From c800a070b59d5fdf7f079293010284bdd01bed41 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 18 May 2005 03:58:34 +0000 Subject: [PATCH 01/30] I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev. The 0.9.8 branch is called OpenSSL_0_9_8-stable. --- crypto/opensslv.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 1dd328079..dc3a89ad4 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x00908000L +#define OPENSSL_VERSION_NUMBER 0x00909000L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8-fips-dev XX xxx XXXX" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.9-fips-dev XX xxx XXXX" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8-dev XX xxx XXXX" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.9-dev XX xxx XXXX" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT From 28e4fe34e49f2233fa7784ca5b7ba42839892d99 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 18 May 2005 04:04:12 +0000 Subject: [PATCH 02/30] Version changes where needed. --- CHANGES | 4 ++++ README | 2 +- STATUS | 5 +++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index d02d20e16..9711d5643 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8 and 0.9.9 [xx XXX xxxx] + + *) + Changes between 0.9.7h and 0.9.8 [xx XXX xxxx] *) Add attribute functions to EVP_PKEY structure. Modify diff --git a/README b/README index 89a1478c7..542b8c042 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8-dev XX xxx XXXX + OpenSSL 0.9.9-dev XX xxx XXXX Copyright (c) 1998-2005 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/STATUS b/STATUS index 0fff68da9..a0c9fa581 100644 --- a/STATUS +++ b/STATUS @@ -1,10 +1,11 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2005/04/25 21:42:14 $ + ______________ $Date: 2005/05/18 04:04:12 $ DEVELOPMENT STATE - o OpenSSL 0.9.8: Under development... + o OpenSSL 0.9.9: Under development... + o OpenSSL 0.9.8: In beta... o OpenSSL 0.9.7g: Released on April 11th, 2005 o OpenSSL 0.9.7f: Released on March 22nd, 2005 o OpenSSL 0.9.7e: Released on October 25th, 2004 From 51ff6bde38e51e5822233e59a703b27efd369410 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 18 May 2005 08:16:46 +0000 Subject: [PATCH 03/30] Engage Applink in mingw. Note that application-side module is not compiled into *our* aplpications. That's because mingw is always consistent with itself. Having library-side code linked into .dll makes it possible to deploy the .dll with user-code compiled with another compiler [which is pretty much the whole point behind Applink]. --- Configure | 3 ++- TABLE | 2 +- crypto/Makefile | 6 ++++++ crypto/bio/bss_file.c | 7 ++++++- crypto/cryptlib.h | 2 +- ms/uplink.pl | 2 +- util/pl/VC-32.pl | 9 ++------- 7 files changed, 19 insertions(+), 12 deletions(-) diff --git a/Configure b/Configure index 7234d01e1..999ec2030 100755 --- a/Configure +++ b/Configure @@ -472,7 +472,7 @@ my %table=( "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", # MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin -shared:.dll.a", +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a", # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", @@ -1133,6 +1133,7 @@ else $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; } +$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); # Compiler fix-ups if ($target =~ /icc$/) { diff --git a/TABLE b/TABLE index 70ccd7e73..35b06f8d7 100644 --- a/TABLE +++ b/TABLE @@ -2991,7 +2991,7 @@ $rmd160_obj = rm86-cof.o $rc5_obj = r586-cof.o $dso_scheme = win32 $shared_target= cygwin-shared -$shared_cflag = -D_WINDLL +$shared_cflag = -D_WINDLL -DOPENSSL_USE_APPLINK $shared_ldflag = -mno-cygwin -shared $shared_extension = .dll.a $ranlib = diff --git a/crypto/Makefile b/crypto/Makefile index 9f309e025..c6c76c26a 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -67,6 +67,12 @@ x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@ +uplink.o: ../ms/uplink.c + $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c + +uplink-cof.s: ../ms/uplink.pl + $(PERL) ../ms/uplink.pl coff > $@ + x86_64cpuid.s: x86_64cpuid.pl $(PERL) x86_64cpuid.pl $@ ia64cpuid.s: ia64cpuid.S diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index c97ac1465..dd17802f8 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -236,12 +236,17 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown=(int)num&BIO_CLOSE; b->ptr=ptr; b->init=1; -#if BIO_FLAGS_UPLINK!=0 && defined(_IOB_ENTRIES) +#if BIO_FLAGS_UPLINK!=0 +#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +#define _IOB_ENTRIES 20 +#endif +#if defined(_IOB_ENTRIES) /* Safety net to catch purely internal BIO_set_fp calls */ if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES)) BIO_clear_flags(b,BIO_FLAGS_UPLINK); #endif +#endif #ifdef UP_fsetmode if (b->flags&BIO_FLAGS_UPLINK) UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b'); diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index 9711f42e2..fc249c57f 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -66,7 +66,7 @@ #ifdef OPENSSL_USE_APPLINK #define BIO_FLAGS_UPLINK 0x8000 -#include "uplink.h" +#include "ms/uplink.h" #endif #include diff --git a/ms/uplink.pl b/ms/uplink.pl index cd9d37f56..5dacc4f1a 100755 --- a/ms/uplink.pl +++ b/ms/uplink.pl @@ -44,7 +44,7 @@ print <<___; .align 4 .Lazy$i: pushl \$$i - pushl _OPENSSL_UplinkTable + pushl \$_OPENSSL_UplinkTable call _OPENSSL_Uplink addl \$8,%esp jmp *(_OPENSSL_UplinkTable+4*$i) diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 6334317cd..5888dcbfe 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -99,23 +99,18 @@ if ($shlib) # Engage Applink... # $app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib"; - $cflags.=" -DOPENSSL_USE_APPLINK"; + $cflags.=" -DOPENSSL_USE_APPLINK -I."; # I'm open for better suggestions than overriding $banner... $banner=<<'___'; @echo Building OpenSSL $(OBJ_D)\applink.obj: ms\applink.c $(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c -$(OBJ_D)\uplink.obj: ms\uplink.c $(OBJ_D)\applink.c +$(OBJ_D)\uplink.obj: ms\uplink.c ms\applink.c $(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c -$(INCL_D)\uplink.h: ms\uplink.h - $(CP) ms\uplink.h $(INCL_D)\uplink.h $(INCO_D)\applink.c: ms\applink.c $(CP) ms\applink.c $(INCO_D)\applink.c -$(OBJ_D)\applink.c: ms\applink.c - $(CP) ms\applink.c $(OBJ_D)\applink.c -HEADER=$(HEADER) $(INCL_D)\uplink.h EXHEADER= $(EXHEADER) $(INCO_D)\applink.c LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj From c50226594d73f02d594a5a469abd11e1c9849588 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 18 May 2005 08:42:08 +0000 Subject: [PATCH 04/30] Don't emit SSE2 instructions unless were asked to. PR: 1073 --- crypto/x86cpuid.pl | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index 9ad9435ff..3d5d16bb6 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -5,6 +5,8 @@ require "x86asm.pl"; &asm_init($ARGV[0],"x86cpuid"); +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); @@ -115,17 +117,19 @@ require "x86asm.pl"; &mov ("ecx",&DWP(0,"ecx")); &bt (&DWP(0,"ecx"),1); &jnc (&label("no_x87")); - &bt (&DWP(0,"ecx"),26); - &jnc (&label("no_sse2")); - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); -&set_label("no_sse2"); + if ($sse2) { + &bt (&DWP(0,"ecx"),26); + &jnc (&label("no_sse2")); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); + &set_label("no_sse2"); + } # just a bunch of fldz to zap the fp/mm bank... &data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9); &emms (); From 788e67e227106454a2fb708b94b030883a8a10c2 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 18 May 2005 13:35:54 +0000 Subject: [PATCH 05/30] FAQ update to mention Applink. --- FAQ | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/FAQ b/FAQ index 06faf91a5..30913a11b 100644 --- a/FAQ +++ b/FAQ @@ -652,6 +652,17 @@ by: Note that debug and release libraries are NOT interchangeable. If you built OpenSSL with /MD your application must use /MD and cannot use /MDd. +As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL +.DLLs compiled with some specific run-time option [we recommend the +default /MD] can be deployed with application compiled with different +option or even different compiler. But there is a catch! Instead of +re-compiling OpenSSL toolkit, as you would have to with prior versions, +you have to compile small C snippet with compiler and/or options of +your choice. The snippet gets installed as +/include/openssl/applink.c and should be either added to +your project or simply #include-d in one [and only one] of your source +files. Failure to do either manifests itself as fatal "no +OPENSSL_Applink" error. * How do I read or write a DER encoded buffer using the ASN1 functions? From 67ffa18cceb3fafcf1a19d8e607fc9c1e8213e9d Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Wed, 18 May 2005 22:30:38 +0000 Subject: [PATCH 06/30] make the type parameter const when ID2_OF_const() is used --- crypto/asn1/asn1.h | 2 +- crypto/pem/pem.h | 30 ++++++++++++++++++++++-------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index f111e6fba..dadcae8bd 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -932,7 +932,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); #define ASN1_i2d_bio_of(type,i2d,out,x) \ ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) #define ASN1_i2d_bio_of_const(type,i2d,out,x) \ - ((int (*)(I2D_OF_const(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) + ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index c65e07c4f..7db6b423d 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -230,9 +230,9 @@ return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,uns } #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ -int PEM_write_##name(FILE *fp, type *x) \ +int PEM_write_##name(FILE *fp, const type *x) \ { \ -return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ +return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ } #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ @@ -266,9 +266,9 @@ return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsi } #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ -int PEM_write_bio_##name(BIO *bp, type *x) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ { \ -return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ +return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ @@ -333,6 +333,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x); +#define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + #define DECLARE_PEM_write_cb_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -346,6 +349,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x); +#define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + #define DECLARE_PEM_write_cb_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -362,6 +368,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_write_bio(name, type) \ DECLARE_PEM_write_fp(name, type) +#define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) + #define DECLARE_PEM_write_cb(name, type) \ DECLARE_PEM_write_cb_bio(name, type) \ DECLARE_PEM_write_cb_fp(name, type) @@ -374,6 +384,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write(name, type) +#define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) + #define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) @@ -601,7 +615,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) #endif @@ -612,19 +626,19 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) -DECLARE_PEM_rw(DSAparams, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) #endif #ifndef OPENSSL_NO_EC -DECLARE_PEM_rw(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) #endif #ifndef OPENSSL_NO_DH -DECLARE_PEM_rw(DHparams, DH) +DECLARE_PEM_rw_const(DHparams, DH) #endif From 3f4657d131fd301b6000d0de9929a2c8518a795b Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Thu, 19 May 2005 12:01:51 +0000 Subject: [PATCH 07/30] fix "dereferencing type-punned pointer will break strict-aliasing rules" warning when using gcc 4.0 --- crypto/dso/dso_dlfcn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 2b8f3ee4d..1fd10104c 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -237,7 +237,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) { void *ptr; - DSO_FUNC_TYPE sym; + DSO_FUNC_TYPE sym, *tsym = &sym; if((dso == NULL) || (symname == NULL)) { @@ -255,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - *(void **)(&sym) = dlsym(ptr, symname); + *(void **)(tsym) = dlsym(ptr, symname); if(sym == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); From decc9ffc18a284498956bf73f879b705afc47292 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 May 2005 19:43:28 +0000 Subject: [PATCH 08/30] Update status information --- STATUS | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/STATUS b/STATUS index a0c9fa581..5fd73ff32 100644 --- a/STATUS +++ b/STATUS @@ -1,11 +1,11 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2005/05/18 04:04:12 $ + ______________ $Date: 2005/05/19 19:43:28 $ DEVELOPMENT STATE o OpenSSL 0.9.9: Under development... - o OpenSSL 0.9.8: In beta... + o OpenSSL 0.9.8-beta1: Released on May 19th, 2005 o OpenSSL 0.9.7g: Released on April 11th, 2005 o OpenSSL 0.9.7f: Released on March 22nd, 2005 o OpenSSL 0.9.7e: Released on October 25th, 2004 @@ -56,16 +56,8 @@ Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. - o Geoff and Richard are currently working on: - ENGINE (the new code that gives hardware support among others). o Richard is currently working on: - UI (User Interface) - UTIL (a new set of library functions to support some higher level - functionality that is currently missing). - Shared library support for VMS. - Kerberos 5 authentication (Heimdal) Constification - Compression Attribute Certificate support Certificate Pair support Storage Engines (primarly an LDAP storage engine) From 851e31ff07376c41f2666e64b14df29be50cbc3d Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 19 May 2005 19:54:49 +0000 Subject: [PATCH 09/30] FAQ to mention no-sse2. --- FAQ | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/FAQ b/FAQ index 30913a11b..f3eeccd05 100644 --- a/FAQ +++ b/FAQ @@ -46,6 +46,7 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL test suite fail on MacOS X? * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? +* Why does the OpenSSL test suite fail in sha512t on x86 CPU? [PROG] Questions about programming with OpenSSL @@ -598,6 +599,14 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and remedy should be same. Provided binary is statically linked and should be working across wider range of *BSD branches, not just OpenBSD. +* Why does the OpenSSL test suite fail in sha512t on x86 CPU? + +If the test program in question fails withs SIGILL, Illegal Instruction +exception, then you more than likely to run SSE2-capable CPU, such as +Intel P4, under control of kernel which does not support SSE2 +instruction extentions. See accompanying INSTALL file and +OPENSSL_ia32cap(3) documentation page for further information. + [PROG] ======================================================================== * Is OpenSSL thread-safe? From b67d9889151bc6f09c3fb5f671c4c676dab095a4 Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Thu, 19 May 2005 20:54:30 +0000 Subject: [PATCH 10/30] update ecdsa doc --- doc/crypto/ecdsa.pod | 66 +++++++++++++++----------------------------- 1 file changed, 22 insertions(+), 44 deletions(-) diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index ab3bef071..49b10f224 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -14,13 +14,11 @@ ecdsa - Elliptic Curve Digital Signature Algorithm ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); - ECDSA_DATA* ECDSA_DATA_new(void); - ECDSA_DATA* ECDSA_DATA_new_method(ENGINE *eng); - void ECDSA_DATA_free(ECDSA_DATA *data); - ECDSA_DATA* ecdsa_check(EC_KEY *eckey); - ECDSA_SIG* ECDSA_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *eckey); + ECDSA_SIG* ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY* eckey); int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, @@ -28,6 +26,10 @@ ecdsa - Elliptic Curve Digital Signature Algorithm int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + int ECDSA_sign_ex(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); @@ -72,35 +74,6 @@ the decoded signature in a newly allocated B structure. B<*sig> points to the buffer containing the DER encoded signature of size B. -The B structure extends the B -structure with ECDSA specific data. - - struct - { - /* EC_KEY_METH_DATA part */ - int (*init)(EC_KEY *); - void (*finish)(EC_KEY *); - /* method (ECDSA) specific part */ - BIGNUM *kinv; /* signing pre-calc */ - BIGNUM *r; /* signing pre-calc */ - ... - } - ECDSA_DATA; - -B and B are used to store precomputed values (see -B). - -ECDSA_DATA_new() returns a newly allocated and initialized -B structure (or NULL on error). - -ECDSA_DATA_free() frees the B structure B. - -ecdsa_check() returns the pointer to the B -structure in Bmeth_data> (if Bmeth_data> -is not a pointer to a B structure then the old -data is freed and a new B structure is allocated -using B). - ECDSA_size() returns the maximum length of a DER encoded ECDSA signature created with the private EC key B. @@ -108,13 +81,15 @@ ECDSA_sign_setup() may be used to precompute parts of the signing operation. B is the private EC key and B is a pointer to B structure (or NULL). The precomputed values or returned in B and B and can be used in a -later call to B or B when placed in -Bkinv> and Br>. +later call to B or B. -ECDSA_sign() computes a digital signature of the B bytes -hash value B using the private EC key B and places -the DER encoding of the created signature in B. The length -of the created signature is returned in B. Note: B +ECDSA_sign() is wrapper function for ECDSA_sign_ex with B +and B set to NULL. + +ECDSA_sign_ex() computes a digital signature of the B bytes +hash value B using the private EC key B and the optional +pre-computed values B and B. The DER encoded signatures is +stored in B and it's length is returned in B. Note: B must point to B bytes of memory. The parameter B is ignored. @@ -123,10 +98,13 @@ B is a valid ECDSA signature of the hash value value B of size B using the public key B. The parameter B is ignored. -ECDSA_do_sign() computes a digital signature of the B -bytes hash value B using the private key B and -returns the signature in a newly allocated B structure -(or NULL on error). +ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B +and B set to NULL. + +ECDSA_do_sign_ex() computes a digital signature of the B +bytes hash value B using the private key B and the +optional pre-computed values B and B. The signature is +returned in a newly allocated B structure (or NULL on error). ECDSA_do_verify() verifies that the signature B is a valid ECDSA signature of the hash value B of size B From 7f246621b5b8802a12e3bf06ae6c0473d74daefb Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Thu, 19 May 2005 22:10:40 +0000 Subject: [PATCH 11/30] fix potential memory leak Submitted by: Goetz Babin-Ebell --- crypto/pkcs7/pk7_smime.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index d37be4823..b6146d75c 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -88,6 +88,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + PKCS7_free(p7); return NULL; } @@ -105,6 +106,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, { if(!(smcap = sk_X509_ALGOR_new_null())) { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + PKCS7_free(p7); return NULL; } #ifndef OPENSSL_NO_DES @@ -130,6 +132,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!(p7bio = PKCS7_dataInit(p7, NULL))) { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + PKCS7_free(p7); return NULL; } @@ -139,10 +142,12 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + PKCS7_free(p7); + BIO_free_all(p7bio); return NULL; } - BIO_free_all(p7bio); + BIO_free_all(p7bio); return p7; } From bbbd67108f6cb6224b0725095a69bfc391011411 Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Fri, 20 May 2005 22:55:10 +0000 Subject: [PATCH 12/30] fix typo, add prototype --- crypto/ec/ec_lib.c | 2 +- crypto/ecdh/ech_lib.c | 3 ++- crypto/ecdsa/ecs_lib.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 6d3a56269..3c6967ae1 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -622,7 +622,7 @@ void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, } /* this has 'package' visibility */ -void EC_EX_DATA_clear_free_extra_data(EC_EXTRA_DATA **ex_data, +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { EC_EXTRA_DATA **p; diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index 85fbfc5ca..01e75e2a5 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -78,6 +78,7 @@ const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT; static const ECDH_METHOD *default_ECDH_method = NULL; +static void *ecdh_data_new(void); static void *ecdh_data_dup(void *); static void ecdh_data_free(void *); @@ -167,7 +168,7 @@ static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) return(ret); } -void *ecdh_data_new(void) +static void *ecdh_data_new(void) { return (void *)ECDH_DATA_new_method(NULL); } diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 8a6d4ad45..ab96a6dc9 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -65,6 +65,7 @@ const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT; static const ECDSA_METHOD *default_ECDSA_method = NULL; +static void *ecdsa_data_new(void); static void *ecdsa_data_dup(void *); static void ecdsa_data_free(void *); @@ -147,7 +148,7 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) return(ret); } -void *ecdsa_data_new(void) +static void *ecdsa_data_new(void) { return (void *)ECDSA_DATA_new_method(NULL); } From e476f9421288aedee52a65ec813c7683ff0ccf5f Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 21 May 2005 13:19:27 +0000 Subject: [PATCH 13/30] Move _WIN32_WINNT definition from command line to e_os.h. The change is inspired by VC6 failure report. In addition abstain from taking screen snapshots when running in NT service context. --- crypto/cryptlib.c | 5 +++-- crypto/cryptlib.h | 1 + crypto/rand/rand_win.c | 3 ++- e_os.h | 17 +++++++++++++++++ util/pl/VC-32.pl | 2 +- 5 files changed, 24 insertions(+), 4 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6f8b0ff4e..e73d086ee 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -624,7 +624,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, #include #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -static int IsService(void) +int OPENSSL_isservice(void) { HWINSTA h; DWORD len; WCHAR *name; @@ -722,7 +722,7 @@ void OPENSSL_showfatal (const char *fmta,...) #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && IsService()) + if (GetVersion() < 0x80000000 && OPENSSL_isservice()) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); @@ -754,6 +754,7 @@ void OPENSSL_showfatal (const char *fmta,...) vfprintf (stderr,fmta,ap); va_end (ap); } +int OPENSSL_isservice (void) { return 0; } #endif void OpenSSLDie(const char *file,int line,const char *assertion) diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index fc249c57f..5ceaa964b 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -103,6 +103,7 @@ extern unsigned long OPENSSL_ia32cap_P; void OPENSSL_showfatal(const char *,...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; +int OPENSSL_isservice(void); #ifdef __cplusplus } diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 39523d300..47bf75828 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -632,7 +632,8 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) void RAND_screen(void) /* function available for backward compatibility */ { RAND_poll(); - readscreen(); + if (GetVersion() >= 0x80000000 || !OPENSSL_isservice()) + readscreen(); } diff --git a/e_os.h b/e_os.h index 3ff9f3cd1..cf76632b1 100644 --- a/e_os.h +++ b/e_os.h @@ -235,6 +235,23 @@ extern "C" { # define NO_DIRENT # ifdef WINDOWS +# ifndef _WIN32_WINNT + /* + * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." + * Most notably we ought to check for availability of each specific + * routine with GetProcAddress() and/or quard NT-specific calls with + * GetVersion() < 0x80000000. One can argue that in latter "or" case + * we ought to /DELAYLOAD some .DLLs in order to protect ourselves + * against run-time link errors. This doesn't seem to be necessary, + * because it turned out that already Windows 95, first non-NT Win32 + * implementation, is equipped with at least NT 3.51 stubs, dummy + * routines with same name, but which do nothing. Meaning that it's + * apparently appropriate to guard generic NT calls with GetVersion + * alone, while NT 4.0 and above calls ought to be additionally + * checked upon with GetProcAddress. + */ +# define _WIN32_WINNT 0x0400 +# endif # include # include # include diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 5888dcbfe..710c4cd12 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -11,7 +11,7 @@ $rm='del'; # C compiler stuff $cc='cl'; -$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0333 -DL_ENDIAN -DDSO_WIN32'; +$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; $lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; $mlflags=''; From fe977f75129f4e1b4ad08fab837fa2d90893ed07 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 21 May 2005 16:13:36 +0000 Subject: [PATCH 14/30] Propagate BUILDENV into subdirectories. --- crypto/Makefile | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/crypto/Makefile b/crypto/Makefile index c6c76c26a..1322b72a3 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -52,6 +52,30 @@ top: all: shared +BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ + CC='${CC}' CFLAG='${CFLAG}' \ + AS='${CC}' ASFLAG='${CFLAG} -c' \ + AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ + SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib' \ + INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ + MAKEDEPEND='$$(TOP)/util/domd $$(TOP) -MD $(MAKEDEPPROG)'\ + DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ + MAKEDEPPROG='${MAKEDEPPROG}' \ + LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ + KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ + EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ + SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \ + PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \ + CPUID_OBJ='${CPUID_OBJ}' \ + BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \ + AES_ASM_OBJ='${AES_ASM_OBJ}' \ + BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \ + RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \ + SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ + MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ + RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + THIS=$${THIS:-$@} + buildinf.h: ../Makefile ( echo "#ifndef MK1MF_BUILD"; \ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \ @@ -88,7 +112,7 @@ subdirs: @for i in $(SDIRS) ;\ do \ (cd $$i && echo "making all in crypto/$$i..." && \ - $(MAKE) INCLUDES='${INCLUDES}' all ) || exit 1; \ + $(MAKE) $(BUILDENV) INCLUDES='${INCLUDES}' all ) || exit 1; \ done; files: From 447aa49007388f08528e03db7583574b7896c8a9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 21 May 2005 16:41:34 +0000 Subject: [PATCH 15/30] Patches for Cygwin, provided by Corinna Vinschen --- Makefile.org | 10 +++++----- Makefile.shared | 11 ++++++----- engines/Makefile | 9 +++++++-- util/cygwin.sh | 18 +++++++++++++++--- 4 files changed, 33 insertions(+), 15 deletions(-) diff --git a/Makefile.org b/Makefile.org index 5deb19a01..a67c3c1ee 100644 --- a/Makefile.org +++ b/Makefile.org @@ -276,7 +276,7 @@ Makefile: Makefile.org Configure config @false libclean: - rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib + rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib clean: libclean rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c @@ -476,13 +476,13 @@ install_sw: chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ - c=`echo $$i | sed 's/^lib/cyg/'`; \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ fi ); \ fi; \ done; \ diff --git a/Makefile.shared b/Makefile.shared index 5afd419f9..6f0f5ce4a 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -229,7 +229,8 @@ link_o.cygwin: SHLIB=cyg$(LIBNAME); \ expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \ SHLIB_SUFFIX=.dll; \ - SHLIB_SOVER=-$(LIBVERSION); \ + LIBVERSION="$(LIBVERSION)"; \ + SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ @@ -240,16 +241,16 @@ link_a.cygwin: SHLIB=cyg$(LIBNAME); \ expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \ SHLIB_SUFFIX=.dll; \ - SHLIB_SOVER=; \ + SHLIB_SOVER=-$(LIBVERSION); \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x61200000; \ + base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ [ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \ [ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \ $(LINK_SO_A) || exit 1; \ - cp -p $$SHLIB$$SHLIB_SUFFIX apps/; \ - cp -p $$SHLIB$$SHLIB_SUFFIX test/ + cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \ + cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/ link_app.cygwin: $(LINK_APP) diff --git a/engines/Makefile b/engines/Makefile index d415a1c85..bf19edfe0 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -82,14 +82,19 @@ files: links: # XXXXX This currently only works on systems that use .so as suffix -# for shared libraries. +# for shared libraries as well as for Cygwin which uses the +# dlfcn_name_converter and therefore stores the engines with .so suffix, too. install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ for l in $(LIBNAMES); do \ ( echo installing $$l; \ - cp lib$$l.so $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \ + if [ "$(PLATFORM)" != "Cygwin" ]; then \ + cp lib$$l.so $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \ + else \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \ + fi; \ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.so ); \ done; \ diff --git a/util/cygwin.sh b/util/cygwin.sh index 7f791d47f..fabbf8422 100755 --- a/util/cygwin.sh +++ b/util/cygwin.sh @@ -47,6 +47,14 @@ function doc_install() create_cygwin_readme } +function certs_install() +{ + CERTS_DIR=${INSTALL_PREFIX}/usr/ssl/certs + + mkdir -p ${CERTS_DIR} + cp -rp certs/* ${CERTS_DIR} +} + function create_cygwin_readme() { README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin @@ -104,6 +112,8 @@ base_install doc_install +certs_install + create_cygwin_readme create_profile_files @@ -112,11 +122,13 @@ cd ${INSTALL_PREFIX} strip usr/bin/*.exe usr/bin/*.dll # Runtime package -find etc usr/bin usr/share/doc usr/ssl/certs usr/ssl/man/man[157] \ - usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d | +find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \ + usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \ + -empty -o \! -type d | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - # Development package -find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d | +find usr/include usr/lib/*.a usr/lib/pkgconfig usr/ssl/man/man3 \ + -empty -o \! -type d | tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 From e4c9b85e65b6d5f0394ae122e0534de9a8becad5 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 21 May 2005 16:50:27 +0000 Subject: [PATCH 16/30] Default to no-sse2 on selected platforms. --- config | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/config b/config index 02d7de026..7d330e4a5 100755 --- a/config +++ b/config @@ -647,11 +647,14 @@ case "$GUESSOS" in OUT="solaris64-x86_64-$CC" else OUT="solaris-x86-$CC" + if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then + options="$options no-sse2" + fi fi ;; *-*-sunos4) OUT="sunos-$CC" ;; - *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;; + *86*-*-bsdi4) OUT="bsdi-elf-gcc"; options="$options no-sse2" ;; alpha*-*-*bsd*) OUT="BSD-generic64; options="$options -DL_ENDIAN" ;; powerpc64-*-*bsd*) OUT="BSD-generic64; options="$options -DB_ENDIAN" ;; sparc64-*-*bsd*) OUT="BSD-sparc64" ;; @@ -659,7 +662,7 @@ case "$GUESSOS" in amd64-*-*bsd*) OUT="BSD-x86_64" ;; *86*-*-*bsd*) case "`(file -L /usr/lib/libc.so.*) 2>/dev/null`" in *ELF*) OUT="BSD-x86-elf" ;; - *) OUT="BSD-x86" ;; + *) OUT="BSD-x86"; options="$options no-sse2" ;; esac ;; *-*-*bsd*) OUT="BSD-generic32" ;; From fe8bf9560dbe5998e8857869508d2fe4b4f5dbf6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 21 May 2005 17:39:43 +0000 Subject: [PATCH 17/30] When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html. Notified by David Wolfe --- crypto/rand/randfile.c | 2 +- ssl/kssl.c | 2 +- ssl/ssltest.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index dda020fb1..d69bdf8b8 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -57,7 +57,7 @@ */ /* We need to define this to get macros like S_IFBLK and S_IFCHR */ -#define _XOPEN_SOURCE 1 +#define _XOPEN_SOURCE 500 #include #include diff --git a/ssl/kssl.c b/ssl/kssl.c index 49602bb87..b8192cdfc 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -68,7 +68,7 @@ #include -#define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */ +#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */ #include #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ #include diff --git a/ssl/ssltest.c b/ssl/ssltest.c index f8e86c3ce..e47af50a4 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -128,7 +128,7 @@ #define USE_SOCKETS #include "e_os.h" -#define _XOPEN_SOURCE 1 /* Or isascii won't be declared properly on +#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on VMS (at least with DECompHP C). */ #include From 82d3dda8a1c598f326779b27ea22cf073ee23aed Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 21 May 2005 17:49:10 +0000 Subject: [PATCH 18/30] Still SEGV trouble in .init segment under Solaris x86... --- crypto/perlasm/x86unix.pl | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl index 305a55bf6..18d4fbff4 100644 --- a/crypto/perlasm/x86unix.pl +++ b/crypto/perlasm/x86unix.pl @@ -537,7 +537,8 @@ sub main'file_end if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) { local($tmp); - push (@out,"\n.comm\t${under}OPENSSL_ia32cap_P,4,4\n"); + push (@out,"\n.section\t.bss\n"); + push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n"); push (@out,".section\t.init\n"); # One can argue that it's wasteful to craft every @@ -572,6 +573,8 @@ sub main'file_end movl %edx,0(%edi) popl %ebx popl %edi + jmp 1f + .align $align 1: ___ push (@out,$tmp); @@ -716,6 +719,9 @@ sub main'initseg $tmp=<<___; .section .init call $under$f + jmp 1f +.align $align +1: ___ } elsif ($main'coff) From 4b235065943259fb6f110e2b07624fa7c5ae5bd0 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 22 May 2005 08:55:15 +0000 Subject: [PATCH 19/30] OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to make no-sha512 more effective on platforms, which don't support 64-bit integer type of *any* kind. --- apps/speed.c | 16 ++++++++++++++-- crypto/sha/sha.h | 2 +- crypto/sha/sha512t.c | 9 +++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 50a110df0..4bec81525 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -496,9 +496,13 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; +#ifndef OPENSSL_NO_SHA256 unsigned char sha256[SHA256_DIGEST_LENGTH]; +#endif +#ifndef OPENSSL_NO_SHA512 unsigned char sha512[SHA512_DIGEST_LENGTH]; #endif +#endif #ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; #endif @@ -878,11 +882,15 @@ int MAIN(int argc, char **argv) doit[D_SHA256]=1, doit[D_SHA512]=1; else +#ifndef OPENSSL_NO_SHA256 if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; else +#endif +#ifndef OPENSSL_NO_SHA512 if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1; else #endif +#endif #ifndef OPENSSL_NO_RIPEMD if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else @@ -1064,8 +1072,12 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err,"sha1 "); - BIO_printf(bio_err,"sha256 "); - BIO_printf(bio_err,"sha512 "); +#endif +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"sha256 "); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"sha512 "); #endif #ifndef OPENSSL_NO_RIPEMD160 BIO_printf(bio_err,"rmd160"); diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index a900ad3e9..867c66152 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -148,6 +148,7 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); #define SHA384_DIGEST_LENGTH 48 #define SHA512_DIGEST_LENGTH 64 +#ifndef OPENSSL_NO_SHA512 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -178,7 +179,6 @@ typedef struct SHA512state_st unsigned int num,md_len; } SHA512_CTX; -#ifndef OPENSSL_NO_SHA512 int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c index 7385469be..4b7b3ceaa 100644 --- a/crypto/sha/sha512t.c +++ b/crypto/sha/sha512t.c @@ -11,6 +11,14 @@ #include #include +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512) +int main(int argc, char *argv[]) +{ + printf("No SHA512 support\n"); + return(0); +} +#else + unsigned char app_c1[SHA512_DIGEST_LENGTH] = { 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, @@ -173,3 +181,4 @@ int main () return 0; } +#endif From 61391e231477aec5edaec43038db7cb8ae9361d3 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 22 May 2005 10:27:59 +0000 Subject: [PATCH 20/30] Be more consistent with OPENSSL_NO_SHA256. --- crypto/sha/sha256t.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c index 5c26ec86e..68184b258 100644 --- a/crypto/sha/sha256t.c +++ b/crypto/sha/sha256t.c @@ -10,6 +10,14 @@ #include #include +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256) +int main(int argc, char *argv[]) +{ + printf("No SHA256 support\n"); + return(0); +} +#else + unsigned char app_b1[SHA256_DIGEST_LENGTH] = { 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea, 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23, @@ -136,3 +144,4 @@ int main () return 0; } +#endif From b172dec8641a7b1ce55434957828492a91f7bc33 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 24 May 2005 03:22:53 +0000 Subject: [PATCH 21/30] DEC C complains about bad subscript, but we know better, so let's shut it up. --- crypto/bn/bn_nist.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index fa453a445..b42ad01a4 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -282,6 +282,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma save +# pragma message disable BADSUBSCRIPT +#endif + nist_set_192(t_d, buf, 0, 3, 3); if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) ++carry; @@ -290,6 +295,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) ++carry; +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma restore +#endif + nist_set_192(t_d, buf, 5, 5, 5) if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) ++carry; From b325518f4588728c38d53586b0cfcdd235db6e34 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 24 May 2005 03:27:15 +0000 Subject: [PATCH 22/30] Typo correction --- doc/apps/ca.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 5db7d9441..42bae7f4a 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -422,7 +422,7 @@ the same as B<-msie_hack> the same as B<-policy>. Mandatory. See the B section for more information. -=item B, B +=item B, B these options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by @@ -544,8 +544,8 @@ A sample configuration file with the relevant sections for B: policy = policy_any # default policy email_in_dn = no # Don't add the email into cert DN - nameopt = ca_default # Subject name display option - certopt = ca_default # Certificate display option + name_opt = ca_default # Subject name display option + cert_opt = ca_default # Certificate display option copy_extensions = none # Don't copy extensions from request [ policy_any ] From 85991994dfb111a8501b6e722b707348edd02b99 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 24 May 2005 03:39:08 +0000 Subject: [PATCH 23/30] It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512 was still active when it came down to the functions. mkdef.pl should really be corrected, but that'll be another day... --- crypto/sha/sha.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 867c66152..a83bd3cac 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -178,7 +178,9 @@ typedef struct SHA512state_st } u; unsigned int num,md_len; } SHA512_CTX; +#endif +#ifndef OPENSSL_NO_SHA512 int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); From 60192e96b80fd9ec0776c9db0497c066c97a7cf9 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 25 May 2005 02:54:28 +0000 Subject: [PATCH 24/30] Handle differences between engine IDs and their dynamic library names (and source files, for that matter) by tolerating the alternatives. It would be preferable to also change the generated shared library names, but that will be taken up separately. --- engines/e_4758_cca.c | 5 ++++- engines/e_ncipher.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index 685a6804c..d01a03783 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -202,6 +202,8 @@ static RAND_METHOD ibm_4758_cca_rand = static const char *engine_4758_cca_id = "4758cca"; static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support"; +/* Compatibility hack, the dynamic library uses this form in the path */ +static const char *engine_4758_cca_id_alt = "4758_cca"; /* engine implementation */ /*-----------------------*/ @@ -958,7 +960,8 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, #ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_fn(ENGINE *e, const char *id) { - if(id && (strcmp(id, engine_4758_cca_id) != 0)) + if(id && (strcmp(id, engine_4758_cca_id) != 0) && + (strcmp(id, engine_4758_cca_id_alt) != 0)) return 0; if(!bind_helper(e)) return 0; diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index b5f054bb8..11ae5aec8 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -224,6 +224,8 @@ static RAND_METHOD hwcrhk_rand = /* Constants used when creating the ENGINE */ static const char *engine_hwcrhk_id = "chil"; static const char *engine_hwcrhk_name = "nCipher hardware engine support"; +/* Compatibility hack, the dynamic library uses this form in the path */ +static const char *engine_hwcrhk_id_alt = "ncipher"; /* Internal stuff for HWCryptoHook */ @@ -1343,7 +1345,8 @@ static void hwcrhk_log_message(void *logstr, const char *message) #ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_fn(ENGINE *e, const char *id) { - if(id && (strcmp(id, engine_hwcrhk_id) != 0)) + if(id && (strcmp(id, engine_hwcrhk_id) != 0) && + (strcmp(id, engine_hwcrhk_id_alt) != 0)) return 0; if(!bind_helper(e)) return 0; From c61f571ce02ab6ab8ffe0c33a03b4a32ae83516e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 26 May 2005 04:30:49 +0000 Subject: [PATCH 25/30] check BN_copy() return value --- crypto/bn/bn_blind.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 40e742dba..ca22d4f8b 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -207,6 +207,8 @@ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) { + int ret = 1; + bn_check_top(n); if ((b->A == NULL) || (b->Ai == NULL)) @@ -216,9 +218,13 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) } if (r != NULL) - BN_copy(r, b->Ai); + { + if (!BN_copy(r, b->Ai)) ret=0; + } - return BN_mod_mul(n,n,b->A,b->mod,ctx); + if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; + + return ret; } int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) @@ -351,4 +357,3 @@ err: return ret; } - From 0ebfcc8f92736c900bae4066040b67f6e5db8edb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 26 May 2005 04:40:52 +0000 Subject: [PATCH 26/30] make sure DSA signing exponentiations really are constant-time --- CHANGES | 7 +++++++ crypto/dsa/dsa_ossl.c | 30 +++++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 9711d5643..3b68628fb 100644 --- a/CHANGES +++ b/CHANGES @@ -803,6 +803,13 @@ Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform + the exponentiation using a fixed-length exponent. (Otherwise, + the information leaked through timing could expose the secret key + after many signatures; cf. Bleichenbacher's attack on DSA with + biased k.) + [Bodo Moeller] + *) Make a new fixed-window mod_exp implementation the default for RSA, DSA, and DH private-key operations so that the sequence of squares and multiplies and the memory access pattern are diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 2e5ede782..3fd8a3561 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -202,7 +202,7 @@ err: static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { BN_CTX *ctx; - BIGNUM k,*kinv=NULL,*r=NULL; + BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; int ret=0; if (!dsa->p || !dsa->q || !dsa->g) @@ -212,6 +212,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } BN_init(&k); + BN_init(&kq); if (ctx_in == NULL) { @@ -221,7 +222,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) ctx=ctx_in; if ((r=BN_new()) == NULL) goto err; - kinv=NULL; /* Get random k */ do @@ -241,7 +241,30 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } /* Compute r = (g^k mod p) mod q */ - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, + + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) + { + if (!BN_copy(&kq, &k)) goto err; + + /* We do not want timing information to leak the length of k, + * so we compute g^k using an equivalent exponent of fixed length. + * + * (This is a kludge that we need because the BN_mod_exp_mont() + * does not let us specify the desired timing behaviour.) */ + + if (!BN_add(&kq, &kq, dsa->q)) goto err; + if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) + { + if (!BN_add(&kq, &kq, dsa->q)) goto err; + } + + K = &kq; + } + else + { + K = &k; + } + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, dsa->method_mont_p); if (!BN_mod(r,r,dsa->q,ctx)) goto err; @@ -264,6 +287,7 @@ err: if (ctx_in == NULL) BN_CTX_free(ctx); if (kinv != NULL) BN_clear_free(kinv); BN_clear_free(&k); + BN_clear_free(&kq); return(ret); } From 3f791ca8188b71cba77e718d2d5c2ed7613d3b6a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 27 May 2005 13:19:25 +0000 Subject: [PATCH 27/30] Assing check_{cert,crl}_time to 'ok' variable so it returns errors on expiry. --- crypto/x509/x509_vfy.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 637e2b614..571136723 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -776,7 +776,8 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) } } - if (!check_crl_time(ctx, crl, 1)) + ok = check_crl_time(ctx, crl, 1); + if (!ok) goto err; ok = 1; @@ -1006,7 +1007,8 @@ static int internal_verify(X509_STORE_CTX *ctx) xs->valid = 1; - if (!check_cert_time(ctx, xs)) + ok = check_cert_time(ctx, xs); + if (!ok) goto end; /* The last error (if any) is still in the error value */ From a28a5d9c626c8b48d55f64ad77304578d1bd2a03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 27 May 2005 15:38:53 +0000 Subject: [PATCH 28/30] Use BN_with_flags() in a cleaner way. --- crypto/bn/bn.h | 2 ++ crypto/dh/dh_key.c | 1 + crypto/dsa/dsa_key.c | 1 + crypto/rsa/rsa_eay.c | 1 + 4 files changed, 5 insertions(+) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 6d5273520..9f4668a51 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -253,6 +253,8 @@ extern "C" { #define BN_set_flags(b,n) ((b)->flags|=(n)) #define BN_get_flags(b,n) ((b)->flags&(n)) +/* get a clone of a BIGNUM with changed flags, for *temporary* use only + * (the two BIGNUMs cannot not be used in parallel!) */ #define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ (dest)->top=(b)->top, \ (dest)->dmax=(b)->dmax, \ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e384286c7..39eefe387 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -148,6 +148,7 @@ static int generate_key(DH *dh) if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); } diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 5ba885e1e..0423f2e00 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -105,6 +105,7 @@ static int dsa_builtin_keygen(DSA *dsa) if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { + BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); } diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 175ab8a78..6954f36d5 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -383,6 +383,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) { + BN_init(&local_d); d = &local_d; BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); } From 499fca2db345a81a05b7d02dcefdc29f04507527 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 28 May 2005 20:44:02 +0000 Subject: [PATCH 29/30] Update from 0.9.7-stable. Also repatch and rebuild error codes. --- apps/rsautl.c | 1 + crypto/rsa/Makefile | 4 ++-- crypto/rsa/rsa.h | 39 ++++++++++++++++++++++++++++++--------- crypto/rsa/rsa_eay.c | 26 +++++++++++++++++++++++--- crypto/rsa/rsa_err.c | 13 +++++++++++++ crypto/rsa/rsa_oaep.c | 19 +++++++++++++------ 6 files changed, 82 insertions(+), 20 deletions(-) diff --git a/apps/rsautl.c b/apps/rsautl.c index 596199010..a629ff50a 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -148,6 +148,7 @@ int MAIN(int argc, char **argv) else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; + else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; else if(!strcmp(*argv, "-sign")) { rsa_mode = RSA_SIGN; need_priv = 1; diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index e406f2450..6c0522652 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -19,10 +19,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_asn1.c rsa_depr.c + rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_asn1.o rsa_depr.o + rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o SRC= $(LIBSRC) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index dcefebad2..2dd403b81 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -196,6 +196,7 @@ struct rsa_st #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_X931_PADDING 5 #define RSA_PKCS1_PADDING_SIZE 11 @@ -297,6 +298,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, const unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, const unsigned char *f,int fl,int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst); int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, const unsigned char *f,int fl, const unsigned char *p,int pl); @@ -311,6 +314,11 @@ int RSA_padding_add_none(unsigned char *to,int tlen, const unsigned char *f,int fl); int RSA_padding_check_none(unsigned char *to,int tlen, const unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_X931(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_X931(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int RSA_X931_hash_id(int nid); int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -329,37 +337,43 @@ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ /* Function codes. */ -#define RSA_F_RSA_BUILTIN_KEYGEN 105 +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_CHECK_KEY 123 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 -#define RSA_F_RSA_MEMORY_LOCK 100 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_MEMORY_LOCK 130 #define RSA_F_RSA_NEW_METHOD 106 #define RSA_F_RSA_NULL 124 -#define RSA_F_RSA_NULL_MOD_EXP 126 -#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 127 -#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 128 -#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 129 -#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 130 +#define RSA_F_RSA_NULL_MOD_EXP 131 +#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 #define RSA_F_RSA_PADDING_ADD_NONE 107 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 #define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_ADD_X931 127 #define RSA_F_RSA_PADDING_CHECK_NONE 111 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 #define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PADDING_CHECK_X931 128 #define RSA_F_RSA_PRINT 115 #define RSA_F_RSA_PRINT_FP 116 -#define RSA_F_RSA_SETUP_BLINDING 125 +#define RSA_F_RSA_SETUP_BLINDING 136 #define RSA_F_RSA_SIGN 117 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 #define RSA_F_RSA_VERIFY 119 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 @@ -379,13 +393,19 @@ void ERR_load_RSA_strings(void); #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_INVALID_HEADER 137 #define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_TRAILER 139 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 -#define RSA_R_NO_PUBLIC_EXPONENT 133 +#define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_ONE_CHECK_FAILED 135 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 @@ -395,6 +415,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 +#define RSA_R_ZERO_CHECK_FAILED 136 #ifdef __cplusplus } diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 6954f36d5..620ac5544 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -309,7 +309,7 @@ static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - BIGNUM *f, *ret, *br; + BIGNUM *f, *ret, *br, *res; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -334,6 +334,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); break; + case RSA_X931_PADDING: + i=RSA_padding_add_X931(buf,num,from,flen); + break; case RSA_NO_PADDING: i=RSA_padding_add_none(buf,num,from,flen); break; @@ -400,10 +403,21 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) goto err; + if (padding == RSA_X931_PADDING) + { + BN_sub(f, rsa->n, ret); + if (BN_cmp(ret, f)) + res = f; + else + res = ret; + } + else + res = ret; + /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(ret); - i=BN_bn2bin(ret,&(to[num-j])); + j=BN_num_bytes(res); + i=BN_bn2bin(res,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; @@ -593,6 +607,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; + if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) + BN_sub(ret, rsa->n, ret); + p=buf; i=BN_bn2bin(ret,p); @@ -601,6 +618,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); break; + case RSA_X931_PADDING: + r=RSA_padding_check_X931(to,num,buf,i,num); + break; case RSA_NO_PADDING: r=RSA_padding_check_none(to,num,buf,i,num); break; diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index b2ac6c22a..48e8f3931 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -70,12 +70,14 @@ static ERR_STRING_DATA RSA_str_functs[]= { +{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, +{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, @@ -86,14 +88,17 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_PADDING_ADD_PKCS1_PSS"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, +{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"}, {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"}, {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"}, {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, +{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, @@ -101,6 +106,7 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"}, +{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_VERIFY_PKCS1_PSS"}, {0,NULL} }; @@ -123,13 +129,19 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"}, {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"}, {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, +{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, +{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, +{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, +{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, +{ERR_REASON(RSA_R_ONE_CHECK_FAILED) ,"one check failed"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, @@ -139,6 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, +{ERR_REASON(RSA_R_ZERO_CHECK_FAILED) ,"zero check failed"}, {0,NULL} }; diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 66d33e538..45d6f6ef8 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -170,28 +170,30 @@ decoding_err: return -1; } -int MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen) +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst) { long i, outlen = 0; unsigned char cnt[4]; EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; EVP_MD_CTX_init(&c); + mdlen = EVP_MD_size(dgst); for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,EVP_sha1(), NULL); + EVP_DigestInit_ex(&c,dgst, NULL); EVP_DigestUpdate(&c, seed, seedlen); EVP_DigestUpdate(&c, cnt, 4); - if (outlen + SHA_DIGEST_LENGTH <= len) + if (outlen + mdlen <= len) { EVP_DigestFinal_ex(&c, mask + outlen, NULL); - outlen += SHA_DIGEST_LENGTH; + outlen += mdlen; } else { @@ -203,4 +205,9 @@ int MGF1(unsigned char *mask, long len, EVP_MD_CTX_cleanup(&c); return 0; } + +int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) + { + return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); + } #endif From 429168e7eecdb0b965db5ea445727a7e4cb37380 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 28 May 2005 20:44:37 +0000 Subject: [PATCH 30/30] Add pss/x931 files. --- crypto/rsa/rsa_pss.c | 220 ++++++++++++++++++++++++++++++++++++++++++ crypto/rsa/rsa_x931.c | 175 +++++++++++++++++++++++++++++++++ 2 files changed, 395 insertions(+) create mode 100644 crypto/rsa/rsa_pss.c create mode 100644 crypto/rsa/rsa_x931.c diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c new file mode 100644 index 000000000..a47035733 --- /dev/null +++ b/crypto/rsa/rsa_pss.c @@ -0,0 +1,220 @@ +/* rsa_pss.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include + +const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, int sLen) + { + int i; + int ret = 0; + int hLen, maskedDBLen, emBits, emLen; + const unsigned char *H; + unsigned char *DB = NULL; + EVP_MD_CTX ctx; + unsigned char H_[EVP_MAX_MD_SIZE]; + emBits = BN_num_bits(rsa->n) - 1; + emLen = (emBits + 7) >> 3; + hLen = EVP_MD_size(Hash); + if (emLen < (hLen + sLen + 2)) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); + goto err; + } + if (EM[emLen - 1] != 0xbc) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); + goto err; + } + if (EM[0] & (0xFF << (emBits & 0x7))) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); + goto err; + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = OPENSSL_malloc(maskedDBLen); + if (!DB) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); + goto err; + } + PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); + for (i = 0; i < maskedDBLen; i++) + DB[i] ^= EM[i]; + DB[0] &= 0xFF >> (8 - (emBits & 0x7)); + for (i = 0; i < (emLen - hLen - sLen - 2); i++) + { + if (DB[i] != 0) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, + RSA_R_ZERO_CHECK_FAILED); + goto err; + } + } + if (DB[i] != 0x1) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_ONE_CHECK_FAILED); + goto err; + } + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, Hash, NULL); + EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); + EVP_DigestUpdate(&ctx, mHash, hLen); + if (sLen) + EVP_DigestUpdate(&ctx, DB + maskedDBLen - sLen, sLen); + EVP_DigestFinal(&ctx, H_, NULL); + EVP_MD_CTX_cleanup(&ctx); + if (memcmp(H_, H, hLen)) + { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); + ret = 0; + } + else + ret = 1; + + err: + if (DB) + OPENSSL_free(DB); + + return ret; + + } + +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen) + { + int i; + int ret = 0; + int hLen, maskedDBLen, emBits, emLen; + unsigned char *H, *salt = NULL, *p; + EVP_MD_CTX ctx; + emBits = BN_num_bits(rsa->n) - 1; + emLen = (emBits + 7) >> 3; + hLen = EVP_MD_size(Hash); + if (sLen < 0) + sLen = 0; + if (emLen < (hLen + sLen + 2)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + if (sLen > 0) + { + salt = OPENSSL_malloc(sLen); + if (!salt) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (!RAND_bytes(salt, sLen)) + goto err; + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, Hash, NULL); + EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); + EVP_DigestUpdate(&ctx, mHash, hLen); + if (sLen) + EVP_DigestUpdate(&ctx, salt, sLen); + EVP_DigestFinal(&ctx, H, NULL); + EVP_MD_CTX_cleanup(&ctx); + + /* Generate dbMask in place then perform XOR on it */ + PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); + + p = EM; + + /* Initial PS XORs with all zeroes which is a NOP so just update + * pointer. Note from a test above this value is guaranteed to + * be non-negative. + */ + p += emLen - sLen - hLen - 2; + *p++ ^= 0x1; + if (sLen > 0) + { + for (i = 0; i < sLen; i++) + *p++ ^= salt[i]; + } + EM[0] &= 0xFF >> (8 - (emBits & 0x7)); + + /* H is already in place so just set final 0xbc */ + + EM[emLen - 1] = 0xbc; + + ret = 1; + + err: + if (salt) + OPENSSL_free(salt); + + return ret; + + } diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c new file mode 100644 index 000000000..ac3fde2a8 --- /dev/null +++ b/crypto/rsa/rsa_x931.c @@ -0,0 +1,175 @@ +/* rsa_x931.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *from, int flen) + { + int j; + unsigned char *p; + + /* Absolute minimum amount of padding is 1 header nibble, 1 padding + * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. + */ + + j = tlen - flen - 2; + + if (j < 0) + { + RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return -1; + } + + p=(unsigned char *)to; + + /* If no padding start and end nibbles are in one byte */ + if (j == 0) + *p++ = 0x6A; + else + { + *p++ = 0x6B; + if (j > 1) + { + memset(p, 0xBB, j - 1); + p += j - 1; + } + *p++ = 0xBA; + } + memcpy(p,from,(unsigned int)flen); + p += flen; + *p = 0xCC; + return(1); + } + +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num) + { + int i,j; + const unsigned char *p; + + p=from; + if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER); + return -1; + } + + j=flen-3; + if (*p++ == 0x6B) + { + for (i = 0; i < j; i++) + { + unsigned char c = *p++; + if (c == 0xBA) + break; + if (c != 0xBB) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931, + RSA_R_INVALID_PADDING); + return -1; + } + } + } + + j -= i; + + if (i == 0) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); + return -1; + } + + if (p[j] != 0xCC) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); + return -1; + } + + memcpy(to,p,(unsigned int)j); + + return(j); + } + +/* Translate between X931 hash ids and NIDs */ + +int RSA_X931_hash_id(int nid) + { + switch (nid) + { + case NID_sha1: + return 0x33; + + case NID_sha256: + return 0x34; + + case NID_sha384: + return 0x36; + + case NID_sha512: + return 0x35; + + } + return -1; + } +