha384 +nist_hashalgs 3 : SHA512 : sha512 +nist_hashalgs 4 : SHA224 : sha224 + # Hold instruction CRL entry extension !Cname hold-instruction-code id-ce 23 : holdInstructionCode : Hold Instruction Code @@ -705,9 +822,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer !Cname hold-instruction-reject holdInstruction 3 : holdInstructionReject : Hold Instruction Reject -# OID's from CCITT. Most of this is defined in RFC 1274. A couple of +# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of # them are also mentioned in RFC 2247 -ccitt 9 : data +itu-t 9 : data data 2342 : pss pss 19200300 : ucl ucl 100 : pilot @@ -781,7 +898,7 @@ pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher -2 23 42 : id-set : Secure Electronic Transactions +international-organizations 42 : id-set : Secure Electronic Transactions id-set 0 : set-ctype : content types id-set 1 : set-msgExt : message extensions @@ -927,3 +1044,6 @@ set-brand 6011 : set-brand-Novus rsadsi 3 10 : DES-CDMF : des-cdmf rsadsi 1 1 6 : rsaOAEPEncryptionSET + + : Oakley-EC2N-3 : ipsec3 + : Oakley-EC2N-4 : ipsec4 diff --git a/crypto/openssl/crypto/ocsp/Makefile b/crypto/openssl/crypto/ocsp/Makefile index 7135ba6..0fe0289 100644 --- a/crypto/openssl/crypto/ocsp/Makefile +++ b/crypto/openssl/crypto/ocsp/Makefile @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -54,7 +49,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -69,6 +65,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: @@ -80,212 +77,137 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +ocsp_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -ocsp_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -ocsp_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -ocsp_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c -ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h -ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_asn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_asn.o: ocsp_asn.c +ocsp_cl.o: ../../e_os.h ../../include/openssl/asn1.h +ocsp_cl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_cl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -ocsp_cl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -ocsp_cl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -ocsp_cl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -ocsp_cl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_cl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c -ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -ocsp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -ocsp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_cl.o: ../cryptlib.h ocsp_cl.c +ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c -ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h -ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_err.o: ocsp_err.c +ocsp_ext.o: ../../e_os.h ../../include/openssl/asn1.h +ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h ocsp_ext.o: ../../include/openssl/opensslconf.h ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_ext.o: ../cryptlib.h ocsp_ext.c -ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ht.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -ocsp_ht.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -ocsp_ht.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c +ocsp_ht.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ocsp_ht.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_ht.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_ht.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -ocsp_ht.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -ocsp_ht.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_ht.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c -ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h -ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_ht.o: ocsp_ht.c +ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h +ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h ocsp_lib.o: ../../include/openssl/opensslconf.h ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_lib.o: ../cryptlib.h ocsp_lib.c -ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -ocsp_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -ocsp_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +ocsp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lib.c +ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c -ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h -ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ocsp_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_prn.o: ocsp_prn.c +ocsp_srv.o: ../../e_os.h ../../include/openssl/asn1.h +ocsp_srv.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_srv.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -ocsp_srv.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -ocsp_srv.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h ocsp_srv.o: ../../include/openssl/opensslconf.h ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_srv.o: ../cryptlib.h ocsp_srv.c -ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -ocsp_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -ocsp_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +ocsp_srv.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_srv.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_srv.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_srv.c +ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c +ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_vfy.o: ocsp_vfy.c diff --git a/crypto/openssl/crypto/ocsp/ocsp.h b/crypto/openssl/crypto/ocsp/ocsp.h index fab3c03..53f3364 100644 --- a/crypto/openssl/crypto/ocsp/ocsp.h +++ b/crypto/openssl/crypto/ocsp/ocsp.h @@ -349,13 +349,9 @@ typedef struct ocsp_service_locator_st #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" -#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \ - OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\ - (unsigned char **)(p)) +#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) -#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\ - OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\ - (unsigned char **)(p)) +#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) @@ -371,11 +367,9 @@ typedef struct ocsp_service_locator_st PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ bp,(char *)o, NULL,NULL,0,NULL,NULL) -#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\ - (unsigned char *)o) +#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) -#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\ - (unsigned char *)o) +#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) #define OCSP_REQUEST_sign(o,pkey,md) \ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ @@ -396,8 +390,7 @@ typedef struct ocsp_service_locator_st #define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) -#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\ - (char *(*)())d2i_OCSP_CERTID,(char *)(cid)) +#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) #define OCSP_CERTSTATUS_dup(cs)\ (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ @@ -473,8 +466,10 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), - char *data, STACK_OF(ASN1_OBJECT) *sk); +ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, + void *data, STACK_OF(ASN1_OBJECT) *sk); +#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ +((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk) X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); @@ -564,11 +559,11 @@ void ERR_load_OCSP_strings(void); /* Function codes. */ #define OCSP_F_ASN1_STRING_ENCODE 100 -#define OCSP_F_CERT_ID_NEW 101 #define OCSP_F_D2I_OCSP_NONCE 102 #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 #define OCSP_F_OCSP_BASIC_SIGN 104 #define OCSP_F_OCSP_BASIC_VERIFY 105 +#define OCSP_F_OCSP_CERT_ID_NEW 101 #define OCSP_F_OCSP_CHECK_DELEGATED 106 #define OCSP_F_OCSP_CHECK_IDS 107 #define OCSP_F_OCSP_CHECK_ISSUER 108 diff --git a/crypto/openssl/crypto/ocsp/ocsp_cl.c b/crypto/openssl/crypto/ocsp/ocsp_cl.c index 9b3e6dd..17bab5f 100755 --- a/crypto/openssl/crypto/ocsp/ocsp_cl.c +++ b/crypto/openssl/crypto/ocsp/ocsp_cl.c @@ -101,6 +101,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) { GENERAL_NAME *gen; gen = GENERAL_NAME_new(); + if (gen == NULL) + return 0; if (!X509_NAME_set(&gen->d.directoryName, nm)) { GENERAL_NAME_free(gen); diff --git a/crypto/openssl/crypto/ocsp/ocsp_err.c b/crypto/openssl/crypto/ocsp/ocsp_err.c index 4c4d830..2c8ed72 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_err.c +++ b/crypto/openssl/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* crypto/ocsp/ocsp_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,60 +64,64 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) + static ERR_STRING_DATA OCSP_str_functs[]= { -{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"}, -{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"}, -{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0), "D2I_OCSP_NONCE"}, -{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0), "OCSP_basic_add1_status"}, -{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0), "OCSP_basic_sign"}, -{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0), "OCSP_basic_verify"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0), "OCSP_CHECK_DELEGATED"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0), "OCSP_CHECK_IDS"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0), "OCSP_CHECK_ISSUER"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0), "OCSP_check_validity"}, -{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0), "OCSP_MATCH_ISSUERID"}, -{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0), "OCSP_parse_url"}, -{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0), "OCSP_request_sign"}, -{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0), "OCSP_request_verify"}, -{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"}, -{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"}, -{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"}, +{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, +{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, +{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, +{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, +{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, +{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, +{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, +{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, +{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, +{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, +{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, +{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, +{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, +{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, +{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, +{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, +{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, {0,NULL} }; static ERR_STRING_DATA OCSP_str_reasons[]= { -{OCSP_R_BAD_DATA ,"bad data"}, -{OCSP_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, -{OCSP_R_DIGEST_ERR ,"digest err"}, -{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ,"error in nextupdate field"}, -{OCSP_R_ERROR_IN_THISUPDATE_FIELD ,"error in thisupdate field"}, -{OCSP_R_ERROR_PARSING_URL ,"error parsing url"}, -{OCSP_R_MISSING_OCSPSIGNING_USAGE ,"missing ocspsigning usage"}, -{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ,"nextupdate before thisupdate"}, -{OCSP_R_NOT_BASIC_RESPONSE ,"not basic response"}, -{OCSP_R_NO_CERTIFICATES_IN_CHAIN ,"no certificates in chain"}, -{OCSP_R_NO_CONTENT ,"no content"}, -{OCSP_R_NO_PUBLIC_KEY ,"no public key"}, -{OCSP_R_NO_RESPONSE_DATA ,"no response data"}, -{OCSP_R_NO_REVOKED_TIME ,"no revoked time"}, -{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, -{OCSP_R_REQUEST_NOT_SIGNED ,"request not signed"}, -{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"}, -{OCSP_R_ROOT_CA_NOT_TRUSTED ,"root ca not trusted"}, -{OCSP_R_SERVER_READ_ERROR ,"server read error"}, -{OCSP_R_SERVER_RESPONSE_ERROR ,"server response error"}, -{OCSP_R_SERVER_RESPONSE_PARSE_ERROR ,"server response parse error"}, -{OCSP_R_SERVER_WRITE_ERROR ,"server write error"}, -{OCSP_R_SIGNATURE_FAILURE ,"signature failure"}, -{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, -{OCSP_R_STATUS_EXPIRED ,"status expired"}, -{OCSP_R_STATUS_NOT_YET_VALID ,"status not yet valid"}, -{OCSP_R_STATUS_TOO_OLD ,"status too old"}, -{OCSP_R_UNKNOWN_MESSAGE_DIGEST ,"unknown message digest"}, -{OCSP_R_UNKNOWN_NID ,"unknown nid"}, -{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ,"unsupported requestorname type"}, +{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, +{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, +{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, +{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, +{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, +{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, +{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, +{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, +{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, +{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, +{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, +{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, +{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, +{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, +{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, +{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, +{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, +{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, +{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, +{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, +{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, +{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, +{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, +{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, +{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, +{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, {0,NULL} }; @@ -131,8 +135,8 @@ void ERR_load_OCSP_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs); - ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons); + ERR_load_strings(0,OCSP_str_functs); + ERR_load_strings(0,OCSP_str_reasons); #endif } diff --git a/crypto/openssl/crypto/ocsp/ocsp_ext.c b/crypto/openssl/crypto/ocsp/ocsp_ext.c index 5739943..815cc29 100755 --- a/crypto/openssl/crypto/ocsp/ocsp_ext.c +++ b/crypto/openssl/crypto/ocsp/ocsp_ext.c @@ -265,8 +265,8 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) /* also CRL Entry Extensions */ -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), - char *data, STACK_OF(ASN1_OBJECT) *sk) +ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, + void *data, STACK_OF(ASN1_OBJECT) *sk) { int i; unsigned char *p, *b = NULL; @@ -274,18 +274,23 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), if (data) { if ((i=i2d(data,NULL)) <= 0) goto err; - if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) + if (!(b=p=OPENSSL_malloc((unsigned int)i))) goto err; if (i2d(data, &p) <= 0) goto err; } else if (sk) { - if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err; - if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) + if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, + (I2D_OF(ASN1_OBJECT))i2d, + V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, + IS_SEQUENCE))<=0) goto err; + if (!(b=p=OPENSSL_malloc((unsigned int)i))) goto err; - if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err; + if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, + V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, + IS_SEQUENCE)<=0) goto err; } else { @@ -439,7 +444,8 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) } if (!(x = X509_EXTENSION_new())) goto err; if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; - if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL))) + if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, + NULL))) goto err; OCSP_CRLID_free(cid); return x; @@ -467,7 +473,8 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) if (!(x = X509_EXTENSION_new())) goto err; if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) goto err; - if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk))) + if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, + sk))) goto err; sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); return x; @@ -487,8 +494,8 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; if (!(x = X509_EXTENSION_new())) goto err; if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; - if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME, - (char*)gt,NULL))) goto err; + if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, + i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err; ASN1_GENERALIZEDTIME_free(gt); return x; err: @@ -526,8 +533,8 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) if (!(x = X509_EXTENSION_new())) goto err; if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) goto err; - if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC, - (char*)sloc, NULL))) goto err; + if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, + i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; OCSP_SERVICELOC_free(sloc); return x; err: diff --git a/crypto/openssl/crypto/ocsp/ocsp_lib.c b/crypto/openssl/crypto/ocsp/ocsp_lib.c index 9e87fc7..2745081 100755 --- a/crypto/openssl/crypto/ocsp/ocsp_lib.c +++ b/crypto/openssl/crypto/ocsp/ocsp_lib.c @@ -112,7 +112,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); if ((nid = EVP_MD_type(dgst)) == NID_undef) { - OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); + OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); goto err; } if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; @@ -134,7 +134,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, } return cid; digerr: - OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR); + OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR); err: if (cid) OCSP_CERTID_free(cid); return NULL; diff --git a/crypto/openssl/crypto/ocsp/ocsp_prn.c b/crypto/openssl/crypto/ocsp/ocsp_prn.c index 4b7bc28..3dfb51c 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_prn.c +++ b/crypto/openssl/crypto/ocsp/ocsp_prn.c @@ -194,7 +194,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; l=ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", + if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; if (BIO_puts(bp," Response Type: ") <= 0) @@ -252,7 +252,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { l=ASN1_ENUMERATED_get(rev->revocationReason); if (BIO_printf(bp, - "\n Revocation Reason: %s (0x%x)", + "\n Revocation Reason: %s (0x%lx)", OCSP_crl_reason_str(l), l) <= 0) goto err; } diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h index 492041b..3cf32b3 100644 --- a/crypto/openssl/crypto/opensslconf.h +++ b/crypto/openssl/crypto/opensslconf.h @@ -4,20 +4,41 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +48,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/local/ssl/lib/engines" #define OPENSSLDIR "/usr/local/ssl" #endif #endif diff --git a/crypto/openssl/crypto/opensslconf.h.in b/crypto/openssl/crypto/opensslconf.h.in index 685e83b..cee83ac 100644 --- a/crypto/openssl/crypto/opensslconf.h.in +++ b/crypto/openssl/crypto/opensslconf.h.in @@ -5,6 +5,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/local/lib/engines" #define OPENSSLDIR "/usr/local/ssl" #endif #endif diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index acb4584..c303b06 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -12,7 +12,7 @@ * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) * 0.9.3 0x0090300f * 0.9.3a 0x0090301f - * 0.9.4 0x0090400f + * 0.9.4 0x0090400f * 1.2.3z 0x102031af * * For continuity reasons (because 0.9.5 is already out, and is coded @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090705FL +#define OPENSSL_VERSION_NUMBER 0x0090802fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7e-fips 25 Oct 2004" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b-fips 04 May 2006" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7e 25 Oct 2004" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b 04 May 2006" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -83,7 +83,7 @@ * should only keep the versions that are binary compatible with the current. */ #define SHLIB_VERSION_HISTORY "" -#define SHLIB_VERSION_NUMBER "0.9.7" +#define SHLIB_VERSION_NUMBER "0.9.8" #endif /* HEADER_OPENSSLV_H */ diff --git a/crypto/openssl/crypto/ossl_typ.h b/crypto/openssl/crypto/ossl_typ.h index 285fd0b..9c335a1 100644 --- a/crypto/openssl/crypto/ossl_typ.h +++ b/crypto/openssl/crypto/ossl_typ.h @@ -97,15 +97,42 @@ typedef int ASN1_NULL; #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME +#undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #endif +#ifdef BIGNUM +#undef BIGNUM +#endif +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + typedef struct evp_cipher_st EVP_CIPHER; typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; typedef struct env_md_st EVP_MD; typedef struct env_md_ctx_st EVP_MD_CTX; typedef struct evp_pkey_st EVP_PKEY; +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; + +typedef struct rand_meth_st RAND_METHOD; + +typedef struct ecdh_method ECDH_METHOD; +typedef struct ecdsa_method ECDSA_METHOD; + typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; typedef struct X509_crl_st X509_CRL; @@ -113,10 +140,35 @@ typedef struct X509_name_st X509_NAME; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; + +typedef struct store_st STORE; +typedef struct store_method_st STORE_METHOD; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct st_ERR_FNS ERR_FNS; + typedef struct engine_st ENGINE; +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Callback types for crypto.h */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/crypto/openssl/crypto/pem/Makefile b/crypto/openssl/crypto/pem/Makefile index c4e29f4..742194f 100644 --- a/crypto/openssl/crypto/pem/Makefile +++ b/crypto/openssl/crypto/pem/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/pem/Makefile +# OpenSSL/crypto/pem/Makefile # DIR= pem @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -54,7 +49,8 @@ links: $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -69,6 +65,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: @@ -80,256 +77,165 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -pem_all.o: ../../e_os.h ../../include/openssl/aes.h -pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +pem_all.o: ../../e_os.h ../../include/openssl/asn1.h +pem_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_all.o: ../../include/openssl/fips.h ../../include/openssl/idea.h -pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pem_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pem_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_all.o: ../cryptlib.h pem_all.c -pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -pem_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c +pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pem_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_err.o: pem_err.c -pem_info.o: ../../e_os.h ../../include/openssl/aes.h -pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c +pem_info.o: ../../e_os.h ../../include/openssl/asn1.h +pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_info.o: ../../include/openssl/opensslconf.h +pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pem_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h pem_info.o: ../cryptlib.h pem_info.c -pem_lib.o: ../../e_os.h ../../include/openssl/aes.h -pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h +pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c -pem_oth.o: ../../e_os.h ../../include/openssl/aes.h -pem_oth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_oth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_oth.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_oth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_oth.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_oth.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_oth.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_oth.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_lib.o: ../cryptlib.h pem_lib.c +pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h +pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -pem_oth.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_oth.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_oth.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_oth.o: ../cryptlib.h pem_oth.c -pem_pk8.o: ../../e_os.h ../../include/openssl/aes.h -pem_pk8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_pk8.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_pk8.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_pk8.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_pk8.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_pk8.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_pk8.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_pk8.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c +pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h +pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_pk8.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pem_pk8.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pem_pk8.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pem_pk8.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c -pem_pkey.o: ../../e_os.h ../../include/openssl/aes.h -pem_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_pk8.o: ../cryptlib.h pem_pk8.c +pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_pkey.o: ../../include/openssl/opensslconf.h pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -pem_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_pkey.o: ../cryptlib.h pem_pkey.c -pem_seal.o: ../../e_os.h ../../include/openssl/aes.h -pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_seal.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c +pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h +pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_seal.o: ../../include/openssl/opensslconf.h pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pem_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pem_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c -pem_sign.o: ../../e_os.h ../../include/openssl/aes.h -pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_sign.o: ../../e_os.h ../../include/openssl/asn1.h +pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_sign.o: ../../include/openssl/opensslconf.h pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pem_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pem_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c -pem_x509.o: ../../e_os.h ../../include/openssl/aes.h -pem_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_sign.o: ../cryptlib.h pem_sign.c +pem_x509.o: ../../e_os.h ../../include/openssl/asn1.h +pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_x509.o: ../../include/openssl/opensslconf.h pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pem_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_x509.o: ../cryptlib.h pem_x509.c -pem_xaux.o: ../../e_os.h ../../include/openssl/aes.h -pem_xaux.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_xaux.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_xaux.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pem_xaux.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_xaux.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_xaux.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pem_xaux.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pem_xaux.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_x509.c +pem_xaux.o: ../../e_os.h ../../include/openssl/asn1.h +pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pem_xaux.o: ../../include/openssl/opensslconf.h pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pem_xaux.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pem_xaux.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_xaux.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_xaux.o: ../cryptlib.h pem_xaux.c +pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c diff --git a/crypto/openssl/crypto/pem/pem.h b/crypto/openssl/crypto/pem/pem.h index d330cbf..7db6b42 100644 --- a/crypto/openssl/crypto/pem/pem.h +++ b/crypto/openssl/crypto/pem/pem.h @@ -59,6 +59,7 @@ #ifndef HEADER_PEM_H #define HEADER_PEM_H +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -68,7 +69,6 @@ #include #include #include -#include #ifdef __cplusplus extern "C" { @@ -91,6 +91,9 @@ extern "C" { #define PEM_OBJ_DHPARAMS 17 #define PEM_OBJ_DSAPARAMS 18 #define PEM_OBJ_PRIV_RSA_PUBLIC 19 +#define PEM_OBJ_PRIV_ECDSA 20 +#define PEM_OBJ_PUB_ECDSA 21 +#define PEM_OBJ_ECPARAMETERS 22 #define PEM_ERROR 30 #define PEM_DEK_DES_CBC 40 @@ -110,6 +113,7 @@ extern "C" { #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -126,6 +130,9 @@ extern "C" { #define PEM_STRING_DHPARAMS "DH PARAMETERS" #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" /* Note that this structure is initialised by PEM_SealInit and cleaned up by PEM_SealFinal (at least for now) */ @@ -213,24 +220,35 @@ typedef struct pem_ctx_st #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ -return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\ - cb,u)); \ +return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \ } \ #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ { \ -return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \ - NULL,NULL,0,NULL,NULL)); \ -} +return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ +} + +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ +} #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \ - (char *)x,enc,kstr,klen,cb,u)); \ + return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ + } + +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ } #endif @@ -238,33 +256,51 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ -return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\ - (char **)x,cb,u)); \ +return(((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i_##asn1, str,bp,x,cb,u)); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x) \ { \ -return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \ - NULL,NULL,0,NULL,NULL)); \ +return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ +} + +#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \ - (char *)x,enc,kstr,klen,cb,u)); \ + return(((int (*)(I2D_OF(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ + } + +#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ IMPLEMENT_PEM_write_fp(name, type, str, asn1) +#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) +#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + #define IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ IMPLEMENT_PEM_read_fp(name, type, str, asn1) @@ -273,6 +309,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_write(name, type, str, asn1) +#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb(name, type, str, asn1) @@ -293,6 +333,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x); +#define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + #define DECLARE_PEM_write_cb_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -306,6 +349,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x); +#define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + #define DECLARE_PEM_write_cb_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -322,6 +368,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_write_bio(name, type) \ DECLARE_PEM_write_fp(name, type) +#define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) + #define DECLARE_PEM_write_cb(name, type) \ DECLARE_PEM_write_cb_bio(name, type) \ DECLARE_PEM_write_cb_fp(name, type) @@ -334,6 +384,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write(name, type) +#define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) + #define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) @@ -403,9 +457,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ (char **)x,cb,u) -#define PEM_write_bio_SSL_SESSION(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) #define PEM_write_bio_X509(bp,x) \ PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ (char *)x, NULL,NULL,0,NULL,NULL) @@ -444,8 +495,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ PEM_STRING_X509,bp, \ (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ @@ -494,11 +543,16 @@ int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, long len); int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); -char * PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x, - pem_password_cb *cb, void *u); -int PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x, +void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, + void **x, pem_password_cb *cb, void *u); +#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ +((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i,name,bp,x,cb,u) +int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u); +#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ + ((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d,name,bp,x,enc,kstr,klen,cb,u) + STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); @@ -508,11 +562,11 @@ int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,long *len); int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); -char * PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x, - pem_password_cb *cb, void *u); -int PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x, - const EVP_CIPHER *enc,unsigned char *kstr,int klen, - pem_password_cb *callback, void *u); +void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, + char *x,const EVP_CIPHER *enc,unsigned char *kstr, + int klen,pem_password_cb *callback, void *u); STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); #endif @@ -542,6 +596,8 @@ DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) + DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) @@ -559,7 +615,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) #endif @@ -570,13 +626,19 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) -DECLARE_PEM_rw(DSAparams, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) + +#endif +#ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) #endif #ifndef OPENSSL_NO_DH -DECLARE_PEM_rw(DHparams, DH) +DECLARE_PEM_rw_const(DHparams, DH) #endif @@ -626,24 +688,27 @@ void ERR_load_PEM_strings(void); /* Function codes. */ #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 -#define PEM_F_DEF_CALLBACK 100 +#define PEM_F_DO_PK8PKEY 126 +#define PEM_F_DO_PK8PKEY_FP 125 #define PEM_F_LOAD_IV 101 #define PEM_F_PEM_ASN1_READ 102 #define PEM_F_PEM_ASN1_READ_BIO 103 #define PEM_F_PEM_ASN1_WRITE 104 #define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DEF_CALLBACK 100 #define PEM_F_PEM_DO_HEADER 106 -#define PEM_F_PEM_F_DO_PK8KEY_FP 122 #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_PK8PKEY 119 #define PEM_F_PEM_READ 108 #define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +#define PEM_F_PEM_READ_PRIVATEKEY 124 #define PEM_F_PEM_SEALFINAL 110 #define PEM_F_PEM_SEALINIT 111 #define PEM_F_PEM_SIGNFINAL 112 #define PEM_F_PEM_WRITE 113 #define PEM_F_PEM_WRITE_BIO 114 -#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY 119 #define PEM_F_PEM_X509_INFO_READ 115 #define PEM_F_PEM_X509_INFO_READ_BIO 116 #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 diff --git a/crypto/openssl/crypto/pem/pem_all.c b/crypto/openssl/crypto/pem/pem_all.c index 0796331..66cbc7e 100644 --- a/crypto/openssl/crypto/pem/pem_all.c +++ b/crypto/openssl/crypto/pem/pem_all.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #undef SSLEAY_MACROS @@ -64,7 +117,15 @@ #include #include #include -#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif #ifndef OPENSSL_NO_RSA static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); @@ -73,6 +134,10 @@ static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); #endif +#ifndef OPENSSL_NO_EC +static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); +#endif + IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) @@ -129,50 +194,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, #endif -#ifdef OPENSSL_FIPS - -int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_RSA(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} - -#ifndef OPENSSL_NO_FP_API -int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - - EVP_PKEY_set1_RSA(k, x); - - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} -#endif - -#else - -IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) - -#endif - -IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) +IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) +IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) #endif @@ -201,69 +224,73 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, return pkey_get_dsa(pktmp, dsa); } +IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -#ifdef OPENSSL_FIPS +#ifndef OPENSSL_NO_FP_API -int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, + void *u) { - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_DSA(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; + EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); + return pkey_get_dsa(pktmp, dsa); } -#ifndef OPENSSL_NO_FP_API -int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +#endif + +IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) + +#endif + + +#ifndef OPENSSL_NO_EC +static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) { - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_DSA(k, x); - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; + EC_KEY *dtmp; + if(!key) return NULL; + dtmp = EVP_PKEY_get1_EC_KEY(key); + EVP_PKEY_free(key); + if(!dtmp) return NULL; + if(eckey) + { + EC_KEY_free(*eckey); + *eckey = dtmp; + } + return dtmp; } -#endif -#else +EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, + void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); + return pkey_get_eckey(pktmp, key); +} -IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) -#endif +IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) -IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) #ifndef OPENSSL_NO_FP_API - -DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, - void *u) + +EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, + void *u) { EVP_PKEY *pktmp; pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); + return pkey_get_eckey(pktmp, eckey); } #endif -IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) - #endif #ifndef OPENSSL_NO_DH -IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) #endif @@ -274,42 +301,8 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything * appropriate.) */ - -#ifdef OPENSSL_FIPS - -int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { - if (FIPS_mode()) - return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, - (char *)kstr, klen, cb, u); - else - return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), - bp,(char *)x,enc,kstr,klen,cb,u); - } - -#ifndef OPENSSL_NO_FP_API -int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { - if (FIPS_mode()) - return PEM_write_PKCS8PrivateKey(fp, x, enc, - (char *)kstr, klen, cb, u); - else - return PEM_ASN1_write((int (*)())i2d_PrivateKey, - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), - fp,(char *)x,enc,kstr,klen,cb,u); - } -#endif - -#else - -IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) - -#endif +IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ + (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/crypto/openssl/crypto/pem/pem_err.c b/crypto/openssl/crypto/pem/pem_err.c index 3b39b84..7837cde 100644 --- a/crypto/openssl/crypto/pem/pem_err.c +++ b/crypto/openssl/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* crypto/pem/pem_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,52 +64,59 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) + static ERR_STRING_DATA PEM_str_functs[]= { -{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"}, -{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"}, -{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, -{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, -{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, -{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"}, -{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, -{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, -{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, -{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, -{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"}, -{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"}, -{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, -{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, -{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, -{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"}, -{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, -{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, -{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, +{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, +{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, +{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, +{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, +{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, +{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, +{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, +{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, +{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, +{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, +{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, +{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, +{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, +{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, +{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, +{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, +{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, +{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, +{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, +{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, +{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, +{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, +{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, +{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, +{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, +{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, {0,NULL} }; static ERR_STRING_DATA PEM_str_reasons[]= { -{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"}, -{PEM_R_BAD_DECRYPT ,"bad decrypt"}, -{PEM_R_BAD_END_LINE ,"bad end line"}, -{PEM_R_BAD_IV_CHARS ,"bad iv chars"}, -{PEM_R_BAD_PASSWORD_READ ,"bad password read"}, -{PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"}, -{PEM_R_NOT_DEK_INFO ,"not dek info"}, -{PEM_R_NOT_ENCRYPTED ,"not encrypted"}, -{PEM_R_NOT_PROC_TYPE ,"not proc type"}, -{PEM_R_NO_START_LINE ,"no start line"}, -{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"}, -{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"}, -{PEM_R_READ_KEY ,"read key"}, -{PEM_R_SHORT_HEADER ,"short header"}, -{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, +{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"}, +{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, +{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, +{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, +{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, +{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, +{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, +{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, +{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, +{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, +{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, +{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, +{ERR_REASON(PEM_R_READ_KEY) ,"read key"}, +{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, +{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, {0,NULL} }; @@ -123,8 +130,8 @@ void ERR_load_PEM_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); - ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); + ERR_load_strings(0,PEM_str_functs); + ERR_load_strings(0,PEM_str_reasons); #endif } diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c index 9e4af29..1644dfc 100644 --- a/crypto/openssl/crypto/pem/pem_info.c +++ b/crypto/openssl/crypto/pem/pem_info.c @@ -63,6 +63,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_FP_API STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) @@ -85,13 +91,15 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_p STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { X509_INFO *xi=NULL; - char *name=NULL,*header=NULL,**pp; - unsigned char *data=NULL,*p; + char *name=NULL,*header=NULL; + void *pp; + unsigned char *data=NULL; + const unsigned char *p; long len,error=0; int ok=0; STACK_OF(X509_INFO) *ret=NULL; unsigned int i,raw; - char *(*d2i)(); + d2i_of_void *d2i; if (sk == NULL) { @@ -123,42 +131,42 @@ start: if ( (strcmp(name,PEM_STRING_X509) == 0) || (strcmp(name,PEM_STRING_X509_OLD) == 0)) { - d2i=(char *(*)())d2i_X509; + d2i=(D2I_OF(void))d2i_X509; if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->x509); + pp=&(xi->x509); } else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) { - d2i=(char *(*)())d2i_X509_AUX; + d2i=(D2I_OF(void))d2i_X509_AUX; if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->x509); + pp=&(xi->x509); } else if (strcmp(name,PEM_STRING_X509_CRL) == 0) { - d2i=(char *(*)())d2i_X509_CRL; + d2i=(D2I_OF(void))d2i_X509_CRL; if (xi->crl != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->crl); + pp=&(xi->crl); } else #ifndef OPENSSL_NO_RSA if (strcmp(name,PEM_STRING_RSA) == 0) { - d2i=(char *(*)())d2i_RSAPrivateKey; + d2i=(D2I_OF(void))d2i_RSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -173,7 +181,7 @@ start: if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) goto err; xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa); + pp=&(xi->x_pkey->dec_pkey->pkey.rsa); if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -182,7 +190,7 @@ start: #ifndef OPENSSL_NO_DSA if (strcmp(name,PEM_STRING_DSA) == 0) { - d2i=(char *(*)())d2i_DSAPrivateKey; + d2i=(D2I_OF(void))d2i_DSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -203,6 +211,30 @@ start: } else #endif +#ifndef OPENSSL_NO_EC + if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) + { + d2i=(D2I_OF(void))d2i_ECPrivateKey; + if (xi->x_pkey != NULL) + { + if (!sk_X509_INFO_push(ret,xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + + xi->enc_data=NULL; + xi->enc_len=0; + + xi->x_pkey=X509_PKEY_new(); + if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) + goto err; + xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; + pp=&(xi->x_pkey->dec_pkey->pkey.ec); + if ((int)strlen(header) > 10) /* assume encrypted */ + raw=1; + } + else +#endif { d2i=NULL; pp=NULL; diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c index 7785039..7cfc2f3 100644 --- a/crypto/openssl/crypto/pem/pem_lib.c +++ b/crypto/openssl/crypto/pem/pem_lib.c @@ -73,7 +73,7 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; #define MIN_LENGTH 4 -static int load_iv(unsigned char **fromp,unsigned char *to, int num); +static int load_iv(char **fromp,unsigned char *to, int num); static int check_pem(const char *nm, const char *name); int PEM_def_callback(char *buf, int num, int w, void *key) @@ -81,7 +81,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) #ifdef OPENSSL_NO_FP_API /* We should not ever call the default callback routine from * windows. */ - PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(-1); #else int i,j; @@ -102,7 +102,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) i=EVP_read_pw_string(buf,num,prompt,w); if (i != 0) { - PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); + PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf,0,(unsigned int)num); return(-1); } @@ -158,11 +158,11 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) } #ifndef OPENSSL_NO_FP_API -char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, - pem_password_cb *cb, void *u) +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u) { BIO *b; - char *ret; + void *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { @@ -195,6 +195,8 @@ static int check_pem(const char *nm, const char *name) if(!strcmp(nm,PEM_STRING_DSA) && !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; /* Permit older strings */ if(!strcmp(nm,PEM_STRING_X509_OLD) && @@ -258,9 +260,9 @@ err: } #ifndef OPENSSL_NO_FP_API -int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, - const EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + char *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) { BIO *b; int ret; @@ -277,9 +279,9 @@ int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, } #endif -int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, - const EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + char *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) { EVP_CIPHER_CTX ctx; int dsize=0,i,j,ret=0; @@ -301,7 +303,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, if ((dsize=i2d(x,NULL)) < 0) { - PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); dsize=0; goto err; } @@ -336,7 +338,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - OPENSSL_assert(enc->iv_len <= sizeof iv); + OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is @@ -432,6 +434,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) int o; const EVP_CIPHER *enc=NULL; char *p,c; + char **header_pp = &header; cipher->cipher=NULL; if ((header == NULL) || (*header == '\0') || (*header == '\n')) @@ -478,15 +481,16 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); return(0); } - if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0); + if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len)) + return(0); return(1); } -static int load_iv(unsigned char **fromp, unsigned char *to, int num) +static int load_iv(char **fromp, unsigned char *to, int num) { int v,i; - unsigned char *from; + char *from; from= *fromp; for (i=0; i /* for OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" @@ -64,6 +65,7 @@ #include #include #include +#include int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, diff --git a/crypto/openssl/crypto/pem/pem_xaux.c b/crypto/openssl/crypto/pem/pem_xaux.c index 2f579b5..63ce660 100644 --- a/crypto/openssl/crypto/pem/pem_xaux.c +++ b/crypto/openssl/crypto/pem/pem_xaux.c @@ -66,3 +66,4 @@ #include IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) +IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) diff --git a/crypto/openssl/crypto/perlasm/cbc.pl b/crypto/openssl/crypto/perlasm/cbc.pl index 22149c6..e43dc9a 100644 --- a/crypto/openssl/crypto/perlasm/cbc.pl +++ b/crypto/openssl/crypto/perlasm/cbc.pl @@ -322,7 +322,8 @@ sub cbc &function_end_A($name); - &set_label("cbc_enc_jmp_table",1); + &align(64); + &set_label("cbc_enc_jmp_table"); &data_word("0"); &data_word(&label("ej1")."-".&label("PIC_point")); &data_word(&label("ej2")."-".&label("PIC_point")); @@ -341,6 +342,7 @@ sub cbc #&data_word(&label("dj5")."-".&label("PIC_point")); #&data_word(&label("dj6")."-".&label("PIC_point")); #&data_word(&label("dj7")."-".&label("PIC_point")); + &align(64); &function_end_B($name); diff --git a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl b/crypto/openssl/crypto/perlasm/x86_64-xlate.pl new file mode 100755 index 0000000..ef1a4ce --- /dev/null +++ b/crypto/openssl/crypto/perlasm/x86_64-xlate.pl @@ -0,0 +1,506 @@ +#!/usr/bin/env perl + +# Ascetic x86_64 AT&T to MASM assembler translator by . +# +# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T +# format is way easier to parse. Because it's simpler to "gear" from +# Unix ABI to Windows one [see cross-reference "card" at the end of +# file]. Because Linux targets were available first... +# +# In addition the script also "distills" code suitable for GNU +# assembler, so that it can be compiled with more rigid assemblers, +# such as Solaris /usr/ccs/bin/as. +# +# This translator is not designed to convert *arbitrary* assembler +# code from AT&T format to MASM one. It's designed to convert just +# enough to provide for dual-ABI OpenSSL modules development... +# There *are* limitations and you might have to modify your assembler +# code or this script to achieve the desired result... +# +# Currently recognized limitations: +# +# - can't use multiple ops per line; +# - indirect calls and jumps are not supported; +# +# Dual-ABI styling rules. +# +# 1. Adhere to Unix register and stack layout [see the end for +# explanation]. +# 2. Forget about "red zone," stick to more traditional blended +# stack frame allocation. If volatile storage is actually required +# that is. If not, just leave the stack as is. +# 3. Functions tagged with ".type name,@function" get crafted with +# unified Win64 prologue and epilogue automatically. If you want +# to take care of ABI differences yourself, tag functions as +# ".type name,@abi-omnipotent" instead. +# 4. To optimize the Win64 prologue you can specify number of input +# arguments as ".type name,@function,N." Keep in mind that if N is +# larger than 6, then you *have to* write "abi-omnipotent" code, +# because >6 cases can't be addressed with unified prologue. +# 5. Name local labels as .L*, do *not* use dynamic labels such as 1: +# (sorry about latter). +# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is +# required to identify the spots, where to inject Win64 epilogue! +# But on the pros, it's then prefixed with rep automatically:-) +# 7. Due to MASM limitations [and certain general counter-intuitivity +# of ip-relative addressing] generation of position-independent +# code is assisted by synthetic directive, .picmeup, which puts +# address of the *next* instruction into target register. +# +# Example 1: +# .picmeup %rax +# lea .Label-.(%rax),%rax +# Example 2: +# .picmeup %rcx +# .Lpic_point: +# ... +# lea .Label-.Lpic_point(%rcx),%rbp + +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +my $masm=1 if ($output =~ /\.asm/); + +my $current_segment; +my $current_function; + +{ package opcode; # pick up opcodes + sub re { + my $self = shift; # single instance in enough... + local *line = shift; + undef $ret; + + if ($line =~ /^([a-z]+)/i) { + $self->{op} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + undef $self->{sz}; + if ($self->{op} =~ /(movz)b.*/) { # movz is pain... + $self->{op} = $1; + $self->{sz} = "b"; + } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])/) { + $self->{op} = $1; + $self->{sz} = $2; + } + } + $ret; + } + sub size { + my $self = shift; + my $sz = shift; + $self->{sz} = $sz if (defined($sz) && !defined($self->{sz})); + $self->{sz}; + } + sub out { + my $self = shift; + if (!$masm) { + if ($self->{op} eq "movz") { # movz in pain... + sprintf "%s%s%s",$self->{op},$self->{sz},shift; + } elsif ($self->{op} eq "ret") { + ".byte 0xf3,0xc3"; + } else { + "$self->{op}$self->{sz}"; + } + } else { + $self->{op} =~ s/movz/movzx/; + if ($self->{op} eq "ret") { + $self->{op} = ""; + if ($current_function->{abi} eq "svr4") { + $self->{op} = "mov rdi,QWORD PTR 8[rsp]\t;WIN64 epilogue\n\t". + "mov rsi,QWORD PTR 16[rsp]\n\t"; + } + $self->{op} .= "DB\t0F3h,0C3h\t\t;repret"; + } + $self->{op}; + } + } +} +{ package const; # pick up constants, which start with $ + sub re { + my $self = shift; # single instance in enough... + local *line = shift; + undef $ret; + + if ($line =~ /^\$([^,]+)/) { + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + } + $ret; + } + sub out { + my $self = shift; + + if (!$masm) { + sprintf "\$%s",$self->{value}; + } else { + $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig; + sprintf "%s",$self->{value}; + } + } +} +{ package ea; # pick up effective addresses: expr(%reg,%reg,scale) + sub re { + my $self = shift; # single instance in enough... + local *line = shift; + undef $ret; + + if ($line =~ /^([^\(,]*)\(([%\w,]+)\)/) { + $self->{label} = $1; + ($self->{base},$self->{index},$self->{scale})=split(/,/,$2); + $self->{scale} = 1 if (!defined($self->{scale})); + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + $self->{base} =~ s/^%//; + $self->{index} =~ s/^%// if (defined($self->{index})); + } + $ret; + } + sub size {} + sub out { + my $self = shift; + my $sz = shift; + + if (!$masm) { + # elder GNU assembler insists on 64-bit EAs:-( + # on pros side, this results in more compact code:-) + $self->{index} =~ s/^[er](.?[0-9xp])[d]?$/r\1/; + $self->{base} =~ s/^[er](.?[0-9xp])[d]?$/r\1/; + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{label} + $self->{label} =~ s/(?{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; + + if (defined($self->{index})) { + sprintf "%s(%%%s,%%%s,%d)", + $self->{label},$self->{base}, + $self->{index},$self->{scale}; + } else { + sprintf "%s(%%%s)", $self->{label},$self->{base}; + } + } else { + %szmap = ( b=>"BYTE", w=>"WORD", l=>"DWORD", q=>"QWORD" ); + + $self->{label} =~ s/\./\$/g; + $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig; + $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/); + + if (defined($self->{index})) { + sprintf "%s PTR %s[%s*%d+%s]",$szmap{$sz}, + $self->{label}, + $self->{index},$self->{scale}, + $self->{base}; + } else { + sprintf "%s PTR %s[%s]",$szmap{$sz}, + $self->{label},$self->{base}; + } + } + } +} +{ package register; # pick up registers, which start with %. + sub re { + my $class = shift; # muliple instances... + my $self = {}; + local *line = shift; + undef $ret; + + if ($line =~ /^%(\w+)/) { + bless $self,$class; + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + } + $ret; + } + sub size { + my $self = shift; + undef $ret; + + if ($self->{value} =~ /^r[\d]+b$/i) { $ret="b"; } + elsif ($self->{value} =~ /^r[\d]+w$/i) { $ret="w"; } + elsif ($self->{value} =~ /^r[\d]+d$/i) { $ret="l"; } + elsif ($self->{value} =~ /^r[\w]+$/i) { $ret="q"; } + elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; } + elsif ($self->{value} =~ /^[\w]{2}l$/i) { $ret="b"; } + elsif ($self->{value} =~ /^[\w]{2}$/i) { $ret="w"; } + elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; } + + $ret; + } + sub out { + my $self = shift; + sprintf $masm?"%s":"%%%s",$self->{value}; + } +} +{ package label; # pick up labels, which end with : + sub re { + my $self = shift; # single instance is enough... + local *line = shift; + undef $ret; + + if ($line =~ /(^[\.\w]+\:)/) { + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + $self->{value} =~ s/\.L/\$L/ if ($masm); + } + $ret; + } + sub out { + my $self = shift; + + if (!$masm) { + $self->{value}; + } elsif ($self->{value} ne "$current_function->{name}:") { + $self->{value}; + } elsif ($current_function->{abi} eq "svr4") { + my $func = "$current_function->{name} PROC\n". + " mov QWORD PTR 8[rsp],rdi\t;WIN64 prologue\n". + " mov QWORD PTR 16[rsp],rsi\n"; + my $narg = $current_function->{narg}; + $narg=6 if (!defined($narg)); + $func .= " mov rdi,rcx\n" if ($narg>0); + $func .= " mov rsi,rdx\n" if ($narg>1); + $func .= " mov rdx,r8\n" if ($narg>2); + $func .= " mov rcx,r9\n" if ($narg>3); + $func .= " mov r8,QWORD PTR 40[rsp]\n" if ($narg>4); + $func .= " mov r9,QWORD PTR 48[rsp]\n" if ($narg>5); + $func .= "\n"; + } else { + "$current_function->{name} PROC"; + } + } +} +{ package expr; # pick up expressioins + sub re { + my $self = shift; # single instance is enough... + local *line = shift; + undef $ret; + + if ($line =~ /(^[^,]+)/) { + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + $self->{value} =~ s/\.L/\$L/g if ($masm); + } + $ret; + } + sub out { + my $self = shift; + $self->{value}; + } +} +{ package directive; # pick up directives, which start with . + sub re { + my $self = shift; # single instance is enough... + local *line = shift; + undef $ret; + my $dir; + my %opcode = # lea 2f-1f(%rip),%dst; 1: nop; 2: + ( "%rax"=>0x01058d48, "%rcx"=>0x010d8d48, + "%rdx"=>0x01158d48, "%rbx"=>0x011d8d48, + "%rsp"=>0x01258d48, "%rbp"=>0x012d8d48, + "%rsi"=>0x01358d48, "%rdi"=>0x013d8d48, + "%r8" =>0x01058d4c, "%r9" =>0x010d8d4c, + "%r10"=>0x01158d4c, "%r11"=>0x011d8d4c, + "%r12"=>0x01258d4c, "%r13"=>0x012d8d4c, + "%r14"=>0x01358d4c, "%r15"=>0x013d8d4c ); + + if ($line =~ /^\s*(\.\w+)/) { + if (!$masm) { + $self->{value} = $1; + $line =~ s/\@abi\-omnipotent/\@function/; + $line =~ s/\@function.*/\@function/; + if ($line =~ /\.picmeup\s+(%r[\w]+)/i) { + $self->{value} = sprintf "\t.long\t0x%x,0x90000000",$opcode{$1}; + } else { + $self->{value} = $line; + } + $line = ""; + return $self; + } + + $dir = $1; + $ret = $self; + undef $self->{value}; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + SWITCH: for ($dir) { + /\.(text)/ + && do { my $v=undef; + $v="$current_segment\tENDS\n" if ($current_segment); + $current_segment = "_$1\$"; + $current_segment =~ tr/[a-z]/[A-Z]/; + $v.="$current_segment\tSEGMENT ALIGN(64) 'CODE'"; + $self->{value} = $v; + last; + }; + /\.globl/ && do { $self->{value} = "PUBLIC\t".$line; last; }; + /\.type/ && do { ($sym,$type,$narg) = split(',',$line); + if ($type eq "\@function") { + undef $current_function; + $current_function->{name} = $sym; + $current_function->{abi} = "svr4"; + $current_function->{narg} = $narg; + } elsif ($type eq "\@abi-omnipotent") { + undef $current_function; + $current_function->{name} = $sym; + } + last; + }; + /\.size/ && do { if (defined($current_function)) { + $self->{value}="$current_function->{name}\tENDP"; + undef $current_function; + } + last; + }; + /\.align/ && do { $self->{value} = "ALIGN\t".$line; last; }; + /\.(byte|value|long|quad)/ + && do { my @arr = split(',',$line); + my $sz = substr($1,0,1); + my $last = pop(@arr); + + $sz =~ tr/bvlq/BWDQ/; + $self->{value} = "\tD$sz\t"; + for (@arr) { $self->{value} .= sprintf"0%Xh,",oct; } + $self->{value} .= sprintf"0%Xh",oct($last); + last; + }; + /\.picmeup/ && do { $self->{value} = sprintf"\tDD\t 0%Xh,090000000h",$opcode{$line}; + last; + }; + } + $line = ""; + } + + $ret; + } + sub out { + my $self = shift; + $self->{value}; + } +} + +while($line=<>) { + + chomp($line); + + $line =~ s|[#!].*$||; # get rid of asm-style comments... + $line =~ s|/\*.*\*/||; # ... and C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning + + undef $label; + undef $opcode; + undef $dst; + undef $src; + undef $sz; + + if ($label=label->re(\$line)) { print $label->out(); } + + if (directive->re(\$line)) { + printf "%s",directive->out(); + } elsif ($opcode=opcode->re(\$line)) { ARGUMENT: { + + if ($src=register->re(\$line)) { opcode->size($src->size()); } + elsif ($src=const->re(\$line)) { } + elsif ($src=ea->re(\$line)) { } + elsif ($src=expr->re(\$line)) { } + + last ARGUMENT if ($line !~ /^,/); + + $line = substr($line,1); $line =~ s/^\s+//; + + if ($dst=register->re(\$line)) { opcode->size($dst->size()); } + elsif ($dst=const->re(\$line)) { } + elsif ($dst=ea->re(\$line)) { } + + } # ARGUMENT: + + $sz=opcode->size(); + + if (defined($dst)) { + if (!$masm) { + printf "\t%s\t%s,%s", $opcode->out($dst->size()), + $src->out($sz),$dst->out($sz); + } else { + printf "\t%s\t%s,%s", $opcode->out(), + $dst->out($sz),$src->out($sz); + } + } elsif (defined($src)) { + printf "\t%s\t%s",$opcode->out(),$src->out($sz); + } else { + printf "\t%s",$opcode->out(); + } + } + + print $line,"\n"; +} + +print "\n$current_segment\tENDS\nEND\n" if ($masm); + +close STDOUT; + +################################################# +# Cross-reference x86_64 ABI "card" +# +# Unix Win64 +# %rax * * +# %rbx - - +# %rcx #4 #1 +# %rdx #3 #2 +# %rsi #2 - +# %rdi #1 - +# %rbp - - +# %rsp - - +# %r8 #5 #3 +# %r9 #6 #4 +# %r10 * * +# %r11 * * +# %r12 - - +# %r13 - - +# %r14 - - +# %r15 - - +# +# (*) volatile register +# (-) preserved by callee +# (#) Nth argument, volatile +# +# In Unix terms top of stack is argument transfer area for arguments +# which could not be accomodated in registers. Or in other words 7th +# [integer] argument resides at 8(%rsp) upon function entry point. +# 128 bytes above %rsp constitute a "red zone" which is not touched +# by signal handlers and can be used as temporal storage without +# allocating a frame. +# +# In Win64 terms N*8 bytes on top of stack is argument transfer area, +# which belongs to/can be overwritten by callee. N is the number of +# arguments passed to callee, *but* not less than 4! This means that +# upon function entry point 5th argument resides at 40(%rsp), as well +# as that 32 bytes from 8(%rsp) can always be used as temporal +# storage [without allocating a frame]. +# +# All the above means that if assembler programmer adheres to Unix +# register and stack layout, but disregards the "red zone" existense, +# it's possible to use following prologue and epilogue to "gear" from +# Unix to Win64 ABI in leaf functions with not more than 6 arguments. +# +# omnipotent_function: +# ifdef WIN64 +# movq %rdi,8(%rsp) +# movq %rsi,16(%rsp) +# movq %rcx,%rdi ; if 1st argument is actually present +# movq %rdx,%rsi ; if 2nd argument is actually ... +# movq %r8,%rdx ; if 3rd argument is ... +# movq %r9,%rcx ; if 4th argument ... +# movq 40(%rsp),%r8 ; if 5th ... +# movq 48(%rsp),%r9 ; if 6th ... +# endif +# ... +# ifdef WIN64 +# movq 8(%rsp),%rdi +# movq 16(%rsp),%rsi +# endif +# ret diff --git a/crypto/openssl/crypto/perlasm/x86asm.pl b/crypto/openssl/crypto/perlasm/x86asm.pl index 1cb96e9..5979122 100644 --- a/crypto/openssl/crypto/perlasm/x86asm.pl +++ b/crypto/openssl/crypto/perlasm/x86asm.pl @@ -18,31 +18,34 @@ sub main'asm_init ($type,$fn,$i386)=@_; $filename=$fn; - $elf=$cpp=$sol=$aout=$win32=$gaswin=0; + $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0; if ( ($type eq "elf")) { $elf=1; require "x86unix.pl"; } elsif ( ($type eq "a.out")) { $aout=1; require "x86unix.pl"; } - elsif ( ($type eq "gaswin")) - { $gaswin=1; $aout=1; require "x86unix.pl"; } - elsif ( ($type eq "sol")) - { $sol=1; require "x86unix.pl"; } + elsif ( ($type eq "coff" or $type eq "gaswin")) + { $coff=1; require "x86unix.pl"; } elsif ( ($type eq "cpp")) { $cpp=1; require "x86unix.pl"; } elsif ( ($type eq "win32")) { $win32=1; require "x86ms.pl"; } elsif ( ($type eq "win32n")) { $win32=1; require "x86nasm.pl"; } + elsif ( ($type eq "nw-nasm")) + { $netware=1; require "x86nasm.pl"; } + elsif ( ($type eq "nw-mwasm")) + { $netware=1; $mwerks=1; require "x86nasm.pl"; } else { print STDERR <<"EOF"; Pick one target type from - elf - linux, FreeBSD etc - a.out - old linux - sol - x86 solaris - cpp - format so x86unix.cpp can be used + elf - Linux, FreeBSD, Solaris x86, etc. + a.out - OpenBSD, DJGPP, etc. + coff - GAS/COFF such as Win32 targets win32 - Windows 95/Windows NT win32n - Windows 95/Windows NT NASM format + nw-nasm - NetWare NASM format + nw-mwasm- NetWare Metrowerks Assembler EOF exit(1); } @@ -55,7 +58,7 @@ EOF &comment("Don't even think of reading this code"); &comment("It was automatically generated by $filename"); &comment("Which is a perl program used to generate the x86 assember for"); -&comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris"); +&comment("any of ELF, a.out, COFF, Win32, ..."); &comment("eric "); &comment(""); @@ -90,7 +93,7 @@ $tmp #ifdef OUT #define OK 1 #define ALIGN 4 -#if defined(__CYGWIN__) || defined(__DJGPP__) +#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__) #undef SIZE #undef TYPE #define SIZE(a,b) diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/openssl/crypto/perlasm/x86ms.pl index fbb4afb..82538a9 100644 --- a/crypto/openssl/crypto/perlasm/x86ms.pl +++ b/crypto/openssl/crypto/perlasm/x86ms.pl @@ -27,7 +27,13 @@ $label="L000"; sub main'asm_init_output { @out=(); } sub main'asm_get_output { return(@out); } sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } +sub main'external_label +{ + push(@labels,@_); + foreach (@_) { + push(@out, "EXTRN\t_$_:DWORD\n"); + } +} sub main'LB { @@ -51,6 +57,11 @@ sub main'DWP &get_mem("DWORD",@_); } +sub main'QWP + { + &get_mem("QWORD",@_); + } + sub main'BC { return @_; @@ -87,7 +98,7 @@ sub get_mem $reg2=&conv($1); $addr="_$2"; } - elsif ($addr =~ /^[_a-zA-Z]/) + elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i) { $addr="_$addr"; } @@ -128,6 +139,7 @@ sub main'xorb { &out2("xor",@_); } sub main'add { &out2("add",@_); } sub main'adc { &out2("adc",@_); } sub main'sub { &out2("sub",@_); } +sub main'sbb { &out2("sbb",@_); } sub main'rotl { &out2("rol",@_); } sub main'rotr { &out2("ror",@_); } sub main'exch { &out2("xchg",@_); } @@ -155,11 +167,39 @@ sub main'jne { &out1("jne",@_); } sub main'jno { &out1("jno",@_); } sub main'push { &out1("push",@_); $stack+=4; } sub main'pop { &out1("pop",@_); $stack-=4; } +sub main'pushf { &out0("pushfd"); $stack+=4; } +sub main'popf { &out0("popfd"); $stack-=4; } sub main'bswap { &out1("bswap",@_); &using486(); } sub main'not { &out1("not",@_); } sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } +sub main'call_ptr { &out1p("call",@_); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } +sub main'test { &out2("test",@_); } +sub main'bt { &out2("bt",@_); } +sub main'leave { &out0("leave"); } +sub main'cpuid { &out0("DW\t0A20Fh"); } +sub main'rdtsc { &out0("DW\t0310Fh"); } +sub main'halt { &out0("hlt"); } +sub main'movz { &out2("movzx",@_); } +sub main'neg { &out1("neg",@_); } +sub main'cld { &out0("cld"); } + +# SSE2 +sub main'emms { &out0("emms"); } +sub main'movd { &out2("movd",@_); } +sub main'movq { &out2("movq",@_); } +sub main'movdqu { &out2("movdqu",@_); } +sub main'movdqa { &out2("movdqa",@_); } +sub main'movdq2q{ &out2("movdq2q",@_); } +sub main'movq2dq{ &out2("movq2dq",@_); } +sub main'paddq { &out2("paddq",@_); } +sub main'pmuludq{ &out2("pmuludq",@_); } +sub main'psrlq { &out2("psrlq",@_); } +sub main'psllq { &out2("psllq",@_); } +sub main'pxor { &out2("pxor",@_); } +sub main'por { &out2("por",@_); } +sub main'pand { &out2("pand",@_); } sub out2 { @@ -213,7 +253,9 @@ sub main'file local($tmp)=<<"EOF"; TITLE $file.asm .386 -.model FLAT +.model FLAT +_TEXT\$ SEGMENT PAGE 'CODE' + EOF push(@out,$tmp); } @@ -225,7 +267,6 @@ sub main'function_begin push(@labels,$func); local($tmp)=<<"EOF"; -_TEXT SEGMENT PUBLIC _$func $extra _$func PROC NEAR @@ -243,7 +284,6 @@ sub main'function_begin_B local($func,$extra)=@_; local($tmp)=<<"EOF"; -_TEXT SEGMENT PUBLIC _$func $extra _$func PROC NEAR @@ -263,7 +303,6 @@ sub main'function_end pop ebp ret _$func ENDP -_TEXT ENDS EOF push(@out,$tmp); $stack=0; @@ -276,7 +315,6 @@ sub main'function_end_B local($tmp)=<<"EOF"; _$func ENDP -_TEXT ENDS EOF push(@out,$tmp); $stack=0; @@ -299,6 +337,14 @@ EOF sub main'file_end { + # try to detect if SSE2 or MMX extensions were used... + if (grep {/xmm[0-7]\s*,/i} @out) { + grep {s/\.[3-7]86/\.686\n\t\.XMM/} @out; + } + elsif (grep {/mm[0-7]\s*,/i} @out) { + grep {s/\.[3-7]86/\.686\n\t\.MMX/} @out; + } + push(@out,"_TEXT\$ ENDS\n"); push(@out,"END\n"); } @@ -330,6 +376,12 @@ sub main'comment } } +sub main'public_label + { + $label{$_[0]}="_$_[0]" if (!defined($label{$_[0]})); + push(@out,"PUBLIC\t$label{$_[0]}\n"); + } + sub main'label { if (!defined($label{$_[0]})) @@ -347,19 +399,37 @@ sub main'set_label $label{$_[0]}="\$${label}${_[0]}"; $label++; } + if ($_[1]!=0 && $_[1]>1) + { + main'align($_[1]); + } if((defined $_[2]) && ($_[2] == 1)) { push(@out,"$label{$_[0]}::\n"); } + elsif ($label{$_[0]} !~ /^\$/) + { + push(@out,"$label{$_[0]}\tLABEL PTR\n"); + } else { push(@out,"$label{$_[0]}:\n"); } } +sub main'data_byte + { + push(@out,"\tDB\t".join(',',@_)."\n"); + } + sub main'data_word { - push(@out,"\tDD\t$_[0]\n"); + push(@out,"\tDD\t".join(',',@_)."\n"); + } + +sub main'align + { + push(@out,"\tALIGN\t$_[0]\n"); } sub out1p @@ -367,7 +437,7 @@ sub out1p local($name,$p1)=@_; local($l,$t); - push(@out,"\t$name\t ".&conv($p1)."\n"); + push(@out,"\t$name\t".&conv($p1)."\n"); } sub main'picmeup @@ -377,3 +447,18 @@ sub main'picmeup } sub main'blindpop { &out1("pop",@_); } + +sub main'initseg + { + local($f)=@_; + local($tmp)=<<___; +OPTION DOTNAME +.CRT\$XCU SEGMENT DWORD PUBLIC 'DATA' +EXTRN _$f:NEAR +DD _$f +.CRT\$XCU ENDS +___ + push(@out,$tmp); + } + +1; diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl index 30346af..b6dfcbd 100644 --- a/crypto/openssl/crypto/perlasm/x86nasm.pl +++ b/crypto/openssl/crypto/perlasm/x86nasm.pl @@ -3,6 +3,7 @@ package x86nasm; $label="L000"; +$under=($main'netware)?'':'_'; %lb=( 'eax', 'al', 'ebx', 'bl', @@ -32,7 +33,8 @@ sub main'external_label { push(@labels,@_); foreach (@_) { - push(@out, "extern\t_$_\n"); + push(@out,".") if ($main'mwerks); + push(@out, "extern\t${under}$_\n"); } } @@ -58,14 +60,19 @@ sub main'DWP &get_mem("DWORD",@_); } +sub main'QWP + { + &get_mem("",@_); + } + sub main'BC { - return "BYTE @_"; + return (($main'mwerks)?"":"BYTE ")."@_"; } sub main'DWC { - return "DWORD @_"; + return (($main'mwerks)?"":"DWORD ")."@_"; } sub main'stack_push @@ -86,16 +93,22 @@ sub get_mem { my($size,$addr,$reg1,$reg2,$idx)=@_; my($t,$post); - my($ret)="["; + my($ret)=$size; + if ($ret ne "") + { + $ret .= " PTR" if ($main'mwerks); + $ret .= " "; + } + $ret .= "["; $addr =~ s/^\s+//; if ($addr =~ /^(.+)\+(.+)$/) { $reg2=&conv($1); - $addr="_$2"; + $addr="$under$2"; } - elsif ($addr =~ /^[_a-zA-Z]/) + elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i) { - $addr="_$addr"; + $addr="$under$addr"; } if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } @@ -134,6 +147,7 @@ sub main'xorb { &out2("xor",@_); } sub main'add { &out2("add",@_); } sub main'adc { &out2("adc",@_); } sub main'sub { &out2("sub",@_); } +sub main'sbb { &out2("sbb",@_); } sub main'rotl { &out2("rol",@_); } sub main'rotr { &out2("ror",@_); } sub main'exch { &out2("xchg",@_); } @@ -147,28 +161,57 @@ sub main'jmp { &out1("jmp",@_); } sub main'jmp_ptr { &out1p("jmp",@_); } # This is a bit of a kludge: declare all branches as NEAR. -sub main'je { &out1("je NEAR",@_); } -sub main'jle { &out1("jle NEAR",@_); } -sub main'jz { &out1("jz NEAR",@_); } -sub main'jge { &out1("jge NEAR",@_); } -sub main'jl { &out1("jl NEAR",@_); } -sub main'ja { &out1("ja NEAR",@_); } -sub main'jae { &out1("jae NEAR",@_); } -sub main'jb { &out1("jb NEAR",@_); } -sub main'jbe { &out1("jbe NEAR",@_); } -sub main'jc { &out1("jc NEAR",@_); } -sub main'jnc { &out1("jnc NEAR",@_); } -sub main'jnz { &out1("jnz NEAR",@_); } -sub main'jne { &out1("jne NEAR",@_); } -sub main'jno { &out1("jno NEAR",@_); } +$near=($main'mwerks)?'':'NEAR'; +sub main'je { &out1("je $near",@_); } +sub main'jle { &out1("jle $near",@_); } +sub main'jz { &out1("jz $near",@_); } +sub main'jge { &out1("jge $near",@_); } +sub main'jl { &out1("jl $near",@_); } +sub main'ja { &out1("ja $near",@_); } +sub main'jae { &out1("jae $near",@_); } +sub main'jb { &out1("jb $near",@_); } +sub main'jbe { &out1("jbe $near",@_); } +sub main'jc { &out1("jc $near",@_); } +sub main'jnc { &out1("jnc $near",@_); } +sub main'jnz { &out1("jnz $near",@_); } +sub main'jne { &out1("jne $near",@_); } +sub main'jno { &out1("jno $near",@_); } sub main'push { &out1("push",@_); $stack+=4; } sub main'pop { &out1("pop",@_); $stack-=4; } +sub main'pushf { &out0("pushfd"); $stack+=4; } +sub main'popf { &out0("popfd"); $stack-=4; } sub main'bswap { &out1("bswap",@_); &using486(); } sub main'not { &out1("not",@_); } -sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); } +sub main'call_ptr { &out1p("call",@_); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } +sub main'test { &out2("test",@_); } +sub main'bt { &out2("bt",@_); } +sub main'leave { &out0("leave"); } +sub main'cpuid { &out0("cpuid"); } +sub main'rdtsc { &out0("rdtsc"); } +sub main'halt { &out0("hlt"); } +sub main'movz { &out2("movzx",@_); } +sub main'neg { &out1("neg",@_); } +sub main'cld { &out0("cld"); } + +# SSE2 +sub main'emms { &out0("emms"); } +sub main'movd { &out2("movd",@_); } +sub main'movq { &out2("movq",@_); } +sub main'movdqu { &out2("movdqu",@_); } +sub main'movdqa { &out2("movdqa",@_); } +sub main'movdq2q{ &out2("movdq2q",@_); } +sub main'movq2dq{ &out2("movq2dq",@_); } +sub main'paddq { &out2("paddq",@_); } +sub main'pmuludq{ &out2("pmuludq",@_); } +sub main'psrlq { &out2("psrlq",@_); } +sub main'psllq { &out2("psllq",@_); } +sub main'pxor { &out2("pxor",@_); } +sub main'por { &out2("por",@_); } +sub main'pand { &out2("pand",@_); } sub out2 { @@ -176,6 +219,11 @@ sub out2 my($l,$t); push(@out,"\t$name\t"); + if (!$main'mwerks and $name eq "lea") + { + $p1 =~ s/^[^\[]*\[/\[/; + $p2 =~ s/^[^\[]*\[/\[/; + } $t=&conv($p1).","; $l=length($t); push(@out,$t); @@ -215,7 +263,17 @@ sub using486 sub main'file { - push(@out, "segment .text use32\n"); + if ($main'mwerks) { push(@out,".section\t.text\n"); } + else { + local $tmp=<<___; +%ifdef __omf__ +section code use32 class=code +%else +section .text +%endif +___ + push(@out,$tmp); + } } sub main'function_begin @@ -224,8 +282,8 @@ sub main'function_begin push(@labels,$func); my($tmp)=<<"EOF"; -global _$func -_$func: +global $under$func +$under$func: push ebp push ebx push esi @@ -239,8 +297,8 @@ sub main'function_begin_B { my($func,$extra)=@_; my($tmp)=<<"EOF"; -global _$func -_$func: +global $under$func +$under$func: EOF push(@out,$tmp); $stack=4; @@ -314,11 +372,17 @@ sub main'comment } } +sub main'public_label + { + $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); + push(@out,"global\t$label{$_[0]}\n"); + } + sub main'label { if (!defined($label{$_[0]})) { - $label{$_[0]}="\$${label}${_[0]}"; + $label{$_[0]}="\@${label}${_[0]}"; $label++; } return($label{$_[0]}); @@ -328,15 +392,30 @@ sub main'set_label { if (!defined($label{$_[0]})) { - $label{$_[0]}="\$${label}${_[0]}"; + $label{$_[0]}="\@${label}${_[0]}"; $label++; } + if ($_[1]!=0 && $_[1]>1) + { + main'align($_[1]); + } push(@out,"$label{$_[0]}:\n"); } +sub main'data_byte + { + push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n"); + } + sub main'data_word { - push(@out,"\tDD\t$_[0]\n"); + push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n"); + } + +sub main'align + { + push(@out,".") if ($main'mwerks); + push(@out,"align\t$_[0]\n"); } sub out1p @@ -344,7 +423,7 @@ sub out1p my($name,$p1)=@_; my($l,$t); - push(@out,"\t$name\t ".&conv($p1)."\n"); + push(@out,"\t$name\t".&conv($p1)."\n"); } sub main'picmeup @@ -354,3 +433,19 @@ sub main'picmeup } sub main'blindpop { &out1("pop",@_); } + +sub main'initseg + { + local($f)=@_; + if ($main'win32) + { + local($tmp)=<<___; +segment .CRT\$XCU data +extern $under$f +DD $under$f +___ + push(@out,$tmp); + } + } + +1; diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/openssl/crypto/perlasm/x86unix.pl index 10b669b..e71050b 100644 --- a/crypto/openssl/crypto/perlasm/x86unix.pl +++ b/crypto/openssl/crypto/perlasm/x86unix.pl @@ -1,14 +1,15 @@ #!/usr/local/bin/perl -package x86unix; +package x86unix; # GAS actually... $label="L000"; $const=""; $constl=0; $align=($main'aout)?"4":"16"; -$under=($main'aout)?"_":""; -$com_start=($main'sol)?"/":"#"; +$under=($main'aout or $main'coff)?"_":""; +$dot=($main'aout)?"":"."; +$com_start="#" if ($main'aout or $main'coff); sub main'asm_init_output { @out=(); } sub main'asm_get_output { return(@out); } @@ -51,6 +52,24 @@ if ($main'cpp) 'edi', '%edi', 'ebp', '%ebp', 'esp', '%esp', + + 'mm0', '%mm0', + 'mm1', '%mm1', + 'mm2', '%mm2', + 'mm3', '%mm3', + 'mm4', '%mm4', + 'mm5', '%mm5', + 'mm6', '%mm6', + 'mm7', '%mm7', + + 'xmm0', '%xmm0', + 'xmm1', '%xmm1', + 'xmm2', '%xmm2', + 'xmm3', '%xmm3', + 'xmm4', '%xmm4', + 'xmm5', '%xmm5', + 'xmm6', '%xmm6', + 'xmm7', '%xmm7', ); %reg_val=( @@ -97,6 +116,11 @@ sub main'DWP return($ret); } +sub main'QWP + { + return(&main'DWP(@_)); + } + sub main'BP { return(&main'DWP(@_)); @@ -137,12 +161,13 @@ sub main'shl { &out2("sall",@_); } sub main'shr { &out2("shrl",@_); } sub main'xor { &out2("xorl",@_); } sub main'xorb { &out2("xorb",@_); } -sub main'add { &out2("addl",@_); } +sub main'add { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); } sub main'adc { &out2("adcl",@_); } sub main'sub { &out2("subl",@_); } +sub main'sbb { &out2("sbbl",@_); } sub main'rotl { &out2("roll",@_); } sub main'rotr { &out2("rorl",@_); } -sub main'exch { &out2("xchg",@_); } +sub main'exch { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); } sub main'cmp { &out2("cmpl",@_); } sub main'lea { &out2("leal",@_); } sub main'mul { &out1("mull",@_); } @@ -164,15 +189,51 @@ sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jno { &out1("jno",@_); } sub main'dec { &out1("decl",@_); } -sub main'inc { &out1("incl",@_); } +sub main'inc { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); } sub main'push { &out1("pushl",@_); $stack+=4; } sub main'pop { &out1("popl",@_); $stack-=4; } -sub main'pushf { &out0("pushf"); $stack+=4; } -sub main'popf { &out0("popf"); $stack-=4; } +sub main'pushf { &out0("pushfl"); $stack+=4; } +sub main'popf { &out0("popfl"); $stack-=4; } sub main'not { &out1("notl",@_); } -sub main'call { &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); } +sub main'call { my $pre=$under; + foreach $i (%label) + { if ($label{$i} eq $_[0]) { $pre=''; last; } } + &out1("call",$pre.$_[0]); + } +sub main'call_ptr { &out1p("call",@_); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } +sub main'test { &out2("testl",@_); } +sub main'bt { &out2("btl",@_); } +sub main'leave { &out0("leave"); } +sub main'cpuid { &out0(".byte\t0x0f,0xa2"); } +sub main'rdtsc { &out0(".byte\t0x0f,0x31"); } +sub main'halt { &out0("hlt"); } +sub main'movz { &out2("movzbl",@_); } +sub main'neg { &out1("negl",@_); } +sub main'cld { &out0("cld"); } + +# SSE2 +sub main'emms { &out0("emms"); } +sub main'movd { &out2("movd",@_); } +sub main'movdqu { &out2("movdqu",@_); } +sub main'movdqa { &out2("movdqa",@_); } +sub main'movdq2q{ &out2("movdq2q",@_); } +sub main'movq2dq{ &out2("movq2dq",@_); } +sub main'paddq { &out2("paddq",@_); } +sub main'pmuludq{ &out2("pmuludq",@_); } +sub main'psrlq { &out2("psrlq",@_); } +sub main'psllq { &out2("psllq",@_); } +sub main'pxor { &out2("pxor",@_); } +sub main'por { &out2("por",@_); } +sub main'pand { &out2("pand",@_); } +sub main'movq { + local($p1,$p2,$optimize)=@_; + if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) + # movq between mmx registers can sink Intel CPUs + { push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n"); } + else { &out2("movq",@_); } + } # The bswapl instruction is new for the 486. Emulate if i386. sub main'bswap @@ -278,8 +339,6 @@ sub main'file local($tmp)=<<"EOF"; .file "$file.s" - .version "01.01" -gcc2_compiled.: EOF push(@out,$tmp); } @@ -293,15 +352,17 @@ sub main'function_begin local($tmp)=<<"EOF"; .text - .align $align -.globl $func +.globl $func EOF push(@out,$tmp); if ($main'cpp) - { $tmp=push(@out,"\tTYPE($func,\@function)\n"); } - elsif ($main'gaswin) - { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - else { $tmp=push(@out,"\t.type\t$func,\@function\n"); } + { $tmp=push(@out,"TYPE($func,\@function)\n"); } + elsif ($main'coff) + { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } + elsif ($main'aout and !$main'pic) + { } + else { $tmp=push(@out,".type\t$func,\@function\n"); } + push(@out,".align\t$align\n"); push(@out,"$func:\n"); $tmp=<<"EOF"; pushl %ebp @@ -323,15 +384,17 @@ sub main'function_begin_B local($tmp)=<<"EOF"; .text - .align $align -.globl $func +.globl $func EOF push(@out,$tmp); if ($main'cpp) - { push(@out,"\tTYPE($func,\@function)\n"); } - elsif ($main'gaswin) - { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - else { push(@out,"\t.type $func,\@function\n"); } + { push(@out,"TYPE($func,\@function)\n"); } + elsif ($main'coff) + { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } + elsif ($main'aout and !$main'pic) + { } + else { push(@out,".type $func,\@function\n"); } + push(@out,".align\t$align\n"); push(@out,"$func:\n"); $stack=4; } @@ -348,15 +411,15 @@ sub main'function_end popl %ebx popl %ebp ret -.L_${func}_end: +${dot}L_${func}_end: EOF push(@out,$tmp); if ($main'cpp) - { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } - elsif ($main'gaswin) - { $tmp=push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } + { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); } + elsif ($main'coff or $main'aout) + { } + else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); } push(@out,".ident \"$func\"\n"); $stack=0; %label=(); @@ -382,13 +445,13 @@ sub main'function_end_B $func=$under.$func; - push(@out,".L_${func}_end:\n"); + push(@out,"${dot}L_${func}_end:\n"); if ($main'cpp) - { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } - elsif ($main'gaswin) - { push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } - push(@out,".ident \"desasm.pl\"\n"); + { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); } + elsif ($main'coff or $main'aout) + { } + else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); } + push(@out,".ident \"$func\"\n"); $stack=0; %label=(); } @@ -429,9 +492,10 @@ sub main'swtmp sub main'comment { - if ($main'elf) # GNU and SVR4 as'es use different comment delimiters, - { # so we just skip comments... - push(@out,"\n"); + if (!defined($com_start) or $main'elf) + { # Regarding $main'elf above... + # GNU and SVR4 as'es use different comment delimiters, + push(@out,"\n"); # so we just skip ELF comments... return; } foreach (@_) @@ -443,11 +507,17 @@ sub main'comment } } +sub main'public_label + { + $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); + push(@out,".globl\t$label{$_[0]}\n"); + } + sub main'label { if (!defined($label{$_[0]})) { - $label{$_[0]}=".${label}${_[0]}"; + $label{$_[0]}="${dot}${label}${_[0]}"; $label++; } return($label{$_[0]}); @@ -457,15 +527,66 @@ sub main'set_label { if (!defined($label{$_[0]})) { - $label{$_[0]}=".${label}${_[0]}"; + $label{$_[0]}="${dot}${label}${_[0]}"; $label++; } - push(@out,".align $align\n") if ($_[1] != 0); + if ($_[1]!=0) + { + if ($_[1]>1) { main'align($_[1]); } + else { push(@out,".align $align\n"); } + } push(@out,"$label{$_[0]}:\n"); } sub main'file_end { + # try to detect if SSE2 or MMX extensions were used on ELF platform... + if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) { + local($tmp); + + push (@out,"\n.section\t.bss\n"); + push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n"); + + push (@out,".section\t.init\n"); + # One can argue that it's wasteful to craft every + # SSE/MMX module with this snippet... Well, it's 72 + # bytes long and for the moment we have two modules. + # Let's argue when we have 7 modules or so... + # + # $1<<10 sets a reserved bit to signal that variable + # was initialized already... + &main'picmeup("edx","OPENSSL_ia32cap_P"); + $tmp=<<___; + cmpl \$0,(%edx) + jne 1f + movl \$1<<10,(%edx) + pushf + popl %eax + movl %eax,%ecx + xorl \$1<<21,%eax + pushl %eax + popf + pushf + popl %eax + xorl %ecx,%eax + btl \$21,%eax + jnc 1f + pushl %edi + pushl %ebx + movl %edx,%edi + movl \$1,%eax + .byte 0x0f,0xa2 + orl \$1<<10,%edx + movl %edx,0(%edi) + popl %ebx + popl %edi + jmp 1f + .align $align + 1: +___ + push (@out,$tmp); + } + if ($const ne "") { push(@out,".section .rodata\n"); @@ -474,9 +595,25 @@ sub main'file_end } } +sub main'data_byte + { + push(@out,"\t.byte\t".join(',',@_)."\n"); + } + sub main'data_word { - push(@out,"\t.long $_[0]\n"); + push(@out,"\t.long\t".join(',',@_)."\n"); + } + +sub main'align + { + my $val=$_[0],$p2,$i; + if ($main'aout) { + for ($p2=0;$val!=0;$val>>=1) { $p2++; } + $val=$p2-1; + $val.=",0x90"; + } + push(@out,".align\t$val\n"); } # debug output functions: puts, putx, printf @@ -558,7 +695,6 @@ sub main'picmeup { local($tmp)=<<___; #if (defined(ELF) || defined(SOL)) && defined(PIC) - .align 8 call 1f 1: popl $regs{$dst} addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst} @@ -571,13 +707,12 @@ ___ } elsif ($main'pic && ($main'elf || $main'aout)) { - push(@out,"\t.align\t8\n"); &main'call(&main'label("PIC_me_up")); &main'set_label("PIC_me_up"); &main'blindpop($dst); - &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-". + &main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-". &main'label("PIC_me_up") . "]"); - &main'mov($dst,&main'DWP($sym."\@GOT",$dst)); + &main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst)); } else { @@ -586,3 +721,41 @@ ___ } sub main'blindpop { &out1("popl",@_); } + +sub main'initseg + { + local($f)=@_; + local($tmp); + if ($main'elf) + { + $tmp=<<___; +.section .init + call $under$f + jmp .Linitalign +.align $align +.Linitalign: +___ + } + elsif ($main'coff) + { + $tmp=<<___; # applies to both Cygwin and Mingw +.section .ctors +.long $under$f +___ + } + elsif ($main'aout) + { + local($ctor)="${under}_GLOBAL_\$I\$$f"; + $tmp=".text\n"; + $tmp.=".type $ctor,\@function\n" if ($main'pic); + $tmp.=<<___; # OpenBSD way... +.globl $ctor +.align 2 +$ctor: + jmp $under$f +___ + } + push(@out,$tmp) if ($tmp); + } + +1; diff --git a/crypto/openssl/crypto/pkcs12/Makefile b/crypto/openssl/crypto/pkcs12/Makefile index 0bd0b7a..3a7498f 100644 --- a/crypto/openssl/crypto/pkcs12/Makefile +++ b/crypto/openssl/crypto/pkcs12/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/pkcs12/Makefile +# OpenSSL/crypto/pkcs12/Makefile # DIR= pkcs12 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -57,7 +52,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -72,6 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -83,333 +80,207 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -p12_add.o: ../../e_os.h ../../include/openssl/aes.h -p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_add.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_add.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_add.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_add.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_add.o: ../../e_os.h ../../include/openssl/asn1.h +p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_add.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_add.o: ../cryptlib.h p12_add.c -p12_asn.o: ../../e_os.h ../../include/openssl/aes.h -p12_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -p12_asn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p12_asn.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p12_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p12_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_asn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p12_asn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p12_asn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c +p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h +p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_asn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_asn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_asn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c -p12_attr.o: ../../e_os.h ../../include/openssl/aes.h -p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_attr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_asn.o: ../cryptlib.h p12_asn.c +p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h +p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_attr.o: ../../include/openssl/opensslconf.h p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_attr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c -p12_crpt.o: ../../e_os.h ../../include/openssl/aes.h -p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_attr.o: ../cryptlib.h p12_attr.c +p12_crpt.o: ../../e_os.h ../../include/openssl/asn1.h +p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_crpt.o: ../../include/openssl/opensslconf.h p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c -p12_crt.o: ../../e_os.h ../../include/openssl/aes.h -p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_crt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_crt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_crt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_crpt.o: ../cryptlib.h p12_crpt.c +p12_crt.o: ../../e_os.h ../../include/openssl/asn1.h +p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_crt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crt.o: ../cryptlib.h p12_crt.c -p12_decr.o: ../../e_os.h ../../include/openssl/aes.h -p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_decr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_decr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_decr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c +p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h +p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_decr.o: ../../include/openssl/opensslconf.h p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_decr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_decr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_decr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c -p12_init.o: ../../e_os.h ../../include/openssl/aes.h -p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_init.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_init.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_init.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_init.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_decr.o: ../cryptlib.h p12_decr.c +p12_init.o: ../../e_os.h ../../include/openssl/asn1.h +p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_init.o: ../../include/openssl/opensslconf.h p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_init.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_init.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_init.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c -p12_key.o: ../../e_os.h ../../include/openssl/aes.h -p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_init.o: ../cryptlib.h p12_init.c +p12_key.o: ../../e_os.h ../../include/openssl/asn1.h +p12_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h p12_key.o: ../cryptlib.h p12_key.c -p12_kiss.o: ../../e_os.h ../../include/openssl/aes.h -p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_kiss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_kiss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_kiss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h +p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_kiss.o: ../../include/openssl/opensslconf.h p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_kiss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_kiss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_kiss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c -p12_mutl.o: ../../e_os.h ../../include/openssl/aes.h -p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_mutl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_mutl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h -p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p12_mutl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_kiss.o: ../cryptlib.h p12_kiss.c +p12_mutl.o: ../../e_os.h ../../include/openssl/asn1.h +p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -p12_mutl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_mutl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_mutl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_mutl.o: ../cryptlib.h p12_mutl.c -p12_npas.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -p12_npas.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -p12_npas.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_npas.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -p12_npas.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -p12_npas.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_mutl.c +p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_npas.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -p12_npas.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -p12_npas.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c -p12_p8d.o: ../../e_os.h ../../include/openssl/aes.h -p12_p8d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_p8d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_p8d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_p8d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_p8d.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_p8d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_p8d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_p8d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_npas.o: p12_npas.c +p12_p8d.o: ../../e_os.h ../../include/openssl/asn1.h +p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p12_p8d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_p8d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8d.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8d.o: ../cryptlib.h p12_p8d.c -p12_p8e.o: ../../e_os.h ../../include/openssl/aes.h -p12_p8e.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_p8e.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_p8e.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_p8e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_p8e.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_p8e.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_p8e.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_p8e.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c +p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h +p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p12_p8e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_p8e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8e.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8e.o: ../cryptlib.h p12_p8e.c -p12_utl.o: ../../e_os.h ../../include/openssl/aes.h -p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -p12_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -p12_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -p12_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c +p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h +p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_utl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_utl.o: ../cryptlib.h p12_utl.c -pk12err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -pk12err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -pk12err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk12err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk12err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk12err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c +pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pk12err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk12err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk12err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c +pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk12err.o: pk12err.c diff --git a/crypto/openssl/crypto/pkcs12/p12_add.c b/crypto/openssl/crypto/pkcs12/p12_add.c index 1909f28..41bdc00 100644 --- a/crypto/openssl/crypto/pkcs12/p12_add.c +++ b/crypto/openssl/crypto/pkcs12/p12_add.c @@ -68,16 +68,16 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid PKCS12_BAGS *bag; PKCS12_SAFEBAG *safebag; if (!(bag = PKCS12_BAGS_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); return NULL; } bag->type = OBJ_nid2obj(nid1); if (!ASN1_item_pack(obj, it, &bag->value.octet)) { - PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); return NULL; } if (!(safebag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); return NULL; } safebag->value.bag = bag; @@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) { - if(!PKCS7_type_is_data(p7)) return NULL; + if(!PKCS7_type_is_data(p7)) + { + PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); } @@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) { + if (!PKCS7_type_is_data(p12->authsafes)) + { + PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); } diff --git a/crypto/openssl/crypto/pkcs12/p12_crpt.c b/crypto/openssl/crypto/pkcs12/p12_crpt.c index 5e89586..3ad33c4 100644 --- a/crypto/openssl/crypto/pkcs12/p12_crpt.c +++ b/crypto/openssl/crypto/pkcs12/p12_crpt.c @@ -84,19 +84,25 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), #endif } -int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { PBEPARAM *pbe; - int saltlen, iter; - unsigned char *salt, *pbuf; + int saltlen, iter, ret; + unsigned char *salt; + const unsigned char *pbuf; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { - EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); return 0; } @@ -117,8 +123,8 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, return 0; } PBEPARAM_free(pbe); - EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); + ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); - return 1; + return ret; } diff --git a/crypto/openssl/crypto/pkcs12/p12_crt.c b/crypto/openssl/crypto/pkcs12/p12_crt.c index 4c36c64..dbafda1 100644 --- a/crypto/openssl/crypto/pkcs12/p12_crt.c +++ b/crypto/openssl/crypto/pkcs12/p12_crt.c @@ -1,9 +1,9 @@ /* p12_crt.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -60,105 +60,289 @@ #include "cryptlib.h" #include + +static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype) { - PKCS12 *p12; - STACK_OF(PKCS12_SAFEBAG) *bags; - STACK_OF(PKCS7) *safes; - PKCS12_SAFEBAG *bag; - PKCS8_PRIV_KEY_INFO *p8; - PKCS7 *authsafe; - X509 *tcert; + PKCS12 *p12 = NULL; + STACK_OF(PKCS7) *safes = NULL; + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + PKCS12_SAFEBAG *bag = NULL; int i; unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen; + unsigned int keyidlen = 0; /* Set defaults */ - if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if(!iter) iter = PKCS12_DEFAULT_ITER; - if(!mac_iter) mac_iter = 1; + if (!nid_cert) + nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + if (!nid_key) + nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + if (!iter) + iter = PKCS12_DEFAULT_ITER; + if (!mac_iter) + mac_iter = 1; - if(!pkey || !cert) { + if(!pkey && !cert && !ca) + { PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); return NULL; - } - - if(!X509_check_private_key(cert, pkey)) return NULL; + } - if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; - } + if (pkey && cert) + { + if(!X509_check_private_key(cert, pkey)) + return NULL; + X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + } - /* Add user certificate */ - if(!(bag = PKCS12_x5092certbag(cert))) return NULL; - if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; - X509_digest(cert, EVP_sha1(), keyid, &keyidlen); - if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; + if (cert) + { + bag = PKCS12_add_cert(&bags, cert); + if(name && !PKCS12_add_friendlyname(bag, name, -1)) + goto err; + if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; + } - if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; - } - /* Add all other certificates */ - if(ca) { - for(i = 0; i < sk_X509_num(ca); i++) { - tcert = sk_X509_value(ca, i); - if(!(bag = PKCS12_x5092certbag(tcert))) return NULL; - if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; + for(i = 0; i < sk_X509_num(ca); i++) + { + if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) + goto err; + } + + if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) + goto err; + + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + bags = NULL; + + if (pkey) + { + int cspidx; + bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); + + if (!bag) + goto err; + + cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); + if (cspidx >= 0) + { + X509_ATTRIBUTE *cspattr; + cspattr = EVP_PKEY_get_attr(pkey, cspidx); + if (!X509at_add1_attr(&bag->attrib, cspattr)) + goto err; } + + if(name && !PKCS12_add_friendlyname(bag, name, -1)) + goto err; + if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; } - } - /* Turn certbags into encrypted authsafe */ - authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, - iter, bags); + if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) + goto err; + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + bags = NULL; - if (!authsafe) return NULL; + p12 = PKCS12_add_safes(safes, 0); + + sk_PKCS7_pop_free(safes, PKCS7_free); + + safes = NULL; + + if ((mac_iter != -1) && + !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) + goto err; + + return p12; + + err: + + if (p12) + PKCS12_free(p12); + if (safes) + sk_PKCS7_pop_free(safes, PKCS7_free); + if (bags) + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + return NULL; + +} + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) + { + PKCS12_SAFEBAG *bag = NULL; + char *name; + int namelen = -1; + unsigned char *keyid; + int keyidlen = -1; + + /* Add user certificate */ + if(!(bag = PKCS12_x5092certbag(cert))) + goto err; + + /* Use friendlyName and localKeyID in certificate. + * (if present) + */ + + name = (char *)X509_alias_get0(cert, &namelen); + + if(name && !PKCS12_add_friendlyname(bag, name, namelen)) + goto err; + + keyid = X509_keyid_get0(cert, &keyidlen); + + if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; + + if (!pkcs12_add_bag(pbags, bag)) + goto err; + + return bag; + + err: + + if (bag) + PKCS12_SAFEBAG_free(bag); + + return NULL; - if(!(safes = sk_PKCS7_new_null ()) - || !sk_PKCS7_push(safes, authsafe)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; } - /* Make a shrouded key bag */ - if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL; - if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL; - bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8); - if(!bag) return NULL; - PKCS8_PRIV_KEY_INFO_free(p8); - if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; - if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; - if(!(bags = sk_PKCS12_SAFEBAG_new_null()) - || !sk_PKCS12_SAFEBAG_push (bags, bag)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, + int nid_key, char *pass) + { + + PKCS12_SAFEBAG *bag = NULL; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + + /* Make a PKCS#8 structure */ + if(!(p8 = EVP_PKEY2PKCS8(key))) + goto err; + if(key_usage && !PKCS8_add_keyusage(p8, key_usage)) + goto err; + if (nid_key != -1) + { + bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } + else + bag = PKCS12_MAKE_KEYBAG(p8); + + if(!bag) + goto err; + + if (!pkcs12_add_bag(pbags, bag)) + goto err; + + return bag; + + err: + + if (bag) + PKCS12_SAFEBAG_free(bag); + + return NULL; + } - /* Turn it into unencrypted safe bag */ - if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if(!sk_PKCS7_push(safes, authsafe)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; + +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int nid_safe, int iter, char *pass) + { + PKCS7 *p7 = NULL; + int free_safes = 0; + + if (!*psafes) + { + *psafes = sk_PKCS7_new_null(); + if (!*psafes) + return 0; + free_safes = 1; + } + else + free_safes = 0; + + if (nid_safe == 0) + nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; + + if (nid_safe == -1) + p7 = PKCS12_pack_p7data(bags); + else + p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, + iter, bags); + if (!p7) + goto err; + + if (!sk_PKCS7_push(*psafes, p7)) + goto err; + + return 1; + + err: + if (free_safes) + { + sk_PKCS7_free(*psafes); + *psafes = NULL; + } + + if (p7) + PKCS7_free(p7); + + return 0; + } - if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; +static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) + { + int free_bags; + if (!pbags) + return 1; + if (!*pbags) + { + *pbags = sk_PKCS12_SAFEBAG_new_null(); + if (!*pbags) + return 0; + free_bags = 1; + } + else + free_bags = 0; + + if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) + { + if (free_bags) + { + sk_PKCS12_SAFEBAG_free(*pbags); + *pbags = NULL; + } + return 0; + } + + return 1; - if(!PKCS12_pack_authsafes (p12, safes)) return NULL; + } + - sk_PKCS7_pop_free(safes, PKCS7_free); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) + { + PKCS12 *p12; + if (nid_p7 <= 0) + nid_p7 = NID_pkcs7_data; + p12 = PKCS12_init(nid_p7); - if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) - return NULL; + if (!p12) + return NULL; + + if(!PKCS12_pack_authsafes(p12, safes)) + { + PKCS12_free(p12); + return NULL; + } return p12; -} + } diff --git a/crypto/openssl/crypto/pkcs12/p12_decr.c b/crypto/openssl/crypto/pkcs12/p12_decr.c index b5684a8..74c961a 100644 --- a/crypto/openssl/crypto/pkcs12/p12_decr.c +++ b/crypto/openssl/crypto/pkcs12/p12_decr.c @@ -113,13 +113,14 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) { - unsigned char *out, *p; + unsigned char *out; + const unsigned char *p; void *ret; int outlen; if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, &out, &outlen, 0)) { - PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); + PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); return NULL; } p = out; @@ -137,7 +138,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, #endif ret = ASN1_item_d2i(NULL, &p, outlen, it); if (zbuf) OPENSSL_cleanse(out, outlen); - if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); + if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); OPENSSL_free(out); return ret; } @@ -154,17 +155,17 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i unsigned char *in = NULL; int inlen; if (!(oct = M_ASN1_OCTET_STRING_new ())) { - PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); return NULL; } inlen = ASN1_item_i2d(obj, &in, it); if (!in) { - PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); return NULL; } if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, &oct->length, 1)) { - PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); OPENSSL_free(in); return NULL; } diff --git a/crypto/openssl/crypto/pkcs12/p12_init.c b/crypto/openssl/crypto/pkcs12/p12_init.c index eb837a7..6bdc132 100644 --- a/crypto/openssl/crypto/pkcs12/p12_init.c +++ b/crypto/openssl/crypto/pkcs12/p12_init.c @@ -62,7 +62,7 @@ /* Initialise a PKCS12 structure to take data */ -PKCS12 *PKCS12_init (int mode) +PKCS12 *PKCS12_init(int mode) { PKCS12 *pkcs12; if (!(pkcs12 = PKCS12_new())) { @@ -76,15 +76,17 @@ PKCS12 *PKCS12_init (int mode) if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) { PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } break; default: - PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE); - PKCS12_free(pkcs12); - return NULL; - break; + PKCS12err(PKCS12_F_PKCS12_INIT, + PKCS12_R_UNSUPPORTED_PKCS12_MODE); + goto err; } return pkcs12; +err: + if (pkcs12 != NULL) PKCS12_free(pkcs12); + return NULL; } diff --git a/crypto/openssl/crypto/pkcs12/p12_key.c b/crypto/openssl/crypto/pkcs12/p12_key.c index 9196a34..18e72d0 100644 --- a/crypto/openssl/crypto/pkcs12/p12_key.c +++ b/crypto/openssl/crypto/pkcs12/p12_key.c @@ -59,7 +59,7 @@ #include #include "cryptlib.h" #include - +#include /* Uncomment out this line to get debugging info about key generation */ /*#define DEBUG_KEYGEN*/ diff --git a/crypto/openssl/crypto/pkcs12/p12_kiss.c b/crypto/openssl/crypto/pkcs12/p12_kiss.c index 885087a..c2ee2cc 100644 --- a/crypto/openssl/crypto/pkcs12/p12_kiss.c +++ b/crypto/openssl/crypto/pkcs12/p12_kiss.c @@ -80,7 +80,7 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, * passed unitialised. */ -int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { @@ -141,7 +141,7 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, /* Parse the outer PKCS#12 structure */ -static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, +static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { STACK_OF(PKCS7) *asafes; @@ -178,10 +178,10 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, } -static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) +static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { @@ -197,9 +197,9 @@ static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, #define MATCH_ALL 0x3 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, + ASN1_OCTET_STRING **keyid, + char *keymatch) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; @@ -221,7 +221,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; } else { if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); + PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); return 0; } } @@ -249,14 +249,26 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) return 1; if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length); + if(ckid) + { + if (!X509_keyid_set1(x509, ckid->data, ckid->length)) + { + X509_free(x509); + return 0; + } + } if(fname) { - int len; + int len, r; unsigned char *data; len = ASN1_STRING_to_UTF8(&data, fname); if(len > 0) { - X509_alias_set1(x509, data, len); + r = X509_alias_set1(x509, data, len); OPENSSL_free(data); + if (!r) + { + X509_free(x509); + return 0; + } } } diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c index 0fb67f7..7bff048 100644 --- a/crypto/openssl/crypto/pkcs12/p12_mutl.c +++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c @@ -64,14 +64,20 @@ #include /* Generate a MAC */ -int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; HMAC_CTX hmac; unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; int saltlen, iter; + if (!PKCS7_type_is_data(p12->authsafes)) + { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return 0; + } + salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (!p12->mac->iter) iter = 1; @@ -96,16 +102,16 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, } /* Verify the mac */ -int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; if(p12->mac == NULL) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT); + PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT); return 0; } if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); + PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) @@ -115,7 +121,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) /* Set a mac */ -int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) { unsigned char mac[EVP_MAX_MD_SIZE]; @@ -139,7 +145,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, } /* Set up a mac structure */ -int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; @@ -148,7 +154,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } - ASN1_INTEGER_set(p12->mac->iter, iter); + if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { + PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + return 0; + } } if (!saltlen) saltlen = PKCS12_SALT_LEN; p12->mac->salt->length = saltlen; diff --git a/crypto/openssl/crypto/pkcs12/p12_npas.c b/crypto/openssl/crypto/pkcs12/p12_npas.c index af708a2..48eacc5 100644 --- a/crypto/openssl/crypto/pkcs12/p12_npas.c +++ b/crypto/openssl/crypto/pkcs12/p12_npas.c @@ -77,28 +77,26 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) { + /* Check for NULL PKCS12 structure */ -/* Check for NULL PKCS12 structure */ - -if(!p12) { - PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; -} - -/* Check the mac */ - -if (!PKCS12_verify_mac(p12, oldpass, -1)) { - PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); - return 0; -} + if(!p12) { + PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); + return 0; + } -if (!newpass_p12(p12, oldpass, newpass)) { - PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); - return 0; -} + /* Check the mac */ + + if (!PKCS12_verify_mac(p12, oldpass, -1)) { + PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); + return 0; + } -return 1; + if (!newpass_p12(p12, oldpass, newpass)) { + PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); + return 0; + } + return 1; } /* Parse the outer PKCS#12 structure */ @@ -206,7 +204,8 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) { PBEPARAM *pbe; - unsigned char *p; + const unsigned char *p; + p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); *pnid = OBJ_obj2nid(alg->algorithm); diff --git a/crypto/openssl/crypto/pkcs12/pk12err.c b/crypto/openssl/crypto/pkcs12/pk12err.c index 10ab805..5c92cb0 100644 --- a/crypto/openssl/crypto/pkcs12/pk12err.c +++ b/crypto/openssl/crypto/pkcs12/pk12err.c @@ -1,6 +1,6 @@ /* crypto/pkcs12/pk12err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,60 +64,68 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) + static ERR_STRING_DATA PKCS12_str_functs[]= { -{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"}, -{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"}, -{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"}, -{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"}, -{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"}, -{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"}, -{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"}, -{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, -{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, -{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, -{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"}, -{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"}, -{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"}, -{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"}, -{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"}, -{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"}, +{ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, +{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, +{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, +{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, +{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, +{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, +{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, +{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, +{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, +{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, +{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, +{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, +{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, +{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, +{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, +{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, +{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, +{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, +{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, +{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, +{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, +{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, +{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, +{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, +{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, +{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, +{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, +{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, +{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, {0,NULL} }; static ERR_STRING_DATA PKCS12_str_reasons[]= { -{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"}, -{PKCS12_R_DECODE_ERROR ,"decode error"}, -{PKCS12_R_ENCODE_ERROR ,"encode error"}, -{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, -{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"}, -{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, -{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, -{PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, -{PKCS12_R_KEY_GEN_ERROR ,"key gen error"}, -{PKCS12_R_MAC_ABSENT ,"mac absent"}, -{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"}, -{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"}, -{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"}, -{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"}, -{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"}, -{PKCS12_R_PARSE_ERROR ,"parse error"}, -{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"}, -{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"}, -{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"}, -{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"}, -{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"}, +{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"}, +{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"}, +{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"}, +{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"}, +{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, +{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"}, +{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"}, +{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"}, +{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"}, +{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"}, +{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"}, +{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"}, +{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"}, +{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"}, +{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"}, +{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"}, +{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"}, +{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"}, +{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"}, +{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"}, {0,NULL} }; @@ -131,8 +139,8 @@ void ERR_load_PKCS12_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); - ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); + ERR_load_strings(0,PKCS12_str_functs); + ERR_load_strings(0,PKCS12_str_reasons); #endif } diff --git a/crypto/openssl/crypto/pkcs12/pkcs12.h b/crypto/openssl/crypto/pkcs12/pkcs12.h index dd338f2..a2d7e35 100644 --- a/crypto/openssl/crypto/pkcs12/pkcs12.h +++ b/crypto/openssl/crypto/pkcs12/pkcs12.h @@ -249,6 +249,15 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, + int key_nid, char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); @@ -264,16 +273,18 @@ void ERR_load_PKCS12_strings(void); /* Error codes for the PKCS12 functions. */ /* Function codes. */ +#define PKCS12_F_PARSE_BAG 129 #define PKCS12_F_PARSE_BAGS 103 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 #define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 #define PKCS12_F_PKCS12_CREATE 105 -#define PKCS12_F_PKCS12_DECRYPT_D2I 106 #define PKCS12_F_PKCS12_GEN_MAC 107 -#define PKCS12_F_PKCS12_I2D_ENCRYPT 108 #define PKCS12_F_PKCS12_INIT 109 +#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 #define PKCS12_F_PKCS12_KEY_GEN_ASC 110 #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 @@ -281,18 +292,20 @@ void ERR_load_PKCS12_strings(void); #define PKCS12_F_PKCS12_NEWPASS 128 #define PKCS12_F_PKCS12_PACK_P7DATA 114 #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 -#define PKCS12_F_PKCS12_PACK_SAFEBAG 117 #define PKCS12_F_PKCS12_PARSE 118 #define PKCS12_F_PKCS12_PBE_CRYPT 119 #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 #define PKCS12_F_PKCS12_SETUP_MAC 122 #define PKCS12_F_PKCS12_SET_MAC 123 +#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +#define PKCS12_F_PKCS12_VERIFY_MAC 126 #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 #define PKCS12_F_PKCS8_ENCRYPT 125 -#define PKCS12_F_VERIFY_MAC 126 /* Reason codes. */ #define PKCS12_R_CANT_PACK_STRUCTURE 100 +#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 #define PKCS12_R_DECODE_ERROR 101 #define PKCS12_R_ENCODE_ERROR 102 #define PKCS12_R_ENCRYPT_ERROR 103 diff --git a/crypto/openssl/crypto/pkcs7/Makefile b/crypto/openssl/crypto/pkcs7/Makefile index 7eda4e8..3f7e88b 100644 --- a/crypto/openssl/crypto/pkcs7/Makefile +++ b/crypto/openssl/crypto/pkcs7/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/pkcs7/Makefile +# OpenSSL/crypto/pkcs7/Makefile # DIR= pkcs7 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -72,7 +67,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -87,6 +83,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -98,143 +95,92 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h -pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_asn1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_asn1.o: ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c +pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_attr.o: pk7_attr.c -pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h -pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pk7_attr.o: ../../include/openssl/x509_vfy.h pk7_attr.c +pk7_doit.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_doit.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pk7_doit.o: ../cryptlib.h pk7_doit.c -pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h -pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_doit.c +pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk7_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c -pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h -pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../cryptlib.h pk7_lib.c +pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c -pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h -pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_mime.o: ../cryptlib.h pk7_mime.c +pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_smime.o: ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c +pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pk7_smime.o: ../cryptlib.h pk7_smime.c pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +pkcs7err.o: ../../include/openssl/opensslconf.h pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/crypto/openssl/crypto/pkcs7/bio_ber.c b/crypto/openssl/crypto/pkcs7/bio_ber.c index 895a911..31973fc 100644 --- a/crypto/openssl/crypto/pkcs7/bio_ber.c +++ b/crypto/openssl/crypto/pkcs7/bio_ber.c @@ -204,7 +204,7 @@ int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx) if ((ctx->buf_len < BER_BUF_SIZE) && (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) { - ERR_get_error(); /* clear the error */ + ERR_clear_error(); /* clear the error */ BIO_set_retry_read(b); } return(-1); diff --git a/crypto/openssl/crypto/pkcs7/example.c b/crypto/openssl/crypto/pkcs7/example.c index c993947..2953d04 100644 --- a/crypto/openssl/crypto/pkcs7/example.c +++ b/crypto/openssl/crypto/pkcs7/example.c @@ -123,7 +123,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); if (so && (so->type == V_ASN1_SEQUENCE)) { - ASN1_CTX c; + ASN1_const_CTX c; ASN1_STRING *s; long length; ASN1_OCTET_STRING *os1,*os2; @@ -144,7 +144,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) goto err; c.slen-=(c.p-c.q); - if (!asn1_Finish(&c)) goto err; + if (!asn1_const_Finish(&c)) goto err; *str1=malloc(os1->length+1); *str2=malloc(os2->length+1); memcpy(*str1,os1->data,os1->length); @@ -290,7 +290,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); if (so->type == V_ASN1_SEQUENCE) { - ASN1_CTX c; + ASN1_const_CTX c; ASN1_STRING *s; long length; ASN1_OCTET_STRING *os1,*os2; @@ -311,7 +311,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) goto err; c.slen-=(c.p-c.q); - if (!asn1_Finish(&c)) goto err; + if (!asn1_const_Finish(&c)) goto err; *str1=malloc(os1->length+1); *str2=malloc(os2->length+1); memcpy(*str1,os1->data,os1->length); diff --git a/crypto/openssl/crypto/pkcs7/pk7_asn1.c b/crypto/openssl/crypto/pkcs7/pk7_asn1.c index 46f0fc9..77931fe 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_asn1.c +++ b/crypto/openssl/crypto/pkcs7/pk7_asn1.c @@ -69,30 +69,31 @@ ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); -ASN1_SEQUENCE(PKCS7) = { +ASN1_NDEF_SEQUENCE(PKCS7) = { ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), ASN1_ADB_OBJECT(PKCS7) -}ASN1_SEQUENCE_END(PKCS7) +}ASN1_NDEF_SEQUENCE_END(PKCS7) IMPLEMENT_ASN1_FUNCTIONS(PKCS7) +IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) -ASN1_SEQUENCE(PKCS7_SIGNED) = { +ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) -} ASN1_SEQUENCE_END(PKCS7_SIGNED) +} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) @@ -130,11 +131,11 @@ ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) -ASN1_SEQUENCE(PKCS7_ENVELOPE) = { +ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) -} ASN1_SEQUENCE_END(PKCS7_ENVELOPE) +} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) @@ -157,15 +158,15 @@ ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) -ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = { +ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) -} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT) +} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) -ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { +ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), @@ -173,23 +174,23 @@ ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) -} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) +} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) -ASN1_SEQUENCE(PKCS7_ENCRYPT) = { +ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) -} ASN1_SEQUENCE_END(PKCS7_ENCRYPT) +} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) -ASN1_SEQUENCE(PKCS7_DIGEST) = { +ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(PKCS7_DIGEST) +} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) diff --git a/crypto/openssl/crypto/pkcs7/pk7_attr.c b/crypto/openssl/crypto/pkcs7/pk7_attr.c index 0391410..735c880 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_attr.c +++ b/crypto/openssl/crypto/pkcs7/pk7_attr.c @@ -96,7 +96,8 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *cap; - unsigned char *p; + const unsigned char *p; + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); if (!cap || (cap->type != V_ASN1_SEQUENCE)) return NULL; diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c index b78e228..a4bbba0 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -62,6 +62,7 @@ #include #include #include +#include static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); @@ -101,18 +102,54 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) return NULL; } +static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + { + BIO *btmp; + const EVP_MD *md; + if ((btmp=BIO_new(BIO_f_md())) == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + + md=EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp,md); + if (*pbio == NULL) + *pbio=btmp; + else if (!BIO_push(*pbio,btmp)) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + btmp=NULL; + + return 1; + + err: + if (btmp) + BIO_free(btmp); + return 0; + + } + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { int i; BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa; - const EVP_MD *evp_md; + X509_ALGOR *xa = NULL; const EVP_CIPHER *evp_cipher=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; EVP_PKEY *pkey; + ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -121,6 +158,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { case NID_pkcs7_signed: md_sk=p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; @@ -145,37 +183,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; default: PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - if (md_sk != NULL) - { - for (i=0; ialgorithm); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } + for (i=0; ialgorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); - EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); + if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) + goto err; + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) + goto err; + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) + goto err; if (ivlen > 0) { if (xalg->parameter == NULL) @@ -239,7 +264,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) OPENSSL_free(tmp); goto err; } - M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); + if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj)) + { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, + ERR_R_MALLOC_FAILURE); + OPENSSL_free(tmp); + goto err; + } } OPENSSL_free(tmp); OPENSSL_cleanse(key, keylen); @@ -255,24 +286,14 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) { - if (PKCS7_type_is_signed(p7)) - { - ASN1_OCTET_STRING *os; - os = PKCS7_get_octet_string( - p7->d.sign->contents); - if (os && os->length > 0) - bio = BIO_new_mem_buf(os->data, - os->length); - } - if(bio == NULL) - { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); - } + bio=BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio,0); } - } + } BIO_push(out,bio); bio=NULL; if (0) @@ -287,6 +308,17 @@ err: return(out); } +static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) + { + int ret; + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, + pcert->cert_info->issuer); + if (ret) + return ret; + return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, + ri->issuer_and_serial->serial); + } + /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { @@ -397,18 +429,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * (if any) */ - for (i=0; iissuer_and_serial->issuer, - pcert->cert_info->issuer) && - !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, - ri->issuer_and_serial->serial)) break; - ri=NULL; - } - if (ri == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); - goto err; + if (pcert) { + for (i=0; ienc_key), - M_ASN1_STRING_length(ri->enc_key), pkey); - if (jj <= 0) + /* If we haven't got a certificate try each ri in turn */ + + if (pcert == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); - goto err; + for (i=0; ienc_key), + M_ASN1_STRING_length(ri->enc_key), + pkey); + if (jj > 0) + break; + ERR_clear_error(); + ri = NULL; + } + if (ri == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_NO_RECIPIENT_MATCHES_KEY); + goto err; + } + } + else + { + jj=EVP_PKEY_decrypt(tmp, + M_ASN1_STRING_data(ri->enc_key), + M_ASN1_STRING_length(ri->enc_key), pkey); + if (jj <= 0) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + ERR_R_EVP_LIB); + goto err; + } } evp_ctx=NULL; BIO_get_cipher_ctx(etmp,&evp_ctx); - EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); + if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) + goto err; if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) goto err; @@ -445,7 +506,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } } - EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); + if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) + goto err; OPENSSL_cleanse(tmp,jj); @@ -498,6 +560,29 @@ err: return(out); } +static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) + { + for (;;) + { + bio=BIO_find_type(bio,BIO_TYPE_MD); + if (bio == NULL) + { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio,pmd); + if (*pmd == NULL) + { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio=BIO_next(bio); + } + return NULL; + } + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { int ret=0; @@ -520,12 +605,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signedAndEnveloped: /* XXXXXXXXXXXXXXXX */ si_sk=p7->d.signed_and_enveloped->signer_info; - os=M_ASN1_OCTET_STRING_new(); + if (!(os=M_ASN1_OCTET_STRING_new())) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } p7->d.signed_and_enveloped->enc_data->enc_data=os; break; case NID_pkcs7_enveloped: /* XXXXXXXXXXXXXXXX */ - os=M_ASN1_OCTET_STRING_new(); + if (!(os=M_ASN1_OCTET_STRING_new())) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } p7->d.enveloped->enc_data->enc_data=os; break; case NID_pkcs7_signed: @@ -537,13 +630,24 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) p7->d.sign->contents->d.data = NULL; } break; + + case NID_pkcs7_digest: + os=PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) + { + M_ASN1_OCTET_STRING_free(os); + p7->d.digest->contents->d.data = NULL; + } + break; + } if (si_sk != NULL) { if ((buf=BUF_MEM_new()) == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); goto err; } for (i=0; idigest_alg->algorithm); btmp=bio; - for (;;) - { - if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) - == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == j) - break; - else - btmp=BIO_next(btmp); - } - + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); goto err; } @@ -599,7 +689,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { - sign_time=X509_gmtime_adj(NULL,0); + if (!(sign_time=X509_gmtime_adj(NULL,0))) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); + goto err; + } PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, V_ASN1_UTCTIME,sign_time); @@ -608,8 +703,19 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* Add digest */ md_tmp=EVP_MD_CTX_md(&ctx_tmp); EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); - digest=M_ASN1_OCTET_STRING_new(); - M_ASN1_OCTET_STRING_set(digest,md_data,md_len); + if (!(digest=M_ASN1_OCTET_STRING_new())) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (!M_ASN1_OCTET_STRING_set(digest,md_data, + md_len)) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); + goto err; + } PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING,digest); @@ -627,28 +733,42 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (si->pkey->type == EVP_PKEY_DSA) ctx_tmp.digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (si->pkey->type == EVP_PKEY_EC) + ctx_tmp.digest=EVP_ecdsa(); +#endif if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, (unsigned int *)&buf->length,si->pkey)) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); goto err; } if (!ASN1_STRING_set(si->enc_digest, (unsigned char *)buf->data,buf->length)) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); goto err; } } } + else if (i == NID_pkcs7_digest) + { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; + EVP_DigestFinal_ex(mdc,md_data,&md_len); + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } if (!PKCS7_is_detached(p7)) { btmp=BIO_find_type(bio,BIO_TYPE_MEM); if (btmp == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); goto err; } BIO_get_mem_ptr(btmp,&buf_mem); @@ -829,6 +949,9 @@ for (ii=0; iitype == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); +#endif i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); EVP_PKEY_free(pkey); diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/openssl/crypto/pkcs7/pk7_lib.c index 985b072..58ce679 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_lib.c +++ b/crypto/openssl/crypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -164,7 +168,12 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.sign->version,1); + if (!ASN1_INTEGER_set(p7->d.sign->version,1)) + { + PKCS7_SIGNED_free(p7->d.sign); + p7->d.sign=NULL; + goto err; + } break; case NID_pkcs7_data: p7->type=obj; @@ -176,6 +185,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) + goto err; p7->d.signed_and_enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; @@ -183,7 +194,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.enveloped->version,0); + if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) + goto err; p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; @@ -191,12 +203,19 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.encrypted->version,0); + if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) + goto err; p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + if (!ASN1_INTEGER_set(p7->d.digest->version,0)) + goto err; + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -206,6 +225,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; @@ -314,19 +340,26 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { + int nid; char is_dsa; - if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; - else is_dsa = 0; + + if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) + is_dsa = 1; + else + is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ - ASN1_INTEGER_set(p7i->version,1); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version,1)) + goto err; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + goto err; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + if (!(p7i->issuer_and_serial->serial= + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + goto err; /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); @@ -343,16 +376,38 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, goto err; p7i->digest_alg->parameter->type=V_ASN1_NULL; - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); - if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if(is_dsa) p7i->digest_enc_alg->parameter = NULL; - else { + nid = EVP_PKEY_type(pkey->type); + if (nid == EVP_PKEY_RSA) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) goto err; p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; - } + } + else if (nid == EVP_PKEY_DSA) + { +#if 1 + /* use 'dsaEncryption' OID for compatibility with other software + * (PKCS #7 v1.5 does specify how to handle DSA) ... */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); +#else + /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) + * would make more sense. */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); +#endif + p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ + } + else if (nid == EVP_PKEY_EC) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } + else + return(0); return(1); err: @@ -372,6 +427,24 @@ err: return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) @@ -423,16 +496,20 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { - ASN1_INTEGER_set(p7i->version,0); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version,0)) + return 0; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + return 0; M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + if (!(p7i->issuer_and_serial->serial= + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; X509_ALGOR_free(p7i->key_enc_algor); - p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); + if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) + return 0; CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); p7i->cert=x509; diff --git a/crypto/openssl/crypto/pkcs7/pk7_mime.c b/crypto/openssl/crypto/pkcs7/pk7_mime.c index 5d2a978..134746c 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_mime.c +++ b/crypto/openssl/crypto/pkcs7/pk7_mime.c @@ -1,9 +1,9 @@ /* pk7_mime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ DECLARE_STACK_OF(MIME_HEADER) IMPLEMENT_STACK_OF(MIME_HEADER) +static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); static PKCS7 *B64_read_PKCS7(BIO *bio); static char * strip_ends(char *name); @@ -109,9 +110,6 @@ static void mime_hdr_free(MIME_HEADER *hdr); #define MAX_SMLEN 1024 #define mime_debug(x) /* x */ - -typedef void (*stkfree)(); - /* Base 64 read and write of PKCS#7 structure */ static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) @@ -152,11 +150,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { char bound[33], c; int i; - char *mime_prefix, *mime_eol; + char *mime_prefix, *mime_eol, *msg_type=NULL; if (flags & PKCS7_NOOLDMIMETYPE) mime_prefix = "application/pkcs7-"; else mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) mime_eol = "\r\n"; else @@ -181,7 +180,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) mime_eol, mime_eol); /* Now write out the first part */ BIO_printf(bio, "------%s%s", bound, mime_eol); - SMIME_crlf_copy(data, bio, flags); + pkcs7_output_data(bio, data, p7, flags); BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ @@ -195,14 +194,33 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) mime_eol, mime_eol); B64_write_PKCS7(bio, p7); BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, - mime_eol, mime_eol); + mime_eol, mime_eol); return 1; } + + /* Determine smime-type header */ + + if (PKCS7_type_is_enveloped(p7)) + msg_type = "enveloped-data"; + else if (PKCS7_type_is_signed(p7)) + { + /* If we have any signers it is signed-data othewise + * certs-only. + */ + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + sinfos = PKCS7_get_signer_info(p7); + if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0) + msg_type = "signed-data"; + else + msg_type = "certs-only"; + } /* MIME headers */ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Disposition: attachment;"); BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + if (msg_type) + BIO_printf(bio, " smime-type=%s;", msg_type); BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", mime_eol, mime_eol); @@ -211,6 +229,46 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) return 1; } +/* Handle output of PKCS#7 data */ + + +static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) + { + BIO *tmpbio, *p7bio; + + if (!(flags & PKCS7_STREAM)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + /* Partial sign operation */ + + /* Initialize sign operation */ + p7bio = PKCS7_dataInit(p7, out); + + /* Copy data across, computing digests etc */ + SMIME_crlf_copy(data, p7bio, flags); + + /* Must be detached */ + PKCS7_set_detached(p7, 1); + + /* Finalize signatures */ + PKCS7_dataFinal(p7, p7bio); + + /* Now remove any digests prepended to the BIO */ + + while (p7bio != out) + { + tmpbio = BIO_pop(p7bio); + BIO_free(p7bio); + p7bio = tmpbio; + } + + return 1; + + } + /* SMIME reader: handle multipart/signed and opaque signing. * in multipart case the content is placed in a memory BIO * pointed to by "bcont". In opaque this is set to NULL @@ -330,7 +388,8 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_write(out, linebuf, len); return 1; } - if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + if(flags & PKCS7_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = strip_eol(linebuf, &len); if (len) diff --git a/crypto/openssl/crypto/pkcs7/pk7_smime.c b/crypto/openssl/crypto/pkcs7/pk7_smime.c index 6e5735d..1f4a0a1 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_smime.c +++ b/crypto/openssl/crypto/pkcs7/pk7_smime.c @@ -1,9 +1,9 @@ /* pk7_smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -88,6 +88,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + PKCS7_free(p7); return NULL; } @@ -97,14 +98,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, PKCS7_add_certificate(p7, sk_X509_value(certs, i)); } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; - } - - - SMIME_crlf_copy(data, p7bio, flags); - if(!(flags & PKCS7_NOATTR)) { PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); @@ -113,6 +106,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, { if(!(smcap = sk_X509_ALGOR_new_null())) { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + PKCS7_free(p7); return NULL; } #ifndef OPENSSL_NO_DES @@ -133,14 +127,27 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } + if (flags & PKCS7_STREAM) + return p7; + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + PKCS7_free(p7); + return NULL; + } + + SMIME_crlf_copy(data, p7bio, flags); + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + PKCS7_free(p7); + BIO_free_all(p7bio); return NULL; } - BIO_free_all(p7bio); + BIO_free_all(p7bio); return p7; } @@ -155,7 +162,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, char buf[4096]; int i, j=0, k, ret = 0; BIO *p7bio; - BIO *tmpout; + BIO *tmpin, *tmpout; if(!p7) { PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); @@ -215,6 +222,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sk_X509_free(signers); return 0; } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); i = X509_verify_cert(&cert_ctx); if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); @@ -228,7 +237,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Check for revocation status here */ } - p7bio=PKCS7_dataInit(p7,indata); + /* Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) + { + char *ptr; + long len; + len = BIO_get_mem_data(indata, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + tmpin = indata; + + + p7bio=PKCS7_dataInit(p7,tmpin); if(flags & PKCS7_TEXT) { if(!(tmpout = BIO_new(BIO_s_mem()))) { @@ -270,9 +302,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: - - if(indata) BIO_pop(p7bio); + + if (tmpin == indata) + { + if (indata) BIO_pop(p7bio); + } BIO_free_all(p7bio); + sk_X509_free(signers); return ret; @@ -296,10 +332,6 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); return NULL; } - if(!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); - return NULL; - } /* Collect all the signers together */ @@ -310,6 +342,11 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) return 0; } + if(!(signers = sk_X509_new_null())) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); @@ -404,7 +441,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) return 0; } - if(!X509_check_private_key(cert, pkey)) { + if(cert && !X509_check_private_key(cert, pkey)) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h index 15372e1..cc092d2 100644 --- a/crypto/openssl/crypto/pkcs7/pkcs7.h +++ b/crypto/openssl/crypto/pkcs7/pkcs7.h @@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) #define PKCS7_get_detached(p) \ @@ -262,6 +264,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_NOSMIMECAP 0x200 #define PKCS7_NOOLDMIMETYPE 0x400 #define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 /* Flags: for compatibility with older code */ @@ -302,10 +306,12 @@ DECLARE_ASN1_FUNCTIONS(PKCS7) DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); @@ -326,6 +332,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); @@ -381,16 +388,20 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 #define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 +#define PKCS7_F_PKCS7_DATAFINAL 128 #define PKCS7_F_PKCS7_DATAINIT 105 #define PKCS7_F_PKCS7_DATASIGN 106 #define PKCS7_F_PKCS7_DATAVERIFY 107 #define PKCS7_F_PKCS7_DECRYPT 114 #define PKCS7_F_PKCS7_ENCRYPT 115 +#define PKCS7_F_PKCS7_FIND_DIGEST 127 #define PKCS7_F_PKCS7_GET0_SIGNERS 124 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 @@ -421,13 +432,15 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 #define PKCS7_R_NO_SIGNERS 142 #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_DATAFINAL 126 #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 -#define PKCS7_R_PKCS7_DATASIGN 126 +#define PKCS7_R_PKCS7_DATASIGN 145 #define PKCS7_R_PKCS7_PARSE_ERROR 139 #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 diff --git a/crypto/openssl/crypto/pkcs7/pkcs7err.c b/crypto/openssl/crypto/pkcs7/pkcs7err.c index 5e51527a..4cd2934 100644 --- a/crypto/openssl/crypto/pkcs7/pkcs7err.c +++ b/crypto/openssl/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,81 +64,91 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) + static ERR_STRING_DATA PKCS7_str_functs[]= { -{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, -{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, -{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, -{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, -{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, -{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, -{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, +{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, +{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, +{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, +{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, +{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, +{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, +{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, +{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, +{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, +{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, +{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, {0,NULL} }; static ERR_STRING_DATA PKCS7_str_reasons[]= { -{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, -{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, -{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, -{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, -{PKCS7_R_DECODE_ERROR ,"decode error"}, -{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, -{PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, -{PKCS7_R_DIGEST_FAILURE ,"digest failure"}, -{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, -{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, -{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, -{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, -{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, -{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, -{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, -{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, -{PKCS7_R_NO_CONTENT ,"no content"}, -{PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, -{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, -{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, -{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, -{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, -{PKCS7_R_NO_SIGNERS ,"no signers"}, -{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, -{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, -{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, -{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, -{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, -{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, -{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, -{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, -{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, -{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, -{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, -{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, -{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, -{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, -{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, -{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, -{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"}, -{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, -{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, -{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, -{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"}, +{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, +{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, +{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, +{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, +{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, +{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, +{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, +{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, +{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, +{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, +{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, +{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, +{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, +{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, +{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, +{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, +{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, +{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, +{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, +{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, +{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, +{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, +{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, +{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, +{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, +{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, +{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, +{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, +{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, +{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, +{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, +{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, +{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, +{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, +{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, +{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, +{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, +{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, +{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, +{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, +{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, {0,NULL} }; @@ -152,8 +162,8 @@ void ERR_load_PKCS7_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); - ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); + ERR_load_strings(0,PKCS7_str_functs); + ERR_load_strings(0,PKCS7_str_reasons); #endif } diff --git a/crypto/openssl/crypto/pqueue/Makefile b/crypto/openssl/crypto/pqueue/Makefile new file mode 100644 index 0000000..d0c39d2 --- /dev/null +++ b/crypto/openssl/crypto/pqueue/Makefile @@ -0,0 +1,84 @@ +# +# OpenSSL/crypto/pqueue/Makefile +# + +DIR= pqueue +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=pqueue.c +LIBOBJ=pqueue.o + +SRC= $(LIBSRC) + +EXHEADER= pqueue.h pq_compat.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +pqueue.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h +pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pqueue.o: ../cryptlib.h pqueue.c pqueue.h diff --git a/crypto/openssl/crypto/pqueue/pq_compat.h b/crypto/openssl/crypto/pqueue/pq_compat.h new file mode 100644 index 0000000..28c58a0 --- /dev/null +++ b/crypto/openssl/crypto/pqueue/pq_compat.h @@ -0,0 +1,147 @@ +/* crypto/pqueue/pqueue_compat.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "opensslconf.h" +#include + +/* + * The purpose of this header file is for supporting 64-bit integer + * manipulation on 32-bit (and lower) machines. Currently the only + * such environment is VMS, Utrix and those with smaller default integer + * sizes than 32 bits. For all such environment, we fall back to using + * BIGNUM. We may need to fine tune the conditions for systems that + * are incorrectly configured. + * + * The only clients of this code are (1) pqueue for priority, and + * (2) DTLS, for sequence number manipulation. + */ + +#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) + +#define PQ_64BIT_IS_INTEGER 0 +#define PQ_64BIT_IS_BIGNUM 1 + +#define PQ_64BIT BIGNUM +#define PQ_64BIT_CTX BN_CTX + +#define pq_64bit_init(x) BN_init(x) +#define pq_64bit_free(x) BN_free(x) + +#define pq_64bit_ctx_new(ctx) BN_CTX_new() +#define pq_64bit_ctx_free(x) BN_CTX_free(x) + +#define pq_64bit_assign(x, y) BN_copy(x, y) +#define pq_64bit_assign_word(x, y) BN_set_word(x, y) +#define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 +#define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 +#define pq_64bit_add_word(x, w) BN_add_word(x, w) +#define pq_64bit_sub(r, x, y) BN_sub(r, x, y) +#define pq_64bit_sub_word(x, w) BN_sub_word(x, w) +#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) + +#define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) +#define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) +#define pq_64bit_get_word(x) BN_get_word(x) +#define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) +#define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) +#define pq_64bit_set_bit(x, num) BN_set_bit(x, num) +#define pq_64bit_get_length(x) BN_num_bits((x)) + +#else + +#define PQ_64BIT_IS_INTEGER 1 +#define PQ_64BIT_IS_BIGNUM 0 + +#if defined(SIXTY_FOUR_BIT) +#define PQ_64BIT BN_ULONG +#define PQ_64BIT_PRINT "%lld" +#elif defined(SIXTY_FOUR_BIT_LONG) +#define PQ_64BIT BN_ULONG +#define PQ_64BIT_PRINT "%ld" +#elif defined(THIRTY_TWO_BIT) +#define PQ_64BIT BN_ULLONG +#define PQ_64BIT_PRINT "%lld" +#endif + +#define PQ_64BIT_CTX void + +#define pq_64bit_init(x) +#define pq_64bit_free(x) +#define pq_64bit_ctx_new(ctx) (ctx) +#define pq_64bit_ctx_free(x) + +#define pq_64bit_assign(x, y) (*(x) = *(y)) +#define pq_64bit_assign_word(x, y) (*(x) = y) +#define pq_64bit_gt(x, y) (*(x) > *(y)) +#define pq_64bit_eq(x, y) (*(x) == *(y)) +#define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) +#define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) +#define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) +#define pq_64bit_mod(r, x, n, ctx) + +#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) +#define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) +#define pq_64bit_get_word(x) *(x) +#define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) +#define pq_64bit_set_bit(x, num) do { \ + PQ_64BIT mask = 1; \ + mask = mask << (num); \ + *(x) |= mask; \ + } while(0) +#endif /* OPENSSL_SYS_VMS */ diff --git a/crypto/openssl/crypto/pqueue/pq_test.c b/crypto/openssl/crypto/pqueue/pq_test.c new file mode 100644 index 0000000..8d496dfc --- /dev/null +++ b/crypto/openssl/crypto/pqueue/pq_test.c @@ -0,0 +1,95 @@ +/* crypto/pqueue/pq_test.c */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "pqueue.h" + +int +main(void) + { + pitem *item; + pqueue pq; + + pq = pqueue_new(); + + item = pitem_new(3, NULL); + pqueue_insert(pq, item); + + item = pitem_new(1, NULL); + pqueue_insert(pq, item); + + item = pitem_new(2, NULL); + pqueue_insert(pq, item); + + item = pqueue_find(pq, 1); + fprintf(stderr, "found %ld\n", item->priority); + + item = pqueue_find(pq, 2); + fprintf(stderr, "found %ld\n", item->priority); + + item = pqueue_find(pq, 3); + fprintf(stderr, "found %ld\n", item ? item->priority: 0); + + pqueue_print(pq); + + for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq)) + pitem_free(item); + + pqueue_free(pq); + return 0; + } diff --git a/crypto/openssl/crypto/pqueue/pqueue.c b/crypto/openssl/crypto/pqueue/pqueue.c new file mode 100644 index 0000000..5cc1852 --- /dev/null +++ b/crypto/openssl/crypto/pqueue/pqueue.c @@ -0,0 +1,236 @@ +/* crypto/pqueue/pqueue.c */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include "pqueue.h" + +typedef struct _pqueue + { + pitem *items; + int count; + } pqueue_s; + +pitem * +pitem_new(PQ_64BIT priority, void *data) + { + pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem)); + if (item == NULL) return NULL; + + pq_64bit_init(&(item->priority)); + pq_64bit_assign(&item->priority, &priority); + + item->data = data; + item->next = NULL; + + return item; + } + +void +pitem_free(pitem *item) + { + if (item == NULL) return; + + pq_64bit_free(&(item->priority)); + OPENSSL_free(item); + } + +pqueue_s * +pqueue_new() + { + pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s)); + if (pq == NULL) return NULL; + + memset(pq, 0x00, sizeof(pqueue_s)); + return pq; + } + +void +pqueue_free(pqueue_s *pq) + { + if (pq == NULL) return; + + OPENSSL_free(pq); + } + +pitem * +pqueue_insert(pqueue_s *pq, pitem *item) + { + pitem *curr, *next; + + if (pq->items == NULL) + { + pq->items = item; + return item; + } + + for(curr = NULL, next = pq->items; + next != NULL; + curr = next, next = next->next) + { + if (pq_64bit_gt(&(next->priority), &(item->priority))) + { + item->next = next; + + if (curr == NULL) + pq->items = item; + else + curr->next = item; + + return item; + } + /* duplicates not allowed */ + if (pq_64bit_eq(&(item->priority), &(next->priority))) + return NULL; + } + + item->next = NULL; + curr->next = item; + + return item; + } + +pitem * +pqueue_peek(pqueue_s *pq) + { + return pq->items; + } + +pitem * +pqueue_pop(pqueue_s *pq) + { + pitem *item = pq->items; + + if (pq->items != NULL) + pq->items = pq->items->next; + + return item; + } + +pitem * +pqueue_find(pqueue_s *pq, PQ_64BIT priority) + { + pitem *next, *prev = NULL; + pitem *found = NULL; + + if ( pq->items == NULL) + return NULL; + + for ( next = pq->items; next->next != NULL; + prev = next, next = next->next) + { + if ( pq_64bit_eq(&(next->priority), &priority)) + { + found = next; + break; + } + } + + /* check the one last node */ + if ( pq_64bit_eq(&(next->priority), &priority)) + found = next; + + if ( ! found) + return NULL; + +#if 0 /* find works in peek mode */ + if ( prev == NULL) + pq->items = next->next; + else + prev->next = next->next; +#endif + + return found; + } + +#if PQ_64BIT_IS_INTEGER +void +pqueue_print(pqueue_s *pq) + { + pitem *item = pq->items; + + while(item != NULL) + { + printf("item\t" PQ_64BIT_PRINT "\n", item->priority); + item = item->next; + } + } +#endif + +pitem * +pqueue_iterator(pqueue_s *pq) + { + return pqueue_peek(pq); + } + +pitem * +pqueue_next(pitem **item) + { + pitem *ret; + + if ( item == NULL || *item == NULL) + return NULL; + + + /* *item != NULL */ + ret = *item; + *item = (*item)->next; + + return ret; + } diff --git a/crypto/openssl/crypto/pqueue/pqueue.h b/crypto/openssl/crypto/pqueue/pqueue.h new file mode 100644 index 0000000..02386d1 --- /dev/null +++ b/crypto/openssl/crypto/pqueue/pqueue.h @@ -0,0 +1,95 @@ +/* crypto/pqueue/pqueue.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PQUEUE_H +#define HEADER_PQUEUE_H + +#include +#include +#include + +#include + +typedef struct _pqueue *pqueue; + +typedef struct _pitem + { + PQ_64BIT priority; + void *data; + struct _pitem *next; + } pitem; + +typedef struct _pitem *piterator; + +pitem *pitem_new(PQ_64BIT priority, void *data); +void pitem_free(pitem *item); + +pqueue pqueue_new(void); +void pqueue_free(pqueue pq); + +pitem *pqueue_insert(pqueue pq, pitem *item); +pitem *pqueue_peek(pqueue pq); +pitem *pqueue_pop(pqueue pq); +pitem *pqueue_find(pqueue pq, PQ_64BIT priority); +pitem *pqueue_iterator(pqueue pq); +pitem *pqueue_next(piterator *iter); + +void pqueue_print(pqueue pq); + +#endif /* ! HEADER_PQUEUE_H */ diff --git a/crypto/openssl/crypto/rand/Makefile b/crypto/openssl/crypto/rand/Makefile index 4ab4b9c..3c1ab5b 100644 --- a/crypto/openssl/crypto/rand/Makefile +++ b/crypto/openssl/crypto/rand/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/rand/Makefile +# OpenSSL/crypto/rand/Makefile # DIR= rand @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -23,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_os2.c + rand_win.c rand_unix.c rand_os2.c rand_nw.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ - rand_win.o rand_unix.o rand_os2.o + rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -53,7 +48,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -68,6 +64,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -79,26 +76,16 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md_rand.o: ../../e_os.h ../../include/openssl/aes.h -md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +md_rand.o: ../../e_os.h ../../include/openssl/asn1.h +md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -md_rand.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -md_rand.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -md_rand.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -md_rand.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -md_rand.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -md_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -md_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -md_rand.o: ../../include/openssl/ui_compat.h md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md_rand.o: md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h rand_egd.o: ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h @@ -110,83 +97,59 @@ rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c -rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h -rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rand_lib.o: ../../e_os.h ../../include/openssl/bio.h rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rand_lib.o: ../../include/openssl/err.h ../../include/openssl/fips.h -rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/lhash.h +rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h rand_lib.o: ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../../include/openssl/ui_compat.h ../cryptlib.h rand_lib.c -rand_os2.o: ../../e_os.h ../../include/openssl/aes.h -rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_lib.o: ../cryptlib.h rand_lib.c +rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h +rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c +rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h +rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_os2.o: ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c -rand_unix.o: ../../e_os.h ../../include/openssl/aes.h -rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h +rand_os2.o: rand_os2.c +rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h +rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_unix.o: ../../include/openssl/objects.h rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c -rand_win.o: ../../e_os.h ../../include/openssl/aes.h -rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h +rand_unix.o: rand_unix.c +rand_win.o: ../../e_os.h ../../include/openssl/asn1.h +rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_win.o: ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c +rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h +rand_win.o: rand_win.c randfile.o: ../../e_os.h ../../include/openssl/buffer.h randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h randfile.o: ../../include/openssl/opensslconf.h diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c index c84968d..6e10f6e 100644 --- a/crypto/openssl/crypto/rand/md_rand.c +++ b/crypto/openssl/crypto/rand/md_rand.c @@ -126,7 +126,6 @@ #include #include -#include #ifdef BN_DEBUG # define PREDICT @@ -301,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) + for (k = 0; k < (int)sizeof(md); k++) { md[k] ^= local_md[k]; } @@ -316,7 +315,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) static void ssleay_rand_seed(const void *buf, int num) { - ssleay_rand_add(buf, num, num); + ssleay_rand_add(buf, num, (double)num); } static int ssleay_rand_bytes(unsigned char *buf, int num) @@ -333,14 +332,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; -#ifdef OPENSSL_FIPS - if(FIPS_mode()) - { - FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); - return 0; - } -#endif - #ifdef PREDICT if (rand_predictable) { @@ -529,7 +520,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) - (void)ERR_get_error(); + ERR_clear_error(); } return (ret); } diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/openssl/crypto/rand/rand.h index 604df9b..ac6c021 100644 --- a/crypto/openssl/crypto/rand/rand.h +++ b/crypto/openssl/crypto/rand/rand.h @@ -72,10 +72,13 @@ extern "C" { #endif #if defined(OPENSSL_FIPS) -#define FIPS_RAND_SIZE_T int +#define FIPS_RAND_SIZE_T size_t #endif -typedef struct rand_meth_st +/* Already defined in ossl_typ.h */ +/* typedef struct rand_meth_st RAND_METHOD; */ + +struct rand_meth_st { void (*seed)(const void *buf, int num); int (*bytes)(unsigned char *buf, int num); @@ -83,7 +86,7 @@ typedef struct rand_meth_st void (*add)(const void *buf, int num, double entropy); int (*pseudorand)(unsigned char *buf, int num); int (*status)(void); - } RAND_METHOD; + }; #ifdef BN_DEBUG extern int rand_predictable; @@ -125,17 +128,11 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ -#define RAND_F_FIPS_RAND_BYTES 102 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ -#define RAND_R_NON_FIPS_METHOD 101 -#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105 -#define RAND_R_PRNG_NOT_REKEYED 103 -#define RAND_R_PRNG_NOT_RESEEDED 104 #define RAND_R_PRNG_NOT_SEEDED 100 -#define RAND_R_PRNG_STUCK 102 #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/rand/rand_egd.c b/crypto/openssl/crypto/rand/rand_egd.c index 3ec2eab..50bce6c 100644 --- a/crypto/openssl/crypto/rand/rand_egd.c +++ b/crypto/openssl/crypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); @@ -216,7 +216,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) while (numbytes != 1) { num = read(fd, egdbuf, 1); - if (num >= 0) + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) numbytes += num; else { @@ -246,7 +248,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) while (numbytes != egdbuf[0]) { num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); - if (num >= 0) + if (num == 0) + goto err; /* descriptor closed */ + else if (num > 0) numbytes += num; else { diff --git a/crypto/openssl/crypto/rand/rand_err.c b/crypto/openssl/crypto/rand/rand_err.c index 9557465..b2f2448 100644 --- a/crypto/openssl/crypto/rand/rand_err.c +++ b/crypto/openssl/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,22 +64,20 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) + static ERR_STRING_DATA RAND_str_functs[]= { -{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"}, -{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, -{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, +{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, +{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} }; static ERR_STRING_DATA RAND_str_reasons[]= { -{RAND_R_NON_FIPS_METHOD ,"non fips method"}, -{RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"}, -{RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"}, -{RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"}, -{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, -{RAND_R_PRNG_STUCK ,"prng stuck"}, +{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {0,NULL} }; @@ -93,8 +91,8 @@ void ERR_load_RAND_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); - ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); + ERR_load_strings(0,RAND_str_functs); + ERR_load_strings(0,RAND_str_reasons); #endif } diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c index 88f1b56..513e338 100644 --- a/crypto/openssl/crypto/rand/rand_lib.c +++ b/crypto/openssl/crypto/rand/rand_lib.c @@ -63,8 +63,6 @@ #ifndef OPENSSL_NO_ENGINE #include #endif -#include -#include #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ @@ -87,16 +85,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth) const RAND_METHOD *RAND_get_rand_method(void) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() - && default_RAND_meth != FIPS_rand_check()) - { - RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); - return 0; - } -#endif - - if (!default_RAND_meth) { #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/openssl/crypto/rand/rand_nw.c b/crypto/openssl/crypto/rand/rand_nw.c new file mode 100644 index 0000000..ba57812 --- /dev/null +++ b/crypto/openssl/crypto/rand/rand_nw.c @@ -0,0 +1,176 @@ +/* crypto/rand/rand_nw.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include "rand_lcl.h" + +#if defined (OPENSSL_SYS_NETWARE) + +#if defined(NETWARE_LIBC) +#include +#endif + +extern long RunningProcess; + + /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed + */ +int RAND_poll(void) +{ + unsigned long l; + unsigned long tsc; + int i; + + /* There are several options to gather miscellaneous data + * but for now we will loop checking the time stamp counter (rdtsc) and + * the SuperHighResolutionTimer. Each iteration will collect 8 bytes + * of data but it is treated as only 1 byte of entropy. The call to + * ThreadSwitchWithDelay() will introduce additional variability into + * the data returned by rdtsc. + * + * Applications can agument the seed material by adding additional + * stuff with RAND_add() and should probably do so. + */ + l = GetProcessSwitchCount(); + RAND_add(&l,sizeof(l),1); + + l=RunningProcess; + RAND_add(&l,sizeof(l),1); + + for( i=2; i #define USE_SOCKETS #include "e_os.h" @@ -115,11 +116,12 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) #include #include #include +#include #include #include #include @@ -151,9 +153,10 @@ int RAND_poll(void) int n = 0; #endif #ifdef DEVRANDOM - static const char *randomfiles[] = { DEVRANDOM, NULL }; - const char **randomfile = NULL; + static const char *randomfiles[] = { DEVRANDOM }; + struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; int fd; + size_t i; #endif #ifdef DEVRANDOM_EGD static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; @@ -161,26 +164,43 @@ int RAND_poll(void) #endif #ifdef DEVRANDOM + memset(randomstats,0,sizeof(randomstats)); /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD * have this. Use /dev/urandom if you can as /dev/random may block * if it runs out of random entries. */ - for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++) + for (i=0; i= 0) { struct timeval t = { 0, 10*1000 }; /* Spend 10ms on each file. */ int r; + size_t j; fd_set fset; + struct stat *st=&randomstats[i]; + + /* Avoid using same input... Used to be O_NOFOLLOW + * above, but it's not universally appropriate... */ + if (fstat(fd,st) != 0) { close(fd); continue; } + for (j=0;jst_ino && + randomstats[j].st_dev==st->st_dev) + break; + } + if (j 0) { - RAND_add(tmpbuf,sizeof tmpbuf,n); + RAND_add(tmpbuf,sizeof tmpbuf,(double)n); OPENSSL_cleanse(tmpbuf,n); } #endif /* put in some default random data, we need more than just this */ l=curr_pid; - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); l=getuid(); - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); l=time(NULL); - RAND_add(&l,sizeof(l),0); + RAND_add(&l,sizeof(l),0.0); #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) return 1; diff --git a/crypto/openssl/crypto/rand/rand_vms.c b/crypto/openssl/crypto/rand/rand_vms.c index 29b2d7a..1267a3a 100644 --- a/crypto/openssl/crypto/rand/rand_vms.c +++ b/crypto/openssl/crypto/rand/rand_vms.c @@ -101,11 +101,12 @@ int RAND_poll(void) pitem = item; /* Setup */ - while (pitems_data->length) + while (pitems_data->length + && (total_length + pitems_data->length <= 256)) { pitem->length = pitems_data->length; pitem->code = pitems_data->code; - pitem->buffer = (long *)data_buffer[total_length]; + pitem->buffer = (long *)&data_buffer[total_length]; pitem->retlen = 0; total_length += pitems_data->length; pitems_data++; diff --git a/crypto/openssl/crypto/rand/rand_win.c b/crypto/openssl/crypto/rand/rand_win.c index aaea92c..00dbe42 100644 --- a/crypto/openssl/crypto/rand/rand_win.c +++ b/crypto/openssl/crypto/rand/rand_win.c @@ -121,6 +121,10 @@ #include #include +/* Limit the time spent walking through the heap, processes, threads and modules to + a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ +#define MAXDELAY 1000 + /* Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ @@ -152,6 +156,7 @@ typedef struct tagCURSORINFO #define CURSOR_SHOWING 0x00000001 #endif /* CURSOR_SHOWING */ +#if !defined(OPENSSL_SYS_WINCE) typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, DWORD, DWORD); typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); @@ -163,7 +168,7 @@ typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); -typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); +typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); @@ -171,9 +176,7 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include -#ifndef OPENSSL_SYS_WINCE #include -#endif #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was * was added to the Platform SDK to allow the NET API to be used in @@ -184,26 +187,14 @@ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); #endif /* 1 */ +#endif /* !OPENSSL_SYS_WINCE */ int RAND_poll(void) { MEMORYSTATUS m; HCRYPTPROV hProvider = 0; - BYTE buf[64]; DWORD w; - HWND h; - - HMODULE advapi, kernel, user, netapi; - CRYPTACQUIRECONTEXTW acquire = 0; - CRYPTGENRANDOM gen = 0; - CRYPTRELEASECONTEXT release = 0; -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ - NETSTATGET netstatget = 0; - NETFREE netfree = 0; -#endif /* 1 */ + int good = 0; /* Determine the OS version we are on so we can turn off things * that do not work properly. @@ -212,21 +203,24 @@ int RAND_poll(void) osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; GetVersionEx( &osverinfo ) ; -#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO -#ifndef CryptAcquireContext -#define CryptAcquireContext CryptAcquireContextW -#endif +#if defined(OPENSSL_SYS_WINCE) +# if defined(_WIN32_WCE) && _WIN32_WCE>=300 +/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available + * in commonly available implementations prior 300... */ + { + BYTE buf[64]; /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) + if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { if (CryptGenRandom(hProvider, sizeof(buf), buf)) RAND_add(buf, sizeof(buf), sizeof(buf)); CryptReleaseContext(hProvider, 0); } -#endif - -#ifndef OPENSSL_SYS_WINCE + } +# endif +#else /* OPENSSL_SYS_WINCE */ /* * None of below libraries are present on Windows CE, which is * why we #ifndef the whole section. This also excuses us from @@ -240,17 +234,19 @@ int RAND_poll(void) * implement own shim routine, which would accept ANSI argument * and expand it to Unicode. */ - + { /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); - kernel = LoadLibrary(TEXT("KERNEL32.DLL")); - user = LoadLibrary(TEXT("USER32.DLL")); - netapi = LoadLibrary(TEXT("NETAPI32.DLL")); - -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ + HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); + HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + HMODULE user = NULL; + HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); + CRYPTACQUIRECONTEXTW acquire = NULL; + CRYPTGENRANDOM gen = NULL; + CRYPTRELEASECONTEXT release = NULL; + NETSTATGET netstatget = NULL; + NETFREE netfree = NULL; + BYTE buf[64]; + if (netapi) { netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); @@ -280,7 +276,6 @@ int RAND_poll(void) if (netapi) FreeLibrary(netapi); -#endif /* 1 */ /* It appears like this can cause an exception deep within ADVAPI32.DLL * at random times on Windows 2000. Reported by Jeffrey Altman. @@ -356,12 +351,13 @@ int RAND_poll(void) { /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, + if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), 0); + good = 1; #if 0 printf("randomness from PROV_RSA_FULL\n"); #endif @@ -375,6 +371,7 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); + good = 1; #if 0 printf("randomness from PROV_INTEL_SEC\n"); #endif @@ -386,7 +383,9 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if (user) + if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + !OPENSSL_isservice()) && + (user = LoadLibrary(TEXT("USER32.DLL")))) { GETCURSORINFO cursor; GETFOREGROUNDWINDOW win; @@ -399,7 +398,7 @@ int RAND_poll(void) if (win) { /* window handle */ - h = win(); + HWND h = win(); RAND_add(&h, sizeof(h), 0); } if (cursor) @@ -464,6 +463,7 @@ int RAND_poll(void) PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; + DWORD stoptime = 0; snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CreateToolhelp32Snapshot"); @@ -495,6 +495,7 @@ int RAND_poll(void) * of entropy. */ hlist.dwSize = sizeof(HEAPLIST32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (heaplist_first(handle, &hlist)) do { @@ -512,18 +513,20 @@ int RAND_poll(void) && --entrycnt > 0); } } while (heaplist_next(handle, - &hlist)); - + &hlist) && GetTickCount() < stoptime); + /* process walking */ /* PROCESSENTRY32 contains 9 fields that will change * with each entry. Consider each field a source of * 1 byte of entropy. */ p.dwSize = sizeof(PROCESSENTRY32); + + if (good) stoptime = GetTickCount() + MAXDELAY; if (process_first(handle, &p)) do RAND_add(&p, p.dwSize, 9); - while (process_next(handle, &p)); + while (process_next(handle, &p) && GetTickCount() < stoptime); /* thread walking */ /* THREADENTRY32 contains 6 fields that will change @@ -531,10 +534,11 @@ int RAND_poll(void) * 1 byte of entropy. */ t.dwSize = sizeof(THREADENTRY32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (thread_first(handle, &t)) do RAND_add(&t, t.dwSize, 6); - while (thread_next(handle, &t)); + while (thread_next(handle, &t) && GetTickCount() < stoptime); /* module walking */ /* MODULEENTRY32 contains 9 fields that will change @@ -542,18 +546,22 @@ int RAND_poll(void) * 1 byte of entropy. */ m.dwSize = sizeof(MODULEENTRY32); + if (good) stoptime = GetTickCount() + MAXDELAY; if (module_first(handle, &m)) do RAND_add(&m, m.dwSize, 9); - while (module_next(handle, &m)); + while (module_next(handle, &m) + && (GetTickCount() < stoptime)); if (close_snap) close_snap(handle); else CloseHandle(handle); + } FreeLibrary(kernel); } + } #endif /* !OPENSSL_SYS_WINCE */ /* timer data */ @@ -680,7 +688,7 @@ static void readtimer(void) static void readscreen(void) { -#ifndef OPENSSL_SYS_WINCE +#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) HDC hScrDC; /* screen DC */ HDC hMemDC; /* memory DC */ HBITMAP hBitmap; /* handle for our bitmap */ @@ -693,6 +701,9 @@ static void readscreen(void) int y; /* y-coordinate of screen lines to grab */ int n = 16; /* number of screen lines to grab at a time */ + if (GetVersion() >= 0x80000000 || !OPENSSL_isservice()) + return; + /* Create a screen DC and a memory DC compatible to screen DC */ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); hMemDC = CreateCompatibleDC(hScrDC); diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c index c7fba49..d69bdf8 100644 --- a/crypto/openssl/crypto/rand/randfile.c +++ b/crypto/openssl/crypto/rand/randfile.c @@ -57,7 +57,7 @@ */ /* We need to define this to get macros like S_IFBLK and S_IFCHR */ -#define _XOPEN_SOURCE 1 +#define _XOPEN_SOURCE 500 #include #include @@ -104,7 +104,7 @@ int RAND_load_file(const char *file, long bytes) i=stat(file,&sb); /* If the state fails, put some crap in anyway */ - RAND_add(&sb,sizeof(sb),0); + RAND_add(&sb,sizeof(sb),0.0); if (i < 0) return(0); if (bytes == 0) return(ret); @@ -129,7 +129,7 @@ int RAND_load_file(const char *file, long bytes) i=fread(buf,1,n,in); if (i <= 0) break; /* even if n != i, use the full array */ - RAND_add(buf,n,i); + RAND_add(buf,n,(double)i); ret+=i; if (bytes > 0) { diff --git a/crypto/openssl/crypto/rand/randtest.c b/crypto/openssl/crypto/rand/randtest.c index 701932e..9e92a70 100644 --- a/crypto/openssl/crypto/rand/randtest.c +++ b/crypto/openssl/crypto/rand/randtest.c @@ -65,7 +65,7 @@ /* some FIPS 140-1 random number test */ /* some simple tests */ -int main() +int main(int argc,char **argv) { unsigned char buf[2500]; int i,j,k,s,sign,nsign,err=0; @@ -211,6 +211,9 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/openssl/crypto/rc2/Makefile b/crypto/openssl/crypto/rc2/Makefile index 982b9c9..73eac34 100644 --- a/crypto/openssl/crypto/rc2/Makefile +++ b/crypto/openssl/crypto/rc2/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/rc2/Makefile +# OpenSSL/crypto/rc2/Makefile # DIR= rc2 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: diff --git a/crypto/openssl/crypto/rc2/rc2.h b/crypto/openssl/crypto/rc2/rc2.h index 7816b45..34c8362 100644 --- a/crypto/openssl/crypto/rc2/rc2.h +++ b/crypto/openssl/crypto/rc2/rc2.h @@ -59,6 +59,7 @@ #ifndef HEADER_RC2_H #define HEADER_RC2_H +#include /* OPENSSL_NO_RC2, RC2_INT */ #ifdef OPENSSL_NO_RC2 #error RC2 is disabled. #endif @@ -66,7 +67,6 @@ #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 -#include /* RC2_INT */ #define RC2_BLOCK 8 #define RC2_KEY_LENGTH 16 diff --git a/crypto/openssl/crypto/rc2/rc2_skey.c b/crypto/openssl/crypto/rc2/rc2_skey.c index cab3080..4953642 100644 --- a/crypto/openssl/crypto/rc2/rc2_skey.c +++ b/crypto/openssl/crypto/rc2/rc2_skey.c @@ -84,6 +84,10 @@ static unsigned char key_table[256]={ 0xfe,0x7f,0xc1,0xad, }; +#if defined(_MSC_VER) && defined(_ARM_) +#pragma optimize("g",off) +#endif + /* It has come to my attention that there are 2 versions of the RC2 * key schedule. One which is normal, and anther which has a hook to * use a reduced key length. @@ -136,3 +140,6 @@ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) *(ki--)=((k[i]<<8)|k[i-1])&0xffff; } +#if defined(_MSC_VER) +#pragma optimize("",on) +#endif diff --git a/crypto/openssl/crypto/rc2/rc2speed.c b/crypto/openssl/crypto/rc2/rc2speed.c index 47d34b4..85cf6f6 100644 --- a/crypto/openssl/crypto/rc2/rc2speed.c +++ b/crypto/openssl/crypto/rc2/rc2speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif @@ -102,10 +105,10 @@ OPENSSL_DECLARE_EXIT #ifndef HZ #ifndef CLK_TCK #define HZ 100.0 -#endif -#else /* CLK_TCK */ +#else /* CLK_TCK */ #define HZ ((double)CLK_TCK) -#endif +#endif /* CLK_TCK */ +#endif /* HZ */ #define BUFSIZE ((long)1024) long run=0; diff --git a/crypto/openssl/crypto/rc2/rc2test.c b/crypto/openssl/crypto/rc2/rc2test.c index b67bafb..0e11743 100644 --- a/crypto/openssl/crypto/rc2/rc2test.c +++ b/crypto/openssl/crypto/rc2/rc2test.c @@ -205,6 +205,9 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/openssl/crypto/rc4/Makefile b/crypto/openssl/crypto/rc4/Makefile index 15da280..7857c95 100644 --- a/crypto/openssl/crypto/rc4/Makefile +++ b/crypto/openssl/crypto/rc4/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/rc4/Makefile +# OpenSSL/crypto/rc4/Makefile # DIR= rc4 @@ -8,23 +8,13 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile AR= ar r RC4_ENC=rc4_enc.o -# or use -#RC4_ENC=asm/rx86-elf.o -#RC4_ENC=asm/rx86-out.o -#RC4_ENC=asm/rx86-sol.o -#RC4_ENC=asm/rx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=rc4test.c @@ -51,20 +41,24 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s) - +# ELF +rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@) +# COFF +rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@) # a.out -asm/rx86-out.o: asm/rx86unix.cpp - $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o +rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@) -# bsdi -asm/rx86bsdi.o: asm/rx86unix.cpp - $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o +rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ -asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp) +rc4-ia64.s: asm/rc4-ia64.S + @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \ + int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \ + char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \ + *) exit 1 ;; \ + esac files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -75,7 +69,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -90,6 +85,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -97,12 +93,23 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h -rc4_enc.o: rc4_enc.c rc4_locl.h -rc4_skey.o: ../../include/openssl/opensslconf.h -rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h -rc4_skey.o: rc4_locl.h rc4_skey.c +rc4_enc.o: ../../e_os.h ../../include/openssl/bio.h +rc4_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rc4_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rc4_enc.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h +rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h +rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h +rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h +rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c diff --git a/crypto/openssl/crypto/rc4/asm/rc4-586.pl b/crypto/openssl/crypto/rc4/asm/rc4-586.pl index 7ef889e..22bda4b 100644 --- a/crypto/openssl/crypto/rc4/asm/rc4-586.pl +++ b/crypto/openssl/crypto/rc4/asm/rc4-586.pl @@ -1,16 +1,37 @@ #!/usr/local/bin/perl -# define for pentium pro friendly version +# At some point it became apparent that the original SSLeay RC4 +# assembler implementation performs suboptimaly on latest IA-32 +# microarchitectures. After re-tuning performance has changed as +# following: +# +# Pentium +0% +# Pentium III +17% +# AMD +52%(*) +# P4 +180%(**) +# +# (*) This number is actually a trade-off:-) It's possible to +# achieve +72%, but at the cost of -48% off PIII performance. +# In other words code performing further 13% faster on AMD +# would perform almost 2 times slower on Intel PIII... +# For reference! This code delivers ~80% of rc4-amd64.pl +# performance on the same Opteron machine. +# (**) This number requires compressed key schedule set up by +# RC4_set_key and therefore doesn't apply to 0.9.7 [option for +# compressed key schedule is implemented in 0.9.8 and later, +# see commentary section in rc4_skey.c for further details]. +# +# push(@INC,"perlasm","../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"rc4-586.pl"); -$tx="eax"; -$ty="ebx"; -$x="ecx"; -$y="edx"; +$x="eax"; +$y="ebx"; +$tx="ecx"; +$ty="edx"; $in="esi"; $out="edi"; $d="ebp"; @@ -31,7 +52,7 @@ sub RC4_loop { &mov($ty, &swtmp(2)); &cmp($ty, $in); - &jle(&label("finished")); + &jbe(&label("finished")); &inc($in); } else @@ -39,27 +60,23 @@ sub RC4_loop &add($ty, 8); &inc($in); &cmp($ty, $in); - &jl(&label("finished")); + &jb(&label("finished")); &mov(&swtmp(2), $ty); } } # Moved out # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; - &add( $y, $tx); - &and( $y, 0xff); - &inc( $x); # NEXT ROUND + &add( &LB($y), &LB($tx)); &mov( $ty, &DWP(0,$d,$y,4)); # XXX - &mov( &DWP(-4,$d,$x,4),$ty); # AGI + &mov( &DWP(0,$d,$x,4),$ty); &add( $ty, $tx); - &and( $x, 0xff); # NEXT ROUND - &and( $ty, 0xff); &mov( &DWP(0,$d,$y,4),$tx); - &nop(); - &mov( $ty, &DWP(0,$d,$ty,4)); - &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND - # XXX + &and( $ty, 0xff); + &inc( &LB($x)); # NEXT ROUND + &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND + &mov( $ty, &DWP(0,$d,$ty,4)); if (!$char) { @@ -88,35 +105,47 @@ sub RC4 &function_begin_B($name,""); + &mov($ty,&wparam(1)); # len + &cmp($ty,0); + &jne(&label("proceed")); + &ret(); + &set_label("proceed"); + &comment(""); &push("ebp"); &push("ebx"); - &mov( $d, &wparam(0)); # key - &mov( $ty, &wparam(1)); # num &push("esi"); - &push("edi"); + &xor( $x, $x); # avoid partial register stalls + &push("edi"); + &xor( $y, $y); # avoid partial register stalls + &mov( $d, &wparam(0)); # key + &mov( $in, &wparam(2)); - &mov( $x, &DWP(0,$d,"",1)); - &mov( $y, &DWP(4,$d,"",1)); + &movb( &LB($x), &BP(0,$d,"",1)); + &movb( &LB($y), &BP(4,$d,"",1)); - &mov( $in, &wparam(2)); - &inc( $x); + &mov( $out, &wparam(3)); + &inc( &LB($x)); &stack_push(3); # 3 temp variables &add( $d, 8); - &and( $x, 0xff); + + # detect compressed schedule, see commentary section in rc4_skey.c... + # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant, + # as compressed key schedule is set up in 0.9.8 and later. + &cmp(&DWP(256,$d),-1); + &je(&label("RC4_CHAR")); &lea( $ty, &DWP(-8,$ty,$in)); # check for 0 length input - &mov( $out, &wparam(3)); &mov( &swtmp(2), $ty); # this is now address to exit at &mov( $tx, &DWP(0,$d,$x,4)); &cmp( $ty, $in); - &jl( &label("end")); # less than 8 bytes + &jb( &label("end")); # less than 8 bytes &set_label("start"); @@ -148,7 +177,7 @@ sub RC4 &mov( &DWP(-4,$out,"",0), $tx); &mov( $tx, &DWP(0,$d,$x,4)); &cmp($in, $ty); - &jle(&label("start")); + &jbe(&label("start")); &set_label("end"); @@ -162,10 +191,38 @@ sub RC4 &RC4_loop(5,0,1); &RC4_loop(6,1,1); + &jmp(&label("finished")); + + &align(16); + # this is essentially Intel P4 specific codepath, see rc4_skey.c, + # and is engaged in 0.9.8 and later context... + &set_label("RC4_CHAR"); + + &lea ($ty,&DWP(0,$in,$ty)); + &mov (&swtmp(2),$ty); + &movz ($tx,&BP(0,$d,$x)); + + # strangely enough unrolled loop performs over 20% slower... + &set_label("RC4_CHAR_loop"); + &add (&LB($y),&LB($tx)); + &movz ($ty,&BP(0,$d,$y)); + &movb (&BP(0,$d,$y),&LB($tx)); + &movb (&BP(0,$d,$x),&LB($ty)); + &add (&LB($ty),&LB($tx)); + &movz ($ty,&BP(0,$d,$ty)); + &add (&LB($x),1); + &xorb (&LB($ty),&BP(0,$in)); + &lea ($in,&BP(1,$in)); + &movz ($tx,&BP(0,$d,$x)); + &cmp ($in,&swtmp(2)); + &movb (&BP(0,$out),&LB($ty)); + &lea ($out,&BP(1,$out)); + &jb (&label("RC4_CHAR_loop")); + &set_label("finished"); &dec( $x); &stack_pop(3); - &mov( &DWP(-4,$d,"",0),$y); + &movb( &BP(-4,$d,"",0),&LB($y)); &movb( &BP(-8,$d,"",0),&LB($x)); &function_end($name); diff --git a/crypto/openssl/crypto/rc4/asm/rc4-ia64.S b/crypto/openssl/crypto/rc4/asm/rc4-ia64.S new file mode 100644 index 0000000..a322d0c --- /dev/null +++ b/crypto/openssl/crypto/rc4/asm/rc4-ia64.S @@ -0,0 +1,160 @@ +// ==================================================================== +// Written by Andy Polyakov for the OpenSSL +// project. +// +// Rights for redistribution and usage in source and binary forms are +// granted according to the OpenSSL license. Warranty of any kind is +// disclaimed. +// ==================================================================== + +.ident "rc4-ia64.S, Version 2.0" +.ident "IA-64 ISA artwork by Andy Polyakov " + +// What's wrong with compiler generated code? Because of the nature of +// C language, compiler doesn't [dare to] reorder load and stores. But +// being memory-bound, RC4 should benefit from reorder [on in-order- +// execution core such as IA-64]. But what can we reorder? At the very +// least we can safely reorder references to key schedule in respect +// to input and output streams. Secondly, from the first [close] glance +// it appeared that it's possible to pull up some references to +// elements of the key schedule itself. Original rationale ["prior +// loads are not safe only for "degenerated" key schedule, when some +// elements equal to the same value"] was kind of sloppy. I should have +// formulated as it really was: if we assume that pulling up reference +// to key[x+1] is not safe, then it would mean that key schedule would +// "degenerate," which is never the case. The problem is that this +// holds true in respect to references to key[x], but not to key[y]. +// Legitimate "collisions" do occur within every 256^2 bytes window. +// Fortunately there're enough free instruction slots to keep prior +// reference to key[x+1], detect "collision" and compensate for it. +// All this without sacrificing a single clock cycle:-) Throughput is +// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated +// code and +30% - if compared to HP-UX C. Unrolling loop below should +// give >30% on top of that... + +.text +.explicit + +#if defined(_HPUX_SOURCE) && !defined(_LP64) +# define ADDP addp4 +#else +# define ADDP add +#endif + +#ifndef SZ +#define SZ 4 // this is set to sizeof(RC4_INT) +#endif +// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for +// assembler implementation, while SZ==1 code is ~30% slower. +#if SZ==1 // RC4_INT is unsigned char +# define LDKEY ld1 +# define STKEY st1 +# define OFF 0 +#elif SZ==4 // RC4_INT is unsigned int +# define LDKEY ld4 +# define STKEY st4 +# define OFF 2 +#elif SZ==8 // RC4_INT is unsigned long +# define LDKEY ld8 +# define STKEY st8 +# define OFF 3 +#endif + +out=r8; // [expanded] output pointer +inp=r9; // [expanded] output pointer +prsave=r10; +key=r28; // [expanded] pointer to RC4_KEY +ksch=r29; // (key->data+255)[&~(sizeof(key->data)-1)] +xx=r30; +yy=r31; + +// void RC4(RC4_KEY *key,size_t len,const void *inp,void *out); +.global RC4# +.proc RC4# +.align 32 +.skip 16 +RC4: + .prologue + .fframe 0 + .save ar.pfs,r2 + .save ar.lc,r3 + .save pr,prsave +{ .mii; alloc r2=ar.pfs,4,12,0,16 + mov prsave=pr + ADDP key=0,in0 };; +{ .mib; cmp.eq p6,p0=0,in1 // len==0? + mov r3=ar.lc +(p6) br.ret.spnt.many b0 };; // emergency exit + + .body + .rotr dat[4],key_x[4],tx[2],rnd[2],key_y[2],ty[1]; + +{ .mib; LDKEY xx=[key],SZ // load key->x + add in1=-1,in1 // adjust len for loop counter + nop.b 0 } +{ .mib; ADDP inp=0,in2 + ADDP out=0,in3 + brp.loop.imp .Ltop,.Lexit-16 };; +{ .mmi; LDKEY yy=[key] // load key->y + add ksch=SZ,key + mov ar.lc=in1 } +{ .mmi; mov key_y[1]=r0 // guarantee inequality + // in first iteration + add xx=1,xx + mov pr.rot=1<<16 };; +{ .mii; nop.m 0 + dep key_x[1]=xx,r0,OFF,8 + mov ar.ec=3 };; // note that epilogue counter + // is off by 1. I compensate + // for this at exit... +.Ltop: +// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which +// theoretically gives asymptotic performance of clock frequency +// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is +// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently +// splits the last bundle and you end up with 5*n spin-rate:-( +// Originally the loop was scheduled for 3*n and relied on key +// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But +// *(out++)=dat, which maps to st1, had same effect [inadvertent +// bundle split] and holded the loop back. Rescheduling for 4*n +// made it possible to eliminate dependence on specific alignment +// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would +// require unrolling, sticking to variable shift instruction for +// collecting output [to avoid starvation for integer shifter] and +// copying of key schedule to controlled place in stack [so that +// deposit instruction can serve as substitute for whole +// key->data+((x&255)<data[0])))]... +{ .mmi; (p19) st1 [out]=dat[3],1 // *(out++)=dat + (p16) add xx=1,xx // x++ + (p18) dep rnd[1]=rnd[1],r0,OFF,8 } // ((tx+ty)&255)<y + mov pr=prsave,0x1ffff + nop.b 0 } +{ .mib; st1 [out]=dat[3],1 // compensate for truncated + // epilogue counter + add xx=-1,xx + nop.b 0 };; +{ .mib; STKEY [key]=xx // save key->x + mov ar.lc=r3 + br.ret.sptk.many b0 };; +.endp RC4# diff --git a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl b/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl new file mode 100755 index 0000000..4b990cb --- /dev/null +++ b/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl @@ -0,0 +1,240 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in +# "hand-coded assembler"] doesn't stand for the whole improvement +# coefficient. It turned out that eliminating RC4_CHAR from config +# line results in ~40% improvement (yes, even for C implementation). +# Presumably it has everything to do with AMD cache architecture and +# RAW or whatever penalties. Once again! The module *requires* config +# line *without* RC4_CHAR! As for coding "secret," I bet on partial +# register arithmetics. For example instead of 'inc %r8; and $255,%r8' +# I simply 'inc %r8b'. Even though optimization manual discourages +# to operate on partial registers, it turned out to be the best bet. +# At least for AMD... How IA32E would perform remains to be seen... + +# As was shown by Marc Bevand reordering of couple of load operations +# results in even higher performance gain of 3.3x:-) At least on +# Opteron... For reference, 1x in this case is RC4_CHAR C-code +# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock. +# Latter means that if you want to *estimate* what to expect from +# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz. + +# Intel P4 EM64T core was found to run the AMD64 code really slow... +# The only way to achieve comparable performance on P4 was to keep +# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to +# compose blended code, which would perform even within 30% marginal +# on either AMD and Intel platforms, I implement both cases. See +# rc4_skey.c for further details... + +# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing +# those with add/sub results in 50% performance improvement of folded +# loop... + +# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T +# performance by >30% [unlike P4 32-bit case that is]. But this is +# provided that loads are reordered even more aggressively! Both code +# pathes, AMD64 and EM64T, reorder loads in essentially same manner +# as my IA-64 implementation. On Opteron this resulted in modest 5% +# improvement [I had to test it], while final Intel P4 performance +# achieves respectful 432MBps on 2.8GHz processor now. For reference. +# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than +# RC4_INT code-path. While if executed on Opteron, it's only 25% +# slower than the RC4_INT one [meaning that if CPU µ-arch detection +# is not implemented, then this final RC4_CHAR code-path should be +# preferred, as it provides better *all-round* performance]. + +$output=shift; +open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; + +$dat="%rdi"; # arg1 +$len="%rsi"; # arg2 +$inp="%rdx"; # arg3 +$out="%rcx"; # arg4 + +@XX=("%r8","%r10"); +@TX=("%r9","%r11"); +$YY="%r12"; +$TY="%r13"; + +$code=<<___; +.text + +.globl RC4 +.type RC4,\@function,4 +.align 16 +RC4: or $len,$len + jne .Lentry + ret +.Lentry: + push %r12 + push %r13 + + add \$8,$dat + movl -8($dat),$XX[0]#d + movl -4($dat),$YY#d + cmpl \$-1,256($dat) + je .LRC4_CHAR + inc $XX[0]#b + movl ($dat,$XX[0],4),$TX[0]#d + test \$-8,$len + jz .Lloop1 + jmp .Lloop8 +.align 16 +.Lloop8: +___ +for ($i=0;$i<8;$i++) { +$code.=<<___; + add $TX[0]#b,$YY#b + mov $XX[0],$XX[1] + movl ($dat,$YY,4),$TY#d + ror \$8,%rax # ror is redundant when $i=0 + inc $XX[1]#b + movl ($dat,$XX[1],4),$TX[1]#d + cmp $XX[1],$YY + movl $TX[0]#d,($dat,$YY,4) + cmove $TX[0],$TX[1] + movl $TY#d,($dat,$XX[0],4) + add $TX[0]#b,$TY#b + movb ($dat,$TY,4),%al +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} +$code.=<<___; + ror \$8,%rax + sub \$8,$len + + xor ($inp),%rax + add \$8,$inp + mov %rax,($out) + add \$8,$out + + test \$-8,$len + jnz .Lloop8 + cmp \$0,$len + jne .Lloop1 +___ +$code.=<<___; +.Lexit: + sub \$1,$XX[0]#b + movl $XX[0]#d,-8($dat) + movl $YY#d,-4($dat) + + pop %r13 + pop %r12 + ret +.align 16 +.Lloop1: + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl $TY#d,($dat,$XX[0],4) + add $TY#b,$TX[0]#b + inc $XX[0]#b + movl ($dat,$TX[0],4),$TY#d + movl ($dat,$XX[0],4),$TX[0]#d + xorb ($inp),$TY#b + inc $inp + movb $TY#b,($out) + inc $out + dec $len + jnz .Lloop1 + jmp .Lexit + +.align 16 +.LRC4_CHAR: + add \$1,$XX[0]#b + movzb ($dat,$XX[0]),$TX[0]#d + test \$-8,$len + jz .Lcloop1 + push %rbx + jmp .Lcloop8 +.align 16 +.Lcloop8: + mov ($inp),%eax + mov 4($inp),%ebx +___ +# unroll 2x4-wise, because 64-bit rotates kill Intel P4... +for ($i=0;$i<4;$i++) { +$code.=<<___; + add $TX[0]#b,$YY#b + lea 1($XX[0]),$XX[1] + movzb ($dat,$YY),$TY#d + movzb $XX[1]#b,$XX[1]#d + movzb ($dat,$XX[1]),$TX[1]#d + movb $TX[0]#b,($dat,$YY) + cmp $XX[1],$YY + movb $TY#b,($dat,$XX[0]) + jne .Lcmov$i # Intel cmov is sloooow... + mov $TX[0],$TX[1] +.Lcmov$i: + add $TX[0]#b,$TY#b + xor ($dat,$TY),%al + ror \$8,%eax +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} +for ($i=4;$i<8;$i++) { +$code.=<<___; + add $TX[0]#b,$YY#b + lea 1($XX[0]),$XX[1] + movzb ($dat,$YY),$TY#d + movzb $XX[1]#b,$XX[1]#d + movzb ($dat,$XX[1]),$TX[1]#d + movb $TX[0]#b,($dat,$YY) + cmp $XX[1],$YY + movb $TY#b,($dat,$XX[0]) + jne .Lcmov$i # Intel cmov is sloooow... + mov $TX[0],$TX[1] +.Lcmov$i: + add $TX[0]#b,$TY#b + xor ($dat,$TY),%bl + ror \$8,%ebx +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} +$code.=<<___; + lea -8($len),$len + mov %eax,($out) + lea 8($inp),$inp + mov %ebx,4($out) + lea 8($out),$out + + test \$-8,$len + jnz .Lcloop8 + pop %rbx + cmp \$0,$len + jne .Lcloop1 + jmp .Lexit +___ +$code.=<<___; +.align 16 +.Lcloop1: + add $TX[0]#b,$YY#b + movzb ($dat,$YY),$TY#d + movb $TX[0]#b,($dat,$YY) + movb $TY#b,($dat,$XX[0]) + add $TX[0]#b,$TY#b + add \$1,$XX[0]#b + movzb ($dat,$TY),$TY#d + movzb ($dat,$XX[0]),$TX[0]#d + xorb ($inp),$TY#b + lea 1($inp),$inp + movb $TY#b,($out) + lea 1($out),$out + sub \$1,$len + jnz .Lcloop1 + jmp .Lexit +.size RC4,.-RC4 +___ + +$code =~ s/#([bwd])/$1/gm; + +print $code; + +close STDOUT; diff --git a/crypto/openssl/crypto/rc4/rc4.c b/crypto/openssl/crypto/rc4/rc4.c index b39c070..c900b26 100644 --- a/crypto/openssl/crypto/rc4/rc4.c +++ b/crypto/openssl/crypto/rc4/rc4.c @@ -60,6 +60,7 @@ #include #include #include +#include char *usage[]={ "usage: rc4 args\n", @@ -162,7 +163,7 @@ bad: keystr=buf; } - EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); + EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL); OPENSSL_cleanse(keystr,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); diff --git a/crypto/openssl/crypto/rc4/rc4.h b/crypto/openssl/crypto/rc4/rc4.h index 8722091..7aec04f 100644 --- a/crypto/openssl/crypto/rc4/rc4.h +++ b/crypto/openssl/crypto/rc4/rc4.h @@ -59,12 +59,11 @@ #ifndef HEADER_RC4_H #define HEADER_RC4_H +#include /* OPENSSL_NO_RC4, RC4_INT */ #ifdef OPENSSL_NO_RC4 #error RC4 is disabled. #endif -#include /* RC4_INT */ - #ifdef __cplusplus extern "C" { #endif diff --git a/crypto/openssl/crypto/rc4/rc4_enc.c b/crypto/openssl/crypto/rc4/rc4_enc.c index d5f18a3..0660ea6 100644 --- a/crypto/openssl/crypto/rc4/rc4_enc.c +++ b/crypto/openssl/crypto/rc4/rc4_enc.c @@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, if (!is_endian.little) { /* BIG-ENDIAN CASE */ # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) - for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) + for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) { ichunk = *(RC4_CHUNK *)indata; otp = RC4_STEP< +#include #endif diff --git a/crypto/openssl/crypto/rc4/rc4_skey.c b/crypto/openssl/crypto/rc4/rc4_skey.c index bb10c1e..781ff2d 100644 --- a/crypto/openssl/crypto/rc4/rc4_skey.c +++ b/crypto/openssl/crypto/rc4/rc4_skey.c @@ -93,25 +93,58 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) unsigned int i; d= &(key->data[0]); - for (i=0; i<256; i++) - d[i]=i; key->x = 0; key->y = 0; id1=id2=0; -#define SK_LOOP(n) { \ +#define SK_LOOP(d,n) { \ tmp=d[(n)]; \ id2 = (data[id1] + tmp + id2) & 0xff; \ if (++id1 == len) id1=0; \ d[(n)]=d[id2]; \ d[id2]=tmp; } +#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) + if (sizeof(RC4_INT) > 1) { + /* + * Unlike all other x86 [and x86_64] implementations, + * Intel P4 core [including EM64T] was found to perform + * poorly with wider RC4_INT. Performance improvement + * for IA-32 hand-coded assembler turned out to be 2.8x + * if re-coded for RC4_CHAR! It's however inappropriate + * to just switch to RC4_CHAR for x86[_64], as non-P4 + * implementations suffer from significant performance + * losses then, e.g. PIII exhibits >2x deterioration, + * and so does Opteron. In order to assure optimal + * all-round performance, let us [try to] detect P4 at + * run-time by checking upon HTT bit in CPU capability + * vector and set up compressed key schedule, which is + * recognized by correspondingly updated assembler + * module... + * + */ + if (OPENSSL_ia32cap_P & (1<<28)) { + unsigned char *cp=(unsigned char *)d; + + for (i=0;i<256;i++) cp[i]=i; + for (i=0;i<256;i++) SK_LOOP(cp,i); + /* mark schedule as compressed! */ + d[256/sizeof(RC4_INT)]=-1; + return; + } + } +# endif +#endif + for (i=0; i < 256; i++) d[i]=i; for (i=0; i < 256; i+=4) { - SK_LOOP(i+0); - SK_LOOP(i+1); - SK_LOOP(i+2); - SK_LOOP(i+3); + SK_LOOP(d,i+0); + SK_LOOP(d,i+1); + SK_LOOP(d,i+2); + SK_LOOP(d,i+3); } } diff --git a/crypto/openssl/crypto/rc4/rc4speed.c b/crypto/openssl/crypto/rc4/rc4speed.c index ced98c5..0ebd381 100644 --- a/crypto/openssl/crypto/rc4/rc4speed.c +++ b/crypto/openssl/crypto/rc4/rc4speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/rc4/rc4test.c b/crypto/openssl/crypto/rc4/rc4test.c index b9d8f20..54b597f 100644 --- a/crypto/openssl/crypto/rc4/rc4test.c +++ b/crypto/openssl/crypto/rc4/rc4test.c @@ -70,6 +70,7 @@ int main(int argc, char *argv[]) } #else #include +#include static unsigned char keys[7][30]={ {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, @@ -113,13 +114,11 @@ static unsigned char output[7][30]={ int main(int argc, char *argv[]) { - int i,err=0; - int j; + int err=0; + unsigned int i, j; unsigned char *p; RC4_KEY key; - unsigned char buf[512],obuf[512]; - - for (i=0; i<512; i++) buf[i]=0x01; + unsigned char obuf[512]; for (i=0; i<6; i++) { @@ -130,12 +129,12 @@ int main(int argc, char *argv[]) { printf("error calculating RC4\n"); printf("output:"); - for (j=0; j r586-elf.s) - +# ELF +r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@) +# COFF +r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@) # a.out -asm/r586-out.o: asm/r586unix.cpp - $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o - -# bsdi -asm/r586bsdi.o: asm/r586unix.cpp - $(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o - -asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp) +r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -72,7 +63,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -87,6 +79,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -94,13 +87,17 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h -rc5_ecb.o: rc5_ecb.c rc5_locl.h -rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h -rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c -rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c -rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c +rc5_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rc5_ecb.o: ../../include/openssl/rc5.h rc5_ecb.c rc5_locl.h +rc5_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5_enc.o: rc5_enc.c rc5_locl.h +rc5_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5_skey.o: rc5_locl.h rc5_skey.c +rc5cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5cfb64.o: rc5_locl.h rc5cfb64.c +rc5ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5ofb64.o: rc5_locl.h rc5ofb64.c diff --git a/crypto/openssl/crypto/rc5/rc5.h b/crypto/openssl/crypto/rc5/rc5.h index 4adfd2d..4b3c153 100644 --- a/crypto/openssl/crypto/rc5/rc5.h +++ b/crypto/openssl/crypto/rc5/rc5.h @@ -59,6 +59,8 @@ #ifndef HEADER_RC5_H #define HEADER_RC5_H +#include /* OPENSSL_NO_RC5 */ + #ifdef __cplusplus extern "C" { #endif diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/openssl/crypto/rc5/rc5_locl.h index f4ebc23..282dd38 100644 --- a/crypto/openssl/crypto/rc5/rc5_locl.h +++ b/crypto/openssl/crypto/rc5/rc5_locl.h @@ -146,7 +146,7 @@ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) -#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) +#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC) #define ROTATE_l32(a,n) _lrotl(a,n) #define ROTATE_r32(a,n) _lrotr(a,n) #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) diff --git a/crypto/openssl/crypto/rc5/rc5speed.c b/crypto/openssl/crypto/rc5/rc5speed.c index 7d490d5..8e363be 100644 --- a/crypto/openssl/crypto/rc5/rc5speed.c +++ b/crypto/openssl/crypto/rc5/rc5speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/openssl/crypto/ripemd/Makefile b/crypto/openssl/crypto/ripemd/Makefile index 2002044..d55875c 100644 --- a/crypto/openssl/crypto/ripemd/Makefile +++ b/crypto/openssl/crypto/ripemd/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/ripemd/Makefile +# OpenSSL/crypto/ripemd/Makefile # DIR= ripemd @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -20,6 +15,7 @@ RIP_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile TEST=rmdtest.c @@ -46,20 +42,15 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s) - +# ELF +rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@) +# COFF +rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@) # a.out -asm/rm86-out.o: asm/rm86unix.cpp - $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o - -# bsdi -asm/rm86bsdi.o: asm/rm86unix.cpp - $(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o - -asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp) +rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -70,7 +61,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -85,6 +77,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -92,20 +85,15 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rmd_dgst.o: ../../include/openssl/opensslconf.h +rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h -rmd_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rmd_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h rmd_dgst.c -rmd_dgst.o: rmd_locl.h rmdconst.h +rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h -rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rmd_one.o: rmd_one.c +rmd_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/ripemd.h +rmd_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rmd_one.o: ../../include/openssl/symhacks.h rmd_one.c diff --git a/crypto/openssl/crypto/ripemd/ripemd.h b/crypto/openssl/crypto/ripemd/ripemd.h index 78d5f36..06bd671 100644 --- a/crypto/openssl/crypto/ripemd/ripemd.h +++ b/crypto/openssl/crypto/ripemd/ripemd.h @@ -87,13 +87,13 @@ typedef struct RIPEMD160state_st RIPEMD160_LONG A,B,C,D,E; RIPEMD160_LONG Nl,Nh; RIPEMD160_LONG data[RIPEMD160_LBLOCK]; - int num; + unsigned int num; } RIPEMD160_CTX; int RIPEMD160_Init(RIPEMD160_CTX *c); -int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); #ifdef __cplusplus diff --git a/crypto/openssl/crypto/ripemd/rmd_dgst.c b/crypto/openssl/crypto/ripemd/rmd_dgst.c index f351f00..03a286d 100644 --- a/crypto/openssl/crypto/ripemd/rmd_dgst.c +++ b/crypto/openssl/crypto/ripemd/rmd_dgst.c @@ -63,10 +63,10 @@ const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; # ifdef RMD160_ASM - void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num); + void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num); # define ripemd160_block ripemd160_block_x86 # else - void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); + void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif int RIPEMD160_Init(RIPEMD160_CTX *c) @@ -87,7 +87,7 @@ int RIPEMD160_Init(RIPEMD160_CTX *c) #undef X #endif #define X(i) XX[i] -void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) +void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, size_t num) { const RIPEMD160_LONG *XX=p; register unsigned MD32_REG_T A,B,C,D,E; @@ -287,7 +287,7 @@ void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) #ifdef X #undef X #endif -void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num) +void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) { const unsigned char *data=p; register unsigned MD32_REG_T A,B,C,D,E; diff --git a/crypto/openssl/crypto/ripemd/rmd_locl.h b/crypto/openssl/crypto/ripemd/rmd_locl.h index 7b835df..b52d786 100644 --- a/crypto/openssl/crypto/ripemd/rmd_locl.h +++ b/crypto/openssl/crypto/ripemd/rmd_locl.h @@ -72,15 +72,19 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define ripemd160_block_host_order ripemd160_block_asm_host_order +# if !defined(B_ENDIAN) +# define ripemd160_block_host_order ripemd160_block_asm_host_order +# endif # endif #endif -void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num); -void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); +void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,size_t num); +void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -#define ripemd160_block_data_order ripemd160_block_host_order +# if !defined(B_ENDIAN) +# define ripemd160_block_data_order ripemd160_block_host_order +# endif #endif #define DATA_ORDER_IS_LITTLE_ENDIAN diff --git a/crypto/openssl/crypto/ripemd/rmd_one.c b/crypto/openssl/crypto/ripemd/rmd_one.c index f8b580c..3efb137 100644 --- a/crypto/openssl/crypto/ripemd/rmd_one.c +++ b/crypto/openssl/crypto/ripemd/rmd_one.c @@ -61,14 +61,15 @@ #include #include -unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) { RIPEMD160_CTX c; static unsigned char m[RIPEMD160_DIGEST_LENGTH]; if (md == NULL) md=m; - RIPEMD160_Init(&c); + if (!RIPEMD160_Init(&c)) + return NULL; RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ diff --git a/crypto/openssl/crypto/ripemd/rmdtest.c b/crypto/openssl/crypto/ripemd/rmdtest.c index d4c709e..cbfdf2a 100644 --- a/crypto/openssl/crypto/ripemd/rmdtest.c +++ b/crypto/openssl/crypto/ripemd/rmdtest.c @@ -115,7 +115,7 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); #endif - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL); + EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/openssl/crypto/rsa/Makefile index 7e666a0..1390081 100644 --- a/crypto/openssl/crypto/rsa/Makefile +++ b/crypto/openssl/crypto/rsa/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/rsa/Makefile +# OpenSSL/crypto/rsa/Makefile # DIR= rsa @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -24,10 +19,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_asn1.c + rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_asn1.o + rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o SRC= $(LIBSRC) @@ -55,7 +50,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -70,6 +66,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -99,6 +96,15 @@ rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_chk.o: rsa_chk.c +rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_depr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_depr.o: ../cryptlib.h rsa_depr.c rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -109,13 +115,12 @@ rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_err.o: rsa_err.c +rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h +rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rsa_err.o: ../../include/openssl/symhacks.h rsa_err.c rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -128,14 +133,13 @@ rsa_gen.o: ../cryptlib.h rsa_gen.c rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c +rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -154,26 +158,17 @@ rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c -rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h -rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rsa_oaep.o: ../../include/openssl/opensslconf.h rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rsa_oaep.o: ../cryptlib.h rsa_oaep.c rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -184,48 +179,43 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c -rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h -rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c +rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_saos.o: ../../include/openssl/opensslconf.h +rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_saos.o: ../cryptlib.h rsa_saos.c -rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h -rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_sign.o: ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_sign.o: ../cryptlib.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h @@ -237,3 +227,13 @@ rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c +rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index fc3bb5f..d302254 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -64,25 +64,25 @@ #ifndef OPENSSL_NO_BIO #include #endif -#include #include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif #ifdef OPENSSL_NO_RSA #error RSA is disabled. #endif -#if defined(OPENSSL_FIPS) -#define FIPS_RSA_SIZE_T int -#endif - #ifdef __cplusplus extern "C" { #endif -typedef struct rsa_st RSA; +/* Declared already in ossl_typ.h */ +/* typedef struct rsa_st RSA; */ +/* typedef struct rsa_meth_st RSA_METHOD; */ -typedef struct rsa_meth_st +struct rsa_meth_st { const char *name; int (*rsa_pub_enc)(int flen,const unsigned char *from, @@ -97,7 +97,7 @@ typedef struct rsa_meth_st int (*rsa_priv_dec)(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,int padding); - int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ + int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ @@ -118,8 +118,12 @@ typedef struct rsa_meth_st int (*rsa_verify)(int dtype, const unsigned char *m, unsigned int m_length, unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); - - } RSA_METHOD; +/* If this callback is NULL, the builtin software RSA key-gen will be used. This + * is for behavioural compatibility whilst the code gets rewired, but one day + * it would be nice to assume there are no such things as "builtin software" + * implementations. */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + }; struct rsa_st { @@ -152,38 +156,47 @@ struct rsa_st * NULL */ char *bignum_data; BN_BLINDING *blinding; + BN_BLINDING *mt_blinding; }; #define RSA_3 0x3L #define RSA_F4 0x10001L -#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ +#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */ -#define RSA_FLAG_CACHE_PUBLIC 0x02 -#define RSA_FLAG_CACHE_PRIVATE 0x04 -#define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_THREAD_SAFE 0x10 +#define RSA_FLAG_CACHE_PUBLIC 0x0002 +#define RSA_FLAG_CACHE_PRIVATE 0x0004 +#define RSA_FLAG_BLINDING 0x0008 +#define RSA_FLAG_THREAD_SAFE 0x0010 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: * for example a key stored in external hardware. Without this flag bn_mod_exp * gets called when private key components are absent. */ -#define RSA_FLAG_EXT_PKEY 0x20 +#define RSA_FLAG_EXT_PKEY 0x0020 /* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. */ -#define RSA_FLAG_SIGN_VER 0x40 - -#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ +#define RSA_FLAG_SIGN_VER 0x0040 + +#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_X931_PADDING 5 #define RSA_PKCS1_PADDING_SIZE 11 @@ -193,8 +206,16 @@ struct rsa_st RSA * RSA_new(void); RSA * RSA_new_method(ENGINE *engine); int RSA_size(const RSA *); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int RSA_check_key(const RSA *); /* next 4 return -1 on error */ int RSA_public_encrypt(int flen, const unsigned char *from, @@ -235,11 +256,19 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset); int RSA_print(BIO *bp, const RSA *r,int offset); #endif -int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); +int i2d_RSA_NET(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify), + int sgckey); +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify), + int sgckey); -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, + int verify)); +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, + int verify)); /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ @@ -259,6 +288,7 @@ int RSA_verify_ASN1_OCTET_STRING(int type, int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, const unsigned char *f,int fl); @@ -268,6 +298,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, const unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, const unsigned char *f,int fl,int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst); int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, const unsigned char *f,int fl, const unsigned char *p,int pl); @@ -282,6 +314,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen, const unsigned char *f,int fl); int RSA_padding_check_none(unsigned char *to,int tlen, const unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_X931(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_X931(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen); int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -301,30 +344,42 @@ void ERR_load_RSA_strings(void); /* Function codes. */ #define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_CHECK_KEY 123 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 #define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_MEMORY_LOCK 130 #define RSA_F_RSA_NEW_METHOD 106 #define RSA_F_RSA_NULL 124 +#define RSA_F_RSA_NULL_MOD_EXP 131 +#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 #define RSA_F_RSA_PADDING_ADD_NONE 107 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 #define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_ADD_X931 127 #define RSA_F_RSA_PADDING_CHECK_NONE 111 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 #define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PADDING_CHECK_X931 128 #define RSA_F_RSA_PRINT 115 #define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_SETUP_BLINDING 136 #define RSA_F_RSA_SIGN 117 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 #define RSA_F_RSA_VERIFY 119 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 @@ -344,9 +399,15 @@ void ERR_load_RSA_strings(void); #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_INVALID_HEADER 137 #define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_TRAILER 139 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 +#define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 @@ -354,6 +415,8 @@ void ERR_load_RSA_strings(void); #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 diff --git a/crypto/openssl/crypto/rsa/rsa_asn1.c b/crypto/openssl/crypto/rsa/rsa_asn1.c index 1455a7e..bbbf26d 100644 --- a/crypto/openssl/crypto/rsa/rsa_asn1.c +++ b/crypto/openssl/crypto/rsa/rsa_asn1.c @@ -63,10 +63,10 @@ #include static ASN1_METHOD method={ - (int (*)()) i2d_RSAPrivateKey, - (char *(*)())d2i_RSAPrivateKey, - (char *(*)())RSA_new, - (void (*)()) RSA_free}; + (I2D_OF(void)) i2d_RSAPrivateKey, + (D2I_OF(void)) d2i_RSAPrivateKey, + (void *(*)(void)) RSA_new, + (void (*)(void *)) RSA_free}; ASN1_METHOD *RSAPrivateKey_asn1_meth(void) { diff --git a/crypto/openssl/crypto/rsa/rsa_chk.c b/crypto/openssl/crypto/rsa/rsa_chk.c index 002f2cb..9d848db 100644 --- a/crypto/openssl/crypto/rsa/rsa_chk.c +++ b/crypto/openssl/crypto/rsa/rsa_chk.c @@ -75,7 +75,7 @@ int RSA_check_key(const RSA *key) } /* p prime? */ - r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); + r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); if (r != 1) { ret = r; @@ -85,7 +85,7 @@ int RSA_check_key(const RSA *key) } /* q prime? */ - r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); + r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); if (r != 1) { ret = r; diff --git a/crypto/openssl/crypto/rsa/rsa_depr.c b/crypto/openssl/crypto/rsa/rsa_depr.c new file mode 100644 index 0000000..a859ded --- /dev/null +++ b/crypto/openssl/crypto/rsa/rsa_depr.c @@ -0,0 +1,101 @@ +/* crypto/rsa/rsa_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NB: This file contains deprecated functions (compatibility wrappers to the + * "new" versions). */ + +#include +#include +#include "cryptlib.h" +#include +#include + +#ifdef OPENSSL_NO_DEPRECATED + +static void *dummy=&dummy; + +#else + +RSA *RSA_generate_key(int bits, unsigned long e_value, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + int i; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); + + if(!rsa || !e) goto err; + + /* The problem is when building with 8, 16, or 32 BN_ULONG, + * unsigned long can be larger */ + for (i=0; i<(int)sizeof(unsigned long)*8; i++) + { + if (e_value & (1UL< #include "cryptlib.h" @@ -62,7 +115,7 @@ #include #include -#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) +#ifndef RSA_NULL static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); @@ -72,7 +125,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa); +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); static int RSA_eay_init(RSA *rsa); static int RSA_eay_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_eay_meth={ @@ -88,7 +141,8 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ 0, /* flags */ NULL, 0, /* rsa_sign */ - 0 /* rsa_verify */ + 0, /* rsa_verify */ + NULL /* rsa_keygen */ }; const RSA_METHOD *RSA_PKCS1_SSLeay(void) @@ -96,19 +150,31 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } +/* Usage example; + * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + */ +#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ + if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ + !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ + CRYPTO_LOCK_RSA, \ + (rsa)->m, (ctx))) \ + err_instr + static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - BIGNUM f,ret; + BIGNUM *f,*ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - BN_init(&f); - BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) + buf = OPENSSL_malloc(num); + if (!f || !ret || !buf) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; @@ -136,54 +202,34 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, } if (i <= 0) goto err; - if (BN_bin2bn(buf,num,&f) == NULL) goto err; + if (BN_bin2bn(buf,num,f) == NULL) goto err; - if (BN_ucmp(&f, rsa->n) >= 0) + if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(&ret); - i=BN_bn2bin(&ret,&(to[num-j])); + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } if (buf != NULL) { OPENSSL_cleanse(buf,num); @@ -192,76 +238,92 @@ err: return(r); } -static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) - { - int ret = 1; - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - /* Check again inside the lock - the macro's check is racey */ - if(rsa->blinding == NULL) - ret = RSA_blinding_on(rsa, ctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - return ret; - } +static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx) +{ + BN_BLINDING *ret; -#define BLINDING_HELPER(rsa, ctx, err_instr) \ - do { \ - if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \ - ((rsa)->blinding == NULL) && \ - !rsa_eay_blinding(rsa, ctx)) \ - err_instr \ - } while(0) + if (rsa->blinding == NULL) + { + if (rsa->blinding == NULL) + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->blinding == NULL) + rsa->blinding = RSA_setup_blinding(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + } -static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx) - { - BIGNUM *A, *Ai; - BN_BLINDING *ret = NULL; + ret = rsa->blinding; + if (ret == NULL) + return NULL; - /* added in OpenSSL 0.9.6j and 0.9.7b */ + if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id()) + { + *local = 0; + if (rsa->mt_blinding == NULL) + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->mt_blinding == NULL) + rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + ret = rsa->mt_blinding; + } + else + *local = 1; - /* NB: similar code appears in RSA_blinding_on (rsa_lib.c); - * this should be placed in a new function of its own, but for reasons - * of binary compatibility can't */ + return ret; +} - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) +static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, + BIGNUM *r, BN_CTX *ctx) +{ + if (local) + return BN_BLINDING_convert_ex(f, NULL, b, ctx); + else { - /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); - if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + int ret; + CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); + ret = BN_BLINDING_convert_ex(f, r, b, ctx); + CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING); + return ret; } +} + +static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, + BIGNUM *r, BN_CTX *ctx) +{ + if (local) + return BN_BLINDING_invert_ex(f, NULL, b, ctx); else { - if (!BN_rand_range(A,rsa->n)) goto err; + int ret; + CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); + ret = BN_BLINDING_invert_ex(f, r, b, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + return ret; } - if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; - - if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) - goto err; - ret = BN_BLINDING_new(A,Ai,rsa->n); - BN_free(Ai); -err: - BN_CTX_end(ctx); - return ret; - } +} /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - BIGNUM f,ret; + BIGNUM *f, *ret, *br, *res; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; int local_blinding = 0; BN_BLINDING *blinding = NULL; - BN_init(&f); - BN_init(&ret); - if ((ctx=BN_CTX_new()) == NULL) goto err; - num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + br = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rsa->n); + buf = OPENSSL_malloc(num); + if(!f || !ret || !buf) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; @@ -272,6 +334,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); break; + case RSA_X931_PADDING: + i=RSA_padding_add_X931(buf,num,from,flen); + break; case RSA_NO_PADDING: i=RSA_padding_add_none(buf,num,from,flen); break; @@ -282,26 +347,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } if (i <= 0) goto err; - if (BN_bin2bn(buf,num,&f) == NULL) goto err; + if (BN_bin2bn(buf,num,f) == NULL) goto err; - if (BN_ucmp(&f, rsa->n) >= 0) + if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } - BLINDING_HELPER(rsa, ctx, goto err;); - blinding = rsa->blinding; - - /* Now unless blinding is disabled, 'blinding' is non-NULL. - * But the BN_BLINDING object may be owned by some other thread - * (we don't want to keep it constant and we don't want to use - * lots of locking to avoid race conditions, so only a single - * thread can use it; other threads have to use local blinding - * factors) */ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { + blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); @@ -310,20 +367,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } if (blinding != NULL) - { - if (blinding->thread_id != CRYPTO_thread_id()) - { - /* we need a local one-time blinding factor */ - - blinding = setup_blinding(rsa, ctx); - if (blinding == NULL) - goto err; - local_blinding = 1; - } - } - - if (blinding) - if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; + if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) + goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || ((rsa->p != NULL) && @@ -331,29 +376,58 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) ) - { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } + { + if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; + } else { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; + BIGNUM local_d; + BIGNUM *d = NULL; + + if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + { + BN_init(&local_d); + d = &local_d; + BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); + } + else + d = rsa->d; + + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + + if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } if (blinding) - if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; + if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) + goto err; + + if (padding == RSA_X931_PADDING) + { + BN_sub(f, rsa->n, ret); + if (BN_cmp(ret, f)) + res = f; + else + res = ret; + } + else + res = ret; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(&ret); - i=BN_bn2bin(&ret,&(to[num-j])); + j=BN_num_bytes(res); + i=BN_bn2bin(res,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&ret); - BN_clear_free(&f); - if (local_blinding) - BN_BLINDING_free(blinding); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } if (buf != NULL) { OPENSSL_cleanse(buf,num); @@ -365,7 +439,7 @@ err: static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - BIGNUM f,ret; + BIGNUM *f, *ret, *br; int j,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; @@ -373,14 +447,14 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, int local_blinding = 0; BN_BLINDING *blinding = NULL; - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - num=BN_num_bytes(rsa->n); - - if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) + if((ctx = BN_CTX_new()) == NULL) goto err; + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + br = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rsa->n); + buf = OPENSSL_malloc(num); + if(!f || !ret || !buf) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); goto err; @@ -395,25 +469,17 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } /* make data into a big number */ - if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; + if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; - if (BN_ucmp(&f, rsa->n) >= 0) + if (BN_ucmp(f, rsa->n) >= 0) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } - BLINDING_HELPER(rsa, ctx, goto err;); - blinding = rsa->blinding; - - /* Now unless blinding is disabled, 'blinding' is non-NULL. - * But the BN_BLINDING object may be owned by some other thread - * (we don't want to keep it constant and we don't want to use - * lots of locking to avoid race conditions, so only a single - * thread can use it; other threads have to use local blinding - * factors) */ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { + blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); @@ -422,20 +488,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } if (blinding != NULL) - { - if (blinding->thread_id != CRYPTO_thread_id()) - { - /* we need a local one-time blinding factor */ - - blinding = setup_blinding(rsa, ctx); - if (blinding == NULL) - goto err; - local_blinding = 1; - } - } - - if (blinding) - if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; + if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) + goto err; /* do the decrypt */ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || @@ -444,18 +498,34 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) ) - { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } + { + if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; + } else { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) - goto err; + BIGNUM local_d; + BIGNUM *d = NULL; + + if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + { + d = &local_d; + BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); + } + else + d = rsa->d; + + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, + rsa->_method_mod_n)) + goto err; } if (blinding) - if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; + if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) + goto err; p=buf; - j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ + j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ switch (padding) { @@ -481,11 +551,11 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (local_blinding) - BN_BLINDING_free(blinding); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } if (buf != NULL) { OPENSSL_cleanse(buf,num); @@ -498,20 +568,19 @@ err: static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - BIGNUM f,ret; + BIGNUM *f,*ret; int i,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - + if((ctx = BN_CTX_new()) == NULL) goto err; + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); num=BN_num_bytes(rsa->n); - buf=(unsigned char *)OPENSSL_malloc(num); - if (buf == NULL) + buf = OPENSSL_malloc(num); + if(!f || !ret || !buf) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); goto err; @@ -525,50 +594,33 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - if (BN_bin2bn(from,flen,&f) == NULL) goto err; + if (BN_bin2bn(from,flen,f) == NULL) goto err; - if (BN_ucmp(&f, rsa->n) >= 0) + if (BN_ucmp(f, rsa->n) >= 0) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } - /* do the decrypt */ - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; + if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) + BN_sub(ret, rsa->n, ret); + p=buf; - i=BN_bn2bin(&ret,p); + i=BN_bn2bin(ret,p); switch (padding) { case RSA_PKCS1_PADDING: r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); break; + case RSA_X931_PADDING: + r=RSA_padding_check_X931(to,num,buf,i,num); + break; case RSA_NO_PADDING: r=RSA_padding_check_none(to,num,buf,i,num); break; @@ -580,9 +632,11 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } if (buf != NULL) { OPENSSL_cleanse(buf,num); @@ -591,84 +645,52 @@ err: return(r); } -static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BIGNUM r1,m1,vrfy; + BIGNUM *r1,*m1,*vrfy; + BIGNUM local_dmp1, local_dmq1; + BIGNUM *dmp1, *dmq1; int ret=0; - BN_CTX *ctx; - BN_init(&m1); - BN_init(&r1); - BN_init(&vrfy); - if ((ctx=BN_CTX_new()) == NULL) goto err; + BN_CTX_start(ctx); + r1 = BN_CTX_get(ctx); + m1 = BN_CTX_get(ctx); + vrfy = BN_CTX_get(ctx); - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) - { - if (rsa->_method_mod_p == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_p == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_p == NULL) - { - rsa->_method_mod_p = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } + MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); - if (rsa->_method_mod_q == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_q == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_q == NULL) - { - rsa->_method_mod_q = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } + if (!BN_mod(r1,I,rsa->q,ctx)) goto err; + if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + { + dmq1 = &local_dmq1; + BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME); } - - if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, + else + dmq1 = rsa->dmq1; + if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, rsa->_method_mod_q)) goto err; - if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, + if (!BN_mod(r1,I,rsa->p,ctx)) goto err; + if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + { + dmp1 = &local_dmp1; + BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME); + } + else + dmp1 = rsa->dmp1; + if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx, rsa->_method_mod_p)) goto err; - if (!BN_sub(r0,r0,&m1)) goto err; + if (!BN_sub(r0,r0,m1)) goto err; /* This will help stop the size of r0 increasing, which does * affect the multiply if it optimised for a power of 2 size */ - if (r0->neg) + if (BN_is_negative(r0)) if (!BN_add(r0,r0,rsa->p)) goto err; - if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; - if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; + if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; + if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; /* If p < q it is occasionally possible for the correction of * adding 'p' if r0 is negative above to leave the result still * negative. This can break the private key operations: the following @@ -676,34 +698,45 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) * This will *never* happen with OpenSSL generated keys because * they ensure p > q [steve] */ - if (r0->neg) + if (BN_is_negative(r0)) if (!BN_add(r0,r0,rsa->p)) goto err; - if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; - if (!BN_add(r0,&r1,&m1)) goto err; + if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; + if (!BN_add(r0,r1,m1)) goto err; if (rsa->e && rsa->n) { - if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; /* If 'I' was greater than (or equal to) rsa->n, the operation * will be equivalent to using 'I mod n'. However, the result of * the verify will *always* be less than 'n' so we don't check * for absolute equality, just congruency. */ - if (!BN_sub(&vrfy, &vrfy, I)) goto err; - if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err; - if (vrfy.neg) - if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; - if (!BN_is_zero(&vrfy)) + if (!BN_sub(vrfy, vrfy, I)) goto err; + if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; + if (BN_is_negative(vrfy)) + if (!BN_add(vrfy, vrfy, rsa->n)) goto err; + if (!BN_is_zero(vrfy)) + { /* 'I' and 'vrfy' aren't congruent mod n. Don't leak * miscalculated CRT output, just do a raw (slower) * mod_exp and return that instead. */ - if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; + + BIGNUM local_d; + BIGNUM *d = NULL; + + if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) + { + d = &local_d; + BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); + } + else + d = rsa->d; + if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; + } } ret=1; err: - BN_clear_free(&m1); - BN_clear_free(&r1); - BN_clear_free(&vrfy); - BN_CTX_free(ctx); + BN_CTX_end(ctx); return(ret); } diff --git a/crypto/openssl/crypto/rsa/rsa_err.c b/crypto/openssl/crypto/rsa/rsa_err.c index a7766c3..f82b2d6 100644 --- a/crypto/openssl/crypto/rsa/rsa_err.c +++ b/crypto/openssl/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* crypto/rsa/rsa_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,70 +64,94 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) + static ERR_STRING_DATA RSA_str_functs[]= { -{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, -{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, -{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, -{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, -{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, -{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, -{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, -{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, -{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, -{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, -{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, +{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, +{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, +{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, +{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, +{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, +{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, +{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, +{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, +{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, +{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, +{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, +{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, +{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, +{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, +{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, +{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, +{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, +{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_PRINT_FP"}, +{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, +{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, +{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, +{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, +{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"}, +{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, {0,NULL} }; static ERR_STRING_DATA RSA_str_reasons[]= { -{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, -{RSA_R_BAD_E_VALUE ,"bad e value"}, -{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, -{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, -{RSA_R_BAD_SIGNATURE ,"bad signature"}, -{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, -{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, -{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, -{RSA_R_DATA_TOO_LARGE ,"data too large"}, -{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, -{RSA_R_DATA_TOO_SMALL ,"data too small"}, -{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, -{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, -{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, -{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, -{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, -{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, -{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, -{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, -{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, -{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, -{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, -{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, -{RSA_R_P_NOT_PRIME ,"p not prime"}, -{RSA_R_Q_NOT_PRIME ,"q not prime"}, -{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"}, -{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, -{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, -{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, -{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, -{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, +{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"}, +{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"}, +{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"}, +{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"}, +{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"}, +{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"}, +{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"}, +{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"}, +{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"}, +{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"}, +{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"}, +{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"}, +{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"}, +{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"}, +{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"}, +{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, +{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, +{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, +{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, +{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, +{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, +{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, +{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, +{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, +{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, +{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, +{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, +{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, +{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, +{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, +{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, +{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, +{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, +{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, +{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, +{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, +{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, {0,NULL} }; @@ -141,8 +165,8 @@ void ERR_load_RSA_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); - ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); + ERR_load_strings(0,RSA_str_functs); + ERR_load_strings(0,RSA_str_reasons); #endif } diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/openssl/crypto/rsa/rsa_gen.c index adb5e34..742f8b1 100644 --- a/crypto/openssl/crypto/rsa/rsa_gen.c +++ b/crypto/openssl/crypto/rsa/rsa_gen.c @@ -56,26 +56,40 @@ * [including the GNU Public Licence.] */ + +/* NB: these functions have been "upgraded", the deprecated versions (which are + * compatibility wrappers using these functions) are in rsa_depr.c. + * - Geoff + */ + #include #include #include "cryptlib.h" #include #include -#ifndef OPENSSL_FIPS +static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); + +/* NB: this wrapper would normally be placed in rsa_lib.c and the static + * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so + * that we don't introduce a new linker dependency. Eg. any application that + * wasn't previously linking object code related to key-generation won't have to + * now just because key-generation is part of RSA_METHOD. */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) + { + if(rsa->meth->rsa_keygen) + return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); + return rsa_builtin_keygen(rsa, bits, e_value, cb); + } -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) +static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { - RSA *rsa=NULL; BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0,i; - BN_CTX *ctx=NULL,*ctx2=NULL; + int bitsp,bitsq,ok= -1,n=0; + BN_CTX *ctx=NULL; ctx=BN_CTX_new(); if (ctx == NULL) goto err; - ctx2=BN_CTX_new(); - if (ctx2 == NULL) goto err; BN_CTX_start(ctx); r0 = BN_CTX_get(ctx); r1 = BN_CTX_get(ctx); @@ -85,49 +99,58 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, bitsp=(bits+1)/2; bitsq=bits-bitsp; - rsa=RSA_new(); - if (rsa == NULL) goto err; - /* set e */ - rsa->e=BN_new(); - if (rsa->e == NULL) goto err; + /* We need the RSA components non-NULL */ + if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; + if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; + if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; + if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; + if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; + if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; + if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; + if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; -#if 1 - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; ie,i); - } -#else - if (!BN_set_word(rsa->e,e_value)) goto err; -#endif + BN_copy(rsa->e, e_value); /* generate p and q */ for (;;) { - rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); - if (rsa->p == NULL) goto err; + if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) + goto err; if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->p); + if(!BN_GENCB_call(cb, 2, n++)) + goto err; } - if (callback != NULL) callback(3,0,cb_arg); + if(!BN_GENCB_call(cb, 3, 0)) + goto err; for (;;) { - rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); - if (rsa->q == NULL) goto err; + /* When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. Check for + * this and bail if it happens 3 times. */ + unsigned int degenerate = 0; + do + { + if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) + goto err; + } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); + if(degenerate == 3) + { + ok = 0; /* we set our own err */ + RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL); + goto err; + } if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) + if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->q); + if(!BN_GENCB_call(cb, 2, n++)) + goto err; } - if (callback != NULL) callback(3,1,cb_arg); + if(!BN_GENCB_call(cb, 3, 1)) + goto err; if (BN_cmp(rsa->p,rsa->q) < 0) { tmp=rsa->p; @@ -136,65 +159,36 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, } /* calculate n */ - rsa->n=BN_new(); - if (rsa->n == NULL) goto err; if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; /* calculate d */ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ - -/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ -/* for (;;) - { - if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; - if (BN_is_one(r3)) break; - - if (1) - { - if (!BN_add_word(rsa->e,2L)) goto err; - continue; - } - RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); - goto err; - } -*/ - rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ - if (rsa->d == NULL) goto err; + if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx)) goto err; /* d */ /* calculate d mod (p-1) */ - rsa->dmp1=BN_new(); - if (rsa->dmp1 == NULL) goto err; if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; /* calculate d mod (q-1) */ - rsa->dmq1=BN_new(); - if (rsa->dmq1 == NULL) goto err; if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; /* calculate inverse of q mod p */ - rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); - if (rsa->iqmp == NULL) goto err; + if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx)) goto err; ok=1; err: if (ok == -1) { - RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); + RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); ok=0; } - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - - if (!ok) + if (ctx != NULL) { - if (rsa != NULL) RSA_free(rsa); - return(NULL); + BN_CTX_end(ctx); + BN_CTX_free(ctx); } - else - return(rsa); + + return ok; } -#endif diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c index e4d6228..66cd15f 100644 --- a/crypto/openssl/crypto/rsa/rsa_lib.c +++ b/crypto/openssl/crypto/rsa/rsa_lib.c @@ -179,6 +179,7 @@ RSA *RSA_new_method(ENGINE *engine) ret->_method_mod_p=NULL; ret->_method_mod_q=NULL; ret->blinding=NULL; + ret->mt_blinding=NULL; ret->bignum_data=NULL; ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); @@ -232,6 +233,7 @@ void RSA_free(RSA *r) if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); + if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); OPENSSL_free(r); } @@ -314,59 +316,107 @@ void RSA_blinding_off(RSA *rsa) rsa->flags |= RSA_FLAG_NO_BLINDING; } -int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { - BIGNUM *A,*Ai = NULL; - BN_CTX *ctx; int ret=0; - if (p_ctx == NULL) + if (rsa->blinding != NULL) + RSA_blinding_off(rsa); + + rsa->blinding = RSA_setup_blinding(rsa, ctx); + if (rsa->blinding == NULL) + goto err; + + rsa->flags |= RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_NO_BLINDING; + ret=1; +err: + return(ret); + } + +static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, + const BIGNUM *q, BN_CTX *ctx) +{ + BIGNUM *ret = NULL, *r0, *r1, *r2; + + if (d == NULL || p == NULL || q == NULL) + return NULL; + + BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); + r1 = BN_CTX_get(ctx); + r2 = BN_CTX_get(ctx); + if (r2 == NULL) + goto err; + + if (!BN_sub(r1, p, BN_value_one())) goto err; + if (!BN_sub(r2, q, BN_value_one())) goto err; + if (!BN_mul(r0, r1, r2, ctx)) goto err; + + ret = BN_mod_inverse(NULL, d, r0, ctx); +err: + BN_CTX_end(ctx); + return ret; +} + +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) +{ + BIGNUM *e; + BN_CTX *ctx; + BN_BLINDING *ret = NULL; + + if (in_ctx == NULL) { - if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) return 0; } else - ctx=p_ctx; + ctx = in_ctx; - /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ - if (rsa->blinding != NULL) + BN_CTX_start(ctx); + e = BN_CTX_get(ctx); + if (e == NULL) { - BN_BLINDING_free(rsa->blinding); - rsa->blinding = NULL; + RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); + goto err; } - /* NB: similar code appears in setup_blinding (rsa_eay.c); - * this should be placed in a new function of its own, but for reasons - * of binary compatibility can't */ - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + if (rsa->e == NULL) { - /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); - if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); + if (e == NULL) + { + RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); + goto err; + } } else + e = rsa->e; + + + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { - if (!BN_rand_range(A,rsa->n)) goto err; + /* if PRNG is not properly seeded, resort to secret + * exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); } - if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; - if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx, + rsa->meth->bn_mod_exp, rsa->_method_mod_n); + if (ret == NULL) + { + RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); goto err; - if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; - /* to make things thread-safe without excessive locking, - * rsa->blinding will be used just by the current thread: */ - rsa->blinding->thread_id = CRYPTO_thread_id(); - rsa->flags |= RSA_FLAG_BLINDING; - rsa->flags &= ~RSA_FLAG_NO_BLINDING; - ret=1; + } + BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); err: - if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); - if (ctx != p_ctx) BN_CTX_free(ctx); - return(ret); - } + if (in_ctx == NULL) + BN_CTX_free(ctx); + if(rsa->e == NULL) + BN_free(e); + + return ret; +} int RSA_memory_lock(RSA *r) { @@ -389,7 +439,7 @@ int RSA_memory_lock(RSA *r) j+= (*t[i])->top; if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) { - RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); + RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); return(0); } bn=(BIGNUM *)p; diff --git a/crypto/openssl/crypto/rsa/rsa_null.c b/crypto/openssl/crypto/rsa/rsa_null.c index 64057fb..491572c 100644 --- a/crypto/openssl/crypto/rsa/rsa_null.c +++ b/crypto/openssl/crypto/rsa/rsa_null.c @@ -94,6 +94,9 @@ static RSA_METHOD rsa_null_meth={ RSA_null_finish, 0, NULL, + NULL, + NULL, + NULL }; const RSA_METHOD *RSA_null_method(void) @@ -104,35 +107,35 @@ const RSA_METHOD *RSA_null_method(void) static int RSA_null_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } static int RSA_null_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } static int RSA_null_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } static int RSA_null_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } #if 0 /* not currently used */ static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); + ...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); return -1; } #endif @@ -146,5 +149,3 @@ static int RSA_null_finish(RSA *rsa) { return(1); } - - diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c index e3f7c60..45d6f6e 100644 --- a/crypto/openssl/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl/crypto/rsa/rsa_oaep.c @@ -122,7 +122,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, db = OPENSSL_malloc(dblen); if (db == NULL) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); return -1; } @@ -170,28 +170,30 @@ decoding_err: return -1; } -int MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen) +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst) { long i, outlen = 0; unsigned char cnt[4]; EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; EVP_MD_CTX_init(&c); + mdlen = EVP_MD_size(dgst); for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,EVP_sha1(), NULL); + EVP_DigestInit_ex(&c,dgst, NULL); EVP_DigestUpdate(&c, seed, seedlen); EVP_DigestUpdate(&c, cnt, 4); - if (outlen + SHA_DIGEST_LENGTH <= len) + if (outlen + mdlen <= len) { EVP_DigestFinal_ex(&c, mask + outlen, NULL); - outlen += SHA_DIGEST_LENGTH; + outlen += mdlen; } else { @@ -203,4 +205,9 @@ int MGF1(unsigned char *mask, long len, EVP_MD_CTX_cleanup(&c); return 0; } + +int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) + { + return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); + } #endif diff --git a/crypto/openssl/crypto/rsa/rsa_pss.c b/crypto/openssl/crypto/rsa/rsa_pss.c new file mode 100644 index 0000000..e19d18c --- /dev/null +++ b/crypto/openssl/crypto/rsa/rsa_pss.c @@ -0,0 +1,269 @@ +/* rsa_pss.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include + +static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; + +#if defined(_MSC_VER) && defined(_ARM_) +#pragma optimize("g", off) +#endif + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, int sLen) + { + int i; + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; + const unsigned char *H; + unsigned char *DB = NULL; + EVP_MD_CTX ctx; + unsigned char H_[EVP_MAX_MD_SIZE]; + + hLen = EVP_MD_size(Hash); + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is autorecovered from signature + * -N reserved + */ + if (sLen == -1) sLen = hLen; + else if (sLen == -2) sLen = -2; + else if (sLen < -2) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); + goto err; + } + + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); + if (EM[0] & (0xFF << MSBits)) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); + goto err; + } + if (MSBits == 0) + { + EM++; + emLen--; + } + if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); + goto err; + } + if (EM[emLen - 1] != 0xbc) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); + goto err; + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = OPENSSL_malloc(maskedDBLen); + if (!DB) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); + goto err; + } + PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); + for (i = 0; i < maskedDBLen; i++) + DB[i] ^= EM[i]; + if (MSBits) + DB[0] &= 0xFF >> (8 - MSBits); + for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; + if (DB[i++] != 0x1) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); + goto err; + } + if (sLen >= 0 && (maskedDBLen - i) != sLen) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); + goto err; + } + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, Hash, NULL); + EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); + EVP_DigestUpdate(&ctx, mHash, hLen); + if (maskedDBLen - i) + EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); + EVP_DigestFinal(&ctx, H_, NULL); + EVP_MD_CTX_cleanup(&ctx); + if (memcmp(H_, H, hLen)) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); + ret = 0; + } + else + ret = 1; + + err: + if (DB) + OPENSSL_free(DB); + + return ret; + + } + +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen) + { + int i; + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; + unsigned char *H, *salt = NULL, *p; + EVP_MD_CTX ctx; + + hLen = EVP_MD_size(Hash); + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is maximized + * -N reserved + */ + if (sLen == -1) sLen = hLen; + else if (sLen == -2) sLen = -2; + else if (sLen < -2) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); + goto err; + } + + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); + if (MSBits == 0) + { + *EM++ = 0; + emLen--; + } + if (sLen == -2) + { + sLen = emLen - hLen - 2; + } + else if (emLen < (hLen + sLen + 2)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + if (sLen > 0) + { + salt = OPENSSL_malloc(sLen); + if (!salt) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (!RAND_bytes(salt, sLen)) + goto err; + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, Hash, NULL); + EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); + EVP_DigestUpdate(&ctx, mHash, hLen); + if (sLen) + EVP_DigestUpdate(&ctx, salt, sLen); + EVP_DigestFinal(&ctx, H, NULL); + EVP_MD_CTX_cleanup(&ctx); + + /* Generate dbMask in place then perform XOR on it */ + PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); + + p = EM; + + /* Initial PS XORs with all zeroes which is a NOP so just update + * pointer. Note from a test above this value is guaranteed to + * be non-negative. + */ + p += emLen - sLen - hLen - 2; + *p++ ^= 0x1; + if (sLen > 0) + { + for (i = 0; i < sLen; i++) + *p++ ^= salt[i]; + } + if (MSBits) + EM[0] &= 0xFF >> (8 - MSBits); + + /* H is already in place so just set final 0xbc */ + + EM[emLen - 1] = 0xbc; + + ret = 1; + + err: + if (salt) + OPENSSL_free(salt); + + return ret; + + } + +#if defined(_MSC_VER) +#pragma optimize("",on) +#endif diff --git a/crypto/openssl/crypto/rsa/rsa_saos.c b/crypto/openssl/crypto/rsa/rsa_saos.c index f462716..f98e0a8 100644 --- a/crypto/openssl/crypto/rsa/rsa_saos.c +++ b/crypto/openssl/crypto/rsa/rsa_saos.c @@ -107,7 +107,8 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, RSA *rsa) { int i,ret=0; - unsigned char *p,*s; + unsigned char *s; + const unsigned char *p; ASN1_OCTET_STRING *sig=NULL; if (siglen != (unsigned int)RSA_size(rsa)) @@ -139,8 +140,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, ret=1; err: if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); - OPENSSL_cleanse(s,(unsigned int)siglen); - OPENSSL_free(s); + if (s != NULL) + { + OPENSSL_cleanse(s,(unsigned int)siglen); + OPENSSL_free(s); + } return(ret); } diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c index 8a1e642..230ec6d 100644 --- a/crypto/openssl/crypto/rsa/rsa_sign.c +++ b/crypto/openssl/crypto/rsa/rsa_sign.c @@ -146,7 +146,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; - unsigned char *p,*s; + unsigned char *s; X509_SIG *sig=NULL; if (siglen != (unsigned int)RSA_size(rsa)) @@ -169,7 +169,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, } if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); - return(0); + goto err; } i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); @@ -181,7 +181,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); else ret = 1; } else { - p=s; + const unsigned char *p=s; sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; @@ -222,8 +222,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, } err: if (sig != NULL) X509_SIG_free(sig); - OPENSSL_cleanse(s,(unsigned int)siglen); - OPENSSL_free(s); + if (s != NULL) + { + OPENSSL_cleanse(s,(unsigned int)siglen); + OPENSSL_free(s); + } return(ret); } diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c index 924e9ad..0f8059c 100644 --- a/crypto/openssl/crypto/rsa/rsa_test.c +++ b/crypto/openssl/crypto/rsa/rsa_test.c @@ -8,6 +8,7 @@ #include #include #include +#include #ifdef OPENSSL_NO_RSA int main(int argc, char *argv[]) { @@ -227,10 +228,10 @@ int main(int argc, char *argv[]) plen = sizeof(ptext_ex) - 1; - for (v = 0; v < 3; v++) + for (v = 0; v < 6; v++) { key = RSA_new(); - switch (v) { + switch (v%3) { case 0: clen = key1(key, ctext_ex); break; @@ -241,6 +242,7 @@ int main(int argc, char *argv[]) clen = key3(key, ctext_ex); break; } + if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME; num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); @@ -312,6 +314,9 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif return err; } #endif diff --git a/crypto/openssl/crypto/rsa/rsa_x931.c b/crypto/openssl/crypto/rsa/rsa_x931.c new file mode 100644 index 0000000..e918654 --- /dev/null +++ b/crypto/openssl/crypto/rsa/rsa_x931.c @@ -0,0 +1,177 @@ +/* rsa_x931.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *from, int flen) + { + int j; + unsigned char *p; + + /* Absolute minimum amount of padding is 1 header nibble, 1 padding + * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. + */ + + j = tlen - flen - 2; + + if (j < 0) + { + RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return -1; + } + + p=(unsigned char *)to; + + /* If no padding start and end nibbles are in one byte */ + if (j == 0) + *p++ = 0x6A; + else + { + *p++ = 0x6B; + if (j > 1) + { + memset(p, 0xBB, j - 1); + p += j - 1; + } + *p++ = 0xBA; + } + memcpy(p,from,(unsigned int)flen); + p += flen; + *p = 0xCC; + return(1); + } + +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num) + { + int i = 0,j; + const unsigned char *p; + + p=from; + if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER); + return -1; + } + + if (*p++ == 0x6B) + { + j=flen-3; + for (i = 0; i < j; i++) + { + unsigned char c = *p++; + if (c == 0xBA) + break; + if (c != 0xBB) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931, + RSA_R_INVALID_PADDING); + return -1; + } + } + + j -= i; + + if (i == 0) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); + return -1; + } + + } + else j = flen - 2; + + if (p[j] != 0xCC) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); + return -1; + } + + memcpy(to,p,(unsigned int)j); + + return(j); + } + +/* Translate between X931 hash ids and NIDs */ + +int RSA_X931_hash_id(int nid) + { + switch (nid) + { + case NID_sha1: + return 0x33; + + case NID_sha256: + return 0x34; + + case NID_sha384: + return 0x36; + + case NID_sha512: + return 0x35; + + } + return -1; + } + diff --git a/crypto/openssl/crypto/sha/Makefile b/crypto/openssl/crypto/sha/Makefile index 2cf0e68..42a8c5b 100644 --- a/crypto/openssl/crypto/sha/Makefile +++ b/crypto/openssl/crypto/sha/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/sha/Makefile +# OpenSSL/crypto/sha/Makefile # DIR= sha @@ -8,11 +8,6 @@ CC= cc CPP= $(CC) -E INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -20,14 +15,15 @@ SHA1_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile -TEST=shatest.c sha1test.c +TEST=shatest.c sha1test.c sha256t.c sha512t.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c -LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ) +LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c +LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ) SRC= $(LIBSRC) @@ -46,20 +42,28 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# elf -asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s) - +# ELF +sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) +s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) +# COFF +sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) +s512sse2-cof.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) # a.out -asm/sx86-out.o: asm/sx86unix.cpp - $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o - -# bsdi -asm/sx86bsdi.o: asm/sx86unix.cpp - $(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o - -asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp) +sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +s512sse2-out.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) + +sha1-ia64.s: asm/sha1-ia64.pl + (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@ +sha256-ia64.s: asm/sha512-ia64.pl + (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +sha512-ia64.s: asm/sha512-ia64.pl + (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -70,7 +74,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -85,6 +90,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -92,33 +98,37 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha1_one.o: ../../include/openssl/opensslconf.h -sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c -sha1dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha1dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha1dgst.o: ../../include/openssl/opensslconf.h -sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c -sha1dgst.o: sha_locl.h -sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -sha_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha_dgst.c -sha_dgst.o: sha_locl.h +sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha1_one.o: sha1_one.c +sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h +sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h +sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c +sha512.o: ../../e_os.h ../../include/openssl/bio.h +sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../cryptlib.h sha512.c +sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h +sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha_one.o: sha_one.c +sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha_one.o: ../../include/openssl/symhacks.h sha_one.c diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl index e00f709..4f8521f 100644 --- a/crypto/openssl/crypto/sha/asm/sha1-586.pl +++ b/crypto/openssl/crypto/sha/asm/sha1-586.pl @@ -9,7 +9,7 @@ # # compared with original compared with Intel cc # assembler impl. generated code -# Pentium -25% +37% +# Pentium -16% +48% # PIII/AMD +8% +16% # P4 +85%(!) +45% # @@ -104,19 +104,21 @@ sub BODY_00_15 &comment("00_15 $n"); - &mov($tmp1,$a); - &mov($f,$c); # f to hold F_00_19(b,c,d) + &mov($f,$c); # f to hold F_00_19(b,c,d) + if ($n==0) { &mov($tmp1,$a); } + else { &mov($a,$tmp1); } &rotl($tmp1,5); # tmp1=ROTATE(a,5) &xor($f,$d); &and($f,$b); - &rotr($b,2); # b=ROTATE(b,30) - &add($tmp1,$e); # tmp1+=e; - &mov($e,&swtmp($n)); # e becomes volatile and + &add($tmp1,$e); # tmp1+=e; + &mov($e,&swtmp($n)); # e becomes volatile and # is loaded with xi - &xor($f,$d); # f holds F_00_19(b,c,d) + &xor($f,$d); # f holds F_00_19(b,c,d) + &rotr($b,2); # b=ROTATE(b,30) &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi - - &add($f,$tmp1); # f+=tmp1 + + if ($n==15) { &add($f,$tmp1); } # f+=tmp1 + else { &add($tmp1,$f); } } sub BODY_16_19 @@ -132,15 +134,15 @@ sub BODY_16_19 &xor($tmp1,$d); &xor($f,&swtmp($n2)); &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd - &rotr($b,2); # b=ROTATE(b,30) - &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) - &rotl($f,1); # f=ROATE(f,1) + &rotr($b,2); # b=ROTATE(b,30) + &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROATE(f,1) + &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) &mov(&swtmp($n0),$f); # xi=f &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e &mov($e,$a); # e becomes volatile - &add($f,$tmp1); # f+=F_00_19(b,c,d) - &rotl($e,5); # e=ROTATE(a,5) + &rotl($e,5); # e=ROTATE(a,5) + &add($f,$tmp1); # f+=F_00_19(b,c,d) &add($f,$e); # f+=ROTATE(a,5) } @@ -151,20 +153,20 @@ sub BODY_20_39 &comment("20_39 $n"); local($n0,$n1,$n2,$n3,$np)=&Na($n); - &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) - &xor($f,&swtmp($n1)); - &rotr($b,2); # b=ROTATE(b,30) - &xor($f,&swtmp($n2)); - &xor($tmp1,$c); - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd - &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) + &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) + &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &rotr($b,2); # b=ROTATE(b,30) + &xor($f,&swtmp($n1)); + &xor($tmp1,$c); + &xor($f,&swtmp($n2)); + &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) + &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd &rotl($f,1); # f=ROTATE(f,1) + &add($tmp1,$e); &mov(&swtmp($n0),$f); # xi=f - &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e &mov($e,$a); # e becomes volatile &rotl($e,5); # e=ROTATE(a,5) - &add($f,$tmp1); # f+=F_20_39(b,c,d) + &lea($f,&DWP($K,$f,$tmp1,1)); # f+=K_20_39+e &add($f,$e); # f+=ROTATE(a,5) } @@ -176,14 +178,17 @@ sub BODY_40_59 local($n0,$n1,$n2,$n3,$np)=&Na($n); &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($tmp1,&swtmp($n1)); + &xor($f,$tmp1); + &mov($tmp1,&swtmp($n2)); + &xor($f,$tmp1); + &mov($tmp1,&swtmp($n3)); + &xor($f,$tmp1); # f holds xa^xb^xc^xd &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) - &xor($f,&swtmp($n1)); - &or($tmp1,$c); - &xor($f,&swtmp($n2)); - &and($tmp1,$d); - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd &rotl($f,1); # f=ROTATE(f,1) + &or($tmp1,$c); &mov(&swtmp($n0),$f); # xi=f + &and($tmp1,$d); &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e &mov($e,$b); # e becomes volatile and is used # to calculate F_40_59(b,c,d) @@ -192,8 +197,8 @@ sub BODY_40_59 &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d) &mov($e,$a); &rotl($e,5); # e=ROTATE(a,5) - &add($tmp1,$e); # tmp1+=ROTATE(a,5) - &add($f,$tmp1); # f+=tmp1; + &add($f,$tmp1); # f+=tmp1; + &add($f,$e); # f+=ROTATE(a,5) } sub BODY_60_79 @@ -405,7 +410,7 @@ sub sha1_block_data &mov(&DWP(16,$tmp1,"",0),$E); &cmp("esi","eax"); &mov(&DWP( 4,$tmp1,"",0),$B); - &jl(&label("start")); + &jb(&label("start")); &stack_pop(18+9); &pop("edi"); diff --git a/crypto/openssl/crypto/sha/asm/sha1-ia64.pl b/crypto/openssl/crypto/sha/asm/sha1-ia64.pl new file mode 100644 index 0000000..cb9dfad1 --- /dev/null +++ b/crypto/openssl/crypto/sha/asm/sha1-ia64.pl @@ -0,0 +1,549 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# Eternal question is what's wrong with compiler generated code? The +# trick is that it's possible to reduce the number of shifts required +# to perform rotations by maintaining copy of 32-bit value in upper +# bits of 64-bit register. Just follow mux2 and shrp instructions... +# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which +# is >50% better than HP C and >2x better than gcc. As of this moment +# performance under little-endian OS such as Linux and Windows will be +# a bit lower, because data has to be picked in reverse byte-order. +# It's possible to resolve this issue by implementing third function, +# sha1_block_asm_data_order_aligned, which would temporarily flip +# BE field in User Mask register... + +$code=<<___; +.ident \"sha1-ia64.s, version 1.0\" +.ident \"IA-64 ISA artwork by Andy Polyakov \" +.explicit + +___ + + +if ($^O eq "hpux") { + $ADDP="addp4"; + for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } +} else { $ADDP="add"; } +for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); + $big_endian=0 if (/\-DL_ENDIAN/); } +if (!defined($big_endian)) + { $big_endian=(unpack('L',pack('N',1))==1); } + +#$human=1; +if ($human) { # useful for visual code auditing... + ($A,$B,$C,$D,$E,$T) = ("A","B","C","D","E","T"); + ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4"); + ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = + ( "K_00_19","K_20_39","K_40_59","K_60_79" ); + @X= ( "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7", + "X8", "X9","X10","X11","X12","X13","X14","X15" ); +} +else { + ($A,$B,$C,$D,$E,$T) = ("loc0","loc1","loc2","loc3","loc4","loc5"); + ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10"); + ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = + ( "r14", "r15", "loc11", "loc12" ); + @X= ( "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", + "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31" ); +} + +sub BODY_00_15 { +local *code=shift; +local ($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_; + +if ($unaligned) { + $code.=<<___; +{ .mmi; ld1 tmp0=[inp],2 // MSB + ld1 tmp1=[tmp3],2 };; +{ .mmi; ld1 tmp2=[inp],2 + ld1 $X[$i&0xf]=[tmp3],2 // LSB + dep tmp1=tmp0,tmp1,8,8 };; +{ .mii; cmp.ne p16,p0=r0,r0 // no misaligned prefetch + dep $X[$i&0xf]=tmp2,$X[$i&0xf],8,8;; + dep $X[$i&0xf]=tmp1,$X[$i&0xf],16,16 };; +{ .mmi; nop.m 0 +___ + } +elsif ($i<15) { + $code.=<<___; +{ .mmi; ld4 $X[($i+1)&0xf]=[inp],4 // prefetch +___ + } +else { + $code.=<<___; +{ .mmi; nop.m 0 +___ + } +if ($i<15) { + $code.=<<___; + and tmp0=$c,$b + dep.z tmp5=$a,5,27 } // a<<5 +{ .mmi; andcm tmp1=$d,$b + add tmp4=$e,$K_00_19 };; +{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) + add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 + extr.u tmp1=$a,27,5 };; // a>>27 +{ .mib; add $f=$f,tmp0 // f+=F_00_19(b,c,d) + shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) +{ .mib; or tmp1=tmp1,tmp5 // ROTATE(a,5) + mux2 tmp6=$a,0x44 };; // see b in next iteration +{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) + mux2 $X[$i&0xf]=$X[$i&0xf],0x44 + nop.i 0 };; + +___ + } +else { + $code.=<<___; + and tmp0=$c,$b + dep.z tmp5=$a,5,27 } // a<<5 ;;? +{ .mmi; andcm tmp1=$d,$b + add tmp4=$e,$K_00_19 };; +{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) + add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 + extr.u tmp1=$a,27,5 } // a>>27 +{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 + xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 + nop.i 0 };; +{ .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) + xor tmp2=tmp2,tmp3 // +1 + shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) +{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) + mux2 tmp6=$a,0x44 };; // see b in next iteration +{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) + shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) + mux2 $X[$i&0xf]=$X[$i&0xf],0x44 };; + +___ + } +} + +sub BODY_16_19 { +local *code=shift; +local ($i,$a,$b,$c,$d,$e,$f)=@_; + +$code.=<<___; +{ .mmi; mov $X[$i&0xf]=$f // Xupdate + and tmp0=$c,$b + dep.z tmp5=$a,5,27 } // a<<5 +{ .mmi; andcm tmp1=$d,$b + add tmp4=$e,$K_00_19 };; +{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) + add $f=$f,tmp4 // f+=e+K_00_19 + extr.u tmp1=$a,27,5 } // a>>27 +{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 + xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 + nop.i 0 };; +{ .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) + xor tmp2=tmp2,tmp3 // +1 + shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) +{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) + mux2 tmp6=$a,0x44 };; // see b in next iteration +{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) + shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) + nop.i 0 };; + +___ +} + +sub BODY_20_39 { +local *code=shift; +local ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_; + $Konst = $K_20_39 if (!defined($Konst)); + +if ($i<79) { +$code.=<<___; +{ .mib; mov $X[$i&0xf]=$f // Xupdate + dep.z tmp5=$a,5,27 } // a<<5 +{ .mib; xor tmp0=$c,$b + add tmp4=$e,$Konst };; +{ .mmi; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d + add $f=$f,tmp4 // f+=e+K_20_39 + extr.u tmp1=$a,27,5 } // a>>27 +{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 + xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 + nop.i 0 };; +{ .mmi; add $f=$f,tmp0 // f+=F_20_39(b,c,d) + xor tmp2=tmp2,tmp3 // +1 + shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) +{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) + mux2 tmp6=$a,0x44 };; // see b in next iteration +{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) + shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) + nop.i 0 };; + +___ +} +else { +$code.=<<___; +{ .mib; mov $X[$i&0xf]=$f // Xupdate + dep.z tmp5=$a,5,27 } // a<<5 +{ .mib; xor tmp0=$c,$b + add tmp4=$e,$Konst };; +{ .mib; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d + extr.u tmp1=$a,27,5 } // a>>27 +{ .mib; add $f=$f,tmp4 // f+=e+K_20_39 + add $h1=$h1,$a };; // wrap up +{ .mmi; +(p16) ld4.s $X[0]=[inp],4 // non-faulting prefetch + add $f=$f,tmp0 // f+=F_20_39(b,c,d) + shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) ;;? +{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) + add $h3=$h3,$c };; // wrap up +{ .mib; add tmp3=1,inp // used in unaligned codepath + add $f=$f,tmp1 } // f+=ROTATE(a,5) +{ .mib; add $h2=$h2,$b // wrap up + add $h4=$h4,$d };; // wrap up + +___ +} +} + +sub BODY_40_59 { +local *code=shift; +local ($i,$a,$b,$c,$d,$e,$f)=@_; + +$code.=<<___; +{ .mmi; mov $X[$i&0xf]=$f // Xupdate + and tmp0=$c,$b + dep.z tmp5=$a,5,27 } // a<<5 +{ .mmi; and tmp1=$d,$b + add tmp4=$e,$K_40_59 };; +{ .mmi; or tmp0=tmp0,tmp1 // (b&c)|(b&d) + add $f=$f,tmp4 // f+=e+K_40_59 + extr.u tmp1=$a,27,5 } // a>>27 +{ .mmi; and tmp4=$c,$d + xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 + xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 + };; +{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) + xor tmp2=tmp2,tmp3 // +1 + shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) +{ .mmi; or tmp0=tmp0,tmp4 // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d) + mux2 tmp6=$a,0x44 };; // see b in next iteration +{ .mii; add $f=$f,tmp0 // f+=F_40_59(b,c,d) + shrp $e=tmp2,tmp2,31;; // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) + add $f=$f,tmp1 };; // f+=ROTATE(a,5) + +___ +} +sub BODY_60_79 { &BODY_20_39(@_,$K_60_79); } + +$code.=<<___; +.text + +tmp0=r8; +tmp1=r9; +tmp2=r10; +tmp3=r11; +ctx=r32; // in0 +inp=r33; // in1 + +// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num); +.global sha1_block_asm_host_order# +.proc sha1_block_asm_host_order# +.align 32 +sha1_block_asm_host_order: + .prologue + .fframe 0 + .save ar.pfs,r0 + .save ar.lc,r3 +{ .mmi; alloc tmp1=ar.pfs,3,15,0,0 + $ADDP tmp0=4,ctx + mov r3=ar.lc } +{ .mmi; $ADDP ctx=0,ctx + $ADDP inp=0,inp + mov r2=pr };; +tmp4=in2; +tmp5=loc13; +tmp6=loc14; + .body +{ .mlx; ld4 $h0=[ctx],8 + movl $K_00_19=0x5a827999 } +{ .mlx; ld4 $h1=[tmp0],8 + movl $K_20_39=0x6ed9eba1 };; +{ .mlx; ld4 $h2=[ctx],8 + movl $K_40_59=0x8f1bbcdc } +{ .mlx; ld4 $h3=[tmp0] + movl $K_60_79=0xca62c1d6 };; +{ .mmi; ld4 $h4=[ctx],-16 + add in2=-1,in2 // adjust num for ar.lc + mov ar.ec=1 };; +{ .mmi; ld4 $X[0]=[inp],4 // prefetch + cmp.ne p16,p0=r0,in2 // prefecth at loop end + mov ar.lc=in2 };; // brp.loop.imp: too far + +.Lhtop: +{ .mmi; mov $A=$h0 + mov $B=$h1 + mux2 tmp6=$h1,0x44 } +{ .mmi; mov $C=$h2 + mov $D=$h3 + mov $E=$h4 };; + +___ + + &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T); + &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E); + &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D); + &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C); + &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B); + &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A); + &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T); + &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E); + &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D); + &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C); + &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B); + &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A); + &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T); + &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E); + &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D); + &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C); + + &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); + &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); + &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); + &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); + + &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); + &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); + &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); + &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); + &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); + &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); + &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); + &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); + &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); + &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); + &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); + &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); + &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); + &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); + &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); + &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); + + &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); + &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); + &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); + &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); + &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); + &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); + &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); + &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); + &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); + &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); + &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); + &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); + &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); + &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); + &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); + &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); + + &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); + &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); + &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); + &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); + &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); + &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); + &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); + &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); + &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); + &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); + &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); + &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); + &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); + &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); + &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); + &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); + +$code.=<<___; +{ .mmb; add $h0=$h0,$E + nop.m 0 + br.ctop.dptk.many .Lhtop };; +.Lhend: +{ .mmi; add tmp0=4,ctx + mov ar.lc=r3 };; +{ .mmi; st4 [ctx]=$h0,8 + st4 [tmp0]=$h1,8 };; +{ .mmi; st4 [ctx]=$h2,8 + st4 [tmp0]=$h3 };; +{ .mib; st4 [ctx]=$h4,-16 + mov pr=r2,0x1ffff + br.ret.sptk.many b0 };; +.endp sha1_block_asm_host_order# +___ + + +$code.=<<___; +// void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num); +.global sha1_block_asm_data_order# +.proc sha1_block_asm_data_order# +.align 32 +sha1_block_asm_data_order: +___ +$code.=<<___ if ($big_endian); +{ .mmi; and r2=3,inp };; +{ .mib; cmp.eq p6,p0=r0,r2 +(p6) br.dptk.many sha1_block_asm_host_order };; +___ +$code.=<<___; + .prologue + .fframe 0 + .save ar.pfs,r0 + .save ar.lc,r3 +{ .mmi; alloc tmp1=ar.pfs,3,15,0,0 + $ADDP tmp0=4,ctx + mov r3=ar.lc } +{ .mmi; $ADDP ctx=0,ctx + $ADDP inp=0,inp + mov r2=pr };; +tmp4=in2; +tmp5=loc13; +tmp6=loc14; + .body +{ .mlx; ld4 $h0=[ctx],8 + movl $K_00_19=0x5a827999 } +{ .mlx; ld4 $h1=[tmp0],8 + movl $K_20_39=0x6ed9eba1 };; +{ .mlx; ld4 $h2=[ctx],8 + movl $K_40_59=0x8f1bbcdc } +{ .mlx; ld4 $h3=[tmp0] + movl $K_60_79=0xca62c1d6 };; +{ .mmi; ld4 $h4=[ctx],-16 + add in2=-1,in2 // adjust num for ar.lc + mov ar.ec=1 };; +{ .mmi; nop.m 0 + add tmp3=1,inp + mov ar.lc=in2 };; // brp.loop.imp: too far + +.Ldtop: +{ .mmi; mov $A=$h0 + mov $B=$h1 + mux2 tmp6=$h1,0x44 } +{ .mmi; mov $C=$h2 + mov $D=$h3 + mov $E=$h4 };; + +___ + + &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1); + &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1); + &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1); + &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1); + &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1); + &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1); + &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1); + &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1); + &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1); + &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1); + &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1); + &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1); + &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1); + &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1); + &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1); + &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1); + + &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); + &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); + &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); + &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); + + &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); + &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); + &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); + &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); + &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); + &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); + &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); + &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); + &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); + &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); + &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); + &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); + &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); + &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); + &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); + &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); + &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); + + &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); + &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); + &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); + &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); + &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); + &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); + &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); + &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); + &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); + &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); + &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); + &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); + &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); + &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); + &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); + &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); + &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); + + &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); + &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); + &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); + &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); + &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); + &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); + &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); + &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); + &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); + &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); + &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); + &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); + &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); + &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); + &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); + &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); + &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); + +$code.=<<___; +{ .mmb; add $h0=$h0,$E + nop.m 0 + br.ctop.dptk.many .Ldtop };; +.Ldend: +{ .mmi; add tmp0=4,ctx + mov ar.lc=r3 };; +{ .mmi; st4 [ctx]=$h0,8 + st4 [tmp0]=$h1,8 };; +{ .mmi; st4 [ctx]=$h2,8 + st4 [tmp0]=$h3 };; +{ .mib; st4 [ctx]=$h4,-16 + mov pr=r2,0x1ffff + br.ret.sptk.many b0 };; +.endp sha1_block_asm_data_order# +___ + +print $code; diff --git a/crypto/openssl/crypto/sha/asm/sha512-ia64.pl b/crypto/openssl/crypto/sha/asm/sha512-ia64.pl new file mode 100755 index 0000000..0aea023 --- /dev/null +++ b/crypto/openssl/crypto/sha/asm/sha512-ia64.pl @@ -0,0 +1,432 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# SHA256/512_Transform for Itanium. +# +# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50% +# faster than gcc and >60%(!) faster than code generated by HP-UX +# compiler (yes, HP-UX is generating slower code, because unlike gcc, +# it failed to deploy "shift right pair," 'shrp' instruction, which +# substitutes for 64-bit rotate). +# +# 924 cycles long sha256_block outperforms gcc by over factor of 2(!) +# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost +# this one big time). Note that "formally" 924 is about 100 cycles +# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical +# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round, +# are spent on extra work to provide for 32-bit rotations. 32-bit +# rotations are still handled by 'shrp' instruction and for this +# reason lower 32 bits are deposited to upper half of 64-bit register +# prior 'shrp' issue. And in order to minimize the amount of such +# operations, X[16] values are *maintained* with copies of lower +# halves in upper halves, which is why you'll spot such instructions +# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel +# 32-bit unsigned right shift," 'pshr4.u' instructions here. +# +# Rules of engagement. +# +# There is only one integer shifter meaning that if I have two rotate, +# deposit or extract instructions in adjacent bundles, they shall +# split [at run-time if they have to]. But note that variable and +# parallel shifts are performed by multi-media ALU and *are* pairable +# with rotates [and alike]. On the backside MMALU is rather slow: it +# takes 2 extra cycles before the result of integer operation is +# available *to* MMALU and 2(*) extra cycles before the result of MM +# operation is available "back" *to* integer ALU, not to mention that +# MMALU itself has 2 cycles latency. However! I explicitly scheduled +# these MM instructions to avoid MM stalls, so that all these extra +# latencies get "hidden" in instruction-level parallelism. +# +# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule +# for 2 in order to provide for best *overall* performance, +# because on Itanium 1 stall on MM result is accompanied by +# pipeline flush, which takes 6 cycles:-( +# +# Resulting performance numbers for 900MHz Itanium 2 system: +# +# The 'numbers' are in 1000s of bytes per second processed. +# type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +# sha1(*) 6210.14k 20376.30k 52447.83k 85870.05k 105478.12k +# sha256 7476.45k 20572.05k 41538.34k 56062.29k 62093.18k +# sha512 4996.56k 20026.28k 47597.20k 85278.79k 111501.31k +# +# (*) SHA1 numbers are for HP-UX compiler and are presented purely +# for reference purposes. I bet it can improved too... +# +# To generate code, pass the file name with either 256 or 512 in its +# name and compiler flags. + +$output=shift; + +if ($output =~ /512.*\.[s|asm]/) { + $SZ=8; + $BITS=8*$SZ; + $LDW="ld8"; + $STW="st8"; + $ADD="add"; + $SHRU="shr.u"; + $TABLE="K512"; + $func="sha512_block"; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; +} elsif ($output =~ /256.*\.[s|asm]/) { + $SZ=4; + $BITS=8*$SZ; + $LDW="ld4"; + $STW="st4"; + $ADD="padd4"; + $SHRU="pshr4.u"; + $TABLE="K256"; + $func="sha256_block"; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; +} else { die "nonsense $output"; } + +open STDOUT,">$output" || die "can't open $output: $!"; + +if ($^O eq "hpux") { + $ADDP="addp4"; + for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } +} else { $ADDP="add"; } +for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); + $big_endian=0 if (/\-DL_ENDIAN/); } +if (!defined($big_endian)) + { $big_endian=(unpack('L',pack('N',1))==1); } + +$code=<<___; +.ident \"$output, version 1.0\" +.ident \"IA-64 ISA artwork by Andy Polyakov \" +.explicit +.text + +prsave=r14; +K=r15; +A=r16; B=r17; C=r18; D=r19; +E=r20; F=r21; G=r22; H=r23; +T1=r24; T2=r25; +s0=r26; s1=r27; t0=r28; t1=r29; +Ktbl=r30; +ctx=r31; // 1st arg +input=r48; // 2nd arg +num=r49; // 3rd arg +sgm0=r50; sgm1=r51; // small constants + +// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host]) +.global $func# +.proc $func# +.align 32 +$func: + .prologue + .fframe 0 + .save ar.pfs,r2 + .save ar.lc,r3 + .save pr,prsave +{ .mmi; alloc r2=ar.pfs,3,17,0,16 + $ADDP ctx=0,r32 // 1st arg + mov r3=ar.lc } +{ .mmi; $ADDP input=0,r33 // 2nd arg + addl Ktbl=\@ltoff($TABLE#),gp + mov prsave=pr };; + + .body +{ .mii; ld8 Ktbl=[Ktbl] + mov num=r34 };; // 3rd arg + +{ .mib; add r8=0*$SZ,ctx + add r9=1*$SZ,ctx + brp.loop.imp .L_first16,.L_first16_ctop + } +{ .mib; add r10=2*$SZ,ctx + add r11=3*$SZ,ctx + brp.loop.imp .L_rest,.L_rest_ctop + };; +// load A-H +{ .mmi; $LDW A=[r8],4*$SZ + $LDW B=[r9],4*$SZ + mov sgm0=$sigma0[2] } +{ .mmi; $LDW C=[r10],4*$SZ + $LDW D=[r11],4*$SZ + mov sgm1=$sigma1[2] };; +{ .mmi; $LDW E=[r8] + $LDW F=[r9] } +{ .mmi; $LDW G=[r10] + $LDW H=[r11] + cmp.ne p15,p14=0,r35 };; // used in sha256_block + +.L_outer: +{ .mii; mov ar.lc=15 + mov ar.ec=1 };; +.align 32 +.L_first16: +.rotr X[16] +___ +$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); +{ .mib; (p14) add r9=1,input + (p14) add r10=2,input } +{ .mib; (p14) add r11=3,input + (p15) br.dptk.few .L_host };; +{ .mmi; (p14) ld1 r8=[input],$SZ + (p14) ld1 r9=[r9] } +{ .mmi; (p14) ld1 r10=[r10] + (p14) ld1 r11=[r11] };; +{ .mii; (p14) dep r9=r8,r9,8,8 + (p14) dep r11=r10,r11,8,8 };; +{ .mib; (p14) dep X[15]=r9,r11,16,16 };; +.L_host: +{ .mib; (p15) $LDW X[15]=[input],$SZ // X[i]=*input++ + dep.z $t1=E,32,32 } +{ .mib; $LDW K=[Ktbl],$SZ + zxt4 E=E };; +{ .mmi; or $t1=$t1,E + and T1=F,E + and T2=A,B } +{ .mmi; andcm r8=G,E + and r9=A,C + mux2 $t0=A,0x44 };; // copy lower half to upper +{ .mib; xor T1=T1,r8 // T1=((e & f) ^ (~e & g)) + _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14) +{ .mib; and r10=B,C + xor T2=T2,r9 };; +___ +$t0="A", $t1="E", $code.=<<___ if ($BITS==64); +{ .mmi; $LDW X[15]=[input],$SZ // X[i]=*input++ + and T1=F,E + and T2=A,B } +{ .mmi; $LDW K=[Ktbl],$SZ + andcm r8=G,E + and r9=A,C };; +{ .mmi; xor T1=T1,r8 //T1=((e & f) ^ (~e & g)) + and r10=B,C + _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14) +{ .mmi; xor T2=T2,r9 + mux1 X[15]=X[15],\@rev };; // eliminated in big-endian +___ +$code.=<<___; +{ .mib; add T1=T1,H // T1=Ch(e,f,g)+h + _rotr r8=$t1,$Sigma1[1] } // ROTR(e,18) +{ .mib; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c)) + mov H=G };; +{ .mib; xor r11=r8,r11 + _rotr r9=$t1,$Sigma1[2] } // ROTR(e,41) +{ .mib; mov G=F + mov F=E };; +{ .mib; xor r9=r9,r11 // r9=Sigma1(e) + _rotr r10=$t0,$Sigma0[0] } // ROTR(a,28) +{ .mib; add T1=T1,K // T1=Ch(e,f,g)+h+K512[i] + mov E=D };; +{ .mib; add T1=T1,r9 // T1+=Sigma1(e) + _rotr r11=$t0,$Sigma0[1] } // ROTR(a,34) +{ .mib; mov D=C + mov C=B };; +{ .mib; add T1=T1,X[15] // T1+=X[i] + _rotr r8=$t0,$Sigma0[2] } // ROTR(a,39) +{ .mib; xor r10=r10,r11 + mux2 X[15]=X[15],0x44 };; // eliminated in 64-bit +{ .mmi; xor r10=r8,r10 // r10=Sigma0(a) + mov B=A + add A=T1,T2 };; +.L_first16_ctop: +{ .mib; add E=E,T1 + add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a) + br.ctop.sptk .L_first16 };; + +{ .mib; mov ar.lc=$rounds-17 } +{ .mib; mov ar.ec=1 };; +.align 32 +.L_rest: +.rotr X[16] +{ .mib; $LDW K=[Ktbl],$SZ + _rotr r8=X[15-1],$sigma0[0] } // ROTR(s0,1) +{ .mib; $ADD X[15]=X[15],X[15-9] // X[i&0xF]+=X[(i+9)&0xF] + $SHRU s0=X[15-1],sgm0 };; // s0=X[(i+1)&0xF]>>7 +{ .mib; and T1=F,E + _rotr r9=X[15-1],$sigma0[1] } // ROTR(s0,8) +{ .mib; andcm r10=G,E + $SHRU s1=X[15-14],sgm1 };; // s1=X[(i+14)&0xF]>>6 +{ .mmi; xor T1=T1,r10 // T1=((e & f) ^ (~e & g)) + xor r9=r8,r9 + _rotr r10=X[15-14],$sigma1[0] };;// ROTR(s1,19) +{ .mib; and T2=A,B + _rotr r11=X[15-14],$sigma1[1] }// ROTR(s1,61) +{ .mib; and r8=A,C };; +___ +$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); +// I adhere to mmi; in order to hold Itanium 1 back and avoid 6 cycle +// pipeline flush in last bundle. Note that even on Itanium2 the +// latter stalls for one clock cycle... +{ .mmi; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF]) + dep.z $t1=E,32,32 } +{ .mmi; xor r10=r11,r10 + zxt4 E=E };; +{ .mmi; or $t1=$t1,E + xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF]) + mux2 $t0=A,0x44 };; // copy lower half to upper +{ .mmi; xor T2=T2,r8 + _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14) +{ .mmi; and r10=B,C + add T1=T1,H // T1=Ch(e,f,g)+h + $ADD X[15]=X[15],s0 };; // X[i&0xF]+=sigma0(X[(i+1)&0xF]) +___ +$t0="A", $t1="E", $code.=<<___ if ($BITS==64); +{ .mib; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF]) + _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14) +{ .mib; xor r10=r11,r10 + xor T2=T2,r8 };; +{ .mib; xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF]) + add T1=T1,H } +{ .mib; and r10=B,C + $ADD X[15]=X[15],s0 };; // X[i&0xF]+=sigma0(X[(i+1)&0xF]) +___ +$code.=<<___; +{ .mmi; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c)) + mov H=G + _rotr r8=$t1,$Sigma1[1] };; // ROTR(e,18) +{ .mmi; xor r11=r8,r9 + $ADD X[15]=X[15],s1 // X[i&0xF]+=sigma1(X[(i+14)&0xF]) + _rotr r9=$t1,$Sigma1[2] } // ROTR(e,41) +{ .mmi; mov G=F + mov F=E };; +{ .mib; xor r9=r9,r11 // r9=Sigma1(e) + _rotr r10=$t0,$Sigma0[0] } // ROTR(a,28) +{ .mib; add T1=T1,K // T1=Ch(e,f,g)+h+K512[i] + mov E=D };; +{ .mib; add T1=T1,r9 // T1+=Sigma1(e) + _rotr r11=$t0,$Sigma0[1] } // ROTR(a,34) +{ .mib; mov D=C + mov C=B };; +{ .mmi; add T1=T1,X[15] // T1+=X[i] + xor r10=r10,r11 + _rotr r8=$t0,$Sigma0[2] };; // ROTR(a,39) +{ .mmi; xor r10=r8,r10 // r10=Sigma0(a) + mov B=A + add A=T1,T2 };; +.L_rest_ctop: +{ .mib; add E=E,T1 + add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a) + br.ctop.sptk .L_rest };; + +{ .mib; add r8=0*$SZ,ctx + add r9=1*$SZ,ctx } +{ .mib; add r10=2*$SZ,ctx + add r11=3*$SZ,ctx };; +{ .mmi; $LDW r32=[r8],4*$SZ + $LDW r33=[r9],4*$SZ } +{ .mmi; $LDW r34=[r10],4*$SZ + $LDW r35=[r11],4*$SZ + cmp.ltu p6,p7=1,num };; +{ .mmi; $LDW r36=[r8],-4*$SZ + $LDW r37=[r9],-4*$SZ +(p6) add Ktbl=-$SZ*$rounds,Ktbl } +{ .mmi; $LDW r38=[r10],-4*$SZ + $LDW r39=[r11],-4*$SZ +(p7) mov ar.lc=r3 };; +{ .mmi; add A=A,r32 + add B=B,r33 + add C=C,r34 } +{ .mmi; add D=D,r35 + add E=E,r36 + add F=F,r37 };; +{ .mmi; $STW [r8]=A,4*$SZ + $STW [r9]=B,4*$SZ + add G=G,r38 } +{ .mmi; $STW [r10]=C,4*$SZ + $STW [r11]=D,4*$SZ + add H=H,r39 };; +{ .mmi; $STW [r8]=E + $STW [r9]=F +(p6) add num=-1,num } +{ .mmb; $STW [r10]=G + $STW [r11]=H +(p6) br.dptk.many .L_outer };; + +{ .mib; mov pr=prsave,0x1ffff + br.ret.sptk.many b0 };; +.endp $func# +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm; +if ($BITS==64) { + $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm; + $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian); +} + +print $code; + +print<<___ if ($BITS==32); +.align 64 +.type K256#,\@object +K256: data4 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + data4 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + data4 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + data4 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + data4 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + data4 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + data4 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + data4 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + data4 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + data4 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + data4 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + data4 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + data4 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + data4 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + data4 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + data4 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.size K256#,$SZ*$rounds +___ +print<<___ if ($BITS==64); +.align 64 +.type K512#,\@object +K512: data8 0x428a2f98d728ae22,0x7137449123ef65cd + data8 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + data8 0x3956c25bf348b538,0x59f111f1b605d019 + data8 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + data8 0xd807aa98a3030242,0x12835b0145706fbe + data8 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + data8 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + data8 0x9bdc06a725c71235,0xc19bf174cf692694 + data8 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + data8 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + data8 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + data8 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + data8 0x983e5152ee66dfab,0xa831c66d2db43210 + data8 0xb00327c898fb213f,0xbf597fc7beef0ee4 + data8 0xc6e00bf33da88fc2,0xd5a79147930aa725 + data8 0x06ca6351e003826f,0x142929670a0e6e70 + data8 0x27b70a8546d22ffc,0x2e1b21385c26c926 + data8 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + data8 0x650a73548baf63de,0x766a0abb3c77b2a8 + data8 0x81c2c92e47edaee6,0x92722c851482353b + data8 0xa2bfe8a14cf10364,0xa81a664bbc423001 + data8 0xc24b8b70d0f89791,0xc76c51a30654be30 + data8 0xd192e819d6ef5218,0xd69906245565a910 + data8 0xf40e35855771202a,0x106aa07032bbd1b8 + data8 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + data8 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + data8 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + data8 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + data8 0x748f82ee5defb2fc,0x78a5636f43172f60 + data8 0x84c87814a1f0ab72,0x8cc702081a6439ec + data8 0x90befffa23631e28,0xa4506cebde82bde9 + data8 0xbef9a3f7b2c67915,0xc67178f2e372532b + data8 0xca273eceea26619c,0xd186b8c721c0c207 + data8 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + data8 0x06f067aa72176fba,0x0a637dc5a2c898a6 + data8 0x113f9804bef90dae,0x1b710b35131c471b + data8 0x28db77f523047d84,0x32caab7b40c72493 + data8 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + data8 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + data8 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +.size K512#,$SZ*$rounds +___ diff --git a/crypto/openssl/crypto/sha/asm/sha512-sse2.pl b/crypto/openssl/crypto/sha/asm/sha512-sse2.pl new file mode 100644 index 0000000..10902bf --- /dev/null +++ b/crypto/openssl/crypto/sha/asm/sha512-sse2.pl @@ -0,0 +1,404 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# SHA512_Transform_SSE2. +# +# As the name suggests, this is an IA-32 SSE2 implementation of +# SHA512_Transform. Motivating factor for the undertaken effort was that +# SHA512 was observed to *consistently* perform *significantly* poorer +# than SHA256 [2x and slower is common] on 32-bit platforms. On 64-bit +# platforms on the other hand SHA512 tend to outperform SHA256 [~50% +# seem to be common improvement factor]. All this is perfectly natural, +# as SHA512 is a 64-bit algorithm. But isn't IA-32 SSE2 essentially +# a 64-bit instruction set? Is it rich enough to implement SHA512? +# If answer was "no," then you wouldn't have been reading this... +# +# Throughput performance in MBps (larger is better): +# +# 2.4GHz P4 1.4GHz AMD32 1.4GHz AMD64(*) +# SHA256/gcc(*) 54 43 59 +# SHA512/gcc 17 23 92 +# SHA512/sse2 61(**) 57(**) +# SHA512/icc 26 28 +# SHA256/icc(*) 65 54 +# +# (*) AMD64 and SHA256 numbers are presented mostly for amusement or +# reference purposes. +# (**) I.e. it gives ~2-3x speed-up if compared with compiler generated +# code. One can argue that hand-coded *non*-SSE2 implementation +# would perform better than compiler generated one as well, and +# that comparison is therefore not exactly fair. Well, as SHA512 +# puts enormous pressure on IA-32 GP register bank, I reckon that +# hand-coded version wouldn't perform significantly better than +# one compiled with icc, ~20% perhaps... So that this code would +# still outperform it with distinguishing marginal. But feel free +# to prove me wrong:-) +# +push(@INC,"perlasm","../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-sse2.pl",$ARGV[$#ARGV] eq "386"); + +$K512="esi"; # K512[80] table, found at the end... +#$W512="esp"; # $W512 is not just W512[16]: it comprises *two* copies + # of W512[16] and a copy of A-H variables... +$W512_SZ=8*(16+16+8); # see above... +#$Kidx="ebx"; # index in K512 table, advances from 0 to 80... +$Widx="edx"; # index in W512, wraps around at 16... +$data="edi"; # 16 qwords of input data... +$A="mm0"; # B-D and +$E="mm1"; # F-H are allocated dynamically... +$Aoff=256+0; # A-H offsets relative to $W512... +$Boff=256+8; +$Coff=256+16; +$Doff=256+24; +$Eoff=256+32; +$Foff=256+40; +$Goff=256+48; +$Hoff=256+56; + +sub SHA2_ROUND() +{ local ($kidx,$widx)=@_; + + # One can argue that one could reorder instructions for better + # performance. Well, I tried and it doesn't seem to make any + # noticeable difference. Modern out-of-order execution cores + # reorder instructions to their liking in either case and they + # apparently do decent job. So we can keep the code more + # readable/regular/comprehensible:-) + + # I adhere to 64-bit %mmX registers in order to avoid/not care + # about #GP exceptions on misaligned 128-bit access, most + # notably in paddq with memory operand. Not to mention that + # SSE2 intructions operating on %mmX can be scheduled every + # cycle [and not every second one if operating on %xmmN]. + + &movq ("mm4",&QWP($Foff,$W512)); # load f + &movq ("mm5",&QWP($Goff,$W512)); # load g + &movq ("mm6",&QWP($Hoff,$W512)); # load h + + &movq ("mm2",$E); # %mm2 is sliding right + &movq ("mm3",$E); # %mm3 is sliding left + &psrlq ("mm2",14); + &psllq ("mm3",23); + &movq ("mm7","mm2"); # %mm7 is T1 + &pxor ("mm7","mm3"); + &psrlq ("mm2",4); + &psllq ("mm3",23); + &pxor ("mm7","mm2"); + &pxor ("mm7","mm3"); + &psrlq ("mm2",23); + &psllq ("mm3",4); + &pxor ("mm7","mm2"); + &pxor ("mm7","mm3"); # T1=Sigma1_512(e) + + &movq (&QWP($Foff,$W512),$E); # f = e + &movq (&QWP($Goff,$W512),"mm4"); # g = f + &movq (&QWP($Hoff,$W512),"mm5"); # h = g + + &pxor ("mm4","mm5"); # f^=g + &pand ("mm4",$E); # f&=e + &pxor ("mm4","mm5"); # f^=g + &paddq ("mm7","mm4"); # T1+=Ch(e,f,g) + + &movq ("mm2",&QWP($Boff,$W512)); # load b + &movq ("mm3",&QWP($Coff,$W512)); # load c + &movq ($E,&QWP($Doff,$W512)); # e = d + + &paddq ("mm7","mm6"); # T1+=h + &paddq ("mm7",&QWP(0,$K512,$kidx,8)); # T1+=K512[i] + &paddq ("mm7",&QWP(0,$W512,$widx,8)); # T1+=W512[i] + &paddq ($E,"mm7"); # e += T1 + + &movq ("mm4",$A); # %mm4 is sliding right + &movq ("mm5",$A); # %mm5 is sliding left + &psrlq ("mm4",28); + &psllq ("mm5",25); + &movq ("mm6","mm4"); # %mm6 is T2 + &pxor ("mm6","mm5"); + &psrlq ("mm4",6); + &psllq ("mm5",5); + &pxor ("mm6","mm4"); + &pxor ("mm6","mm5"); + &psrlq ("mm4",5); + &psllq ("mm5",6); + &pxor ("mm6","mm4"); + &pxor ("mm6","mm5"); # T2=Sigma0_512(a) + + &movq (&QWP($Boff,$W512),$A); # b = a + &movq (&QWP($Coff,$W512),"mm2"); # c = b + &movq (&QWP($Doff,$W512),"mm3"); # d = c + + &movq ("mm4",$A); # %mm4=a + &por ($A,"mm3"); # a=a|c + &pand ("mm4","mm3"); # %mm4=a&c + &pand ($A,"mm2"); # a=(a|c)&b + &por ("mm4",$A); # %mm4=(a&c)|((a|c)&b) + &paddq ("mm6","mm4"); # T2+=Maj(a,b,c) + + &movq ($A,"mm7"); # a=T1 + &paddq ($A,"mm6"); # a+=T2 +} + +$func="sha512_block_sse2"; + +&function_begin_B($func); + if (0) {# Caller is expected to check if it's appropriate to + # call this routine. Below 3 lines are retained for + # debugging purposes... + &picmeup("eax","OPENSSL_ia32cap"); + &bt (&DWP(0,"eax"),26); + &jnc ("SHA512_Transform"); + } + + &push ("ebp"); + &mov ("ebp","esp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + + &mov ($Widx,&DWP(8,"ebp")); # A-H state, 1st arg + &mov ($data,&DWP(12,"ebp")); # input data, 2nd arg + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K512); + &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512)); + + $W512 = "esp"; # start using %esp as W512 + &sub ($W512,$W512_SZ); + &and ($W512,-16); # ensure 128-bit alignment + + # make private copy of A-H + # v assume the worst and stick to unaligned load + &movdqu ("xmm0",&QWP(0,$Widx)); + &movdqu ("xmm1",&QWP(16,$Widx)); + &movdqu ("xmm2",&QWP(32,$Widx)); + &movdqu ("xmm3",&QWP(48,$Widx)); + +&align(8); +&set_label("_chunk_loop"); + + &movdqa (&QWP($Aoff,$W512),"xmm0"); # a,b + &movdqa (&QWP($Coff,$W512),"xmm1"); # c,d + &movdqa (&QWP($Eoff,$W512),"xmm2"); # e,f + &movdqa (&QWP($Goff,$W512),"xmm3"); # g,h + + &xor ($Widx,$Widx); + + &movdq2q($A,"xmm0"); # load a + &movdq2q($E,"xmm2"); # load e + + # Why aren't loops unrolled? It makes sense to unroll if + # execution time for loop body is comparable with branch + # penalties and/or if whole data-set resides in register bank. + # Neither is case here... Well, it would be possible to + # eliminate few store operations, but it would hardly affect + # so to say stop-watch performance, as there is a lot of + # available memory slots to fill. It will only relieve some + # pressure off memory bus... + + # flip input stream byte order... + &mov ("eax",&DWP(0,$data,$Widx,8)); + &mov ("ebx",&DWP(4,$data,$Widx,8)); + &bswap ("eax"); + &bswap ("ebx"); + &mov (&DWP(0,$W512,$Widx,8),"ebx"); # W512[i] + &mov (&DWP(4,$W512,$Widx,8),"eax"); + &mov (&DWP(128+0,$W512,$Widx,8),"ebx"); # copy of W512[i] + &mov (&DWP(128+4,$W512,$Widx,8),"eax"); + +&align(8); +&set_label("_1st_loop"); # 0-15 + # flip input stream byte order... + &mov ("eax",&DWP(0+8,$data,$Widx,8)); + &mov ("ebx",&DWP(4+8,$data,$Widx,8)); + &bswap ("eax"); + &bswap ("ebx"); + &mov (&DWP(0+8,$W512,$Widx,8),"ebx"); # W512[i] + &mov (&DWP(4+8,$W512,$Widx,8),"eax"); + &mov (&DWP(128+0+8,$W512,$Widx,8),"ebx"); # copy of W512[i] + &mov (&DWP(128+4+8,$W512,$Widx,8),"eax"); +&set_label("_1st_looplet"); + &SHA2_ROUND($Widx,$Widx); &inc($Widx); + +&cmp ($Widx,15) +&jl (&label("_1st_loop")); +&je (&label("_1st_looplet")); # playing similar trick on 2nd loop + # does not improve performance... + + $Kidx = "ebx"; # start using %ebx as Kidx + &mov ($Kidx,$Widx); + +&align(8); +&set_label("_2nd_loop"); # 16-79 + &and($Widx,0xf); + + # 128-bit fragment! I update W512[i] and W512[i+1] in + # parallel:-) Note that I refer to W512[(i&0xf)+N] and not to + # W512[(i+N)&0xf]! This is exactly what I maintain the second + # copy of W512[16] for... + &movdqu ("xmm0",&QWP(8*1,$W512,$Widx,8)); # s0=W512[i+1] + &movdqa ("xmm2","xmm0"); # %xmm2 is sliding right + &movdqa ("xmm3","xmm0"); # %xmm3 is sliding left + &psrlq ("xmm2",1); + &psllq ("xmm3",56); + &movdqa ("xmm0","xmm2"); + &pxor ("xmm0","xmm3"); + &psrlq ("xmm2",6); + &psllq ("xmm3",7); + &pxor ("xmm0","xmm2"); + &pxor ("xmm0","xmm3"); + &psrlq ("xmm2",1); + &pxor ("xmm0","xmm2"); # s0 = sigma0_512(s0); + + &movdqa ("xmm1",&QWP(8*14,$W512,$Widx,8)); # s1=W512[i+14] + &movdqa ("xmm4","xmm1"); # %xmm4 is sliding right + &movdqa ("xmm5","xmm1"); # %xmm5 is sliding left + &psrlq ("xmm4",6); + &psllq ("xmm5",3); + &movdqa ("xmm1","xmm4"); + &pxor ("xmm1","xmm5"); + &psrlq ("xmm4",13); + &psllq ("xmm5",42); + &pxor ("xmm1","xmm4"); + &pxor ("xmm1","xmm5"); + &psrlq ("xmm4",42); + &pxor ("xmm1","xmm4"); # s1 = sigma1_512(s1); + + # + have to explictly load W512[i+9] as it's not 128-bit + # v aligned and paddq would throw an exception... + &movdqu ("xmm6",&QWP(8*9,$W512,$Widx,8)); + &paddq ("xmm0","xmm1"); # s0 += s1 + &paddq ("xmm0","xmm6"); # s0 += W512[i+9] + &paddq ("xmm0",&QWP(0,$W512,$Widx,8)); # s0 += W512[i] + + &movdqa (&QWP(0,$W512,$Widx,8),"xmm0"); # W512[i] = s0 + &movdqa (&QWP(16*8,$W512,$Widx,8),"xmm0"); # copy of W512[i] + + # as the above fragment was 128-bit, we "owe" 2 rounds... + &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx); + &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx); + +&cmp ($Kidx,80); +&jl (&label("_2nd_loop")); + + # update A-H state + &mov ($Widx,&DWP(8,"ebp")); # A-H state, 1st arg + &movq (&QWP($Aoff,$W512),$A); # write out a + &movq (&QWP($Eoff,$W512),$E); # write out e + &movdqu ("xmm0",&QWP(0,$Widx)); + &movdqu ("xmm1",&QWP(16,$Widx)); + &movdqu ("xmm2",&QWP(32,$Widx)); + &movdqu ("xmm3",&QWP(48,$Widx)); + &paddq ("xmm0",&QWP($Aoff,$W512)); # 128-bit additions... + &paddq ("xmm1",&QWP($Coff,$W512)); + &paddq ("xmm2",&QWP($Eoff,$W512)); + &paddq ("xmm3",&QWP($Goff,$W512)); + &movdqu (&QWP(0,$Widx),"xmm0"); + &movdqu (&QWP(16,$Widx),"xmm1"); + &movdqu (&QWP(32,$Widx),"xmm2"); + &movdqu (&QWP(48,$Widx),"xmm3"); + +&add ($data,16*8); # advance input data pointer +&dec (&DWP(16,"ebp")); # decrement 3rd arg +&jnz (&label("_chunk_loop")); + + # epilogue + &emms (); # required for at least ELF and Win32 ABIs + &mov ("edi",&DWP(-12,"ebp")); + &mov ("esi",&DWP(-8,"ebp")); + &mov ("ebx",&DWP(-4,"ebp")); + &leave (); +&ret (); + +&align(64); +&set_label("K512"); # Yes! I keep it in the code segment! + &data_word(0xd728ae22,0x428a2f98); # u64 + &data_word(0x23ef65cd,0x71374491); # u64 + &data_word(0xec4d3b2f,0xb5c0fbcf); # u64 + &data_word(0x8189dbbc,0xe9b5dba5); # u64 + &data_word(0xf348b538,0x3956c25b); # u64 + &data_word(0xb605d019,0x59f111f1); # u64 + &data_word(0xaf194f9b,0x923f82a4); # u64 + &data_word(0xda6d8118,0xab1c5ed5); # u64 + &data_word(0xa3030242,0xd807aa98); # u64 + &data_word(0x45706fbe,0x12835b01); # u64 + &data_word(0x4ee4b28c,0x243185be); # u64 + &data_word(0xd5ffb4e2,0x550c7dc3); # u64 + &data_word(0xf27b896f,0x72be5d74); # u64 + &data_word(0x3b1696b1,0x80deb1fe); # u64 + &data_word(0x25c71235,0x9bdc06a7); # u64 + &data_word(0xcf692694,0xc19bf174); # u64 + &data_word(0x9ef14ad2,0xe49b69c1); # u64 + &data_word(0x384f25e3,0xefbe4786); # u64 + &data_word(0x8b8cd5b5,0x0fc19dc6); # u64 + &data_word(0x77ac9c65,0x240ca1cc); # u64 + &data_word(0x592b0275,0x2de92c6f); # u64 + &data_word(0x6ea6e483,0x4a7484aa); # u64 + &data_word(0xbd41fbd4,0x5cb0a9dc); # u64 + &data_word(0x831153b5,0x76f988da); # u64 + &data_word(0xee66dfab,0x983e5152); # u64 + &data_word(0x2db43210,0xa831c66d); # u64 + &data_word(0x98fb213f,0xb00327c8); # u64 + &data_word(0xbeef0ee4,0xbf597fc7); # u64 + &data_word(0x3da88fc2,0xc6e00bf3); # u64 + &data_word(0x930aa725,0xd5a79147); # u64 + &data_word(0xe003826f,0x06ca6351); # u64 + &data_word(0x0a0e6e70,0x14292967); # u64 + &data_word(0x46d22ffc,0x27b70a85); # u64 + &data_word(0x5c26c926,0x2e1b2138); # u64 + &data_word(0x5ac42aed,0x4d2c6dfc); # u64 + &data_word(0x9d95b3df,0x53380d13); # u64 + &data_word(0x8baf63de,0x650a7354); # u64 + &data_word(0x3c77b2a8,0x766a0abb); # u64 + &data_word(0x47edaee6,0x81c2c92e); # u64 + &data_word(0x1482353b,0x92722c85); # u64 + &data_word(0x4cf10364,0xa2bfe8a1); # u64 + &data_word(0xbc423001,0xa81a664b); # u64 + &data_word(0xd0f89791,0xc24b8b70); # u64 + &data_word(0x0654be30,0xc76c51a3); # u64 + &data_word(0xd6ef5218,0xd192e819); # u64 + &data_word(0x5565a910,0xd6990624); # u64 + &data_word(0x5771202a,0xf40e3585); # u64 + &data_word(0x32bbd1b8,0x106aa070); # u64 + &data_word(0xb8d2d0c8,0x19a4c116); # u64 + &data_word(0x5141ab53,0x1e376c08); # u64 + &data_word(0xdf8eeb99,0x2748774c); # u64 + &data_word(0xe19b48a8,0x34b0bcb5); # u64 + &data_word(0xc5c95a63,0x391c0cb3); # u64 + &data_word(0xe3418acb,0x4ed8aa4a); # u64 + &data_word(0x7763e373,0x5b9cca4f); # u64 + &data_word(0xd6b2b8a3,0x682e6ff3); # u64 + &data_word(0x5defb2fc,0x748f82ee); # u64 + &data_word(0x43172f60,0x78a5636f); # u64 + &data_word(0xa1f0ab72,0x84c87814); # u64 + &data_word(0x1a6439ec,0x8cc70208); # u64 + &data_word(0x23631e28,0x90befffa); # u64 + &data_word(0xde82bde9,0xa4506ceb); # u64 + &data_word(0xb2c67915,0xbef9a3f7); # u64 + &data_word(0xe372532b,0xc67178f2); # u64 + &data_word(0xea26619c,0xca273ece); # u64 + &data_word(0x21c0c207,0xd186b8c7); # u64 + &data_word(0xcde0eb1e,0xeada7dd6); # u64 + &data_word(0xee6ed178,0xf57d4f7f); # u64 + &data_word(0x72176fba,0x06f067aa); # u64 + &data_word(0xa2c898a6,0x0a637dc5); # u64 + &data_word(0xbef90dae,0x113f9804); # u64 + &data_word(0x131c471b,0x1b710b35); # u64 + &data_word(0x23047d84,0x28db77f5); # u64 + &data_word(0x40c72493,0x32caab7b); # u64 + &data_word(0x15c9bebc,0x3c9ebe0a); # u64 + &data_word(0x9c100d4c,0x431d67c4); # u64 + &data_word(0xcb3e42b6,0x4cc5d4be); # u64 + &data_word(0xfc657e2a,0x597f299c); # u64 + &data_word(0x3ad6faec,0x5fcb6fab); # u64 + &data_word(0x4a475817,0x6c44198c); # u64 + +&function_end_B($func); + +&asm_finish(); diff --git a/crypto/openssl/crypto/sha/sha.h b/crypto/openssl/crypto/sha/sha.h index a26ed5d..a83bd3c 100644 --- a/crypto/openssl/crypto/sha/sha.h +++ b/crypto/openssl/crypto/sha/sha.h @@ -70,7 +70,7 @@ extern "C" { #endif #if defined(OPENSSL_FIPS) -#define FIPS_SHA_SIZE_T unsigned long +#define FIPS_SHA_SIZE_T size_t #endif /* @@ -101,23 +101,97 @@ typedef struct SHAstate_st SHA_LONG h0,h1,h2,h3,h4; SHA_LONG Nl,Nh; SHA_LONG data[SHA_LBLOCK]; - int num; + unsigned int num; } SHA_CTX; #ifndef OPENSSL_NO_SHA0 int SHA_Init(SHA_CTX *c); -int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); +int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md); +unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif #ifndef OPENSSL_NO_SHA1 int SHA1_Init(SHA_CTX *c); -int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); #endif + +#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA224_DIGEST_LENGTH 28 +#define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st + { + SHA_LONG h[8]; + SHA_LONG Nl,Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num,md_len; + } SHA256_CTX; + +#ifndef OPENSSL_NO_SHA256 +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +#endif + +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 + +#ifndef OPENSSL_NO_SHA512 +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. */ +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#define SHA_LONG64 unsigned __int64 +#define U64(C) C##UI64 +#elif defined(__arch64__) +#define SHA_LONG64 unsigned long +#define U64(C) C##UL +#else +#define SHA_LONG64 unsigned long long +#define U64(C) C##ULL +#endif + +typedef struct SHA512state_st + { + SHA_LONG64 h[8]; + SHA_LONG64 Nl,Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num,md_len; + } SHA512_CTX; +#endif + +#ifndef OPENSSL_NO_SHA512 +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +#endif + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/sha/sha1_one.c b/crypto/openssl/crypto/sha/sha1_one.c index 20e660c..7c65b60 100644 --- a/crypto/openssl/crypto/sha/sha1_one.c +++ b/crypto/openssl/crypto/sha/sha1_one.c @@ -62,13 +62,14 @@ #include #ifndef OPENSSL_NO_SHA1 -unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; static unsigned char m[SHA_DIGEST_LENGTH]; if (md == NULL) md=m; - SHA1_Init(&c); + if (!SHA1_Init(&c)) + return NULL; SHA1_Update(&c,d,n); SHA1_Final(md,&c); OPENSSL_cleanse(&c,sizeof(c)); diff --git a/crypto/openssl/crypto/sha/sha1dgst.c b/crypto/openssl/crypto/sha/sha1dgst.c index 1e2009b..447ce53 100644 --- a/crypto/openssl/crypto/sha/sha1dgst.c +++ b/crypto/openssl/crypto/sha/sha1dgst.c @@ -56,26 +56,19 @@ * [including the GNU Public Licence.] */ +#include #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) #undef SHA_0 #define SHA_1 #include -#include -#ifndef OPENSSL_FIPS const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ #include "sha_locl.h" -#else /* ndef OPENSSL_FIPS */ - -static void *dummy=&dummy; - -#endif /* ndef OPENSSL_FIPS */ - #endif diff --git a/crypto/openssl/crypto/sha/sha1test.c b/crypto/openssl/crypto/sha/sha1test.c index 4f2e4ad..b0650c7 100644 --- a/crypto/openssl/crypto/sha/sha1test.c +++ b/crypto/openssl/crypto/sha/sha1test.c @@ -123,7 +123,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL); + EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); EVP_MD_CTX_cleanup(&c); return(0); diff --git a/crypto/openssl/crypto/sha/sha256.c b/crypto/openssl/crypto/sha/sha256.c new file mode 100644 index 0000000..bbc20da --- /dev/null +++ b/crypto/openssl/crypto/sha/sha256.c @@ -0,0 +1,319 @@ +/* crypto/sha/sha256.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved + * according to the OpenSSL license [found in ../../LICENSE]. + * ==================================================================== + */ +#include +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + +#include +#include + +#include +#include +#include + +const char *SHA256_version="SHA-256" OPENSSL_VERSION_PTEXT; + +int SHA224_Init (SHA256_CTX *c) + { + c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; + c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; + c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; + c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA224_DIGEST_LENGTH; + return 1; + } + +int SHA256_Init (SHA256_CTX *c) + { + c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; + c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; + c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; + c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA256_DIGEST_LENGTH; + return 1; + } + +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) + { + SHA256_CTX c; + static unsigned char m[SHA224_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA224_Init(&c); + SHA256_Update(&c,d,n); + SHA256_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) + { + SHA256_CTX c; + static unsigned char m[SHA256_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA256_Init(&c); + SHA256_Update(&c,d,n); + SHA256_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) +{ return SHA256_Update (c,data,len); } +int SHA224_Final (unsigned char *md, SHA256_CTX *c) +{ return SHA256_Final (md,c); } + +#ifndef SHA_LONG_LOG2 +#define SHA_LONG_LOG2 2 /* default to 32 bits */ +#endif + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_LONG_LOG2 SHA_LONG_LOG2 +#define HASH_CTX SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_LBLOCK SHA_LBLOCK +/* + * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." + * default: case below covers for it. It's not clear however if it's + * permitted to truncate to amount of bytes not divisible by 4. I bet not, + * but if it is, then default: case shall be extended. For reference. + * Idea behind separate cases for pre-defined lenghts is to let the + * compiler decide if it's appropriate to unroll small loops. + */ +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + unsigned int n; \ + switch ((c)->md_len) \ + { case SHA224_DIGEST_LENGTH: \ + for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + break; \ + case SHA256_DIGEST_LENGTH: \ + for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return 0; \ + for (n=0;n<(c)->md_len/4;n++) \ + { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \ + break; \ + } \ + } while (0) + +#define HASH_UPDATE SHA256_Update +#define HASH_TRANSFORM SHA256_Transform +#define HASH_FINAL SHA256_Final +#define HASH_BLOCK_HOST_ORDER sha256_block_host_order +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num); +void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); + +#include "md32_common.h" + +#ifdef SHA256_ASM +void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host); +#else +static const SHA_LONG K256[64] = { + 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, + 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, + 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, + 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, + 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, + 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, + 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, + 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, + 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, + 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, + 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, + 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, + 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, + 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, + 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, + 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; + +/* + * FIPS specification refers to right rotations, while our ROTATE macro + * is left one. This is why you might notice that rotation coefficients + * differ from those observed in FIPS document by 32-N... + */ +#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#ifdef OPENSSL_SMALL_FOOTPRINT + +static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) + { + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; + SHA_LONG X[16]; + int i; + const unsigned char *data=in; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + if (host) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + for (i=0;i<16;i++) + { + T1 = X[i] = W[i]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + data += SHA256_CBLOCK; + } + else + { + SHA_LONG l; + + for (i=0;i<16;i++) + { + HOST_c2l(data,l); T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + } + + for (;i<64;i++) + { + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); + + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + } +} + +#else + +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) + +static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) + { + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; + SHA_LONG X[16]; + int i; + const unsigned char *data=in; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + if (host) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); + + data += SHA256_CBLOCK; + } + else + { + SHA_LONG l; + + HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); + HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); + HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); + HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); + HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); + HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); + HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); + HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); + HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); + HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); + HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); + HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); + HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); + HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); + HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); + HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); + } + + for (i=16;i<64;i+=8) + { + ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); + ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); + ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); + ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); + ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); + ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); + ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); + ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + } + } + +#endif +#endif /* SHA256_ASM */ + +/* + * Idea is to trade couple of cycles for some space. On IA-32 we save + * about 4K in "big footprint" case. In "small footprint" case any gain + * is appreciated:-) + */ +void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num) +{ sha256_block (ctx,in,num,1); } + +void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num) +{ sha256_block (ctx,in,num,0); } + +#endif /* OPENSSL_NO_SHA256 */ diff --git a/crypto/openssl/crypto/sha/sha256t.c b/crypto/openssl/crypto/sha/sha256t.c new file mode 100644 index 0000000..6b4a3bd --- /dev/null +++ b/crypto/openssl/crypto/sha/sha256t.c @@ -0,0 +1,147 @@ +/* crypto/sha/sha256t.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include +#include +#include + +#include +#include + +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256) +int main(int argc, char *argv[]) +{ + printf("No SHA256 support\n"); + return(0); +} +#else + +unsigned char app_b1[SHA256_DIGEST_LENGTH] = { + 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea, + 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23, + 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c, + 0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad }; + +unsigned char app_b2[SHA256_DIGEST_LENGTH] = { + 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8, + 0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39, + 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67, + 0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 }; + +unsigned char app_b3[SHA256_DIGEST_LENGTH] = { + 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92, + 0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67, + 0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e, + 0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 }; + +unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { + 0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22, + 0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3, + 0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7, + 0xe3,0x6c,0x9d,0xa7 }; + +unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { + 0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc, + 0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50, + 0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19, + 0x52,0x52,0x25,0x25 }; + +unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { + 0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8, + 0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b, + 0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee, + 0x4e,0xe7,0xad,0x67 }; + +int main (int argc,char **argv) +{ unsigned char md[SHA256_DIGEST_LENGTH]; + int i; + EVP_MD_CTX evp; + + fprintf(stdout,"Testing SHA-256 "); + + EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL); + if (memcmp(md,app_b1,sizeof(app_b1))) + { fflush(stdout); + fprintf(stderr,"\nTEST 1 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk" + "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL); + if (memcmp(md,app_b2,sizeof(app_b2))) + { fflush(stdout); + fprintf(stderr,"\nTEST 2 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_MD_CTX_init (&evp); + EVP_DigestInit_ex (&evp,EVP_sha256(),NULL); + for (i=0;i<1000000;i+=160) + EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", + (1000000-i)<160?1000000-i:160); + EVP_DigestFinal_ex (&evp,md,NULL); + EVP_MD_CTX_cleanup (&evp); + + if (memcmp(md,app_b3,sizeof(app_b3))) + { fflush(stdout); + fprintf(stderr,"\nTEST 3 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + fprintf(stdout," passed.\n"); fflush(stdout); + + fprintf(stdout,"Testing SHA-224 "); + + EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL); + if (memcmp(md,addenum_1,sizeof(addenum_1))) + { fflush(stdout); + fprintf(stderr,"\nTEST 1 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk" + "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL); + if (memcmp(md,addenum_2,sizeof(addenum_2))) + { fflush(stdout); + fprintf(stderr,"\nTEST 2 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_MD_CTX_init (&evp); + EVP_DigestInit_ex (&evp,EVP_sha224(),NULL); + for (i=0;i<1000000;i+=64) + EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", + (1000000-i)<64?1000000-i:64); + EVP_DigestFinal_ex (&evp,md,NULL); + EVP_MD_CTX_cleanup (&evp); + + if (memcmp(md,addenum_3,sizeof(addenum_3))) + { fflush(stdout); + fprintf(stderr,"\nTEST 3 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + fprintf(stdout," passed.\n"); fflush(stdout); + + return 0; +} +#endif diff --git a/crypto/openssl/crypto/sha/sha512.c b/crypto/openssl/crypto/sha/sha512.c new file mode 100644 index 0000000..f965cff --- /dev/null +++ b/crypto/openssl/crypto/sha/sha512.c @@ -0,0 +1,496 @@ +/* crypto/sha/sha512.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved + * according to the OpenSSL license [found in ../../LICENSE]. + * ==================================================================== + */ +#include +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) +/* + * IMPLEMENTATION NOTES. + * + * As you might have noticed 32-bit hash algorithms: + * + * - permit SHA_LONG to be wider than 32-bit (case on CRAY); + * - optimized versions implement two transform functions: one operating + * on [aligned] data in host byte order and one - on data in input + * stream byte order; + * - share common byte-order neutral collector and padding function + * implementations, ../md32_common.h; + * + * Neither of the above applies to this SHA-512 implementations. Reasons + * [in reverse order] are: + * + * - it's the only 64-bit hash algorithm for the moment of this writing, + * there is no need for common collector/padding implementation [yet]; + * - by supporting only one transform function [which operates on + * *aligned* data in input stream byte order, big-endian in this case] + * we minimize burden of maintenance in two ways: a) collector/padding + * function is simpler; b) only one transform function to stare at; + * - SHA_LONG64 is required to be exactly 64-bit in order to be able to + * apply a number of optimizations to mitigate potential performance + * penalties caused by previous design decision; + * + * Caveat lector. + * + * Implementation relies on the fact that "long long" is 64-bit on + * both 32- and 64-bit platforms. If some compiler vendor comes up + * with 128-bit long long, adjustment to sha.h would be required. + * As this implementation relies on 64-bit integer type, it's totally + * inappropriate for platforms which don't support it, most notably + * 16-bit platforms. + * + */ +#include +#include + +#include +#include +#include + +#include "cryptlib.h" + +const char *SHA512_version="SHA-512" OPENSSL_VERSION_PTEXT; + +#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) +#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#endif + +int SHA384_Init (SHA512_CTX *c) + { + c->h[0]=U64(0xcbbb9d5dc1059ed8); + c->h[1]=U64(0x629a292a367cd507); + c->h[2]=U64(0x9159015a3070dd17); + c->h[3]=U64(0x152fecd8f70e5939); + c->h[4]=U64(0x67332667ffc00b31); + c->h[5]=U64(0x8eb44a8768581511); + c->h[6]=U64(0xdb0c2e0d64f98fa7); + c->h[7]=U64(0x47b5481dbefa4fa4); + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA384_DIGEST_LENGTH; + return 1; + } + +int SHA512_Init (SHA512_CTX *c) + { + c->h[0]=U64(0x6a09e667f3bcc908); + c->h[1]=U64(0xbb67ae8584caa73b); + c->h[2]=U64(0x3c6ef372fe94f82b); + c->h[3]=U64(0xa54ff53a5f1d36f1); + c->h[4]=U64(0x510e527fade682d1); + c->h[5]=U64(0x9b05688c2b3e6c1f); + c->h[6]=U64(0x1f83d9abfb41bd6b); + c->h[7]=U64(0x5be0cd19137e2179); + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA512_DIGEST_LENGTH; + return 1; + } + +#ifndef SHA512_ASM +static +#endif +void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); + +int SHA512_Final (unsigned char *md, SHA512_CTX *c) + { + unsigned char *p=(unsigned char *)c->u.p; + size_t n=c->num; + + p[n]=0x80; /* There always is a room for one */ + n++; + if (n > (sizeof(c->u)-16)) + memset (p+n,0,sizeof(c->u)-n), n=0, + sha512_block (c,p,1); + + memset (p+n,0,sizeof(c->u)-16-n); +#ifdef B_ENDIAN + c->u.d[SHA_LBLOCK-2] = c->Nh; + c->u.d[SHA_LBLOCK-1] = c->Nl; +#else + p[sizeof(c->u)-1] = (unsigned char)(c->Nl); + p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); + p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); + p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); + p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); + p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); + p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); + p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); + p[sizeof(c->u)-9] = (unsigned char)(c->Nh); + p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); + p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); + p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); + p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); + p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); + p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); + p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); +#endif + + sha512_block (c,p,1); + + if (md==0) return 0; + + switch (c->md_len) + { + /* Let compiler decide if it's appropriate to unroll... */ + case SHA384_DIGEST_LENGTH: + for (n=0;nh[n]; + + *(md++) = (unsigned char)(t>>56); + *(md++) = (unsigned char)(t>>48); + *(md++) = (unsigned char)(t>>40); + *(md++) = (unsigned char)(t>>32); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + break; + case SHA512_DIGEST_LENGTH: + for (n=0;nh[n]; + + *(md++) = (unsigned char)(t>>56); + *(md++) = (unsigned char)(t>>48); + *(md++) = (unsigned char)(t>>40); + *(md++) = (unsigned char)(t>>32); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + break; + /* ... as well as make sure md_len is not abused. */ + default: return 0; + } + + return 1; + } + +int SHA384_Final (unsigned char *md,SHA512_CTX *c) +{ return SHA512_Final (md,c); } + +int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) + { + SHA_LONG64 l; + unsigned char *p=c->u.p; + const unsigned char *data=(const unsigned char *)_data; + + if (len==0) return 1; + + l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); + if (l < c->Nl) c->Nh++; + if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); + c->Nl=l; + + if (c->num != 0) + { + size_t n = sizeof(c->u) - c->num; + + if (len < n) + { + memcpy (p+c->num,data,len), c->num += len; + return 1; + } + else { + memcpy (p+c->num,data,n), c->num = 0; + len-=n, data+=n; + sha512_block (c,p,1); + } + } + + if (len >= sizeof(c->u)) + { +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data%sizeof(c->u.d[0]) != 0) + while (len >= sizeof(c->u)) + memcpy (p,data,sizeof(c->u)), + sha512_block (c,p,1), + len -= sizeof(c->u), + data += sizeof(c->u); + else +#endif + sha512_block (c,data,len/sizeof(c->u)), + data += len, + len %= sizeof(c->u), + data -= len; + } + + if (len != 0) memcpy (p,data,len), c->num = (int)len; + + return 1; + } + +int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) +{ return SHA512_Update (c,data,len); } + +void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) +{ sha512_block (c,data,1); } + +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) + { + SHA512_CTX c; + static unsigned char m[SHA384_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA384_Init(&c); + SHA512_Update(&c,d,n); + SHA512_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) + { + SHA512_CTX c; + static unsigned char m[SHA512_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA512_Init(&c); + SHA512_Update(&c,d,n); + SHA512_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +#ifndef SHA512_ASM +static const SHA_LONG64 K512[80] = { + U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), + U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), + U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), + U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), + U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), + U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), + U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), + U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), + U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), + U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), + U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), + U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), + U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), + U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), + U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), + U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), + U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), + U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), + U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), + U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), + U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), + U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), + U64(0xd192e819d6ef5218),U64(0xd69906245565a910), + U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), + U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), + U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), + U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), + U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), + U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), + U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), + U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), + U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), + U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), + U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), + U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), + U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), + U64(0x28db77f523047d84),U64(0x32caab7b40c72493), + U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), + U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), + U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; + +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +# endif +# endif +#endif + +#ifndef PULL64 +#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +#endif + +#ifndef PEDANTIC +# if defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# define ROTR(a,n) _rotr64((a),n) +# endif +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define ROTR(a,n) ({ unsigned long ret; \ + asm ("rorq %1,%0" \ + : "=r"(ret) \ + : "J"(n),"0"(a) \ + : "cc"); ret; }) +# elif defined(_ARCH_PPC) && defined(__64BIT__) +# define ROTR(a,n) ({ unsigned long ret; \ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) +# endif +# endif +#endif + +#ifndef ROTR +#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +#endif + +#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +#define GO_FOR_SSE2(ctx,in,num) do { \ + void sha512_block_sse2(void *,const void *,size_t); \ + if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ + sha512_block_sse2(ctx->h,in,num); return; \ + } while (0) +#endif + +#ifdef OPENSSL_SMALL_FOOTPRINT + +static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; + SHA_LONG64 X[16]; + int i; + +#ifdef GO_FOR_SSE2 + GO_FOR_SSE2(ctx,in,num); +#endif + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + for (i=0;i<16;i++) + { +#ifdef B_ENDIAN + T1 = X[i] = W[i]; +#else + T1 = X[i] = PULL64(W[i]); +#endif + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + for (;i<80;i++) + { + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); + + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + W+=SHA_LBLOCK; + } + } + +#else + +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) + +static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; + SHA_LONG64 X[16]; + int i; + +#ifdef GO_FOR_SSE2 + GO_FOR_SSE2(ctx,in,num); +#endif + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + +#ifdef B_ENDIAN + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); +#else + T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); +#endif + + for (i=16;i<80;i+=8) + { + ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + W+=SHA_LBLOCK; + } + } + +#endif + +#endif /* SHA512_ASM */ + +#endif /* OPENSSL_NO_SHA512 */ diff --git a/crypto/openssl/crypto/sha/sha512t.c b/crypto/openssl/crypto/sha/sha512t.c new file mode 100644 index 0000000..210041d --- /dev/null +++ b/crypto/openssl/crypto/sha/sha512t.c @@ -0,0 +1,184 @@ +/* crypto/sha/sha512t.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include +#include +#include + +#include +#include +#include + +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512) +int main(int argc, char *argv[]) +{ + printf("No SHA512 support\n"); + return(0); +} +#else + +unsigned char app_c1[SHA512_DIGEST_LENGTH] = { + 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f }; + +unsigned char app_c2[SHA512_DIGEST_LENGTH] = { + 0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda, + 0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f, + 0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1, + 0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18, + 0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4, + 0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a, + 0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54, + 0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 }; + +unsigned char app_c3[SHA512_DIGEST_LENGTH] = { + 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64, + 0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63, + 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28, + 0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb, + 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a, + 0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b, + 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e, + 0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b }; + +unsigned char app_d1[SHA384_DIGEST_LENGTH] = { + 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b, + 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07, + 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63, + 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed, + 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23, + 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 }; + +unsigned char app_d2[SHA384_DIGEST_LENGTH] = { + 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8, + 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47, + 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2, + 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12, + 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9, + 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 }; + +unsigned char app_d3[SHA384_DIGEST_LENGTH] = { + 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb, + 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c, + 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52, + 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b, + 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb, + 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }; + +int main (int argc,char **argv) +{ unsigned char md[SHA512_DIGEST_LENGTH]; + int i; + EVP_MD_CTX evp; + +#ifdef OPENSSL_IA32_SSE2 + /* Alternative to this is to call OpenSSL_add_all_algorithms... + * The below code is retained exclusively for debugging purposes. */ + { char *env; + + if ((env=getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap = strtoul (env,NULL,0); + } +#endif + + fprintf(stdout,"Testing SHA-512 "); + + EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL); + if (memcmp(md,app_c1,sizeof(app_c1))) + { fflush(stdout); + fprintf(stderr,"\nTEST 1 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk" + "efghijkl""fghijklm""ghijklmn""hijklmno" + "ijklmnop""jklmnopq""klmnopqr""lmnopqrs" + "mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL); + if (memcmp(md,app_c2,sizeof(app_c2))) + { fflush(stdout); + fprintf(stderr,"\nTEST 2 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_MD_CTX_init (&evp); + EVP_DigestInit_ex (&evp,EVP_sha512(),NULL); + for (i=0;i<1000000;i+=288) + EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", + (1000000-i)<288?1000000-i:288); + EVP_DigestFinal_ex (&evp,md,NULL); + EVP_MD_CTX_cleanup (&evp); + + if (memcmp(md,app_c3,sizeof(app_c3))) + { fflush(stdout); + fprintf(stderr,"\nTEST 3 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + fprintf(stdout," passed.\n"); fflush(stdout); + + fprintf(stdout,"Testing SHA-384 "); + + EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL); + if (memcmp(md,app_d1,sizeof(app_d1))) + { fflush(stdout); + fprintf(stderr,"\nTEST 1 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk" + "efghijkl""fghijklm""ghijklmn""hijklmno" + "ijklmnop""jklmnopq""klmnopqr""lmnopqrs" + "mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL); + if (memcmp(md,app_d2,sizeof(app_d2))) + { fflush(stdout); + fprintf(stderr,"\nTEST 2 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + EVP_MD_CTX_init (&evp); + EVP_DigestInit_ex (&evp,EVP_sha384(),NULL); + for (i=0;i<1000000;i+=64) + EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", + (1000000-i)<64?1000000-i:64); + EVP_DigestFinal_ex (&evp,md,NULL); + EVP_MD_CTX_cleanup (&evp); + + if (memcmp(md,app_d3,sizeof(app_d3))) + { fflush(stdout); + fprintf(stderr,"\nTEST 3 of 3 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + fprintf(stdout," passed.\n"); fflush(stdout); + + return 0; +} +#endif diff --git a/crypto/openssl/crypto/sha/sha_dgst.c b/crypto/openssl/crypto/sha/sha_dgst.c index 5a4b3ab..60465d0 100644 --- a/crypto/openssl/crypto/sha/sha_dgst.c +++ b/crypto/openssl/crypto/sha/sha_dgst.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/openssl/crypto/sha/sha_locl.h index 2dd63a6..6281313 100644 --- a/crypto/openssl/crypto/sha/sha_locl.h +++ b/crypto/openssl/crypto/sha/sha_locl.h @@ -92,8 +92,8 @@ # define HASH_BLOCK_DATA_ORDER sha_block_data_order # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) - void sha_block_host_order (SHA_CTX *c, const void *p,int num); - void sha_block_data_order (SHA_CTX *c, const void *p,int num); + void sha_block_host_order (SHA_CTX *c, const void *p,size_t num); + void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); #elif defined(SHA_1) @@ -116,15 +116,22 @@ # ifdef SHA1_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +# if !defined(B_ENDIAN) +# define sha1_block_host_order sha1_block_asm_host_order +# define DONT_IMPLEMENT_BLOCK_HOST_ORDER +# define sha1_block_data_order sha1_block_asm_data_order +# define DONT_IMPLEMENT_BLOCK_DATA_ORDER +# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order +# endif +# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) # define sha1_block_host_order sha1_block_asm_host_order # define DONT_IMPLEMENT_BLOCK_HOST_ORDER # define sha1_block_data_order sha1_block_asm_data_order # define DONT_IMPLEMENT_BLOCK_DATA_ORDER -# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order # endif # endif - void sha1_block_host_order (SHA_CTX *c, const void *p,int num); - void sha1_block_data_order (SHA_CTX *c, const void *p,int num); + void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num); + void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #else # error "Either SHA_0 or SHA_1 must be defined." @@ -168,6 +175,8 @@ int HASH_INIT (SHA_CTX *c) #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) #define F_60_79(b,c,d) F_20_39(b,c,d) +#ifndef OPENSSL_SMALL_FOOTPRINT + #define BODY_00_15(i,a,b,c,d,e,f,xi) \ (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ (b)=ROTATE((b),30); @@ -221,7 +230,7 @@ int HASH_INIT (SHA_CTX *c) #endif #ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER -void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) +void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) { const SHA_LONG *W=d; register unsigned MD32_REG_T A,B,C,D,E,T; @@ -332,7 +341,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) c->h3=(c->h3+B)&0xffffffffL; c->h4=(c->h4+C)&0xffffffffL; - if (--num <= 0) break; + if (--num == 0) break; A=c->h0; B=c->h1; @@ -346,7 +355,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) #endif #ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER -void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) +void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; register unsigned MD32_REG_T A,B,C,D,E,T,l; @@ -459,7 +468,7 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) c->h3=(c->h3+B)&0xffffffffL; c->h4=(c->h4+C)&0xffffffffL; - if (--num <= 0) break; + if (--num == 0) break; A=c->h0; B=c->h1; @@ -470,3 +479,127 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) } } #endif + +#else /* OPENSSL_SMALL_FOOTPRINT */ + +#define BODY_00_15(xi) do { \ + T=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xi; } while(0) + +#define BODY_16_19(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +#define BODY_20_39(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_20_39+F_20_39(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +#define BODY_40_59(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_40_59+F_40_59(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +#define BODY_60_79(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T=E+K_60_79+F_60_79(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xa; } while(0) + +#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER +void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) + { + const SHA_LONG *W=d; + register unsigned MD32_REG_T A,B,C,D,E,T; + int i; + SHA_LONG X[16]; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + for (;;) + { + for (i=0;i<16;i++) + { X[i]=W[i]; BODY_00_15(X[i]); } + for (i=0;i<4;i++) + { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } + for (;i<24;i++) + { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } + for (i=0;i<20;i++) + { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } + for (i=4;i<24;i++) + { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } + + c->h0=(c->h0+A)&0xffffffffL; + c->h1=(c->h1+B)&0xffffffffL; + c->h2=(c->h2+C)&0xffffffffL; + c->h3=(c->h3+D)&0xffffffffL; + c->h4=(c->h4+E)&0xffffffffL; + + if (--num == 0) break; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + W+=SHA_LBLOCK; + } + } +#endif + +#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER +void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) + { + const unsigned char *data=p; + register unsigned MD32_REG_T A,B,C,D,E,T,l; + int i; + SHA_LONG X[16]; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + for (;;) + { + for (i=0;i<16;i++) + { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); } + for (i=0;i<4;i++) + { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } + for (;i<24;i++) + { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } + for (i=0;i<20;i++) + { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } + for (i=4;i<24;i++) + { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } + + c->h0=(c->h0+A)&0xffffffffL; + c->h1=(c->h1+B)&0xffffffffL; + c->h2=(c->h2+C)&0xffffffffL; + c->h3=(c->h3+D)&0xffffffffL; + c->h4=(c->h4+E)&0xffffffffL; + + if (--num == 0) break; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + } + } +#endif + +#endif diff --git a/crypto/openssl/crypto/sha/sha_one.c b/crypto/openssl/crypto/sha/sha_one.c index e61c63f..3bae623 100644 --- a/crypto/openssl/crypto/sha/sha_one.c +++ b/crypto/openssl/crypto/sha/sha_one.c @@ -62,13 +62,14 @@ #include #ifndef OPENSSL_NO_SHA0 -unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; static unsigned char m[SHA_DIGEST_LENGTH]; if (md == NULL) md=m; - SHA_Init(&c); + if (!SHA_Init(&c)) + return NULL; SHA_Update(&c,d,n); SHA_Final(md,&c); OPENSSL_cleanse(&c,sizeof(c)); diff --git a/crypto/openssl/crypto/sha/shatest.c b/crypto/openssl/crypto/sha/shatest.c index 5d2b1d3..bfb11f0 100644 --- a/crypto/openssl/crypto/sha/shatest.c +++ b/crypto/openssl/crypto/sha/shatest.c @@ -62,10 +62,10 @@ #include "../e_os.h" -#ifdef OPENSSL_NO_SHA +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) int main(int argc, char *argv[]) { - printf("No SHA support\n"); + printf("No SHA0 support\n"); return(0); } #else @@ -123,7 +123,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL); + EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EVP_MD_CTX_cleanup(&c); EXIT(err); return(0); diff --git a/crypto/openssl/crypto/sparccpuid.S b/crypto/openssl/crypto/sparccpuid.S new file mode 100644 index 0000000..c17350f --- /dev/null +++ b/crypto/openssl/crypto/sparccpuid.S @@ -0,0 +1,239 @@ +#if defined(__SUNPRO_C) && defined(__sparcv9) +# define ABI64 /* They've said -xarch=v9 at command line */ +#elif defined(__GNUC__) && defined(__arch64__) +# define ABI64 /* They've said -m64 at command line */ +#endif + +#ifdef ABI64 + .register %g2,#scratch + .register %g3,#scratch +# define FRAME -192 +# define BIAS 2047 +#else +# define FRAME -96 +# define BIAS 0 +#endif + +.text +.align 32 +.global OPENSSL_wipe_cpu +.type OPENSSL_wipe_cpu,#function +! Keep in mind that this does not excuse us from wiping the stack! +! This routine wipes registers, but not the backing store [which +! resides on the stack, toward lower addresses]. To facilitate for +! stack wiping I return pointer to the top of stack of the *caller*. +OPENSSL_wipe_cpu: + save %sp,FRAME,%sp + nop +#ifdef __sun +#include + ta ST_CLEAN_WINDOWS +#else + call .walk.reg.wins +#endif + nop + call .PIC.zero.up + mov .zero-(.-4),%o0 + ldd [%o0],%f0 + + subcc %g0,1,%o0 + ! Following is V9 "rd %ccr,%o0" instruction. However! V8 + ! specification says that it ("rd %asr2,%o0" in V8 terms) does + ! not cause illegal_instruction trap. It therefore can be used + ! to determine if the CPU the code is executing on is V8- or + ! V9-compliant, as V9 returns a distinct value of 0x99, + ! "negative" and "borrow" bits set in both %icc and %xcc. + .word 0x91408000 !rd %ccr,%o0 + cmp %o0,0x99 + bne .v8 + nop + ! Even though we do not use %fp register bank, + ! we wipe it as memcpy might have used it... + .word 0xbfa00040 !fmovd %f0,%f62 + .word 0xbba00040 !... + .word 0xb7a00040 + .word 0xb3a00040 + .word 0xafa00040 + .word 0xaba00040 + .word 0xa7a00040 + .word 0xa3a00040 + .word 0x9fa00040 + .word 0x9ba00040 + .word 0x97a00040 + .word 0x93a00040 + .word 0x8fa00040 + .word 0x8ba00040 + .word 0x87a00040 + .word 0x83a00040 !fmovd %f0,%f32 +.v8: fmovs %f1,%f31 + clr %o0 + fmovs %f0,%f30 + clr %o1 + fmovs %f1,%f29 + clr %o2 + fmovs %f0,%f28 + clr %o3 + fmovs %f1,%f27 + clr %o4 + fmovs %f0,%f26 + clr %o5 + fmovs %f1,%f25 + clr %o7 + fmovs %f0,%f24 + clr %l0 + fmovs %f1,%f23 + clr %l1 + fmovs %f0,%f22 + clr %l2 + fmovs %f1,%f21 + clr %l3 + fmovs %f0,%f20 + clr %l4 + fmovs %f1,%f19 + clr %l5 + fmovs %f0,%f18 + clr %l6 + fmovs %f1,%f17 + clr %l7 + fmovs %f0,%f16 + clr %i0 + fmovs %f1,%f15 + clr %i1 + fmovs %f0,%f14 + clr %i2 + fmovs %f1,%f13 + clr %i3 + fmovs %f0,%f12 + clr %i4 + fmovs %f1,%f11 + clr %i5 + fmovs %f0,%f10 + clr %g1 + fmovs %f1,%f9 + clr %g2 + fmovs %f0,%f8 + clr %g3 + fmovs %f1,%f7 + clr %g4 + fmovs %f0,%f6 + clr %g5 + fmovs %f1,%f5 + fmovs %f0,%f4 + fmovs %f1,%f3 + fmovs %f0,%f2 + + add %fp,BIAS,%i0 ! return pointer to caller´s top of stack + + ret + restore + +.zero: .long 0x0,0x0 +.PIC.zero.up: + retl + add %o0,%o7,%o0 +#ifdef DEBUG +.global walk_reg_wins +.type walk_reg_wins,#function +walk_reg_wins: +#endif +.walk.reg.wins: + save %sp,FRAME,%sp + cmp %i7,%o7 + be 2f + clr %o0 + cmp %o7,0 ! compiler never cleans %o7... + be 1f ! could have been a leaf function... + clr %o1 + call .walk.reg.wins + nop +1: clr %o2 + clr %o3 + clr %o4 + clr %o5 + clr %o7 + clr %l0 + clr %l1 + clr %l2 + clr %l3 + clr %l4 + clr %l5 + clr %l6 + clr %l7 + add %o0,1,%i0 ! used for debugging +2: ret + restore +.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu + +.global OPENSSL_atomic_add +.type OPENSSL_atomic_add,#function +OPENSSL_atomic_add: +#ifndef ABI64 + subcc %g0,1,%o2 + .word 0x95408000 !rd %ccr,%o2, see comment above + cmp %o2,0x99 + be .v9 + nop + save %sp,FRAME,%sp + ba .enter + nop +#ifdef __sun +! Note that you don't have to link with libthread to call thr_yield, +! as libc provides a stub, which is overloaded the moment you link +! with *either* libpthread or libthread... +#define YIELD_CPU thr_yield +#else +! applies at least to Linux and FreeBSD... Feedback expected... +#define YIELD_CPU sched_yield +#endif +.spin: call YIELD_CPU + nop +.enter: ld [%i0],%i2 + cmp %i2,-4096 + be .spin + mov -1,%i2 + swap [%i0],%i2 + cmp %i2,-1 + be .spin + add %i2,%i1,%i2 + stbar + st %i2,[%i0] + sra %i2,%g0,%i0 + ret + restore +.v9: +#endif + ld [%o0],%o2 +1: add %o1,%o2,%o3 + .word 0xd7e2100a !cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3 + cmp %o2,%o3 + bne 1b + mov %o3,%o2 ! cas is always fetching to dest. register + add %o1,%o2,%o0 ! OpenSSL expects the new value + retl + sra %o0,%g0,%o0 ! we return signed int, remember? +.size OPENSSL_atomic_add,.-OPENSSL_atomic_add + +.global OPENSSL_rdtsc + subcc %g0,1,%o0 + .word 0x91408000 !rd %ccr,%o0 + cmp %o0,0x99 + bne .notsc + xor %o0,%o0,%o0 + save %sp,FRAME-16,%sp + mov 513,%o0 !SI_PLATFORM + add %sp,BIAS+16,%o1 + call sysinfo + mov 256,%o2 + + add %sp,BIAS-16,%o1 + ld [%o1],%l0 + ld [%o1+4],%l1 + ld [%o1+8],%l2 + mov %lo('SUNW'),%l3 + ret + restore +.notsc: + retl + nop +.type OPENSSL_rdtsc,#function +.size OPENSSL_rdtsc,.-OPENSSL_atomic_add diff --git a/crypto/openssl/crypto/stack/Makefile b/crypto/openssl/crypto/stack/Makefile index 1f25814..5327692 100644 --- a/crypto/openssl/crypto/stack/Makefile +++ b/crypto/openssl/crypto/stack/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/stack/Makefile +# OpenSSL/crypto/stack/Makefile # DIR= stack @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -77,10 +74,11 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -stack.o: ../../e_os.h ../../include/openssl/bio.h +stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -stack.o: ../cryptlib.h stack.c +stack.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +stack.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +stack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +stack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +stack.o: ../../include/openssl/symhacks.h ../cryptlib.h stack.c diff --git a/crypto/openssl/crypto/stack/safestack.h b/crypto/openssl/crypto/stack/safestack.h index bd1121c..e5f5be9 100644 --- a/crypto/openssl/crypto/stack/safestack.h +++ b/crypto/openssl/crypto/stack/safestack.h @@ -57,6 +57,9 @@ #include +typedef void (*openssl_fptr)(void); +#define openssl_fcast(f) ((openssl_fptr)f) + #ifdef DEBUG_SAFESTACK #define STACK_OF(type) struct stack_st_##type @@ -73,72 +76,73 @@ STACK_OF(type) \ /* SKM_sk_... stack macros are internal to safestack.h: * never use them directly, use sk__... instead */ #define SKM_sk_new(type, cmp) \ - ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp) + ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp) #define SKM_sk_new_null(type) \ - ((STACK_OF(type) * (*)(void))sk_new_null)() + ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))() #define SKM_sk_free(type, st) \ - ((void (*)(STACK_OF(type) *))sk_free)(st) + ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st) #define SKM_sk_num(type, st) \ - ((int (*)(const STACK_OF(type) *))sk_num)(st) + ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st) #define SKM_sk_value(type, st,i) \ - ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i) + ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i) #define SKM_sk_set(type, st,i,val) \ - ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val) + ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val) #define SKM_sk_zero(type, st) \ - ((void (*)(STACK_OF(type) *))sk_zero)(st) + ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st) #define SKM_sk_push(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val) + ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val) #define SKM_sk_unshift(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val) + ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val) #define SKM_sk_find(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val) + ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val) #define SKM_sk_delete(type, st,i) \ - ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i) + ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i) #define SKM_sk_delete_ptr(type, st,ptr) \ - ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr) + ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr) #define SKM_sk_insert(type, st,val,i) \ - ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i) + ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i) #define SKM_sk_set_cmp_func(type, st,cmp) \ ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ - (const type * const *, const type * const *))sk_set_cmp_func)\ + (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\ (st, cmp) #define SKM_sk_dup(type, st) \ - ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st) + ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st) #define SKM_sk_pop_free(type, st,free_func) \ - ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\ + ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\ (st, free_func) #define SKM_sk_shift(type, st) \ - ((type * (*)(STACK_OF(type) *))sk_shift)(st) + ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st) #define SKM_sk_pop(type, st) \ - ((type * (*)(STACK_OF(type) *))sk_pop)(st) + ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st) #define SKM_sk_sort(type, st) \ - ((void (*)(STACK_OF(type) *))sk_sort)(st) + ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st) #define SKM_sk_is_sorted(type, st) \ - ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st) + ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ - type *(*)(type **, unsigned char **,long), \ - void (*)(type *), int ,int )) d2i_ASN1_SET) \ - (st,pp,length, d2i_func, free_func, ex_tag,ex_class) +((STACK_OF(type) * (*) (STACK_OF(type) **,const unsigned char **, long , \ + type *(*)(type **, const unsigned char **,long), \ + void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \ + (st,pp,length, d2i_func, free_func, ex_tag,ex_class) #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ ((int (*)(STACK_OF(type) *,unsigned char **, \ - int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \ + int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \ (st,pp,i2d_func,ex_tag,ex_class,is_set) #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ((unsigned char *(*)(STACK_OF(type) *, \ - int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \ + int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \ (st, i2d_func, buf, len) #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ((STACK_OF(type) * (*)(unsigned char *,int, \ - type *(*)(type **,unsigned char **, long), \ - void (*)(type *)))ASN1_seq_unpack) \ + ((STACK_OF(type) * (*)(const unsigned char *,int, \ + type *(*)(type **,const unsigned char **, long), \ + void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \ (buf,len,d2i_func, free_func) #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ ((STACK_OF(type) * (*)(X509_ALGOR *, \ - type *(*)(type **, unsigned char **, long), void (*)(type *), \ + type *(*)(type **, const unsigned char **, long), \ + void (*)(type *), \ const char *, int, \ ASN1_STRING *, int))PKCS12_decrypt_d2i) \ (algor,d2i_func,free_func,pass,passlen,oct,seq) @@ -193,14 +197,14 @@ STACK_OF(type) \ sk_is_sorted(st) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) + d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set) + i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ASN1_seq_pack(st, i2d_func, buf, len) + ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func) + ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) @@ -218,6 +222,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) @@ -239,6 +244,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) @@ -260,6 +266,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) @@ -281,6 +288,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) @@ -302,6 +310,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) @@ -323,6 +332,7 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) @@ -344,6 +354,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) @@ -365,6 +376,7 @@ STACK_OF(type) \ #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) @@ -386,6 +398,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) @@ -407,6 +420,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) @@ -428,6 +442,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) @@ -449,6 +464,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) @@ -470,6 +486,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) @@ -491,6 +508,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) @@ -512,6 +530,7 @@ STACK_OF(type) \ #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) @@ -533,6 +552,7 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) @@ -554,6 +574,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) @@ -565,6 +586,28 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) +#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) + #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) @@ -575,6 +618,7 @@ STACK_OF(type) \ #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) @@ -596,6 +640,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) @@ -617,6 +662,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) @@ -638,6 +684,7 @@ STACK_OF(type) \ #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) @@ -659,6 +706,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) @@ -680,6 +728,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) @@ -701,6 +750,7 @@ STACK_OF(type) \ #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) @@ -722,6 +772,7 @@ STACK_OF(type) \ #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) @@ -743,6 +794,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) @@ -764,6 +816,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) @@ -785,6 +838,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) @@ -806,6 +860,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) @@ -827,6 +882,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) @@ -848,6 +904,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) @@ -869,6 +926,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) @@ -890,6 +948,7 @@ STACK_OF(type) \ #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) @@ -911,6 +970,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) @@ -932,6 +992,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) @@ -953,6 +1014,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) @@ -974,6 +1036,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) @@ -985,6 +1048,28 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) +#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) + #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) @@ -995,6 +1080,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) @@ -1016,6 +1102,7 @@ STACK_OF(type) \ #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) @@ -1027,6 +1114,28 @@ STACK_OF(type) \ #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) +#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) + #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) @@ -1037,6 +1146,7 @@ STACK_OF(type) \ #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) @@ -1058,6 +1168,7 @@ STACK_OF(type) \ #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) @@ -1079,6 +1190,7 @@ STACK_OF(type) \ #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) @@ -1100,6 +1212,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) @@ -1121,6 +1234,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) @@ -1142,6 +1256,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) @@ -1163,6 +1278,7 @@ STACK_OF(type) \ #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) @@ -1184,6 +1300,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) @@ -1205,6 +1322,7 @@ STACK_OF(type) \ #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) @@ -1226,6 +1344,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) @@ -1247,6 +1366,7 @@ STACK_OF(type) \ #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) @@ -1268,6 +1388,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) @@ -1289,6 +1410,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) @@ -1300,6 +1422,72 @@ STACK_OF(type) \ #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) +#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) +#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) +#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) +#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) +#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) +#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) +#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) +#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) +#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) +#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) + +#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) +#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) +#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) +#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) +#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) +#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) +#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) +#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) +#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) +#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) + +#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) +#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) +#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) +#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) +#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) +#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) +#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) +#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) +#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) +#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) +#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) +#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) +#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) +#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) +#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) + #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) @@ -1310,6 +1498,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) @@ -1331,6 +1520,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) @@ -1352,6 +1542,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) @@ -1363,6 +1554,28 @@ STACK_OF(type) \ #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) +#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) +#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) +#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) +#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) +#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) +#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) +#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) + #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ diff --git a/crypto/openssl/crypto/stack/stack.c b/crypto/openssl/crypto/stack/stack.c index c7173eb..5967a2c 100644 --- a/crypto/openssl/crypto/stack/stack.c +++ b/crypto/openssl/crypto/stack/stack.c @@ -68,6 +68,7 @@ #include #include "cryptlib.h" #include +#include #undef MIN_NODES #define MIN_NODES 4 @@ -209,7 +210,7 @@ char *sk_delete(STACK *st, int loc) return(ret); } -int sk_find(STACK *st, char *data) +static int internal_find(STACK *st, char *data, int ret_val_options) { char **r; int i; @@ -232,19 +233,19 @@ int sk_find(STACK *st, char *data) * not (type *) pointers, but the *pointers* to (type *) pointers, * so we get our extra level of pointer dereferencing that way. */ comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)bsearch(&data,(char *)st->data, - st->num,sizeof(char *), comp_func); + r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, + st->num,sizeof(char *),comp_func,ret_val_options); if (r == NULL) return(-1); - i=(int)(r-st->data); - for ( ; i>0; i--) - /* This needs a cast because the type being pointed to from - * the "&" expressions are (char *) rather than (const char *). - * For an explanation, read: - * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ - if ((*st->comp)((const char * const *)&(st->data[i-1]), - (const char * const *)&data) < 0) - break; - return(i); + return((int)(r-st->data)); + } + +int sk_find(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); + } +int sk_find_ex(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); } int sk_push(STACK *st, char *data) diff --git a/crypto/openssl/crypto/stack/stack.h b/crypto/openssl/crypto/stack/stack.h index 7570b85..5cbb116 100644 --- a/crypto/openssl/crypto/stack/stack.h +++ b/crypto/openssl/crypto/stack/stack.h @@ -89,6 +89,7 @@ int sk_insert(STACK *sk,char *data,int where); char *sk_delete(STACK *st,int loc); char *sk_delete_ptr(STACK *st, char *p); int sk_find(STACK *st,char *data); +int sk_find_ex(STACK *st,char *data); int sk_push(STACK *st,char *data); int sk_unshift(STACK *st,char *data); char *sk_shift(STACK *st); diff --git a/crypto/openssl/crypto/store/Makefile b/crypto/openssl/crypto/store/Makefile new file mode 100644 index 0000000..0dcfd78 --- /dev/null +++ b/crypto/openssl/crypto/store/Makefile @@ -0,0 +1,112 @@ +# +# OpenSSL/crypto/store/Makefile +# + +DIR= store +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +#TEST= storetest.c +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c +LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o + +SRC= $(LIBSRC) + +#EXHEADER= store.h str_compat.h +EXHEADER= store.h +HEADER= $(EXHEADER) str_locl.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +str_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +str_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +str_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +str_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_err.o: str_err.c +str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_lib.o: str_lib.c str_locl.h +str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_mem.o: str_locl.h str_mem.c +str_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +str_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +str_meth.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_meth.o: str_locl.h str_meth.c diff --git a/crypto/openssl/crypto/store/README b/crypto/openssl/crypto/store/README new file mode 100644 index 0000000..966168f --- /dev/null +++ b/crypto/openssl/crypto/store/README @@ -0,0 +1,95 @@ +The STORE type +============== + +A STORE, as defined in this code section, is really a rather simple +thing which stores objects and per-object associations to a number +of attributes. What attributes are supported entirely depends on +the particular implementation of a STORE. It has some support for +generation of certain objects (for example, keys and CRLs). + + +Supported object types +---------------------- + +For now, the objects that are supported are the following: + +X.509 certificate +X.509 CRL +private key +public key +number +arbitrary (application) data + +The intention is that a STORE should be able to store everything +needed by an application that wants a cert/key store, as well as +the data a CA might need to store (this includes the serial number +counter, which explains the support for numbers). + + +Supported attribute types +------------------------- + +For now, the following attributes are supported: + +Friendly Name - the value is a normal C string +Key ID - the value is a 160 bit SHA1 hash +Issuer Key ID - the value is a 160 bit SHA1 hash +Subject Key ID - the value is a 160 bit SHA1 hash +Issuer/Serial Hash - the value is a 160 bit SHA1 hash +Issuer - the value is a X509_NAME +Serial - the value is a BIGNUM +Subject - the value is a X509_NAME +Certificate Hash - the value is a 160 bit SHA1 hash +Email - the value is a normal C string +Filename - the value is a normal C string + +It is expected that these attributes should be enough to support +the need from most, if not all, current applications. Applications +that need to do certificate verification would typically use Subject +Key ID, Issuer/Serial Hash or Subject to look up issuer certificates. +S/MIME applications would typically use Email to look up recipient +and signer certificates. + +There's added support for combined sets of attributes to search for, +with the special OR attribute. + + +Supported basic functionality +----------------------------- + +The functions that are supported through the STORE type are these: + +generate_object - for example to generate keys and CRLs +get_object - to look up one object + NOTE: this function is really rather + redundant and probably of lesser usage + than the list functions +store_object - store an object and the attributes + associated with it +modify_object - modify the attributes associated with + a specific object +revoke_object - revoke an object + NOTE: this only marks an object as + invalid, it doesn't remove the object + from the database +delete_object - remove an object from the database +list_object - list objects associated with a given + set of attributes + NOTE: this is really four functions: + list_start, list_next, list_end and + list_endp +update_store - update the internal data of the store +lock_store - lock the store +unlock_store - unlock the store + +The list functions need some extra explanation: list_start is +used to set up a lookup. That's where the attributes to use in +the search are set up. It returns a search context. list_next +returns the next object searched for. list_end closes the search. +list_endp is used to check if we have reached the end. + +A few words on the store functions as well: update_store is +typically used by a CA application to update the internal +structure of a database. This may for example involve automatic +removal of expired certificates. lock_store and unlock_store +are used for locking a store to allow exclusive writes. diff --git a/crypto/openssl/crypto/store/store.h b/crypto/openssl/crypto/store/store.h new file mode 100644 index 0000000..6458337 --- /dev/null +++ b/crypto/openssl/crypto/store/store.h @@ -0,0 +1,554 @@ +/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_H +#define HEADER_STORE_H + +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#include +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct store_st STORE; */ +/* typedef struct store_method_st STORE_METHOD; */ + + +/* All the following functions return 0, a negative number or NULL on error. + When everything is fine, they return a positive value or a non-NULL + pointer, all depending on their purpose. */ + +/* Creators and destructor. */ +STORE *STORE_new_method(const STORE_METHOD *method); +STORE *STORE_new_engine(ENGINE *engine); +void STORE_free(STORE *ui); + + +/* Give a user interface parametrised control commands. This can be used to + send down an integer, a data pointer or a function pointer, as well as + be used to get information from a STORE. */ +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)); + +/* A control to set the directory with keys and certificates. Used by the + built-in directory level method. */ +#define STORE_CTRL_SET_DIRECTORY 0x0001 +/* A control to set a file to load. Used by the built-in file level method. */ +#define STORE_CTRL_SET_FILE 0x0002 +/* A control to set a configuration file to load. Can be used by any method + that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_FILE 0x0003 +/* A control to set a the section of the loaded configuration file. Can be + used by any method that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_SECTION 0x0004 + + +/* Some methods may use extra data */ +#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) +#define STORE_get_app_data(s) STORE_get_ex_data(s,0) +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int STORE_set_ex_data(STORE *r,int idx,void *arg); +void *STORE_get_ex_data(STORE *r, int idx); + +/* Use specific methods instead of the built-in one */ +const STORE_METHOD *STORE_get_method(STORE *store); +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); + +/* The standard OpenSSL methods. */ +/* This is the in-memory method. It does everything except revoking and updating, + and is of course volatile. It's used by other methods that have an in-memory + cache. */ +const STORE_METHOD *STORE_Memory(void); +#if 0 /* Not yet implemented */ +/* This is the directory store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. */ +const STORE_METHOD *STORE_Directory(void); +/* This is the file store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. Certificates are added + to it with the store operation, and it will only get cached certificates. */ +const STORE_METHOD *STORE_File(void); +#endif + +/* Store functions take a type code for the type of data they should store + or fetch */ +typedef enum STORE_object_types + { + STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, /* X509 * */ + STORE_OBJECT_TYPE_X509_CRL= 0x02, /* X509_CRL * */ + STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, /* EVP_PKEY * */ + STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, /* EVP_PKEY * */ + STORE_OBJECT_TYPE_NUMBER= 0x05, /* BIGNUM * */ + STORE_OBJECT_TYPE_ARBITRARY= 0x06, /* BUF_MEM * */ + STORE_OBJECT_TYPE_NUM= 0x06 /* The amount of known + object types */ + } STORE_OBJECT_TYPES; +/* List of text strings corresponding to the object types. */ +extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1]; + +/* Some store functions take a parameter list. Those parameters come with + one of the following codes. The comments following the codes below indicate + what type the value should be a pointer to. */ +typedef enum STORE_params + { + STORE_PARAM_EVP_TYPE= 0x01, /* int */ + STORE_PARAM_BITS= 0x02, /* size_t */ + STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ + STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ + STORE_PARAM_AUTH_PASSPHRASE= 0x05, /* char * */ + STORE_PARAM_AUTH_KRB5_TICKET= 0x06, /* void * */ + STORE_PARAM_TYPE_NUM= 0x06 /* The amount of known + parameter types */ + } STORE_PARAM_TYPES; +/* Parameter value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1]; + +/* Store functions take attribute lists. Those attributes come with codes. + The comments following the codes below indicate what type the value should + be a pointer to. */ +typedef enum STORE_attribs + { + STORE_ATTR_END= 0x00, + STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */ + STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */ + STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */ + STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */ + STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */ + STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */ + STORE_ATTR_EMAIL= 0x0a, /* C string */ + STORE_ATTR_FILENAME= 0x0b, /* C string */ + STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known + attribute types */ + STORE_ATTR_OR= 0xff /* This is a special + separator, which + expresses the OR + operation. */ + } STORE_ATTR_TYPES; +/* Attribute value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1]; + +typedef enum STORE_certificate_status + { + STORE_X509_VALID= 0x00, + STORE_X509_EXPIRED= 0x01, + STORE_X509_SUSPENDED= 0x02, + STORE_X509_REVOKED= 0x03 + } STORE_CERTIFICATE_STATUS; + +/* Engine store functions will return a structure that contains all the necessary + * information, including revokation status for certificates. This is really not + * needed for application authors, as the ENGINE framework functions will extract + * the OpenSSL-specific information when at all possible. However, for engine + * authors, it's crucial to know this structure. */ +typedef struct STORE_OBJECT_st + { + STORE_OBJECT_TYPES type; + union + { + struct + { + STORE_CERTIFICATE_STATUS status; + X509 *certificate; + } x509; + X509_CRL *crl; + EVP_PKEY *key; + BIGNUM *number; + BUF_MEM *arbitrary; + } data; + } STORE_OBJECT; +DECLARE_STACK_OF(STORE_OBJECT) +STORE_OBJECT *STORE_OBJECT_new(void); +void STORE_OBJECT_free(STORE_OBJECT *data); + + + +/* The following functions handle the storage. They return 0, a negative number + or NULL on error, anything else on success. */ +X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +X509 *STORE_list_certificate_next(STORE *e, void *handle); +int STORE_list_certificate_end(STORE *e, void *handle); +int STORE_list_certificate_endp(STORE *e, void *handle); +EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_private_key(STORE *e, EVP_PKEY *data, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); +int STORE_list_private_key_end(STORE *e, void *handle); +int STORE_list_private_key_endp(STORE *e, void *handle); +EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); +int STORE_list_public_key_end(STORE *e, void *handle); +int STORE_list_public_key_endp(STORE *e, void *handle); +X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +X509_CRL *STORE_list_crl_next(STORE *e, void *handle); +int STORE_list_crl_end(STORE *e, void *handle); +int STORE_list_crl_endp(STORE *e, void *handle); +int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); + + +/* Create and manipulate methods */ +STORE_METHOD *STORE_create_method(char *name); +void STORE_destroy_method(STORE_METHOD *store_method); + +/* These callback types are use for store handlers */ +typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); +typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); +typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void)); + +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f); +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f); +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f); +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f); +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f); +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f); +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f); +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f); + +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm); +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm); +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm); +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm); +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm); +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm); +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); + +/* Method helper structures and functions. */ + +/* This structure is the result of parsing through the information in a list + of OPENSSL_ITEMs. It stores all the necessary information in a structured + way.*/ +typedef struct STORE_attr_info_st STORE_ATTR_INFO; + +/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. + Note that we do this in the list form, since the list of OPENSSL_ITEMs can + come in blocks separated with STORE_ATTR_OR. Note that the value returned + by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */ +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); +int STORE_parse_attrs_end(void *handle); +int STORE_parse_attrs_endp(void *handle); + +/* Creator and destructor */ +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); + +/* Manipulators */ +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code); +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); + +/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values + in each contained attribute. */ +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a is within the range of attributes + set in b. */ +int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a are also set in b. */ +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_STORE_strings(void); + +/* Error codes for the STORE functions. */ + +/* Function codes. */ +#define STORE_F_MEM_DELETE 134 +#define STORE_F_MEM_GENERATE 135 +#define STORE_F_MEM_LIST_END 168 +#define STORE_F_MEM_LIST_NEXT 136 +#define STORE_F_MEM_LIST_START 137 +#define STORE_F_MEM_MODIFY 169 +#define STORE_F_MEM_STORE 138 +#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 +#define STORE_F_STORE_ATTR_INFO_GET0_DN 140 +#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 +#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 +#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 +#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 +#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 +#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 +#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 +#define STORE_F_STORE_ATTR_INFO_SET_DN 148 +#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 +#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 +#define STORE_F_STORE_CERTIFICATE 170 +#define STORE_F_STORE_CTRL 161 +#define STORE_F_STORE_DELETE_ARBITRARY 158 +#define STORE_F_STORE_DELETE_CERTIFICATE 102 +#define STORE_F_STORE_DELETE_CRL 103 +#define STORE_F_STORE_DELETE_NUMBER 104 +#define STORE_F_STORE_DELETE_PRIVATE_KEY 105 +#define STORE_F_STORE_DELETE_PUBLIC_KEY 106 +#define STORE_F_STORE_GENERATE_CRL 107 +#define STORE_F_STORE_GENERATE_KEY 108 +#define STORE_F_STORE_GET_ARBITRARY 159 +#define STORE_F_STORE_GET_CERTIFICATE 109 +#define STORE_F_STORE_GET_CRL 110 +#define STORE_F_STORE_GET_NUMBER 111 +#define STORE_F_STORE_GET_PRIVATE_KEY 112 +#define STORE_F_STORE_GET_PUBLIC_KEY 113 +#define STORE_F_STORE_LIST_CERTIFICATE_END 114 +#define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 +#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 +#define STORE_F_STORE_LIST_CERTIFICATE_START 116 +#define STORE_F_STORE_LIST_CRL_END 117 +#define STORE_F_STORE_LIST_CRL_ENDP 154 +#define STORE_F_STORE_LIST_CRL_NEXT 118 +#define STORE_F_STORE_LIST_CRL_START 119 +#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 +#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 +#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 +#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 +#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 +#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +#define STORE_F_STORE_MODIFY_ARBITRARY 162 +#define STORE_F_STORE_MODIFY_CERTIFICATE 163 +#define STORE_F_STORE_MODIFY_CRL 164 +#define STORE_F_STORE_MODIFY_NUMBER 165 +#define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 +#define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 +#define STORE_F_STORE_NEW_ENGINE 133 +#define STORE_F_STORE_NEW_METHOD 132 +#define STORE_F_STORE_PARSE_ATTRS_END 151 +#define STORE_F_STORE_PARSE_ATTRS_ENDP 172 +#define STORE_F_STORE_PARSE_ATTRS_NEXT 152 +#define STORE_F_STORE_PARSE_ATTRS_START 171 +#define STORE_F_STORE_REVOKE_CERTIFICATE 129 +#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 +#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 +#define STORE_F_STORE_STORE_ARBITRARY 157 +#define STORE_F_STORE_STORE_CERTIFICATE 100 +#define STORE_F_STORE_STORE_CRL 101 +#define STORE_F_STORE_STORE_NUMBER 126 +#define STORE_F_STORE_STORE_PRIVATE_KEY 127 +#define STORE_F_STORE_STORE_PUBLIC_KEY 128 + +/* Reason codes. */ +#define STORE_R_ALREADY_HAS_A_VALUE 127 +#define STORE_R_FAILED_DELETING_ARBITRARY 132 +#define STORE_R_FAILED_DELETING_CERTIFICATE 100 +#define STORE_R_FAILED_DELETING_KEY 101 +#define STORE_R_FAILED_DELETING_NUMBER 102 +#define STORE_R_FAILED_GENERATING_CRL 103 +#define STORE_R_FAILED_GENERATING_KEY 104 +#define STORE_R_FAILED_GETTING_ARBITRARY 133 +#define STORE_R_FAILED_GETTING_CERTIFICATE 105 +#define STORE_R_FAILED_GETTING_KEY 106 +#define STORE_R_FAILED_GETTING_NUMBER 107 +#define STORE_R_FAILED_LISTING_CERTIFICATES 108 +#define STORE_R_FAILED_LISTING_KEYS 109 +#define STORE_R_FAILED_MODIFYING_ARBITRARY 138 +#define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 +#define STORE_R_FAILED_MODIFYING_CRL 140 +#define STORE_R_FAILED_MODIFYING_NUMBER 141 +#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 +#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 +#define STORE_R_FAILED_REVOKING_CERTIFICATE 110 +#define STORE_R_FAILED_REVOKING_KEY 111 +#define STORE_R_FAILED_STORING_ARBITRARY 134 +#define STORE_R_FAILED_STORING_CERTIFICATE 112 +#define STORE_R_FAILED_STORING_KEY 113 +#define STORE_R_FAILED_STORING_NUMBER 114 +#define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_CONTROL_FUNCTION 144 +#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 +#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 +#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 +#define STORE_R_NO_GENERATE_CRL_FUNCTION 117 +#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 +#define STORE_R_NO_GET_OBJECT_FUNCTION 119 +#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 +#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 +#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 +#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +#define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 +#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 +#define STORE_R_NO_STORE 129 +#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 +#define STORE_R_NO_STORE_OBJECT_FUNCTION 125 +#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 +#define STORE_R_NO_VALUE 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/openssl/crypto/store/str_err.c b/crypto/openssl/crypto/store/str_err.c new file mode 100644 index 0000000..5c6fe83 --- /dev/null +++ b/crypto/openssl/crypto/store/str_err.c @@ -0,0 +1,214 @@ +/* crypto/store/str_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) + +static ERR_STRING_DATA STORE_str_functs[]= + { +{ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, +{ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, +{ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, +{ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, +{ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, +{ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, +{ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), "STORE_ATTR_INFO_get0_cstr"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), "STORE_ATTR_INFO_get0_sha1str"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), "STORE_ATTR_INFO_modify_dn"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), "STORE_ATTR_INFO_modify_number"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), "STORE_ATTR_INFO_modify_sha1str"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), "STORE_ATTR_INFO_set_number"}, +{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"}, +{ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, +{ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, +{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, +{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, +{ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"}, +{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"}, +{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"}, +{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"}, +{ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"}, +{ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"}, +{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"}, +{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"}, +{ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"}, +{ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"}, +{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"}, +{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"}, +{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), "STORE_list_certificate_end"}, +{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"}, +{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"}, +{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), "STORE_list_certificate_start"}, +{ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"}, +{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"}, +{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"}, +{ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"}, +{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), "STORE_list_private_key_end"}, +{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"}, +{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"}, +{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), "STORE_list_private_key_start"}, +{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), "STORE_list_public_key_end"}, +{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), "STORE_list_public_key_endp"}, +{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), "STORE_list_public_key_next"}, +{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"}, +{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"}, +{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"}, +{ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"}, +{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"}, +{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"}, +{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"}, +{ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"}, +{ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"}, +{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"}, +{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"}, +{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"}, +{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"}, +{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"}, +{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"}, +{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"}, +{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"}, +{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"}, +{ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"}, +{ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"}, +{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"}, +{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"}, +{0,NULL} + }; + +static ERR_STRING_DATA STORE_str_reasons[]= + { +{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"}, +{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"}, +{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"}, +{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"}, +{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"}, +{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"}, +{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"}, +{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"}, +{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"}, +{ERR_REASON(STORE_R_FAILED_GETTING_KEY) ,"failed getting key"}, +{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"}, +{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"}, +{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"}, +{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"}, +{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"}, +{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"}, +{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"}, +{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"}, +{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"}, +{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"}, +{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"}, +{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"}, +{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"}, +{ERR_REASON(STORE_R_FAILED_STORING_KEY) ,"failed storing key"}, +{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"}, +{ERR_REASON(STORE_R_NOT_IMPLEMENTED) ,"not implemented"}, +{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"}, +{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"}, +{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"}, +{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"}, +{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"}, +{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"}, +{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"}, +{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"}, +{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"}, +{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"}, +{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"}, +{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"}, +{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"}, +{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"}, +{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"}, +{ERR_REASON(STORE_R_NO_STORE) ,"no store"}, +{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"}, +{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"}, +{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"}, +{ERR_REASON(STORE_R_NO_VALUE) ,"no value"}, +{0,NULL} + }; + +#endif + +void ERR_load_STORE_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(0,STORE_str_functs); + ERR_load_strings(0,STORE_str_reasons); +#endif + + } + } diff --git a/crypto/openssl/crypto/store/str_lib.c b/crypto/openssl/crypto/store/str_lib.c new file mode 100644 index 0000000..c0ad763 --- /dev/null +++ b/crypto/openssl/crypto/store/str_lib.c @@ -0,0 +1,1824 @@ +/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include +#include +#include "str_locl.h" + +const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = + { + 0, + "X.509 Certificate", + "X.509 CRL", + "Private Key", + "Public Key", + "Number", + "Arbitrary Data" + }; + +const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = + { + 0, + sizeof(int), /* EVP_TYPE */ + sizeof(size_t), /* BITS */ + -1, /* KEY_PARAMETERS */ + 0 /* KEY_NO_PARAMETERS */ + }; + +const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = + { + 0, + -1, /* FRIENDLYNAME: C string */ + SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ + sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ + sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ + sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ + SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ + -1, /* EMAIL: C string */ + -1, /* FILENAME: C string */ + }; + +STORE *STORE_new_method(const STORE_METHOD *method) + { + STORE *ret; + + if (method == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->meth=method; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); + if (ret->meth->init && !ret->meth->init(ret)) + { + STORE_free(ret); + ret = NULL; + } + return ret; + } + +STORE *STORE_new_engine(ENGINE *engine) + { + STORE *ret = NULL; + ENGINE *e = engine; + const STORE_METHOD *meth = 0; + +#ifdef OPENSSL_NO_ENGINE + e = NULL; +#else + if (engine) + { + if (!ENGINE_init(engine)) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); + return NULL; + } + e = engine; + } + else + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if(e) + { + meth = ENGINE_get_STORE(e); + if(!meth) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, + ERR_R_ENGINE_LIB); + ENGINE_finish(e); + return NULL; + } + } +#endif + + ret = STORE_new_method(meth); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB); + return NULL; + } + + ret->engine = e; + + return(ret); + } + +void STORE_free(STORE *store) + { + if (store == NULL) + return; + if (store->meth->clean) + store->meth->clean(store); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); + OPENSSL_free(store); + } + +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)) + { + if (store == NULL) + { + STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (store->meth->ctrl) + return store->meth->ctrl(store, cmd, i, p, f); + STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION); + return 0; + } + + +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, + new_func, dup_func, free_func); + } + +int STORE_set_ex_data(STORE *r, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +void *STORE_get_ex_data(STORE *r, int idx) + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + +const STORE_METHOD *STORE_get_method(STORE *store) + { + return store->meth; + } + +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) + { + store->meth=meth; + return store->meth; + } + + +/* API helpers */ + +#define check_store(s,fncode,fnname,fnerrcode) \ + do \ + { \ + if ((s) == NULL || (s)->meth) \ + { \ + STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ + return 0; \ + } \ + if ((s)->meth->fnname == NULL) \ + { \ + STOREerr((fncode), (fnerrcode)); \ + return 0; \ + } \ + } \ + while(0) + +/* API functions */ + +X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_GET_CERTIFICATE, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_GET_CERTIFICATE, + STORE_R_FAILED_GETTING_CERTIFICATE); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + int i; + + check_store(s,STORE_F_STORE_CERTIFICATE, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + object = STORE_OBJECT_new(); + if (!object) + { + STOREerr(STORE_F_STORE_STORE_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + object->data.x509.certificate = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + object, attributes, parameters); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_STORE_CERTIFICATE, + STORE_R_FAILED_STORING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, + STORE_R_FAILED_MODIFYING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters)) + { + STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, + STORE_R_FAILED_REVOKING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters)) + { + STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, + STORE_R_FAILED_DELETING_CERTIFICATE); + return 0; + } + return 1; + } + +void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, + STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return handle; + } + +X509 *STORE_list_certificate_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int STORE_list_certificate_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +int STORE_list_certificate_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GENERATE_KEY, + generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); + if (!object || !object->data.key) + { + STOREerr(STORE_F_STORE_GENERATE_KEY, + STORE_R_FAILED_GENERATING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + int i; + + check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + object = STORE_OBJECT_new(); + if (!object) + { + STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, + attributes, parameters); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, + STORE_R_FAILED_MODIFYING_PRIVATE_KEY); + return 0; + } + return 1; + } + +int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters)) + { + STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_private_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_private_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + int i; + + check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + object = STORE_OBJECT_new(); + if (!object) + { + STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, + attributes, parameters); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, + STORE_R_FAILED_MODIFYING_PUBLIC_KEY); + return 0; + } + return 1; + } + +int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters)) + { + STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_public_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_public_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_GENERATE_CRL, + generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_GENERATE_CRL, + STORE_R_FAILED_GENERATING_CRL); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_GET_CRL, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_GET_CRL, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + int i; + + check_store(s,STORE_F_STORE_STORE_CRL, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + object = STORE_OBJECT_new(); + if (!object) + { + STOREerr(STORE_F_STORE_STORE_CRL, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + object->data.crl = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, + attributes, parameters); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_STORE_CRL, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_CRL, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_CRL, + STORE_R_FAILED_MODIFYING_CRL); + return 0; + } + return 1; + } + +int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_DELETE_CRL, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters)) + { + STOREerr(STORE_F_STORE_DELETE_CRL, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CRL_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CRL_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +X509_CRL *STORE_list_crl_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_LIST_CRL_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_LIST_CRL_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +int STORE_list_crl_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CRL_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CRL_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_crl_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CRL_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CRL_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + int i; + + check_store(s,STORE_F_STORE_STORE_NUMBER, + store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); + + object = STORE_OBJECT_new(); + if (!object) + { + STOREerr(STORE_F_STORE_STORE_NUMBER, + ERR_R_MALLOC_FAILURE); + return 0; + } + + object->data.number = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, + attributes, parameters); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_STORE_NUMBER, + STORE_R_FAILED_STORING_NUMBER); + return 0; + } + return 1; + } + +int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_NUMBER, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_NUMBER, + STORE_R_FAILED_MODIFYING_NUMBER); + return 0; + } + return 1; + } + +BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + BIGNUM *n; + + check_store(s,STORE_F_STORE_GET_NUMBER, + get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, + parameters); + if (!object || !object->data.number) + { + STOREerr(STORE_F_STORE_GET_NUMBER, + STORE_R_FAILED_GETTING_NUMBER); + return 0; + } + n = object->data.number; + object->data.number = NULL; + STORE_OBJECT_free(object); + return n; + } + +int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_DELETE_NUMBER, + delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, + parameters)) + { + STOREerr(STORE_F_STORE_DELETE_NUMBER, + STORE_R_FAILED_DELETING_NUMBER); + return 0; + } + return 1; + } + +int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + int i; + + check_store(s,STORE_F_STORE_STORE_ARBITRARY, + store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); + + object = STORE_OBJECT_new(); + if (!object) + { + STOREerr(STORE_F_STORE_STORE_ARBITRARY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + object->data.arbitrary = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, + attributes, parameters); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_STORE_ARBITRARY, + STORE_R_FAILED_STORING_ARBITRARY); + return 0; + } + return 1; + } + +int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_ARBITRARY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, + STORE_R_FAILED_MODIFYING_ARBITRARY); + return 0; + } + return 1; + } + +BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STORE_OBJECT *object; + BUF_MEM *b; + + check_store(s,STORE_F_STORE_GET_ARBITRARY, + get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, + attributes, parameters); + if (!object || !object->data.arbitrary) + { + STOREerr(STORE_F_STORE_GET_ARBITRARY, + STORE_R_FAILED_GETTING_ARBITRARY); + return 0; + } + b = object->data.arbitrary; + object->data.arbitrary = NULL; + STORE_OBJECT_free(object); + return b; + } + +int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_DELETE_ARBITRARY, + delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, + parameters)) + { + STOREerr(STORE_F_STORE_DELETE_ARBITRARY, + STORE_R_FAILED_DELETING_ARBITRARY); + return 0; + } + return 1; + } + +STORE_OBJECT *STORE_OBJECT_new(void) + { + STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); + if (object) memset(object, 0, sizeof(STORE_OBJECT)); + return object; + } +void STORE_OBJECT_free(STORE_OBJECT *data) + { + if (!data) return; + switch (data->type) + { + case STORE_OBJECT_TYPE_X509_CERTIFICATE: + X509_free(data->data.x509.certificate); + break; + case STORE_OBJECT_TYPE_X509_CRL: + X509_CRL_free(data->data.crl); + break; + case STORE_OBJECT_TYPE_PRIVATE_KEY: + case STORE_OBJECT_TYPE_PUBLIC_KEY: + EVP_PKEY_free(data->data.key); + break; + case STORE_OBJECT_TYPE_NUMBER: + BN_free(data->data.number); + break; + case STORE_OBJECT_TYPE_ARBITRARY: + BUF_MEM_free(data->data.arbitrary); + break; + } + OPENSSL_free(data); + } + +IMPLEMENT_STACK_OF(STORE_OBJECT*) + + +struct STORE_attr_info_st + { + unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; + union + { + char *cstring; + unsigned char *sha1string; + X509_NAME *dn; + BIGNUM *number; + void *any; + } values[STORE_ATTR_TYPE_NUM+1]; + size_t value_sizes[STORE_ATTR_TYPE_NUM+1]; + }; + +#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ + && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) +#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) +#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) + +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) + { + return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); + } +static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code) + { + if (ATTR_IS_SET(attrs,code)) + { + switch(code) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + STORE_ATTR_INFO_modify_dn(attrs, code, NULL); + break; + case STORE_ATTR_SERIAL: + STORE_ATTR_INFO_modify_number(attrs, code, NULL); + break; + default: + break; + } + } + } +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs) + { + if (attrs) + { + STORE_ATTR_TYPES i; + for(i = 0; i++ < STORE_ATTR_TYPE_NUM;) + STORE_ATTR_INFO_attr_free(attrs, i); + OPENSSL_free(attrs); + } + return 1; + } +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].cstring; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, + STORE_R_NO_VALUE); + return NULL; + } +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].sha1string; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, + STORE_R_NO_VALUE); + return NULL; + } +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].dn; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, + STORE_R_NO_VALUE); + return NULL; + } +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].number; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, + STORE_R_NO_VALUE); + return NULL; + } +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].sha1string = + (unsigned char *)BUF_memdup(sha1str, + sha1str_size))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].dn = X509_NAME_dup(dn))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].number = BN_dup(number))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].cstring); + attrs->values[code].cstring = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); + } +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].sha1string); + attrs->values[code].sha1string = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); + } +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].dn); + attrs->values[code].dn = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_dn(attrs, code, dn); + } +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].number); + attrs->values[code].number = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_number(attrs, code, number); + } + +struct attr_list_ctx_st + { + OPENSSL_ITEM *attributes; + }; +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) + { + if (attributes) + { + struct attr_list_ctx_st *context = + (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); + if (context) + context->attributes = attributes; + else + STOREerr(STORE_F_STORE_PARSE_ATTRS_START, + ERR_R_MALLOC_FAILURE); + return context; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { + STORE_ATTR_INFO *attrs = NULL; + + while(context->attributes + && context->attributes->code != STORE_ATTR_OR + && context->attributes->code != STORE_ATTR_END) + { + switch(context->attributes->code) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_set_cstr(attrs, + context->attributes->code, + context->attributes->value, + context->attributes->value_size); + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_set_sha1str(attrs, + context->attributes->code, + context->attributes->value, + context->attributes->value_size); + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_modify_dn(attrs, + context->attributes->code, + context->attributes->value); + break; + case STORE_ATTR_SERIAL: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_modify_number(attrs, + context->attributes->code, + context->attributes->value); + break; + } + context->attributes++; + } + if (context->attributes->code == STORE_ATTR_OR) + context->attributes++; + return attrs; + err: + while(context->attributes + && context->attributes->code != STORE_ATTR_OR + && context->attributes->code != STORE_ATTR_END) + context->attributes++; + if (context->attributes->code == STORE_ATTR_OR) + context->attributes++; + return NULL; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } +int STORE_parse_attrs_end(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { +#if 0 + OPENSSL_ITEM *attributes = context->attributes; +#endif + OPENSSL_free(context); + return 1; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + +int STORE_parse_attrs_endp(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { + return context->attributes->code == STORE_ATTR_END; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + +static int attr_info_compare_compute_range( + unsigned char *abits, unsigned char *bbits, + unsigned int *alowp, unsigned int *ahighp, + unsigned int *blowp, unsigned int *bhighp) + { + unsigned int alow = (unsigned int)-1, ahigh = 0; + unsigned int blow = (unsigned int)-1, bhigh = 0; + int i, res = 0; + + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (res == 0) + { + if (*abits < *bbits) res = -1; + if (*abits > *bbits) res = 1; + } + if (*abits) + { + if (alow == (unsigned int)-1) + { + alow = i * 8; + if (!(*abits & 0x01)) alow++; + if (!(*abits & 0x02)) alow++; + if (!(*abits & 0x04)) alow++; + if (!(*abits & 0x08)) alow++; + if (!(*abits & 0x10)) alow++; + if (!(*abits & 0x20)) alow++; + if (!(*abits & 0x40)) alow++; + } + ahigh = i * 8 + 7; + if (!(*abits & 0x80)) ahigh++; + if (!(*abits & 0x40)) ahigh++; + if (!(*abits & 0x20)) ahigh++; + if (!(*abits & 0x10)) ahigh++; + if (!(*abits & 0x08)) ahigh++; + if (!(*abits & 0x04)) ahigh++; + if (!(*abits & 0x02)) ahigh++; + } + if (*bbits) + { + if (blow == (unsigned int)-1) + { + blow = i * 8; + if (!(*bbits & 0x01)) blow++; + if (!(*bbits & 0x02)) blow++; + if (!(*bbits & 0x04)) blow++; + if (!(*bbits & 0x08)) blow++; + if (!(*bbits & 0x10)) blow++; + if (!(*bbits & 0x20)) blow++; + if (!(*bbits & 0x40)) blow++; + } + bhigh = i * 8 + 7; + if (!(*bbits & 0x80)) bhigh++; + if (!(*bbits & 0x40)) bhigh++; + if (!(*bbits & 0x20)) bhigh++; + if (!(*bbits & 0x10)) bhigh++; + if (!(*bbits & 0x08)) bhigh++; + if (!(*bbits & 0x04)) bhigh++; + if (!(*bbits & 0x02)) bhigh++; + } + } + if (ahigh + alow < bhigh + blow) res = -1; + if (ahigh + alow > bhigh + blow) res = 1; + if (alowp) *alowp = alow; + if (ahighp) *ahighp = ahigh; + if (blowp) *blowp = blow; + if (bhighp) *bhighp = bhigh; + return res; + } + +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + if (a == b) return 0; + if (!a) return -1; + if (!b) return 1; + return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); + } +int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned int alow, ahigh, blow, bhigh; + + if (a == b) return 1; + if (!a) return 0; + if (!b) return 0; + attr_info_compare_compute_range(a->set, b->set, + &alow, &ahigh, &blow, &bhigh); + if (alow >= blow && ahigh <= bhigh) + return 1; + return 0; + } +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned char *abits, *bbits; + int i; + + if (a == b) return 1; + if (!a) return 0; + if (!b) return 0; + abits = a->set; + bbits = b->set; + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (*abits && (*bbits & *abits) != *abits) + return 0; + } + return 1; + } +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + STORE_ATTR_TYPES i; + + if (a == b) return 1; + if (!STORE_ATTR_INFO_in(a, b)) return 0; + for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) + if (ATTR_IS_SET(a, i)) + { + switch(i) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + if (strcmp(a->values[i].cstring, + b->values[i].cstring)) + return 0; + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + if (memcmp(a->values[i].sha1string, + b->values[i].sha1string, + a->value_sizes[i])) + return 0; + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + if (X509_NAME_cmp(a->values[i].dn, + b->values[i].dn)) + return 0; + break; + case STORE_ATTR_SERIAL: + if (BN_cmp(a->values[i].number, + b->values[i].number)) + return 0; + break; + default: + break; + } + } + + return 1; + } diff --git a/crypto/openssl/crypto/store/str_locl.h b/crypto/openssl/crypto/store/str_locl.h new file mode 100644 index 0000000..3f8cb75 --- /dev/null +++ b/crypto/openssl/crypto/store/str_locl.h @@ -0,0 +1,124 @@ +/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_LOCL_H +#define HEADER_STORE_LOCL_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct store_method_st + { + char *name; + + /* All the functions return a positive integer or non-NULL for success + and 0, a negative integer or NULL for failure */ + + /* Initialise the STORE with private data */ + STORE_INITIALISE_FUNC_PTR init; + /* Initialise the STORE with private data */ + STORE_CLEANUP_FUNC_PTR clean; + /* Generate an object of a given type */ + STORE_GENERATE_OBJECT_FUNC_PTR generate_object; + /* Get an object of a given type. This function isn't really very + useful since the listing functions (below) can be used for the + same purpose and are much more general. */ + STORE_GET_OBJECT_FUNC_PTR get_object; + /* Store an object of a given type. */ + STORE_STORE_OBJECT_FUNC_PTR store_object; + /* Modify the attributes bound to an object of a given type. */ + STORE_MODIFY_OBJECT_FUNC_PTR modify_object; + /* Revoke an object of a given type. */ + STORE_HANDLE_OBJECT_FUNC_PTR revoke_object; + /* Delete an object of a given type. */ + STORE_HANDLE_OBJECT_FUNC_PTR delete_object; + /* List a bunch of objects of a given type and with the associated + attributes. */ + STORE_START_OBJECT_FUNC_PTR list_object_start; + STORE_NEXT_OBJECT_FUNC_PTR list_object_next; + STORE_END_OBJECT_FUNC_PTR list_object_end; + STORE_END_OBJECT_FUNC_PTR list_object_endp; + /* Store-level function to make any necessary update operations. */ + STORE_GENERIC_FUNC_PTR update_store; + /* Store-level function to get exclusive access to the store. */ + STORE_GENERIC_FUNC_PTR lock_store; + /* Store-level function to release exclusive access to the store. */ + STORE_GENERIC_FUNC_PTR unlock_store; + + /* Generic control function */ + STORE_CTRL_FUNC_PTR ctrl; + }; + +struct store_st + { + const STORE_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + + CRYPTO_EX_DATA ex_data; + int references; + }; +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/openssl/crypto/store/str_mem.c b/crypto/openssl/crypto/store/str_mem.c new file mode 100644 index 0000000..527757ae --- /dev/null +++ b/crypto/openssl/crypto/store/str_mem.c @@ -0,0 +1,357 @@ +/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "str_locl.h" + +/* The memory store is currently highly experimental. It's meant to become + a base store used by other stores for internal caching (for full caching + support, aging needs to be added). + + The database use is meant to support as much attribute association as + possible, while providing for as small search ranges as possible. + This is currently provided for by sorting the entries by numbers that + are composed of bits set at the positions indicated by attribute type + codes. This provides for ranges determined by the highest attribute + type code value. A better idea might be to sort by values computed + from the range of attributes associated with the object (basically, + the difference between the highest and lowest attribute type code) + and it's distance from a base (basically, the lowest associated + attribute type code). +*/ + +struct mem_object_data_st + { + STORE_OBJECT *object; + STORE_ATTR_INFO *attr_info; + int references; + }; + +struct mem_data_st + { + STACK *data; /* A stack of mem_object_data_st, + sorted with STORE_ATTR_INFO_compare(). */ + unsigned int compute_components : 1; /* Currently unused, but can + be used to add attributes + from parts of the data. */ + }; + +struct mem_ctx_st + { + int type; /* The type we're searching for */ + STACK *search_attributes; /* Sets of attributes to search for. + Each element is a STORE_ATTR_INFO. */ + int search_index; /* which of the search attributes we found a match + for, -1 when we still haven't found any */ + int index; /* -1 as long as we're searching for the first */ + }; + +static int mem_init(STORE *s); +static void mem_clean(STORE *s); +static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +static int mem_store(STORE *s, STORE_OBJECT_TYPES type, + STORE_OBJECT *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], + OPENSSL_ITEM parameters[]); +static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +static STORE_OBJECT *mem_list_next(STORE *s, void *handle); +static int mem_list_end(STORE *s, void *handle); +static int mem_list_endp(STORE *s, void *handle); +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)); + +static STORE_METHOD store_memory = + { + "OpenSSL memory store interface", + mem_init, + mem_clean, + mem_generate, + mem_get, + mem_store, + mem_modify, + NULL, /* revoke */ + mem_delete, + mem_list_start, + mem_list_next, + mem_list_end, + mem_list_endp, + NULL, /* update */ + mem_lock, + mem_unlock, + mem_ctrl + }; + +const STORE_METHOD *STORE_Memory(void) + { + return &store_memory; + } + +static int mem_init(STORE *s) + { + return 1; + } + +static void mem_clean(STORE *s) + { + return; + } + +static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) + { + STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) + { + void *context = mem_list_start(s, type, attributes, parameters); + + if (context) + { + STORE_OBJECT *object = mem_list_next(s, context); + + if (mem_list_end(s, context)) + return object; + } + return NULL; + } +static int mem_store(STORE *s, STORE_OBJECT_TYPES type, + STORE_OBJECT *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], + OPENSSL_ITEM parameters[]) + { + STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) + { + STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); + return 0; + } + +/* The list functions may be the hardest to understand. Basically, + mem_list_start compiles a stack of attribute info elements, and + puts that stack into the context to be returned. mem_list_next + will then find the first matching element in the store, and then + walk all the way to the end of the store (since any combination + of attribute bits above the starting point may match the searched + for bit pattern...). */ +static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) + { + struct mem_ctx_st *context = + (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); + void *attribute_context = NULL; + STORE_ATTR_INFO *attrs = NULL; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); + return 0; + } + memset(context, 0, sizeof(struct mem_ctx_st)); + + attribute_context = STORE_parse_attrs_start(attributes); + if (!attribute_context) + { + STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); + goto err; + } + + while((attrs = STORE_parse_attrs_next(attribute_context))) + { + if (context->search_attributes == NULL) + { + context->search_attributes = + sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); + if (!context->search_attributes) + { + STOREerr(STORE_F_MEM_LIST_START, + ERR_R_MALLOC_FAILURE); + goto err; + } + } + sk_push(context->search_attributes,(char *)attrs); + } + if (!STORE_parse_attrs_endp(attribute_context)) + goto err; + STORE_parse_attrs_end(attribute_context); + context->search_index = -1; + context->index = -1; + return context; + err: + if (attribute_context) STORE_parse_attrs_end(attribute_context); + mem_list_end(s, context); + return NULL; + } +static STORE_OBJECT *mem_list_next(STORE *s, void *handle) + { + int i; + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + struct mem_object_data_st key = { 0, 0, 1 }; + struct mem_data_st *store = + (struct mem_data_st *)STORE_get_ex_data(s, 1); + int srch; + int cres = 0; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (!store) + { + STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); + return NULL; + } + + if (context->search_index == -1) + { + for (i = 0; i < sk_num(context->search_attributes); i++) + { + key.attr_info = + (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); + srch = sk_find_ex(store->data, (char *)&key); + + if (srch >= 0) + { + context->search_index = srch; + break; + } + } + } + if (context->search_index < 0) + return NULL; + + key.attr_info = + (STORE_ATTR_INFO *)sk_value(context->search_attributes, + context->search_index); + for(srch = context->search_index; + srch < sk_num(store->data) + && STORE_ATTR_INFO_in_range(key.attr_info, + (STORE_ATTR_INFO *)sk_value(store->data, srch)) + && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, + (STORE_ATTR_INFO *)sk_value(store->data, srch))); + srch++) + ; + + context->search_index = srch; + if (cres) + return ((struct mem_object_data_st *)sk_value(store->data, + srch))->object; + return NULL; + } +static int mem_list_end(STORE *s, void *handle) + { + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (context && context->search_attributes) + sk_free(context->search_attributes); + if (context) OPENSSL_free(context); + return 1; + } +static int mem_list_endp(STORE *s, void *handle) + { + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + + if (!context + || context->search_index == sk_num(context->search_attributes)) + return 1; + return 0; + } +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + return 1; + } +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) + { + return 1; + } +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)) + { + return 1; + } diff --git a/crypto/openssl/crypto/store/str_meth.c b/crypto/openssl/crypto/store/str_meth.c new file mode 100644 index 0000000..a46de03 --- /dev/null +++ b/crypto/openssl/crypto/store/str_meth.c @@ -0,0 +1,250 @@ +/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "str_locl.h" + +STORE_METHOD *STORE_create_method(char *name) + { + STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); + + if (store_method) + { + memset(store_method, 0, sizeof(*store_method)); + store_method->name = BUF_strdup(name); + } + return store_method; + } + +/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method + (that is, it hasn't been allocated using STORE_create_method(), you deserve + anything Murphy can throw at you and more! You have been warned. */ +void STORE_destroy_method(STORE_METHOD *store_method) + { + if (!store_method) return; + OPENSSL_free(store_method->name); + store_method->name = NULL; + OPENSSL_free(store_method); + } + +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f) + { + sm->init = init_f; + return 1; + } + +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f) + { + sm->clean = clean_f; + return 1; + } + +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) + { + sm->generate_object = generate_f; + return 1; + } + +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f) + { + sm->get_object = get_f; + return 1; + } + +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f) + { + sm->store_object = store_f; + return 1; + } + +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f) + { + sm->modify_object = modify_f; + return 1; + } + +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) + { + sm->revoke_object = revoke_f; + return 1; + } + +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f) + { + sm->delete_object = delete_f; + return 1; + } + +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f) + { + sm->list_object_start = list_start_f; + return 1; + } + +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f) + { + sm->list_object_next = list_next_f; + return 1; + } + +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f) + { + sm->list_object_end = list_end_f; + return 1; + } + +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) + { + sm->update_store = update_f; + return 1; + } + +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) + { + sm->lock_store = lock_f; + return 1; + } + +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) + { + sm->unlock_store = unlock_f; + return 1; + } + +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) + { + sm->ctrl = ctrl_f; + return 1; + } + +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm) + { + return sm->init; + } + +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm) + { + return sm->clean; + } + +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) + { + return sm->generate_object; + } + +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm) + { + return sm->get_object; + } + +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) + { + return sm->store_object; + } + +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm) + { + return sm->modify_object; + } + +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) + { + return sm->revoke_object; + } + +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm) + { + return sm->delete_object; + } + +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm) + { + return sm->list_object_start; + } + +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm) + { + return sm->list_object_next; + } + +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) + { + return sm->list_object_end; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm) + { + return sm->update_store; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm) + { + return sm->lock_store; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm) + { + return sm->unlock_store; + } + +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm) + { + return sm->ctrl; + } + diff --git a/crypto/openssl/crypto/symhacks.h b/crypto/openssl/crypto/symhacks.h index 774162f..7e3602d 100644 --- a/crypto/openssl/crypto/symhacks.h +++ b/crypto/openssl/crypto/symhacks.h @@ -127,6 +127,12 @@ /* Hack some long X509 names */ #undef X509_REVOKED_get_ext_by_critical #define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +#undef X509_policy_tree_get0_user_policies +#define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies +#undef X509_policy_node_get0_qualifiers +#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers +#undef X509_STORE_CTX_get_explicit_policy +#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy /* Hack some long CRYPTO names */ #undef CRYPTO_set_dynlock_destroy_callback @@ -153,16 +159,16 @@ #define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx #undef SSL_add_file_cert_subjects_to_stack #define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk -#if 0 /* This function is not defined i VMS. */ #undef SSL_add_dir_cert_subjects_to_stack #define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk -#endif #undef SSL_CTX_use_certificate_chain_file #define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file #undef SSL_CTX_set_cert_verify_callback #define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb #undef SSL_CTX_set_default_passwd_cb_userdata #define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +#undef SSL_COMP_get_compression_methods +#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt @@ -195,6 +201,12 @@ #define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf /* Hack some long EC names */ +#undef EC_GROUP_set_point_conversion_form +#define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form +#undef EC_GROUP_get_point_conversion_form +#define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +#undef EC_GROUP_clear_free_all_extra_data +#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data #undef EC_POINT_set_Jprojective_coordinates_GFp #define EC_POINT_set_Jprojective_coordinates_GFp \ EC_POINT_set_Jproj_coords_GFp @@ -207,6 +219,32 @@ #define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp #undef EC_POINT_set_compressed_coordinates_GFp #define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp +#undef EC_POINT_set_affine_coordinates_GF2m +#define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m +#undef EC_POINT_get_affine_coordinates_GF2m +#define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m +#undef EC_POINT_set_compressed_coordinates_GF2m +#define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m +#undef ec_GF2m_simple_group_clear_finish +#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +#undef ec_GF2m_simple_group_check_discriminant +#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim +#undef ec_GF2m_simple_point_clear_finish +#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +#undef ec_GF2m_simple_point_set_to_infinity +#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +#undef ec_GF2m_simple_points_make_affine +#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +#undef ec_GF2m_simple_point_set_affine_coordinates +#define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +#undef ec_GF2m_simple_point_get_affine_coordinates +#define ec_GF2m_simple_point_get_affine_coordinates \ + ec_GF2m_smp_pt_get_af_coords +#undef ec_GF2m_simple_set_compressed_coordinates +#define ec_GF2m_simple_set_compressed_coordinates \ + ec_GF2m_smp_set_compr_coords #undef ec_GFp_simple_group_set_curve_GFp #define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp #undef ec_GFp_simple_group_get_curve_GFp @@ -242,6 +280,67 @@ #undef ec_GFp_simple_set_compressed_coordinates_GFp #define ec_GFp_simple_set_compressed_coordinates_GFp \ ec_GFp_smp_set_compr_coords_GFp +#undef ec_GFp_simple_point_set_affine_coordinates +#define ec_GFp_simple_point_set_affine_coordinates \ + ec_GFp_smp_pt_set_af_coords +#undef ec_GFp_simple_point_get_affine_coordinates +#define ec_GFp_simple_point_get_affine_coordinates \ + ec_GFp_smp_pt_get_af_coords +#undef ec_GFp_simple_set_compressed_coordinates +#define ec_GFp_simple_set_compressed_coordinates \ + ec_GFp_smp_set_compr_coords +#undef ec_GFp_simple_group_check_discriminant +#define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim + +/* Hack som long STORE names */ +#undef STORE_method_set_initialise_function +#define STORE_method_set_initialise_function STORE_meth_set_initialise_fn +#undef STORE_method_set_cleanup_function +#define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn +#undef STORE_method_set_generate_function +#define STORE_method_set_generate_function STORE_meth_set_generate_fn +#undef STORE_method_set_modify_function +#define STORE_method_set_modify_function STORE_meth_set_modify_fn +#undef STORE_method_set_revoke_function +#define STORE_method_set_revoke_function STORE_meth_set_revoke_fn +#undef STORE_method_set_delete_function +#define STORE_method_set_delete_function STORE_meth_set_delete_fn +#undef STORE_method_set_list_start_function +#define STORE_method_set_list_start_function STORE_meth_set_list_start_fn +#undef STORE_method_set_list_next_function +#define STORE_method_set_list_next_function STORE_meth_set_list_next_fn +#undef STORE_method_set_list_end_function +#define STORE_method_set_list_end_function STORE_meth_set_list_end_fn +#undef STORE_method_set_update_store_function +#define STORE_method_set_update_store_function STORE_meth_set_update_store_fn +#undef STORE_method_set_lock_store_function +#define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn +#undef STORE_method_set_unlock_store_function +#define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn +#undef STORE_method_get_initialise_function +#define STORE_method_get_initialise_function STORE_meth_get_initialise_fn +#undef STORE_method_get_cleanup_function +#define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn +#undef STORE_method_get_generate_function +#define STORE_method_get_generate_function STORE_meth_get_generate_fn +#undef STORE_method_get_modify_function +#define STORE_method_get_modify_function STORE_meth_get_modify_fn +#undef STORE_method_get_revoke_function +#define STORE_method_get_revoke_function STORE_meth_get_revoke_fn +#undef STORE_method_get_delete_function +#define STORE_method_get_delete_function STORE_meth_get_delete_fn +#undef STORE_method_get_list_start_function +#define STORE_method_get_list_start_function STORE_meth_get_list_start_fn +#undef STORE_method_get_list_next_function +#define STORE_method_get_list_next_function STORE_meth_get_list_next_fn +#undef STORE_method_get_list_end_function +#define STORE_method_get_list_end_function STORE_meth_get_list_end_fn +#undef STORE_method_get_update_store_function +#define STORE_method_get_update_store_function STORE_meth_get_update_store_fn +#undef STORE_method_get_lock_store_function +#define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn +#undef STORE_method_get_unlock_store_function +#define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn #endif /* defined OPENSSL_SYS_VMS */ @@ -253,6 +352,15 @@ #undef OCSP_crlID_new #define OCSP_crlID_new OCSP_crlID2_new +#undef d2i_ECPARAMETERS +#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +#undef i2d_ECPARAMETERS +#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +#undef d2i_ECPKPARAMETERS +#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +#undef i2d_ECPKPARAMETERS +#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + /* These functions do not seem to exist! However, I'm paranoid... Original command in x509v3.h: These functions are being redefined in another directory, diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c index 7588966..f6f3df4 100644 --- a/crypto/openssl/crypto/threads/mttest.c +++ b/crypto/openssl/crypto/threads/mttest.c @@ -77,6 +77,12 @@ #ifdef PTHREADS #include #endif +#ifdef OPENSSL_SYS_NETWARE +#if !defined __int64 +# define __int64 long long +#endif +#include +#endif #include #include #include @@ -86,8 +92,18 @@ #include #include +#ifdef OPENSSL_NO_FP_API +#define APPS_WIN16 +#include "../buffer/bss_file.c" +#endif + +#ifdef OPENSSL_SYS_NETWARE +#define TEST_SERVER_CERT "/openssl/apps/server.pem" +#define TEST_CLIENT_CERT "/openssl/apps/client.pem" +#else #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" +#endif #define MAX_THREAD_NUMBER 100 @@ -100,10 +116,18 @@ void irix_locking_callback(int mode,int type,char *file,int line); void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); +void netware_locking_callback(int mode,int type,char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); +unsigned long netware_thread_id(void ); + +#if defined(OPENSSL_SYS_NETWARE) +static MPKMutex *lock_cs; +static MPKSema ThreadSem; +static long *lock_count; +#endif BIO *bio_err=NULL; BIO *bio_stdout=NULL; @@ -384,6 +408,9 @@ int ndoit(SSL_CTX *ssl_ctx[2]) SSL_free((SSL *)ctx[2]); SSL_free((SSL *)ctx[3]); } +# ifdef OPENSSL_SYS_NETWARE + MPKSemaphoreSignal(ThreadSem); +# endif return(0); } @@ -627,6 +654,9 @@ int doit(char *ctx[4]) } if ((done & S_DONE) && (done & C_DONE)) break; +# if defined(OPENSSL_SYS_NETWARE) + ThreadSwitchWithDelay(); +# endif } SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); @@ -1094,3 +1124,88 @@ unsigned long pthreads_thread_id(void) +#ifdef OPENSSL_SYS_NETWARE + +void thread_setup(void) +{ + int i; + + lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex)); + lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; ireferences,c_ctx->references); +} + +unsigned long netware_thread_id(void) +{ + unsigned long ret; + + ret=(unsigned long)GetThreadID(); + return(ret); +} +#endif /* NETWARE */ diff --git a/crypto/openssl/crypto/threads/th-lock.c b/crypto/openssl/crypto/threads/th-lock.c index a6a79b9..14aae5f 100644 --- a/crypto/openssl/crypto/threads/th-lock.c +++ b/crypto/openssl/crypto/threads/th-lock.c @@ -80,7 +80,7 @@ #include #include #include -#include +#include "../../e_os.h" #include #include #include diff --git a/crypto/openssl/crypto/tmdiff.c b/crypto/openssl/crypto/tmdiff.c index 307523e..1c6e052 100644 --- a/crypto/openssl/crypto/tmdiff.c +++ b/crypto/openssl/crypto/tmdiff.c @@ -72,7 +72,11 @@ # define TIMES #endif -#ifndef _IRIX +#ifdef OPENSSL_SYS_NETWARE +#undef TIMES +#endif + +#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE) # include #endif #ifdef TIMES @@ -94,7 +98,7 @@ #include #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include #endif @@ -106,7 +110,8 @@ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +/* # define HZ ((double)sysconf(_SC_CLK_TCK)) */ +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -120,7 +125,7 @@ # endif #endif -typedef struct ms_tm +struct ms_tm { #ifdef TIMES struct tms ms_tms; @@ -128,6 +133,8 @@ typedef struct ms_tm # ifdef OPENSSL_SYS_WIN32 HANDLE thread_id; FILETIME ms_win32; +# elif defined (OPENSSL_SYS_NETWARE) + clock_t ms_clock; # else # ifdef OPENSSL_SYS_VXWORKS unsigned long ticks; @@ -136,9 +143,9 @@ typedef struct ms_tm # endif # endif #endif - } MS_TM; + }; -char *ms_time_new(void) +MS_TM *ms_time_new(void) { MS_TM *ret; @@ -149,18 +156,17 @@ char *ms_time_new(void) #ifdef OPENSSL_SYS_WIN32 ret->thread_id=GetCurrentThread(); #endif - return((char *)ret); + return ret; } -void ms_time_free(char *a) +void ms_time_free(MS_TM *a) { if (a != NULL) OPENSSL_free(a); } -void ms_time_get(char *a) +void ms_time_get(MS_TM *tm) { - MS_TM *tm=(MS_TM *)a; #ifdef OPENSSL_SYS_WIN32 FILETIME tmpa,tmpb,tmpc; #endif @@ -170,6 +176,8 @@ void ms_time_get(char *a) #else # ifdef OPENSSL_SYS_WIN32 GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); +# elif defined (OPENSSL_SYS_NETWARE) + tm->ms_clock = clock(); # else # ifdef OPENSSL_SYS_VXWORKS tm->ticks = tickGet(); @@ -180,14 +188,13 @@ void ms_time_get(char *a) #endif } -double ms_time_diff(char *ap, char *bp) +double ms_time_diff(MS_TM *a, MS_TM *b) { - MS_TM *a=(MS_TM *)ap; - MS_TM *b=(MS_TM *)bp; double ret; #ifdef TIMES - ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + ret = HZ; + ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret; #else # ifdef OPENSSL_SYS_WIN32 { @@ -204,6 +211,8 @@ double ms_time_diff(char *ap, char *bp) lb+=b->ms_win32.dwLowDateTime; ret=((double)(lb-la))/1e7; } +# elif defined (OPENSSL_SYS_NETWARE) + ret= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); @@ -217,18 +226,20 @@ double ms_time_diff(char *ap, char *bp) return((ret < 0.0000001)?0.0000001:ret); } -int ms_time_cmp(char *ap, char *bp) +int ms_time_cmp(const MS_TM *a, const MS_TM *b) { - MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp; double d; int ret; #ifdef TIMES - d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + d = HZ; + d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d; #else # ifdef OPENSSL_SYS_WIN32 d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; +# elif defined (OPENSSL_SYS_NETWARE) + d= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS d = (b->ticks - a->ticks); diff --git a/crypto/openssl/crypto/tmdiff.h b/crypto/openssl/crypto/tmdiff.h index 41a8a1e..af5c41c 100644 --- a/crypto/openssl/crypto/tmdiff.h +++ b/crypto/openssl/crypto/tmdiff.h @@ -59,6 +59,16 @@ /* Header for dynamic hash table routines * Author - Eric Young */ +/* ... erm yeah, "dynamic hash tables" you say? + * + * And what would dynamic hash tables have to do with any of this code *now*? + * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused + * file that I doubt compiles any more. speed.c is the only thing that could + * use this (and it has nothing to do with hash tables), yet it instead has its + * own duplication of all this stuff and looks, if anything, more complete. See + * the corresponding note in apps/speed.c. + * The Bemused - Geoff + */ #ifndef HEADER_TMDIFF_H #define HEADER_TMDIFF_H @@ -67,11 +77,13 @@ extern "C" { #endif -char *ms_time_new(void ); -void ms_time_free(char *a); -void ms_time_get(char *a); -double ms_time_diff(char *start,char *end); -int ms_time_cmp(char *ap,char *bp); +typedef struct ms_tm MS_TM; + +MS_TM *ms_time_new(void ); +void ms_time_free(MS_TM *a); +void ms_time_get(MS_TM *a); +double ms_time_diff(MS_TM *start, MS_TM *end); +int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/txt_db/Makefile b/crypto/openssl/crypto/txt_db/Makefile index 15ae6ce..e6f3033 100644 --- a/crypto/openssl/crypto/txt_db/Makefile +++ b/crypto/openssl/crypto/txt_db/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/txt_db/Makefile +# OpenSSL/crypto/txt_db/Makefile # DIR= txt_db @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -51,7 +46,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -66,6 +62,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -81,6 +78,7 @@ txt_db.o: ../../e_os.h ../../include/openssl/bio.h txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c +txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +txt_db.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +txt_db.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h +txt_db.o: ../cryptlib.h txt_db.c diff --git a/crypto/openssl/crypto/txt_db/txt_db.c b/crypto/openssl/crypto/txt_db/txt_db.c index 58b300b..e9e503e 100644 --- a/crypto/openssl/crypto/txt_db/txt_db.c +++ b/crypto/openssl/crypto/txt_db/txt_db.c @@ -92,7 +92,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) goto err; if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) goto err; - if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL) + if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL) goto err; for (i=0; idata != NULL) sk_free(ret->data); - if (ret->index != NULL) OPENSSL_free(ret->index); - if (ret->qual != NULL) OPENSSL_free(ret->qual); - if (ret != NULL) OPENSSL_free(ret); + if (ret != NULL) + { + if (ret->data != NULL) sk_free(ret->data); + if (ret->index != NULL) OPENSSL_free(ret->index); + if (ret->qual != NULL) OPENSSL_free(ret->qual); + if (ret != NULL) OPENSSL_free(ret); + } return(NULL); } else @@ -210,11 +213,11 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) return(ret); } -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) { LHASH *idx; - char *r; + char **r; int i,n; if (field >= db->num_fields) @@ -230,12 +233,12 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), n=sk_num(db->data); for (i=0; idata,i); + r=(char **)sk_value(db->data,i); if ((qual != NULL) && (qual(r) == 0)) continue; if ((r=lh_insert(idx,r)) != NULL) { db->error=DB_ERROR_INDEX_CLASH; - db->arg1=sk_find(db->data,r); + db->arg1=sk_find(db->data,(char *)r); db->arg2=i; lh_free(idx); return(0); diff --git a/crypto/openssl/crypto/txt_db/txt_db.h b/crypto/openssl/crypto/txt_db/txt_db.h index 563392a..307e1ba 100644 --- a/crypto/openssl/crypto/txt_db/txt_db.h +++ b/crypto/openssl/crypto/txt_db/txt_db.h @@ -59,6 +59,7 @@ #ifndef HEADER_TXT_DB_H #define HEADER_TXT_DB_H +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -81,7 +82,7 @@ typedef struct txt_db_st int num_fields; STACK /* char ** */ *data; LHASH **index; - int (**qual)(); + int (**qual)(char **); long error; long arg1; long arg2; @@ -95,7 +96,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db); TXT_DB *TXT_DB_read(char *in, int num); long TXT_DB_write(char *out, TXT_DB *db); #endif -int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), +int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); diff --git a/crypto/openssl/crypto/ui/Makefile b/crypto/openssl/crypto/ui/Makefile index 0045931..a685659 100644 --- a/crypto/openssl/crypto/ui/Makefile +++ b/crypto/openssl/crypto/ui/Makefile @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -55,7 +50,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -70,6 +66,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -81,35 +78,34 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ui_compat.o: ../../include/openssl/opensslconf.h -ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ui_compat.o: ui_compat.c +ui_compat.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +ui_compat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/ui.h +ui_compat.o: ../../include/openssl/ui_compat.h ui_compat.c ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ui_err.o: ../../include/openssl/ui.h ui_err.c +ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ui_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ui_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_err.c ui_lib.o: ../../e_os.h ../../include/openssl/bio.h ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h +ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +ui_lib.o: ../cryptlib.h ui_lib.c ui_locl.h ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ui_openssl.o: ../../include/openssl/opensslv.h +ui_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ui_util.o: ui_util.c +ui_util.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ui_util.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ui_util.o: ../../include/openssl/ui.h ui_locl.h ui_util.c diff --git a/crypto/openssl/crypto/ui/ui.h b/crypto/openssl/crypto/ui/ui.h index 735a2d9..0182964 100644 --- a/crypto/openssl/crypto/ui/ui.h +++ b/crypto/openssl/crypto/ui/ui.h @@ -59,25 +59,19 @@ #ifndef HEADER_UI_H #define HEADER_UI_H +#ifndef OPENSSL_NO_DEPRECATED #include +#endif #include +#include #ifdef __cplusplus extern "C" { #endif -/* The UI type is a holder for a specific user interface session. It can - contain an illimited number of informational or error strings as well - as things to prompt for, both passwords (noecho mode) and others (echo - mode), and verification of the same. All of these are called strings, - and are further described below. */ -typedef struct ui_st UI; - -/* All instances of UI have a reference to a method structure, which is a - ordered vector of functions that implement the lower level things to do. - There is an instruction on the implementation further down, in the section - for method implementors. */ -typedef struct ui_method_st UI_METHOD; +/* Declared already in ossl_typ.h */ +/* typedef struct ui_st UI; */ +/* typedef struct ui_method_st UI_METHOD; */ /* All the following functions return -1 or NULL on error and in some cases @@ -217,7 +211,7 @@ int UI_process(UI *ui); /* Give a user interface parametrised control commands. This can be used to send down an integer, a data pointer or a function pointer, as well as be used to get information from a UI. */ -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); /* The commands */ /* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the diff --git a/crypto/openssl/crypto/ui/ui_err.c b/crypto/openssl/crypto/ui/ui_err.c index 39a62ae..d983cdd 100644 --- a/crypto/openssl/crypto/ui/ui_err.c +++ b/crypto/openssl/crypto/ui/ui_err.c @@ -1,6 +1,6 @@ /* crypto/ui/ui_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,32 +64,36 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) + static ERR_STRING_DATA UI_str_functs[]= { -{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0), "GENERAL_ALLOCATE_BOOLEAN"}, -{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0), "GENERAL_ALLOCATE_PROMPT"}, -{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0), "GENERAL_ALLOCATE_STRING"}, -{ERR_PACK(0,UI_F_UI_CTRL,0), "UI_ctrl"}, -{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0), "UI_dup_error_string"}, -{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"}, -{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0), "UI_dup_input_boolean"}, -{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0), "UI_dup_input_string"}, -{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0), "UI_dup_verify_string"}, -{ERR_PACK(0,UI_F_UI_GET0_RESULT,0), "UI_get0_result"}, -{ERR_PACK(0,UI_F_UI_NEW_METHOD,0), "UI_new_method"}, -{ERR_PACK(0,UI_F_UI_SET_RESULT,0), "UI_set_result"}, +{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, +{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, +{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, +{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, +{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, +{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, +{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, +{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, +{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, +{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, +{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, +{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, {0,NULL} }; static ERR_STRING_DATA UI_str_reasons[]= { -{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ,"common ok and cancel characters"}, -{UI_R_INDEX_TOO_LARGE ,"index too large"}, -{UI_R_INDEX_TOO_SMALL ,"index too small"}, -{UI_R_NO_RESULT_BUFFER ,"no result buffer"}, -{UI_R_RESULT_TOO_LARGE ,"result too large"}, -{UI_R_RESULT_TOO_SMALL ,"result too small"}, -{UI_R_UNKNOWN_CONTROL_COMMAND ,"unknown control command"}, +{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"}, +{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"}, +{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"}, +{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"}, +{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"}, +{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"}, +{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"}, {0,NULL} }; @@ -103,8 +107,8 @@ void ERR_load_UI_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_UI,UI_str_functs); - ERR_load_strings(ERR_LIB_UI,UI_str_reasons); + ERR_load_strings(0,UI_str_functs); + ERR_load_strings(0,UI_str_reasons); #endif } diff --git a/crypto/openssl/crypto/ui/ui_lib.c b/crypto/openssl/crypto/ui/ui_lib.c index dbc9711..7ab249c 100644 --- a/crypto/openssl/crypto/ui/ui_lib.c +++ b/crypto/openssl/crypto/ui/ui_lib.c @@ -57,12 +57,12 @@ */ #include +#include "cryptlib.h" #include #include #include #include #include "ui_locl.h" -#include "cryptlib.h" IMPLEMENT_STACK_OF(UI_STRING_ST) @@ -545,7 +545,7 @@ int UI_process(UI *ui) return ok; } -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()) +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)) { if (ui == NULL) { @@ -620,8 +620,10 @@ UI_METHOD *UI_create_method(char *name) UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); if (ui_method) + { memset(ui_method, 0, sizeof(*ui_method)); - ui_method->name = BUF_strdup(name); + ui_method->name = BUF_strdup(name); + } return ui_method; } diff --git a/crypto/openssl/crypto/ui/ui_locl.h b/crypto/openssl/crypto/ui/ui_locl.h index 7d3a75a..aa4a556 100644 --- a/crypto/openssl/crypto/ui/ui_locl.h +++ b/crypto/openssl/crypto/ui/ui_locl.h @@ -60,6 +60,11 @@ #define HEADER_UI_LOCL_H #include +#include + +#ifdef _ +#undef _ +#endif struct ui_method_st { diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c index 75318d4..1f23a45 100644 --- a/crypto/openssl/crypto/ui/ui_openssl.c +++ b/crypto/openssl/crypto/ui/ui_openssl.c @@ -117,6 +117,17 @@ #include +/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc + * [maybe others?], because it masks interfaces not discussed in standard, + * sigaction and fileno included. -pedantic would be more appropriate for + * the intended purposes, but we can't prevent users from adding -ansi. + */ +#define _POSIX_C_SOURCE 1 +#include +#include +#include +#include + #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) # ifdef OPENSSL_UNISTD # include OPENSSL_UNISTD @@ -145,10 +156,6 @@ /* 06-Apr-92 Luke Brennan Support for VMS */ #include "ui_locl.h" #include "cryptlib.h" -#include -#include -#include -#include #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ # include @@ -199,6 +206,12 @@ #undef SGTTY #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TERMIOS +#undef TERMIO +#undef SGTTY +#endif + #ifdef TERMIOS # include # define TTY_STRUCT struct termios @@ -247,7 +260,7 @@ struct IOSB { typedef int sig_atomic_t; #endif -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE) /* * This one needs work. As a matter of fact the code is unoperational * and this is only a trick to get it compiled. @@ -460,7 +473,7 @@ static int open_console(UI *ui) CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) tty_in=stdin; tty_out=stderr; #else @@ -476,7 +489,7 @@ static int open_console(UI *ui) #endif #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in),&tty_orig) == -1) + if (TTY_get(fileno(tty_in),&tty_orig) == -1) { #ifdef ENOTTY if (errno == ENOTTY) @@ -565,7 +578,9 @@ static int close_console(UI *ui) /* Internal functions to handle signals and act on them */ static void pushsig(void) { +#ifndef OPENSSL_SYS_WIN32 int i; +#endif #ifdef SIGACTION struct sigaction sa; @@ -573,6 +588,14 @@ static void pushsig(void) sa.sa_handler=recsig; #endif +#ifdef OPENSSL_SYS_WIN32 + savsig[SIGABRT]=signal(SIGABRT,recsig); + savsig[SIGFPE]=signal(SIGFPE,recsig); + savsig[SIGILL]=signal(SIGILL,recsig); + savsig[SIGINT]=signal(SIGINT,recsig); + savsig[SIGSEGV]=signal(SIGSEGV,recsig); + savsig[SIGTERM]=signal(SIGTERM,recsig); +#else for (i=1; i -#include +#include "ui_locl.h" int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) { diff --git a/crypto/openssl/crypto/uid.c b/crypto/openssl/crypto/uid.c index 73205a4..b1fd52b 100644 --- a/crypto/openssl/crypto/uid.c +++ b/crypto/openssl/crypto/uid.c @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int OPENSSL_issetugid(void) { diff --git a/crypto/openssl/crypto/x509/Makefile b/crypto/openssl/crypto/x509/Makefile index be61a48..ddcc312 100644 --- a/crypto/openssl/crypto/x509/Makefile +++ b/crypto/openssl/crypto/x509/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/x509/Makefile +# OpenSSL/crypto/x509/Makefile # DIR= x509 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -27,13 +22,13 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ x509type.c x509_lu.c x_all.c x509_txt.c \ - x509_trs.c by_file.c by_dir.c + x509_trs.c by_file.c by_dir.c x509_vpm.c LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ x509_obj.o x509_req.o x509spki.o x509_vfy.o \ x509_set.o x509cset.o x509rset.o x509_err.o \ x509name.o x509_v3.o x509_ext.o x509_att.o \ x509type.o x509_lu.o x_all.o x509_txt.o \ - x509_trs.o by_file.o by_dir.o + x509_trs.o by_file.o by_dir.o x509_vpm.o SRC= $(LIBSRC) @@ -53,7 +48,7 @@ lib: $(LIBOBJ) @touch lib files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @@ -61,7 +56,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -76,6 +72,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -87,506 +84,323 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -by_dir.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -by_dir.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -by_dir.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -by_dir.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -by_dir.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -by_dir.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +by_dir.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h +by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -by_dir.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_dir.o: ../cryptlib.h by_dir.c -by_file.o: ../../e_os.h ../../include/openssl/aes.h -by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -by_file.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -by_file.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h -by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c +by_file.o: ../../e_os.h ../../include/openssl/asn1.h +by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -by_file.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -by_file.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -by_file.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c -x509_att.o: ../../e_os.h ../../include/openssl/aes.h -x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h by_file.c +x509_att.o: ../../e_os.h ../../include/openssl/asn1.h +x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_att.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_att.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_att.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_att.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_att.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c -x509_cmp.o: ../../e_os.h ../../include/openssl/aes.h -x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_att.o: ../cryptlib.h x509_att.c +x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h +x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_cmp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_cmp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_cmp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c -x509_d2.o: ../../e_os.h ../../include/openssl/aes.h -x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_d2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_d2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_cmp.o: ../cryptlib.h x509_cmp.c +x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h +x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -x509_d2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c -x509_def.o: ../../e_os.h ../../include/openssl/aes.h -x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_def.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_def.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_d2.o: ../cryptlib.h x509_d2.c +x509_def.o: ../../e_os.h ../../include/openssl/asn1.h +x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_def.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_def.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_def.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_def.o: ../cryptlib.h x509_def.c -x509_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -x509_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x509_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_def.c +x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_err.o: x509_err.c -x509_ext.o: ../../e_os.h ../../include/openssl/aes.h -x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_err.o: ../../include/openssl/x509_vfy.h x509_err.c +x509_ext.o: ../../e_os.h ../../include/openssl/asn1.h +x509_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_ext.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_ext.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_ext.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c -x509_lu.o: ../../e_os.h ../../include/openssl/aes.h -x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_ext.o: ../cryptlib.h x509_ext.c +x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h +x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_lu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_lu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_lu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_lu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c -x509_obj.o: ../../e_os.h ../../include/openssl/aes.h -x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_obj.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_obj.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_lu.o: ../cryptlib.h x509_lu.c +x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h +x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_obj.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_obj.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_obj.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_obj.o: ../cryptlib.h x509_obj.c -x509_r2x.o: ../../e_os.h ../../include/openssl/aes.h -x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_r2x.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_r2x.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_obj.c +x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h +x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_r2x.o: ../../include/openssl/opensslconf.h +x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_r2x.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_r2x.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_r2x.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_r2x.o: ../cryptlib.h x509_r2x.c -x509_req.o: ../../e_os.h ../../include/openssl/aes.h -x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c +x509_req.o: ../../e_os.h ../../include/openssl/asn1.h +x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_req.o: ../../include/openssl/opensslconf.h +x509_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_req.o: ../cryptlib.h x509_req.c -x509_set.o: ../../e_os.h ../../include/openssl/aes.h -x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_set.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_req.c +x509_set.o: ../../e_os.h ../../include/openssl/asn1.h +x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_set.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_set.o: ../cryptlib.h x509_set.c -x509_trs.o: ../../e_os.h ../../include/openssl/aes.h -x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_set.c +x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h +x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_trs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_trs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_trs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_trs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_trs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c -x509_txt.o: ../../e_os.h ../../include/openssl/aes.h -x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509_txt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509_txt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_trs.o: ../cryptlib.h x509_trs.c +x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h +x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_txt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_txt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_txt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_txt.o: ../cryptlib.h x509_txt.c -x509_v3.o: ../../e_os.h ../../include/openssl/aes.h -x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_txt.c +x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h +x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_v3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_v3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c -x509_vfy.o: ../../e_os.h ../../include/openssl/aes.h -x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_v3.o: ../cryptlib.h x509_v3.c +x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h +x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c -x509cset.o: ../../e_os.h ../../include/openssl/aes.h -x509cset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509cset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509cset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509cset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509cset.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509cset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509cset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509cset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_vfy.o: ../cryptlib.h x509_vfy.c +x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h +x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_vpm.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_vpm.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_vpm.o: ../cryptlib.h x509_vpm.c +x509cset.o: ../../e_os.h ../../include/openssl/asn1.h +x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509cset.o: ../../include/openssl/opensslconf.h x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509cset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509cset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509cset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509cset.o: ../cryptlib.h x509cset.c -x509name.o: ../../e_os.h ../../include/openssl/aes.h -x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509cset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509cset.c +x509name.o: ../../e_os.h ../../include/openssl/asn1.h +x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509name.o: ../cryptlib.h x509name.c -x509rset.o: ../../e_os.h ../../include/openssl/aes.h -x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509rset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509rset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509name.c +x509rset.o: ../../e_os.h ../../include/openssl/asn1.h +x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509rset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509rset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509rset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509rset.o: ../cryptlib.h x509rset.c -x509spki.o: ../../e_os.h ../../include/openssl/aes.h -x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509rset.c +x509spki.o: ../../e_os.h ../../include/openssl/asn1.h +x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509spki.o: ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509spki.o: ../cryptlib.h x509spki.c -x509type.o: ../../e_os.h ../../include/openssl/aes.h -x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -x509type.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -x509type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509spki.c +x509type.o: ../../e_os.h ../../include/openssl/asn1.h +x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x509type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x509type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509type.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509type.o: ../cryptlib.h x509type.c -x_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -x_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -x_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -x_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_all.o: ../cryptlib.h x_all.c +x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.c +x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c index 6207340..ea689ae 100644 --- a/crypto/openssl/crypto/x509/by_dir.c +++ b/crypto/openssl/crypto/x509/by_dir.c @@ -114,7 +114,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, { int ret=0; BY_DIR *ld; - char *dir; + char *dir = NULL; ld=(BY_DIR *)ctx->method_data; @@ -123,17 +123,16 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - ret=add_cert_dir(ld,X509_get_default_cert_dir(), - X509_FILETYPE_PEM); + dir=(char *)Getenv(X509_get_default_cert_dir_env()); + if (dir) + ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); + else + ret=add_cert_dir(ld,X509_get_default_cert_dir(), + X509_FILETYPE_PEM); if (!ret) { X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); } - else - { - dir=(char *)Getenv(X509_get_default_cert_dir_env()); - ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); - } } else ret=add_cert_dir(ld,argp,(int)argl); diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c index b4b0418..a5e0d4a 100644 --- a/crypto/openssl/crypto/x509/by_file.c +++ b/crypto/openssl/crypto/x509/by_file.c @@ -150,7 +150,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); if (x == NULL) { - if ((ERR_GET_REASON(ERR_peek_error()) == + if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); @@ -217,7 +217,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); if (x == NULL) { - if ((ERR_GET_REASON(ERR_peek_error()) == + if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h index e4d5434..66990ae 100644 --- a/crypto/openssl/crypto/x509/x509.h +++ b/crypto/openssl/crypto/x509/x509.h @@ -55,10 +55,16 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_X509_H #define HEADER_X509_H +#include #include #ifndef OPENSSL_NO_BUFFER #include @@ -73,21 +79,33 @@ #include #include +#ifndef OPENSSL_NO_EC +#include +#endif + +#ifndef OPENSSL_NO_ECDSA +#include +#endif + +#ifndef OPENSSL_NO_ECDH +#include +#endif + +#ifndef OPENSSL_NO_DEPRECATED #ifndef OPENSSL_NO_RSA #include #endif - #ifndef OPENSSL_NO_DSA #include #endif - #ifndef OPENSSL_NO_DH #include #endif +#endif + #ifndef OPENSSL_NO_SHA #include #endif -#include #include #ifdef __cplusplus @@ -95,8 +113,9 @@ extern "C" { #endif #ifdef OPENSSL_SYS_WIN32 -/* Under Win32 this is defined in wincrypt.h */ +/* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME +#undef X509_CERT_PAIR #endif #define X509_FILETYPE_PEM 1 @@ -117,8 +136,8 @@ extern "C" { typedef struct X509_objects_st { int nid; - int (*a2i)(); - int (*i2a)(); + int (*a2i)(void); + int (*i2a)(void); } X509_OBJECTS; struct X509_algor_st @@ -261,12 +280,14 @@ struct x509_st CRYPTO_EX_DATA ex_data; /* These contain copies of various extension values */ long ex_pathlen; + long ex_pcpathlen; unsigned long ex_flags; unsigned long ex_kusage; unsigned long ex_xkusage; unsigned long ex_nscert; ASN1_OCTET_STRING *skid; struct AUTHORITY_KEYID_st *akid; + X509_POLICY_CACHE *policy_cache; #ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; #endif @@ -289,6 +310,11 @@ typedef struct x509_trust_st { DECLARE_STACK_OF(X509_TRUST) +typedef struct x509_cert_pair_st { + X509 *forward; + X509 *reverse; +} X509_CERT_PAIR; + /* standard trust ids */ #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ @@ -655,6 +681,17 @@ extern "C" { #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ (unsigned char *)dsa) +#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ + EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ + (unsigned char **)(ecdsa)) +#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ + (unsigned char *)ecdsa) +#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ + EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ + (unsigned char **)(ecdsa)) +#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ + (unsigned char *)ecdsa) + #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ (char *(*)())d2i_X509_ALGOR,(char *)xn) @@ -758,6 +795,12 @@ int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); #endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +#endif X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, @@ -791,6 +834,12 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); #endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +#endif X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, @@ -839,16 +888,21 @@ EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); -EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, +EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, long length); #ifndef OPENSSL_NO_RSA int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); -RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, +RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, long length); #endif #ifndef OPENSSL_NO_DSA int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); -DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, +DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, + long length); +#endif +#ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); #endif @@ -872,16 +926,19 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) +DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) + int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a,unsigned char **pp); -X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length); +X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); int X509_alias_set1(X509 *x, unsigned char *name, int len); int X509_keyid_set1(X509 *x, unsigned char *id, int len); unsigned char * X509_alias_get0(X509 *x, int *len); +unsigned char * X509_keyid_get0(X509 *x, int *len); int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); int X509_TRUST_set(int *t, int trust); int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); @@ -898,7 +955,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); X509_PKEY * X509_PKEY_new(void ); void X509_PKEY_free(X509_PKEY *a); int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); -X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); +X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length); DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) @@ -909,15 +966,15 @@ X509_INFO * X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); -int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, - ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); -int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data, - unsigned char *md,unsigned int *len); +int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, + unsigned char *md,unsigned int *len); -int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, - char *data,EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data,EVP_PKEY *pkey, const EVP_MD *type); int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, unsigned char *md,unsigned int *len); @@ -982,6 +1039,8 @@ int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); + int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1038,18 +1097,18 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len); + const char *field, int type, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type,unsigned char *bytes, + ASN1_OBJECT *obj, int type,const unsigned char *bytes, int len); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len); + const unsigned char *bytes, int len); ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); @@ -1142,6 +1201,24 @@ int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + int X509_verify_cert(X509_STORE_CTX *ctx); /* lookup a cert from a X509 STACK */ @@ -1188,18 +1265,20 @@ void ERR_load_X509_strings(void); /* Function codes. */ #define X509_F_ADD_CERT_DIR 100 #define X509_F_BY_FILE_CTRL 101 +#define X509_F_CHECK_POLICY 145 #define X509_F_DIR_CTRL 102 #define X509_F_GET_CERT_BY_SUBJECT 103 #define X509_F_NETSCAPE_SPKI_B64_DECODE 129 #define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +#define X509_F_X509AT_ADD1_ATTR 135 #define X509_F_X509V3_ADD_EXT 104 -#define X509_F_X509_ADD_ATTR 135 #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 #define X509_F_X509_CHECK_PRIVATE_KEY 128 +#define X509_F_X509_CRL_PRINT_FP 147 #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 @@ -1212,14 +1291,16 @@ void ERR_load_X509_strings(void); #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 #define X509_F_X509_NAME_ONELINE 116 #define X509_F_X509_NAME_PRINT 117 -#define X509_F_X509_PRINT_FP 118 +#define X509_F_X509_PRINT_EX_FP 118 #define X509_F_X509_PUBKEY_GET 119 #define X509_F_X509_PUBKEY_SET 120 -#define X509_F_X509_REQ_PRINT 121 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +#define X509_F_X509_REQ_PRINT_EX 121 #define X509_F_X509_REQ_PRINT_FP 122 #define X509_F_X509_REQ_TO_X509 123 #define X509_F_X509_STORE_ADD_CERT 124 #define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_STORE_CTX_GET1_ISSUER 146 #define X509_F_X509_STORE_CTX_INIT 143 #define X509_F_X509_STORE_CTX_NEW 142 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 diff --git a/crypto/openssl/crypto/x509/x509_att.c b/crypto/openssl/crypto/x509/x509_att.c index 0bae3d3..65968c4 100644 --- a/crypto/openssl/crypto/x509/x509_att.c +++ b/crypto/openssl/crypto/x509/x509_att.c @@ -125,7 +125,13 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *new_attr=NULL; STACK_OF(X509_ATTRIBUTE) *sk=NULL; - if ((x != NULL) && (*x == NULL)) + if (x == NULL) + { + X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); + goto err2; + } + + if (*x == NULL) { if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) goto err; @@ -137,11 +143,11 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, goto err2; if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) goto err; - if ((x != NULL) && (*x == NULL)) + if (*x == NULL) *x=sk; return(sk); err: - X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE); err2: if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c index f460102..0d6bc65 100644 --- a/crypto/openssl/crypto/x509/x509_cmp.c +++ b/crypto/openssl/crypto/x509/x509_cmp.c @@ -254,33 +254,49 @@ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) return 0; } +static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) + { + int j; + j = a->length - b->length; + if (j) + return j; + return memcmp(a->data, b->data, a->length); + } + +#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int i,j; X509_NAME_ENTRY *na,*nb; - if (sk_X509_NAME_ENTRY_num(a->entries) - != sk_X509_NAME_ENTRY_num(b->entries)) - return sk_X509_NAME_ENTRY_num(a->entries) - -sk_X509_NAME_ENTRY_num(b->entries); + unsigned long nabit, nbbit; + + j = sk_X509_NAME_ENTRY_num(a->entries) + - sk_X509_NAME_ENTRY_num(b->entries); + if (j) + return j; for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) { na=sk_X509_NAME_ENTRY_value(a->entries,i); nb=sk_X509_NAME_ENTRY_value(b->entries,i); j=na->value->type-nb->value->type; - if (j) return(j); - if (na->value->type == V_ASN1_PRINTABLESTRING) + if (j) + { + nabit = ASN1_tag2bit(na->value->type); + nbbit = ASN1_tag2bit(nb->value->type); + if (!(nabit & STR_TYPE_CMP) || + !(nbbit & STR_TYPE_CMP)) + return j; + j = asn1_string_memcmp(na->value, nb->value); + } + else if (na->value->type == V_ASN1_PRINTABLESTRING) j=nocase_spacenorm_cmp(na->value, nb->value); else if (na->value->type == V_ASN1_IA5STRING && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) j=nocase_cmp(na->value, nb->value); else - { - j=na->value->length-nb->value->length; - if (j) return(j); - j=memcmp(na->value->data,nb->value->data, - na->value->length); - } + j = asn1_string_memcmp(na->value, nb->value); if (j) return(j); j=na->set-nb->set; if (j) return(j); @@ -374,45 +390,36 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) int ok=0; xk=X509_get_pubkey(x); - if (xk->type != k->type) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); - goto err; - } - switch (k->type) + switch (EVP_PKEY_cmp(xk, k)) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 - || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 1: + ok=1; break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 0: + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + break; + case -1: + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); break; + case -2: +#ifndef OPENSSL_NO_EC + if (k->type == EVP_PKEY_EC) + { + X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; + } #endif #ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - /* No idea */ - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); - goto err; + if (k->type == EVP_PKEY_DH) + { + /* No idea */ + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + break; + } #endif - default: X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); - goto err; } - ok=1; -err: EVP_PKEY_free(xk); return(ok); } diff --git a/crypto/openssl/crypto/x509/x509_err.c b/crypto/openssl/crypto/x509/x509_err.c index 5bbf4ac..b7bc383 100644 --- a/crypto/openssl/crypto/x509/x509_err.c +++ b/crypto/openssl/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* crypto/x509/x509_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,77 +64,85 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) + static ERR_STRING_DATA X509_str_functs[]= { -{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, -{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, -{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, -{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, -{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"}, -{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"}, -{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, -{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"}, -{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, -{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, -{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, -{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, -{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"}, -{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, -{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, -{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, -{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, -{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"}, -{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, -{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, -{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, -{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, -{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, -{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, -{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, -{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, -{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, -{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, -{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, -{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"}, -{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"}, -{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"}, -{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, -{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"}, -{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"}, -{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, +{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, +{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, +{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, +{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, +{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, +{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, +{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, +{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, +{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, +{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, +{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, +{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, +{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, +{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, +{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, +{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, +{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, +{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, +{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, +{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, +{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, +{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, +{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, +{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, +{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, +{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, +{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, +{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, +{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, +{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, +{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, +{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, +{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, +{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, +{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, +{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, +{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, +{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, +{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, +{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, +{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, +{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, +{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, +{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, +{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, {0,NULL} }; static ERR_STRING_DATA X509_str_reasons[]= { -{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, -{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"}, -{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, -{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, -{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, -{X509_R_INVALID_DIRECTORY ,"invalid directory"}, -{X509_R_INVALID_FIELD_NAME ,"invalid field name"}, -{X509_R_INVALID_TRUST ,"invalid trust"}, -{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, -{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, -{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, -{X509_R_LOADING_DEFAULTS ,"loading defaults"}, -{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, -{X509_R_SHOULD_RETRY ,"should retry"}, -{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, -{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, -{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, -{X509_R_UNKNOWN_NID ,"unknown nid"}, -{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"}, -{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"}, -{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, -{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, -{X509_R_WRONG_TYPE ,"wrong type"}, +{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, +{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, +{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, +{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, +{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, +{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, +{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, +{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, +{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, +{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, +{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, +{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, +{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, +{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, +{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, +{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, +{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, +{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, +{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, +{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, +{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, +{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, +{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, {0,NULL} }; @@ -148,8 +156,8 @@ void ERR_load_X509_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_X509,X509_str_functs); - ERR_load_strings(ERR_LIB_X509,X509_str_reasons); + ERR_load_strings(0,X509_str_functs); + ERR_load_strings(0,X509_str_reasons); #endif } diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c index b780dae..cd2cfb6 100644 --- a/crypto/openssl/crypto/x509/x509_lu.c +++ b/crypto/openssl/crypto/x509/x509_lu.c @@ -187,10 +187,8 @@ X509_STORE *X509_STORE_new(void) ret->verify=0; ret->verify_cb=0; - ret->purpose = 0; - ret->trust = 0; - - ret->flags = 0; + if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) + return NULL; ret->get_issuer = 0; ret->check_issued = 0; @@ -202,7 +200,6 @@ X509_STORE *X509_STORE_new(void) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); ret->references=1; - ret->depth=0; return ret; } @@ -244,6 +241,8 @@ void X509_STORE_free(X509_STORE *vfy) sk_X509_OBJECT_pop_free(vfy->objs, cleanup); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); + if (vfy->param) + X509_VERIFY_PARAM_free(vfy->param); OPENSSL_free(vfy); } @@ -498,7 +497,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) if (ok == X509_LU_RETRY) { X509_OBJECT_free_contents(&obj); - X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); + X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); return -1; } else if (ok != X509_LU_FAIL) @@ -538,19 +537,30 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 0; } -void X509_STORE_set_flags(X509_STORE *ctx, long flags) +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) { - ctx->flags |= flags; + return X509_VERIFY_PARAM_set_flags(ctx->param, flags); + } + +int X509_STORE_set_depth(X509_STORE *ctx, int depth) + { + X509_VERIFY_PARAM_set_depth(ctx->param, depth); + return 1; } int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) { - return X509_PURPOSE_set(&ctx->purpose, purpose); + return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); } int X509_STORE_set_trust(X509_STORE *ctx, int trust) { - return X509_TRUST_set(&ctx->trust, trust); + return X509_VERIFY_PARAM_set_trust(ctx->param, trust); + } + +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) + { + return X509_VERIFY_PARAM_set1(ctx->param, param); } IMPLEMENT_STACK_OF(X509_LOOKUP) diff --git a/crypto/openssl/crypto/x509/x509_r2x.c b/crypto/openssl/crypto/x509/x509_r2x.c index db05103..254a146 100644 --- a/crypto/openssl/crypto/x509/x509_r2x.c +++ b/crypto/openssl/crypto/x509/x509_r2x.c @@ -89,11 +89,15 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) } xn=X509_REQ_get_subject_name(r); - X509_set_subject_name(ret,X509_NAME_dup(xn)); - X509_set_issuer_name(ret,X509_NAME_dup(xn)); + if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) + goto err; + if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) + goto err; - X509_gmtime_adj(xi->validity->notBefore,0); - X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days); + if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) + goto err; + if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) + goto err; X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); diff --git a/crypto/openssl/crypto/x509/x509_req.c b/crypto/openssl/crypto/x509/x509_req.c index 59fc6ca..ab13bcf 100644 --- a/crypto/openssl/crypto/x509/x509_req.c +++ b/crypto/openssl/crypto/x509/x509_req.c @@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) return(X509_PUBKEY_get(req->req_info->pubkey)); } +int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) + { + EVP_PKEY *xk=NULL; + int ok=0; + + xk=X509_REQ_get_pubkey(x); + switch (EVP_PKEY_cmp(xk, k)) + { + case 1: + ok=1; + break; + case 0: + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + break; + case -1: + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + break; + case -2: +#ifndef OPENSSL_NO_EC + if (k->type == EVP_PKEY_EC) + { + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; + } +#endif +#ifndef OPENSSL_NO_DH + if (k->type == EVP_PKEY_DH) + { + /* No idea */ + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + break; + } +#endif + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); + } + + EVP_PKEY_free(xk); + return(ok); + } + /* It seems several organisations had the same idea of including a list of * extensions in a certificate request. There are at least two OIDs that are * used and there may be more: so the list is configurable. @@ -147,7 +187,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) X509_ATTRIBUTE *attr; ASN1_TYPE *ext = NULL; int idx, *pnid; - unsigned char *p; + const unsigned char *p; if ((req == NULL) || (req->req_info == NULL) || !ext_nids) return(NULL); @@ -169,7 +209,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) ext->value.sequence->length, d2i_X509_EXTENSION, X509_EXTENSION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); - } +} /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. diff --git a/crypto/openssl/crypto/x509/x509_trs.c b/crypto/openssl/crypto/x509/x509_trs.c index 8812526..9c84a59 100644 --- a/crypto/openssl/crypto/x509/x509_trs.c +++ b/crypto/openssl/crypto/x509/x509_trs.c @@ -128,7 +128,7 @@ int X509_TRUST_get_count(void) X509_TRUST * X509_TRUST_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_TRUST_COUNT) return trstandard + idx; + if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } @@ -219,7 +219,7 @@ static void trtable_free(X509_TRUST *p) void X509_TRUST_cleanup(void) { - int i; + unsigned int i; for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c index e31ebc6..7dd2b76 100644 --- a/crypto/openssl/crypto/x509/x509_txt.c +++ b/crypto/openssl/crypto/x509/x509_txt.c @@ -122,8 +122,14 @@ const char *X509_verify_cert_error_string(long n) return("certificate revoked"); case X509_V_ERR_INVALID_CA: return ("invalid CA certificate"); + case X509_V_ERR_INVALID_NON_CA: + return ("invalid non-CA certificate (has CA markings)"); case X509_V_ERR_PATH_LENGTH_EXCEEDED: return ("path length constraint exceeded"); + case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: + return("proxy path length constraint exceeded"); + case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: + return("proxy cerificates not allowed, please set the appropriate flag"); case X509_V_ERR_INVALID_PURPOSE: return ("unsupported certificate purpose"); case X509_V_ERR_CERT_UNTRUSTED: @@ -140,19 +146,22 @@ const char *X509_verify_cert_error_string(long n) return("authority and issuer serial number mismatch"); case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: return("key usage does not include certificate signing"); - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: return("unable to get CRL issuer certificate"); - case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: return("unhandled critical extension"); - case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: return("key usage does not include CRL signing"); - + case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: + return("key usage does not include digital signature"); case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: return("unhandled critical CRL extension"); - + case X509_V_ERR_INVALID_EXTENSION: + return("invalid or inconsistent certificate extension"); + case X509_V_ERR_INVALID_POLICY_EXTENSION: + return("invalid or inconsistent certificate policy extension"); + case X509_V_ERR_NO_EXPLICIT_POLICY: + return("no explicit policy"); default: BIO_snprintf(buf,sizeof buf,"error number %ld",n); return(buf); diff --git a/crypto/openssl/crypto/x509/x509_v3.c b/crypto/openssl/crypto/x509/x509_v3.c index 67b1796..42e6f0a 100644 --- a/crypto/openssl/crypto/x509/x509_v3.c +++ b/crypto/openssl/crypto/x509/x509_v3.c @@ -147,7 +147,13 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, int n; STACK_OF(X509_EXTENSION) *sk=NULL; - if ((x != NULL) && (*x == NULL)) + if (x == NULL) + { + X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER); + goto err2; + } + + if (*x == NULL) { if ((sk=sk_X509_EXTENSION_new_null()) == NULL) goto err; @@ -163,7 +169,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, goto err2; if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) goto err; - if ((x != NULL) && (*x == NULL)) + if (*x == NULL) *x=sk; return(sk); err: diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index e24e102..79dae3d 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -73,10 +73,11 @@ static int null_callback(int ok,X509_STORE_CTX *e); static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); -static int check_chain_purpose(X509_STORE_CTX *ctx); +static int check_chain_extensions(X509_STORE_CTX *ctx); static int check_trust(X509_STORE_CTX *ctx); static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); +static int check_policy(X509_STORE_CTX *ctx); static int internal_verify(X509_STORE_CTX *ctx); const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; @@ -97,11 +98,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { X509 *x,*xtmp,*chain_ss=NULL; X509_NAME *xn; + int bad_chain = 0; + X509_VERIFY_PARAM *param = ctx->param; int depth,i,ok=0; int num; - int (*cb)(); + int (*cb)(int xok,X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp=NULL; - if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); @@ -134,7 +136,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) num=sk_X509_num(ctx->chain); x=sk_X509_value(ctx->chain,num-1); - depth=ctx->depth; + depth=param->depth; for (;;) @@ -201,6 +203,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ctx->current_cert=x; ctx->error_depth=i-1; if (ok == 1) X509_free(xtmp); + bad_chain = 1; ok=cb(0,ctx); if (!ok) goto end; } @@ -276,18 +279,19 @@ int X509_verify_cert(X509_STORE_CTX *ctx) } ctx->error_depth=num-1; + bad_chain = 1; ok=cb(0,ctx); if (!ok) goto end; } /* We have the chain complete: now we need to check its purpose */ - if (ctx->purpose > 0) ok = check_chain_purpose(ctx); + ok = check_chain_extensions(ctx); if (!ok) goto end; /* The chain extensions are OK: check trust */ - if (ctx->trust > 0) ok = check_trust(ctx); + if (param->trust > 0) ok = check_trust(ctx); if (!ok) goto end; @@ -301,11 +305,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->check_revocation(ctx); if(!ok) goto end; - /* At this point, we have a chain and just need to verify it */ + /* At this point, we have a chain and need to verify it */ if (ctx->verify != NULL) ok=ctx->verify(ctx); else ok=internal_verify(ctx); + if(!ok) goto end; + + /* If we get this far evaluate policies */ + if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) + ok = ctx->check_policy(ctx); + if(!ok) goto end; if (0) { end: @@ -342,7 +352,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) if (ret == X509_V_OK) return 1; /* If we haven't asked for issuer errors don't set ctx */ - if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) + if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) return 0; ctx->error = ret; @@ -371,21 +381,40 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) * with the supplied purpose */ -static int check_chain_purpose(X509_STORE_CTX *ctx) +static int check_chain_extensions(X509_STORE_CTX *ctx) { #ifdef OPENSSL_NO_CHAIN_VERIFY return 1; #else - int i, ok=0; + int i, ok=0, must_be_ca; X509 *x; - int (*cb)(); + int (*cb)(int xok,X509_STORE_CTX *xctx); + int proxy_path_length = 0; + int allow_proxy_certs = + !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); cb=ctx->verify_cb; + + /* must_be_ca can have 1 of 3 values: + -1: we accept both CA and non-CA certificates, to allow direct + use of self-signed certificates (which are marked as CA). + 0: we only accept non-CA certificates. This is currently not + used, but the possibility is present for future extensions. + 1: we only accept CA certificates. This is currently used for + all certificates in the chain except the leaf certificate. + */ + must_be_ca = -1; + + /* A hack to keep people who don't want to modify their software + happy */ + if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) + allow_proxy_certs = 1; + /* Check all untrusted certificates */ for (i = 0; i < ctx->last_untrusted; i++) { int ret; x = sk_X509_value(ctx->chain, i); - if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && (x->ex_flags & EXFLAG_CRITICAL)) { ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; @@ -394,23 +423,73 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) ok=cb(0,ctx); if (!ok) goto end; } - ret = X509_check_purpose(x, ctx->purpose, i); - if ((ret == 0) - || ((ctx->flags & X509_V_FLAG_X509_STRICT) - && (ret != 1))) + if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { - if (i) + ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + ret = X509_check_ca(x); + switch(must_be_ca) + { + case -1: + if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1) && (ret != 0)) + { + ret = 0; ctx->error = X509_V_ERR_INVALID_CA; + } else - ctx->error = X509_V_ERR_INVALID_PURPOSE; + ret = 1; + break; + case 0: + if (ret != 0) + { + ret = 0; + ctx->error = X509_V_ERR_INVALID_NON_CA; + } + else + ret = 1; + break; + default: + if ((ret == 0) + || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1))) + { + ret = 0; + ctx->error = X509_V_ERR_INVALID_CA; + } + else + ret = 1; + break; + } + if (ret == 0) + { ctx->error_depth = i; ctx->current_cert = x; ok=cb(0,ctx); if (!ok) goto end; } + if (ctx->param->purpose > 0) + { + ret = X509_check_purpose(x, ctx->param->purpose, + must_be_ca > 0); + if ((ret == 0) + || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1))) + { + ctx->error = X509_V_ERR_INVALID_PURPOSE; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + } /* Check pathlen */ if ((i > 1) && (x->ex_pathlen != -1) - && (i > (x->ex_pathlen + 1))) + && (i > (x->ex_pathlen + proxy_path_length + 1))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; @@ -418,6 +497,26 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) ok=cb(0,ctx); if (!ok) goto end; } + /* If this certificate is a proxy certificate, the next + certificate must be another proxy certificate or a EE + certificate. If not, the next certificate must be a + CA certificate. */ + if (x->ex_flags & EXFLAG_PROXY) + { + if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) + { + ctx->error = + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + proxy_path_length++; + must_be_ca = 0; + } + else + must_be_ca = 1; } ok = 1; end: @@ -432,12 +531,12 @@ static int check_trust(X509_STORE_CTX *ctx) #else int i, ok; X509 *x; - int (*cb)(); + int (*cb)(int xok,X509_STORE_CTX *xctx); cb=ctx->verify_cb; /* For now just check the last certificate in the chain */ i = sk_X509_num(ctx->chain) - 1; x = sk_X509_value(ctx->chain, i); - ok = X509_check_trust(x, ctx->trust, 0); + ok = X509_check_trust(x, ctx->param->trust, 0); if (ok == X509_TRUST_TRUSTED) return 1; ctx->error_depth = i; @@ -454,9 +553,9 @@ static int check_trust(X509_STORE_CTX *ctx) static int check_revocation(X509_STORE_CTX *ctx) { int i, last, ok; - if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) + if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) return 1; - if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) + if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) last = sk_X509_num(ctx->chain) - 1; else last = 0; @@ -499,17 +598,124 @@ static int check_cert(X509_STORE_CTX *ctx) } +/* Check CRL times against values in X509_STORE_CTX */ + +static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + { + time_t *ptime; + int i; + ctx->current_crl = crl; + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else + ptime = NULL; + + i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + + if (i > 0) + { + ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + + if(X509_CRL_get_nextUpdate(crl)) + { + i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); + + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + + if (i < 0) + { + ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; + if (!notify || !ctx->verify_cb(0, ctx)) + return 0; + } + } + + ctx->current_crl = NULL; + + return 1; + } + +/* Lookup CRLs from the supplied list. Look for matching isser name + * and validity. If we can't find a valid CRL return the last one + * with matching name. This gives more meaningful error codes. Otherwise + * we'd get a CRL not found error if a CRL existed with matching name but + * was invalid. + */ + +static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, + X509_NAME *nm, STACK_OF(X509_CRL) *crls) + { + int i; + X509_CRL *crl, *best_crl = NULL; + for (i = 0; i < sk_X509_CRL_num(crls); i++) + { + crl = sk_X509_CRL_value(crls, i); + if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) + continue; + if (check_crl_time(ctx, crl, 0)) + { + *pcrl = crl; + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); + return 1; + } + best_crl = crl; + } + if (best_crl) + { + *pcrl = best_crl; + CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); + } + + return 0; + } + /* Retrieve CRL corresponding to certificate: currently just a * subject lookup: maybe use AKID later... - * Also might look up any included CRLs too (e.g PKCS#7 signedData). */ -static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x) +static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) { int ok; + X509_CRL *crl = NULL; X509_OBJECT xobj; - ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj); - if (!ok) return 0; - *crl = xobj.data.crl; + X509_NAME *nm; + nm = X509_get_issuer_name(x); + ok = get_crl_sk(ctx, &crl, nm, ctx->crls); + if (ok) + { + *pcrl = crl; + return 1; + } + + ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); + + if (!ok) + { + /* If we got a near match from get_crl_sk use that */ + if (crl) + { + *pcrl = crl; + return 1; + } + return 0; + } + + *pcrl = xobj.data.crl; + if (crl) + X509_CRL_free(crl); return 1; } @@ -518,8 +724,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) { X509 *issuer = NULL; EVP_PKEY *ikey = NULL; - int ok = 0, chnum, cnum, i; - time_t *ptime; + int ok = 0, chnum, cnum; cnum = ctx->error_depth; chnum = sk_X509_num(ctx->chain) - 1; /* Find CRL issuer: if not last certificate then issuer @@ -571,45 +776,9 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) } } - /* OK, CRL signature valid check times */ - if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->check_time; - else - ptime = NULL; - - i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } - - if (i > 0) - { - ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } - - if(X509_CRL_get_nextUpdate(crl)) - { - i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); - - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } - - if (i < 0) - { - ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } - } + ok = check_crl_time(ctx, crl, 1); + if (!ok) + goto err; ok = 1; @@ -647,7 +816,7 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) if (!ok) return 0; } - if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) + if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) return 1; /* See if we have any critical CRL extensions: since we @@ -674,13 +843,106 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) return 1; } +static int check_policy(X509_STORE_CTX *ctx) + { + int ret; + ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, + ctx->param->policies, ctx->param->flags); + if (ret == 0) + { + X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Invalid or inconsistent extensions */ + if (ret == -1) + { + /* Locate certificates with bad extensions and notify + * callback. + */ + X509 *x; + int i; + for (i = 1; i < sk_X509_num(ctx->chain); i++) + { + x = sk_X509_value(ctx->chain, i); + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; + ctx->current_cert = x; + ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; + ret = ctx->verify_cb(0, ctx); + } + return 1; + } + if (ret == -2) + { + ctx->current_cert = NULL; + ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; + return ctx->verify_cb(0, ctx); + } + + if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) + { + ctx->current_cert = NULL; + ctx->error = X509_V_OK; + if (!ctx->verify_cb(2, ctx)) + return 0; + } + + return 1; + } + +static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) + { + time_t *ptime; + int i; + + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else + ptime = NULL; + + i=X509_cmp_time(X509_get_notBefore(x), ptime); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (i > 0) + { + ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + i=X509_cmp_time(X509_get_notAfter(x), ptime); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (i < 0) + { + ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; + ctx->current_cert=x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + return 1; + } + static int internal_verify(X509_STORE_CTX *ctx) { - int i,ok=0,n; + int ok=0,n; X509 *xs,*xi; EVP_PKEY *pkey=NULL; - time_t *ptime; - int (*cb)(); + int (*cb)(int xok,X509_STORE_CTX *xctx); cb=ctx->verify_cb; @@ -688,10 +950,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ctx->error_depth=n-1; n--; xi=sk_X509_value(ctx->chain,n); - if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->check_time; - else - ptime = NULL; + if (ctx->check_issued(ctx, xi, xi)) xs=xi; else @@ -744,43 +1003,16 @@ static int internal_verify(X509_STORE_CTX *ctx) } EVP_PKEY_free(pkey); pkey=NULL; - - i=X509_cmp_time(X509_get_notBefore(xs), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - if (i > 0) - { - ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - xs->valid=1; } - i=X509_cmp_time(X509_get_notAfter(xs), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } + xs->valid = 1; - if (i < 0) - { - ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } + ok = check_cert_time(ctx, xs); + if (!ok) + goto end; /* The last error (if any) is still in the error value */ + ctx->current_issuer=xi; ctx->current_cert=xs; ok=(*cb)(1,ctx); if (!ok) goto end; @@ -849,7 +1081,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) offset=0; else { - if ((*str != '+') && (str[5] != '-')) + if ((*str != '+') && (*str != '-')) return 0; offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); @@ -860,7 +1092,8 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) atm.length=sizeof(buff2); atm.data=(unsigned char *)buff2; - X509_time_adj(&atm,-offset*60, cmp_time); + if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL) + return 0; if (ctm->type == V_ASN1_UTCTIME) { @@ -1009,6 +1242,11 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) ctx->untrusted=sk; } +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) + { + ctx->crls=sk; + } + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) { return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); @@ -1072,8 +1310,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, } } - if (purpose && !ctx->purpose) ctx->purpose = purpose; - if (trust && !ctx->trust) ctx->trust = trust; + if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; + if (trust && !ctx->param->trust) ctx->param->trust = trust; return 1; } @@ -1099,20 +1337,30 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { + int ret = 1; ctx->ctx=store; ctx->current_method=0; ctx->cert=x509; ctx->untrusted=chain; + ctx->crls = NULL; ctx->last_untrusted=0; - ctx->check_time=0; ctx->other_ctx=NULL; ctx->valid=0; ctx->chain=NULL; - ctx->depth=9; ctx->error=0; + ctx->explicit_policy=0; ctx->error_depth=0; ctx->current_cert=NULL; ctx->current_issuer=NULL; + ctx->tree = NULL; + + ctx->param = X509_VERIFY_PARAM_new(); + + if (!ctx->param) + { + X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + return 0; + } /* Inherit callbacks and flags from X509_STORE if not set * use defaults. @@ -1120,18 +1368,26 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store) + ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); + else + ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + + if (store) { - ctx->purpose=store->purpose; - ctx->trust=store->trust; - ctx->flags = store->flags; + ctx->verify_cb = store->verify_cb; ctx->cleanup = store->cleanup; } else - { - ctx->purpose = 0; - ctx->trust = 0; - ctx->flags = 0; ctx->cleanup = 0; + + if (ret) + ret = X509_VERIFY_PARAM_inherit(ctx->param, + X509_VERIFY_PARAM_lookup("default")); + + if (ret == 0) + { + X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + return 0; } if (store && store->check_issued) @@ -1174,6 +1430,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->cert_crl = cert_crl; + ctx->check_policy = check_policy; + /* This memset() can't make any sense anyway, so it's removed. As * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a @@ -1202,6 +1460,9 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) { if (ctx->cleanup) ctx->cleanup(ctx); + X509_VERIFY_PARAM_free(ctx->param); + if (ctx->tree) + X509_policy_tree_free(ctx->tree); if (ctx->chain != NULL) { sk_X509_pop_free(ctx->chain,X509_free); @@ -1211,15 +1472,19 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); } -void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) + { + X509_VERIFY_PARAM_set_depth(ctx->param, depth); + } + +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) { - ctx->flags |= flags; + X509_VERIFY_PARAM_set_flags(ctx->param, flags); } -void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t) +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) { - ctx->check_time = t; - ctx->flags |= X509_V_FLAG_USE_CHECK_TIME; + X509_VERIFY_PARAM_set_time(ctx->param, t); } void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, @@ -1228,6 +1493,37 @@ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, ctx->verify_cb=verify_cb; } +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) + { + return ctx->tree; + } + +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) + { + return ctx->explicit_policy; + } + +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) + { + const X509_VERIFY_PARAM *param; + param = X509_VERIFY_PARAM_lookup(name); + if (!param) + return 0; + return X509_VERIFY_PARAM_inherit(ctx->param, param); + } + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) + { + return ctx->param; + } + +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) + { + if (ctx->param) + X509_VERIFY_PARAM_free(ctx->param); + ctx->param = param; + } + IMPLEMENT_STACK_OF(X509) IMPLEMENT_ASN1_SET_OF(X509) diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h index 1984958..3f16330 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.h +++ b/crypto/openssl/crypto/x509/x509_vfy.h @@ -65,6 +65,7 @@ #ifndef HEADER_X509_VFY_H #define HEADER_X509_VFY_H +#include #ifndef OPENSSL_NO_LHASH #include #endif @@ -155,6 +156,25 @@ typedef struct x509_lookup_method_st X509_OBJECT *ret); } X509_LOOKUP_METHOD; +/* This structure hold all parameters associated with a verify operation + * by including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +typedef struct X509_VERIFY_PARAM_st + { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + } X509_VERIFY_PARAM; + +DECLARE_STACK_OF(X509_VERIFY_PARAM) + /* This is used to hold everything. It is used for all certificate * validation. Once we have a certificate chain, the 'verify' * function is then called to actually check the cert chain. */ @@ -167,13 +187,8 @@ struct x509_store_st /* These are external lookup methods */ STACK_OF(X509_LOOKUP) *get_cert_methods; - /* The following fields are not used by X509_STORE but are - * inherited by X509_STORE_CTX when it is initialised. - */ + X509_VERIFY_PARAM *param; - unsigned long flags; /* Various verify flags */ - int purpose; - int trust; /* Callbacks for various operations */ int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ @@ -187,10 +202,9 @@ struct x509_store_st CRYPTO_EX_DATA ex_data; int references; - int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */ } /* X509_STORE */; -#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) +int X509_STORE_set_depth(X509_STORE *store, int depth); #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) @@ -217,10 +231,9 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ /* The following are set by the caller */ X509 *cert; /* The cert to check */ STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - time_t check_time; /* time to make verify at */ - unsigned long flags; /* Various verify flags */ + STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + + X509_VERIFY_PARAM *param; void *other_ctx; /* Other info for use with get_issuer() */ /* Callbacks for various operations */ @@ -232,13 +245,16 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + int (*check_policy)(X509_STORE_CTX *ctx); int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ - int depth; /* how far to go looking up certs */ int valid; /* if 0, rebuild chain */ int last_untrusted; /* index of last untrusted cert */ STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ + X509_POLICY_TREE *tree; /* Valid policy tree */ + + int explicit_policy; /* Require explicit policy value */ /* When something goes wrong, this is why */ int error_depth; @@ -250,7 +266,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; -#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d)) +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_STORE_CTX_set_app_data(ctx,data) \ X509_STORE_CTX_set_ex_data(ctx,0,data) @@ -276,7 +292,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 #define X509_V_ERR_CERT_HAS_EXPIRED 10 #define X509_V_ERR_CRL_NOT_YET_VALID 11 #define X509_V_ERR_CRL_HAS_EXPIRED 12 @@ -306,6 +322,15 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 + +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 + /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 @@ -324,6 +349,30 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Disable workarounds for broken certificates */ #define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +#define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +#define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +#define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +#define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +#define X509_V_FLAG_NOTIFY_POLICY 0x800 + +#define X509_VP_FLAG_DEFAULT 0x1 +#define X509_VP_FLAG_OVERWRITE 0x2 +#define X509_VP_FLAG_RESET_FLAGS 0x4 +#define X509_VP_FLAG_LOCKED 0x8 +#define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name); @@ -334,9 +383,10 @@ void X509_OBJECT_free_contents(X509_OBJECT *a); X509_STORE *X509_STORE_new(void ); void X509_STORE_free(X509_STORE *v); -void X509_STORE_set_flags(X509_STORE *ctx, long flags); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -400,14 +450,78 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); -void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); -void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, + unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL * + X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) * + X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE * + X509_policy_node_get0_parent(const X509_POLICY_NODE *node); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c new file mode 100644 index 0000000..5e69259 --- /dev/null +++ b/crypto/openssl/crypto/x509/x509_vpm.c @@ -0,0 +1,420 @@ +/* x509_vpm.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "cryptlib.h" +#include +#include +#include +#include +#include + +/* X509_VERIFY_PARAM functions */ + +static void x509_verify_param_zero(X509_VERIFY_PARAM *param) + { + if (!param) + return; + param->name = NULL; + param->purpose = 0; + param->trust = 0; + param->inh_flags = X509_VP_FLAG_DEFAULT; + param->flags = 0; + param->depth = -1; + if (param->policies) + { + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + param->policies = NULL; + } + } + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) + { + X509_VERIFY_PARAM *param; + param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + memset(param, 0, sizeof(X509_VERIFY_PARAM)); + x509_verify_param_zero(param); + return param; + } + +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + { + x509_verify_param_zero(param); + OPENSSL_free(param); + } + +/* This function determines how parameters are "inherited" from one structure + * to another. There are several different ways this can happen. + * + * 1. If a child structure needs to have its values initialized from a parent + * they are simply copied across. For example SSL_CTX copied to SSL. + * 2. If the structure should take on values only if they are currently unset. + * For example the values in an SSL structure will take appropriate value + * for SSL servers or clients but only if the application has not set new + * ones. + * + * The "inh_flags" field determines how this function behaves. + * + * Normally any values which are set in the default are not copied from the + * destination and verify flags are ORed together. + * + * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied + * to the destination. Effectively the values in "to" become default values + * which will be used only if nothing new is set in "from". + * + * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether + * they are set or not. Flags is still Ored though. + * + * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead + * of ORed. + * + * If X509_VP_FLAG_LOCKED is set then no values are copied. + * + * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed + * after the next call. + */ + +/* Macro to test if a field should be copied from src to dest */ + +#define test_x509_verify_param_copy(field, def) \ + (to_overwrite || \ + ((src->field != def) && (to_default || (dest->field == def)))) + +/* Macro to test and copy a field if necessary */ + +#define x509_verify_param_copy(field, def) \ + if (test_x509_verify_param_copy(field, def)) \ + dest->field = src->field + + +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, + const X509_VERIFY_PARAM *src) + { + unsigned long inh_flags; + int to_default, to_overwrite; + if (!src) + return 1; + inh_flags = dest->inh_flags | src->inh_flags; + + if (inh_flags & X509_VP_FLAG_ONCE) + dest->inh_flags = 0; + + if (inh_flags & X509_VP_FLAG_LOCKED) + return 1; + + if (inh_flags & X509_VP_FLAG_DEFAULT) + to_default = 1; + else + to_default = 0; + + if (inh_flags & X509_VP_FLAG_OVERWRITE) + to_overwrite = 1; + else + to_overwrite = 0; + + x509_verify_param_copy(purpose, 0); + x509_verify_param_copy(trust, 0); + x509_verify_param_copy(depth, -1); + + /* If overwrite or check time not set, copy across */ + + if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) + { + dest->check_time = src->check_time; + dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; + /* Don't need to copy flag: that is done below */ + } + + if (inh_flags & X509_VP_FLAG_RESET_FLAGS) + dest->flags = 0; + + dest->flags |= src->flags; + + if (test_x509_verify_param_copy(policies, NULL)) + { + if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) + return 0; + } + + return 1; + } + +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from) + { + to->inh_flags |= X509_VP_FLAG_DEFAULT; + return X509_VERIFY_PARAM_inherit(to, from); + } + +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) + { + if (param->name) + OPENSSL_free(param->name); + param->name = BUF_strdup(name); + if (param->name) + return 1; + return 0; + } + +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) + { + param->flags |= flags; + if (flags & X509_V_FLAG_POLICY_MASK) + param->flags |= X509_V_FLAG_POLICY_CHECK; + return 1; + } + +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) + { + param->flags &= ~flags; + return 1; + } + +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) + { + return param->flags; + } + +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) + { + return X509_PURPOSE_set(¶m->purpose, purpose); + } + +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) + { + return X509_TRUST_set(¶m->trust, trust); + } + +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) + { + param->depth = depth; + } + +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) + { + param->check_time = t; + param->flags |= X509_V_FLAG_USE_CHECK_TIME; + } + +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) + { + if (!param->policies) + { + param->policies = sk_ASN1_OBJECT_new_null(); + if (!param->policies) + return 0; + } + if (!sk_ASN1_OBJECT_push(param->policies, policy)) + return 0; + return 1; + } + +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies) + { + int i; + ASN1_OBJECT *oid, *doid; + if (!param) + return 0; + if (param->policies) + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + + if (!policies) + { + param->policies = NULL; + return 1; + } + + param->policies = sk_ASN1_OBJECT_new_null(); + if (!param->policies) + return 0; + + for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) + { + oid = sk_ASN1_OBJECT_value(policies, i); + doid = OBJ_dup(oid); + if (!doid) + return 0; + if (!sk_ASN1_OBJECT_push(param->policies, doid)) + { + ASN1_OBJECT_free(doid); + return 0; + } + } + param->flags |= X509_V_FLAG_POLICY_CHECK; + return 1; + } + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) + { + return param->depth; + } + +/* Default verify parameters: these are used for various + * applications and can be overridden by the user specified table. + * NB: the 'name' field *must* be in alphabetical order because it + * will be searched using OBJ_search. + */ + +static const X509_VERIFY_PARAM default_table[] = { + { + "default", /* X509 default parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + 0, /* purpose */ + 0, /* trust */ + 9, /* depth */ + NULL /* policies */ + }, + { + "pkcs7", /* SSL/TLS client parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ + NULL /* policies */ + }, + { + "ssl_client", /* SSL/TLS client parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + X509_PURPOSE_SSL_CLIENT, /* purpose */ + X509_TRUST_SSL_CLIENT, /* trust */ + -1, /* depth */ + NULL /* policies */ + }, + { + "ssl_server", /* SSL/TLS server parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + X509_PURPOSE_SSL_SERVER, /* purpose */ + X509_TRUST_SSL_SERVER, /* trust */ + -1, /* depth */ + NULL /* policies */ + }}; + +static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; + +static int table_cmp(const void *pa, const void *pb) + { + const X509_VERIFY_PARAM *a = pa, *b = pb; + return strcmp(a->name, b->name); + } + +static int param_cmp(const X509_VERIFY_PARAM * const *a, + const X509_VERIFY_PARAM * const *b) + { + return strcmp((*a)->name, (*b)->name); + } + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) + { + int idx; + X509_VERIFY_PARAM *ptmp; + if (!param_table) + { + param_table = sk_X509_VERIFY_PARAM_new(param_cmp); + if (!param_table) + return 0; + } + else + { + idx = sk_X509_VERIFY_PARAM_find(param_table, param); + if (idx != -1) + { + ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); + X509_VERIFY_PARAM_free(ptmp); + sk_X509_VERIFY_PARAM_delete(param_table, idx); + } + } + if (!sk_X509_VERIFY_PARAM_push(param_table, param)) + return 0; + return 1; + } + +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) + { + int idx; + X509_VERIFY_PARAM pm; + pm.name = (char *)name; + if (param_table) + { + idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); + if (idx != -1) + return sk_X509_VERIFY_PARAM_value(param_table, idx); + } + return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, + (char *)&default_table, + sizeof(default_table)/sizeof(X509_VERIFY_PARAM), + sizeof(X509_VERIFY_PARAM), + table_cmp); + } + +void X509_VERIFY_PARAM_table_cleanup(void) + { + if (param_table) + sk_X509_VERIFY_PARAM_pop_free(param_table, + X509_VERIFY_PARAM_free); + param_table = NULL; + } diff --git a/crypto/openssl/crypto/x509/x509cset.c b/crypto/openssl/crypto/x509/x509cset.c index 6cac440..9d1646d 100644 --- a/crypto/openssl/crypto/x509/x509cset.c +++ b/crypto/openssl/crypto/x509/x509cset.c @@ -129,6 +129,7 @@ int X509_CRL_sort(X509_CRL *c) r=sk_X509_REVOKED_value(c->crl->revoked,i); r->sequence=i; } + c->crl->enc.modified = 1; return 1; } diff --git a/crypto/openssl/crypto/x509/x509name.c b/crypto/openssl/crypto/x509/x509name.c index 4c20e03..068abfe 100644 --- a/crypto/openssl/crypto/x509/x509name.c +++ b/crypto/openssl/crypto/x509/x509name.c @@ -195,8 +195,8 @@ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, return ret; } -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set) +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; @@ -273,7 +273,7 @@ err: } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len) + const char *field, int type, const unsigned char *bytes, int len) { ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; @@ -309,7 +309,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type, unsigned char *bytes, int len) + ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { X509_NAME_ENTRY *ret; @@ -347,7 +347,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) } int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len) + const unsigned char *bytes, int len) { int i; diff --git a/crypto/openssl/crypto/x509/x509spki.c b/crypto/openssl/crypto/x509/x509spki.c index 4c3af94..ed868b8 100644 --- a/crypto/openssl/crypto/x509/x509spki.c +++ b/crypto/openssl/crypto/x509/x509spki.c @@ -77,7 +77,8 @@ EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) { - unsigned char *spki_der, *p; + unsigned char *spki_der; + const unsigned char *p; int spki_len; NETSCAPE_SPKI *spki; if(len <= 0) len = strlen(str); diff --git a/crypto/openssl/crypto/x509/x509type.c b/crypto/openssl/crypto/x509/x509type.c index c25959a..2cd994c 100644 --- a/crypto/openssl/crypto/x509/x509type.c +++ b/crypto/openssl/crypto/x509/x509type.c @@ -86,6 +86,9 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_DSA: ret=EVP_PK_DSA|EVP_PKT_SIGN; break; + case EVP_PKEY_EC: + ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; + break; case EVP_PKEY_DH: ret=EVP_PK_DH|EVP_PKT_EXCH; break; @@ -102,6 +105,9 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_DSA: ret|=EVP_PKS_DSA; break; + case EVP_PKEY_EC: + ret|=EVP_PKS_EC; + break; default: break; } diff --git a/crypto/openssl/crypto/x509/x_all.c b/crypto/openssl/crypto/x509/x_all.c index fb5015c..9039caa 100644 --- a/crypto/openssl/crypto/x509/x_all.c +++ b/crypto/openssl/crypto/x509/x_all.c @@ -64,6 +64,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif int X509_verify(X509 *a, EVP_PKEY *r) { @@ -103,6 +109,7 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) { + x->crl->enc.modified = 1; return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, x->sig_alg, x->signature, x->crl,pkey,md)); } @@ -222,9 +229,9 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) { - return((RSA *)ASN1_d2i_fp((char *(*)()) - RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp), - (unsigned char **)(rsa))); + return ASN1_d2i_fp((void *(*)(void)) + RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, + (void **)rsa); } int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) @@ -234,7 +241,7 @@ int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) { - return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa)); + return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); } #endif @@ -256,9 +263,7 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) { - return((RSA *)ASN1_d2i_bio((char *(*)()) - RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp), - (unsigned char **)(rsa))); + return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); } int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) @@ -268,7 +273,7 @@ int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) { - return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa)); + return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); } #endif @@ -276,55 +281,92 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) #ifndef OPENSSL_NO_FP_API DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) { - return((DSA *)ASN1_d2i_fp((char *(*)()) - DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), - (unsigned char **)(dsa))); + return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); } int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) { - return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); + return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); } DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) { - return((DSA *)ASN1_d2i_fp((char *(*)()) - DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp), - (unsigned char **)(dsa))); + return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); } int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) { - return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa)); + return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); } #endif DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) { - return((DSA *)ASN1_d2i_bio((char *(*)()) - DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), - (unsigned char **)(dsa))); + return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa +); } int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) { - return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); + return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); } DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) { - return((DSA *)ASN1_d2i_bio((char *(*)()) - DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp), - (unsigned char **)(dsa))); + return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); } int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) { - return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa)); + return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); } #endif +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_FP_API +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) + { + return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); + } + +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) + { + return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); + } + +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) + { + return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); + } + +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) + { + return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); + } +#endif +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) + { + return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); + } + +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) + { + return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); + } + +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) + { + return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); + } + +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) + { + return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); + } +#endif + + int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { @@ -369,40 +411,37 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD * #ifndef OPENSSL_NO_FP_API X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) { - return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new, - (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8))); + return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); } int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) { - return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8)); + return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); } #endif X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) { - return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new, - (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8))); + return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); } int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) { - return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8)); + return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); } #ifndef OPENSSL_NO_FP_API PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf) { - return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp( - (char *(*)())PKCS8_PRIV_KEY_INFO_new, - (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp), - (unsigned char **)(p8inf))); + return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, + d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); } int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) { - return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf)); + return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, + p8inf); } int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) @@ -418,24 +457,22 @@ int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) { - return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey)); + return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); } EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) { - return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a))); + return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); } int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) { - return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey)); + return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); } EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) { - return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a))); + return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); } #endif @@ -443,15 +480,14 @@ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf) { - return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio( - (char *(*)())PKCS8_PRIV_KEY_INFO_new, - (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp), - (unsigned char **)(p8inf))); + return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, + d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); } int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) { - return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf)); + return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, + p8inf); } int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) @@ -467,22 +503,20 @@ int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) { - return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey)); + return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); } EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) { - return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a))); + return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); } int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) { - return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey)); + return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); } EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) { - return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a))); + return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); } diff --git a/crypto/openssl/crypto/x509v3/Makefile b/crypto/openssl/crypto/x509v3/Makefile index 7b0d03a..7a5266e 100644 --- a/crypto/openssl/crypto/x509v3/Makefile +++ b/crypto/openssl/crypto/x509v3/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/x509v3/Makefile +# OpenSSL/crypto/x509v3/Makefile # DIR= x509v3 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -25,16 +20,18 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c +v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \ +pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o +v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \ +pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o SRC= $(LIBSRC) EXHEADER= x509v3.h -HEADER= $(EXHEADER) +HEADER= $(EXHEADER) pcy_int.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -57,7 +54,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -72,6 +70,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -83,519 +82,479 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -v3_akey.o: ../../e_os.h ../../include/openssl/aes.h -v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pcy_cache.o: ../../e_os.h ../../include/openssl/asn1.h +pcy_cache.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_cache.o: ../../include/openssl/objects.h +pcy_cache.o: ../../include/openssl/opensslconf.h +pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_cache.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_cache.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_cache.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_cache.o: ../cryptlib.h pcy_cache.c pcy_int.h +pcy_data.o: ../../e_os.h ../../include/openssl/asn1.h +pcy_data.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_data.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_data.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_data.o: ../cryptlib.h pcy_data.c pcy_int.h +pcy_lib.o: ../../e_os.h ../../include/openssl/asn1.h +pcy_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c +pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h +pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c +pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_node.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_node.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_node.o: pcy_int.h pcy_node.c +pcy_tree.o: ../../e_os.h ../../include/openssl/asn1.h +pcy_tree.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_tree.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_tree.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_tree.o: ../cryptlib.h pcy_int.h pcy_tree.c +v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h +v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_akey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akey.o: ../cryptlib.h v3_akey.c -v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h -v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_akeya.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_akeya.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_akeya.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_akeya.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c +v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h +v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_akeya.o: ../../include/openssl/opensslconf.h v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c -v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_akeya.o: ../cryptlib.h v3_akeya.c +v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_alt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h v3_alt.c -v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h -v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c +v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_bcons.o: ../../include/openssl/opensslconf.h v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c -v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h -v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_bcons.o: ../cryptlib.h v3_bcons.c +v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h +v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c -v3_conf.o: ../../e_os.h ../../include/openssl/aes.h -v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_bitst.o: ../cryptlib.h v3_bitst.c +v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h +v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_conf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c -v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h -v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_conf.o: ../cryptlib.h v3_conf.c +v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h +v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_cpols.o: ../../include/openssl/opensslconf.h v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c -v3_crld.o: ../../e_os.h ../../include/openssl/aes.h -v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_cpols.o: ../cryptlib.h pcy_int.h v3_cpols.c +v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h +v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_crld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_crld.o: ../cryptlib.h v3_crld.c -v3_enum.o: ../../e_os.h ../../include/openssl/aes.h -v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c +v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h +v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_enum.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c -v3_extku.o: ../../e_os.h ../../include/openssl/aes.h -v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_enum.o: ../cryptlib.h v3_enum.c +v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h +v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_extku.o: ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c -v3_genn.o: ../../e_os.h ../../include/openssl/aes.h -v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_extku.o: ../cryptlib.h v3_extku.c +v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h +v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_genn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_genn.o: ../cryptlib.h v3_genn.c -v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c +v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_ia5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h v3_ia5.c -v3_info.o: ../../e_os.h ../../include/openssl/aes.h -v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c +v3_info.o: ../../e_os.h ../../include/openssl/asn1.h +v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_info.o: ../cryptlib.h v3_info.c -v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c +v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_int.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h v3_int.c -v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c +v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c -v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h -v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c +v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ncons.o: ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_ncons.o: ../cryptlib.h v3_ncons.c +v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h +v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_ocsp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_ocsp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_ocsp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_ocsp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_ocsp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_ocsp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ocsp.o: ../cryptlib.h v3_ocsp.c -v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h +v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c +v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c +v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c +v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcons.o: ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_pcons.o: ../cryptlib.h v3_pcons.c +v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_pku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c -v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h +v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pmaps.o: ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_pmaps.o: ../cryptlib.h v3_pmaps.c +v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_prn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h v3_prn.c -v3_purp.o: ../../e_os.h ../../include/openssl/aes.h -v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c +v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h +v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_purp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c -v3_skey.o: ../../e_os.h ../../include/openssl/aes.h -v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_purp.o: ../cryptlib.h v3_purp.c +v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h +v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_skey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c -v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h -v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_skey.o: ../cryptlib.h v3_skey.c +v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h +v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3_sxnet.o: ../../include/openssl/opensslconf.h v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c -v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_sxnet.o: ../cryptlib.h v3_sxnet.c +v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_utl.o: ../cryptlib.h v3_utl.c -v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h -v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -v3err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3err.o: v3err.c +v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3err.o: ../../include/openssl/x509v3.h v3err.c diff --git a/crypto/openssl/crypto/x509v3/ext_dat.h b/crypto/openssl/crypto/x509v3/ext_dat.h index 6fa3178..3596684 100644 --- a/crypto/openssl/crypto/x509v3/ext_dat.h +++ b/crypto/openssl/crypto/x509v3/ext_dat.h @@ -64,7 +64,9 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern X509V3_EXT_METHOD v3_crl_hold; +extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; +extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -106,9 +108,14 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_ocsp_serviceloc, #endif &v3_sinfo, +&v3_policy_constraints, #ifndef OPENSSL_NO_OCSP -&v3_crl_hold +&v3_crl_hold, #endif +&v3_pci, +&v3_name_constraints, +&v3_policy_mappings, +&v3_inhibit_anyp }; /* Number of standard extensions */ diff --git a/crypto/openssl/crypto/x509v3/pcy_cache.c b/crypto/openssl/crypto/x509v3/pcy_cache.c new file mode 100644 index 0000000..c18beb8 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_cache.c @@ -0,0 +1,287 @@ +/* pcy_cache.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include + +#include "pcy_int.h" + +static int policy_data_cmp(const X509_POLICY_DATA * const *a, + const X509_POLICY_DATA * const *b); +static int policy_cache_set_int(long *out, ASN1_INTEGER *value); + +/* Set cache entry according to CertificatePolicies extension. + * Note: this destroys the passed CERTIFICATEPOLICIES structure. + */ + +static int policy_cache_create(X509 *x, + CERTIFICATEPOLICIES *policies, int crit) + { + int i; + int ret = 0; + X509_POLICY_CACHE *cache = x->policy_cache; + X509_POLICY_DATA *data = NULL; + POLICYINFO *policy; + if (sk_POLICYINFO_num(policies) == 0) + goto bad_policy; + cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); + if (!cache->data) + goto bad_policy; + for (i = 0; i < sk_POLICYINFO_num(policies); i++) + { + policy = sk_POLICYINFO_value(policies, i); + data = policy_data_new(policy, NULL, crit); + if (!data) + goto bad_policy; + /* Duplicate policy OIDs are illegal: reject if matches + * found. + */ + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) + { + if (cache->anyPolicy) + { + ret = -1; + goto bad_policy; + } + cache->anyPolicy = data; + } + else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) + { + ret = -1; + goto bad_policy; + } + else if (!sk_X509_POLICY_DATA_push(cache->data, data)) + goto bad_policy; + data = NULL; + } + ret = 1; + bad_policy: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; + if (data) + policy_data_free(data); + sk_POLICYINFO_pop_free(policies, POLICYINFO_free); + if (ret <= 0) + { + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + cache->data = NULL; + } + return ret; + } + + +static int policy_cache_new(X509 *x) + { + X509_POLICY_CACHE *cache; + ASN1_INTEGER *ext_any = NULL; + POLICY_CONSTRAINTS *ext_pcons = NULL; + CERTIFICATEPOLICIES *ext_cpols = NULL; + POLICY_MAPPINGS *ext_pmaps = NULL; + int i; + cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); + if (!cache) + return 0; + cache->anyPolicy = NULL; + cache->data = NULL; + cache->maps = NULL; + cache->any_skip = -1; + cache->explicit_skip = -1; + cache->map_skip = -1; + + x->policy_cache = cache; + + /* Handle requireExplicitPolicy *first*. Need to process this + * even if we don't have any policies. + */ + ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); + + if (!ext_pcons) + { + if (i != -1) + goto bad_cache; + } + else + { + if (!ext_pcons->requireExplicitPolicy + && !ext_pcons->inhibitPolicyMapping) + goto bad_cache; + if (!policy_cache_set_int(&cache->explicit_skip, + ext_pcons->requireExplicitPolicy)) + goto bad_cache; + if (!policy_cache_set_int(&cache->map_skip, + ext_pcons->inhibitPolicyMapping)) + goto bad_cache; + } + + /* Process CertificatePolicies */ + + ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); + /* If no CertificatePolicies extension or problem decoding then + * there is no point continuing because the valid policies will be + * NULL. + */ + if (!ext_cpols) + { + /* If not absent some problem with extension */ + if (i != -1) + goto bad_cache; + return 1; + } + + i = policy_cache_create(x, ext_cpols, i); + + /* NB: ext_cpols freed by policy_cache_set_policies */ + + if (i <= 0) + return i; + + ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); + + if (!ext_pmaps) + { + /* If not absent some problem with extension */ + if (i != -1) + goto bad_cache; + } + else + { + i = policy_cache_set_mapping(x, ext_pmaps); + if (i <= 0) + goto bad_cache; + } + + ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); + + if (!ext_any) + { + if (i != -1) + goto bad_cache; + } + else if (!policy_cache_set_int(&cache->any_skip, ext_any)) + goto bad_cache; + + if (0) + { + bad_cache: + x->ex_flags |= EXFLAG_INVALID_POLICY; + } + + if(ext_pcons) + POLICY_CONSTRAINTS_free(ext_pcons); + + if (ext_any) + ASN1_INTEGER_free(ext_any); + + return 1; + + +} + +void policy_cache_free(X509_POLICY_CACHE *cache) + { + if (!cache) + return; + if (cache->anyPolicy) + policy_data_free(cache->anyPolicy); + if (cache->data) + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + OPENSSL_free(cache); + } + +const X509_POLICY_CACHE *policy_cache_set(X509 *x) + { + + if (x->policy_cache == NULL) + { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + policy_cache_new(x); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + + return x->policy_cache; + + } + +X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id) + { + int idx; + X509_POLICY_DATA tmp; + tmp.valid_policy = (ASN1_OBJECT *)id; + idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); + if (idx == -1) + return NULL; + return sk_X509_POLICY_DATA_value(cache->data, idx); + } + +static int policy_data_cmp(const X509_POLICY_DATA * const *a, + const X509_POLICY_DATA * const *b) + { + return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); + } + +static int policy_cache_set_int(long *out, ASN1_INTEGER *value) + { + if (value == NULL) + return 1; + if (value->type == V_ASN1_NEG_INTEGER) + return 0; + *out = ASN1_INTEGER_get(value); + return 1; + } diff --git a/crypto/openssl/crypto/x509v3/pcy_data.c b/crypto/openssl/crypto/x509v3/pcy_data.c new file mode 100644 index 0000000..614d2b4 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_data.c @@ -0,0 +1,123 @@ +/* pcy_data.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include + +#include "pcy_int.h" + +/* Policy Node routines */ + +void policy_data_free(X509_POLICY_DATA *data) + { + ASN1_OBJECT_free(data->valid_policy); + /* Don't free qualifiers if shared */ + if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) + sk_POLICYQUALINFO_pop_free(data->qualifier_set, + POLICYQUALINFO_free); + sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); + OPENSSL_free(data); + } + +/* Create a data based on an existing policy. If 'id' is NULL use the + * oid in the policy, otherwise use 'id'. This behaviour covers the two + * types of data in RFC3280: data with from a CertificatePolcies extension + * and additional data with just the qualifiers of anyPolicy and ID from + * another source. + */ + +X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) + { + X509_POLICY_DATA *ret; + if (!policy && !id) + return NULL; + ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); + if (!ret) + return NULL; + ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); + if (!ret->expected_policy_set) + { + OPENSSL_free(ret); + return NULL; + } + + if (crit) + ret->flags = POLICY_DATA_FLAG_CRITICAL; + else + ret->flags = 0; + + if (id) + ret->valid_policy = id; + else + { + ret->valid_policy = policy->policyid; + policy->policyid = NULL; + } + + if (policy) + { + ret->qualifier_set = policy->qualifiers; + policy->qualifiers = NULL; + } + else + ret->qualifier_set = NULL; + + return ret; + } + diff --git a/crypto/openssl/crypto/x509v3/pcy_int.h b/crypto/openssl/crypto/x509v3/pcy_int.h new file mode 100644 index 0000000..ba62a20 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_int.h @@ -0,0 +1,223 @@ +/* pcy_int.h */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +DECLARE_STACK_OF(X509_POLICY_DATA) +DECLARE_STACK_OF(X509_POLICY_REF) +DECLARE_STACK_OF(X509_POLICY_NODE) + +typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; +typedef struct X509_POLICY_REF_st X509_POLICY_REF; + +/* Internal structures */ + +/* This structure and the field names correspond to the Policy 'node' of + * RFC3280. NB this structure contains no pointers to parent or child + * data: X509_POLICY_NODE contains that. This means that the main policy data + * can be kept static and cached with the certificate. + */ + +struct X509_POLICY_DATA_st + { + unsigned int flags; + /* Policy OID and qualifiers for this data */ + ASN1_OBJECT *valid_policy; + STACK_OF(POLICYQUALINFO) *qualifier_set; + STACK_OF(ASN1_OBJECT) *expected_policy_set; + }; + +/* X509_POLICY_DATA flags values */ + +/* This flag indicates the structure has been mapped using a policy mapping + * extension. If policy mapping is not active its references get deleted. + */ + +#define POLICY_DATA_FLAG_MAPPED 0x1 + +/* This flag indicates the data doesn't correspond to a policy in Certificate + * Policies: it has been mapped to any policy. + */ + +#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 + +/* AND with flags to see if any mapping has occurred */ + +#define POLICY_DATA_FLAG_MAP_MASK 0x3 + +/* qualifiers are shared and shouldn't be freed */ + +#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 + +/* Parent node is an extra node and should be freed */ + +#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 + +/* Corresponding CertificatePolicies is critical */ + +#define POLICY_DATA_FLAG_CRITICAL 0x10 + +/* This structure is an entry from a table of mapped policies which + * cross reference the policy it refers to. + */ + +struct X509_POLICY_REF_st + { + ASN1_OBJECT *subjectDomainPolicy; + const X509_POLICY_DATA *data; + }; + +/* This structure is cached with a certificate */ + +struct X509_POLICY_CACHE_st { + /* anyPolicy data or NULL if no anyPolicy */ + X509_POLICY_DATA *anyPolicy; + /* other policy data */ + STACK_OF(X509_POLICY_DATA) *data; + /* If policyMappings extension present a table of mapped policies */ + STACK_OF(X509_POLICY_REF) *maps; + /* If InhibitAnyPolicy present this is its value or -1 if absent. */ + long any_skip; + /* If policyConstraints and requireExplicitPolicy present this is its + * value or -1 if absent. + */ + long explicit_skip; + /* If policyConstraints and policyMapping present this is its + * value or -1 if absent. + */ + long map_skip; + }; + +/*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/ + +/* This structure represents the relationship between nodes */ + +struct X509_POLICY_NODE_st + { + /* node data this refers to */ + const X509_POLICY_DATA *data; + /* Parent node */ + X509_POLICY_NODE *parent; + /* Number of child nodes */ + int nchild; + }; + +struct X509_POLICY_LEVEL_st + { + /* Cert for this level */ + X509 *cert; + /* nodes at this level */ + STACK_OF(X509_POLICY_NODE) *nodes; + /* anyPolicy node */ + X509_POLICY_NODE *anyPolicy; + /* Extra data */ + /*STACK_OF(X509_POLICY_DATA) *extra_data;*/ + unsigned int flags; + }; + +struct X509_POLICY_TREE_st + { + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; + /* Extra policy data when additional nodes (not from the certificate) + * are required. + */ + STACK_OF(X509_POLICY_DATA) *extra_data; + /* This is the authority constained policy set */ + STACK_OF(X509_POLICY_NODE) *auth_policies; + STACK_OF(X509_POLICY_NODE) *user_policies; + unsigned int flags; + }; + +/* Set if anyPolicy present in user policies */ +#define POLICY_FLAG_ANY_POLICY 0x2 + +/* Useful macros */ + +#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) +#define node_critical(node) node_data_critical(node->data) + +/* Internal functions */ + +X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, + int crit); +void policy_data_free(X509_POLICY_DATA *data); + +X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id); +int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); + + +STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); + +void policy_cache_init(void); + +void policy_cache_free(X509_POLICY_CACHE *cache); + +X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const ASN1_OBJECT *id); + +X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + const ASN1_OBJECT *id); + +X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree); +void policy_node_free(X509_POLICY_NODE *node); + +const X509_POLICY_CACHE *policy_cache_set(X509 *x); diff --git a/crypto/openssl/crypto/x509v3/pcy_lib.c b/crypto/openssl/crypto/x509v3/pcy_lib.c new file mode 100644 index 0000000..dae4840 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_lib.c @@ -0,0 +1,167 @@ +/* pcy_lib.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include "cryptlib.h" +#include +#include + +#include "pcy_int.h" + +/* accessor functions */ + +/* X509_POLICY_TREE stuff */ + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree) + { + if (!tree) + return 0; + return tree->nlevel; + } + +X509_POLICY_LEVEL * + X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i) + { + if (!tree || (i < 0) || (i >= tree->nlevel)) + return NULL; + return tree->levels + i; + } + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree) + { + if (!tree) + return NULL; + return tree->auth_policies; + } + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree) + { + if (!tree) + return NULL; + if (tree->flags & POLICY_FLAG_ANY_POLICY) + return tree->auth_policies; + else + return tree->user_policies; + } + +/* X509_POLICY_LEVEL stuff */ + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level) + { + int n; + if (!level) + return 0; + if (level->anyPolicy) + n = 1; + else + n = 0; + if (level->nodes) + n += sk_X509_POLICY_NODE_num(level->nodes); + return n; + } + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) + { + if (!level) + return NULL; + if (level->anyPolicy) + { + if (i == 0) + return level->anyPolicy; + i--; + } + return sk_X509_POLICY_NODE_value(level->nodes, i); + } + +/* X509_POLICY_NODE stuff */ + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) + { + if (!node) + return NULL; + return node->data->valid_policy; + } + +#if 0 +int X509_policy_node_get_critical(const X509_POLICY_NODE *node) + { + if (node_critical(node)) + return 1; + return 0; + } +#endif + +STACK_OF(POLICYQUALINFO) * + X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) + { + if (!node) + return NULL; + return node->data->qualifier_set; + } + +const X509_POLICY_NODE * + X509_policy_node_get0_parent(const X509_POLICY_NODE *node) + { + if (!node) + return NULL; + return node->parent; + } + + diff --git a/crypto/openssl/crypto/x509v3/pcy_map.c b/crypto/openssl/crypto/x509v3/pcy_map.c new file mode 100644 index 0000000..35221e8 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_map.c @@ -0,0 +1,186 @@ +/* pcy_map.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include + +#include "pcy_int.h" + +static int ref_cmp(const X509_POLICY_REF * const *a, + const X509_POLICY_REF * const *b) + { + return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); + } + +static void policy_map_free(X509_POLICY_REF *map) + { + if (map->subjectDomainPolicy) + ASN1_OBJECT_free(map->subjectDomainPolicy); + OPENSSL_free(map); + } + +static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) + { + X509_POLICY_REF tmp; + int idx; + tmp.subjectDomainPolicy = id; + + idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); + if (idx == -1) + return NULL; + return sk_X509_POLICY_REF_value(cache->maps, idx); + } + +/* Set policy mapping entries in cache. + * Note: this modifies the passed POLICY_MAPPINGS structure + */ + +int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + { + POLICY_MAPPING *map; + X509_POLICY_REF *ref = NULL; + X509_POLICY_DATA *data; + X509_POLICY_CACHE *cache = x->policy_cache; + int i; + int ret = 0; + if (sk_POLICY_MAPPING_num(maps) == 0) + { + ret = -1; + goto bad_mapping; + } + cache->maps = sk_X509_POLICY_REF_new(ref_cmp); + for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) + { + map = sk_POLICY_MAPPING_value(maps, i); + /* Reject if map to or from anyPolicy */ + if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) + || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) + { + ret = -1; + goto bad_mapping; + } + + /* If we've already mapped from this OID bad mapping */ + if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) + { + ret = -1; + goto bad_mapping; + } + + /* Attempt to find matching policy data */ + data = policy_cache_find_data(cache, map->issuerDomainPolicy); + /* If we don't have anyPolicy can't map */ + if (!data && !cache->anyPolicy) + continue; + + /* Create a NODE from anyPolicy */ + if (!data) + { + data = policy_data_new(NULL, map->issuerDomainPolicy, + cache->anyPolicy->flags + & POLICY_DATA_FLAG_CRITICAL); + if (!data) + goto bad_mapping; + data->qualifier_set = cache->anyPolicy->qualifier_set; + map->issuerDomainPolicy = NULL; + data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!sk_X509_POLICY_DATA_push(cache->data, data)) + { + policy_data_free(data); + goto bad_mapping; + } + } + else + data->flags |= POLICY_DATA_FLAG_MAPPED; + + if (!sk_ASN1_OBJECT_push(data->expected_policy_set, + map->subjectDomainPolicy)) + goto bad_mapping; + + ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); + if (!ref) + goto bad_mapping; + + ref->subjectDomainPolicy = map->subjectDomainPolicy; + map->subjectDomainPolicy = NULL; + ref->data = data; + + if (!sk_X509_POLICY_REF_push(cache->maps, ref)) + goto bad_mapping; + + ref = NULL; + + } + + ret = 1; + bad_mapping: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; + if (ref) + policy_map_free(ref); + if (ret <= 0) + { + sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); + cache->maps = NULL; + } + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); + return ret; + + } diff --git a/crypto/openssl/crypto/x509v3/pcy_node.c b/crypto/openssl/crypto/x509v3/pcy_node.c new file mode 100644 index 0000000..dcc1554 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_node.c @@ -0,0 +1,158 @@ +/* pcy_node.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include "pcy_int.h" + +static int node_cmp(const X509_POLICY_NODE * const *a, + const X509_POLICY_NODE * const *b) + { + return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); + } + +STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void) + { + return sk_X509_POLICY_NODE_new(node_cmp); + } + +X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, + const ASN1_OBJECT *id) + { + X509_POLICY_DATA n; + X509_POLICY_NODE l; + int idx; + + n.valid_policy = (ASN1_OBJECT *)id; + l.data = &n; + + idx = sk_X509_POLICY_NODE_find(nodes, &l); + if (idx == -1) + return NULL; + + return sk_X509_POLICY_NODE_value(nodes, idx); + + } + +X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const ASN1_OBJECT *id) + { + return tree_find_sk(level->nodes, id); + } + +X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree) + { + X509_POLICY_NODE *node; + node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); + if (!node) + return NULL; + node->data = data; + node->parent = parent; + node->nchild = 0; + if (level) + { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) + { + if (level->anyPolicy) + goto node_error; + level->anyPolicy = node; + } + else + { + + if (!level->nodes) + level->nodes = policy_node_cmp_new(); + if (!level->nodes) + goto node_error; + if (!sk_X509_POLICY_NODE_push(level->nodes, node)) + goto node_error; + } + } + + if (tree) + { + if (!tree->extra_data) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (!tree->extra_data) + goto node_error; + if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) + goto node_error; + } + + if (parent) + parent->nchild++; + + return node; + + node_error: + policy_node_free(node); + return 0; + + } + +void policy_node_free(X509_POLICY_NODE *node) + { + OPENSSL_free(node); + } + + diff --git a/crypto/openssl/crypto/x509v3/pcy_tree.c b/crypto/openssl/crypto/x509v3/pcy_tree.c new file mode 100644 index 0000000..1c68ce3 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/pcy_tree.c @@ -0,0 +1,682 @@ +/* pcy_tree.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include + +#include "pcy_int.h" + +/* Initialize policy tree. Return values: + * 0 Some internal error occured. + * -1 Inconsistent or invalid extensions in certificates. + * 1 Tree initialized OK. + * 2 Policy tree is empty. + * 5 Tree OK and requireExplicitPolicy true. + * 6 Tree empty and requireExplicitPolicy true. + */ + +static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + unsigned int flags) + { + X509_POLICY_TREE *tree; + X509_POLICY_LEVEL *level; + const X509_POLICY_CACHE *cache; + X509_POLICY_DATA *data = NULL; + X509 *x; + int ret = 1; + int i, n; + int explicit_policy; + int any_skip; + int map_skip; + *ptree = NULL; + n = sk_X509_num(certs); + + /* Disable policy mapping for now... */ + flags |= X509_V_FLAG_INHIBIT_MAP; + + if (flags & X509_V_FLAG_EXPLICIT_POLICY) + explicit_policy = 0; + else + explicit_policy = n + 1; + + if (flags & X509_V_FLAG_INHIBIT_ANY) + any_skip = 0; + else + any_skip = n + 1; + + if (flags & X509_V_FLAG_INHIBIT_MAP) + map_skip = 0; + else + map_skip = n + 1; + + /* Can't do anything with just a trust anchor */ + if (n == 1) + return 1; + /* First setup policy cache in all certificates apart from the + * trust anchor. Note any bad cache results on the way. Also can + * calculate explicit_policy value at this point. + */ + for (i = n - 2; i >= 0; i--) + { + x = sk_X509_value(certs, i); + X509_check_purpose(x, -1, -1); + cache = policy_cache_set(x); + /* If cache NULL something bad happened: return immediately */ + if (cache == NULL) + return 0; + /* If inconsistent extensions keep a note of it but continue */ + if (x->ex_flags & EXFLAG_INVALID_POLICY) + ret = -1; + /* Otherwise if we have no data (hence no CertificatePolicies) + * and haven't already set an inconsistent code note it. + */ + else if ((ret == 1) && !cache->data) + ret = 2; + if (explicit_policy > 0) + { + explicit_policy--; + if (!(x->ex_flags & EXFLAG_SS) + && (cache->explicit_skip != -1) + && (cache->explicit_skip < explicit_policy)) + explicit_policy = cache->explicit_skip; + } + } + + if (ret != 1) + { + if (ret == 2 && !explicit_policy) + return 6; + return ret; + } + + + /* If we get this far initialize the tree */ + + tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); + + if (!tree) + return 0; + + tree->flags = 0; + tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); + tree->nlevel = 0; + tree->extra_data = NULL; + tree->auth_policies = NULL; + tree->user_policies = NULL; + + if (!tree) + { + OPENSSL_free(tree); + return 0; + } + + memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); + + tree->nlevel = n; + + level = tree->levels; + + /* Root data: initialize to anyPolicy */ + + data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); + + if (!data || !level_add_node(level, data, NULL, tree)) + goto bad_tree; + + for (i = n - 2; i >= 0; i--) + { + level++; + x = sk_X509_value(certs, i); + cache = policy_cache_set(x); + + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + level->cert = x; + + if (!cache->anyPolicy) + level->flags |= X509_V_FLAG_INHIBIT_ANY; + + /* Determine inhibit any and inhibit map flags */ + if (any_skip == 0) + { + /* Any matching allowed if certificate is self + * issued and not the last in the chain. + */ + if (!(x->ex_flags && EXFLAG_SS) || (i == 0)) + level->flags |= X509_V_FLAG_INHIBIT_ANY; + } + else + { + any_skip--; + if ((cache->any_skip > 0) + && (cache->any_skip < any_skip)) + any_skip = cache->any_skip; + } + + if (map_skip == 0) + level->flags |= X509_V_FLAG_INHIBIT_MAP; + else + { + map_skip--; + if ((cache->map_skip > 0) + && (cache->map_skip < map_skip)) + map_skip = cache->map_skip; + } + + + } + + *ptree = tree; + + if (explicit_policy) + return 1; + else + return 5; + + bad_tree: + + X509_policy_tree_free(tree); + + return 0; + + } + +/* This corresponds to RFC3280 XXXX XXXXX: + * link any data from CertificatePolicies onto matching parent + * or anyPolicy if no match. + */ + +static int tree_link_nodes(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache) + { + int i; + X509_POLICY_LEVEL *last; + X509_POLICY_DATA *data; + X509_POLICY_NODE *parent; + last = curr - 1; + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) + { + data = sk_X509_POLICY_DATA_value(cache->data, i); + /* If a node is mapped any it doesn't have a corresponding + * CertificatePolicies entry. + * However such an identical node would be created + * if anyPolicy matching is enabled because there would be + * no match with the parent valid_policy_set. So we create + * link because then it will have the mapping flags + * right and we can prune it later. + */ + if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) + && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) + continue; + /* Look for matching node in parent */ + parent = level_find_node(last, data->valid_policy); + /* If no match link to anyPolicy */ + if (!parent) + parent = last->anyPolicy; + if (parent && !level_add_node(curr, data, parent, NULL)) + return 0; + } + return 1; + } + +/* This corresponds to RFC3280 XXXX XXXXX: + * Create new data for any unmatched policies in the parent and link + * to anyPolicy. + */ + +static int tree_link_any(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) + { + int i; + X509_POLICY_DATA *data; + X509_POLICY_NODE *node; + X509_POLICY_LEVEL *last; + + last = curr - 1; + + for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) + { + node = sk_X509_POLICY_NODE_value(last->nodes, i); + + /* Skip any node with any children: we only want unmathced + * nodes. + * + * Note: need something better for policy mapping + * because each node may have multiple children + */ + if (node->nchild) + continue; + /* Create a new node with qualifiers from anyPolicy and + * id from unmatched node. + */ + data = policy_data_new(NULL, node->data->valid_policy, + node_critical(node)); + + if (data == NULL) + return 0; + data->qualifier_set = curr->anyPolicy->data->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!level_add_node(curr, data, node, tree)) + { + policy_data_free(data); + return 0; + } + } + /* Finally add link to anyPolicy */ + if (last->anyPolicy) + { + if (!level_add_node(curr, cache->anyPolicy, + last->anyPolicy, NULL)) + return 0; + } + return 1; + } + +/* Prune the tree: delete any child mapped child data on the current level + * then proceed up the tree deleting any data with no children. If we ever + * have no data on a level we can halt because the tree will be empty. + */ + +static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) + { + X509_POLICY_NODE *node; + int i; + for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) + { + node = sk_X509_POLICY_NODE_value(curr->nodes, i); + /* Delete any mapped data: see RFC3280 XXXX */ + if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) + { + node->parent->nchild--; + OPENSSL_free(node); + sk_X509_POLICY_NODE_delete(curr->nodes, i); + } + } + + for(;;) { + --curr; + for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) + { + node = sk_X509_POLICY_NODE_value(curr->nodes, i); + if (node->nchild == 0) + { + node->parent->nchild--; + OPENSSL_free(node); + sk_X509_POLICY_NODE_delete(curr->nodes, i); + } + } + if (curr->anyPolicy && !curr->anyPolicy->nchild) + { + if (curr->anyPolicy->parent) + curr->anyPolicy->parent->nchild--; + OPENSSL_free(curr->anyPolicy); + curr->anyPolicy = NULL; + } + if (curr == tree->levels) + { + /* If we zapped anyPolicy at top then tree is empty */ + if (!curr->anyPolicy) + return 2; + return 1; + } + } + + return 1; + + } + +static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, + X509_POLICY_NODE *pcy) + { + if (!*pnodes) + { + *pnodes = policy_node_cmp_new(); + if (!*pnodes) + return 0; + } + else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + return 1; + + if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) + return 0; + + return 1; + + } + +/* Calculate the authority set based on policy tree. + * The 'pnodes' parameter is used as a store for the set of policy nodes + * used to calculate the user set. If the authority set is not anyPolicy + * then pnodes will just point to the authority set. If however the authority + * set is anyPolicy then the set of valid policies (other than anyPolicy) + * is store in pnodes. The return value of '2' is used in this case to indicate + * that pnodes should be freed. + */ + +static int tree_calculate_authority_set(X509_POLICY_TREE *tree, + STACK_OF(X509_POLICY_NODE) **pnodes) + { + X509_POLICY_LEVEL *curr; + X509_POLICY_NODE *node, *anyptr; + STACK_OF(X509_POLICY_NODE) **addnodes; + int i, j; + curr = tree->levels + tree->nlevel - 1; + + /* If last level contains anyPolicy set is anyPolicy */ + if (curr->anyPolicy) + { + if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) + return 0; + addnodes = pnodes; + } + else + /* Add policies to authority set */ + addnodes = &tree->auth_policies; + + curr = tree->levels; + for (i = 1; i < tree->nlevel; i++) + { + /* If no anyPolicy node on this this level it can't + * appear on lower levels so end search. + */ + if (!(anyptr = curr->anyPolicy)) + break; + curr++; + for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) + { + node = sk_X509_POLICY_NODE_value(curr->nodes, j); + if ((node->parent == anyptr) + && !tree_add_auth_node(addnodes, node)) + return 0; + } + } + + if (addnodes == pnodes) + return 2; + + *pnodes = tree->auth_policies; + + return 1; + } + +static int tree_calculate_user_set(X509_POLICY_TREE *tree, + STACK_OF(ASN1_OBJECT) *policy_oids, + STACK_OF(X509_POLICY_NODE) *auth_nodes) + { + int i; + X509_POLICY_NODE *node; + ASN1_OBJECT *oid; + + X509_POLICY_NODE *anyPolicy; + X509_POLICY_DATA *extra; + + /* Check if anyPolicy present in authority constrained policy set: + * this will happen if it is a leaf node. + */ + + if (sk_ASN1_OBJECT_num(policy_oids) <= 0) + return 1; + + anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; + + for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) + { + oid = sk_ASN1_OBJECT_value(policy_oids, i); + if (OBJ_obj2nid(oid) == NID_any_policy) + { + tree->flags |= POLICY_FLAG_ANY_POLICY; + return 1; + } + } + + for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) + { + oid = sk_ASN1_OBJECT_value(policy_oids, i); + node = tree_find_sk(auth_nodes, oid); + if (!node) + { + if (!anyPolicy) + continue; + /* Create a new node with policy ID from user set + * and qualifiers from anyPolicy. + */ + extra = policy_data_new(NULL, oid, + node_critical(anyPolicy)); + if (!extra) + return 0; + extra->qualifier_set = anyPolicy->data->qualifier_set; + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; + node = level_add_node(NULL, extra, anyPolicy->parent, + tree); + } + if (!tree->user_policies) + { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); + if (!tree->user_policies) + return 1; + } + if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) + return 0; + } + return 1; + + } + +static int tree_evaluate(X509_POLICY_TREE *tree) + { + int ret, i; + X509_POLICY_LEVEL *curr = tree->levels + 1; + const X509_POLICY_CACHE *cache; + + for(i = 1; i < tree->nlevel; i++, curr++) + { + cache = policy_cache_set(curr->cert); + if (!tree_link_nodes(curr, cache)) + return 0; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) + && !tree_link_any(curr, cache, tree)) + return 0; + ret = tree_prune(tree, curr); + if (ret != 1) + return ret; + } + + return 1; + + } + +static void exnode_free(X509_POLICY_NODE *node) + { + if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) + OPENSSL_free(node); + } + + +void X509_policy_tree_free(X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *curr; + int i; + + if (!tree) + return; + + sk_X509_POLICY_NODE_free(tree->auth_policies); + sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); + + for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) + { + if (curr->cert) + X509_free(curr->cert); + if (curr->nodes) + sk_X509_POLICY_NODE_pop_free(curr->nodes, + policy_node_free); + if (curr->anyPolicy) + policy_node_free(curr->anyPolicy); + } + + if (tree->extra_data) + sk_X509_POLICY_DATA_pop_free(tree->extra_data, + policy_data_free); + + OPENSSL_free(tree->levels); + OPENSSL_free(tree); + + } + +/* Application policy checking function. + * Return codes: + * 0 Internal Error. + * 1 Successful. + * -1 One or more certificates contain invalid or inconsistent extensions + * -2 User constrained policy set empty and requireExplicit true. + */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, + unsigned int flags) + { + int ret; + X509_POLICY_TREE *tree = NULL; + STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; + *ptree = NULL; + + *pexplicit_policy = 0; + ret = tree_init(&tree, certs, flags); + + + switch (ret) + { + + /* Tree empty requireExplicit False: OK */ + case 2: + return 1; + + /* Some internal error */ + case 0: + return 0; + + /* Tree empty requireExplicit True: Error */ + + case 6: + *pexplicit_policy = 1; + return -2; + + /* Tree OK requireExplicit True: OK and continue */ + case 5: + *pexplicit_policy = 1; + break; + + /* Tree OK: continue */ + + case 1: + break; + } + + if (!tree) goto error; + ret = tree_evaluate(tree); + + if (ret <= 0) + goto error; + + /* Return value 2 means tree empty */ + if (ret == 2) + { + X509_policy_tree_free(tree); + if (*pexplicit_policy) + return -2; + else + return 1; + } + + /* Tree is not empty: continue */ + + ret = tree_calculate_authority_set(tree, &auth_nodes); + + if (!ret) + goto error; + + if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) + goto error; + + if (ret == 2) + sk_X509_POLICY_NODE_free(auth_nodes); + + if (tree) + *ptree = tree; + + if (*pexplicit_policy) + { + nodes = X509_policy_tree_get0_user_policies(tree); + if (sk_X509_POLICY_NODE_num(nodes) <= 0) + return -2; + } + + return 1; + + error: + + X509_policy_tree_free(tree); + + return 0; + + } + diff --git a/crypto/openssl/crypto/x509v3/v3_akey.c b/crypto/openssl/crypto/x509v3/v3_akey.c index 97e686f..c481b6f 100644 --- a/crypto/openssl/crypto/x509v3/v3_akey.c +++ b/crypto/openssl/crypto/x509v3/v3_akey.c @@ -68,15 +68,17 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -X509V3_EXT_METHOD v3_akey_id = { -NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, -(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -0,0, -NULL -}; +X509V3_EXT_METHOD v3_akey_id = + { + NID_authority_key_identifier, + X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), + 0,0,0,0, + 0,0, + (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, + (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, + 0,0, + NULL + }; static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) @@ -108,83 +110,99 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -{ -char keyid=0, issuer=0; -int i; -CONF_VALUE *cnf; -ASN1_OCTET_STRING *ikeyid = NULL; -X509_NAME *isname = NULL; -GENERAL_NAMES * gens = NULL; -GENERAL_NAME *gen = NULL; -ASN1_INTEGER *serial = NULL; -X509_EXTENSION *ext; -X509 *cert; -AUTHORITY_KEYID *akeyid; -for(i = 0; i < sk_CONF_VALUE_num(values); i++) { - cnf = sk_CONF_VALUE_value(values, i); - if(!strcmp(cnf->name, "keyid")) { - keyid = 1; - if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if(!strcmp(cnf->name, "issuer")) { - issuer = 1; - if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; - } else { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); - ERR_add_error_data(2, "name=", cnf->name); + { + char keyid=0, issuer=0; + int i; + CONF_VALUE *cnf; + ASN1_OCTET_STRING *ikeyid = NULL; + X509_NAME *isname = NULL; + GENERAL_NAMES * gens = NULL; + GENERAL_NAME *gen = NULL; + ASN1_INTEGER *serial = NULL; + X509_EXTENSION *ext; + X509 *cert; + AUTHORITY_KEYID *akeyid; + + for(i = 0; i < sk_CONF_VALUE_num(values); i++) + { + cnf = sk_CONF_VALUE_value(values, i); + if(!strcmp(cnf->name, "keyid")) + { + keyid = 1; + if(cnf->value && !strcmp(cnf->value, "always")) + keyid = 2; + } + else if(!strcmp(cnf->name, "issuer")) + { + issuer = 1; + if(cnf->value && !strcmp(cnf->value, "always")) + issuer = 2; + } + else + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); + ERR_add_error_data(2, "name=", cnf->name); + return NULL; + } + } + + if(!ctx || !ctx->issuer_cert) + { + if(ctx && (ctx->flags==CTX_TEST)) + return AUTHORITY_KEYID_new(); + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); return NULL; - } -} - -if(!ctx || !ctx->issuer_cert) { - if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); + } + + cert = ctx->issuer_cert; + + if(keyid) + { + i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); + if((i >= 0) && (ext = X509_get_ext(cert, i))) + ikeyid = X509V3_EXT_d2i(ext); + if(keyid==2 && !ikeyid) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + return NULL; + } + } + + if((issuer && !ikeyid) || (issuer == 2)) + { + isname = X509_NAME_dup(X509_get_issuer_name(cert)); + serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if(!isname || !serial) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); + goto err; + } + } + + if(!(akeyid = AUTHORITY_KEYID_new())) goto err; + + if(isname) + { + if(!(gens = sk_GENERAL_NAME_new_null()) + || !(gen = GENERAL_NAME_new()) + || !sk_GENERAL_NAME_push(gens, gen)) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); + goto err; + } + gen->type = GEN_DIRNAME; + gen->d.dirn = isname; + } + + akeyid->issuer = gens; + akeyid->serial = serial; + akeyid->keyid = ikeyid; + + return akeyid; + + err: + X509_NAME_free(isname); + M_ASN1_INTEGER_free(serial); + M_ASN1_OCTET_STRING_free(ikeyid); return NULL; -} - -cert = ctx->issuer_cert; - -if(keyid) { - i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); - if((i >= 0) && (ext = X509_get_ext(cert, i))) - ikeyid = X509V3_EXT_d2i(ext); - if(keyid==2 && !ikeyid) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); - return NULL; - } -} - -if((issuer && !ikeyid) || (issuer == 2)) { - isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); - if(!isname || !serial) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); - goto err; } -} - -if(!(akeyid = AUTHORITY_KEYID_new())) goto err; - -if(isname) { - if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) - || !sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); - goto err; - } - gen->type = GEN_DIRNAME; - gen->d.dirn = isname; -} - -akeyid->issuer = gens; -akeyid->serial = serial; -akeyid->keyid = ikeyid; - -return akeyid; - -err: -X509_NAME_free(isname); -M_ASN1_INTEGER_free(serial); -M_ASN1_OCTET_STRING_free(ikeyid); -return NULL; - -} - diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c index 58b935a..b38b3db 100644 --- a/crypto/openssl/crypto/x509v3/v3_alt.c +++ b/crypto/openssl/crypto/x509v3/v3_alt.c @@ -1,9 +1,9 @@ /* v3_alt.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,6 +65,9 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); +static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); + X509V3_EXT_METHOD v3_alt[] = { { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0,0,0,0, @@ -98,7 +101,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) { unsigned char *p; - char oline[256]; + char oline[256], htmp[5]; + int i; switch (gen->type) { case GEN_OTHERNAME: @@ -132,13 +136,27 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { + if(gen->d.ip->length == 4) + BIO_snprintf(oline, sizeof oline, + "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + else if(gen->d.ip->length == 16) + { + oline[0] = 0; + for (i = 0; i < 8; i++) + { + BIO_snprintf(htmp, sizeof htmp, + "%X", p[0] << 8 | p[1]); + p += 2; + strcat(oline, htmp); + if (i != 7) + strcat(oline, ":"); + } + } + else + { X509V3_add_value("IP Address","", &ret); break; - } - BIO_snprintf(oline, sizeof oline, - "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + } X509V3_add_value("IP Address",oline, &ret); break; @@ -153,6 +171,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) { unsigned char *p; + int i; switch (gen->type) { case GEN_OTHERNAME: @@ -187,12 +206,24 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { + if(gen->d.ip->length == 4) + BIO_printf(out, "IP Address:%d.%d.%d.%d", + p[0], p[1], p[2], p[3]); + else if(gen->d.ip->length == 16) + { + BIO_printf(out, "IP Address"); + for (i = 0; i < 8; i++) + { + BIO_printf(out, ":%X", p[0] << 8 | p[1]); + p += 2; + } + BIO_puts(out, "\n"); + } + else + { BIO_printf(out,"IP Address:"); break; - } - BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + } break; case GEN_RID: @@ -210,7 +241,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, CONF_VALUE *cnf; int i; if(!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -275,7 +306,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, CONF_VALUE *cnf; int i; if(!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -310,7 +341,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) X509_NAME_ENTRY *ne; GENERAL_NAME *gen = NULL; int i; - if(ctx->flags == CTX_TEST) return 1; + if(ctx != NULL && ctx->flags == CTX_TEST) + return 1; if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); goto err; @@ -378,81 +410,172 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf) -{ -char is_string = 0; -int type; -GENERAL_NAME *gen = NULL; + { + return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); + } -char *name, *value; +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf, int is_nc) + { + char is_string = 0; + int type; + GENERAL_NAME *gen = NULL; -name = cnf->name; -value = cnf->value; + char *name, *value; -if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); - return NULL; -} + name = cnf->name; + value = cnf->value; -if(!(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - return NULL; -} + if(!value) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); + return NULL; + } -if(!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; -} else if(!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; -} else if(!name_cmp(name, "DNS")) { - is_string = 1; - type = GEN_DNS; -} else if(!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; - } - gen->d.rid = obj; - type = GEN_RID; -} else if(!name_cmp(name, "IP")) { - int i1,i2,i3,i4; - unsigned char ip[4]; - if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) || - (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) || - (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); - ERR_add_error_data(2, "value=", value); + if (out) + gen = out; + else + { + gen = GENERAL_NAME_new(); + if(gen == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); + return NULL; + } + } + + if(!name_cmp(name, "email")) + { + is_string = 1; + type = GEN_EMAIL; + } + else if(!name_cmp(name, "URI")) + { + is_string = 1; + type = GEN_URI; + } + else if(!name_cmp(name, "DNS")) + { + is_string = 1; + type = GEN_DNS; + } + else if(!name_cmp(name, "RID")) + { + ASN1_OBJECT *obj; + if(!(obj = OBJ_txt2obj(value,0))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", value); + goto err; + } + gen->d.rid = obj; + type = GEN_RID; + } + else if(!name_cmp(name, "IP")) + { + if (is_nc) + gen->d.ip = a2i_IPADDRESS_NC(value); + else + gen->d.ip = a2i_IPADDRESS(value); + if(gen->d.ip == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS); + ERR_add_error_data(2, "value=", value); + goto err; + } + type = GEN_IPADD; + } + else if(!name_cmp(name, "dirName")) + { + type = GEN_DIRNAME; + if (!do_dirname(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR); + goto err; + } + } + else if(!name_cmp(name, "otherName")) + { + if (!do_othername(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR); + goto err; + } + type = GEN_OTHERNAME; + } + else + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); + ERR_add_error_data(2, "name=", name); goto err; - } - ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; - if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || - !ASN1_STRING_set(gen->d.ip, ip, 4)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + } + + if(is_string) + { + if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, + strlen(value))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); goto err; - } - type = GEN_IPADD; -} else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); - goto err; -} + } + } -if(is_string) { - if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; - } -} + gen->type = type; + + return gen; -gen->type = type; + err: + GENERAL_NAME_free(gen); + return NULL; + } -return gen; +static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + char *objtmp = NULL, *p; + int objlen; + if (!(p = strchr(value, ';'))) + return 0; + if (!(gen->d.otherName = OTHERNAME_new())) + return 0; + /* Free this up because we will overwrite it. + * no need to free type_id because it is static + */ + ASN1_TYPE_free(gen->d.otherName->value); + if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) + return 0; + objlen = p - value; + objtmp = OPENSSL_malloc(objlen + 1); + strncpy(objtmp, value, objlen); + objtmp[objlen] = 0; + gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); + OPENSSL_free(objtmp); + if (!gen->d.otherName->type_id) + return 0; + return 1; + } -err: -GENERAL_NAME_free(gen); -return NULL; -} +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + int ret; + STACK_OF(CONF_VALUE) *sk; + X509_NAME *nm; + if (!(nm = X509_NAME_new())) + return 0; + sk = X509V3_get_section(ctx, value); + if (!sk) + { + X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); + ERR_add_error_data(2, "section=", value); + X509_NAME_free(nm); + return 0; + } + /* FIXME: should allow other character types... */ + ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); + if (!ret) + X509_NAME_free(nm); + gen->d.dirn = nm; + + return ret; + } diff --git a/crypto/openssl/crypto/x509v3/v3_bitst.c b/crypto/openssl/crypto/x509v3/v3_bitst.c index 16cf125..170c8d2 100644 --- a/crypto/openssl/crypto/x509v3/v3_bitst.c +++ b/crypto/openssl/crypto/x509v3/v3_bitst.c @@ -61,12 +61,6 @@ #include #include -static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); - static BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, {1, "SSL Server", "server"}, @@ -97,7 +91,7 @@ static BIT_STRING_BITNAME key_usage_type_table[] = { X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); -static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) { BIT_STRING_BITNAME *bnam; @@ -108,7 +102,7 @@ static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, return ret; } -static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *val; @@ -124,7 +118,12 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, for(bnam = method->usr_data; bnam->lname; bnam++) { if(!strcmp(bnam->sname, val->name) || !strcmp(bnam->lname, val->name) ) { - ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1); + if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, + ERR_R_MALLOC_FAILURE); + M_ASN1_BIT_STRING_free(bs); + return NULL; + } break; } } diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c index 1284d5a..2b86730 100644 --- a/crypto/openssl/crypto/x509v3/v3_conf.c +++ b/crypto/openssl/crypto/x509v3/v3_conf.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -69,11 +69,12 @@ static int v3_check_critical(char **value); static int v3_check_generic(char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); +static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ @@ -85,11 +86,11 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, X509_EXTENSION *ret; crit = v3_check_critical(&value); if ((ext_type = v3_check_generic(&value))) - return v3_generic_extension(name, value, crit, ext_type); + return v3_generic_extension(name, value, crit, ext_type, ctx); ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); if (!ret) { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); + X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); ERR_add_error_data(4,"name=", name, ", value=", value); } return ret; @@ -105,7 +106,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, crit = v3_check_critical(&value); if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type); + value, crit, ext_type, ctx); return do_ext_nconf(conf, ctx, ext_nid, crit, value); } @@ -120,12 +121,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, void *ext_struc; if (ext_nid == NID_undef) { - X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); + X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } if (!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); + X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); return NULL; } /* Now get internal extension representation based on type */ @@ -133,9 +134,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, { if(*value == '@') nval = NCONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); - if(!nval) + if(sk_CONF_VALUE_num(nval) <= 0) { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); + X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); return NULL; } @@ -150,16 +151,16 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, } else if(method->r2i) { - if(!ctx->db) + if(!ctx->db || !ctx->db_meth) { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); + X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); return NULL; } if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } else { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); + X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); return NULL; } @@ -235,17 +236,29 @@ static int v3_check_critical(char **value) /* Check extension string for generic extension and return the type */ static int v3_check_generic(char **value) { + int gen_type = 0; char *p = *value; - if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0; - p+=4; + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) + { + p+=4; + gen_type = 1; + } + else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) + { + p+=5; + gen_type = 2; + } + else + return 0; + while (isspace((unsigned char)*p)) p++; *value = p; - return 1; + return gen_type; } /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int type) + int crit, int gen_type, X509V3_CTX *ctx) { unsigned char *ext_der=NULL; long ext_len; @@ -259,7 +272,12 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, goto err; } - if (!(ext_der = string_to_hex(value, &ext_len))) + if (gen_type == 1) + ext_der = string_to_hex(value, &ext_len); + else if (gen_type == 2) + ext_der = generic_asn1(value, ctx, &ext_len); + + if (ext_der == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); ERR_add_error_data(2, "value=", value); @@ -286,6 +304,17 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, } +static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) + { + ASN1_TYPE *typ; + unsigned char *ext_der = NULL; + typ = ASN1_generate_v3(value, ctx); + if (typ == NULL) + return NULL; + *ext_len = i2d_ASN1_TYPE(typ, &ext_der); + ASN1_TYPE_free(typ); + return ext_der; + } /* This is the main function: add a bunch of extensions based on a config file * section to an extension STACK. @@ -354,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) { + if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) + { + X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); + return NULL; + } if (ctx->db_meth->get_string) return ctx->db_meth->get_string(ctx->db, name, section); return NULL; @@ -361,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) { + if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) + { + X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); + return NULL; + } if (ctx->db_meth->get_section) return ctx->db_meth->get_section(ctx->db, section); return NULL; diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c index 0d554f3..e5b8c5a 100644 --- a/crypto/openssl/crypto/x509v3/v3_cpols.c +++ b/crypto/openssl/crypto/x509v3/v3_cpols.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -63,6 +63,8 @@ #include #include +#include "pcy_int.h" + /* Certificate policies extension support: this one is a bit complex... */ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); @@ -137,7 +139,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, CONF_VALUE *cnf; int i, ia5org; pols = sk_POLICYINFO_new_null(); + if (pols == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + return NULL; + } vals = X509V3_parse_list(value); + if (vals == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); + goto err; + } ia5org = 0; for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); @@ -176,6 +186,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; err: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } @@ -339,7 +350,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); @@ -420,3 +431,19 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) notice->exptext->data); } +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) + { + const X509_POLICY_DATA *dat = node->data; + + BIO_printf(out, "%*sPolicy: ", indent, ""); + + i2a_ASN1_OBJECT(out, dat->valid_policy); + BIO_puts(out, "\n"); + BIO_printf(out, "%*s%s\n", indent + 2, "", + node_data_critical(dat) ? "Critical" : "Non Critical"); + if (dat->qualifier_set) + print_qualifiers(out, dat->qualifier_set, indent + 2); + else + BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); + } + diff --git a/crypto/openssl/crypto/x509v3/v3_extku.c b/crypto/openssl/crypto/x509v3/v3_extku.c index b1cfaba..58c1c2e 100644 --- a/crypto/openssl/crypto/x509v3/v3_extku.c +++ b/crypto/openssl/crypto/x509v3/v3_extku.c @@ -122,7 +122,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, int i; if(!(extku = sk_ASN1_OBJECT_new_null())) { - X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -132,7 +132,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, else extval = val->name; if(!(objtmp = OBJ_txt2obj(extval, 0))) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); return NULL; } diff --git a/crypto/openssl/crypto/x509v3/v3_ia5.c b/crypto/openssl/crypto/x509v3/v3_ia5.c index f941445..9683afa 100644 --- a/crypto/openssl/crypto/x509v3/v3_ia5.c +++ b/crypto/openssl/crypto/x509v3/v3_ia5.c @@ -82,7 +82,10 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, { char *tmp; if(!ia5 || !ia5->length) return NULL; - if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL; + if(!(tmp = OPENSSL_malloc(ia5->length + 1))) { + X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); + return NULL; + } memcpy(tmp, ia5->data, ia5->length); tmp[ia5->length] = 0; return tmp; diff --git a/crypto/openssl/crypto/x509v3/v3_info.c b/crypto/openssl/crypto/x509v3/v3_info.c index 53e3f48..ab4f0ea 100644 --- a/crypto/openssl/crypto/x509v3/v3_info.c +++ b/crypto/openssl/crypto/x509v3/v3_info.c @@ -141,36 +141,35 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho int i, objlen; char *objtmp, *ptmp; if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); if(!(acc = ACCESS_DESCRIPTION_new()) || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); goto err; } ptmp = strchr(cnf->name, ';'); if(!ptmp) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX); goto err; } objlen = ptmp - cnf->name; ctmp.name = ptmp + 1; ctmp.value = cnf->value; - GENERAL_NAME_free(acc->location); - if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) + if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; if(!(objtmp = OPENSSL_malloc(objlen + 1))) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); goto err; } strncpy(objtmp, cnf->name, objlen); objtmp[objlen] = 0; acc->method = OBJ_txt2obj(objtmp, 0); if(!acc->method) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", objtmp); OPENSSL_free(objtmp); goto err; diff --git a/crypto/openssl/crypto/x509v3/v3_int.c b/crypto/openssl/crypto/x509v3/v3_int.c index 7a43b47..85e79c0 100644 --- a/crypto/openssl/crypto/x509v3/v3_int.c +++ b/crypto/openssl/crypto/x509v3/v3_int.c @@ -74,3 +74,16 @@ X509V3_EXT_METHOD v3_delta_crl = { 0, 0,0,0,0, NULL}; +static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) + { + return s2i_ASN1_INTEGER(meth, value); + } + +X509V3_EXT_METHOD v3_inhibit_anyp = { + NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), + 0,0,0,0, + (X509V3_EXT_I2S)i2s_ASN1_INTEGER, + (X509V3_EXT_S2I)s2i_asn1_int, + 0,0,0,0, NULL}; + + diff --git a/crypto/openssl/crypto/x509v3/v3_lib.c b/crypto/openssl/crypto/x509v3/v3_lib.c index ca5a4a4..f3015ea 100644 --- a/crypto/openssl/crypto/x509v3/v3_lib.c +++ b/crypto/openssl/crypto/x509v3/v3_lib.c @@ -162,7 +162,8 @@ int X509V3_add_standard_extensions(void) void *X509V3_EXT_d2i(X509_EXTENSION *ext) { X509V3_EXT_METHOD *method; - unsigned char *p; + const unsigned char *p; + if(!(method = X509V3_EXT_get(ext))) return NULL; p = ext->value->data; if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); @@ -276,7 +277,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, ext = X509V3_EXT_i2d(nid, crit, value); if(!ext) { - X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION); + X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION); return 0; } @@ -295,7 +296,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, err: if(!(flags & X509V3_ADD_SILENT)) - X509V3err(X509V3_F_X509V3_ADD_I2D, errcode); + X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); return 0; } diff --git a/crypto/openssl/crypto/x509v3/v3_ncons.c b/crypto/openssl/crypto/x509v3/v3_ncons.c new file mode 100644 index 0000000..5fded69 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_ncons.c @@ -0,0 +1,220 @@ +/* v3_ncons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include + +static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind); +static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name); +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + +X509V3_EXT_METHOD v3_name_constraints = { + NID_name_constraints, 0, + ASN1_ITEM_ref(NAME_CONSTRAINTS), + 0,0,0,0, + 0,0, + 0, v2i_NAME_CONSTRAINTS, + i2r_NAME_CONSTRAINTS,0, + NULL +}; + +ASN1_SEQUENCE(GENERAL_SUBTREE) = { + ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), + ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), + ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) +} ASN1_SEQUENCE_END(GENERAL_SUBTREE) + +ASN1_SEQUENCE(NAME_CONSTRAINTS) = { + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, + GENERAL_SUBTREE, 0), + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, + GENERAL_SUBTREE, 1), +} ASN1_SEQUENCE_END(NAME_CONSTRAINTS) + + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { + int i; + CONF_VALUE tval, *val; + STACK_OF(GENERAL_SUBTREE) **ptree = NULL; + NAME_CONSTRAINTS *ncons = NULL; + GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); + if (!ncons) + goto memerr; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) + { + val = sk_CONF_VALUE_value(nval, i); + if (!strncmp(val->name, "permitted", 9) && val->name[9]) + { + ptree = &ncons->permittedSubtrees; + tval.name = val->name + 10; + } + else if (!strncmp(val->name, "excluded", 8) && val->name[8]) + { + ptree = &ncons->excludedSubtrees; + tval.name = val->name + 9; + } + else + { + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); + goto err; + } + tval.value = val->value; + sub = GENERAL_SUBTREE_new(); + if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) + goto err; + if (!*ptree) + *ptree = sk_GENERAL_SUBTREE_new_null(); + if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + goto memerr; + sub = NULL; + } + + return ncons; + + memerr: + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + err: + if (ncons) + NAME_CONSTRAINTS_free(ncons); + if (sub) + GENERAL_SUBTREE_free(sub); + + return NULL; + } + + + + +static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind) + { + NAME_CONSTRAINTS *ncons = a; + do_i2r_name_constraints(method, ncons->permittedSubtrees, + bp, ind, "Permitted"); + do_i2r_name_constraints(method, ncons->excludedSubtrees, + bp, ind, "Excluded"); + return 1; + } + +static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) + { + GENERAL_SUBTREE *tree; + int i; + if (sk_GENERAL_SUBTREE_num(trees) > 0) + BIO_printf(bp, "%*s%s:\n", ind, "", name); + for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) + { + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_printf(bp, "%*s", ind + 2, ""); + if (tree->base->type == GEN_IPADD) + print_nc_ipadd(bp, tree->base->d.ip); + else + GENERAL_NAME_print(bp, tree->base); + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_puts(bp, "\n"); + } + return 1; + } + +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) + { + int i, len; + unsigned char *p; + p = ip->data; + len = ip->length; + BIO_puts(bp, "IP:"); + if(len == 8) + { + BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", + p[0], p[1], p[2], p[3], + p[4], p[5], p[6], p[7]); + } + else if(len == 32) + { + for (i = 0; i < 16; i++) + { + BIO_printf(bp, "%X", p[0] << 8 | p[1]); + p += 2; + if (i == 7) + BIO_puts(bp, "/"); + else if (i != 15) + BIO_puts(bp, ":"); + } + } + else + BIO_printf(bp, "IP Address:"); + return 1; + } + diff --git a/crypto/openssl/crypto/x509v3/v3_ocsp.c b/crypto/openssl/crypto/x509v3/v3_ocsp.c index 21badc1..28c11a4 100644 --- a/crypto/openssl/crypto/x509v3/v3_ocsp.c +++ b/crypto/openssl/crypto/x509v3/v3_ocsp.c @@ -74,12 +74,12 @@ static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(void *a, unsigned char **pp); -static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length); +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); +static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); X509V3_EXT_METHOD v3_ocsp_crlid = { @@ -208,7 +208,7 @@ static int i2d_ocsp_nonce(void *a, unsigned char **pp) return os->length; } -static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length) +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) { ASN1_OCTET_STRING *os, **pos; pos = a; @@ -246,7 +246,7 @@ static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, return 1; } -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) +static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) { return ASN1_NULL_new(); } diff --git a/crypto/openssl/crypto/x509v3/v3_pci.c b/crypto/openssl/crypto/x509v3/v3_pci.c new file mode 100644 index 0000000..ccb0da5 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_pci.c @@ -0,0 +1,313 @@ +/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ +/* Contributed to the OpenSSL Project 2004 + * by Richard Levitte (richard@levitte.org) + */ +/* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include "cryptlib.h" +#include +#include + +static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, + BIO *out, int indent); +static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); + +X509V3_EXT_METHOD v3_pci = + { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), + 0,0,0,0, + 0,0, + NULL, NULL, + (X509V3_EXT_I2R)i2r_pci, + (X509V3_EXT_R2I)r2i_pci, + NULL, + }; + +static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, + BIO *out, int indent) + { + BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); + if (pci->pcPathLengthConstraint) + i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); + else + BIO_printf(out, "infinite"); + BIO_puts(out, "\n"); + BIO_printf(out, "%*sPolicy Language: ", indent, ""); + i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); + BIO_puts(out, "\n"); + if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) + BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + pci->proxyPolicy->policy->data); + return 1; + } + +static int process_pci_value(CONF_VALUE *val, + ASN1_OBJECT **language, ASN1_INTEGER **pathlen, + ASN1_OCTET_STRING **policy) + { + int free_policy = 0; + + if (strcmp(val->name, "language") == 0) + { + if (*language) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); + X509V3_conf_err(val); + return 0; + } + if (!(*language = OBJ_txt2obj(val->value, 0))) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return 0; + } + } + else if (strcmp(val->name, "pathlen") == 0) + { + if (*pathlen) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); + X509V3_conf_err(val); + return 0; + } + if (!X509V3_get_value_int(val, pathlen)) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH); + X509V3_conf_err(val); + return 0; + } + } + else if (strcmp(val->name, "policy") == 0) + { + unsigned char *tmp_data = NULL; + long val_len; + if (!*policy) + { + *policy = ASN1_OCTET_STRING_new(); + if (!*policy) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + return 0; + } + free_policy = 1; + } + if (strncmp(val->value, "hex:", 4) == 0) + { + unsigned char *tmp_data2 = + string_to_hex(val->value + 4, &val_len); + + if (!tmp_data2) goto err; + + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + val_len + 1); + if (tmp_data) + { + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + tmp_data2, val_len); + (*policy)->length += val_len; + (*policy)->data[(*policy)->length] = '\0'; + } + } + else if (strncmp(val->value, "file:", 5) == 0) + { + unsigned char buf[2048]; + int n; + BIO *b = BIO_new_file(val->value + 5, "r"); + if (!b) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); + X509V3_conf_err(val); + goto err; + } + while((n = BIO_read(b, buf, sizeof(buf))) > 0 + || (n == 0 && BIO_should_retry(b))) + { + if (!n) continue; + + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + n + 1); + + if (!tmp_data) + break; + + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + buf, n); + (*policy)->length += n; + (*policy)->data[(*policy)->length] = '\0'; + } + + if (n < 0) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); + X509V3_conf_err(val); + goto err; + } + } + else if (strncmp(val->value, "text:", 5) == 0) + { + val_len = strlen(val->value + 5); + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + val_len + 1); + if (tmp_data) + { + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + val->value + 5, val_len); + (*policy)->length += val_len; + (*policy)->data[(*policy)->length] = '\0'; + } + } + else + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); + X509V3_conf_err(val); + goto err; + } + if (!tmp_data) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + } + return 1; +err: + if (free_policy) + { + ASN1_OCTET_STRING_free(*policy); + *policy = NULL; + } + return 0; + } + +static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *value) + { + PROXY_CERT_INFO_EXTENSION *pci = NULL; + STACK_OF(CONF_VALUE) *vals; + ASN1_OBJECT *language = NULL; + ASN1_INTEGER *pathlen = NULL; + ASN1_OCTET_STRING *policy = NULL; + int i, j; + + vals = X509V3_parse_list(value); + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) + { + CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); + if (!cnf->name || (*cnf->name != '@' && !cnf->value)) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING); + X509V3_conf_err(cnf); + goto err; + } + if (*cnf->name == '@') + { + STACK_OF(CONF_VALUE) *sect; + int success_p = 1; + + sect = X509V3_get_section(ctx, cnf->name + 1); + if (!sect) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION); + X509V3_conf_err(cnf); + goto err; + } + for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) + { + success_p = + process_pci_value(sk_CONF_VALUE_value(sect, j), + &language, &pathlen, &policy); + } + X509V3_section_free(ctx, sect); + if (!success_p) + goto err; + } + else + { + if (!process_pci_value(cnf, + &language, &pathlen, &policy)) + { + X509V3_conf_err(cnf); + goto err; + } + } + } + + /* Language is mandatory */ + if (!language) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); + goto err; + } + i = OBJ_obj2nid(language); + if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); + goto err; + } + + pci = PROXY_CERT_INFO_EXTENSION_new(); + if (!pci) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); + goto err; + } + pci->proxyPolicy = PROXY_POLICY_new(); + if (!pci->proxyPolicy) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); + goto err; + } + + pci->proxyPolicy->policyLanguage = language; language = NULL; + pci->proxyPolicy->policy = policy; policy = NULL; + pci->pcPathLengthConstraint = pathlen; pathlen = NULL; + goto end; +err: + if (language) { ASN1_OBJECT_free(language); language = NULL; } + if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } + if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } + if (pci && pci->proxyPolicy) + { + PROXY_POLICY_free(pci->proxyPolicy); + pci->proxyPolicy = NULL; + } + if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } +end: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return pci; + } diff --git a/crypto/openssl/crypto/x509v3/v3_pcia.c b/crypto/openssl/crypto/x509v3/v3_pcia.c new file mode 100644 index 0000000..bb362e0 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_pcia.c @@ -0,0 +1,55 @@ +/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ +/* Contributed to the OpenSSL Project 2004 + * by Richard Levitte (richard@levitte.org) + */ +/* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +ASN1_SEQUENCE(PROXY_POLICY) = + { + ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), + ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(PROXY_POLICY) + +IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) + +ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = + { + ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), + ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) +} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) + +IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) diff --git a/crypto/openssl/crypto/x509v3/v3_pcons.c b/crypto/openssl/crypto/x509v3/v3_pcons.c new file mode 100644 index 0000000..91ae862 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_pcons.c @@ -0,0 +1,136 @@ +/* v3_pcons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *bcons, STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); + +X509V3_EXT_METHOD v3_policy_constraints = { +NID_policy_constraints, 0, +ASN1_ITEM_ref(POLICY_CONSTRAINTS), +0,0,0,0, +0,0, +i2v_POLICY_CONSTRAINTS, +v2i_POLICY_CONSTRAINTS, +NULL,NULL, +NULL +}; + +ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { + ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), + ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) +} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + + +static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, STACK_OF(CONF_VALUE) *extlist) +{ + POLICY_CONSTRAINTS *pcons = a; + X509V3_add_value_int("Require Explicit Policy", + pcons->requireExplicitPolicy, &extlist); + X509V3_add_value_int("Inhibit Policy Mapping", + pcons->inhibitPolicyMapping, &extlist); + return extlist; +} + +static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +{ + POLICY_CONSTRAINTS *pcons=NULL; + CONF_VALUE *val; + int i; + if(!(pcons = POLICY_CONSTRAINTS_new())) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_CONF_VALUE_num(values); i++) { + val = sk_CONF_VALUE_value(values, i); + if(!strcmp(val->name, "requireExplicitPolicy")) { + if(!X509V3_get_value_int(val, + &pcons->requireExplicitPolicy)) goto err; + } else if(!strcmp(val->name, "inhibitPolicyMapping")) { + if(!X509V3_get_value_int(val, + &pcons->inhibitPolicyMapping)) goto err; + } else { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3_conf_err(val); + goto err; + } + } + if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); + goto err; + } + + return pcons; + err: + POLICY_CONSTRAINTS_free(pcons); + return NULL; +} + diff --git a/crypto/openssl/crypto/x509v3/v3_pmaps.c b/crypto/openssl/crypto/x509v3/v3_pmaps.c new file mode 100644 index 0000000..137be58 --- /dev/null +++ b/crypto/openssl/crypto/x509v3/v3_pmaps.c @@ -0,0 +1,153 @@ +/* v3_pmaps.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include + +static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + void *pmps, STACK_OF(CONF_VALUE) *extlist); + +X509V3_EXT_METHOD v3_policy_mappings = { + NID_policy_mappings, 0, + ASN1_ITEM_ref(POLICY_MAPPINGS), + 0,0,0,0, + 0,0, + i2v_POLICY_MAPPINGS, + v2i_POLICY_MAPPINGS, + 0,0, + NULL +}; + +ASN1_SEQUENCE(POLICY_MAPPING) = { + ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), + ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) +} ASN1_SEQUENCE_END(POLICY_MAPPING) + +ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, + POLICY_MAPPING) +ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) + + +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + void *a, STACK_OF(CONF_VALUE) *ext_list) +{ + POLICY_MAPPINGS *pmaps = a; + POLICY_MAPPING *pmap; + int i; + char obj_tmp1[80]; + char obj_tmp2[80]; + for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { + pmap = sk_POLICY_MAPPING_value(pmaps, i); + i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); + i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); + X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); + } + return ext_list; +} + +static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + POLICY_MAPPINGS *pmaps; + POLICY_MAPPING *pmap; + ASN1_OBJECT *obj1, *obj2; + CONF_VALUE *val; + int i; + + if(!(pmaps = sk_POLICY_MAPPING_new_null())) { + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); + return NULL; + } + + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if(!val->value || !val->name) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + obj1 = OBJ_txt2obj(val->name, 0); + obj2 = OBJ_txt2obj(val->value, 0); + if(!obj1 || !obj2) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + pmap = POLICY_MAPPING_new(); + if (!pmap) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); + return NULL; + } + pmap->issuerDomainPolicy = obj1; + pmap->subjectDomainPolicy = obj2; + sk_POLICY_MAPPING_push(pmaps, pmap); + } + return pmaps; +} diff --git a/crypto/openssl/crypto/x509v3/v3_prn.c b/crypto/openssl/crypto/x509v3/v3_prn.c index 5d268eb..20bd9bd 100644 --- a/crypto/openssl/crypto/x509v3/v3_prn.c +++ b/crypto/openssl/crypto/x509v3/v3_prn.c @@ -109,10 +109,11 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde { void *ext_str = NULL; char *value = NULL; - unsigned char *p; + const unsigned char *p; X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; + if(!(method = X509V3_EXT_get(ext))) return unknown_ext_print(out, ext, flag, indent, 0); p = ext->value->data; @@ -182,7 +183,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) return 0; if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) { diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c index b3d1ae5..1222c3c 100644 --- a/crypto/openssl/crypto/x509v3/v3_purp.c +++ b/crypto/openssl/crypto/x509v3/v3_purp.c @@ -63,7 +63,6 @@ static void x509v3_cache_extensions(X509 *x); -static int ca_check(const X509 *x); static int check_ssl_ca(const X509 *x); static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); @@ -140,7 +139,7 @@ int X509_PURPOSE_get_count(void) X509_PURPOSE * X509_PURPOSE_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } @@ -240,7 +239,7 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { - int i; + unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); xptable = NULL; @@ -286,7 +285,8 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_key_usage, /* 83 */ NID_subject_alt_name, /* 85 */ NID_basic_constraints, /* 87 */ - NID_ext_key_usage /* 126 */ + NID_ext_key_usage, /* 126 */ + NID_proxyCertInfo /* 661 */ }; int ex_nid; @@ -307,6 +307,7 @@ int X509_supported_extension(X509_EXTENSION *ex) static void x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; + PROXY_CERT_INFO_EXTENSION *pci; ASN1_BIT_STRING *usage; ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; @@ -335,6 +336,20 @@ static void x509v3_cache_extensions(X509 *x) BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; } + /* Handle proxy certificates */ + if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if (x->ex_flags & EXFLAG_CA + || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 + || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { + x->ex_flags |= EXFLAG_INVALID; + } + if (pci->pcPathLengthConstraint) { + x->ex_pcpathlen = + ASN1_INTEGER_get(pci->pcPathLengthConstraint); + } else x->ex_pcpathlen = -1; + PROXY_CERT_INFO_EXTENSION_free(pci); + x->ex_flags |= EXFLAG_PROXY; + } /* Handle key usage */ if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { if(usage->length > 0) { @@ -426,7 +441,7 @@ static void x509v3_cache_extensions(X509 *x) #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) -static int ca_check(const X509 *x) +static int check_ca(const X509 *x) { /* keyUsage if present should allow cert signing */ if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; @@ -435,25 +450,37 @@ static int ca_check(const X509 *x) /* If basicConstraints says not a CA then say so */ else return 0; } else { + /* we support V1 roots for... uh, I don't really know why. */ if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; /* If key usage present it must have certSign so tolerate it */ else if (x->ex_flags & EXFLAG_KUSAGE) return 4; - else return 2; + /* Older certificates could have Netscape-specific CA types */ + else if (x->ex_flags & EXFLAG_NSCERT + && x->ex_nscert & NS_ANY_CA) return 5; + /* can this still be regarded a CA certificate? I doubt it */ + return 0; } } +int X509_check_ca(X509 *x) +{ + if(!(x->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(x); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + + return check_ca(x); +} + /* Check SSL CA: common checks for SSL client and server */ static int check_ssl_ca(const X509 *x) { int ca_ret; - ca_ret = ca_check(x); + ca_ret = check_ca(x); if(!ca_ret) return 0; /* check nsCertType if present */ - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SSL_CA) return ca_ret; - return 0; - } - if(ca_ret != 2) return ca_ret; + if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret; else return 0; } @@ -498,14 +525,10 @@ static int purpose_smime(const X509 *x, int ca) if(xku_reject(x,XKU_SMIME)) return 0; if(ca) { int ca_ret; - ca_ret = ca_check(x); + ca_ret = check_ca(x); if(!ca_ret) return 0; /* check nsCertType if present */ - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SMIME_CA) return ca_ret; - return 0; - } - if(ca_ret != 2) return ca_ret; + if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret; else return 0; } if(x->ex_flags & EXFLAG_NSCERT) { @@ -539,7 +562,7 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { if(ca) { int ca_ret; - if((ca_ret = ca_check(x)) != 2) return ca_ret; + if((ca_ret = check_ca(x)) != 2) return ca_ret; else return 0; } if(ku_reject(x, KU_CRL_SIGN)) return 0; @@ -552,17 +575,9 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) { - /* Must be a valid CA */ - if(ca) { - int ca_ret; - ca_ret = ca_check(x); - if(ca_ret != 2) return ca_ret; - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_ANY_CA) return ca_ret; - return 0; - } - return 0; - } + /* Must be a valid CA. Should we really support the "I don't know" + value (2)? */ + if(ca) return check_ca(x); /* leaf certificate is checked in OCSP_verify() */ return 1; } @@ -624,7 +639,13 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } } - if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + if(subject->ex_flags & EXFLAG_PROXY) + { + if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } + else if(ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; return X509_V_OK; } diff --git a/crypto/openssl/crypto/x509v3/v3_skey.c b/crypto/openssl/crypto/x509v3/v3_skey.c index c0f044a..b17a72d 100644 --- a/crypto/openssl/crypto/x509v3/v3_skey.c +++ b/crypto/openssl/crypto/x509v3/v3_skey.c @@ -109,14 +109,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); return NULL; } if(ctx && (ctx->flags == CTX_TEST)) return oct; if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { - X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); + X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); goto err; } @@ -125,14 +125,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, else pk = ctx->subject_cert->cert_info->key->public_key; if(!pk) { - X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); + X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); goto err; } EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { - X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c index d3f4ba3..819e2e6 100644 --- a/crypto/openssl/crypto/x509v3/v3_sxnet.c +++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c @@ -109,7 +109,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, SXNETID *id; int i; v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); + BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); @@ -154,7 +154,7 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, { ASN1_INTEGER *izone = NULL; if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE); + X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/openssl/crypto/x509v3/v3_utl.c index 34ac299..7911c4b 100644 --- a/crypto/openssl/crypto/x509v3/v3_utl.c +++ b/crypto/openssl/crypto/x509v3/v3_utl.c @@ -1,9 +1,9 @@ /* v3_utl.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -63,6 +63,7 @@ #include "cryptlib.h" #include #include +#include static char *strip_spaces(char *name); static int sk_strcmp(const char * const *a, const char * const *b); @@ -70,6 +71,12 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(void *str); static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static int a2i_ipadd(unsigned char *ipout, const char *ipasc); +static int ipv4_from_asc(unsigned char *v4, const char *in); +static int ipv6_from_asc(unsigned char *v6, const char *in); +static int ipv6_cb(const char *elem, int len, void *usr); +static int ipv6_hex(unsigned char *out, const char *in, int inlen); + /* Add a CONF_VALUE name value pair to stack */ int X509V3_add_value(const char *name, const char *value, @@ -156,11 +163,11 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) ASN1_INTEGER *aint; int isneg, ishex; int ret; - bn = BN_new(); if (!value) { X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); return 0; } + bn = BN_new(); if (value[0] == '-') { value++; isneg = 1; @@ -174,7 +181,8 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) if (ishex) ret = BN_hex2bn(&bn, value); else ret = BN_dec2bn(&bn, value); - if (!ret) { + if (!ret || value[ret]) { + BN_free(bn); X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); return 0; } @@ -533,3 +541,305 @@ void X509_email_free(STACK *sk) { sk_pop_free(sk, str_free); } + +/* Convert IP addresses both IPv4 and IPv6 into an + * OCTET STRING compatible with RFC3280. + */ + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) + { + unsigned char ipout[16]; + ASN1_OCTET_STRING *ret; + int iplen; + + /* If string contains a ':' assume IPv6 */ + + iplen = a2i_ipadd(ipout, ipasc); + + if (!iplen) + return NULL; + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + return NULL; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) + { + ASN1_OCTET_STRING_free(ret); + return NULL; + } + return ret; + } + +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) + { + ASN1_OCTET_STRING *ret = NULL; + unsigned char ipout[32]; + char *iptmp = NULL, *p; + int iplen1, iplen2; + p = strchr(ipasc,'/'); + if (!p) + return NULL; + iptmp = BUF_strdup(ipasc); + if (!iptmp) + return NULL; + p = iptmp + (p - ipasc); + *p++ = 0; + + iplen1 = a2i_ipadd(ipout, iptmp); + + if (!iplen1) + goto err; + + iplen2 = a2i_ipadd(ipout + iplen1, p); + + OPENSSL_free(iptmp); + iptmp = NULL; + + if (!iplen2 || (iplen1 != iplen2)) + goto err; + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + goto err; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) + goto err; + + return ret; + + err: + if (iptmp) + OPENSSL_free(iptmp); + if (ret) + ASN1_OCTET_STRING_free(ret); + return NULL; + } + + +static int a2i_ipadd(unsigned char *ipout, const char *ipasc) + { + /* If string contains a ':' assume IPv6 */ + + if (strchr(ipasc, ':')) + { + if (!ipv6_from_asc(ipout, ipasc)) + return 0; + return 16; + } + else + { + if (!ipv4_from_asc(ipout, ipasc)) + return 0; + return 4; + } + } + +static int ipv4_from_asc(unsigned char *v4, const char *in) + { + int a0, a1, a2, a3; + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + return 0; + if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) + || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) + return 0; + v4[0] = a0; + v4[1] = a1; + v4[2] = a2; + v4[3] = a3; + return 1; + } + +typedef struct { + /* Temporary store for IPV6 output */ + unsigned char tmp[16]; + /* Total number of bytes in tmp */ + int total; + /* The position of a zero (corresponding to '::') */ + int zero_pos; + /* Number of zeroes */ + int zero_cnt; + } IPV6_STAT; + + +static int ipv6_from_asc(unsigned char *v6, const char *in) + { + IPV6_STAT v6stat; + v6stat.total = 0; + v6stat.zero_pos = -1; + v6stat.zero_cnt = 0; + /* Treat the IPv6 representation as a list of values + * separated by ':'. The presence of a '::' will parse + * as one, two or three zero length elements. + */ + if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) + return 0; + + /* Now for some sanity checks */ + + if (v6stat.zero_pos == -1) + { + /* If no '::' must have exactly 16 bytes */ + if (v6stat.total != 16) + return 0; + } + else + { + /* If '::' must have less than 16 bytes */ + if (v6stat.total == 16) + return 0; + /* More than three zeroes is an error */ + if (v6stat.zero_cnt > 3) + return 0; + /* Can only have three zeroes if nothing else present */ + else if (v6stat.zero_cnt == 3) + { + if (v6stat.total > 0) + return 0; + } + /* Can only have two zeroes if at start or end */ + else if (v6stat.zero_cnt == 2) + { + if ((v6stat.zero_pos != 0) + && (v6stat.zero_pos != v6stat.total)) + return 0; + } + else + /* Can only have one zero if *not* start or end */ + { + if ((v6stat.zero_pos == 0) + || (v6stat.zero_pos == v6stat.total)) + return 0; + } + } + + /* Format result */ + + /* Copy initial part */ + if (v6stat.zero_pos > 0) + memcpy(v6, v6stat.tmp, v6stat.zero_pos); + /* Zero middle */ + if (v6stat.total != 16) + memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); + /* Copy final part */ + if (v6stat.total != v6stat.zero_pos) + memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); + + return 1; + } + +static int ipv6_cb(const char *elem, int len, void *usr) + { + IPV6_STAT *s = usr; + /* Error if 16 bytes written */ + if (s->total == 16) + return 0; + if (len == 0) + { + /* Zero length element, corresponds to '::' */ + if (s->zero_pos == -1) + s->zero_pos = s->total; + /* If we've already got a :: its an error */ + else if (s->zero_pos != s->total) + return 0; + s->zero_cnt++; + } + else + { + /* If more than 4 characters could be final a.b.c.d form */ + if (len > 4) + { + /* Need at least 4 bytes left */ + if (s->total > 12) + return 0; + /* Must be end of string */ + if (elem[len]) + return 0; + if (!ipv4_from_asc(s->tmp + s->total, elem)) + return 0; + s->total += 4; + } + else + { + if (!ipv6_hex(s->tmp + s->total, elem, len)) + return 0; + s->total += 2; + } + } + return 1; + } + +/* Convert a string of up to 4 hex digits into the corresponding + * IPv6 form. + */ + +static int ipv6_hex(unsigned char *out, const char *in, int inlen) + { + unsigned char c; + unsigned int num = 0; + if (inlen > 4) + return 0; + while(inlen--) + { + c = *in++; + num <<= 4; + if ((c >= '0') && (c <= '9')) + num |= c - '0'; + else if ((c >= 'A') && (c <= 'F')) + num |= c - 'A' + 10; + else if ((c >= 'a') && (c <= 'f')) + num |= c - 'a' + 10; + else + return 0; + } + out[0] = num >> 8; + out[1] = num & 0xff; + return 1; + } + + +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype) + { + CONF_VALUE *v; + int i, mval; + char *p, *type; + if (!nm) + return 0; + + for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) + { + v=sk_CONF_VALUE_value(dn_sk,i); + type=v->name; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = type; *p ; p++) +#ifndef CHARSET_EBCDIC + if ((*p == ':') || (*p == ',') || (*p == '.')) +#else + if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) +#endif + { + p++; + if(*p) type = p; + break; + } +#ifndef CHARSET_EBCDIC + if (*type == '+') +#else + if (*type == os_toascii['+']) +#endif + { + mval = -1; + type++; + } + else + mval = 0; + if (!X509_NAME_add_entry_by_txt(nm,type, chtype, + (unsigned char *) v->value,-1,-1,mval)) + return 0; + + } + return 1; + } diff --git a/crypto/openssl/crypto/x509v3/v3err.c b/crypto/openssl/crypto/x509v3/v3err.c index 6458e95..451645f 100644 --- a/crypto/openssl/crypto/x509v3/v3err.c +++ b/crypto/openssl/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* crypto/x509v3/v3err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,102 +64,133 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) + static ERR_STRING_DATA X509V3_str_functs[]= { -{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, -{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, -{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, -{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, -{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, -{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, -{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, -{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, -{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, -{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, -{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"}, -{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, -{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, -{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, -{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, -{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, -{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, -{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, -{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"}, -{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, -{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, -{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, -{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, -{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, -{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, -{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, -{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, -{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, -{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"}, +{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, +{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, +{ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, +{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, +{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, +{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, +{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, +{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, +{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, +{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, +{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, +{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"}, +{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, +{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, +{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, +{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, +{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, +{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, +{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, +{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, +{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, +{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, +{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, +{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, +{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_ADD_ID_ASC"}, +{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, +{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, +{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, +{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, +{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"}, +{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, +{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, +{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, +{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, +{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, +{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, +{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, +{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, +{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, +{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, +{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, +{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, +{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, +{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, +{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, +{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, +{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, +{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, +{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, +{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, +{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_GET_SECTION"}, +{ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, +{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, +{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_PARSE_LIST"}, +{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, +{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, {0,NULL} }; static ERR_STRING_DATA X509V3_str_reasons[]= { -{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"}, -{X509V3_R_BAD_OBJECT ,"bad object"}, -{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, -{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, -{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, -{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, -{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, -{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, -{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, -{X509V3_R_EXTENSION_EXISTS ,"extension exists"}, -{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, -{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, -{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, -{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, -{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, -{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, -{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, -{X509V3_R_INVALID_NAME ,"invalid name"}, -{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, -{X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, -{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, -{X509V3_R_INVALID_NUMBER ,"invalid number"}, -{X509V3_R_INVALID_NUMBERS ,"invalid numbers"}, -{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, -{X509V3_R_INVALID_OPTION ,"invalid option"}, -{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, -{X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, -{X509V3_R_INVALID_SECTION ,"invalid section"}, -{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, -{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, -{X509V3_R_MISSING_VALUE ,"missing value"}, -{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, -{X509V3_R_NO_CONFIG_DATABASE ,"no config database"}, -{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, -{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, -{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, -{X509V3_R_NO_PUBLIC_KEY ,"no public key"}, -{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, -{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, -{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, -{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, -{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, -{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"}, -{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"}, -{X509V3_R_UNKNOWN_OPTION ,"unknown option"}, -{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"}, -{X509V3_R_USER_TOO_LONG ,"user too long"}, +{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"}, +{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"}, +{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, +{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, +{ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"}, +{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, +{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, +{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, +{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"}, +{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"}, +{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"}, +{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"}, +{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"}, +{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"}, +{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"}, +{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, +{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, +{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, +{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, +{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"}, +{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"}, +{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, +{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"}, +{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"}, +{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"}, +{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"}, +{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"}, +{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"}, +{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"}, +{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"}, +{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"}, +{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"}, +{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"}, +{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"}, +{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"}, +{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"}, +{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"}, +{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"}, +{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"}, +{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"}, +{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"}, +{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"}, +{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"}, +{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, +{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, +{ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, +{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, +{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, +{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, +{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, +{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, +{ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, +{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"}, +{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"}, +{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"}, +{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"}, +{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"}, +{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"}, +{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"}, +{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"}, {0,NULL} }; @@ -173,8 +204,8 @@ void ERR_load_X509V3_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); - ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); + ERR_load_strings(0,X509V3_str_functs); + ERR_load_strings(0,X509V3_str_reasons); #endif } diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h index fb07a19..3442982 100644 --- a/crypto/openssl/crypto/x509v3/x509v3.h +++ b/crypto/openssl/crypto/x509v3/x509v3.h @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -74,14 +74,14 @@ struct v3_ext_ctx; typedef void * (*X509V3_EXT_NEW)(void); typedef void (*X509V3_EXT_FREE)(void *); -typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long); +typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); +typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); -typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); +typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ @@ -132,7 +132,6 @@ void *db; }; typedef struct v3_ext_method X509V3_EXT_METHOD; -typedef struct v3_ext_ctx X509V3_CTX; DECLARE_STACK_OF(X509V3_EXT_METHOD) @@ -287,6 +286,50 @@ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; DECLARE_STACK_OF(POLICYINFO) DECLARE_ASN1_SET_OF(POLICYINFO) +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +typedef struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +} NAME_CONSTRAINTS; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st + { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; + } PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st + { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; + } PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + + #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -325,6 +368,9 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define EXFLAG_INVALID 0x80 #define EXFLAG_SET 0x100 #define EXFLAG_CRITICAL 0x200 +#define EXFLAG_PROXY 0x400 + +#define EXFLAG_INVALID_POLICY 0x400 #define KU_DIGITAL_SIGNATURE 0x0080 #define KU_NON_REPUDIATION 0x0040 @@ -424,6 +470,13 @@ DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); @@ -456,8 +509,24 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + #ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); @@ -527,6 +596,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); +int X509_check_ca(X509 *x); int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); @@ -548,6 +618,12 @@ STACK *X509_get1_email(X509 *x); STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -560,42 +636,56 @@ void ERR_load_X509V3_strings(void); /* Function codes. */ #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 +#define X509V3_F_DO_DIRNAME 144 #define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_I2D 135 +#define X509V3_F_DO_EXT_NCONF 151 +#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 +#define X509V3_F_I2S_ASN1_IA5STRING 149 #define X509V3_F_I2S_ASN1_INTEGER 120 #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 #define X509V3_F_NOTICE_SECTION 132 #define X509V3_F_NREF_NOS 133 #define X509V3_F_POLICY_SECTION 131 +#define X509V3_F_PROCESS_PCI_VALUE 150 #define X509V3_F_R2I_CERTPOL 130 +#define X509V3_F_R2I_PCI 155 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 #define X509V3_F_S2I_ASN1_SKEY_ID 114 -#define X509V3_F_S2I_S2I_SKEY_ID 115 +#define X509V3_F_S2I_SKEY_ID 115 #define X509V3_F_STRING_TO_HEX 113 -#define X509V3_F_SXNET_ADD_ASC 125 +#define X509V3_F_SXNET_ADD_ID_ASC 125 #define X509V3_F_SXNET_ADD_ID_INTEGER 126 #define X509V3_F_SXNET_ADD_ID_ULONG 127 #define X509V3_F_SXNET_GET_ID_ASC 128 #define X509V3_F_SXNET_GET_ID_ULONG 129 -#define X509V3_F_V2I_ACCESS_DESCRIPTION 139 #define X509V3_F_V2I_ASN1_BIT_STRING 101 +#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 #define X509V3_F_V2I_AUTHORITY_KEYID 119 #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 #define X509V3_F_V2I_CRLD 134 -#define X509V3_F_V2I_EXT_KU 103 -#define X509V3_F_V2I_GENERAL_NAME 117 +#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_GENERAL_NAME_EX 117 +#define X509V3_F_V2I_ISSUER_ALT 153 +#define X509V3_F_V2I_NAME_CONSTRAINTS 147 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +#define X509V3_F_V2I_POLICY_MAPPINGS 145 +#define X509V3_F_V2I_SUBJECT_ALT 154 #define X509V3_F_V3_GENERIC_EXTENSION 116 -#define X509V3_F_X509V3_ADD_I2D 140 +#define X509V3_F_X509V3_ADD1_I2D 140 #define X509V3_F_X509V3_ADD_VALUE 105 #define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 #define X509V3_F_X509V3_EXT_I2D 136 +#define X509V3_F_X509V3_EXT_NCONF 152 +#define X509V3_F_X509V3_GET_SECTION 142 +#define X509V3_F_X509V3_GET_STRING 143 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509_PURPOSE_ADD 137 @@ -606,6 +696,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_BAD_OBJECT 119 #define X509V3_R_BN_DEC2BN_ERROR 100 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 #define X509V3_R_DUPLICATE_ZONE_ID 133 #define X509V3_R_ERROR_CONVERTING_ZONE 131 #define X509V3_R_ERROR_CREATING_EXTENSION 144 @@ -616,7 +707,9 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_EXTENSION_NOT_FOUND 102 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 #define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 #define X509V3_R_INVALID_NAME 106 @@ -628,6 +721,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 #define X509V3_R_INVALID_OPTION 138 #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 #define X509V3_R_INVALID_PURPOSE 146 #define X509V3_R_INVALID_SECTION 135 #define X509V3_R_INVALID_SYNTAX 143 @@ -638,9 +732,18 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_NO_ISSUER_CERTIFICATE 121 #define X509V3_R_NO_ISSUER_DETAILS 127 #define X509V3_R_NO_POLICY_IDENTIFIER 139 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 #define X509V3_R_NO_PUBLIC_KEY 114 #define X509V3_R_NO_SUBJECT_DETAILS 125 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +#define X509V3_R_OPERATION_NOT_DEFINED 148 +#define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 +#define X509V3_R_POLICY_PATH_LENGTH 156 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 +#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +#define X509V3_R_SECTION_NOT_FOUND 150 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 diff --git a/crypto/openssl/crypto/x86_64cpuid.pl b/crypto/openssl/crypto/x86_64cpuid.pl new file mode 100644 index 0000000..4d88ad1 --- /dev/null +++ b/crypto/openssl/crypto/x86_64cpuid.pl @@ -0,0 +1,138 @@ +#!/usr/bin/env perl + +$output=shift; +$win64a=1 if ($output =~ /win64a\.[s|asm]/); +open STDOUT,">$output" || die "can't open $output: $!"; + +print<<___ if(defined($win64a)); +_TEXT SEGMENT +PUBLIC OPENSSL_rdtsc +ALIGN 16 +OPENSSL_rdtsc PROC + rdtsc + shl rdx,32 + or rax,rdx + ret +OPENSSL_rdtsc ENDP + +PUBLIC OPENSSL_atomic_add +ALIGN 16 +OPENSSL_atomic_add PROC + mov eax,DWORD PTR[rcx] +\$Lspin: lea r8,DWORD PTR[rdx+rax] +lock cmpxchg DWORD PTR[rcx],r8d + jne \$Lspin + mov eax,r8d + cdqe + ret +OPENSSL_atomic_add ENDP + +PUBLIC OPENSSL_wipe_cpu +ALIGN 16 +OPENSSL_wipe_cpu PROC + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + xor rcx,rcx + xor rdx,rdx + xor r8,r8 + xor r9,r9 + xor r10,r10 + xor r11,r11 + lea rax,QWORD PTR[rsp+8] + ret +OPENSSL_wipe_cpu ENDP + +OPENSSL_ia32_cpuid PROC + mov r8,rbx + mov eax,1 + cpuid + shl rcx,32 + mov eax,edx + mov rbx,r8 + or rax,rcx + ret +OPENSSL_ia32_cpuid ENDP +_TEXT ENDS + +CRT\$XIU SEGMENT +EXTRN OPENSSL_cpuid_setup:PROC +DQ OPENSSL_cpuid_setup +CRT\$XIU ENDS +END +___ +print<<___ if(!defined($win64a)); +.text +.globl OPENSSL_rdtsc +.align 16 +OPENSSL_rdtsc: + rdtsc + shlq \$32,%rdx + orq %rdx,%rax + ret +.size OPENSSL_rdtsc,.-OPENSSL_rdtsc + +.globl OPENSSL_atomic_add +.type OPENSSL_atomic_add,\@function +.align 16 +OPENSSL_atomic_add: + movl (%rdi),%eax +.Lspin: leaq (%rsi,%rax),%r8 +lock; cmpxchgl %r8d,(%rdi) + jne .Lspin + movl %r8d,%eax + .byte 0x48,0x98 + ret +.size OPENSSL_atomic_add,.-OPENSSL_atomic_add + +.globl OPENSSL_wipe_cpu +.type OPENSSL_wipe_cpu,\@function +.align 16 +OPENSSL_wipe_cpu: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 + pxor %xmm10,%xmm10 + pxor %xmm11,%xmm11 + pxor %xmm12,%xmm12 + pxor %xmm13,%xmm13 + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 + xorq %rcx,%rcx + xorq %rdx,%rdx + xorq %rsi,%rsi + xorq %rdi,%rdi + xorq %r8,%r8 + xorq %r9,%r9 + xorq %r10,%r10 + xorq %r11,%r11 + leaq 8(%rsp),%rax + ret +.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu + +.globl OPENSSL_ia32_cpuid +.align 16 +OPENSSL_ia32_cpuid: + movq %rbx,%r8 + movl \$1,%eax + cpuid + shlq \$32,%rcx + movl %edx,%eax + movq %r8,%rbx + orq %rcx,%rax + ret +.size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid + +.section .init + call OPENSSL_cpuid_setup +___ diff --git a/crypto/openssl/crypto/x86cpuid.pl b/crypto/openssl/crypto/x86cpuid.pl new file mode 100644 index 0000000..c53c9bc --- /dev/null +++ b/crypto/openssl/crypto/x86cpuid.pl @@ -0,0 +1,197 @@ +#!/usr/bin/env perl + +push(@INC,"perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"x86cpuid"); + +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); + &pop ("eax"); + &mov ("ecx","eax"); + &xor ("eax",1<<21); + &push ("eax"); + &popf (); + &pushf (); + &pop ("eax"); + &xor ("ecx","eax"); + &bt ("ecx",21); + &jnc (&label("nocpuid")); + &mov ("eax",1); + &cpuid (); +&set_label("nocpuid"); + &mov ("eax","edx"); + &mov ("edx","ecx"); +&function_end("OPENSSL_ia32_cpuid"); + +&external_label("OPENSSL_ia32cap_P"); + +&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("notsc")); + &rdtsc (); +&set_label("notsc"); + &ret (); +&function_end_B("OPENSSL_rdtsc"); + +# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], +# but it's safe to call it on any [supported] 32-bit platform... +# Just check for [non-]zero return value... +&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("nohalt")); # no TSC + + &data_word(0x9058900e); # push %cs; pop %eax + &and ("eax",3); + &jnz (&label("nohalt")); # not enough privileges + + &pushf (); + &pop ("eax") + &bt ("eax",9); + &jnc (&label("nohalt")); # interrupts are disabled + + &rdtsc (); + &push ("edx"); + &push ("eax"); + &halt (); + &rdtsc (); + + &sub ("eax",&DWP(0,"esp")); + &sbb ("edx",&DWP(4,"esp")); + &add ("esp",8); + &ret (); + +&set_label("nohalt"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &ret (); +&function_end_B("OPENSSL_instrument_halt"); + +# Essentially there is only one use for this function. Under DJGPP: +# +# #include +# ... +# i=OPENSSL_far_spin(_dos_ds,0x46c); +# ... +# to obtain the number of spins till closest timer interrupt. + +&function_begin_B("OPENSSL_far_spin"); + &pushf (); + &pop ("eax") + &bt ("eax",9); + &jnc (&label("nospin")); # interrupts are disabled + + &mov ("eax",&DWP(4,"esp")); + &mov ("ecx",&DWP(8,"esp")); + &data_word (0x90d88e1e); # push %ds, mov %eax,%ds + &xor ("eax","eax"); + &mov ("edx",&DWP(0,"ecx")); + &jmp (&label("spin")); + + &align (16); +&set_label("spin"); + &inc ("eax"); + &cmp ("edx",&DWP(0,"ecx")); + &je (&label("spin")); + + &data_word (0x1f909090); # pop %ds + &ret (); + +&set_label("nospin"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &ret (); +&function_end_B("OPENSSL_far_spin"); + +&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &mov ("ecx",&DWP(0,"ecx")); + &bt (&DWP(0,"ecx"),1); + &jnc (&label("no_x87")); + if ($sse2) { + &bt (&DWP(0,"ecx"),26); + &jnc (&label("no_sse2")); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); + &set_label("no_sse2"); + } + # just a bunch of fldz to zap the fp/mm bank followed by finit... + &data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b); +&set_label("no_x87"); + &lea ("eax",&DWP(4,"esp")); + &ret (); +&function_end_B("OPENSSL_wipe_cpu"); + +&function_begin_B("OPENSSL_atomic_add"); + &mov ("edx",&DWP(4,"esp")); # fetch the pointer, 1st arg + &mov ("ecx",&DWP(8,"esp")); # fetch the increment, 2nd arg + &push ("ebx"); + &nop (); + &mov ("eax",&DWP(0,"edx")); +&set_label("spin"); + &lea ("ebx",&DWP(0,"eax","ecx")); + &nop (); + &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is envolved and is always reloaded + &jne (&label("spin")); + &mov ("eax","ebx"); # OpenSSL expects the new value + &pop ("ebx"); + &ret (); +&function_end_B("OPENSSL_atomic_add"); + +# This function can become handy under Win32 in situations when +# we don't know which calling convention, __stdcall or __cdecl(*), +# indirect callee is using. In C it can be deployed as +# +#ifdef OPENSSL_CPUID_OBJ +# type OPENSSL_indirect_call(void *f,...); +# ... +# OPENSSL_indirect_call(func,[up to $max arguments]); +#endif +# +# (*) it's designed to work even for __fastcall if number of +# arguments is 1 or 2! +&function_begin_B("OPENSSL_indirect_call"); + { + my $i,$max=7; # $max has to be chosen as 4*n-1 + # in order to preserve eventual + # stack alignment + &push ("ebp"); + &mov ("ebp","esp"); + &sub ("esp",$max*4); + &mov ("ecx",&DWP(12,"ebp")); + &mov (&DWP(0,"esp"),"ecx"); + &mov ("edx",&DWP(16,"ebp")); + &mov (&DWP(4,"esp"),"edx"); + for($i=2;$i<$max;$i++) + { + # Some copies will be redundant/bogus... + &mov ("eax",&DWP(12+$i*4,"ebp")); + &mov (&DWP(0+$i*4,"esp"),"eax"); + } + &call_ptr (&DWP(8,"ebp"));# make the call... + &mov ("esp","ebp"); # ... and just restore the stack pointer + # without paying attention to what we called, + # (__cdecl *func) or (__stdcall *one). + &pop ("ebp"); + &ret (); + } +&function_end_B("OPENSSL_indirect_call"); + +&initseg("OPENSSL_cpuid_setup"); + +&asm_finish(); diff --git a/crypto/openssl/demos/easy_tls/easy-tls.c b/crypto/openssl/demos/easy_tls/easy-tls.c index 9c1d982..9cd8314 100644 --- a/crypto/openssl/demos/easy_tls/easy-tls.c +++ b/crypto/openssl/demos/easy_tls/easy-tls.c @@ -1,7 +1,7 @@ /* -*- Mode: C; c-file-style: "bsd" -*- */ /* * easy-tls.c -- generic TLS proxy. - * $Id: easy-tls.c,v 1.2.2.2 2002/03/05 09:06:57 bodo Exp $ + * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $ */ /* (c) Copyright 1999 Bodo Moeller. All rights reserved. @@ -73,7 +73,7 @@ */ static char const rcsid[] = -"$Id: easy-tls.c,v 1.2.2.2 2002/03/05 09:06:57 bodo Exp $"; +"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $"; #include #include diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.c b/crypto/openssl/demos/engines/zencod/hw_zencod.c index 29206b4..4234b93 100644 --- a/crypto/openssl/demos/engines/zencod/hw_zencod.c +++ b/crypto/openssl/demos/engines/zencod/hw_zencod.c @@ -1233,7 +1233,7 @@ static const EVP_MD engine_sha1_md = SHA_CBLOCK, /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */ sizeof ( ZEN_MD_DATA ) - /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */ + /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */ } ; /* The one for MD5 ... */ @@ -1254,7 +1254,7 @@ static const EVP_MD engine_md5_md = MD5_CBLOCK, /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */ sizeof ( ZEN_MD_DATA ) - /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */ + /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */ } ; diff --git a/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh b/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh new file mode 100755 index 0000000..b31a4f1 --- /dev/null +++ b/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh @@ -0,0 +1,98 @@ +#!/bin/sh + +# For a list of supported curves, use "apps/openssl ecparam -list_curves". + +# Path to the openssl distribution +OPENSSL_DIR=../.. +# Path to the openssl program +OPENSSL_CMD=$OPENSSL_DIR/apps/openssl +# Option to find configuration file +OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" +# Directory where certificates are stored +CERTS_DIR=./Certs +# Directory where private key files are stored +KEYS_DIR=$CERTS_DIR +# Directory where combo files (containing a certificate and corresponding +# private key together) are stored +COMBO_DIR=$CERTS_DIR +# cat command +CAT=/bin/cat +# rm command +RM=/bin/rm +# mkdir command +MKDIR=/bin/mkdir +# The certificate will expire these many days after the issue date. +DAYS=1500 +TEST_CA_FILE=rsa1024TestCA + +TEST_SERVER_CURVE=sect163r1 +TEST_SERVER_FILE=sect163r1-rsaTestServer +TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)" + +TEST_CLIENT_CURVE=sect163r1 +TEST_CLIENT_FILE=sect163r1-rsaTestClient +TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)" + +# Generating an EC certificate involves the following main steps +# 1. Generating curve parameters (if needed) +# 2. Generating a certificate request +# 3. Signing the certificate request +# 4. [Optional] One can combine the cert and private key into a single +# file and also delete the certificate request + +$MKDIR -p $CERTS_DIR +$MKDIR -p $KEYS_DIR +$MKDIR -p $COMBO_DIR + +echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)" +echo "==============================================================" +$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ + -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ + -newkey ec:$TEST_SERVER_CURVE.pem -new \ + -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_SERVER_FILE.pem +$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)" +echo "==============================================================" +$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ + -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ + -newkey ec:$TEST_CLIENT_CURVE.pem -new \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CLIENT_FILE.pem +$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + diff --git a/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh b/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh new file mode 100755 index 0000000..a47b8bb --- /dev/null +++ b/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh @@ -0,0 +1,164 @@ +#!/bin/sh + +# For a list of supported curves, use "apps/openssl ecparam -list_curves". + +# Path to the openssl distribution +OPENSSL_DIR=../.. +# Path to the openssl program +OPENSSL_CMD=$OPENSSL_DIR/apps/openssl +# Option to find configuration file +OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" +# Directory where certificates are stored +CERTS_DIR=./Certs +# Directory where private key files are stored +KEYS_DIR=$CERTS_DIR +# Directory where combo files (containing a certificate and corresponding +# private key together) are stored +COMBO_DIR=$CERTS_DIR +# cat command +CAT=/bin/cat +# rm command +RM=/bin/rm +# mkdir command +MKDIR=/bin/mkdir +# The certificate will expire these many days after the issue date. +DAYS=1500 +TEST_CA_CURVE=secp160r1 +TEST_CA_FILE=secp160r1TestCA +TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)" + +TEST_SERVER_CURVE=secp160r2 +TEST_SERVER_FILE=secp160r2TestServer +TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)" + +TEST_CLIENT_CURVE=secp160r2 +TEST_CLIENT_FILE=secp160r2TestClient +TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)" + +# Generating an EC certificate involves the following main steps +# 1. Generating curve parameters (if needed) +# 2. Generating a certificate request +# 3. Signing the certificate request +# 4. [Optional] One can combine the cert and private key into a single +# file and also delete the certificate request + +$MKDIR -p $CERTS_DIR +$MKDIR -p $KEYS_DIR +$MKDIR -p $COMBO_DIR + +echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)" +echo "===============================================================" +$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem + +# Generate a new certificate request in $TEST_CA_FILE.req.pem. A +# new ecdsa (actually ECC) key pair is generated on the parameters in +# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem +# WARNING: By using the -nodes option, we force the private key to be +# stored in the clear (rather than encrypted with a password). +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ + -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -newkey ec:$TEST_CA_CURVE.pem -new \ + -out $CERTS_DIR/$TEST_CA_FILE.req.pem + +# Sign the certificate request in $TEST_CA_FILE.req.pem using the +# private key in $TEST_CA_FILE.key.pem and include the CA extension. +# Make the certificate valid for 1500 days from the time of signing. +# The certificate is written into $TEST_CA_FILE.cert.pem +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ + -extfile $OPENSSL_DIR/apps/openssl.cnf \ + -extensions v3_ca \ + -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CA_FILE.cert.pem + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CA_FILE.pem +$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CA_FILE.req.pem + +echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)" +echo "==========================================================================" +# Generate parameters for curve $TEST_SERVER_CURVE, if needed +$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem + +# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A +# new ecdsa (actually ECC) key pair is generated on the parameters in +# $TEST_SERVER_CURVE.pem and the private key is saved in +# $TEST_SERVER_FILE.key.pem +# WARNING: By using the -nodes option, we force the private key to be +# stored in the clear (rather than encrypted with a password). +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ + -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ + -newkey ec:$TEST_SERVER_CURVE.pem -new \ + -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the +# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in +# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number +# file for this CA, create one. Make the certificate valid for $DAYS days +# from the time of signing. The certificate is written into +# $TEST_SERVER_FILE.cert.pem +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_SERVER_FILE.pem +$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)" +echo "==========================================================================" +# Generate parameters for curve $TEST_CLIENT_CURVE, if needed +$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem + +# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A +# new ecdsa (actually ECC) key pair is generated on the parameters in +# $TEST_CLIENT_CURVE.pem and the private key is saved in +# $TEST_CLIENT_FILE.key.pem +# WARNING: By using the -nodes option, we force the private key to be +# stored in the clear (rather than encrypted with a password). +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ + -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ + -newkey ec:$TEST_CLIENT_CURVE.pem -new \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + +# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the +# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in +# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number +# file for this CA, create one. Make the certificate valid for $DAYS days +# from the time of signing. The certificate is written into +# $TEST_CLIENT_FILE.cert.pem +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CLIENT_FILE.pem +$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + + + diff --git a/crypto/openssl/demos/ssltest-ecc/README b/crypto/openssl/demos/ssltest-ecc/README new file mode 100644 index 0000000..71c070a --- /dev/null +++ b/crypto/openssl/demos/ssltest-ecc/README @@ -0,0 +1,15 @@ +Scripts for using ECC ciphersuites with test/testssl +(these ciphersuites are described in the Internet Draft available at +http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt). + +Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate +root, client and server certs of the following types: + + ECC certs signed with ECDSA + RSA certs signed with RSA + ECC certs signed with RSA + +Afterwards, you can use ssltest.sh to run the various tests; +specify one of the following options: + + aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa diff --git a/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh b/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh new file mode 100755 index 0000000..0cb0153 --- /dev/null +++ b/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh @@ -0,0 +1,121 @@ +#!/bin/sh + +# For a list of supported curves, use "apps/openssl ecparam -list_curves". + +# Path to the openssl distribution +OPENSSL_DIR=../.. +# Path to the openssl program +OPENSSL_CMD=$OPENSSL_DIR/apps/openssl +# Option to find configuration file +OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" +# Directory where certificates are stored +CERTS_DIR=./Certs +# Directory where private key files are stored +KEYS_DIR=$CERTS_DIR +# Directory where combo files (containing a certificate and corresponding +# private key together) are stored +COMBO_DIR=$CERTS_DIR +# cat command +CAT=/bin/cat +# rm command +RM=/bin/rm +# mkdir command +MKDIR=/bin/mkdir +# The certificate will expire these many days after the issue date. +DAYS=1500 +TEST_CA_FILE=rsa1024TestCA +TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" + +TEST_SERVER_FILE=rsa1024TestServer +TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)" + +TEST_CLIENT_FILE=rsa1024TestClient +TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)" + +# Generating an EC certificate involves the following main steps +# 1. Generating curve parameters (if needed) +# 2. Generating a certificate request +# 3. Signing the certificate request +# 4. [Optional] One can combine the cert and private key into a single +# file and also delete the certificate request + +$MKDIR -p $CERTS_DIR +$MKDIR -p $KEYS_DIR +$MKDIR -p $COMBO_DIR + +echo "Generating self-signed CA certificate (RSA)" +echo "===========================================" + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ + -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -newkey rsa:1024 -new \ + -out $CERTS_DIR/$TEST_CA_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ + -extfile $OPENSSL_DIR/apps/openssl.cnf \ + -extensions v3_ca \ + -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CA_FILE.cert.pem + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CA_FILE.pem +$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CA_FILE.req.pem + +echo "GENERATING A TEST SERVER CERTIFICATE (RSA)" +echo "==========================================" + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ + -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ + -newkey rsa:1024 -new \ + -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_SERVER_FILE.pem +$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)" +echo "==========================================" + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ + -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ + -newkey rsa:1024 -new \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CLIENT_FILE.pem +$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + diff --git a/crypto/openssl/demos/ssltest-ecc/ssltest.sh b/crypto/openssl/demos/ssltest-ecc/ssltest.sh new file mode 100755 index 0000000..923ca43 --- /dev/null +++ b/crypto/openssl/demos/ssltest-ecc/ssltest.sh @@ -0,0 +1,188 @@ +#! /bin/sh +# Tests ECC cipher suites using ssltest. Requires one argument which could +# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa. +# A second optional argument can be one of ssl2 ssl3 or tls1 + +if [ "$1" = "" ]; then + (echo "Usage: $0 test [ protocol ]" + echo " where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa" + echo " and protocol (optional) is one of ssl2, ssl3, tls1" + echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first." + ) >&2 + exit 1 +fi + + +OPENSSL_DIR=../.. +CERTS_DIR=./Certs +SSLTEST=$OPENSSL_DIR/test/ssltest +# SSL protocol version to test (one of ssl2 ssl3 or tls1)" +SSLVERSION= + +# These don't really require any certificates +AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA" + +# These require ECC certificates signed with ECDSA +# The EC public key must be authorized for key agreement. +ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA" + +# These require ECC certificates. +# The EC public key must be authorized for digital signature. +ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA" + +# These require ECC certificates signed with RSA. +# The EC public key must be authorized for key agreement. +ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA" + +# These require RSA certificates. +# The RSA public key must be authorized for digital signature. +ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA" + +# List of Elliptic curves over which we wish to test generation of +# ephemeral ECDH keys when using AECDH or ECDHE ciphers +# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1 +#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1" +ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1" + +DEFAULT_CURVE="sect163r2" + +if [ "$2" = "" ]; then + if [ "$SSL_VERSION" = "" ]; then + SSL_VERSION="" + else + SSL_VERSION="-$SSL_VERSION" + fi +else + SSL_VERSION="-$2" +fi + +#============================================================== +# Anonymous cipher suites do not require key or certificate files +# but ssltest expects a cert file and complains if it can't +# open the default one. +SERVER_PEM=$OPENSSL_DIR/apps/server.pem + +if [ "$1" = "aecdh" ]; then +for cipher in $AECDH_CIPHER_LIST +do + echo "Testing $cipher" + $SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher +done +#-------------------------------------------------------------- +for curve in $ELLIPTIC_CURVE_LIST +do + echo "Testing AECDH-NULL-SHA (with $curve)" + $SSLTEST $SSL_VERSION -cert $SERVER_PEM \ + -named_curve $curve -cipher AECDH-NULL-SHA +done + +for curve in $ELLIPTIC_CURVE_LIST +do + echo "Testing AECDH-RC4-SHA (with $curve)" + $SSLTEST $SSL_VERSION -cert $SERVER_PEM \ + -named_curve $curve -cipher AECDH-RC4-SHA +done +fi + +#============================================================== +# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require +# the server to have an ECC certificate signed with ECDSA. +CA_PEM=$CERTS_DIR/secp160r1TestCA.pem +SERVER_PEM=$CERTS_DIR/secp160r2TestServer.pem +CLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pem + +if [ "$1" = "ecdh-ecdsa" ]; then +for cipher in $ECDH_ECDSA_CIPHER_LIST +do + echo "Testing $cipher (with server authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -cipher $cipher + + echo "Testing $cipher (with server and client authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -c_cert $CLIENT_PEM -client_auth \ + -cipher $cipher +done +fi + +#============================================================== +if [ "$1" = "ecdhe-ecdsa" ]; then +for cipher in $ECDHE_ECDSA_CIPHER_LIST +do + echo "Testing $cipher (with server authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -cipher $cipher -named_curve $DEFAULT_CURVE + + echo "Testing $cipher (with server and client authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -c_cert $CLIENT_PEM -client_auth \ + -cipher $cipher -named_curve $DEFAULT_CURVE +done + +#-------------------------------------------------------------- +for curve in $ELLIPTIC_CURVE_LIST +do + echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -c_cert $CLIENT_PEM -client_auth \ + -cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve +done +fi + +#============================================================== +# ECDH-RSA cipher suites require the server to have an ECC +# certificate signed with RSA. +CA_PEM=$CERTS_DIR/rsa1024TestCA.pem +SERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pem +CLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pem + +if [ "$1" = "ecdh-rsa" ]; then +for cipher in $ECDH_RSA_CIPHER_LIST +do + echo "Testing $cipher (with server authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -cipher $cipher + + echo "Testing $cipher (with server and client authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -c_cert $CLIENT_PEM -client_auth \ + -cipher $cipher +done +fi + +#============================================================== +# ECDHE-RSA cipher suites require the server to have an RSA cert. +CA_PEM=$CERTS_DIR/rsa1024TestCA.pem +SERVER_PEM=$CERTS_DIR/rsa1024TestServer.pem +CLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pem + +if [ "$1" = "ecdhe-rsa" ]; then +for cipher in $ECDHE_RSA_CIPHER_LIST +do + echo "Testing $cipher (with server authentication)" + echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -cipher $cipher -named_curve $DEFAULT_CURVE + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -cipher $cipher -named_curve $DEFAULT_CURVE + + echo "Testing $cipher (with server and client authentication)" + $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ + -cert $SERVER_PEM -server_auth \ + -c_cert $CLIENT_PEM -client_auth \ + -cipher $cipher -named_curve $DEFAULT_CURVE +done +fi +#============================================================== + + + + diff --git a/crypto/openssl/demos/tunala/autoungunk.sh b/crypto/openssl/demos/tunala/autoungunk.sh index 14d1079..0c9123b 100755 --- a/crypto/openssl/demos/tunala/autoungunk.sh +++ b/crypto/openssl/demos/tunala/autoungunk.sh @@ -4,13 +4,13 @@ # mess has been left in the directory thanks to autoconf, automake, and their # friends. -if test -f Makefile; then - make distclean - rm -f Makefile -fi - if test -f Makefile.plain; then + if test -f Makefile; then + make distclean + fi mv Makefile.plain Makefile +else + make clean fi rm -f aclocal.m4 config.* configure install-sh \ diff --git a/crypto/openssl/demos/tunala/cb.c b/crypto/openssl/demos/tunala/cb.c index cd32f74..e649838 100644 --- a/crypto/openssl/demos/tunala/cb.c +++ b/crypto/openssl/demos/tunala/cb.c @@ -129,5 +129,15 @@ void cb_ssl_verify_set_level(unsigned int level) cb_ssl_verify_level = level; } +RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength) +{ + /* TODO: Perhaps make it so our global key can be generated on-the-fly + * after certain intervals? */ + static RSA *rsa_tmp = NULL; + if(!rsa_tmp) + rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); + return rsa_tmp; +} + #endif /* !defined(NO_OPENSSL) */ diff --git a/crypto/openssl/demos/tunala/configure.in b/crypto/openssl/demos/tunala/configure.in index b2a6ffc..590cdbf 100644 --- a/crypto/openssl/demos/tunala/configure.in +++ b/crypto/openssl/demos/tunala/configure.in @@ -10,6 +10,7 @@ dnl AM_PROG_LIBTOOL dnl Checks for libraries. AC_CHECK_LIB(dl, dlopen) +AC_CHECK_LIB(z, inflate) AC_CHECK_LIB(socket, socket) AC_CHECK_LIB(nsl, gethostbyname) diff --git a/crypto/openssl/demos/tunala/test.sh b/crypto/openssl/demos/tunala/test.sh new file mode 100755 index 0000000..105b447 --- /dev/null +++ b/crypto/openssl/demos/tunala/test.sh @@ -0,0 +1,107 @@ +#!/bin/sh + +HTTP="localhost:8080" +CLIENT_PORT="9020" +SERVER_PORT="9021" + +sub_test () +{ + echo "STARTING - $VER $CIPHER" + ./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \ + -cacert CA.pem -cert A-client.pem -server 0 \ + -dh_special standard -v_peer -v_strict \ + $VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt & + ./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \ + -cacert CA.pem -cert A-server.pem -server 1 \ + -dh_special standard -v_peer -v_strict \ + $VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt & + # Wait for the servers to be listening before starting the wget test + DONE="no" + while [ "$DONE" != "yes" ]; do + L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"` + L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"` + if [ "x$L1" != "x" ]; then + DONE="yes" + elif [ "x$L2" != "x" ]; then + DONE="yes" + else + sleep 1 + fi + done + HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep ""` + if [ "x$HTML" != "x" ]; then + echo "OK - $CIPHER ($VER)" + else + echo "FAIL - $CIPHER ($VER)" + killall tunala + exit 1 + fi + killall tunala + # Wait for the servers to stop before returning - otherwise the next + # test my fail to start ... (fscking race conditions) + DONE="yes" + while [ "$DONE" != "no" ]; do + L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"` + L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"` + if [ "x$L1" != "x" ]; then + DONE="yes" + elif [ "x$L2" != "x" ]; then + DONE="yes" + else + DONE="no" + fi + done + exit 0 +} + +run_test () +{ + (sub_test 1> /dev/null) || exit 1 +} + +run_ssl_test () +{ +killall tunala 1> /dev/null 2> /dev/null +echo "" +echo "Starting all $PRETTY tests" +if [ "$PRETTY" != "SSLv2" ]; then + if [ "$PRETTY" != "SSLv3" ]; then + export VER="-no_ssl2 -no_ssl3" + export OSSL="-tls1" + else + export VER="-no_ssl2 -no_tls1" + export OSSL="-ssl3" + fi +else + export VER="-no_ssl3 -no_tls1" + export OSSL="-ssl2" +fi +LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`" +#echo "$LIST" +for i in $LIST; do \ + DSS=`echo "$i" | grep "DSS"` + if [ "x$DSS" != "x" ]; then + echo "---- skipping $i (no DSA cert/keys) ----" + else + export CIPHER=$i + run_test + echo "SUCCESS: $i" + fi +done; +} + +# Welcome the user +echo "Tests will assume an http server running at $HTTP" + +# TLSv1 test +export PRETTY="TLSv1" +run_ssl_test + +# SSLv3 test +export PRETTY="SSLv3" +run_ssl_test + +# SSLv2 test +export PRETTY="SSLv2" +run_ssl_test + diff --git a/crypto/openssl/demos/tunala/tunala.c b/crypto/openssl/demos/tunala/tunala.c index e802a62..e918cba 100644 --- a/crypto/openssl/demos/tunala/tunala.c +++ b/crypto/openssl/demos/tunala/tunala.c @@ -69,8 +69,8 @@ typedef struct _tunala_world_t { static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, const char *CAfile, const char *cert, const char *key, const char *dcert, const char *dkey, const char *cipher_list, - const char *dh_file, const char *dh_special, int ctx_options, - int out_state, int out_verify, int verify_mode, + const char *dh_file, const char *dh_special, int tmp_rsa, + int ctx_options, int out_state, int out_verify, int verify_mode, unsigned int verify_depth); static void selector_init(tunala_selector_t *selector); static void selector_add_listener(tunala_selector_t *selector, int fd); @@ -102,6 +102,7 @@ static int def_flipped = 0; static const char *def_cipher_list = NULL; static const char *def_dh_file = NULL; static const char *def_dh_special = NULL; +static int def_tmp_rsa = 1; static int def_ctx_options = 0; static int def_verify_mode = 0; static unsigned int def_verify_depth = 10; @@ -127,6 +128,7 @@ static const char *helpstring = " -cipher (specifies cipher list to use)\n" " -dh_file (a PEM file containing DH parameters to use)\n" " -dh_special (see below: def=NULL)\n" +" -no_tmp_rsa (don't generate temporary RSA keys)\n" " -no_ssl2 (disable SSLv2)\n" " -no_ssl3 (disable SSLv3)\n" " -no_tls1 (disable TLSv1)\n" @@ -306,6 +308,7 @@ int main(int argc, char *argv[]) const char *cipher_list = def_cipher_list; const char *dh_file = def_dh_file; const char *dh_special = def_dh_special; + int tmp_rsa = def_tmp_rsa; int ctx_options = def_ctx_options; int verify_mode = def_verify_mode; unsigned int verify_depth = def_verify_depth; @@ -427,6 +430,9 @@ next_arg: if(!parse_dh_special(*argv, &dh_special)) return 1; goto next_arg; + } else if(strcmp(*argv, "-no_tmp_rsa") == 0) { + tmp_rsa = 0; + goto next_arg; } else if(strcmp(*argv, "-no_ssl2") == 0) { ctx_options |= SSL_OP_NO_SSLv2; goto next_arg; @@ -487,7 +493,7 @@ next_arg: /* Create the SSL_CTX */ if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id, cacert, cert, key, dcert, dkey, cipher_list, dh_file, - dh_special, ctx_options, out_state, out_verify, + dh_special, tmp_rsa, ctx_options, out_state, out_verify, verify_mode, verify_depth)) == NULL) return err_str1("initialise_ssl_ctx(engine_id=%s) failed", (engine_id == NULL) ? "NULL" : engine_id); @@ -522,8 +528,13 @@ main_loop: /* Now do the select */ switch(selector_select(&world.selector)) { case -1: - fprintf(stderr, "selector_select returned a badness error.\n"); - goto shouldnt_happen; + if(errno != EINTR) { + fprintf(stderr, "selector_select returned a " + "badness error.\n"); + goto shouldnt_happen; + } + fprintf(stderr, "Warn, selector interrupted by a signal\n"); + goto main_loop; case 0: fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n"); goto main_loop; @@ -717,8 +728,8 @@ do_it: static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, const char *CAfile, const char *cert, const char *key, const char *dcert, const char *dkey, const char *cipher_list, - const char *dh_file, const char *dh_special, int ctx_options, - int out_state, int out_verify, int verify_mode, + const char *dh_file, const char *dh_special, int tmp_rsa, + int ctx_options, int out_state, int out_verify, int verify_mode, unsigned int verify_depth) { SSL_CTX *ctx = NULL, *ret = NULL; @@ -770,6 +781,9 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, /* dcert and dkey */ if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey)) goto err; + /* temporary RSA key generation */ + if(tmp_rsa) + SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa); /* cipher_list */ if(cipher_list) { diff --git a/crypto/openssl/demos/tunala/tunala.h b/crypto/openssl/demos/tunala/tunala.h index b4c8ec7..3a752f2 100644 --- a/crypto/openssl/demos/tunala/tunala.h +++ b/crypto/openssl/demos/tunala/tunala.h @@ -149,6 +149,7 @@ int cb_ssl_verify(int ok, X509_STORE_CTX *ctx); void cb_ssl_verify_set_output(FILE *fp); void cb_ssl_verify_set_depth(unsigned int verify_depth); void cb_ssl_verify_set_level(unsigned int level); +RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength); #endif /* !defined(NO_OPENSSL) */ #endif /* !defined(OPENSSL_NO_BUFFER) */ diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt index d3a6254..a8a34c7 100644 --- a/crypto/openssl/doc/HOWTO/certificates.txt +++ b/crypto/openssl/doc/HOWTO/certificates.txt @@ -66,14 +66,13 @@ Section 5 will tell you more on how to handle the certificate you received. -4. Creating a self-signed certificate +4. Creating a self-signed test certificate If you don't want to deal with another certificate authority, or just -want to create a test certificate for yourself, or are setting up a -certificate authority of your own, you may want to make the requested -certificate a self-signed one. This is similar to creating a -certificate request, but creates a certificate instead of a -certificate request (1095 is 3 years): +want to create a test certificate for yourself. This is similar to +creating a certificate request, but creates a certificate instead of +a certificate request. This is NOT the recommended way to create a +CA certificate, see ca.txt. openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 diff --git a/crypto/openssl/doc/HOWTO/keys.txt b/crypto/openssl/doc/HOWTO/keys.txt index 45f42ea..7ae2a3a 100644 --- a/crypto/openssl/doc/HOWTO/keys.txt +++ b/crypto/openssl/doc/HOWTO/keys.txt @@ -40,9 +40,9 @@ consider insecure or to be insecure pretty soon. 3. To generate a DSA key -A DSA key can be used both for signing only. This is important to -keep in mind to know what kind of purposes a certificate request with -a DSA key can really be used for. +A DSA key can be used for signing only. This is important to keep +in mind to know what kind of purposes a certificate request with a +DSA key can really be used for. Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key: diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt new file mode 100644 index 0000000..3d36b02 --- /dev/null +++ b/crypto/openssl/doc/HOWTO/proxy_certificates.txt @@ -0,0 +1,322 @@ + + HOWTO proxy certificates + +0. WARNING + +NONE OF THE CODE PRESENTED HERE HAVE BEEN CHECKED! They are just an +example to show you how things can be done. There may be typos or +type conflicts, and you will have to resolve them. + +1. Introduction + +Proxy certificates are defined in RFC 3820. They are really usual +certificates with the mandatory extension proxyCertInfo. + +Proxy certificates are issued by an End Entity (typically a user), +either directly with the EE certificate as issuing certificate, or by +extension through an already issued proxy certificate.. They are used +to extend rights to some other entity (a computer process, typically, +or sometimes to the user itself), so it can perform operations in the +name of the owner of the EE certificate. + +See http://www.ietf.org/rfc/rfc3820.txt for more information. + + +2. A warning about proxy certificates + +Noone seems to have tested proxy certificates with security in mind. +Basically, to this date, it seems that proxy certificates have only +been used in a world that's highly aware of them. What would happen +if an unsuspecting application is to validate a chain of certificates +that contains proxy certificates? It would usually consider the leaf +to be the certificate to check for authorisation data, and since proxy +certificates are controlled by the EE certificate owner alone, it's +would be normal to consider what the EE certificate owner could do +with them. + +subjectAltName and issuerAltName are forbidden in proxy certificates, +and this is enforced in OpenSSL. The subject must be the same as the +issuer, with one commonName added on. + +Possible threats are, as far as has been imagined so far: + + - impersonation through commonName (think server certificates). + - use of additional extensions, possibly non-standard ones used in + certain environments, that would grant extra or different + authorisation rights. + +For this reason, OpenSSL requires that the use of proxy certificates +be explicitely allowed. Currently, this can be done using the +following methods: + + - if the application calls X509_verify_cert() itself, it can do the + following prior to that call (ctx is the pointer passed in the call + to X509_verify_cert()): + + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + + - in all other cases, proxy certificate validation can be enabled + before starting the application by setting the envirnoment variable + OPENSSL_ALLOW_PROXY with some non-empty value. + +There are thoughts to allow proxy certificates with a line in the +default openssl.cnf, but that's still in the future. + + +3. How to create proxy cerificates + +It's quite easy to create proxy certificates, by taking advantage of +the lack of checks of the 'openssl x509' application (*ahem*). But +first, you need to create a configuration section that contains a +definition of the proxyCertInfo extension, a little like this: + + [ v3_proxy ] + # A proxy certificate MUST NEVER be a CA certificate. + basicConstraints=CA:FALSE + + # Usual authority key ID + authorityKeyIdentifier=keyid,issuer:always + + # Now, for the extension that marks this certificate as a proxy one + proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB + +It's also possible to give the proxy extension in a separate section: + + proxyCertInfo=critical,@proxy_ext + + [ proxy_ext ] + language=id-ppl-anyLanguage + pathlen=0 + policy=text:BC + +The policy value has a specific syntax, {syntag}:{string}, where the +syntag determines what will be done with the string. The recognised +syntags are as follows: + + text indicates that the string is simply the bytes, not + encoded in any kind of way: + + policy=text:räksmörgås + + Previous versions of this design had a specific tag + for UTF-8 text. However, since the bytes are copied + as-is anyway, there's no need for it. Instead, use + the text: tag, like this: + + policy=text:räksmörgÃ¥s + + hex indicates the string is encoded in hex, with colons + between each byte (every second hex digit): + + policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 + + Previous versions of this design had a tag to insert a + complete DER blob. However, the only legal use for + this would be to surround the bytes that would go with + the hex: tag with what's needed to construct a correct + OCTET STRING. Since hex: does that, the DER tag felt + superfluous, and was therefore removed. + + file indicates that the text of the policy should really be + taken from a file. The string is then really a file + name. This is useful for policies that are large + (more than a few of lines) XML documents, for example. + +The 'policy' setting can be split up in multiple lines like this: + + 0.policy=This is + 1.polisy= a multi- + 2.policy=line policy. + +NOTE: the proxy policy value is the part that determines the rights +granted to the process using the proxy certificate. The value is +completely dependent on the application reading and interpretting it! + +Now that you have created an extension section for your proxy +certificate, you can now easily create a proxy certificate like this: + + openssl req -new -config openssl.cnf \ + -out proxy.req -keyout proxy.key + openssl x509 -req -CAcreateserial -in proxy.req -days 7 \ + -out proxy.crt -CA user.crt -CAkey user.key \ + -extfile openssl.cnf -extensions v3_proxy + +It's just as easy to create a proxy certificate using another proxy +certificate as issuer (note that I'm using a different configuration +section for it): + + openssl req -new -config openssl.cnf \ + -out proxy2.req -keyout proxy2.key + openssl x509 -req -CAcreateserial -in proxy2.req -days 7 \ + -out proxy2.crt -CA proxy.crt -CAkey proxy.key \ + -extfile openssl.cnf -extensions v3_proxy2 + + +4. How to have your application interpret the policy? + +The basic way to interpret proxy policies is to prepare some default +rights, then do a check of the proxy certificate against the a chain +of proxy certificates, user certificate and CA certificates, and see +what rights came out by the end. Sounds easy, huh? It almost is. + +The slightly complicated part is how to pass data between your +application and the certificate validation procedure. + +You need the following ingredients: + + - a callback routing that will be called for every certificate that's + validated. It will be called several times for each certificates, + so you must be attentive to when it's a good time to do the proxy + policy interpretation and check, as well as to fill in the defaults + when the EE certificate is checked. + + - a structure of data that's shared between your application code and + the callback. + + - a wrapper function that sets it all up. + + - an ex_data index function that creates an index into the generic + ex_data store that's attached to an X509 validation context. + +This is some cookbook code for you to fill in: + + /* In this example, I will use a view of granted rights as a bit + array, one bit for each possible right. */ + typedef struct your_rights { + unsigned char rights[total_rights / 8]; + } YOUR_RIGHTS; + + /* The following procedure will create an index for the ex_data + store in the X509 validation context the first time it's called. + Subsequent calls will return the same index. */ + static int get_proxy_auth_ex_data_idx(void) + { + static volatile int idx = -1; + if (idx < 0) + { + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + if (idx < 0) + { + idx = X509_STORE_CTX_get_ex_new_index(0, + "for verify callback", + NULL,NULL,NULL); + } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + } + return idx; + } + + /* Callback to be given to the X509 validation procedure. */ + static int verify_callback(int ok, X509_STORE_CTX *ctx) + { + if (ok == 1) /* It's REALLY important you keep the proxy policy + check within this secion. It's important to know + that when ok is 1, the certificates are checked + from top to bottom. You get the CA root first, + followed by the possible chain of intermediate + CAs, followed by the EE certificate, followed by + the possible proxy certificates. */ + { + X509 *xs = ctx->current_cert; + + if (xs->ex_flags & EXFLAG_PROXY) + { + YOUR_RIGHTS *rights = + (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx()); + PROXY_CERT_INFO_EXTENSION *pci = + X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); + + switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) + { + case NID_Independent: + /* Do whatever you need to grant explicit rights to + this particular proxy certificate, usually by + pulling them from some database. If there are none + to be found, clear all rights (making this and any + subsequent proxy certificate void of any rights). + */ + memset(rights->rights, 0, sizeof(rights->rights)); + break; + case NID_id_ppl_inheritAll: + /* This is basically a NOP, we simply let the current + rights stand as they are. */ + break; + default: + /* This is usually the most complex section of code. + You really do whatever you want as long as you + follow RFC 3820. In the example we use here, the + simplest thing to do is to build another, temporary + bit array and fill it with the rights granted by + the current proxy certificate, then use it as a + mask on the accumulated rights bit array, and + voilà, you now have a new accumulated rights bit + array. */ + { + int i; + YOUR_RIGHTS tmp_rights; + memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights)); + + /* process_rights() is supposed to be a procedure + that takes a string and it's length, interprets + it and sets the bits in the YOUR_RIGHTS pointed + at by the third argument. */ + process_rights((char *) pci->proxyPolicy->policy->data, + pci->proxyPolicy->policy->length, + &tmp_rights); + + for(i = 0; i < total_rights / 8; i++) + rights->rights[i] &= tmp_rights.rights[i]; + } + break; + } + PROXY_CERT_INFO_EXTENSION_free(pci); + } + else if (!(xs->ex_flags & EXFLAG_CA)) + { + /* We have a EE certificate, let's use it to set default! + */ + YOUR_RIGHTS *rights = + (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx()); + + /* The following procedure finds out what rights the owner + of the current certificate has, and sets them in the + YOUR_RIGHTS structure pointed at by the second + argument. */ + set_default_rights(xs, rights); + } + } + return ok; + } + + static int my_X509_verify_cert(X509_STORE_CTX *ctx, + YOUR_RIGHTS *needed_rights) + { + int i; + int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = ctx->verify_cb; + YOUR_RIGHTS rights; + + X509_STORE_CTX_set_verify_cb(ctx, verify_callback); + X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(), &rights); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + ok = X509_verify_cert(ctx); + + if (ok == 1) + { + ok = check_needed_rights(rights, needed_rights); + } + + X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); + + return ok; + } + +If you use SSL or TLS, you can easily set up a callback to have the +certificates checked properly, using the code above: + + SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights); + + +-- +Richard Levitte diff --git a/crypto/openssl/doc/apps/CA.pl.pod b/crypto/openssl/doc/apps/CA.pl.pod index 58e0f52..ed69952 100644 --- a/crypto/openssl/doc/apps/CA.pl.pod +++ b/crypto/openssl/doc/apps/CA.pl.pod @@ -47,7 +47,7 @@ written to the file "newreq.pem". creates a new certificate request. The private key and request are written to the file "newreq.pem". -=item B<-newreq-nowdes> +=item B<-newreq-nodes> is like B<-newreq> except that the private key will not be encrypted. diff --git a/crypto/openssl/doc/apps/asn1parse.pod b/crypto/openssl/doc/apps/asn1parse.pod index e76e981..542d969 100644 --- a/crypto/openssl/doc/apps/asn1parse.pod +++ b/crypto/openssl/doc/apps/asn1parse.pod @@ -16,6 +16,8 @@ B B [B<-i>] [B<-oid filename>] [B<-strparse offset>] +[B<-genstr string>] +[B<-genconf file>] =head1 DESCRIPTION @@ -67,6 +69,14 @@ file is described in the NOTES section below. parse the contents octets of the ASN.1 object starting at B. This option can be used multiple times to "drill down" into a nested structure. +=item B<-genstr string>, B<-genconf file> + +generate encoded data based on B, B or both using +ASN1_generate_nconf() format. If B only is present then the string +is obtained from the default section using the name B. The encoded +data is passed through the ASN1 parser and printed out as though it came +from a file, the contents can thus be examined and written to a file +using the B option. =back @@ -121,9 +131,41 @@ by white space. The final column is the rest of the line and is the C<1.2.3.4 shortName A long name> +=head1 EXAMPLES + +Parse a file: + + openssl asn1parse -in file.pem + +Parse a DER file: + + openssl asn1parse -inform DER -in file.der + +Generate a simple UTF8String: + + openssl asn1parse -genstr 'UTF8:Hello World' + +Generate and write out a UTF8String, don't print parsed output: + + openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der + +Generate using a config file: + + openssl asn1parse -genconf asn1.cnf -noout -out asn1.der + +Example config file: + + asn1=SEQUENCE:seq_sect + + [seq_sect] + + field1=BOOL:TRUE + field2=EXP:0, UTF8:some random string + + =head1 BUGS -There should be options to change the format of input lines. The output of some +There should be options to change the format of output lines. The output of some ASN.1 types is not well handled (if at all). =cut diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod index 74f45ca..5618c2d 100644 --- a/crypto/openssl/doc/apps/ca.pod +++ b/crypto/openssl/doc/apps/ca.pod @@ -17,7 +17,6 @@ B B [B<-crl_hold instruction>] [B<-crl_compromise time>] [B<-crl_CA_compromise time>] -[B<-subj arg>] [B<-crldays days>] [B<-crlhours hours>] [B<-crlexts section>] @@ -30,6 +29,7 @@ B B [B<-key arg>] [B<-passin arg>] [B<-cert file>] +[B<-selfsign>] [B<-in file>] [B<-out file>] [B<-notext>] @@ -44,6 +44,9 @@ B B [B<-extensions section>] [B<-extfile section>] [B<-engine id>] +[B<-subj arg>] +[B<-utf8>] +[B<-multivalue-rdn>] =head1 DESCRIPTION @@ -113,6 +116,20 @@ the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. +=item B<-selfsign> + +indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with B<-keyfile>). +Cerificate requests signed with a different key are ignored. If +B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is +ignored. + +A consequence of using B<-selfsign> is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option B), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. + =item B<-passin arg> the key password source. For more information about the format of B @@ -203,6 +220,28 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-subj arg> + +supersedes subject name given in the request. +The arg must be formatted as I, +characters may be escaped by \ (backslash), no spaces are skipped. + +=item B<-utf8> + +this option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings. + +=item B<-multivalue-rdn> + +this option causes the -subj argument to be interpretedt with full +support for multivalued RDNs. Example: + +I + +If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. + =back =head1 CRL OPTIONS @@ -253,12 +292,6 @@ B