From 82384690e2ac49d6604d66bf5ac04c93f3e64a71 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 9 Sep 2003 23:44:39 +0000 Subject: [PATCH 001/112] Typos. --- crypto/o_str.c | 3 ++- crypto/o_str.h | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/o_str.c b/crypto/o_str.c index 8bcdc25e7..174db3156 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -57,6 +57,7 @@ */ #include +#include int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) { @@ -87,7 +88,7 @@ int OPENSSL_strcasecmp(const char *str1, const char *str2) #if defined(OPENSSL_SYS_VMS) return OSSL_strncasecmp(str1, str2, (size_t)-1); #elif defined(OPENSSL_SYS_WINDOWS) - return _stricmp(str1, str2, n); + return _stricmp(str1, str2); #else return strcasecmp(str1, str2); #endif diff --git a/crypto/o_str.h b/crypto/o_str.h index 5535123ab..744a6e27d 100644 --- a/crypto/o_str.h +++ b/crypto/o_str.h @@ -62,6 +62,6 @@ #include int OPENSSL_strcasecmp(const char *str1, const char *str2); -int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); #endif From 7068c8b1a6b9f88fc96f9de78147a08c16b3639a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 21 Sep 2003 02:18:15 +0000 Subject: [PATCH 002/112] In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store. --- apps/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/x509.c b/apps/x509.c index f0ef5596f..036e25505 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1103,7 +1103,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, else if (!(bs = x509_load_serial(CAfile, serialfile, create))) goto end; - if (!X509_STORE_add_cert(ctx,x)) goto end; +/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ From dfe399e7d9773174c44fa3451b97cf1e3ca07a55 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 21 Sep 2003 02:20:02 +0000 Subject: [PATCH 003/112] Add -passin support to rsautl --- apps/rsautl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/apps/rsautl.c b/apps/rsautl.c index 5a6fd115f..5db6fe7cd 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -97,6 +97,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey = NULL; RSA *rsa = NULL; unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; + char *passargin = NULL, *passin = NULL; int rsa_inlen, rsa_outlen = 0; int keysize; @@ -124,6 +125,9 @@ int MAIN(int argc, char **argv) } else if(!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; keyfile = *(++argv); + } else if (!strcmp(*argv,"-passin")) { + if (--argc < 1) badarg = 1; + passargin= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); @@ -169,6 +173,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -176,7 +184,7 @@ int MAIN(int argc, char **argv) switch(key_type) { case KEY_PRIVKEY: pkey = load_key(bio_err, keyfile, keyform, 0, - NULL, e, "Private Key"); + passin, e, "Private Key"); break; case KEY_PUBKEY: @@ -290,6 +298,7 @@ int MAIN(int argc, char **argv) BIO_free_all(out); if(rsa_in) OPENSSL_free(rsa_in); if(rsa_out) OPENSSL_free(rsa_out); + if(passin) OPENSSL_free(passin); return ret; } @@ -313,6 +322,7 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf (bio_err, "-passin arg pass phrase source\n"); #endif } From 6bd27f8644e401301e3a843d92876e74ed6cb0ea Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Thu, 25 Sep 2003 13:57:58 +0000 Subject: [PATCH 004/112] Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime table crypto/bn/bn_prime.h was already correct, but it could not be re-generated on some platforms because of the "division by zero" situation in the script. --- CHANGES | 8 ++++++++ crypto/bn/bn_prime.pl | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index fc57065a6..5e68e6247 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making + sure the loop does correctly stop and breaking ("division by zero") + modulus operations are not performed. The (pre-generated) prime + table crypto/bn/bn_prime.h was already correct, but it could not be + re-generated on some platforms because of the "division by zero" + situation in the script. + [Ralf S. Engelschall] + *) Update support for ECC-based TLS ciphersuites according to draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with SHA-1 now is only used for "small" curves (where the diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index 9fc376548..e583d1d53 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -11,7 +11,7 @@ loop: while ($#primes < $num-1) $p+=2; $s=int(sqrt($p)); - for ($i=0; $primes[$i]<=$s; $i++) + for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) { next loop if (($p%$primes[$i]) == 0); } From f6b659cba4bab69cd36cdc492f2bdab2d848d819 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 07:34:49 +0000 Subject: [PATCH 005/112] Add necessary changes to be able to build on VxWorks for PPC860. Contributed by Bob Bradley --- Configure | 1 + e_os.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index a88c0cb6a..a41c43124 100755 --- a/Configure +++ b/Configure @@ -560,6 +560,7 @@ my %table=( "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", diff --git a/e_os.h b/e_os.h index 3f7cdf4b5..aad0a7eae 100644 --- a/e_os.h +++ b/e_os.h @@ -541,7 +541,7 @@ extern char *sys_errlist[]; extern int sys_nerr; #if defined(ioctlsocket) #undef ioctlsocket #endif -#define ioctlsocket(a,b,c) ioctl((a),(b),*(c)) +#define ioctlsocket(a,b,c) ioctl((a),(b),*(int*)(c)) #include #include From 0e6c20da462da07faebe8b685b294e72b018cc43 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 07:35:07 +0000 Subject: [PATCH 006/112] Free the Kerberos context upon freeing the SSL. Contributed by Andrew Mann --- ssl/ssl_lib.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ea76cf117..0c84e3ddd 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -477,6 +477,11 @@ void SSL_free(SSL *s) if (s->method != NULL) s->method->ssl_free(s); +#ifndef OPENSSL_NO_KRB5 + if (s->kssl_ctx != NULL) + kssl_ctx_free(s->kssl_ctx); +#endif /* OPENSSL_NO_KRB5 */ + OPENSSL_free(s); } From 0ad2c4f85ba4f10c9d2387f316d89a7e9a42fe82 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 10:39:16 +0000 Subject: [PATCH 007/112] Correct small documentation error. PR: 698 --- INSTALL.W32 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 78d289e16..0f6c302f0 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -225,7 +225,7 @@ $ md c:\openssl\lib $ md c:\openssl\include $ md c:\openssl\include\openssl - $ copy /b inc32\* c:\openssl\include\openssl + $ copy /b inc32\openssl\* c:\openssl\include\openssl $ copy /b out32dll\ssleay32.lib c:\openssl\lib $ copy /b out32dll\libeay32.lib c:\openssl\lib $ copy /b out32dll\ssleay32.dll c:\openssl\bin From 253e893c2b0e0d1bc2d4b64073a30cfc493e5bc6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 17:55:13 +0000 Subject: [PATCH 008/112] Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693 --- apps/s_server.c | 8 +++++++- ssl/kssl.c | 35 ++++++++++++++++++++++++++--------- ssl/kssl.h | 2 +- 3 files changed, 34 insertions(+), 11 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 7ce65a3e8..64d4c8286 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1347,7 +1347,13 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); - +#ifndef OPENSSL_NO_KRB5 + if (con->kssl_ctx->client_princ != NULL) + { + BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", + con->kssl_ctx->client_princ); + } +#endif /* OPENSSL_NO_KRB5 */ return(1); } diff --git a/ssl/kssl.c b/ssl/kssl.c index a80f5b2f7..7c45f8ff4 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, "bad ticket from krb5_rd_req.\n"); } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data)) + &krb5ticket->enc_part2->client->realm, + krb5ticket->enc_part2->client->data, + krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); @@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) } -/* Given a (krb5_data *) entity (and optional realm), +/* Given an array of (krb5_data *) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity) + krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; + int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; @@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } if (*princ) free(*princ); - length = entity->length + ((realm)? realm->length + 2: 1); + /* Add up all the entity->lengths */ + length = 0; + for (i=0; i < nentities; i++) + { + length += entity[i].length; + } + /* Add in space for the '/' character(s) (if any) */ + length += nentities-1; + /* Space for the ('@'+realm+NULL | NULL) */ + length += ((realm)? realm->length + 2: 1); + if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else - { - strncpy(*princ, entity->data, entity->length); - (*princ)[entity->length]='\0'; + { + for (i = 0; i < nentities; i++) + { + strncat(*princ, entity[i].data, entity[i].length); + if (i < nentities-1) + { + strcat (*princ, "/"); + } + } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); - (*princ)[entity->length+1+realm->length]='\0'; } } diff --git a/ssl/kssl.h b/ssl/kssl.h index cf7ebdd16..19a689b08 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity); + krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, From e59659dc4187d682d8a9166de3f4c2315d340cc5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 19:27:06 +0000 Subject: [PATCH 009/112] Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. PR: 680 --- ssl/s3_srvr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ca39d6b1c..bd0624be3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1574,6 +1574,7 @@ static int ssl3_send_certificate_request(SSL *s) s->init_num += 4; #endif + s->state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ From ba9f80c5d515c9e087b942f578954925290f4fb9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 19:32:06 +0000 Subject: [PATCH 010/112] Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. PR: 679 --- ssl/s3_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7eff4f1d5..b27a1deaa 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2161,6 +2161,7 @@ static int ssl3_send_client_verify(SSL *s) *(d++)=SSL3_MT_CERTIFICATE_VERIFY; l2n3(n,d); + s->state=SSL3_ST_CW_CERT_VRFY_B; s->init_num=(int)n+4; s->init_off=0; } From 11171f3c743f6b56f4bca523053cebf5c15ecccc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 20:29:05 +0000 Subject: [PATCH 011/112] Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678 --- crypto/err/err.c | 42 +++++++++++++++++++++++++++++++++++++++++- crypto/err/err.h | 1 + 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 9b9bec685..f2c322c1c 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -226,6 +226,7 @@ struct st_ERR_FNS ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); /* Works on the "thread_hash" error-state table */ LHASH *(*cb_thread_get)(int create); + void (*cb_thread_release)(LHASH **hash); ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); void (*cb_thread_del_item)(const ERR_STATE *); @@ -240,6 +241,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); static LHASH *int_thread_get(int create); +static void int_thread_release(LHASH **hash); static ERR_STATE *int_thread_get_item(const ERR_STATE *); static ERR_STATE *int_thread_set_item(ERR_STATE *); static void int_thread_del_item(const ERR_STATE *); @@ -253,6 +255,7 @@ static const ERR_FNS err_defaults = int_err_set_item, int_err_del_item, int_thread_get, + int_thread_release, int_thread_get_item, int_thread_set_item, int_thread_del_item, @@ -272,6 +275,7 @@ static const ERR_FNS *err_fns = NULL; * and state in the loading application. */ static LHASH *int_error_hash = NULL; static LHASH *int_thread_hash = NULL; +static int int_thread_hash_references = 0; static int int_err_library_number= ERR_LIB_USER; /* Internal function that checks whether "err_fns" is set and if not, sets it to @@ -418,11 +422,37 @@ static LHASH *int_thread_get(int create) CRYPTO_pop_info(); } if (int_thread_hash) + { + int_thread_hash_references++; ret = int_thread_hash; + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; } +static void int_thread_release(LHASH **hash) + { + int i; + + if (hash == NULL || *hash == NULL) + return; + + i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + +#ifdef REF_PRINT + fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"int_thread_release, bad reference count\n"); + abort(); /* ok */ + } +#endif + *hash = NULL; + } + static ERR_STATE *int_thread_get_item(const ERR_STATE *d) { ERR_STATE *p; @@ -437,6 +467,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d) p = (ERR_STATE *)lh_retrieve(hash, d); CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -454,6 +485,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d) p = (ERR_STATE *)lh_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -470,13 +502,15 @@ static void int_thread_del_item(const ERR_STATE *d) CRYPTO_w_lock(CRYPTO_LOCK_ERR); p = (ERR_STATE *)lh_delete(hash, d); /* make sure we don't leak memory */ - if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) + if (int_thread_hash_references == 1 + && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { lh_free(int_thread_hash); int_thread_hash = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); if (p) ERR_STATE_free(p); } @@ -855,6 +889,12 @@ LHASH *ERR_get_err_state_table(void) return ERRFN(thread_get)(0); } +void ERR_release_err_state_table(LHASH **hash) + { + err_fns_check(); + ERRFN(thread_release)(hash); + } + const char *ERR_lib_error_string(unsigned long e) { ERR_STRING_DATA d,*p; diff --git a/crypto/err/err.h b/crypto/err/err.h index 1228acfe5..d893f60bb 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -293,6 +293,7 @@ ERR_STATE *ERR_get_state(void); #ifndef OPENSSL_NO_LHASH LHASH *ERR_get_string_table(void); LHASH *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH **hash); #endif int ERR_get_next_error_library(void); From 3d7c4a5a6d0bb05194a26e598000d2b2666e1bec Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 21:56:08 +0000 Subject: [PATCH 012/112] Selected changes for MSDOS, contributed by Gisle Vanem . PR: 669 --- apps/s_apps.h | 8 ++++++++ apps/s_client.c | 18 +++++++----------- apps/s_server.c | 12 ++++-------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/apps/s_apps.h b/apps/s_apps.h index ff18a72fe..66b6edd44 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -112,6 +112,14 @@ #include #include +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#include +#endif + +#ifdef OPENSSL_SYS_MSDOS +#define _kbhit kbhit +#endif + #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) /* VAX C does not defined fd_set and friends, but it's actually quite simple */ /* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ diff --git a/apps/s_client.c b/apps/s_client.c index 74d578d6b..eb6fd7c1c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -136,10 +136,6 @@ typedef unsigned int u_int; #include #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS -#include -#endif - #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno @@ -260,7 +256,7 @@ int MAIN(int argc, char **argv) char *engine_id=NULL; ENGINE *e=NULL; #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) struct timeval tv; #endif @@ -644,7 +640,7 @@ re_start: if (!ssl_pending) { -#ifndef OPENSSL_SYS_WINDOWS +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -671,8 +667,8 @@ re_start: * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS - /* Under Windows we make the assumption that we can +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Under Windows/DOS we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise * we timeout the select every second and see if there @@ -686,7 +682,7 @@ re_start: tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); -#ifdef OPENSSL_SYS_WINCE +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) if(!i && (!_kbhit() || !read_tty) ) continue; #else if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; @@ -855,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 } } -#ifdef OPENSSL_SYS_WINDOWS -#ifdef OPENSSL_SYS_WINCE +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) else if (_kbhit()) #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) diff --git a/apps/s_server.c b/apps/s_server.c index 64d4c8286..dd58591d3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -151,10 +151,6 @@ typedef unsigned int u_int; #include #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS -#include -#endif - #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno @@ -1001,7 +997,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) struct timeval tv; #endif @@ -1075,7 +1071,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#ifndef OPENSSL_SYS_WINDOWS +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -1085,8 +1081,8 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS - /* Under Windows we can't select on stdin: only +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows * application we wouldn't do this because it is inefficient. From 1be02dd84277d15136ecb06fa253b83aaca9de49 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 22:14:39 +0000 Subject: [PATCH 013/112] Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664 --- crypto/md5/asm/md5-586.pl | 2 +- crypto/perlasm/x86ms.pl | 3 +++ crypto/perlasm/x86nasm.pl | 3 +++ crypto/perlasm/x86unix.pl | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl index 5fc6a205c..fa3fa3bed 100644 --- a/crypto/md5/asm/md5-586.pl +++ b/crypto/md5/asm/md5-586.pl @@ -293,7 +293,7 @@ sub md5_block &mov(&DWP(12,$tmp2,"",0),$D); &cmp($tmp1,$X) unless $normal; # check count - &jge(&label("start")) unless $normal; + &jae(&label("start")) unless $normal; &pop("eax"); # pop the temp variable off the stack &pop("ebx"); diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl index 35f1a4ddb..fbb4afb9b 100644 --- a/crypto/perlasm/x86ms.pl +++ b/crypto/perlasm/x86ms.pl @@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jnz { &out1("jnz",@_); } diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index f30b7466d..30346af4e 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); } sub main'jz { &out1("jz NEAR",@_); } sub main'jge { &out1("jge NEAR",@_); } sub main'jl { &out1("jl NEAR",@_); } +sub main'ja { &out1("ja NEAR",@_); } +sub main'jae { &out1("jae NEAR",@_); } sub main'jb { &out1("jb NEAR",@_); } +sub main'jbe { &out1("jbe NEAR",@_); } sub main'jc { &out1("jc NEAR",@_); } sub main'jnc { &out1("jnc NEAR",@_); } sub main'jnz { &out1("jnz NEAR",@_); } diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl index 72bde061c..10b669bf0 100644 --- a/crypto/perlasm/x86unix.pl +++ b/crypto/perlasm/x86unix.pl @@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jno { &out1("jno",@_); } From 3c02e24bb3bfe966549ca242c36d54b985abe1b5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 22:48:33 +0000 Subject: [PATCH 014/112] Change the indentation from 12 to indent+4. PR: 657 --- crypto/x509v3/v3_prn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 9be6c95a6..8e3b3d867 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts j=X509_EXTENSION_get_critical(ex); if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) return 0; - if(!X509V3_EXT_print(bp, ex, flag, 12)) + if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); M_ASN1_OCTET_STRING_print(bp,ex->value); From 7f3ba9428f29dd424267f75fa2de7d0fe513a6c9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 28 Sep 2003 07:11:33 +0000 Subject: [PATCH 015/112] Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669 --- crypto/bio/bss_file.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a66600c1a..1f9bd3312 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown=(int)num&BIO_CLOSE; b->ptr=(char *)ptr; b->init=1; -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) + if (num & BIO_FP_TEXT) + _setmode(fd,_O_TEXT); + else + _setmode(fd,_O_BINARY); +#elif defined(OPENSSL_SYS_MSDOS) + { + int fd = fileno((FILE*)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) - _setmode(fileno((FILE *)ptr),_O_TEXT); + _setmode(fd,_O_TEXT); + /* Dangerous to set stdin/stdout to raw (unless redirected) */ else - _setmode(fileno((FILE *)ptr),_O_BINARY); + { + if (fd == STDIN_FILENO || fd == STDOUT_FILENO) + { + if (isatty(fd) <= 0) + _setmode(fd,_O_BINARY); + } + else + _setmode(fd,_O_BINARY); + } + } #elif defined(OPENSSL_SYS_OS2) if (num & BIO_FP_TEXT) setmode(fileno((FILE *)ptr), O_TEXT); From 057a04398d5e7d4efd49fa649e20125017397935 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 28 Sep 2003 09:34:50 +0000 Subject: [PATCH 016/112] Synchronise util/libeay.num with the 0.9.7-stable one. make update --- TABLE | 25 ++ crypto/Makefile.ssl | 2 + util/libeay.num | 687 ++++++++++++++++++++++---------------------- 3 files changed, 370 insertions(+), 344 deletions(-) diff --git a/TABLE b/TABLE index 796a0094b..8fe97d684 100644 --- a/TABLE +++ b/TABLE @@ -4324,3 +4324,28 @@ $shared_ldflag = $shared_extension = $ranlib = $arflags = + +*** vxworks-ppc860 +$cc = ccppc +$cflags = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 059d8a6d2..b119ccbd9 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -204,6 +204,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c +o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c +o_str.o: o_str.h o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c o_time.o: o_time.h tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h diff --git a/util/libeay.num b/util/libeay.num index fa11a9fa6..6151f6274 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2802,348 +2802,347 @@ BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: BN_get0_nist_prime_384 3246 EXIST::FUNCTION: -ENGINE_register_ECDSA 3247 EXIST::FUNCTION:ENGINE -BN_nist_mod_192 3248 EXIST::FUNCTION: -EC_GROUP_get_trinomial_basis 3249 EXIST::FUNCTION:EC -ECDH_get_default_method 3250 EXIST::FUNCTION:ECDH -PKCS12_add_safe 3251 EXIST::FUNCTION: -ENGINE_register_ECDH 3252 EXIST::FUNCTION:ENGINE -i2d_ECPrivateKey 3253 EXIST::FUNCTION:EC -BN_get0_nist_prime_192 3254 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GF2m 3255 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GF2m 3255 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_exp_arr 3256 EXIST::FUNCTION: -X509_keyid_get0 3257 EXIST::FUNCTION: -EC_GROUP_new_by_nid 3258 EXIST::FUNCTION:EC -BN_GF2m_mod_mul_arr 3259 EXIST::FUNCTION: -EC_KEY_copy 3260 EXIST::FUNCTION:EC -EC_GROUP_check_discriminant 3261 EXIST::FUNCTION:EC -EC_POINT_point2bn 3262 EXIST::FUNCTION:EC -EC_GROUP_new_curve_GF2m 3263 EXIST::FUNCTION:EC -EVP_PKEY_get1_EC_KEY 3264 EXIST::FUNCTION:EC -ENGINE_get_default_ECDH 3265 EXIST::FUNCTION:ENGINE -ASN1_OCTET_STRING_NDEF_it 3266 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 3266 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_static_state 3267 EXIST::FUNCTION:ENGINE -ECDSA_SIG_new 3268 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_sqr 3269 EXIST::FUNCTION: -EC_POINT_bn2point 3270 EXIST::FUNCTION:EC -EC_GROUP_get_point_conversion_form 3271 EXIST:!VMS:FUNCTION:EC -EC_GROUP_get_point_conv_form 3271 EXIST:VMS:FUNCTION:EC -PEM_read_bio_ECPKParameters 3272 EXIST::FUNCTION:EC -EC_GROUP_get_pentanomial_basis 3273 EXIST::FUNCTION:EC -EC_GROUP_get_nid 3274 EXIST::FUNCTION:EC -ECDSA_sign_setup 3275 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_solve_quad_arr 3276 EXIST::FUNCTION: -EC_KEY_up_ref 3277 EXIST::FUNCTION:EC -BN_GF2m_mod_div 3278 EXIST::FUNCTION: -EC_KEY_free 3279 EXIST::FUNCTION:EC -PEM_write_bio_ECPrivateKey 3280 EXIST::FUNCTION:EC -d2i_EC_PUBKEY 3281 EXIST::FUNCTION:EC -EC_KEY_print_fp 3282 EXIST::FUNCTION:EC,FP_API -BN_GF2m_mod_arr 3283 EXIST::FUNCTION: -PEM_write_bio_X509_CERT_PAIR 3284 EXIST::FUNCTION: -ECDH_get_ex_data 3285 EXIST::FUNCTION:ECDH -ECDSA_do_sign 3286 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3287 EXIST::FUNCTION:ENGINE -ECDH_OpenSSL 3288 EXIST::FUNCTION:ECDH -EC_POINT_dup 3289 EXIST::FUNCTION:EC -EC_get_builtin_curves 3290 EXIST::FUNCTION:EC -EVP_PKEY_set1_EC_KEY 3291 EXIST::FUNCTION:EC -BN_GF2m_mod_sqrt_arr 3292 EXIST::FUNCTION: -i2d_ECPrivateKey_bio 3293 EXIST::FUNCTION:BIO,EC -ECPKParameters_print_fp 3294 EXIST::FUNCTION:EC,FP_API -ECDSA_SIG_free 3295 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECPKParameters 3296 EXIST::FUNCTION:EC -EC_GROUP_set_nid 3297 EXIST::FUNCTION:EC -PKCS12_add_safes 3298 EXIST::FUNCTION: -BN_GF2m_poly2arr 3299 EXIST::FUNCTION: -BN_get0_nist_prime_224 3300 EXIST::FUNCTION: -i2d_ECParameters 3301 EXIST::FUNCTION:EC -i2d_ECPKParameters 3302 EXIST::FUNCTION:EC -BN_ncopy 3303 EXIST::FUNCTION: -d2i_ECPKParameters 3304 EXIST::FUNCTION:EC -ENGINE_set_ECDH 3305 EXIST::FUNCTION:ENGINE -PEM_write_bio_EC_PUBKEY 3306 EXIST::FUNCTION:EC -ECParameters_print 3307 EXIST::FUNCTION:BIO,EC -ASN1_generate_nconf 3308 EXIST::FUNCTION: -BN_GF2m_mod_mul 3309 EXIST::FUNCTION: -EC_GROUP_set_seed 3310 EXIST::FUNCTION:EC -EC_GROUP_get_curve_GF2m 3311 EXIST::FUNCTION:EC -PEM_read_X509_CERT_PAIR 3312 EXIST:!WIN16:FUNCTION: -o2i_ECPublicKey 3313 EXIST::FUNCTION:EC -ECDSA_get_ex_data 3314 EXIST::FUNCTION:ECDSA -BN_GF2m_mod 3315 EXIST::FUNCTION: -EC_GROUP_get_seed_len 3316 EXIST::FUNCTION:EC -PEM_read_bio_EC_PUBKEY 3317 EXIST::FUNCTION:EC -i2d_EC_PUBKEY 3318 EXIST::FUNCTION:EC -ECDSA_get_default_method 3319 EXIST::FUNCTION:ECDSA -ASN1_put_eoc 3320 EXIST::FUNCTION: -ECDSA_DATA_free 3321 EXIST::FUNCTION:ECDSA -EC_METHOD_get_field_type 3322 EXIST::FUNCTION:EC -EC_GFp_nist_method 3323 EXIST::FUNCTION:EC -X509_CERT_PAIR_it 3324 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_PAIR_it 3324 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -BN_GF2m_mod_sqr_arr 3325 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 3326 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION:ENGINE -BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: -ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH -EC_KEY_generate_key 3330 EXIST::FUNCTION:EC -BN_GF2m_arr2poly 3331 EXIST::FUNCTION: -i2o_ECPublicKey 3332 EXIST::FUNCTION:EC -EC_GROUP_check 3333 EXIST::FUNCTION:EC -d2i_ECPrivateKey_bio 3334 EXIST::FUNCTION:BIO,EC -d2i_ECPrivateKey 3335 EXIST::FUNCTION:EC -ASN1_item_ndef_i2d 3336 EXIST::FUNCTION: -i2d_PKCS7_NDEF 3337 EXIST::FUNCTION: -EC_GROUP_get_degree 3338 EXIST::FUNCTION:EC -ASN1_generate_v3 3339 EXIST::FUNCTION: -BN_GF2m_add 3340 EXIST::FUNCTION: -X509_CERT_PAIR_free 3341 EXIST::FUNCTION: -BN_nist_mod_224 3342 EXIST::FUNCTION: -i2d_EC_PUBKEY_bio 3343 EXIST::FUNCTION:BIO,EC -EC_GROUP_get_asn1_flag 3344 EXIST::FUNCTION:EC -ECDH_get_ex_new_index 3345 EXIST::FUNCTION:ECDH -ECDH_size 3346 NOEXIST::FUNCTION: -BN_GF2m_mod_inv 3347 EXIST::FUNCTION: -BN_GF2m_mod_exp 3348 EXIST::FUNCTION: -EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC -ecdsa_check 3350 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_div_arr 3351 EXIST::FUNCTION: -ENGINE_set_ECDSA 3352 EXIST::FUNCTION:ENGINE -ECPKParameters_print 3353 EXIST::FUNCTION:BIO,EC -PEM_write_EC_PUBKEY 3354 EXIST:!WIN16:FUNCTION:EC -ECDH_set_method 3355 EXIST::FUNCTION:ECDH -ECDH_set_ex_data 3356 EXIST::FUNCTION:ECDH -BN_nist_mod_521 3357 EXIST::FUNCTION: -EC_GROUP_set_point_conversion_form 3358 EXIST:!VMS:FUNCTION:EC -EC_GROUP_set_point_conv_form 3358 EXIST:VMS:FUNCTION:EC -PEM_read_EC_PUBKEY 3359 EXIST:!WIN16:FUNCTION:EC -i2d_ECDSA_SIG 3360 EXIST::FUNCTION:ECDSA -ECDSA_OpenSSL 3361 EXIST::FUNCTION:ECDSA -ECDSA_set_default_method 3362 EXIST::FUNCTION:ECDSA -EC_POINT_set_compressed_coordinates_GF2m 3363 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GF2m 3363 EXIST:VMS:FUNCTION:EC -ECDH_DATA_new_method 3364 EXIST::FUNCTION:ECDH -BN_get0_nist_prime_256 3365 EXIST::FUNCTION: -PEM_read_ECPrivateKey 3366 EXIST:!WIN16:FUNCTION:EC -ERR_load_ECDSA_strings 3367 EXIST::FUNCTION:ECDSA -EC_GROUP_get_basis_type 3368 EXIST::FUNCTION:EC -ECDH_DATA_new 3369 EXIST::FUNCTION:ECDH -BN_nist_mod_384 3370 EXIST::FUNCTION: -i2d_X509_CERT_PAIR 3371 EXIST::FUNCTION: -PEM_write_ECPKParameters 3372 EXIST:!WIN16:FUNCTION:EC -ECDH_compute_key 3373 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3374 EXIST::FUNCTION:ENGINE -BN_GF2m_mod_solve_quad 3375 EXIST::FUNCTION: -i2d_ECPrivateKey_fp 3376 EXIST::FUNCTION:EC,FP_API -ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION:ENGINE -EC_POINT_get_affine_coordinates_GF2m 3378 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GF2m 3378 EXIST:VMS:FUNCTION:EC -EC_GROUP_dup 3379 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION:ENGINE -EC_KEY_new 3381 EXIST::FUNCTION:EC -ECDSA_verify 3382 EXIST::FUNCTION:ECDSA -EC_POINT_point2hex 3383 EXIST::FUNCTION:EC -ECDSA_do_verify 3384 EXIST::FUNCTION:ECDSA -d2i_ECPrivateKey_fp 3385 EXIST::FUNCTION:EC,FP_API -PEM_write_ECPrivateKey 3386 EXIST:!WIN16:FUNCTION:EC -PEM_read_ECPKParameters 3387 EXIST:!WIN16:FUNCTION:EC -X509_CERT_PAIR_new 3388 EXIST::FUNCTION: -ECParameters_print_fp 3389 EXIST::FUNCTION:EC,FP_API -ECDH_DATA_free 3390 EXIST::FUNCTION:ECDH -PEM_write_X509_CERT_PAIR 3391 EXIST:!WIN16:FUNCTION: -d2i_X509_CERT_PAIR 3392 EXIST::FUNCTION: -i2d_EC_PUBKEY_fp 3393 EXIST::FUNCTION:EC,FP_API -BN_nist_mod_256 3394 EXIST::FUNCTION: -ECDSA_DATA_new 3395 EXIST::FUNCTION:ECDSA -ECDSA_size 3396 EXIST::FUNCTION:ECDSA -d2i_EC_PUBKEY_bio 3397 EXIST::FUNCTION:BIO,EC -BN_get0_nist_prime_521 3398 EXIST::FUNCTION: -PEM_read_bio_ECPrivateKey 3399 EXIST::FUNCTION:EC -ENGINE_get_ECDH 3400 EXIST::FUNCTION:ENGINE -d2i_ECDSA_SIG 3401 EXIST::FUNCTION:ECDSA -ECDSA_sign 3402 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3403 EXIST::FUNCTION:ENGINE -EVP_ecdsa 3404 EXIST::FUNCTION:SHA -PKCS12_add_cert 3405 EXIST::FUNCTION: -ERR_load_ECDH_strings 3406 EXIST::FUNCTION:ECDH -EC_KEY_dup 3407 EXIST::FUNCTION:EC -ECDSA_set_method 3408 EXIST::FUNCTION:ECDSA -d2i_ECParameters 3409 EXIST::FUNCTION:EC -EC_GF2m_simple_method 3410 EXIST::FUNCTION:EC -ECDSA_set_ex_data 3411 EXIST::FUNCTION:ECDSA -EC_KEY_print 3412 EXIST::FUNCTION:BIO,EC -ECDSA_get_ex_new_index 3413 EXIST::FUNCTION:ECDSA -EC_GROUP_set_asn1_flag 3414 EXIST::FUNCTION:EC -EC_KEY_check_key 3415 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_fp 3416 EXIST::FUNCTION:EC,FP_API -ecdh_check 3417 EXIST::FUNCTION:ECDH -ECDSA_DATA_new_method 3418 EXIST::FUNCTION:ECDSA -PEM_read_bio_X509_CERT_PAIR 3419 EXIST::FUNCTION: -ENGINE_set_default_ECDH 3420 EXIST::FUNCTION:ENGINE -PKCS12_add_key 3421 EXIST::FUNCTION: -DSO_merge 3422 EXIST::FUNCTION: -EC_POINT_hex2point 3423 EXIST::FUNCTION:EC -BN_GF2m_mod_inv_arr 3424 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION:ENGINE -BN_GENCB_call 3426 EXIST::FUNCTION: -BN_is_prime_ex 3427 EXIST::FUNCTION: -RSA_generate_key_ex 3428 EXIST::FUNCTION:RSA -DSA_generate_parameters_ex 3429 EXIST::FUNCTION:DSA -BN_generate_prime_ex 3430 EXIST::FUNCTION: -DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH -BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: -ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE -a2i_IPADDRESS 3434 EXIST::FUNCTION: -ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE -EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC -X509V3_NAME_from_section 3437 EXIST::FUNCTION: -POLICY_MAPPING_it 3438 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPING_it 3438 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_MAPPING_new 3440 EXIST::FUNCTION: -POLICY_MAPPING_free 3441 EXIST::FUNCTION: -POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: -POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: -v2i_GENERAL_NAME_ex 3445 EXIST::FUNCTION: -NAME_CONSTRAINTS_free 3446 EXIST::FUNCTION: -a2i_IPADDRESS_NC 3447 EXIST::FUNCTION: -NAME_CONSTRAINTS_it 3448 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAME_CONSTRAINTS_it 3448 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -NAME_CONSTRAINTS_new 3449 EXIST::FUNCTION: -GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: -GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: -EVP_PKEY_cmp 3453 EXIST::FUNCTION: -X509_REQ_check_private_key 3454 EXIST::FUNCTION: -sk_find_ex 3455 EXIST::FUNCTION: -OBJ_bsearch_ex 3456 EXIST::FUNCTION: -BUF_memdup 3457 EXIST::FUNCTION: -BUF_strndup 3458 EXIST::FUNCTION: -ENGINE_set_STORE 3459 EXIST::FUNCTION:ENGINE -STORE_method_set_list_start_function 3460 EXIST::FUNCTION: -STORE_ATTR_INFO_set_number 3461 EXIST::FUNCTION: -STORE_parse_attrs_start 3462 EXIST::FUNCTION: -STORE_set_method 3463 EXIST::FUNCTION: -STORE_method_get_update_store_function 3464 EXIST::FUNCTION: -STORE_modify_certificate 3465 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_number 3466 EXIST::FUNCTION: -STORE_list_public_key_endp 3467 EXIST::FUNCTION: -STORE_method_set_initialise_function 3468 EXIST::FUNCTION: -STORE_ATTR_INFO_set_dn 3469 EXIST::FUNCTION: -STORE_destroy_method 3470 EXIST::FUNCTION: -ENGINE_unregister_STORE 3471 EXIST::FUNCTION:ENGINE -STORE_ATTR_INFO_get0_number 3472 EXIST::FUNCTION: -STORE_delete_public_key 3473 EXIST::FUNCTION: -STORE_get_public_key 3474 EXIST::FUNCTION: -STORE_get_method 3475 EXIST::FUNCTION: -STORE_parse_attrs_end 3476 EXIST::FUNCTION: -STORE_method_set_store_function 3477 EXIST::FUNCTION: -STORE_ATTR_INFO_in 3478 EXIST::FUNCTION: -STORE_get_number 3479 EXIST::FUNCTION: -STORE_method_set_list_next_function 3480 EXIST::FUNCTION: -STORE_method_get_generate_function 3481 EXIST::FUNCTION: -STORE_method_set_list_end_function 3482 EXIST::FUNCTION: -STORE_list_public_key_start 3483 EXIST::FUNCTION: -STORE_list_crl_endp 3484 EXIST::FUNCTION: -STORE_list_crl_end 3485 EXIST::FUNCTION: -STORE_method_set_ctrl_function 3486 EXIST::FUNCTION: -STORE_list_public_key_end 3487 EXIST::FUNCTION: -STORE_store_crl 3488 EXIST::FUNCTION: -STORE_ctrl 3489 EXIST::FUNCTION: -STORE_ATTR_INFO_compare 3490 EXIST::FUNCTION: -STORE_method_set_generate_function 3491 EXIST::FUNCTION: -STORE_ATTR_INFO_set_cstr 3492 EXIST::FUNCTION: -STORE_list_crl_next 3493 EXIST::FUNCTION: -STORE_method_set_delete_function 3494 EXIST::FUNCTION: -STORE_list_certificate_next 3495 EXIST::FUNCTION: -STORE_method_get_list_next_function 3496 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_dn 3497 EXIST::FUNCTION: -STORE_list_private_key_next 3498 EXIST::FUNCTION: -STORE_ATTR_INFO_free 3499 EXIST::FUNCTION: -STORE_get_private_key 3500 EXIST::FUNCTION: -STORE_ATTR_INFO_new 3501 EXIST::FUNCTION: -STORE_method_set_revoke_function 3502 EXIST::FUNCTION: -STORE_store_number 3503 EXIST::FUNCTION: -STORE_revoke_public_key 3504 EXIST::FUNCTION: -STORE_list_certificate_start 3505 EXIST::FUNCTION: -ERR_load_STORE_strings 3506 EXIST::FUNCTION: -STORE_list_private_key_end 3507 EXIST::FUNCTION: -STORE_modify_private_key 3508 EXIST::FUNCTION: -STORE_method_set_modify_function 3509 EXIST::FUNCTION: -STORE_parse_attrs_next 3510 EXIST::FUNCTION: -STORE_method_get_revoke_function 3511 EXIST::FUNCTION: -STORE_method_set_get_function 3512 EXIST::FUNCTION: -STORE_modify_number 3513 EXIST::FUNCTION: -STORE_method_get_store_function 3514 EXIST::FUNCTION: -STORE_store_private_key 3515 EXIST::FUNCTION: -STORE_Memory 3516 EXIST::FUNCTION: -STORE_method_get_get_function 3517 EXIST::FUNCTION: -STORE_method_set_cleanup_function 3518 EXIST::FUNCTION: -STORE_method_get_lock_store_function 3519 EXIST::FUNCTION: -STORE_method_set_update_store_function 3520 EXIST::FUNCTION: -STORE_delete_private_key 3521 EXIST::FUNCTION: -ENGINE_register_all_STORE 3522 EXIST::FUNCTION:ENGINE -STORE_ATTR_INFO_modify_cstr 3523 EXIST::FUNCTION: -STORE_generate_crl 3524 EXIST::FUNCTION: -STORE_store_public_key 3525 EXIST::FUNCTION: -STORE_Directory 3526 NOEXIST::FUNCTION: -STORE_revoke_private_key 3527 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_dn 3528 EXIST::FUNCTION: -STORE_method_get_initialise_function 3529 EXIST::FUNCTION: -STORE_delete_number 3530 EXIST::FUNCTION: -STORE_ATTR_INFO_in_ex 3531 EXIST::FUNCTION: -STORE_list_crl_start 3532 EXIST::FUNCTION: -STORE_method_get_modify_function 3533 EXIST::FUNCTION: -STORE_store_certificate 3534 EXIST::FUNCTION: -STORE_ATTR_INFO_set_sha1str 3535 EXIST::FUNCTION: -STORE_modify_public_key 3536 EXIST::FUNCTION: -STORE_method_get_list_start_function 3537 EXIST::FUNCTION: -STORE_method_set_unlock_store_function 3538 EXIST::FUNCTION: -STORE_create_method 3539 EXIST::FUNCTION: -STORE_generate_key 3540 EXIST::FUNCTION: -STORE_delete_crl 3541 EXIST::FUNCTION: -STORE_revoke_certificate 3542 EXIST::FUNCTION: -STORE_method_get_delete_function 3543 EXIST::FUNCTION: -STORE_parse_attrs_endp 3544 EXIST::FUNCTION: -STORE_list_public_key_next 3545 EXIST::FUNCTION: -STORE_OBJECT_free 3546 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_sha1str 3547 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_cstr 3548 EXIST::FUNCTION: -STORE_get_ex_new_index 3549 EXIST::FUNCTION: -STORE_File 3550 NOEXIST::FUNCTION: -ENGINE_get_STORE 3551 EXIST::FUNCTION:ENGINE -STORE_get_certificate 3552 EXIST::FUNCTION: -STORE_delete_certificate 3553 EXIST::FUNCTION: -STORE_method_get_ctrl_function 3554 EXIST::FUNCTION: -STORE_free 3555 EXIST::FUNCTION: -STORE_method_get_unlock_store_function 3556 EXIST::FUNCTION: -STORE_get_ex_data 3557 EXIST::FUNCTION: -ENGINE_register_STORE 3558 EXIST::FUNCTION:ENGINE -STORE_modify_crl 3559 EXIST::FUNCTION: -STORE_list_private_key_start 3560 EXIST::FUNCTION: -STORE_list_private_key_endp 3561 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_sha1str 3562 EXIST::FUNCTION: -STORE_method_get_cleanup_function 3563 EXIST::FUNCTION: -STORE_set_ex_data 3564 EXIST::FUNCTION: -STORE_OBJECT_new 3565 EXIST::FUNCTION: -STORE_list_certificate_end 3566 EXIST::FUNCTION: -STORE_get_crl 3567 EXIST::FUNCTION: -STORE_method_set_lock_store_function 3568 EXIST::FUNCTION: -STORE_list_certificate_endp 3569 EXIST::FUNCTION: +ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE +ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH +ERR_set_mark 3248 EXIST::FUNCTION: +ENGINE_set_STORE 3249 EXIST::FUNCTION:ENGINE +ENGINE_register_ECDSA 3250 EXIST::FUNCTION:ENGINE +STORE_method_set_list_start_function 3251 EXIST::FUNCTION: +NAME_CONSTRAINTS_free 3252 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3253 EXIST::FUNCTION: +POLICY_MAPPING_it 3254 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPING_it 3254 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_parse_attrs_start 3255 EXIST::FUNCTION: +POLICY_CONSTRAINTS_free 3256 EXIST::FUNCTION: +BN_nist_mod_192 3257 EXIST::FUNCTION: +EC_GROUP_get_trinomial_basis 3258 EXIST::FUNCTION:EC +STORE_set_method 3259 EXIST::FUNCTION: +GENERAL_SUBTREE_free 3260 EXIST::FUNCTION: +NAME_CONSTRAINTS_it 3261 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAME_CONSTRAINTS_it 3261 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_get_default_method 3262 EXIST::FUNCTION:ECDH +PKCS12_add_safe 3263 EXIST::FUNCTION: +STORE_method_get_update_store_function 3264 EXIST::FUNCTION: +ENGINE_register_ECDH 3265 EXIST::FUNCTION:ENGINE +i2d_ECPrivateKey 3266 EXIST::FUNCTION:EC +BN_get0_nist_prime_192 3267 EXIST::FUNCTION: +STORE_modify_certificate 3268 EXIST::FUNCTION: +EC_POINT_set_affine_coordinates_GF2m 3269 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_affine_coords_GF2m 3269 EXIST:VMS:FUNCTION:EC +BN_GF2m_mod_exp_arr 3270 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3271 EXIST::FUNCTION: +X509_keyid_get0 3272 EXIST::FUNCTION: +EC_GROUP_new_by_nid 3273 EXIST::FUNCTION:EC +ENGINE_load_gmp 3274 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +BN_GF2m_mod_mul_arr 3275 EXIST::FUNCTION: +STORE_list_public_key_endp 3276 EXIST::FUNCTION: +o2i_ECPublicKey 3277 EXIST::FUNCTION:EC +EC_KEY_copy 3278 EXIST::FUNCTION:EC +EC_GROUP_check_discriminant 3279 EXIST::FUNCTION:EC +i2o_ECPublicKey 3280 EXIST::FUNCTION:EC +a2i_IPADDRESS 3281 EXIST::FUNCTION: +STORE_method_set_initialise_function 3282 EXIST::FUNCTION: +EC_POINT_point2bn 3283 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_dn 3284 EXIST::FUNCTION: +EC_GROUP_new_curve_GF2m 3285 EXIST::FUNCTION:EC +STORE_destroy_method 3286 EXIST::FUNCTION: +ENGINE_unregister_STORE 3287 EXIST::FUNCTION:ENGINE +EVP_PKEY_get1_EC_KEY 3288 EXIST::FUNCTION:EC +STORE_ATTR_INFO_get0_number 3289 EXIST::FUNCTION: +ENGINE_get_default_ECDH 3290 EXIST::FUNCTION:ENGINE +ASN1_OCTET_STRING_NDEF_it 3291 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_OCTET_STRING_NDEF_it 3291 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_delete_public_key 3292 EXIST::FUNCTION: +STORE_get_public_key 3293 EXIST::FUNCTION: +STORE_modify_arbitrary 3294 EXIST::FUNCTION: +ENGINE_get_static_state 3295 EXIST::FUNCTION:ENGINE +ECDSA_SIG_new 3296 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_sqr 3297 EXIST::FUNCTION: +EC_POINT_bn2point 3298 EXIST::FUNCTION:EC +STORE_get_method 3299 EXIST::FUNCTION: +STORE_parse_attrs_end 3300 EXIST::FUNCTION: +EC_GROUP_get_point_conversion_form 3301 EXIST:!VMS:FUNCTION:EC +EC_GROUP_get_point_conv_form 3301 EXIST:VMS:FUNCTION:EC +STORE_method_set_store_function 3302 EXIST::FUNCTION: +STORE_ATTR_INFO_in 3303 EXIST::FUNCTION: +PEM_read_bio_ECPKParameters 3304 EXIST::FUNCTION:EC +EC_GROUP_get_pentanomial_basis 3305 EXIST::FUNCTION:EC +EC_GROUP_get_nid 3306 EXIST::FUNCTION:EC +STORE_get_number 3307 EXIST::FUNCTION: +ECDSA_sign_setup 3308 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_solve_quad_arr 3309 EXIST::FUNCTION: +EC_KEY_up_ref 3310 EXIST::FUNCTION:EC +POLICY_MAPPING_free 3311 EXIST::FUNCTION: +BN_GF2m_mod_div 3312 EXIST::FUNCTION: +EC_KEY_free 3313 EXIST::FUNCTION:EC +STORE_method_set_list_next_function 3314 EXIST::FUNCTION: +PEM_write_bio_ECPrivateKey 3315 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 3316 EXIST::FUNCTION:EC +STORE_method_get_generate_function 3317 EXIST::FUNCTION: +STORE_method_set_list_end_function 3318 EXIST::FUNCTION: +EC_GROUP_have_precompute_mult 3319 EXIST::FUNCTION:EC +EC_KEY_print_fp 3320 EXIST::FUNCTION:EC,FP_API +BN_GF2m_mod_arr 3321 EXIST::FUNCTION: +PEM_write_bio_X509_CERT_PAIR 3322 EXIST::FUNCTION: +EVP_PKEY_cmp 3323 EXIST::FUNCTION: +STORE_new_engine 3324 EXIST::FUNCTION: +STORE_list_public_key_start 3325 EXIST::FUNCTION: +ECDH_get_ex_data 3326 EXIST::FUNCTION:ECDH +ECDSA_do_sign 3327 EXIST::FUNCTION:ECDSA +ENGINE_unregister_ECDH 3328 EXIST::FUNCTION:ENGINE +ECDH_OpenSSL 3329 EXIST::FUNCTION:ECDH +EC_POINT_dup 3330 EXIST::FUNCTION:EC +GENERAL_SUBTREE_new 3331 EXIST::FUNCTION: +STORE_list_crl_endp 3332 EXIST::FUNCTION: +EC_get_builtin_curves 3333 EXIST::FUNCTION:EC +STORE_list_crl_end 3334 EXIST::FUNCTION: +EVP_PKEY_set1_EC_KEY 3335 EXIST::FUNCTION:EC +BN_GF2m_mod_sqrt_arr 3336 EXIST::FUNCTION: +i2d_ECPrivateKey_bio 3337 EXIST::FUNCTION:BIO,EC +ECPKParameters_print_fp 3338 EXIST::FUNCTION:EC,FP_API +ECDSA_SIG_free 3339 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECPKParameters 3340 EXIST::FUNCTION:EC +STORE_method_set_ctrl_function 3341 EXIST::FUNCTION: +STORE_list_public_key_end 3342 EXIST::FUNCTION: +EC_GROUP_set_nid 3343 EXIST::FUNCTION:EC +STORE_get_arbitrary 3344 EXIST::FUNCTION: +STORE_store_crl 3345 EXIST::FUNCTION: +PKCS12_add_safes 3346 EXIST::FUNCTION: +BN_GF2m_poly2arr 3347 EXIST::FUNCTION: +STORE_ctrl 3348 EXIST::FUNCTION: +STORE_ATTR_INFO_compare 3349 EXIST::FUNCTION: +BN_get0_nist_prime_224 3350 EXIST::FUNCTION: +i2d_ECParameters 3351 EXIST::FUNCTION:EC +i2d_ECPKParameters 3352 EXIST::FUNCTION:EC +BN_GENCB_call 3353 EXIST::FUNCTION: +BN_ncopy 3354 EXIST::FUNCTION: +d2i_ECPKParameters 3355 EXIST::FUNCTION:EC +STORE_method_set_generate_function 3356 EXIST::FUNCTION: +ENGINE_set_ECDH 3357 EXIST::FUNCTION:ENGINE +NAME_CONSTRAINTS_new 3358 EXIST::FUNCTION: +PEM_write_bio_EC_PUBKEY 3359 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_cstr 3360 EXIST::FUNCTION: +STORE_list_crl_next 3361 EXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3362 EXIST::FUNCTION: +ECParameters_print 3363 EXIST::FUNCTION:BIO,EC +STORE_method_set_delete_function 3364 EXIST::FUNCTION: +STORE_list_certificate_next 3365 EXIST::FUNCTION: +ASN1_generate_nconf 3366 EXIST::FUNCTION: +BUF_memdup 3367 EXIST::FUNCTION: +BN_GF2m_mod_mul 3368 EXIST::FUNCTION: +STORE_method_get_list_next_function 3369 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_dn 3370 EXIST::FUNCTION: +STORE_list_private_key_next 3371 EXIST::FUNCTION: +EC_GROUP_set_seed 3372 EXIST::FUNCTION:EC +STORE_ATTR_INFO_free 3373 EXIST::FUNCTION: +STORE_get_private_key 3374 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3375 EXIST::FUNCTION: +EC_GROUP_get_curve_GF2m 3376 EXIST::FUNCTION:EC +STORE_method_set_revoke_function 3377 EXIST::FUNCTION: +STORE_store_number 3378 EXIST::FUNCTION: +BN_is_prime_ex 3379 EXIST::FUNCTION: +STORE_revoke_public_key 3380 EXIST::FUNCTION: +STORE_delete_arbitrary 3381 EXIST::FUNCTION: +PEM_read_X509_CERT_PAIR 3382 EXIST:!WIN16:FUNCTION: +ECDSA_get_ex_data 3383 EXIST::FUNCTION:ECDSA +BUF_strndup 3384 EXIST::FUNCTION: +STORE_list_certificate_start 3385 EXIST::FUNCTION: +BN_GF2m_mod 3386 EXIST::FUNCTION: +X509_REQ_check_private_key 3387 EXIST::FUNCTION: +EC_GROUP_get_seed_len 3388 EXIST::FUNCTION:EC +ERR_load_STORE_strings 3389 EXIST::FUNCTION: +PEM_read_bio_EC_PUBKEY 3390 EXIST::FUNCTION:EC +STORE_list_private_key_end 3391 EXIST::FUNCTION: +i2d_EC_PUBKEY 3392 EXIST::FUNCTION:EC +ECDSA_get_default_method 3393 EXIST::FUNCTION:ECDSA +ASN1_put_eoc 3394 EXIST::FUNCTION: +ECDSA_DATA_free 3395 EXIST::FUNCTION:ECDSA +STORE_modify_private_key 3396 EXIST::FUNCTION: +EC_METHOD_get_field_type 3397 EXIST::FUNCTION:EC +EC_GFp_nist_method 3398 EXIST::FUNCTION:EC +STORE_method_set_modify_function 3399 EXIST::FUNCTION: +STORE_parse_attrs_next 3400 EXIST::FUNCTION: +X509_CERT_PAIR_it 3401 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_CERT_PAIR_it 3401 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_method_get_revoke_function 3402 EXIST::FUNCTION: +STORE_method_set_get_function 3403 EXIST::FUNCTION: +STORE_modify_number 3404 EXIST::FUNCTION: +STORE_method_get_store_function 3405 EXIST::FUNCTION: +STORE_store_private_key 3406 EXIST::FUNCTION: +BN_GF2m_mod_sqr_arr 3407 EXIST::FUNCTION: +STORE_Memory 3408 EXIST::FUNCTION: +sk_find_ex 3409 EXIST::FUNCTION: +EC_GROUP_set_curve_GF2m 3410 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3411 EXIST::FUNCTION:ENGINE +POLICY_CONSTRAINTS_new 3412 EXIST::FUNCTION: +BN_GF2m_mod_sqrt 3413 EXIST::FUNCTION: +ECDH_set_default_method 3414 EXIST::FUNCTION:ECDH +EC_KEY_generate_key 3415 EXIST::FUNCTION:EC +BN_GF2m_arr2poly 3416 EXIST::FUNCTION: +STORE_method_get_get_function 3417 EXIST::FUNCTION: +STORE_method_set_cleanup_function 3418 EXIST::FUNCTION: +EC_GROUP_check 3419 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3420 EXIST::FUNCTION:BIO,EC +STORE_method_get_lock_store_function 3421 EXIST::FUNCTION: +STORE_method_set_update_store_function 3422 EXIST::FUNCTION: +d2i_ECPrivateKey 3423 EXIST::FUNCTION:EC +ASN1_item_ndef_i2d 3424 EXIST::FUNCTION: +STORE_delete_private_key 3425 EXIST::FUNCTION: +ERR_pop_to_mark 3426 EXIST::FUNCTION: +ENGINE_register_all_STORE 3427 EXIST::FUNCTION:ENGINE +i2d_PKCS7_NDEF 3428 EXIST::FUNCTION: +EC_GROUP_get_degree 3429 EXIST::FUNCTION:EC +ASN1_generate_v3 3430 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_cstr 3431 EXIST::FUNCTION: +BN_GF2m_add 3432 EXIST::FUNCTION: +STORE_generate_crl 3433 EXIST::FUNCTION: +STORE_store_public_key 3434 EXIST::FUNCTION: +X509_CERT_PAIR_free 3435 EXIST::FUNCTION: +STORE_revoke_private_key 3436 EXIST::FUNCTION: +BN_nist_mod_224 3437 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_dn 3438 EXIST::FUNCTION: +STORE_method_get_initialise_function 3439 EXIST::FUNCTION: +STORE_delete_number 3440 EXIST::FUNCTION: +i2d_EC_PUBKEY_bio 3441 EXIST::FUNCTION:BIO,EC +EC_GROUP_get_asn1_flag 3442 EXIST::FUNCTION:EC +STORE_ATTR_INFO_in_ex 3443 EXIST::FUNCTION: +STORE_list_crl_start 3444 EXIST::FUNCTION: +ECDH_get_ex_new_index 3445 EXIST::FUNCTION:ECDH +STORE_method_get_modify_function 3446 EXIST::FUNCTION: +STORE_store_certificate 3447 EXIST::FUNCTION: +OBJ_bsearch_ex 3448 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3449 EXIST::FUNCTION: +BN_GF2m_mod_inv 3450 EXIST::FUNCTION: +BN_GF2m_mod_exp 3451 EXIST::FUNCTION: +STORE_modify_public_key 3452 EXIST::FUNCTION: +STORE_method_get_list_start_function 3453 EXIST::FUNCTION: +EC_GROUP_get0_seed 3454 EXIST::FUNCTION:EC +ecdsa_check 3455 EXIST::FUNCTION:ECDSA +STORE_store_arbitrary 3456 EXIST::FUNCTION: +STORE_method_set_unlock_store_function 3457 EXIST::FUNCTION: +BN_GF2m_mod_div_arr 3458 EXIST::FUNCTION: +ENGINE_set_ECDSA 3459 EXIST::FUNCTION:ENGINE +STORE_create_method 3460 EXIST::FUNCTION: +ECPKParameters_print 3461 EXIST::FUNCTION:BIO,EC +PEM_write_EC_PUBKEY 3462 EXIST:!WIN16:FUNCTION:EC +ECDH_set_method 3463 EXIST::FUNCTION:ECDH +v2i_GENERAL_NAME_ex 3464 EXIST::FUNCTION: +ECDH_set_ex_data 3465 EXIST::FUNCTION:ECDH +STORE_generate_key 3466 EXIST::FUNCTION: +BN_nist_mod_521 3467 EXIST::FUNCTION: +EC_GROUP_set_point_conversion_form 3468 EXIST:!VMS:FUNCTION:EC +EC_GROUP_set_point_conv_form 3468 EXIST:VMS:FUNCTION:EC +PEM_read_EC_PUBKEY 3469 EXIST:!WIN16:FUNCTION:EC +i2d_ECDSA_SIG 3470 EXIST::FUNCTION:ECDSA +ECDSA_OpenSSL 3471 EXIST::FUNCTION:ECDSA +STORE_delete_crl 3472 EXIST::FUNCTION: +ECDSA_set_default_method 3473 EXIST::FUNCTION:ECDSA +EC_POINT_set_compressed_coordinates_GF2m 3474 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_compr_coords_GF2m 3474 EXIST:VMS:FUNCTION:EC +EC_GROUP_cmp 3475 EXIST::FUNCTION:EC +STORE_revoke_certificate 3476 EXIST::FUNCTION: +ECDH_DATA_new_method 3477 EXIST::FUNCTION:ECDH +BN_get0_nist_prime_256 3478 EXIST::FUNCTION: +STORE_method_get_delete_function 3479 EXIST::FUNCTION: +PEM_read_ECPrivateKey 3480 EXIST:!WIN16:FUNCTION:EC +STORE_parse_attrs_endp 3481 EXIST::FUNCTION: +ERR_load_ECDSA_strings 3482 EXIST::FUNCTION:ECDSA +EC_GROUP_get_basis_type 3483 EXIST::FUNCTION:EC +ECDH_DATA_new 3484 EXIST::FUNCTION:ECDH +STORE_list_public_key_next 3485 EXIST::FUNCTION: +STORE_OBJECT_free 3486 EXIST::FUNCTION: +BN_nist_mod_384 3487 EXIST::FUNCTION: +i2d_X509_CERT_PAIR 3488 EXIST::FUNCTION: +PEM_write_ECPKParameters 3489 EXIST:!WIN16:FUNCTION:EC +ECDH_compute_key 3490 EXIST::FUNCTION:ECDH +STORE_ATTR_INFO_get0_sha1str 3491 EXIST::FUNCTION: +ENGINE_register_all_ECDH 3492 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_get0_cstr 3493 EXIST::FUNCTION: +POLICY_CONSTRAINTS_it 3494 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_CONSTRAINTS_it 3494 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_get_ex_new_index 3495 EXIST::FUNCTION: +BN_GF2m_mod_solve_quad 3496 EXIST::FUNCTION: +i2d_ECPrivateKey_fp 3497 EXIST::FUNCTION:EC,FP_API +ENGINE_register_all_ECDSA 3498 EXIST::FUNCTION:ENGINE +EC_POINT_get_affine_coordinates_GF2m 3499 EXIST:!VMS:FUNCTION:EC +EC_POINT_get_affine_coords_GF2m 3499 EXIST:VMS:FUNCTION:EC +EC_GROUP_dup 3500 EXIST::FUNCTION:EC +ENGINE_get_default_ECDSA 3501 EXIST::FUNCTION:ENGINE +EC_KEY_new 3502 EXIST::FUNCTION:EC +ECDSA_verify 3503 EXIST::FUNCTION:ECDSA +EC_POINT_point2hex 3504 EXIST::FUNCTION:EC +ENGINE_get_STORE 3505 EXIST::FUNCTION:ENGINE +STORE_get_certificate 3506 EXIST::FUNCTION: +ECDSA_do_verify 3507 EXIST::FUNCTION:ECDSA +d2i_ECPrivateKey_fp 3508 EXIST::FUNCTION:EC,FP_API +STORE_delete_certificate 3509 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3510 EXIST::FUNCTION: +STORE_free 3511 EXIST::FUNCTION: +PEM_write_ECPrivateKey 3512 EXIST:!WIN16:FUNCTION:EC +STORE_method_get_unlock_store_function 3513 EXIST::FUNCTION: +STORE_get_ex_data 3514 EXIST::FUNCTION: +PEM_read_ECPKParameters 3515 EXIST:!WIN16:FUNCTION:EC +X509_CERT_PAIR_new 3516 EXIST::FUNCTION: +ENGINE_register_STORE 3517 EXIST::FUNCTION:ENGINE +RSA_generate_key_ex 3518 EXIST::FUNCTION:RSA +DSA_generate_parameters_ex 3519 EXIST::FUNCTION:DSA +ECParameters_print_fp 3520 EXIST::FUNCTION:EC,FP_API +X509V3_NAME_from_section 3521 EXIST::FUNCTION: +STORE_modify_crl 3522 EXIST::FUNCTION: +STORE_list_private_key_start 3523 EXIST::FUNCTION: +POLICY_MAPPINGS_it 3524 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPINGS_it 3524 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_it 3525 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +GENERAL_SUBTREE_it 3525 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_DATA_free 3526 EXIST::FUNCTION:ECDH +PEM_write_X509_CERT_PAIR 3527 EXIST:!WIN16:FUNCTION: +d2i_X509_CERT_PAIR 3528 EXIST::FUNCTION: +STORE_list_private_key_endp 3529 EXIST::FUNCTION: +i2d_EC_PUBKEY_fp 3530 EXIST::FUNCTION:EC,FP_API +BN_nist_mod_256 3531 EXIST::FUNCTION: +ECDSA_DATA_new 3532 EXIST::FUNCTION:ECDSA +ECDSA_size 3533 EXIST::FUNCTION:ECDSA +d2i_EC_PUBKEY_bio 3534 EXIST::FUNCTION:BIO,EC +BN_get0_nist_prime_521 3535 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3536 EXIST::FUNCTION: +BN_generate_prime_ex 3537 EXIST::FUNCTION: +DH_generate_parameters_ex 3538 EXIST::FUNCTION:DH +PEM_read_bio_ECPrivateKey 3539 EXIST::FUNCTION:EC +STORE_method_get_cleanup_function 3540 EXIST::FUNCTION: +ENGINE_get_ECDH 3541 EXIST::FUNCTION:ENGINE +d2i_ECDSA_SIG 3542 EXIST::FUNCTION:ECDSA +BN_is_prime_fasttest_ex 3543 EXIST::FUNCTION: +ECDSA_sign 3544 EXIST::FUNCTION:ECDSA +STORE_set_ex_data 3545 EXIST::FUNCTION: +ENGINE_get_ECDSA 3546 EXIST::FUNCTION:ENGINE +EVP_ecdsa 3547 EXIST::FUNCTION:SHA +PKCS12_add_cert 3548 EXIST::FUNCTION: +STORE_OBJECT_new 3549 EXIST::FUNCTION: +ERR_load_ECDH_strings 3550 EXIST::FUNCTION:ECDH +EC_KEY_dup 3551 EXIST::FUNCTION:EC +ECDSA_set_method 3552 EXIST::FUNCTION:ECDSA +a2i_IPADDRESS_NC 3553 EXIST::FUNCTION: +d2i_ECParameters 3554 EXIST::FUNCTION:EC +STORE_list_certificate_end 3555 EXIST::FUNCTION: +STORE_get_crl 3556 EXIST::FUNCTION: +EC_GF2m_simple_method 3557 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3558 EXIST::FUNCTION:ECDSA +EC_KEY_print 3559 EXIST::FUNCTION:BIO,EC +STORE_method_set_lock_store_function 3560 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3561 EXIST::FUNCTION:ECDSA +POLICY_MAPPING_new 3562 EXIST::FUNCTION: +STORE_list_certificate_endp 3563 EXIST::FUNCTION: +EC_GROUP_set_asn1_flag 3564 EXIST::FUNCTION:EC +EC_KEY_check_key 3565 EXIST::FUNCTION:EC +d2i_EC_PUBKEY_fp 3566 EXIST::FUNCTION:EC,FP_API +ecdh_check 3567 EXIST::FUNCTION:ECDH +ECDSA_DATA_new_method 3568 EXIST::FUNCTION:ECDSA +PEM_read_bio_X509_CERT_PAIR 3569 EXIST::FUNCTION: STORE_method_get_list_end_function 3570 EXIST::FUNCTION: -STORE_new_method 3571 EXIST::FUNCTION: -STORE_modify_arbitrary 3572 EXIST::FUNCTION: -STORE_get_arbitrary 3573 EXIST::FUNCTION: -STORE_delete_arbitrary 3574 EXIST::FUNCTION: -STORE_store_arbitrary 3575 EXIST::FUNCTION: -STORE_new_engine 3576 EXIST::FUNCTION: -ERR_set_mark 3577 EXIST::FUNCTION: -ERR_pop_to_mark 3578 EXIST::FUNCTION: -STORE_ATTR_INFO_in_range 3579 EXIST::FUNCTION: +ENGINE_set_default_ECDH 3571 EXIST::FUNCTION:ENGINE +STORE_new_method 3572 EXIST::FUNCTION: +PKCS12_add_key 3573 EXIST::FUNCTION: +DSO_merge 3574 EXIST::FUNCTION: +EC_POINT_hex2point 3575 EXIST::FUNCTION:EC +BN_GF2m_mod_inv_arr 3576 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3577 EXIST::FUNCTION:ENGINE From c798868d9669d4de7906e76814701b503da663ce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 28 Sep 2003 14:06:57 +0000 Subject: [PATCH 017/112] Further VxWorks changes from Bob Bradley , this time involving VxWorks on MIPS --- Configure | 3 ++- e_os.h | 11 +++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/Configure b/Configure index a41c43124..b710e6eb5 100755 --- a/Configure +++ b/Configure @@ -560,7 +560,8 @@ my %table=( "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", -"vxworks-ppc860","ccppc:-g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", diff --git a/e_os.h b/e_os.h index aad0a7eae..6b75bbe15 100644 --- a/e_os.h +++ b/e_os.h @@ -174,6 +174,13 @@ extern "C" { #define closesocket(s) close(s) #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) +#elif defined(OPENSSL_SYS_VXWORKS) +#define get_last_socket_error() errno +#define clear_socket_error() errno=0 +#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +#define closesocket(s) close(s) +#define readsocket(s,b,n) read((s),(b),(n)) +#define writesocket(s,b,n) write((s),(char *)(b),(n)) #else #define get_last_socket_error() errno #define clear_socket_error() errno=0 @@ -538,10 +545,6 @@ extern char *sys_errlist[]; extern int sys_nerr; #define TTY_STRUCT int #define sleep(a) taskDelay((a) * sysClkRateGet()) -#if defined(ioctlsocket) -#undef ioctlsocket -#endif -#define ioctlsocket(a,b,c) ioctl((a),(b),*(int*)(c)) #include #include From 299024498004473a58e780cdf8ec83e85a04f807 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 30 Sep 2003 16:47:33 +0000 Subject: [PATCH 018/112] ASN1 parse fix and release file changes. --- CHANGES | 36 ++++++++++++++++++++++++++++++++++-- FAQ | 2 +- NEWS | 17 ++++++++++++++++- crypto/asn1/asn1_lib.c | 2 ++ crypto/asn1/tasn_dec.c | 9 ++++++++- crypto/x509/x509_vfy.c | 2 +- 6 files changed, 62 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 5e68e6247..1ecb0b440 100644 --- a/CHANGES +++ b/CHANGES @@ -555,7 +555,19 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. @@ -2530,7 +2542,27 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] - Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + Changes between 0.9.6j and 0.9.6k [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 diff --git a/FAQ b/FAQ index 1b129bc5a..ca5683def 100644 --- a/FAQ +++ b/FAQ @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.7a was released on February 19, 2003. +OpenSSL 0.9.7c was released on September 30, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 75bbafacd..e5774fef4 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -692,6 +692,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; @@ -706,6 +707,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { @@ -797,7 +799,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: - if(!ret) ASN1_TYPE_free(typ); + if(!ret) + { + ASN1_TYPE_free(typ); + if (opval) + *opval = NULL; + } return ret; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f60054bd3..2bb21b443 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } - if (X509_verify(xs,pkey) <= 0) + else if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be From d90e74c50c0c2266077fda57cf3d36c6927146eb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Sep 2003 17:22:19 +0000 Subject: [PATCH 019/112] Correct buggy PODs (missing commas and a prepended space). --- doc/crypto/EVP_BytesToKey.pod | 2 +- doc/crypto/EVP_DigestInit.pod | 2 +- doc/crypto/ui.pod | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index 5ce4add08..016381f3e 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -2,7 +2,7 @@ =head1 NAME - EVP_BytesToKey - password based encryption routine +EVP_BytesToKey - password based encryption routine =head1 SYNOPSIS diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 5901c3952..1cb315e73 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -4,7 +4,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod index 2b3535a74..6df68d604 100644 --- a/doc/crypto/ui.pod +++ b/doc/crypto/ui.pod @@ -5,7 +5,7 @@ UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, -UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface From eeff6bb6b34faa239e143bc2368a2c1f270172bb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Sep 2003 17:31:48 +0000 Subject: [PATCH 020/112] Correct incorrect mode bits change. --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index ae871aad8..8f278cd96 100644 --- a/Makefile.org +++ b/Makefile.org @@ -554,7 +554,7 @@ install: all install_docs fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ From 9ad82c123a4d9b6d90904e741c0aaa7130db335f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:02:45 +0000 Subject: [PATCH 021/112] Use correct case for manual page references --- doc/crypto/des.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 528c73aca..6f0cf1cc5 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -283,7 +283,7 @@ DES_cbc_encrypt is used. =head1 NOTES Single-key DES is insecure due to its short key size. ECB mode is -not suitable for most applications; see L. +not suitable for most applications; see L. The L library provides higher-level encryption functions. From aed29ce5eaaea7460c3c43c1006e4fdc3a4c6e51 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:03:15 +0000 Subject: [PATCH 022/112] Avoid 'file names' with spaces --- Makefile.org | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile.org b/Makefile.org index 8f278cd96..cc8233ac4 100644 --- a/Makefile.org +++ b/Makefile.org @@ -595,6 +595,8 @@ install_docs: > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ + grep -v "[ ]" | \ + grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ From 4d8148fa98145847aacd8feea593823c2386b1b0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:04:13 +0000 Subject: [PATCH 023/112] Remove leading and trailing spaces and tabs --- util/extract-names.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/extract-names.pl b/util/extract-names.pl index 9f2ad5ef1..744a8e232 100644 --- a/util/extract-names.pl +++ b/util/extract-names.pl @@ -10,6 +10,8 @@ while() { if (/ - /) { s/ - .*//; s/,[ \t]+/,/g; + s/^[ \t]+//g; + s/[ \t]+$//g; push @words, split ','; } } From c076599c1826407050d60db88a35d56d36658769 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:06:36 +0000 Subject: [PATCH 024/112] Corrected misplacement of one of the greps... --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index cc8233ac4..b7f15587e 100644 --- a/Makefile.org +++ b/Makefile.org @@ -579,6 +579,7 @@ install_docs: > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ + grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ @@ -596,7 +597,6 @@ install_docs: $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ grep -v "[ ]" | \ - grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ From cf89b40584aa882a963e8b5a86d8c3789fc4c8e2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 20:43:03 +0000 Subject: [PATCH 025/112] Include e_os.h to get a proper definition of memmove on the platforms that do not have it. --- crypto/des/cfb_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 17bf77ca9..136efba95 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include "e_os.h" #include "des_locl.h" /* The input and output are loaded in multiples of 8 bits. From f6e8c19ed12b9ac7ebd6971a94c9e4e0d5f48b49 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 2 Oct 2003 10:38:44 +0000 Subject: [PATCH 026/112] Correct a mixup of return values --- ssl/ssl_ciph.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index f175dc875..cfce88846 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1188,11 +1188,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) OPENSSL_free(comp); MemCheck_on(); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); - return(0); + return(1); } else { MemCheck_on(); - return(1); + return(0); } } From f82ab534c68e49b8014a2e220dd25d3ca177612a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 2 Oct 2003 10:41:48 +0000 Subject: [PATCH 027/112] Check for errors from SSL_COMP_add_compression_method(). Notified by Andrew Marlow --- ssl/ssltest.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 7bb415200..0c684604c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -594,7 +594,14 @@ bad: if (cm != NULL) { if (cm->type != NID_undef) - SSL_COMP_add_compression_method(comp, cm); + { + if (SSL_COMP_add_compression_method(comp, cm) != 0) + { + fprintf(stderr, + "Failed to add compression method\n"); + ERR_print_errors_fp(stderr); + } + } else { fprintf(stderr, From 6895cca89d47b30708e41da5a7f86277f526cbe6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 4 Oct 2003 09:09:19 +0000 Subject: [PATCH 028/112] Remove unused code, don't use zlib functions that are really macros and provide missing prototypes. --- crypto/comp/c_zlib.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 3bcb7c960..c3167fcea 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -30,6 +30,7 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, @@ -48,6 +49,7 @@ static COMP_METHOD zlib_stateless_method={ NULL, NULL, }; +#endif static COMP_METHOD zlib_stateful_method={ NID_zlib_compression, @@ -79,12 +81,18 @@ static COMP_METHOD zlib_stateful_method={ #include /* Prototypes for built in stubs */ +#if 0 static int stub_compress(Bytef *dest,uLongf *destLen, const Bytef *source, uLong sourceLen); +#endif static int stub_inflateEnd(z_streamp strm); static int stub_inflate(z_streamp strm, int flush); static int stub_inflateInit_(z_streamp strm, const char * version, int stream_size); +static int stub_deflateEnd(z_streamp strm); +static int stub_deflate(z_streamp strm, int flush); +static int stub_deflateInit_(z_streamp strm, int level, + const char * version, int stream_size); /* Function pointers */ typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, @@ -111,11 +119,9 @@ static DSO *zlib_dso = NULL; #define compress stub_compress #define inflateEnd stub_inflateEnd #define inflate stub_inflate -#define inflateInit stub_inflateInit #define inflateInit_ stub_inflateInit_ #define deflateEnd stub_deflateEnd #define deflate stub_deflate -#define deflateInit stub_deflateInit #define deflateInit_ stub_deflateInit_ #endif /* ZLIB_SHARED */ @@ -152,7 +158,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) state->istream.next_out = Z_NULL; state->istream.avail_in = 0; state->istream.avail_out = 0; - err = inflateInit(&state->istream); + err = inflateInit_(&state->istream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; @@ -163,7 +170,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) state->ostream.next_out = Z_NULL; state->ostream.avail_in = 0; state->ostream.avail_out = 0; - err = deflateInit(&state->ostream,Z_DEFAULT_COMPRESSION); + err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; @@ -243,6 +251,7 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, return olen - state->istream.avail_out; } +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen) { @@ -319,7 +328,8 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; - err = inflateInit(&stream); + err = inflateInit_(&stream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) return err; err = inflate(&stream, Z_FINISH); @@ -332,6 +342,7 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, err = inflateEnd(&stream); return err; } +#endif #endif @@ -383,6 +394,7 @@ COMP_METHOD *COMP_zlib(void) } #ifdef ZLIB_SHARED +#if 0 /* Stubs for each function to be dynamicly loaded */ static int stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) @@ -392,6 +404,7 @@ stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) else return(Z_MEM_ERROR); } +#endif static int stub_inflateEnd(z_streamp strm) @@ -443,7 +456,7 @@ stub_deflateInit_(z_streamp strm, int level, const char * version, int stream_size) { if ( p_deflateInit_ ) - return(p_deflateInit_(strm,version,stream_size)); + return(p_deflateInit_(strm,level,version,stream_size)); else return(Z_MEM_ERROR); } From c40b9bdefb59be7e640cd7a10bfd2fa26ea1fe7b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 09:09:44 +0000 Subject: [PATCH 029/112] Setting the ex_data index is unsafe in a threaded environment, so let's wrap it with a lock. --- crypto/comp/c_zlib.c | 9 ++++++--- crypto/cryptlib.c | 3 ++- crypto/crypto.h | 3 ++- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index c3167fcea..7553a2d10 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -178,9 +178,12 @@ static int zlib_stateful_init(COMP_CTX *ctx) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); if (zlib_stateful_ex_idx == -1) { - zlib_stateful_ex_idx = - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, - 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_lock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, + 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); if (zlib_stateful_ex_idx == -1) goto err; } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 9c38f15ab..009c3be4c 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -168,7 +168,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "bn", "ec_pre_comp", "store", -#if CRYPTO_NUM_LOCKS != 38 + "comp", +#if CRYPTO_NUM_LOCKS != 39 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto.h b/crypto/crypto.h index dd90cfa55..5238e5306 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -203,7 +203,8 @@ typedef struct openssl_item_st #define CRYPTO_LOCK_BN 35 #define CRYPTO_LOCK_EC_PRE_COMP 36 #define CRYPTO_LOCK_STORE 37 -#define CRYPTO_NUM_LOCKS 38 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_NUM_LOCKS 39 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 From 8242354952ead170335b98b33254ca9a0e836926 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 11:00:15 +0000 Subject: [PATCH 030/112] Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods(). --- crypto/comp/Makefile.ssl | 12 ++++++------ crypto/des/Makefile.ssl | 13 +++++++------ ssl/ssl.h | 3 +++ ssl/ssl_ciph.c | 10 +++++++++- ssl/ssl_err.c | 3 ++- ssl/ssltest.c | 20 +++++++++++++++++--- util/ssleay.num | 1 + 7 files changed, 45 insertions(+), 17 deletions(-) diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index f60c7a1af..5db2412f9 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_zlib.o: c_zlib.c +c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 34ca7acba..73ffab9c8 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -160,12 +160,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64enc.o: cfb64enc.c des_locl.h -cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h +cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h +cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cfb_enc.o: cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/ssl/ssl.h b/ssl/ssl.h index 7cd7ece4c..2d4035090 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, #endif #ifndef OPENSSL_NO_COMP +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else +void *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,char *cm); #endif @@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DUPLICATE_COMPRESSION_ID 1121 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index cfce88846..44b50feff 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) comp->id=id; comp->method=cm; load_builtin_compressions(); - if ((ssl_comp_methods == NULL) + if (ssl_comp_methods + && !sk_SSL_COMP_find(ssl_comp_methods,comp)) + { + OPENSSL_free(comp); + MemCheck_on(); + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); + return(1); + } + else if ((ssl_comp_methods == NULL) || !sk_SSL_COMP_push(ssl_comp_methods,comp)) { OPENSSL_free(comp); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index b9a50b8e6..359ea45b9 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, +{SSL_R_DUPLICATE_COMPRESSION_ID ,"duplicate compression id"}, {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER ,"ecgroup too large for cipher"}, {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, {SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0c684604c..6391cf207 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -164,8 +164,8 @@ /* There is really no standard for this, so let's assign some tentative numbers. In any case, these numbers are only for this test */ -#define COMP_RLE 1 -#define COMP_ZLIB 2 +#define COMP_RLE 255 +#define COMP_ZLIB 1 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA @@ -373,7 +373,7 @@ int main(int argc, char *argv[]) SSL_METHOD *meth=NULL; SSL *c_ssl,*s_ssl; int number=1,reuse=0; - long bytes=1L; + long bytes=256L; #ifndef OPENSSL_NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; @@ -387,6 +387,7 @@ int main(int argc, char *argv[]) clock_t s_time = 0, c_time = 0; int comp = 0; COMP_METHOD *cm = NULL; + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; verbose = 0; debug = 0; @@ -612,6 +613,19 @@ bad: ERR_print_errors_fp(stderr); } } + ssl_comp_methods = SSL_COMP_get_compression_methods(); + fprintf(stderr, "Available compression methods:\n"); + { + int i, n = sk_SSL_COMP_num(ssl_comp_methods); + if (n == 0) + fprintf(stderr, " NONE\n"); + else + for (i = 0; i < n; i++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i); + fprintf(stderr, " %d: %s\n", c->id, c->name); + } + } #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) diff --git a/util/ssleay.num b/util/ssleay.num index 865005ac6..6836484aa 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -218,3 +218,4 @@ SSL_set_msg_callback 267 EXIST::FUNCTION: SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH SSL_SESSION_get_id 270 EXIST::FUNCTION: +SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP From 377dcdba44742ce641521dd4745a37a7321b41bd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 12:18:39 +0000 Subject: [PATCH 031/112] Add functionality to get information on compression methods (not quite complete). --- ssl/ssl.h | 4 ++++ ssl/ssl_algs.c | 6 ++++++ ssl/ssl_ciph.c | 8 ++++++++ ssl/ssl_lib.c | 14 ++++++++++++++ 4 files changed, 32 insertions(+) diff --git a/ssl/ssl.h b/ssl/ssl.h index 2d4035090..e6879d907 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1198,6 +1198,10 @@ int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(SSL_CIPHER *c); const char * SSL_CIPHER_get_name(SSL_CIPHER *c); +const COMP_METHOD *SSL_get_current_compression(SSL *s); +const COMP_METHOD *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const COMP_METHOD *comp); + int SSL_get_fd(SSL *s); int SSL_get_rfd(SSL *s); int SSL_get_wfd(SSL *s); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 7c8a451fc..1a41b9967 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -108,6 +108,12 @@ int SSL_library_init(void) #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); +#endif +#ifndef OPENSSL_NO_COMP + /* This will initialise the built-in compression algorithms. + The value returned is a STACK_OF(SSL_COMP), but that can + be discarded safely */ + (void)SSL_COMP_get_compression_methods(); #endif return(1); } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 44b50feff..4f0f70079 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1204,3 +1204,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return(0); } } + +const char *SSL_COMP_get_name(const COMP_METHOD *comp) + { + if (comp) + return comp->name; + return NULL; + } + diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0c84e3ddd..bf7d7ba56 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2207,6 +2207,20 @@ SSL_CIPHER *SSL_get_current_cipher(SSL *s) return(NULL); } +const COMP_METHOD *SSL_get_current_compression(SSL *s) + { + if (s->compress != NULL) + return(s->compress->meth); + return(NULL); + } + +const COMP_METHOD *SSL_get_current_expansion(SSL *s) + { + if (s->expand != NULL) + return(s->expand->meth); + return(NULL); + } + int ssl_init_wbio_buffer(SSL *s,int push) { BIO *bbio; From f44e184ec61ba858e3048a288ec141903442be06 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 12:19:38 +0000 Subject: [PATCH 032/112] s_client should inform the user of any compression/expansion methods used. --- apps/s_client.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index eb6fd7c1c..0f7dd8861 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -944,6 +944,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; + const COMP_METHOD *comp, *exp; if (full) { @@ -1046,6 +1047,12 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } + comp=SSL_get_current_compression(s); + exp=SSL_get_current_expansion(s); + BIO_printf(bio,"Compression: %s\n", + comp ? SSL_COMP_get_name(comp) : "NONE"); + BIO_printf(bio,"Expansion: %s\n", + exp ? SSL_COMP_get_name(exp) : "NONE"); SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) From 4d1c443123acbbb8a4890605937c1aa199c7f01d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 12:22:42 +0000 Subject: [PATCH 033/112] make update --- util/ssleay.num | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/ssleay.num b/util/ssleay.num index 6836484aa..1cba37173 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -219,3 +219,6 @@ SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH SSL_SESSION_get_id 270 EXIST::FUNCTION: SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP +SSL_COMP_get_name 272 EXIST::FUNCTION: +SSL_get_current_expansion 273 EXIST::FUNCTION: +SSL_get_current_compression 274 EXIST::FUNCTION: From 83eb412da88a1e0b633511a7d07d7f40356dbe6a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 7 Oct 2003 12:09:39 +0000 Subject: [PATCH 034/112] In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq --- crypto/mem.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/mem.c b/crypto/mem.c index 57f295877..d01924c26 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -352,11 +352,15 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); if(ret) + { memcpy(ret,str,old_len); - OPENSSL_cleanse(str,old_len); - free_func(str); + OPENSSL_cleanse(str,old_len); + free_func(str); + } #ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); + fprintf(stderr, + "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", + str, ret, num); #endif if (realloc_debug_func != NULL) realloc_debug_func(str, ret, num, file, line, 1); From a08ced78c84509fe305d57d8257af4df8576585c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:07:24 +0000 Subject: [PATCH 035/112] Avoid warnings: add missing prototype, don't shadow. --- apps/speed.c | 2 +- ssl/ssl.h | 1 + ssl/ssltest.c | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 1c2b9cded..558760732 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2083,7 +2083,7 @@ int MAIN(int argc, char **argv) * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). */ int field_size, outlen; - void *(*kdf)(void *in, size_t inlen, void *out, size_t outlen); + void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); field_size = EC_GROUP_get_degree(ecdh_a[j]->group); if (field_size <= 24 * 8) { diff --git a/ssl/ssl.h b/ssl/ssl.h index e6879d907..0866fb6b2 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1201,6 +1201,7 @@ const char * SSL_CIPHER_get_name(SSL_CIPHER *c); const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); int SSL_get_fd(SSL *s); int SSL_get_rfd(SSL *s); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 6391cf207..82c3b8d89 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -616,13 +616,13 @@ bad: ssl_comp_methods = SSL_COMP_get_compression_methods(); fprintf(stderr, "Available compression methods:\n"); { - int i, n = sk_SSL_COMP_num(ssl_comp_methods); + int j, n = sk_SSL_COMP_num(ssl_comp_methods); if (n == 0) fprintf(stderr, " NONE\n"); else - for (i = 0; i < n; i++) + for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i); + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); fprintf(stderr, " %d: %s\n", c->id, c->name); } } From caf044cb3e42ed44703e3394509deb1fa988c303 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:25:43 +0000 Subject: [PATCH 036/112] Retrieve correct content to sign when the type is "other". --- CHANGES | 4 ++++ crypto/pkcs7/pk7_doit.c | 47 ++++++++++++++++++----------------------- 2 files changed, 25 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 1ecb0b440..da17895eb 100644 --- a/CHANGES +++ b/CHANGES @@ -555,6 +555,10 @@ differing sizes. [Richard Levitte] + Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + *) Use the correct content when signing type "other". + [Steve Henson] + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] *) Fix various bugs revealed by running the NISCC test suite: diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 9382f4776..e7bc3b2bf 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -91,12 +91,14 @@ static int PKCS7_type_is_other(PKCS7* p7) } -static int PKCS7_type_is_octet_string(PKCS7* p7) +static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) { - if ( 0==PKCS7_type_is_other(p7) ) - return 0; - - return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; + if ( PKCS7_type_is_data(p7)) + return p7->d.data; + if ( PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; } BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) @@ -250,29 +252,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) btmp=NULL; } - if (bio == NULL) { + if (bio == NULL) + { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else { - if (PKCS7_type_is_signed(p7) ) { - if ( PKCS7_type_is_data(p7->d.sign->contents)) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.data; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.other->value.octet_string; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - } - if(bio == NULL) { + else + { + ASN1_OCTET_STRING *os; + os = PKCS7_get_octet_string(p7->d.sign->contents); + if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) + { bio=BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bio,0); + } } - } } BIO_push(out,bio); bio=NULL; @@ -311,7 +306,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: - data_body=p7->d.sign->contents->d.data; + data_body=PKCS7_get_octet_string(p7->d.sign->contents); md_sk=p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: @@ -531,9 +526,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) break; case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; - os=p7->d.sign->contents->d.data; + os=PKCS7_get_octet_string(p7->d.sign->contents); /* If detached data then the content is excluded */ - if(p7->detached) { + if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); p7->d.sign->contents->d.data = NULL; } From 0602abf5bda0d78b01f5987bbe068af515a93bef Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:31:53 +0000 Subject: [PATCH 037/112] Initialize digested data type in PKCS7_set_type(). --- crypto/pkcs7/pk7_lib.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 9b647b212..381271061 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -197,6 +197,11 @@ int PKCS7_set_type(PKCS7 *p7, int type) break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + ASN1_INTEGER_set(p7->d.digest->version,0); + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; From 8d9086dfa2f8fa2853713a074f92d8cc0dba598a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:40:47 +0000 Subject: [PATCH 038/112] New function to initialize a PKCS7 structure of type other. --- CHANGES | 7 +++++++ crypto/pkcs7/pk7_lib.c | 7 +++++++ crypto/pkcs7/pkcs7.h | 1 + 3 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index da17895eb..51bfd320d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". + [Steve Henson] + + *) Correctly initialize digested data content type in PKCS7_set_type(). + [Steve Henson] + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 381271061..f71be082e 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -211,6 +211,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index ab04d352a..d9b3c189c 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -308,6 +308,7 @@ DECLARE_ASN1_NDEF_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); From 77fe058c10fee875780b553d4fccbff1180ac45f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 11 Oct 2003 16:46:40 +0000 Subject: [PATCH 039/112] Simplify cipher and digest lookup in PKCS#7 code. --- crypto/pkcs7/pk7_doit.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e7bc3b2bf..f0d117450 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -103,7 +103,7 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { - int i,j; + int i; BIO *out=NULL,*btmp=NULL; X509_ALGOR *xa; const EVP_MD *evp_md; @@ -161,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } - j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); + evp_md=EVP_get_digestbyobj(xa->algorithm); if (evp_md == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); @@ -314,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) md_sk=p7->d.signed_and_enveloped->md_algs; data_body=p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); + evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); @@ -326,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) rsk=p7->d.enveloped->recipientinfo; enc_alg=p7->d.enveloped->enc_data->algorithm; data_body=p7->d.enveloped->enc_data->enc_data; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); + evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); @@ -352,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); + evp_md=EVP_get_digestbynid(j); if (evp_md == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); From c5a55463892d689198e819ab92dd9521ea280337 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 11 Oct 2003 22:11:45 +0000 Subject: [PATCH 040/112] Add support for digested data PKCS#7 type. --- CHANGES | 11 ++- crypto/pkcs7/pk7_doit.c | 162 ++++++++++++++++++++++++++-------------- crypto/pkcs7/pk7_lib.c | 22 ++++++ crypto/pkcs7/pkcs7.h | 6 ++ crypto/pkcs7/pkcs7err.c | 5 +- 5 files changed, 144 insertions(+), 62 deletions(-) diff --git a/CHANGES b/CHANGES index 51bfd320d..c0f18ff1b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,11 +4,16 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] - *) New function PKCS7_set0_type_other() this initializes a PKCS7 - structure of type "other". + *) Reorganise PKCS#7 code to separate the digest location functionality + into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + New function PKCS7_set_digest() to set the digest type for PKCS#7 + digestedData type. Add additional code to correctly generate the + digestedData type and add support for this type in PKCS7 initialization + functions. [Steve Henson] - *) Correctly initialize digested data content type in PKCS7_set_type(). + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". [Steve Henson] *) Fix prime generation loop in crypto/bn/bn_prime.pl by making diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index f0d117450..0b262fa06 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -101,18 +101,54 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) return NULL; } +static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + { + BIO *btmp; + const EVP_MD *md; + if ((btmp=BIO_new(BIO_f_md())) == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + + md=EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp,md); + if (*pbio == NULL) + *pbio=btmp; + else if (!BIO_push(*pbio,btmp)) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + btmp=NULL; + + return 1; + + err: + if (btmp) + BIO_free(btmp); + return 0; + + } + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { int i; BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa; - const EVP_MD *evp_md; + X509_ALGOR *xa = NULL; const EVP_CIPHER *evp_cipher=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; EVP_PKEY *pkey; + ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -121,6 +157,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { case NID_pkcs7_signed: md_sk=p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; @@ -145,37 +182,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; default: PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - if (md_sk != NULL) - { - for (i=0; ialgorithm); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } - - BIO_set_md(btmp,evp_md); - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - } + if (xa && !PKCS7_bio_add_digest(&out, xa)) + goto err; if (evp_cipher != NULL) { @@ -255,19 +276,14 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) { - ASN1_OCTET_STRING *os; - os = PKCS7_get_octet_string(p7->d.sign->contents); - if (os && os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - if(bio == NULL) - { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); - } + bio=BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio,0); } - } + } BIO_push(out,bio); bio=NULL; if (0) @@ -493,6 +509,29 @@ err: return(out); } +static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) + { + for (;;) + { + bio=BIO_find_type(bio,BIO_TYPE_MD); + if (bio == NULL) + { + PKCS7err(PKCS7_F_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio,pmd); + if (*pmd == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio=BIO_next(bio); + } + return NULL; + } + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { int ret=0; @@ -532,6 +571,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) p7->d.sign->contents->d.data = NULL; } break; + + case NID_pkcs7_digest: + os=PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) + { + M_ASN1_OCTET_STRING_free(os); + p7->d.digest->contents->d.data = NULL; + } + break; + } if (si_sk != NULL) @@ -549,26 +599,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) j=OBJ_obj2nid(si->digest_alg->algorithm); btmp=bio; - for (;;) - { - if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) - == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == j) - break; - else - btmp=BIO_next(btmp); - } - + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); @@ -641,6 +677,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } } } + else if (i == NID_pkcs7_digest) + { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; + EVP_DigestFinal_ex(mdc,md_data,&md_len); + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } if (!PKCS7_is_detached(p7)) { diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index f71be082e..70ee44be8 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -410,6 +414,24 @@ err: return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index d9b3c189c..788cd5d6c 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) #define PKCS7_get_detached(p) \ @@ -329,6 +331,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); @@ -379,11 +382,13 @@ void ERR_load_PKCS7_strings(void); /* Function codes. */ #define PKCS7_F_B64_READ_PKCS7 120 #define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_FIND_DIGEST 127 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 #define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 #define PKCS7_F_PKCS7_DATAINIT 105 @@ -394,6 +399,7 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_F_PKCS7_GET0_SIGNERS 124 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index 5e51527a4..0d481e0b7 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,11 +68,13 @@ static ERR_STRING_DATA PKCS7_str_functs[]= { {ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, {ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, +{ERR_PACK(0,PKCS7_F_FIND_DIGEST,0), "FIND_DIGEST"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, +{ERR_PACK(0,PKCS7_F_PKCS7_BIO_ADD_DIGEST,0), "PKCS7_BIO_ADD_DIGEST"}, {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, @@ -83,6 +85,7 @@ static ERR_STRING_DATA PKCS7_str_functs[]= {ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SET_DIGEST,0), "PKCS7_set_digest"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, From 0bb6187e71658fd691fe9f3b48a79a6250567216 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 13 Oct 2003 11:34:40 +0000 Subject: [PATCH 041/112] The object file is o_str.o, not o_str.c. Thanks to Peter Sylvester for the notification. --- crypto/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index b119ccbd9..79dec73cf 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -38,7 +38,7 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c -LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o SRC= $(LIBSRC) From 0b6956b4747e6f42427863f8a78f8939a86fb175 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 15 Oct 2003 09:00:14 +0000 Subject: [PATCH 042/112] Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes . The unnecessary memcpy() was found as an effect of investigating that error. --- crypto/aes/aes_cbc.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 86b27b10d..0a28ab8d3 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -91,21 +91,20 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } else { while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); + memcpy(ivec, in, AES_BLOCK_SIZE); len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, tmp, key); + AES_decrypt(in, tmp, key); for(n=0; n < len; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); + out[n] = tmp[n] ^ ivec[n]; + memcpy(ivec, in, AES_BLOCK_SIZE); } } } From 8ad7e3ad2a1634a020facb2ca9022b2bccef58dd Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 24 Oct 2003 16:17:11 +0000 Subject: [PATCH 043/112] Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway. --- crypto/x509/x509.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index e7706ce9f..9b26b24ef 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -856,10 +856,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -#ifndef OPENSSL_NO_RSA -RSA *RSAPublicKey_dup(RSA *rsa); -RSA *RSAPrivateKey_dup(RSA *rsa); -#endif #endif /* !SSLEAY_MACROS */ From aea293e3bc301e7df9753a1b5eee3dceb341abd6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 17:24:29 +0000 Subject: [PATCH 044/112] crypto/evp/evptests.txt is copied to tests/ rather than symlinked because of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs noise for the copied version. --- test/.cvsignore | 1 + 1 file changed, 1 insertion(+) diff --git a/test/.cvsignore b/test/.cvsignore index 58236039d..fd1ddb002 100644 --- a/test/.cvsignore +++ b/test/.cvsignore @@ -13,3 +13,4 @@ reqU.ss certU.ss Makefile.save tmp.bntest +evptests.txt From 12bdceac8aee2041673f2e0c3d4f606bb01e848d Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 17:26:46 +0000 Subject: [PATCH 045/112] Ignore derived file. --- crypto/cast/asm/.cvsignore | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/cast/asm/.cvsignore b/crypto/cast/asm/.cvsignore index ed39ad9fc..d6bf08ba1 100644 --- a/crypto/cast/asm/.cvsignore +++ b/crypto/cast/asm/.cvsignore @@ -1 +1,2 @@ cx86unix.cpp +cx86-elf.s From 66b82f5aadd6aa9cb235ed33477c5891aaf05656 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 22:10:47 +0000 Subject: [PATCH 046/112] make update --- TABLE | 27 ++++++++++++++++++++++++++- crypto/comp/Makefile.ssl | 12 ++++++------ util/libeay.num | 2 ++ util/ssleay.num | 1 + 4 files changed, 35 insertions(+), 7 deletions(-) diff --git a/TABLE b/TABLE index 8fe97d684..e4492b897 100644 --- a/TABLE +++ b/TABLE @@ -4250,6 +4250,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** vxworks-mipsle +$cc = ccmips +$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = ranlibmips +$arflags = + *** vxworks-ppc405 $cc = ccppc $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h @@ -4327,7 +4352,7 @@ $arflags = *** vxworks-ppc860 $cc = ccppc -$cflags = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h $unistd = $thread_cflag = $sys_id = VXWORKS diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index 5db2412f9..f60c7a1af 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h -c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h -c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c +c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_zlib.o: c_zlib.c comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/util/libeay.num b/util/libeay.num index 6151f6274..dac56a70d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3146,3 +3146,5 @@ DSO_merge 3574 EXIST::FUNCTION: EC_POINT_hex2point 3575 EXIST::FUNCTION:EC BN_GF2m_mod_inv_arr 3576 EXIST::FUNCTION: ENGINE_unregister_ECDSA 3577 EXIST::FUNCTION:ENGINE +PKCS7_set_digest 3578 EXIST::FUNCTION: +PKCS7_set0_type_other 3579 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 1cba37173..c2a4909f1 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -222,3 +222,4 @@ SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP SSL_COMP_get_name 272 EXIST::FUNCTION: SSL_get_current_expansion 273 EXIST::FUNCTION: SSL_get_current_compression 274 EXIST::FUNCTION: +SSL_COMP_get_compression_methods 275 EXIST::FUNCTION: From 2a85f77146eff995afae6f81b8601a64bb1a41fc Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 22:57:18 +0000 Subject: [PATCH 047/112] Add my own debug config target. --- Configure | 1 + TABLE | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/Configure b/Configure index b710e6eb5..044b220aa 100755 --- a/Configure +++ b/Configure @@ -149,6 +149,7 @@ my %table=( "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box diff --git a/TABLE b/TABLE index e4492b897..c74ded4f1 100644 --- a/TABLE +++ b/TABLE @@ -1650,6 +1650,31 @@ $shared_extension = $ranlib = $arflags = +*** debug-geoff +$cc = gcc +$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** debug-levitte-linux-elf $cc = gcc $cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe From 6145b0b1835f14167f8e9e4701251149f9c5373f Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:00:14 +0000 Subject: [PATCH 048/112] The "cryptodev" engine preprocessor logic used undefined symbols in comparisons. It's better not to allow this, because it gives false positives when using compiler warnings that detect mistyped symbols. --- crypto/engine/eng_cryptodev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index b32be08c8..e93b7fd1a 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -33,7 +33,8 @@ #include #include -#if (defined(__unix__) || defined(unix)) && !defined(USG) +#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ + (defined(OpenBSD) || defined(__FreeBSD_version)) #include # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV From 9d473aa2e4076beb959bc9701786a0860877ee12 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:06:50 +0000 Subject: [PATCH 049/112] When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either. --- CHANGES | 4 ++++ crypto/bn/bn_depr.c | 6 ++++++ crypto/dh/dh_depr.c | 4 ++++ crypto/dsa/dsa_depr.c | 4 ++++ crypto/rsa/rsa_depr.c | 5 ++++- 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index c0f18ff1b..666cf68d6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Ensure that deprecated functions do not get compiled when + OPENSSL_NO_DEPRECATED is defined. + [Geoff Thorpe] + *) Reorganise PKCS#7 code to separate the digest location functionality into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). New function PKCS7_set_digest() to set the digest type for PKCS#7 diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 35e912728..09ad52e7c 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -62,6 +62,9 @@ #include "bn_lcl.h" #include +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) @@ -78,6 +81,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, } else rnd=ret; + bn_verify(rnd); if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) goto err; @@ -85,6 +89,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, found = 1; err: if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); + if(found) bn_verify(rnd); return(found ? rnd : NULL); } @@ -106,3 +111,4 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, return BN_is_prime_fasttest_ex(a, checks, ctx_passed, do_trial_division, &cb); } +#endif diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index 3eb319e2a..acc05f252 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -61,6 +61,9 @@ #include #include +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED DH *DH_generate_parameters(int prime_len, int generator, void (*callback)(int,int,void *), void *cb_arg) { @@ -77,3 +80,4 @@ DH *DH_generate_parameters(int prime_len, int generator, DH_free(ret); return NULL; } +#endif diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index cb8045721..f2da680eb 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -69,6 +69,8 @@ #define HASH EVP_sha1() #endif +static void *dummy=&dummy; + #ifndef OPENSSL_NO_SHA #include @@ -80,6 +82,7 @@ #include #include +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -100,3 +103,4 @@ DSA *DSA_generate_parameters(int bits, return NULL; } #endif +#endif diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 3773d037c..2d87cd39f 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -62,6 +62,9 @@ #include #include +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) { @@ -78,4 +81,4 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, RSA_free(rsa); return 0; } - +#endif From 2aaec9cced89edfdc8375b38a130fa1c35a98025 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:14:08 +0000 Subject: [PATCH 050/112] Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined. --- CHANGES | 4 +++- apps/dhparam.c | 24 ++++++++++++++---------- apps/gendh.c | 17 ++++++++++------- apps/genrsa.c | 15 ++++++++++----- apps/req.c | 20 +++++++++++++------- apps/s_server.c | 7 ++++++- crypto/bn/bntest.c | 17 +++++++++++------ crypto/dh/dhtest.c | 16 ++++++++++------ crypto/dsa/dsatest.c | 23 +++++++++++------------ 9 files changed, 88 insertions(+), 55 deletions(-) diff --git a/CHANGES b/CHANGES index 666cf68d6..ea4793c2e 100644 --- a/CHANGES +++ b/CHANGES @@ -5,7 +5,9 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] *) Ensure that deprecated functions do not get compiled when - OPENSSL_NO_DEPRECATED is defined. + OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of + the self-tests were still using deprecated key-generation functions so + these have been updated also. [Geoff Thorpe] *) Reorganise PKCS#7 code to separate the digest location functionality diff --git a/apps/dhparam.c b/apps/dhparam.c index dc00355b9..e3cabcfcd 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -142,7 +142,7 @@ * -C */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -294,6 +294,8 @@ bad: if(num) { + BN_GENCB cb; + BN_GENCB_set(&cb, dh_cb, bio_err); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); @@ -305,12 +307,13 @@ bad: #ifndef OPENSSL_NO_DSA if (dsaparam) { - DSA *dsa; + DSA *dsa = DSA_new(); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); - dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err); - if (dsa == NULL) + if(!dsa || !DSA_generate_parameters_ex(dsa, num, + NULL, 0, NULL, NULL, &cb)) { + if(dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } @@ -326,12 +329,12 @@ bad: else #endif { + dh = DH_new(); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) + if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { + if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } @@ -534,7 +537,7 @@ end: } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -542,11 +545,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/gendh.c b/apps/gendh.c index b90087493..69baa50b0 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -81,12 +81,13 @@ #undef PROG #define PROG gendh_main -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -102,6 +103,7 @@ int MAIN(int argc, char **argv) apps_startup(); + BN_GENCB_set(&cb, dh_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -199,10 +201,10 @@ bad: BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) goto end; + if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) + goto end; + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) @@ -217,7 +219,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -225,10 +227,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/genrsa.c b/apps/genrsa.c index 0ce23946e..85da98d45 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -81,12 +81,13 @@ #undef PROG #define PROG genrsa_main -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -105,6 +106,7 @@ int MAIN(int argc, char **argv) BIO *out=NULL; apps_startup(); + BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -239,7 +241,9 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb)) + goto err; app_RAND_write_file(NULL, bio_err); @@ -277,7 +281,7 @@ err: OPENSSL_EXIT(ret); } -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -285,11 +289,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #else /* !OPENSSL_NO_RSA */ diff --git a/apps/req.c b/apps/req.c index 80b623c50..29076266f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -135,7 +135,7 @@ static int add_attribute_object(X509_REQ *req, char *text, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); #endif static int req_check_len(int len,int n_min,int n_max); static int check_end(char *str, char *end); @@ -712,6 +712,8 @@ bad: if (newreq && (pkey == NULL)) { + BN_GENCB cb; + BN_GENCB_set(&cb, req_cb, bio_err); char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -740,10 +742,13 @@ bad: #ifndef OPENSSL_NO_RSA if (pkey_type == TYPE_RSA) { - if (!EVP_PKEY_assign_RSA(pkey, - RSA_generate_key(newkey,0x10001, - req_cb,bio_err))) + RSA *rsa = RSA_new(); + if(!rsa || !RSA_generate_key_ex(rsa, newkey, 0x10001, &cb) || + !EVP_PKEY_assign_RSA(pkey, rsa)) + { + if(rsa) RSA_free(rsa); goto end; + } } else #endif @@ -1610,7 +1615,7 @@ err: } #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p, int n, void *arg) +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -1618,11 +1623,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/s_server.c b/apps/s_server.c index dd58591d3..9b8fe570c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1785,7 +1785,12 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); (void)BIO_flush(bio_err); } - rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if(((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex( + rsa_tmp, keylength,RSA_F4,NULL)) + { + if(rsa_tmp) RSA_free(rsa_tmp); + rsa_tmp = NULL; + } if (!s_quiet) { BIO_printf(bio_err,"\n"); diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index fe057dc22..0d37dcff4 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -1502,7 +1502,7 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx) return ret; } -static void genprime_cb(int p, int n, void *arg) +static int genprime_cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -1512,12 +1512,12 @@ static void genprime_cb(int p, int n, void *arg) if (p == 3) c='\n'; putc(c, stderr); fflush(stderr); - (void)n; - (void)arg; + return 1; } int test_kron(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*b,*r,*t; int i; int legendre, kronecker; @@ -1528,6 +1528,8 @@ int test_kron(BIO *bp, BN_CTX *ctx) r = BN_new(); t = BN_new(); if (a == NULL || b == NULL || r == NULL || t == NULL) goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). * In this case we know that if b is prime, then BN_kronecker(a, b, ctx) @@ -1538,7 +1540,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) * don't want to test whether b is prime but whether BN_kronecker * works.) */ - if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err; b->neg = rand_neg(); putc('\n', stderr); @@ -1606,6 +1608,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) int test_sqrt(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*p,*r; int i, j; int ret = 0; @@ -1614,7 +1617,9 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) p = BN_new(); r = BN_new(); if (a == NULL || p == NULL || r == NULL) goto err; - + + BN_GENCB_set(&cb, genprime_cb, NULL); + for (i = 0; i < 16; i++) { if (i < 8) @@ -1628,7 +1633,7 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) if (!BN_set_word(a, 32)) goto err; if (!BN_set_word(r, 2*i + 1)) goto err; - if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err; putc('\n', stderr); } p->neg = rand_neg(); diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index dc25283f7..492fbeefa 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -89,12 +89,13 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK cb(int p, int n, void *arg); +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) { + BN_GENCB _cb; DH *a; DH *b=NULL; char buf[12]; @@ -116,8 +117,10 @@ int main(int argc, char *argv[]) if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); - a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); - if (a == NULL) goto err; + BN_GENCB_set(&_cb, &cb, out); + if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, &_cb)) + goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) @@ -201,7 +204,7 @@ err: return(ret); } -static void MS_CALLBACK cb(int p, int n, void *arg) +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -209,10 +212,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 49c630b10..1dbda6801 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -90,7 +90,7 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -135,6 +135,7 @@ static BIO *bio_err=NULL; int main(int argc, char **argv) { + BN_GENCB cb; DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; @@ -154,7 +155,10 @@ int main(int argc, char **argv) BIO_printf(bio_err,"test generation of DSA parameters\n"); - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); + BN_GENCB_set(&cb, dsa_cb, bio_err); + if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, + seed, 20, &counter, &h, &cb)) + goto end; BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) @@ -221,13 +225,7 @@ end: return(0); } -static int cb_exit(int ec) - { - EXIT(ec); - return(0); /* To keep some compilers quiet */ - } - -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) { char c='*'; static int ok=0,num=0; @@ -236,13 +234,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) { c='*'; ok++; } if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - cb_exit(1); + return 0; } + return 1; } #endif From 0991f0703478fd0fc704b6c59ffbb675b92899c1 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:40:13 +0000 Subject: [PATCH 051/112] For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly. In addition - this highlights some cruft in openssl that needs sorting out. The tmdiff.h header is exported as part of the openssl API despite the fact that it is ugly as the driven sludge and not used anywhere in the library, applications, or utilities. More weird still, almost identical code exists in apps/speed.c though it looks to be slightly tweaked - so either tmdiff should be updated and used by speed.c, or it should be dumped because it's obviously not useful enough. Rather than removing it for now, I've changed the API for tmdiff to at least make sense. This involves taking the object type (MS_TM) from the implementation and using it in the header rather than using "char *" in the API and casting mercilessly in the code (ugh). If someone doesn't like "MS_TM" and the "ms_time_***" naming, by all means change it. This should be a harmless improvement, because the existing API is clearly not very useful (eg. we reimplement it rather than using it in our own utils). However, someone still needs to take a hack at consolidating speed.c and tmdiff.[ch] somehow. --- CHANGES | 9 +++++++++ apps/speed.c | 22 ++++++++++++++++++---- crypto/tmdiff.c | 29 ++++++++++++++--------------- crypto/tmdiff.h | 22 +++++++++++++++++----- 4 files changed, 58 insertions(+), 24 deletions(-) diff --git a/CHANGES b/CHANGES index ea4793c2e..a75374b3f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) The tmdiff.h API was so ugly and minimal that our own timing utility + (speed) prefers to use its own implementation. The two implementations + haven't been consolidated as yet (volunteers?) but the tmdiff API has had + its object type properly exposed (MS_TM) instead of casting to/from "char + *". This may still change yet if someone realises MS_TM and "ms_time_***" + aren't necessarily the greatest nomenclatures - but this is what was used + internally to the implementation so I've used that for now. + [Geoff Thorpe] + *) Ensure that deprecated functions do not get compiled when OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of the self-tests were still using deprecated key-generation functions so diff --git a/apps/speed.c b/apps/speed.c index 558760732..5576f23fe 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -208,11 +208,21 @@ #include #endif +/* + * The following "HZ" timing stuff should be sync'd up with the code in + * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think + * this code is more up to date than libcrypto's so there may be features to + * migrate over first. This is used in two places further down AFAICS. + * The point is that nothing in openssl actually *uses* that tmdiff stuff, so + * either speed.c should be using it or it should go because it's obviously not + * useful enough. Anyone want to do a janitorial job on this? + */ + /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -294,7 +304,7 @@ static double Time_F(int s) #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; getrusage_used = 1; @@ -349,7 +359,8 @@ static double Time_F(int s) else { times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + ret = HZ; + ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; return((ret < 1e-3)?1e-3:ret); } } @@ -2191,7 +2202,10 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", (double)HZ); + { + double dbl = HZ; + printf("HZ=%g", dbl); + } # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c index 307523ebb..cbec38e17 100644 --- a/crypto/tmdiff.c +++ b/crypto/tmdiff.c @@ -106,7 +106,8 @@ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +/* # define HZ ((double)sysconf(_SC_CLK_TCK)) */ +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -120,7 +121,7 @@ # endif #endif -typedef struct ms_tm +struct ms_tm { #ifdef TIMES struct tms ms_tms; @@ -136,9 +137,9 @@ typedef struct ms_tm # endif # endif #endif - } MS_TM; + }; -char *ms_time_new(void) +MS_TM *ms_time_new(void) { MS_TM *ret; @@ -149,18 +150,17 @@ char *ms_time_new(void) #ifdef OPENSSL_SYS_WIN32 ret->thread_id=GetCurrentThread(); #endif - return((char *)ret); + return ret; } -void ms_time_free(char *a) +void ms_time_free(MS_TM *a) { if (a != NULL) OPENSSL_free(a); } -void ms_time_get(char *a) +void ms_time_get(MS_TM *tm) { - MS_TM *tm=(MS_TM *)a; #ifdef OPENSSL_SYS_WIN32 FILETIME tmpa,tmpb,tmpc; #endif @@ -180,14 +180,13 @@ void ms_time_get(char *a) #endif } -double ms_time_diff(char *ap, char *bp) +double ms_time_diff(MS_TM *a, MS_TM *b) { - MS_TM *a=(MS_TM *)ap; - MS_TM *b=(MS_TM *)bp; double ret; #ifdef TIMES - ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + ret = HZ; + ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret; #else # ifdef OPENSSL_SYS_WIN32 { @@ -217,14 +216,14 @@ double ms_time_diff(char *ap, char *bp) return((ret < 0.0000001)?0.0000001:ret); } -int ms_time_cmp(char *ap, char *bp) +int ms_time_cmp(const MS_TM *a, const MS_TM *b) { - MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp; double d; int ret; #ifdef TIMES - d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + d = HZ; + d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d; #else # ifdef OPENSSL_SYS_WIN32 d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; diff --git a/crypto/tmdiff.h b/crypto/tmdiff.h index 41a8a1e0e..af5c41c64 100644 --- a/crypto/tmdiff.h +++ b/crypto/tmdiff.h @@ -59,6 +59,16 @@ /* Header for dynamic hash table routines * Author - Eric Young */ +/* ... erm yeah, "dynamic hash tables" you say? + * + * And what would dynamic hash tables have to do with any of this code *now*? + * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused + * file that I doubt compiles any more. speed.c is the only thing that could + * use this (and it has nothing to do with hash tables), yet it instead has its + * own duplication of all this stuff and looks, if anything, more complete. See + * the corresponding note in apps/speed.c. + * The Bemused - Geoff + */ #ifndef HEADER_TMDIFF_H #define HEADER_TMDIFF_H @@ -67,11 +77,13 @@ extern "C" { #endif -char *ms_time_new(void ); -void ms_time_free(char *a); -void ms_time_get(char *a); -double ms_time_diff(char *start,char *end); -int ms_time_cmp(char *ap,char *bp); +typedef struct ms_tm MS_TM; + +MS_TM *ms_time_new(void ); +void ms_time_free(MS_TM *a); +void ms_time_get(MS_TM *a); +double ms_time_diff(MS_TM *start, MS_TM *end); +int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); #ifdef __cplusplus } From 40f935f5b45bc08492177ce5856d2c3e8fe764e5 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:41:19 +0000 Subject: [PATCH 052/112] Avoid "empty source file" warnings. --- crypto/ebcdic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index d1bece87f..6ac5b3944 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -1,5 +1,7 @@ /* crypto/ebcdic.c */ +static void *dummy=&dummy; + #ifdef CHARSET_EBCDIC #include "ebcdic.h" /* Initial Port for Apache-1.3 by From 6bcd3f903a5c163ae8994533d90e8571347ed30a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:42:29 +0000 Subject: [PATCH 053/112] Comments out some unimplemented functions instead of redeclaring them. --- crypto/ec/ecp_recp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index e0b28c1cf..d454c12fd 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -119,7 +119,8 @@ int ec_GFp_recp_group_init(EC_GROUP *group) return ok; } - +/* Avoid "redundant redeclaration" warnings */ +#if 0 int ec_GFp_recp_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* TODO */ @@ -142,3 +143,4 @@ int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, con int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); /* TODO */ +#endif From 8dc344ccbf41c427634a5f8a0f17ee62eb121551 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:57:05 +0000 Subject: [PATCH 054/112] Relax some over-zealous constification that gave some lhash-based code no choice but to have to cast away "const" qualifiers from their prototypes. This does not remove constification restrictions from hash/compare callbacks, but allows destructor commands to be run over a tables' elements without bad casts. --- CHANGES | 11 +++++++++++ crypto/ex_data.c | 2 +- crypto/lhash/lhash.c | 2 +- crypto/lhash/lhash.h | 16 ++++++++-------- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index a75374b3f..c206df30f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,17 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Because of the callback-based approach for implementing LHASH as a + template type, lh_insert() adds opaque objects to hash-tables and + lh_doall() or lh_doall_arg() are typically used with a destructor callback + to clean up those corresponding objects before destroying the hash table + (and losing the object pointers). So some over-zealous constifications in + LHASH have been relaxed so that lh_insert() does not take (nor store) the + objects as "const" and the lh_doall[_arg] callback wrappers are not + prototyped to have "const" restrictions on the object pointers they are + given (and so aren't required to cast them away any more). + [Geoff Thorpe] + *) The tmdiff.h API was so ugly and minimal that our own timing utility (speed) prefers to use its own implementation. The two implementations haven't been consolidated as yet (volunteers?) but the tmdiff API has had diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5b2e345c2..f68cf8452 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -287,7 +287,7 @@ static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do * any locking. */ -static void def_cleanup_cb(const void *a_void) +static void def_cleanup_cb(void *a_void) { EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 0a16fcf27..9856c26d4 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -176,7 +176,7 @@ void lh_free(LHASH *lh) OPENSSL_free(lh); } -void *lh_insert(LHASH *lh, const void *data) +void *lh_insert(LHASH *lh, void *data) { unsigned long hash; LHASH_NODE *nn,**rn; diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index 7c1d48642..d392d0cd8 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -78,7 +78,7 @@ extern "C" { typedef struct lhash_node_st { - const void *data; + void *data; struct lhash_node_st *next; #ifndef OPENSSL_NO_HASH_COMP unsigned long hash; @@ -87,8 +87,8 @@ typedef struct lhash_node_st typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. * This way, callbacks can be provided to LHASH structures without function @@ -118,18 +118,18 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); /* Third: "doall" functions */ #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *); + void f_name##_LHASH_DOALL(void *); #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *arg) { \ + void f_name##_LHASH_DOALL(void *arg) { \ o_type a = (o_type)arg; \ f_name(a); } #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *, void *); + void f_name##_LHASH_DOALL_ARG(void *, void *); #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ + void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ o_type a = (o_type)arg1; \ a_type b = (a_type)arg2; \ f_name(a,b); } @@ -173,7 +173,7 @@ typedef struct lhash_st LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, const void *data); +void *lh_insert(LHASH *lh, void *data); void *lh_delete(LHASH *lh, const void *data); void *lh_retrieve(LHASH *lh, const void *data); void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); From 2eeaa0261ef53307008b9725bc001b397c96e22e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:58:23 +0000 Subject: [PATCH 055/112] Remove redundant declaration. --- crypto/des/fcrypt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index 2758c3265..ccbdff250 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -58,9 +58,6 @@ static unsigned const char cov_2char[64]={ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A }; -void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - char *DES_crypt(const char *buf, const char *salt) { static char buff[14]; From 8a66d17899e6ed3ccdb2feb878e5d77d35753494 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 05:00:57 +0000 Subject: [PATCH 056/112] Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings. --- crypto/bio/b_print.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 2cfc689dd..f80335e26 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -513,8 +513,8 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < sizeof convert)); - if (place == sizeof convert) + } while (uvalue && (place < (int)sizeof(convert))); + if (place == sizeof(convert)) place--; convert[place] = 0; @@ -643,7 +643,7 @@ fmtfp( if (fracpart >= pow10(max)) { intpart++; - fracpart -= (long)pow10(max); + fracpart -= pow10(max); } /* convert integer part */ @@ -652,7 +652,7 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < sizeof iplace)); + } while (intpart && (iplace < (int)sizeof(iplace))); if (iplace == sizeof iplace) iplace--; iconvert[iplace] = 0; From db59141467aa424c3fb5656ffa4355e3740dad1a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 05:35:31 +0000 Subject: [PATCH 057/112] remove accidentally committed debugging cruft. --- crypto/bn/bn_depr.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 09ad52e7c..27535e4fc 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -81,7 +81,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, } else rnd=ret; - bn_verify(rnd); if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) goto err; @@ -89,7 +88,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, found = 1; err: if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); - if(found) bn_verify(rnd); return(found ? rnd : NULL); } From 4e952ae4fc33a1c3a39e082dcb139c5560128ce8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 29 Oct 2003 06:21:22 +0000 Subject: [PATCH 058/112] Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored. --- crypto/aes/aes_cbc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 0a28ab8d3..1222a2100 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -91,20 +91,21 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } else { while (len >= AES_BLOCK_SIZE) { + memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, in, AES_BLOCK_SIZE); + memcpy(ivec, tmp, AES_BLOCK_SIZE); len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, tmp, key); + AES_decrypt(tmp, tmp, key); for(n=0; n < len; ++n) out[n] = tmp[n] ^ ivec[n]; - memcpy(ivec, in, AES_BLOCK_SIZE); + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } } From 2ce90b9b7481381dff584726d84345a0260ca4d1 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 18:04:37 +0000 Subject: [PATCH 059/112] BN_CTX is opaque and the static initialiser BN_CTX_init() is not used except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself. NDEBUG should probably only be "forced" in the top-level configuration, but until it is I will avoid removing it from bn_ctx.c which might surprise people with massive slow-downs in their keygens. So I've left it in bn_ctx.c but tidied up the preprocessor logic a touch and made it more tolerant of debugging efforts. --- CHANGES | 6 ++++++ crypto/bn/bn.h | 2 ++ crypto/bn/bn_ctx.c | 53 ++++++++++++++++++++++++++++++---------------- crypto/bn/bn_lcl.h | 14 ------------ 4 files changed, 43 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index c206df30f..d15740876 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure + that can only be obtained through BN_CTX_new() (which implicitly + initialises it). The presence of this function only made it possible + to overwrite an existing structure (and cause memory leaks). + [Geoff Thorpe] + *) Because of the callback-based approach for implementing LHASH as a template type, lh_insert() adds opaque objects to hash-tables and lh_doall() or lh_doall_arg() are typically used with a destructor callback diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d7a5fce6e..686b3b307 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -363,7 +363,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); const BIGNUM *BN_value_one(void); char * BN_options(void); BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED void BN_CTX_init(BN_CTX *c); +#endif void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 7daf19eb8..34cc75cfa 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -54,9 +54,10 @@ * */ -#ifndef BN_CTX_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +#ifndef NDEBUG +#define NDEBUG +#endif #endif #include @@ -65,6 +66,37 @@ #include "cryptlib.h" #include "bn_lcl.h" +/* BN_CTX structure details */ +#define BN_CTX_NUM 32 +#define BN_CTX_NUM_POS 12 +struct bignum_ctx + { + int tos; + BIGNUM bn[BN_CTX_NUM]; + int flags; + int depth; + int pos[BN_CTX_NUM_POS]; + int too_many; + }; + +#ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *ctx) +#else +static void BN_CTX_init(BN_CTX *ctx) +#endif + { +#if 0 /* explicit version */ + int i; + ctx->tos = 0; + ctx->flags = 0; + ctx->depth = 0; + ctx->too_many = 0; + for (i = 0; i < BN_CTX_NUM; i++) + BN_init(&(ctx->bn[i])); +#else + memset(ctx, 0, sizeof *ctx); +#endif + } BN_CTX *BN_CTX_new(void) { @@ -82,21 +114,6 @@ BN_CTX *BN_CTX_new(void) return(ret); } -void BN_CTX_init(BN_CTX *ctx) - { -#if 0 /* explicit version */ - int i; - ctx->tos = 0; - ctx->flags = 0; - ctx->depth = 0; - ctx->too_many = 0; - for (i = 0; i < BN_CTX_NUM; i++) - BN_init(&(ctx->bn[i])); -#else - memset(ctx, 0, sizeof *ctx); -#endif - } - void BN_CTX_free(BN_CTX *ctx) { int i; diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 01cb6e928..0c448724d 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -119,20 +119,6 @@ extern "C" { #endif -/* Used for temp variables */ -#define BN_CTX_NUM 32 -#define BN_CTX_NUM_POS 12 -struct bignum_ctx - { - int tos; - BIGNUM bn[BN_CTX_NUM]; - int flags; - int depth; - int pos[BN_CTX_NUM_POS]; - int too_many; - } /* BN_CTX */; - - /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * From 27545970134d703ed96027aac9b67eced124eec3 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 20:24:15 +0000 Subject: [PATCH 060/112] A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate. --- apps/ca.c | 3 ++- apps/enc.c | 2 +- apps/passwd.c | 3 ++- apps/rand.c | 2 +- crypto/asn1/a_enum.c | 7 ++++--- crypto/asn1/a_int.c | 7 ++++--- crypto/asn1/a_object.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/x_long.c | 2 +- crypto/bn/bn_lib.c | 12 ++++++------ crypto/des/destest.c | 9 +++++---- crypto/des/set_key.c | 4 ++-- crypto/evp/bio_b64.c | 2 +- crypto/evp/e_rc2.c | 7 ++++--- crypto/evp/encode.c | 4 ++-- crypto/evp/evp_enc.c | 17 ++++++++++------- crypto/evp/evp_lib.c | 12 +++++++----- crypto/evp/p5_crpt.c | 2 +- crypto/evp/p5_crpt2.c | 5 +++-- crypto/hmac/hmac.c | 4 ++-- crypto/pem/pem_lib.c | 2 +- crypto/rand/md_rand.c | 2 +- crypto/rsa/rsa_gen.c | 3 ++- crypto/x509/x509_trs.c | 4 ++-- crypto/x509v3/v3_purp.c | 4 ++-- engines/e_4758_cca.c | 6 +++--- ssl/s2_clnt.c | 6 +++--- ssl/s2_enc.c | 2 +- ssl/s2_lib.c | 12 +++++++----- ssl/s3_clnt.c | 2 +- ssl/s3_enc.c | 6 +++--- ssl/s3_lib.c | 2 +- ssl/s3_srvr.c | 2 +- ssl/ssl_asn1.c | 6 +++--- ssl/ssl_cert.c | 2 +- ssl/ssltest.c | 8 ++++---- 37 files changed, 97 insertions(+), 82 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 780868a9f..15211b844 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -3005,7 +3005,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; int reason_code = -1; - int i, ret = 0; + int ret = 0; + unsigned int i; ASN1_OBJECT *hold = NULL; ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); diff --git a/apps/enc.c b/apps/enc.c index 0a9f7310b..ae18452e8 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -534,7 +534,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i sizeof buf) + if (chunk > (int)sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 68a525fb1..d9db53f01 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -67,12 +67,13 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_ENUMERATED; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -116,7 +117,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) else if (i != V_ASN1_ENUMERATED) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 78402cd98..4bb300c20 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -313,12 +313,13 @@ err: int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_INTEGER; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -362,7 +363,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) else if (i != V_ASN1_INTEGER) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 0a8e6c287..124451d7a 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -184,7 +184,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); i=i2t_ASN1_OBJECT(buf,sizeof buf,a); - if (i > sizeof buf) i=sizeof buf; + if (i > (int)sizeof(buf)) i=sizeof buf; BIO_write(bp,buf,i); return(i); } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index c035cc0f5..277726cd5 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -544,7 +544,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons static int asn1_str2tag(const char *tagstr, int len) { - int i; + unsigned int i; static struct tag_name_st *tntmp, tnst [] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index e100e93be..1905b090e 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -145,7 +145,7 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; unsigned long ret=0; - int i; + unsigned int i; if (max-- < 1) return(0); if (*p == 0x80) diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index c04b19279..954d18397 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -136,7 +136,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, int neg, i; long ltmp; unsigned long utmp = 0; - if(len > sizeof(long)) { + if(len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index bbcc62d83..8207bce23 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -91,28 +91,28 @@ void BN_set_params(int mult, int high, int low, int mont) { if (mult >= 0) { - if (mult > (sizeof(int)*8)-1) + if (mult > (int)(sizeof(int)*8)-1) mult=sizeof(int)*8-1; bn_limit_bits=mult; bn_limit_num=1<= 0) { - if (high > (sizeof(int)*8)-1) + if (high > (int)(sizeof(int)*8)-1) high=sizeof(int)*8-1; bn_limit_bits_high=high; bn_limit_num_high=1<= 0) { - if (low > (sizeof(int)*8)-1) + if (low > (int)(sizeof(int)*8)-1) low=sizeof(int)*8-1; bn_limit_bits_low=low; bn_limit_num_low=1<= 0) { - if (mont > (sizeof(int)*8)-1) + if (mont > (int)(sizeof(int)*8)-1) mont=sizeof(int)*8-1; bn_limit_bits_mont=mont; bn_limit_num_mont=1< sizeof(BN_ULONG)) + if (n > (int)sizeof(BN_ULONG)) return(BN_MASK2); for (i=a->top-1; i>=0; i--) { @@ -628,7 +628,7 @@ BN_ULONG BN_get_word(const BIGNUM *a) int BN_set_word(BIGNUM *a, BN_ULONG w) { int i,n; - if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); + if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); n=sizeof(BN_ULONG)/BN_BYTES; a->neg=0; diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 3983ac8e5..788f552c8 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -333,7 +333,8 @@ static int cfb64_test(unsigned char *cfb_cipher); static int ede_cfb64_test(unsigned char *cfb_cipher); int main(int argc, char *argv[]) { - int i,j,err=0; + int j,err=0; + unsigned int i; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; @@ -391,7 +392,7 @@ int main(int argc, char *argv[]) DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) @@ -540,7 +541,7 @@ int main(int argc, char *argv[]) if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) @@ -556,7 +557,7 @@ int main(int argc, char *argv[]) des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 143008ed9..55efe03f4 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -87,7 +87,7 @@ static const unsigned char odd_parity[256]={ void DES_set_odd_parity(DES_cblock *key) { - int i; + unsigned int i; for (i=0; ibuf_len-ctx->buf_off; if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 3932f60e5..d37726ffa 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -168,16 +168,17 @@ static int rc2_magic_to_meth(int i) static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { long num=0; - int i=0,l; + int i=0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof iv); + OPENSSL_assert(l <= sizeof(iv)); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) + if (i != (int)l) return(-1); key_bits =rc2_magic_to_meth((int)num); if (!key_bits) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 08209357c..32744ca68 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -136,7 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; - OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < sizeof ctx->enc_data); + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); d[n++]=tmp; ln++; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index be0758a87..db621bfc8 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -187,7 +187,8 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -274,7 +275,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; - OPENSSL_assert(bl <= sizeof ctx->buf); + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (i+inl < bl) @@ -320,7 +321,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl,ret; + int n,ret; + unsigned int i, b, bl; b=ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->buf); @@ -356,7 +358,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int b, fix_len; + int fix_len; + unsigned int b; if (inl == 0) { @@ -409,8 +412,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,b; - int n; + int i,n; + unsigned int b; *outl=0; b=ctx->cipher->block_size; @@ -433,7 +436,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > b) + if (n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 52a3b287b..c97cb9cea 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -85,14 +85,15 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,l; + int i=0; + unsigned int l; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof c->iv); + OPENSSL_assert(l <= sizeof(c->iv)); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) + if (i != (int)l) return(-1); else if (i > 0) memcpy(c->iv,c->oiv,l); @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,j; + int i=0; + unsigned int j; if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof c->iv); + OPENSSL_assert(j <= sizeof(c->iv)); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index a1874e83b..39306f456 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -140,7 +140,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index b161d7664..dca051486 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -149,7 +149,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, int en_de) { unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; @@ -208,7 +209,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 4c91f919d..f7392a0da 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); - OPENSSL_assert(j <= sizeof ctx->key); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -89,7 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { - OPENSSL_assert(len <= sizeof ctx->key); + OPENSSL_assert(len <= (int)sizeof(ctx->key)); memcpy(ctx->key,key,len); ctx->key_length=len; } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 900af737e..d536b523d 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -336,7 +336,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - OPENSSL_assert(enc->iv_len <= sizeof iv); + OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index eeffc0df4..66b229c9b 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -300,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) + for (k = 0; k < (int)sizeof(md); k++) { md[k] ^= local_md[k]; } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 3714b248c..024e11b8e 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -85,7 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) { BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0,i; + int bitsp,bitsq,ok= -1,n=0; + unsigned int i; BN_CTX *ctx=NULL,*ctx2=NULL; ctx=BN_CTX_new(); diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 881252608..9c84a59d5 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -128,7 +128,7 @@ int X509_TRUST_get_count(void) X509_TRUST * X509_TRUST_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_TRUST_COUNT) return trstandard + idx; + if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } @@ -219,7 +219,7 @@ static void trtable_free(X509_TRUST *p) void X509_TRUST_cleanup(void) { - int i; + unsigned int i; for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 4d145f71f..b1a6d2632 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -140,7 +140,7 @@ int X509_PURPOSE_get_count(void) X509_PURPOSE * X509_PURPOSE_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } @@ -240,7 +240,7 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { - int i; + unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); xptable = NULL; diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index ee52a3f66..b006ed876 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -390,7 +390,7 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); + unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[256]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; @@ -482,7 +482,7 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); + unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[512]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; @@ -922,7 +922,7 @@ static int cca_get_random_bytes(unsigned char* buf, int num) unsigned char form[] = "RANDOM "; unsigned char rand_buf[8]; - while(num >= sizeof(rand_buf)) + while(num >= (int)sizeof(rand_buf)) { randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, exit_data, form, rand_buf); diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 1d24dedc9..62e83afb3 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -668,7 +668,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { - if (i > sizeof sess->master_key) + if (i > (int)sizeof(sess->master_key)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); @@ -688,7 +688,7 @@ static int client_master_key(SSL *s) else enc=i; - if (i < enc) + if ((int)i < enc) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); @@ -717,7 +717,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ - if (karg > sizeof sess->key_arg) + if (karg > (int)sizeof(sess->key_arg)) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index d3b144f1c..12e17bf66 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -101,7 +101,7 @@ int ssl2_enc_init(SSL *s, int client) if (ssl2_generate_key_material(s) <= 0) return 0; - OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 910b9fe09..a0edfb896 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -371,7 +371,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; SSL_CIPHER c,*cp= &c,**cpp; unsigned long id; - int i; + unsigned int i; if (init) { @@ -437,7 +437,8 @@ int ssl2_generate_key_material(SSL *s) EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + if (s->session->master_key_length < 0 || + s->session->master_key_length > (int)sizeof(s->session->master_key)) { SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; @@ -445,7 +446,8 @@ int ssl2_generate_key_material(SSL *s) for (i=0; is2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > + (int)sizeof(s->s2->key_material)) { /* EVP_DigestFinal_ex() below would write beyond buffer */ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); @@ -456,7 +458,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < sizeof s->session->master_key); + < (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -495,7 +497,7 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - OPENSSL_assert(error >= 0 && error <= sizeof buf); + OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index b27a1deaa..6b29f0470 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -582,7 +582,7 @@ static int ssl3_client_hello(SSL *s) *(p++)=i; if (i != 0) { - if (i > sizeof s->session->session_id) + if (i > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 559924d36..56e274fe2 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -139,7 +139,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; - int i,j,k; + unsigned int i,j,k; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /*'A' in ASCII */ @@ -147,7 +147,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) k=0; EVP_MD_CTX_init(&m5); EVP_MD_CTX_init(&s1); - for (i=0; i sizeof buf) @@ -172,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); - if ((i+MD5_DIGEST_LENGTH) > num) + if ((int)(i+MD5_DIGEST_LENGTH) > num) { EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2145385cc..6c208ccfc 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1914,7 +1914,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; SSL_CIPHER c,*cp= &c,**cpp; unsigned long id; - int i; + unsigned int i; if (init) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bd0624be3..abb03ca58 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1016,7 +1016,7 @@ static int ssl3_send_server_hello(SSL *s) s->session->session_id_length=0; sl=s->session->session_id_length; - if (sl > sizeof s->session->session_id) + if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return -1; diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 16bc11b55..f5d3c135b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -295,11 +295,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, if (os.length > i) os.length = i; - if (os.length > sizeof ret->session_id) /* can't happen */ - os.length = sizeof ret->session_id; + if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ + os.length = sizeof(ret->session_id); ret->session_id_length=os.length; - OPENSSL_assert(os.length <= sizeof ret->session_id); + OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 144b90dd1..ad56b7bf7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -794,7 +794,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); - if (r <= 0 || r >= sizeof buf) + if (r <= 0 || r >= (int)sizeof(buf)) goto err; if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) goto err; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 82c3b8d89..5aadfa51d 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1350,8 +1350,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) { if (c_write) { - j=(cw_num > (long)sizeof(cbuf)) - ?sizeof(cbuf):(int)cw_num; + j = (cw_num > (long)sizeof(cbuf)) ? + (int)sizeof(cbuf) : (int)cw_num; i=BIO_write(c_bio,cbuf,j); if (i < 0) { @@ -1481,8 +1481,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) } else { - j=(sw_num > (long)sizeof(sbuf))? - sizeof(sbuf):(int)sw_num; + j = (sw_num > (long)sizeof(sbuf)) ? + (int)sizeof(sbuf) : (int)sw_num; i=BIO_write(s_bio,sbuf,j); if (i < 0) { From 31166ec8f33f1d1af25901be4411d47ef15ff340 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 20:47:49 +0000 Subject: [PATCH 061/112] Some provisional bignum debugging has begun to detect inconsistent BIGNUM structures being passed in to or out of API functions, and this corrects a couple of cases found so far. Also, lop off a couple of bytes of white-space. --- crypto/bn/bn_lib.c | 1 - crypto/bn/bn_nist.c | 3 ++- crypto/bn/bn_recp.c | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 8207bce23..783881d3a 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -462,7 +462,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) A[0]=0; assert(A == &(b->d[b->dmax])); } - return b; } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 19bd54072..2ababfbed 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -823,6 +823,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (tmp->top == BN_NIST_521_TOP) tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + bn_fix_top(tmp); if (!BN_uadd(r, tmp, r)) return 0; top = r->top; @@ -838,6 +839,6 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, ret = 1; err: BN_CTX_end(ctx); - + return ret; } diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index ef5fdd470..22cbcfc49 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -203,6 +203,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ret=1; err: BN_CTX_end(ctx); + if(dv) bn_fix_top(dv); + if(rem) bn_fix_top(rem); return(ret); } From 8087d8f7ea077445ffce6dc7ac0cbbe4dcdcb2ee Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 20:55:03 +0000 Subject: [PATCH 062/112] Make md32_common.h friendlier to compiler warnings. Obtained from: Andy Polyakov --- crypto/md32_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 573850b12..511e5b2aa 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -484,7 +484,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) if ((((unsigned long)data)%4) == 0) { /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); sw*=HASH_CBLOCK; data+=sw; len-=sw; @@ -532,7 +532,7 @@ void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) if ((((unsigned long)data)%4) == 0) /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); else #if !defined(HASH_BLOCK_DATA_ORDER) { From 06e4024d98a8e142e354619a844c51429ed94bb6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 22:25:04 +0000 Subject: [PATCH 063/112] Oops, this file already had the "empty source file" workaround but it requires -DPEDANTIC and was hidden at the bottom of the file. This moves it to the top and removes the redundant declaration. --- crypto/ebcdic.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index 6ac5b3944..43e53bcaf 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -1,8 +1,14 @@ /* crypto/ebcdic.c */ -static void *dummy=&dummy; +#ifndef CHARSET_EBCDIC + +#include +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#else /*CHARSET_EBCDIC*/ -#ifdef CHARSET_EBCDIC #include "ebcdic.h" /* Initial Port for Apache-1.3 by * Adapted for OpenSSL-0.9.4 by @@ -212,9 +218,4 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) return dest; } -#else /*CHARSET_EBCDIC*/ -#include -#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy=&dummy; -#endif #endif From bc3c578208ce5da13f4cc3e0b04f46522accc7f8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 22:30:45 +0000 Subject: [PATCH 064/112] Copy-n-paste bug (don't mix variable declarations and code). This sets the callback structure just before it is needed. --- apps/req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/req.c b/apps/req.c index 29076266f..bbef94286 100644 --- a/apps/req.c +++ b/apps/req.c @@ -713,7 +713,6 @@ bad: if (newreq && (pkey == NULL)) { BN_GENCB cb; - BN_GENCB_set(&cb, req_cb, bio_err); char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -740,6 +739,7 @@ bad: if ((pkey=EVP_PKEY_new()) == NULL) goto end; #ifndef OPENSSL_NO_RSA + BN_GENCB_set(&cb, req_cb, bio_err); if (pkey_type == TYPE_RSA) { RSA *rsa = RSA_new(); From aca95e0b2fa50308ea55302672c51937bf0fe2cc Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 22:55:19 +0000 Subject: [PATCH 065/112] Remove a line that was causing redundant declarations. Obtained from: Stephen Henson --- crypto/asn1/asn1t.h | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index c1a4bea8f..6cfa2dd50 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -839,7 +839,6 @@ typedef struct ASN1_AUX_st { DECLARE_ASN1_ITEM(ASN1_BOOLEAN) DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) -DECLARE_ASN1_ITEM(ASN1_ANY) DECLARE_ASN1_ITEM(ASN1_SEQUENCE) DECLARE_ASN1_ITEM(CBIGNUM) DECLARE_ASN1_ITEM(BIGNUM) From d531c9014d2a66b58dbff385add487788adb3da8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 23:25:34 +0000 Subject: [PATCH 066/112] Tighten up my compiler settings. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 044b220aa..9239248b8 100755 --- a/Configure +++ b/Configure @@ -149,7 +149,7 @@ my %table=( "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box From f7939fcd9a851f8c78510d9055bf5abb8b8e71a8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 23:25:52 +0000 Subject: [PATCH 067/112] make update --- TABLE | 20 ++++++++++---------- util/libeay.num | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/TABLE b/TABLE index c74ded4f1..bad7f495c 100644 --- a/TABLE +++ b/TABLE @@ -1652,21 +1652,21 @@ $arflags = *** debug-geoff $cc = gcc -$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall +$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-elf.o asm/co86-elf.o -$des_obj = asm/dx86-elf.o asm/yx86-elf.o -$bf_obj = asm/bx86-elf.o -$md5_obj = asm/mx86-elf.o -$sha1_obj = asm/sx86-elf.o -$cast_obj = asm/cx86-elf.o -$rc4_obj = asm/rx86-elf.o -$rmd160_obj = asm/rm86-elf.o -$rc5_obj = asm/r586-elf.o +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC diff --git a/util/libeay.num b/util/libeay.num index dac56a70d..cc60c323a 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1104,7 +1104,7 @@ BN_RECP_CTX_set 1131 EXIST::FUNCTION: BN_mod_mul_reciprocal 1132 EXIST::FUNCTION: BN_mod_exp_recp 1133 EXIST::FUNCTION: BN_div_recp 1134 EXIST::FUNCTION: -BN_CTX_init 1135 EXIST::FUNCTION: +BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED BN_MONT_CTX_init 1136 EXIST::FUNCTION: RAND_get_rand_method 1137 EXIST::FUNCTION: PKCS7_add_attribute 1138 EXIST::FUNCTION: From c4db1a8b5c2d72b765614b2115f36ae5ac8d22bd Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Oct 2003 01:03:31 +0000 Subject: [PATCH 068/112] This fixes a couple of cases where an inconsistent BIGNUM could be passed as input to a function. --- crypto/bn/bn_div.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 580d1201b..b2efe5bb5 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -348,11 +348,16 @@ X) -> 0x%08X\n", l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); wnum.d--; wnum.top++; tmp->d[div_n]=l0; + /* XXX: Couldn't we replace this with; + * tmp->top = div_n; + * bn_fix_top(tmp); + */ for (j=div_n+1; j>0; j--) if (tmp->d[j-1]) break; tmp->top=j; j=wnum.top; + bn_fix_top(&wnum); if (!BN_sub(&wnum,&wnum,tmp)) goto err; snum->top=snum->top+wnum.top-j; @@ -373,6 +378,7 @@ X) -> 0x%08X\n", * BN_rshift() will overwrite it. */ int neg = num->neg; + bn_fix_top(snum); BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; From 5f747c7f4bfb7dc97179a1bbe746e083ca38d1e3 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Oct 2003 01:07:56 +0000 Subject: [PATCH 069/112] When a BN_CTX is used for temporary workspace, the variables are sometimes left in an inconsistent state when they are released for later reuse. This change resets the BIGNUMs when they are released back to the context. --- crypto/bn/bn_ctx.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 34cc75cfa..a0e7915fb 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -167,6 +167,19 @@ void BN_CTX_end(BN_CTX *ctx) ctx->too_many = 0; ctx->depth--; + /* It appears some "scrapbook" uses of BN_CTX result in BIGNUMs being + * left in an inconsistent state when they are released (eg. BN_div). + * These can trip us up when they get reused, so the safest fix is to + * make sure the BIGNUMs are made sane when the context usage is + * releasing them. */ if (ctx->depth < BN_CTX_NUM_POS) +#if 0 ctx->tos = ctx->pos[ctx->depth]; +#else + { + while(ctx->tos > ctx->pos[ctx->depth]) + /* This ensures the BIGNUM is sane(r) for reuse. */ + ctx->bn[--(ctx->tos)].top = 0; + } +#endif } From a9fd78f9da17215914dfca865e85698c2a584909 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 31 Oct 2003 01:35:16 +0000 Subject: [PATCH 070/112] bn_div() does some pretty nasty things with temporary variables, constructing BIGNUM structures with pointers offset into other bignums (among other things). This corrects some of it that is too plainly insane, and tries to ensure that bignums are normalised when passed to other functions. --- crypto/bn/bn_div.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index b2efe5bb5..0fe58dbf6 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -227,9 +227,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * This is the part that corresponds to the current * 'area' being divided */ BN_init(&wnum); + wnum.flags = BN_FLG_STATIC_DATA; /* prevent accidental "expands" */ wnum.d= &(snum->d[loop]); wnum.top= div_n; - wnum.dmax= snum->dmax+1; /* a bit of a lie */ + wnum.dmax= snum->dmax - loop; /* so we don't step out of bounds */ /* Get the top 2 words of sdiv */ /* i=sdiv->top; */ @@ -248,6 +249,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; + bn_fix_top(&wnum); if (BN_ucmp(&wnum,sdiv) >= 0) { if (!BN_usub(&wnum,&wnum,sdiv)) goto err; @@ -346,7 +348,7 @@ X) -> 0x%08X\n", #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); - wnum.d--; wnum.top++; + wnum.d--; wnum.top++; wnum.dmax++; tmp->d[div_n]=l0; /* XXX: Couldn't we replace this with; * tmp->top = div_n; From cfd06a6223ca11244cff17b9b1bdd094b8b2d6db Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 31 Oct 2003 06:58:24 +0000 Subject: [PATCH 071/112] Let exit codes propagate from within for loops. --- Makefile.org | 34 +++++++++++++++++----------------- apps/Makefile.ssl | 4 ++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Makefile.org b/Makefile.org index b7f15587e..eb731bef9 100644 --- a/Makefile.org +++ b/Makefile.org @@ -257,7 +257,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a fi clean-shared: - @for i in $(SHLIBDIRS); do \ + @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ tmp="$(SHARED_LIBS_LINK_EXTS)"; \ for j in $${tmp:-x}; do \ @@ -271,7 +271,7 @@ clean-shared: done link-shared: - @ for i in ${SHLIBDIRS}; do \ + @ set -e; for i in ${SHLIBDIRS}; do \ $(NEWMAKE) -f $(HERE)/Makefile.shared \ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ @@ -282,7 +282,7 @@ link-shared: build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): - @ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ @@ -320,7 +320,7 @@ libclean: clean: libclean rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making clean in $$i..." && \ @@ -331,7 +331,7 @@ clean: libclean rm -f openssl.pc rm -f speed.* .pure rm -f $(TARFILE) - @for i in $(ONEDIRS) ;\ + @set -e; for i in $(ONEDIRS) ;\ do \ rm -fr $$i/*; \ done @@ -342,7 +342,7 @@ makefile.one: files files: $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making 'files' in $$i..." && \ @@ -354,7 +354,7 @@ links: @$(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @for i in $(DIRS); do \ + @set -e; for i in $(DIRS); do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making links in $$i..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ @@ -367,7 +367,7 @@ gentests: dclean: rm -f *.bak - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dclean in $$i..." && \ @@ -405,7 +405,7 @@ report: @$(PERL) util/selftest.pl depend: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dependencies $$i..." && \ @@ -414,7 +414,7 @@ depend: done; lint: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making lint $$i..." && \ @@ -423,7 +423,7 @@ lint: done; tags: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making tags $$i..." && \ @@ -500,19 +500,19 @@ install: all install_docs $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ $(INSTALL_PREFIX)$(OPENSSLDIR)/lib - @for i in $(EXHEADER) ;\ + @set -e; for i in $(EXHEADER) ;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i; echo "installing $$i..."; \ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \ fi; \ done - @for i in $(LIBS) ;\ + @set -e; for i in $(LIBS) ;\ do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ @@ -522,7 +522,7 @@ install: all install_docs mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done; - @if [ -n "$(SHARED_LIBS)" ]; then \ + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ tmp="$(SHARED_LIBS)"; \ for i in $${tmp:-x}; \ do \ @@ -568,7 +568,7 @@ install_docs: if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \ filecase=-i; \ fi; \ - for i in doc/apps/*.pod; do \ + set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ @@ -585,7 +585,7 @@ install_docs: $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ - for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index a8a8eb0bd..dab34dc6c 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -105,14 +105,14 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO install: - @for i in $(EXE); \ + @set -e; for i in $(EXE); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; - @for i in $(SCRIPTS); \ + @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ From 933398f1102ba99d64f901987c5e8fe340a2c331 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 31 Oct 2003 10:48:48 +0000 Subject: [PATCH 072/112] Engines are usually binary, and should therefore be in INSTALLTOP rather than OPENSSLDIR. --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index eb731bef9..ab3a96ada 100644 --- a/Makefile.org +++ b/Makefile.org @@ -495,7 +495,7 @@ install: all install_docs $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/engines \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ From c465e7941ec785f2ce53638b351a21d6a49fe1a0 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 4 Nov 2003 00:29:09 +0000 Subject: [PATCH 073/112] This is the least unacceptable way I've found for declaring the bignum data and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives. --- crypto/bn/bn.h | 21 +++++++++++++++++++++ crypto/bn/bn_lib.c | 8 ++++++++ crypto/bn/bn_nist.c | 31 ++++++++++++++++--------------- 3 files changed, 45 insertions(+), 15 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 686b3b307..44ba17524 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -252,6 +252,27 @@ typedef struct bignum_st int flags; } BIGNUM; +/* Declaring static BIGNUMs as constant is tricky in C; the 'd' data can't be + * pre-declared const without having to cast away the const when declaring the + * BIGNUM. We use this alternative type for declaring const BIGNUMs. See + * bn_nist.c for examples. */ +typedef struct bignum_c_st + { + const BN_ULONG *d; + int top; + int dmax; + int neg; + int flags; + } BIGNUM_C; +#ifdef BN_DEBUG +/* Use a function to do this so that we can type-check the pointer we're + * casting */ +const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn); +#else +/* Use a macro instead */ +#define BIGNUM_CONST(bn) ((const BIGNUM *)bn) +#endif + /* Used for temp variables (declaration hidden in bn_lcl.h) */ typedef struct bignum_ctx BN_CTX; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 783881d3a..f63232b9f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -874,3 +874,11 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } + +/* See the comments surrounding BIGNUM_C in bn.h */ +#ifdef BN_DEBUG +const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn) + { + return (const BIGNUM *)bn; + } +#endif diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 2ababfbed..ed148d845 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -127,39 +127,40 @@ const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0x01}; #endif +static const BIGNUM_C bn_nist_p_192 = + { _nist_p_192, BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_224 = + { _nist_p_224, BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_256 = + { _nist_p_256, BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_384 = + { _nist_p_384, BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_521 = + { _nist_p_521, BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; + const BIGNUM *BN_get0_nist_prime_192(void) { - static BIGNUM const_nist_192={(BN_ULONG *)_nist_p_192,BN_NIST_192_TOP, - BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_192; + return BIGNUM_CONST(&bn_nist_p_192); } const BIGNUM *BN_get0_nist_prime_224(void) { - static BIGNUM const_nist_224={(BN_ULONG *)_nist_p_224,BN_NIST_224_TOP, - BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_224; + return BIGNUM_CONST(&bn_nist_p_224); } const BIGNUM *BN_get0_nist_prime_256(void) { - static BIGNUM const_nist_256={(BN_ULONG *)_nist_p_256,BN_NIST_256_TOP, - BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_256; + return BIGNUM_CONST(&bn_nist_p_256); } const BIGNUM *BN_get0_nist_prime_384(void) { - static BIGNUM const_nist_384={(BN_ULONG *)_nist_p_384,BN_NIST_384_TOP, - BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_384; + return BIGNUM_CONST(&bn_nist_p_384); } const BIGNUM *BN_get0_nist_prime_521(void) { - static BIGNUM const_nist_521={(BN_ULONG *)_nist_p_521,BN_NIST_521_TOP, - BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_521; + return BIGNUM_CONST(&bn_nist_p_521); } /* some misc internal functions */ From d8ec0dcf457f4dec39f137657b702fcbeaf5cc04 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 4 Nov 2003 00:51:32 +0000 Subject: [PATCH 074/112] Avoid some shadowed variable names. Submitted by: Nils Larsch --- apps/s_client.c | 6 +++--- crypto/bio/b_dump.c | 10 +++++----- crypto/bio/b_print.c | 6 +++--- engines/vendor_defns/sureware.h | 2 +- ssl/s3_enc.c | 10 +++++----- ssl/ssl_ciph.c | 8 ++++---- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 0f7dd8861..294aad8b5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -944,7 +944,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; - const COMP_METHOD *comp, *exp; + const COMP_METHOD *comp, *expansion; if (full) { @@ -1048,11 +1048,11 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_free(pktmp); } comp=SSL_get_current_compression(s); - exp=SSL_get_current_expansion(s); + expansion=SSL_get_current_expansion(s); BIO_printf(bio,"Compression: %s\n", comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio,"Expansion: %s\n", - exp ? SSL_COMP_get_name(exp) : "NONE"); + expansion ? SSL_COMP_get_name(expansion) : "NONE"); SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 8397cfab6..0f6176836 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -77,15 +77,15 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) { int ret=0; char buf[288+1],tmp[20],str[128+1]; - int i,j,rows,trunc; + int i,j,rows,trc; unsigned char ch; int dump_width; - trunc=0; + trc=0; #ifdef TRUNCATE for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) - trunc++; + trc++; #endif if (indent < 0) @@ -142,9 +142,9 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #ifdef TRUNCATE - if (trunc > 0) + if (trc > 0) { - sprintf(buf,"%s%04x - \n",str,len+trunc); + sprintf(buf,"%s%04x - \n",str,len+trc); ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #endif diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index f80335e26..de74ec6df 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -576,12 +576,12 @@ abs_val(LDOUBLE value) } static LDOUBLE -pow10(int exp) +pow10(int in_exp) { LDOUBLE result = 1; - while (exp) { + while (in_exp) { result *= 10; - exp--; + in_exp--; } return result; } diff --git a/engines/vendor_defns/sureware.h b/engines/vendor_defns/sureware.h index 1d3789219..4bc22027f 100644 --- a/engines/vendor_defns/sureware.h +++ b/engines/vendor_defns/sureware.h @@ -232,7 +232,7 @@ extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign; * mlen,elen and dlen are all multiple of sizeof(unsigned long) */ typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod, - int elen,const unsigned long *exp, + int elen,const unsigned long *exponent, int dlen,unsigned long *data, unsigned long *res); extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 56e274fe2..5d133eef1 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which) COMP_METHOD *comp; const EVP_MD *m; EVP_MD_CTX md; - int exp,n,i,j,k,cl; + int is_exp,n,i,j,k,cl; int reuse_dd = 0; - exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); + is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; if (s->s3->tmp.new_compression == NULL) @@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which) p=s->s3->tmp.key_block; i=EVP_MD_size(m); cl=EVP_CIPHER_key_length(c); - j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? + j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ + /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) @@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_MD_CTX_init(&md); memcpy(mac_secret,ms,i); - if (exp) + if (is_exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4f0f70079..545999ac6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -952,7 +952,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) { int is_export,pkl,kl; - char *ver,*exp; + char *ver,*exp_str; char *kx,*au,*enc,*mac; unsigned long alg,alg2,alg_s; #ifdef KSSL_DEBUG @@ -968,7 +968,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) is_export=SSL_C_IS_EXPORT(cipher); pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); kl=SSL_C_EXPORT_KEYLENGTH(cipher); - exp=is_export?" export":""; + exp_str=is_export?" export":""; if (alg & SSL_SSLV2) ver="SSLv2"; @@ -1094,9 +1094,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); #else - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); #endif /* KSSL_DEBUG */ return(buf); } From d870740cd75dd4f0cb66fb8c32653a7d47369706 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 4 Nov 2003 22:54:49 +0000 Subject: [PATCH 075/112] Put the first stage of my bignum debugging adventures into CVS. This code is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible. --- CHANGES | 16 +++++++++ crypto/bn/bn.h | 78 +++++++++++++++++++++++++++++++++++++++++++- crypto/bn/bn_add.c | 5 ++- crypto/bn/bn_blind.c | 1 + crypto/bn/bn_ctx.c | 5 ++- crypto/bn/bn_div.c | 8 +++-- crypto/bn/bn_exp.c | 6 ++++ crypto/bn/bn_exp2.c | 1 + crypto/bn/bn_gcd.c | 3 ++ crypto/bn/bn_gf2m.c | 25 +++++++++++--- crypto/bn/bn_lcl.h | 8 ----- crypto/bn/bn_lib.c | 21 +++++++++--- crypto/bn/bn_mod.c | 5 +++ crypto/bn/bn_mont.c | 4 ++- crypto/bn/bn_mpi.c | 1 + crypto/bn/bn_mul.c | 3 +- crypto/bn/bn_nist.c | 25 ++++++++------ crypto/bn/bn_prime.c | 5 +++ crypto/bn/bn_print.c | 6 ++-- crypto/bn/bn_rand.c | 2 ++ crypto/bn/bn_recp.c | 2 ++ crypto/bn/bn_shift.c | 10 ++++-- crypto/bn/bn_sqr.c | 1 + crypto/bn/bn_sqrt.c | 3 ++ crypto/bn/bn_word.c | 4 +++ 25 files changed, 209 insertions(+), 39 deletions(-) diff --git a/CHANGES b/CHANGES index d15740876..e3b0623c0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,22 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) An audit of the BIGNUM code is underway, for which debugging code is + enabled when BN_DEBUG is defined. This makes stricter enforcements on what + is considered valid when processing BIGNUMs, and causes execution to + assert() when a problem is discovered. If BN_DEBUG_RAND is defined, + further steps are taken to deliberately pollute unused data in BIGNUM + structures to try and expose faulty code further on. For now, openssl will + (in its default mode of operation) continue to tolerate the inconsistent + forms that it has tolerated in the past, but authors and packagers should + consider trying openssl and their own applications when compiled with + these debugging symbols defined. It will help highlight potential bugs in + their own code, and will improve the test coverage for OpenSSL itself. At + some point, these tighter rules will become openssl's default to improve + maintainability, though the assert()s and other overheads will remain only + in debugging configurations. See bn.h for more details. + [Geoff Thorpe] + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly initialises it). The presence of this function only made it possible diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 44ba17524..d51c94f92 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -611,7 +611,34 @@ const BIGNUM *BN_get0_nist_prime_521(void); BIGNUM *bn_expand2(BIGNUM *a, int words); BIGNUM *bn_dup_expand(const BIGNUM *a, int words); -#define bn_fix_top(a) \ +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ +#define bn_correct_top(a) \ { \ BN_ULONG *ftl; \ if ((a)->top > 0) \ @@ -621,6 +648,55 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); } \ } +/* #define BN_DEBUG_RAND */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include + +#ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +#ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf,int num); +#define BN_DEBUG_TRIX +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_tbignum = (a); \ + assert((_tbignum->top == 0) || \ + (_tbignum->d[_tbignum->top - 1] != 0)); \ + if(_tbignum->top < _tbignum->dmax) { \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_tbignum->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes((unsigned char *)(_not_const + _tbignum->top), \ + (_tbignum->dmax - _tbignum->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#ifdef BN_DEBUG_TRIX +#undef RAND_pseudo_bytes +#endif +#else /* !BN_DEBUG_RAND */ +#define bn_check_top(a) \ + do { \ + const BIGNUM *_tbignum = (a); \ + assert((_tbignum->top == 0) || \ + (_tbignum->d[_tbignum->top - 1] != 0)); \ + } while(0) +#endif + +#define bn_fix_top(a) bn_check_top(a) + +#else /* !BN_DEBUG */ + +#define bn_check_top(a) do { ; } while(0) +#define bn_fix_top(a) bn_correct_top(a) + +#endif + BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index 6cba07e9f..a13b8a11c 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -100,6 +100,7 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) r->neg=1; else r->neg=0; + bn_check_top(r); return(1); } @@ -161,6 +162,7 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) } /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ r->neg = 0; + bn_check_top(r); return(1); } @@ -253,7 +255,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) r->top=max; r->neg=0; - bn_fix_top(r); + bn_correct_top(r); return(1); } @@ -304,6 +306,7 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (!BN_usub(r,a,b)) return(0); r->neg=0; } + bn_check_top(r); return(1); } diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 2d287e6d1..011d37f1f 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -139,6 +139,7 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_update(b,ctx)) return(0); } + bn_check_top(n); return(ret); } diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index a0e7915fb..7b5be7c43 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -121,8 +121,10 @@ void BN_CTX_free(BN_CTX *ctx) if (ctx == NULL) return; assert(ctx->depth == 0); - for (i=0; i < BN_CTX_NUM; i++) + for (i=0; i < BN_CTX_NUM; i++) { + bn_check_top(&(ctx->bn[i])); BN_clear_free(&(ctx->bn[i])); + } if (ctx->flags & BN_FLG_MALLOCED) OPENSSL_free(ctx); } @@ -152,6 +154,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) } return NULL; } + bn_check_top(&(ctx->bn[ctx->tos])); return (&(ctx->bn[ctx->tos++])); } diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 0fe58dbf6..ff218957b 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -249,7 +249,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; - bn_fix_top(&wnum); + bn_correct_top(&wnum); if (BN_ucmp(&wnum,sdiv) >= 0) { if (!BN_usub(&wnum,&wnum,sdiv)) goto err; @@ -359,7 +359,7 @@ X) -> 0x%08X\n", tmp->top=j; j=wnum.top; - bn_fix_top(&wnum); + bn_correct_top(&wnum); if (!BN_sub(&wnum,&wnum,tmp)) goto err; snum->top=snum->top+wnum.top-j; @@ -380,14 +380,16 @@ X) -> 0x%08X\n", * BN_rshift() will overwrite it. */ int neg = num->neg; - bn_fix_top(snum); + bn_correct_top(snum); BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; + bn_check_top(rm); } BN_CTX_end(ctx); return(1); err: + bn_check_top(rm); BN_CTX_end(ctx); return(0); } diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index afdfd580f..462d4dbc4 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -147,6 +147,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) err: if (r != rr) BN_copy(r,rr); BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -221,6 +222,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, { ret=BN_mod_exp_simple(r,a,p,m,ctx); } #endif + bn_check_top(r); return(ret); } @@ -347,6 +349,7 @@ err: for (i=0; itop = at->top; - bn_fix_top(r); + bn_correct_top(r); return 1; } @@ -392,7 +392,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) } - bn_fix_top(r); + bn_correct_top(r); return 1; } @@ -414,6 +414,7 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) goto err; } ret = BN_GF2m_mod_arr(r, a, arr); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -457,8 +458,9 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } } - bn_fix_top(s); + bn_correct_top(s); BN_GF2m_mod_arr(r, s, p); + bn_check_top(r); ret = 1; err: @@ -485,6 +487,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p goto err; } ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -508,8 +511,9 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C } s->top = 2 * a->top; - bn_fix_top(s); + bn_correct_top(s); if (!BN_GF2m_mod_arr(r, s, p)) goto err; + bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -533,6 +537,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -594,6 +599,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_copy(r, b)) goto err; + bn_check_top(r); ret = 1; err: @@ -617,6 +623,7 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_ if (!BN_GF2m_arr2poly(p, field)) goto err; ret = BN_GF2m_mod_inv(r, xx, field, ctx); + bn_check_top(r); err: BN_CTX_end(ctx); @@ -639,6 +646,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; + bn_check_top(r); ret = 1; err: @@ -711,6 +719,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p } while (1); if (!BN_copy(r, u)) goto err; + bn_check_top(r); ret = 1; err: @@ -736,6 +745,7 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const uns if (!BN_GF2m_arr2poly(p, field)) goto err; ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); + bn_check_top(r); err: BN_CTX_end(ctx); @@ -773,6 +783,7 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } } if (!BN_copy(r, u)) goto err; + bn_check_top(r); ret = 1; @@ -799,6 +810,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p goto err; } ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -819,6 +831,7 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ if (!BN_zero(u)) goto err; if (!BN_set_bit(u, p[0] - 1)) goto err; ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); + bn_check_top(r); err: BN_CTX_end(ctx); @@ -843,6 +856,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -917,6 +931,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p if (BN_GF2m_cmp(w, a)) goto err; if (!BN_copy(r, z)) goto err; + bn_check_top(r); ret = 1; @@ -942,6 +957,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * goto err; } ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -990,6 +1006,7 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) BN_set_bit(a, p[i]); } BN_set_bit(a, 0); + bn_check_top(a); return 1; } diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 0c448724d..4603b4f9f 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -250,14 +250,6 @@ extern "C" { } -/* This is used for internal error checking and is not normally used */ -#ifdef BN_DEBUG -# include -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); -#else -# define bn_check_top(a) -#endif - /* This macro is to add extra stuff for development checking */ #ifdef BN_DEBUG #define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index f63232b9f..85b72e0ee 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -286,6 +286,7 @@ void BN_free(BIGNUM *a) void BN_init(BIGNUM *a) { memset(a,0,sizeof(BIGNUM)); + bn_check_top(a); } BIGNUM *BN_new(void) @@ -302,6 +303,7 @@ BIGNUM *BN_new(void) ret->neg=0; ret->dmax=0; ret->d=NULL; + bn_check_top(ret); return(ret); } @@ -420,6 +422,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) r = BN_dup(b); } + bn_check_top(r); return r; } @@ -462,6 +465,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) A[0]=0; assert(A == &(b->d[b->dmax])); } + else if(b) bn_check_top(b); return b; } @@ -479,6 +483,7 @@ BIGNUM *BN_dup(const BIGNUM *a) /* now r == t || r == NULL */ if (r == NULL) BN_free(t); + bn_check_top(r); return r; } @@ -518,6 +523,7 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if ((a->top == 0) && (a->d != NULL)) a->d[0]=0; a->neg=b->neg; + bn_check_top(a); return(a); } @@ -561,8 +567,9 @@ BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) a->top = min; a->neg = b->neg; - bn_fix_top(a); + bn_correct_top(a); + bn_check_top(a); return(a); } @@ -592,6 +599,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + bn_check_top(a); + bn_check_top(b); } @@ -601,6 +610,7 @@ void BN_clear(BIGNUM *a) memset(a->d,0,a->dmax*sizeof(a->d[0])); a->top=0; a->neg=0; + bn_check_top(a); } BN_ULONG BN_get_word(const BIGNUM *a) @@ -648,6 +658,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->d[i]=(BN_ULONG)w&BN_MASK2; if (a->d[i] != 0) a->top=i+1; } + bn_check_top(a); return(1); } @@ -684,7 +695,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* need to call this due to clear byte at top if avoiding * having the top bit set (-ve number) */ - bn_fix_top(ret); + bn_correct_top(ret); return(ret); } @@ -700,6 +711,7 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to) l=a->d[i/BN_BYTES]; *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; } + bn_check_top(a); return(n); } @@ -781,6 +793,7 @@ int BN_set_bit(BIGNUM *a, int n) } a->d[i]|=(((BN_ULONG)1)<top <= i) return(0); a->d[i]&=(~(((BN_ULONG)1)<top=w+1; a->d[w]&= ~(BN_MASK2<= 0) return BN_sub(r, r, m); return 1; @@ -240,6 +243,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ct } ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + bn_check_top(r); if (abs_m) BN_free(abs_m); @@ -291,6 +295,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) if (!BN_sub(r, r, m)) return 0; } } + bn_check_top(r); return 1; } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c9ebdbaab..22d23cc3d 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -90,6 +90,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; + bn_check_top(r); ret=1; err: BN_CTX_end(ctx); @@ -172,7 +173,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; } } - bn_fix_top(r); + bn_correct_top(r); /* mont->ri will be a multiple of the word size */ #if 0 @@ -229,6 +230,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, if (!BN_usub(ret,ret,&(mont->N))) goto err; } retn=1; + bn_check_top(ret); err: BN_CTX_end(ctx); return(retn); diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 05fa9d1e9..a054d21ae 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -124,6 +124,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) { BN_clear_bit(a,BN_num_bits(a)-1); } + bn_check_top(a); return(a); } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 6b633b90b..5a92f9a33 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -1090,11 +1090,12 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_fix_top(rr); + bn_correct_top(rr); if (r != rr) BN_copy(r,rr); ret=1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index ed148d845..2e03d0709 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -358,14 +358,15 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; } @@ -450,13 +451,14 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -608,13 +610,14 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -776,13 +779,14 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -824,7 +828,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (tmp->top == BN_NIST_521_TOP) tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; - bn_fix_top(tmp); + bn_correct_top(tmp); if (!BN_uadd(r, tmp, r)) return 0; top = r->top; @@ -835,11 +839,12 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_NIST_ADD_ONE(r_d) r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; } - bn_fix_top(r); + bn_correct_top(r); ret = 1; err: BN_CTX_end(ctx); + bn_check_top(r); return ret; } diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index fd863933e..4430e90df 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -226,6 +226,7 @@ loop: err: BN_free(&t); if (ctx != NULL) BN_CTX_free(ctx); + bn_check_top(ret); return found; } @@ -363,6 +364,7 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, } /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', * and it is neither -1 nor +1 -- so 'a' cannot be prime */ + bn_check_top(w); return 1; } @@ -394,6 +396,7 @@ again: } } if (!BN_add_word(rnd,delta)) return(0); + bn_check_top(rnd); return(1); } @@ -431,6 +434,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, ret=1; err: BN_CTX_end(ctx); + bn_check_top(rnd); return(ret); } @@ -482,5 +486,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, ret=1; err: BN_CTX_end(ctx); + bn_check_top(p); return(ret); } diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 5f46b1826..5b5eb8fc9 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -210,10 +210,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a) j-=(BN_BYTES*2); } ret->top=h; - bn_fix_top(ret); + bn_correct_top(ret); ret->neg=neg; *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); @@ -269,8 +270,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) } ret->neg=neg; - bn_fix_top(ret); + bn_correct_top(ret); *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 480817a4b..de5a1f0c6 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -204,6 +204,7 @@ err: OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } + bn_check_top(rnd); return(ret); } @@ -290,6 +291,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) while (BN_cmp(r, range) >= 0); } + bn_check_top(r); return 1; } diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 22cbcfc49..ea39677bc 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -123,6 +123,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ret = BN_div_recp(NULL,r,ca,recp,ctx); err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -228,5 +229,6 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) ret=len; err: BN_free(&t); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 70f785ea1..513e686f8 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -89,6 +89,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) *rp=1; r->top++; } + bn_check_top(r); return(1); } @@ -117,7 +118,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) rp[i]=((t>>1)&BN_MASK2)|c; c=(t&1)?BN_TBIT:0; } - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -149,7 +151,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) /* for (i=0; itop=a->top+nw+1; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -200,6 +203,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) *(t++) =(l>>rb)&BN_MASK2; } *t=0; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index c1d0cca43..ab678d1f3 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -145,6 +145,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) ret = 1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 463d4a813..51902703e 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -86,6 +86,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -104,6 +105,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -384,5 +386,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = NULL; } BN_CTX_end(ctx); + bn_check_top(ret); return ret; } diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 988e0ca7b..560a49969 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -102,6 +102,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) } if ((a->top > 0) && (a->d[a->top-1] == 0)) a->top--; + bn_check_top(a); return(ret); } @@ -136,6 +137,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) } if (i >= a->top) a->top++; + bn_check_top(a); return(1); } @@ -175,6 +177,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) } if ((a->d[i] == 0) && (i == (a->top-1))) a->top--; + bn_check_top(a); return(1); } @@ -197,6 +200,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) } } } + bn_check_top(a); return(1); } From c5f1c7b4d89956066ed0c6e6d1fc9d8a1496dc9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 5 Nov 2003 17:27:13 +0000 Subject: [PATCH 076/112] Cygwin debugging --- Configure | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 9239248b8..009c06c61 100755 --- a/Configure +++ b/Configure @@ -142,7 +142,7 @@ my %table=( "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -517,6 +517,7 @@ my %table=( # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32::::win32:cygwin-shared:::.dll", # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", From 2b96c95197dc1e85e5afa3da09ad280a6166f778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 5 Nov 2003 17:28:25 +0000 Subject: [PATCH 077/112] cleanup as discussed with Geoff --- crypto/bn/bn.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d51c94f92..5c648ea01 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -692,7 +692,7 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #else /* !BN_DEBUG */ -#define bn_check_top(a) do { ; } while(0) +#define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) #endif From 078dd1a0f94394632614123af3155866749ff79c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 5 Nov 2003 17:28:59 +0000 Subject: [PATCH 078/112] typo in comment --- crypto/bn/bn_nist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 2e03d0709..79f7c2ef2 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_nist.p */ +/* crypto/bn/bn_nist.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * From 0ef85c7f4512570a02c4ff5d95a275ecf225702a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 5 Nov 2003 19:30:29 +0000 Subject: [PATCH 079/112] This is a revert of my previous commit to "improve" the declaration of constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.) --- crypto/bn/bn.h | 21 --------------------- crypto/bn/bn_lib.c | 8 -------- crypto/bn/bn_nist.c | 31 +++++++++++++++---------------- 3 files changed, 15 insertions(+), 45 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 5c648ea01..a46fe842c 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -252,27 +252,6 @@ typedef struct bignum_st int flags; } BIGNUM; -/* Declaring static BIGNUMs as constant is tricky in C; the 'd' data can't be - * pre-declared const without having to cast away the const when declaring the - * BIGNUM. We use this alternative type for declaring const BIGNUMs. See - * bn_nist.c for examples. */ -typedef struct bignum_c_st - { - const BN_ULONG *d; - int top; - int dmax; - int neg; - int flags; - } BIGNUM_C; -#ifdef BN_DEBUG -/* Use a function to do this so that we can type-check the pointer we're - * casting */ -const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn); -#else -/* Use a macro instead */ -#define BIGNUM_CONST(bn) ((const BIGNUM *)bn) -#endif - /* Used for temp variables (declaration hidden in bn_lcl.h) */ typedef struct bignum_ctx BN_CTX; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 85b72e0ee..1f45b09d0 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -887,11 +887,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } - -/* See the comments surrounding BIGNUM_C in bn.h */ -#ifdef BN_DEBUG -const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn) - { - return (const BIGNUM *)bn; - } -#endif diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 79f7c2ef2..6aa196f6f 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -127,40 +127,39 @@ const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0x01}; #endif -static const BIGNUM_C bn_nist_p_192 = - { _nist_p_192, BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_224 = - { _nist_p_224, BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_256 = - { _nist_p_256, BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_384 = - { _nist_p_384, BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_521 = - { _nist_p_521, BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; - const BIGNUM *BN_get0_nist_prime_192(void) { - return BIGNUM_CONST(&bn_nist_p_192); + static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, + BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_192; } const BIGNUM *BN_get0_nist_prime_224(void) { - return BIGNUM_CONST(&bn_nist_p_224); + static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, + BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_224; } const BIGNUM *BN_get0_nist_prime_256(void) { - return BIGNUM_CONST(&bn_nist_p_256); + static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, + BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_256; } const BIGNUM *BN_get0_nist_prime_384(void) { - return BIGNUM_CONST(&bn_nist_p_384); + static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, + BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_384; } const BIGNUM *BN_get0_nist_prime_521(void) { - return BIGNUM_CONST(&bn_nist_p_521); + static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_521; } /* some misc internal functions */ From 5c0c22803e7bf96f96507d875f782eb283b718e7 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 6 Nov 2003 23:11:07 +0000 Subject: [PATCH 080/112] Put more debug screening in BN_div() and correct a comment. --- crypto/bn/bn_div.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index ff218957b..0fef7ced2 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -185,6 +185,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG d0,d1; int num_n,div_n; + bn_check_top(dv); + bn_check_top(rm); bn_check_top(num); bn_check_top(divisor); @@ -233,7 +235,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.dmax= snum->dmax - loop; /* so we don't step out of bounds */ /* Get the top 2 words of sdiv */ - /* i=sdiv->top; */ + /* div_n=sdiv->top; */ d0=sdiv->d[div_n-1]; d1=(div_n == 1)?0:sdiv->d[div_n-2]; From 18f62d4b82cc3101f3e1ae026c5e077193cfca5b Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 6 Nov 2003 23:13:04 +0000 Subject: [PATCH 081/112] Add debug-screening of input parameters to some functions I'd missed before. --- crypto/bn/bn_shift.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 513e686f8..69c03570b 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -65,6 +65,9 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) register BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (r != a) { r->neg=a->neg; @@ -98,6 +101,9 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (BN_is_zero(a)) { BN_zero(r); @@ -129,6 +135,9 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l; + bn_check_top(r); + bn_check_top(a); + r->neg=a->neg; nw=n/BN_BITS2; if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); @@ -162,6 +171,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l,tmp; + bn_check_top(r); + bn_check_top(a); + nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; From f75abcefed900d2b729223d87229da09924efd2a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 6 Nov 2003 23:24:44 +0000 Subject: [PATCH 082/112] This extends the debugging macros to use "pollution" during bn_correct_top(), previously only bn_check_top() did this. --- crypto/bn/bn.h | 47 +++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index a46fe842c..326aeca9f 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -617,15 +617,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); * defined. This not only improves external code, it provides more test * coverage for openssl's own code. */ -#define bn_correct_top(a) \ - { \ - BN_ULONG *ftl; \ - if ((a)->top > 0) \ - { \ - for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ - if (*(ftl--)) break; \ - } \ - } /* #define BN_DEBUG_RAND */ @@ -640,42 +631,54 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); int RAND_pseudo_bytes(unsigned char *buf,int num); #define BN_DEBUG_TRIX #endif -#define bn_check_top(a) \ +#define bn_pollute(a) \ do { \ - const BIGNUM *_tbignum = (a); \ - assert((_tbignum->top == 0) || \ - (_tbignum->d[_tbignum->top - 1] != 0)); \ - if(_tbignum->top < _tbignum->dmax) { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ /* We cast away const without the compiler knowing, any \ * *genuinely* constant variables that aren't mutable \ * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ - memcpy(&_not_const, &_tbignum->d, sizeof(BN_ULONG*)); \ - RAND_pseudo_bytes((unsigned char *)(_not_const + _tbignum->top), \ - (_tbignum->dmax - _tbignum->top) * sizeof(BN_ULONG)); \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes((unsigned char *)(_not_const + _bnum1->top), \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ } \ } while(0) #ifdef BN_DEBUG_TRIX #undef RAND_pseudo_bytes #endif -#else /* !BN_DEBUG_RAND */ +#else +#define bn_pollute(a) +#endif #define bn_check_top(a) \ do { \ - const BIGNUM *_tbignum = (a); \ - assert((_tbignum->top == 0) || \ - (_tbignum->d[_tbignum->top - 1] != 0)); \ + const BIGNUM *_bnum2 = (a); \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ } while(0) -#endif #define bn_fix_top(a) bn_check_top(a) #else /* !BN_DEBUG */ +#define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) #endif +#define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + if ((a)->top > 0) \ + { \ + for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ + if (*(ftl--)) break; \ + } \ + bn_pollute(a); \ + } + BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); From e6e81c589487cadab8882e4a81609d9c95bba62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 7 Nov 2003 00:07:28 +0000 Subject: [PATCH 083/112] oops... the description of ->top was inaccurate (the example is correct though) --- doc/crypto/bn_internal.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 9805a7c9f..46abb0547 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -72,7 +72,7 @@ applications. typedef struct bignum_st { - int top; /* index of last used d (most significant word) */ + int top; /* index of last used d (most significant word) + 1 */ BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ int max; /* size of the d array */ int neg; /* sign */ @@ -84,7 +84,7 @@ in size (B), depending on the 'number of bits' specified in C. B is the size of the B array that has been allocated. B -is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and +is the 'last' entry being used plus one, so for a value of 4, bn.d[0]=4 and bn.top=1. B is 1 if the number is negative. When a B is B<0>, the B field can be B and B == B<0>. @@ -202,7 +202,7 @@ call bn_expand2(), which allocates a new B array and copies the data. They return B on error, B otherwise. The bn_fix_top() macro reduces Btop> to point to the most -significant non-zero word when B has shrunk. +significant non-zero word plus one when B has shrunk. =head2 Debugging From d18b993c435d3f095cf485f48859065ce6052e35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 7 Nov 2003 01:33:00 +0000 Subject: [PATCH 084/112] Geoff suggested a more succinct description for "top". --- doc/crypto/bn_internal.pod | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 46abb0547..891914678 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -72,19 +72,19 @@ applications. typedef struct bignum_st { - int top; /* index of last used d (most significant word) + 1 */ - BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ + int top; /* number of words used in d */ + BN_ULONG *d; /* pointer to an array containing the integer value */ int max; /* size of the d array */ int neg; /* sign */ } BIGNUM; -The big number is stored in B, a malloc()ed array of Bs, -least significant first. A B can be either 16, 32 or 64 bits -in size (B), depending on the 'number of bits' specified in +The integer value is stored in B, a malloc()ed array of words (B), +least significant word first. A B can be either 16, 32 or 64 bits +in size, depending on the 'number of bits' (B) specified in C. B is the size of the B array that has been allocated. B -is the 'last' entry being used plus one, so for a value of 4, bn.d[0]=4 and +is the number of words being used, so for a value of 4, bn.d[0]=4 and bn.top=1. B is 1 if the number is negative. When a B is B<0>, the B field can be B and B == B<0>. From cd2e8a6f2da1d5a8e842f71511c68d1088629912 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 10 Nov 2003 01:37:23 +0000 Subject: [PATCH 085/112] Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). --- CHANGES | 4 ++++ crypto/asn1/a_strex.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e3b0623c0..f3c304af7 100644 --- a/CHANGES +++ b/CHANGES @@ -616,6 +616,10 @@ [Richard Levitte] Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + + *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). + [Peter Sylvester ] + *) Use the correct content when signing type "other". [Steve Henson] diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 8abfdfe59..bde666a6f 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = { -1, -1, 0, -1, /* 10-13 */ -1, -1, -1, -1, /* 15-17 */ -1, 1, 1, /* 18-20 */ - -1, 1, -1,-1, /* 21-24 */ + -1, 1, 1, 1, /* 21-24 */ -1, 1, -1, /* 25-27 */ 4, -1, 2 /* 28-30 */ }; From f7a397cc8d0cf336907a7e05f7a9a94c3cd12877 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 10 Nov 2003 18:05:22 +0000 Subject: [PATCH 086/112] Avoid possible memory leaks in error-handling. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/asn1/d2i_pu.c | 8 ++++---- crypto/asn1/x_pubkey.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 4c2bd4e5c..d0fd73209 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -103,8 +103,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa), - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), + (const unsigned char **)pp,length)) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); goto err; @@ -113,8 +113,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if ((ret->pkey.eckey = o2i_ECPublicKey(&(ret->pkey.eckey), - (const unsigned char **)pp, length)) == NULL) + if (!o2i_ECPublicKey(&(ret->pkey.eckey), + (const unsigned char **)pp, length)) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index c32a6eaa4..01698dd21 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -323,7 +323,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) p=key->public_key->data; j=key->public_key->length; - if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL) + if (!d2i_PublicKey(type, &ret, &p, (long)j)) { X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); goto err; From 37af03d3117cc1db061594019f351fcec5b08a8a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 10 Nov 2003 18:09:18 +0000 Subject: [PATCH 087/112] General improvements to the ec_asn1.c code. This squashes at least one bug (where it was impossible to create an EC certificate with a compressed public key), and has some style improvements based on some comments from Steve Henson about use of the ASN1 macros. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/ec/ec_asn1.c | 429 +++++++++++++++++--------------------------- 1 file changed, 165 insertions(+), 264 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index f31ac45d9..6e3a02ab8 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -128,23 +128,41 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, /* some structures needed for the asn1 encoding */ -typedef struct x9_62_fieldid_st { - ASN1_OBJECT *fieldType; - ASN1_TYPE *parameters; - } X9_62_FIELDID; - -typedef struct x9_62_characteristic_two_st { - long m; - ASN1_OBJECT *basis; - ASN1_TYPE *parameters; - } X9_62_CHARACTERISTIC_TWO; - typedef struct x9_62_pentanomial_st { long k1; long k2; long k3; } X9_62_PENTANOMIAL; +typedef struct x9_62_characteristic_two_st { + long m; + ASN1_OBJECT *type; + union { + char *ptr; + /* NID_X9_62_onBasis */ + ASN1_NULL *onBasis; + /* NID_X9_62_tpBasis */ + ASN1_INTEGER *tpBasis; + /* NID_X9_62_ppBasis */ + X9_62_PENTANOMIAL *ppBasis; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_CHARACTERISTIC_TWO; + +typedef struct x9_62_fieldid_st { + ASN1_OBJECT *fieldType; + union { + char *ptr; + /* NID_X9_62_prime_field */ + ASN1_INTEGER *prime; + /* NID_X9_62_characteristic_two_field */ + X9_62_CHARACTERISTIC_TWO *char_two; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_FIELDID; + typedef struct x9_62_curve_st { ASN1_OCTET_STRING *a; ASN1_OCTET_STRING *b; @@ -177,36 +195,44 @@ typedef struct ec_privatekey_st { ASN1_BIT_STRING *publicKey; } EC_PRIVATEKEY; -/* the OpenSSL asn1 definitions */ - -ASN1_SEQUENCE(X9_62_FIELDID) = { - ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), - ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY) -} ASN1_SEQUENCE_END(X9_62_FIELDID) - -DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID) - -ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, basis, ASN1_OBJECT), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, parameters, ASN1_ANY) -} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) - -DECLARE_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO, X9_62_CHARACTERISTIC_TWO) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO) - +/* the OpenSSL ASN.1 definitions */ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) -DECLARE_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_PENTANOMIAL, X9_62_PENTANOMIAL) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL) +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) + +ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { + ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), + ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) +} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); + +ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) +} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) + +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) + +ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_FIELDID) = { + ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) +} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); + +ASN1_SEQUENCE(X9_62_FIELDID) = { + ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_FIELDID) +} ASN1_SEQUENCE_END(X9_62_FIELDID) ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), @@ -214,10 +240,6 @@ ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(X9_62_CURVE) -DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE) - ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_SIMPLE(ECPARAMETERS, version, LONG), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), @@ -227,9 +249,8 @@ ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) -DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPARAMETERS, ECPARAMETERS) -IMPLEMENT_ASN1_FUNCTIONS_const(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) ASN1_CHOICE(ECPKPARAMETERS) = { ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), @@ -254,12 +275,10 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) /* some declarations of internal function */ -/* ec_asn1_group2field() creates a X9_62_FIELDID object from a - * EC_GROUP object */ -static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *, X9_62_FIELDID *); -/* ec_asn1_group2curve() creates a X9_62_CURVE object from a - * EC_GROUP object */ -static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ +static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ +static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); /* ec_asn1_parameters2group() creates a EC_GROUP object from a * ECPARAMETERS object */ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); @@ -277,50 +296,28 @@ static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, /* the function definitions */ -static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, - X9_62_FIELDID *field) +static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) { int ok=0, nid; - X9_62_FIELDID *ret = NULL; - X9_62_CHARACTERISTIC_TWO *char_two = NULL; - X9_62_PENTANOMIAL *penta = NULL; BIGNUM *tmp = NULL; - unsigned char *buffer = NULL; - unsigned char *pp; - size_t buf_len = 0; - if (field == NULL) - { - if ((ret = X9_62_FIELDID_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - else - { - ret = field; - /* clear the old values */ - if (ret->fieldType != NULL) - ASN1_OBJECT_free(ret->fieldType); - if (ret->parameters != NULL) - ASN1_TYPE_free(ret->parameters); - } + if (group == NULL || field == NULL) + return 0; + + /* clear the old values (if necessary) */ + if (field->fieldType != NULL) + ASN1_OBJECT_free(field->fieldType); + if (field->p.other != NULL) + ASN1_TYPE_free(field->p.other); nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* set OID for the field */ - if ((ret->fieldType = OBJ_nid2obj(nid)) == NULL) + if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); goto err; } - if ((ret->parameters = ASN1_TYPE_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - goto err; - } - if (nid == NID_X9_62_prime_field) { if ((tmp = BN_new()) == NULL) @@ -329,15 +326,14 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, goto err; } /* the parameters are specified by the prime number p */ - ret->parameters->type = V_ASN1_INTEGER; if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); goto err; } /* set the prime number */ - ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL); - if (ret->parameters->value.integer == NULL) + field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); + if (field->p.prime == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); goto err; @@ -346,8 +342,11 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, else /* nid == NID_X9_62_characteristic_two_field */ { int field_type; + X9_62_CHARACTERISTIC_TWO *char_two; + + field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); + char_two = field->p.char_two; - char_two = X9_62_CHARACTERISTIC_TWO_new(); if (char_two == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); @@ -364,7 +363,7 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, goto err; } /* set base type OID */ - if ((char_two->basis = OBJ_nid2obj(field_type)) == NULL) + if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); goto err; @@ -377,16 +376,13 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, if (!EC_GROUP_get_trinomial_basis(group, &k)) goto err; - char_two->parameters->type = V_ASN1_INTEGER; - char_two->parameters->value.integer = - ASN1_INTEGER_new(); - if (char_two->parameters->value.integer == NULL) + char_two->p.tpBasis = ASN1_INTEGER_new(); + if (!char_two->p.tpBasis) { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, - ERR_R_ASN1_LIB); + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } - if (!ASN1_INTEGER_set(char_two->parameters->value.integer, (long)k)) + if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); @@ -400,110 +396,55 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) goto err; - penta = X9_62_PENTANOMIAL_new(); - /* set k? values */ - penta->k1 = (long)k1; - penta->k2 = (long)k2; - penta->k3 = (long)k3; - /* get the length of the encoded structure */ - buf_len = i2d_X9_62_PENTANOMIAL(penta, NULL); - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); + if (!char_two->p.ppBasis) { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } - pp = buffer; - i2d_X9_62_PENTANOMIAL(penta, &pp); - /* set the encoded pentanomial */ - char_two->parameters->type=V_ASN1_SEQUENCE; - char_two->parameters->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(char_two->parameters->value.sequence, - buffer, buf_len); - OPENSSL_free(buffer); - buffer = NULL; + /* set k? values */ + char_two->p.ppBasis->k1 = (long)k1; + char_two->p.ppBasis->k2 = (long)k2; + char_two->p.ppBasis->k3 = (long)k3; } else /* field_type == NID_X9_62_onBasis */ { /* for ONB the parameters are (asn1) NULL */ - char_two->parameters->type = V_ASN1_NULL; + char_two->p.onBasis = ASN1_NULL_new(); + if (!char_two->p.onBasis) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } } - /* encoded the X9_62_CHARACTERISTIC_TWO structure */ - buf_len = i2d_X9_62_CHARACTERISTIC_TWO(char_two, NULL); - - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - goto err; - } - pp = buffer; - i2d_X9_62_CHARACTERISTIC_TWO(char_two, &pp); - /* set the encoded parameters */ - ret->parameters->type = V_ASN1_SEQUENCE; - ret->parameters->value.sequence = ASN1_STRING_new(); - ASN1_STRING_set(ret->parameters->value.sequence, - buffer, buf_len); } ok = 1; -err : if (!ok) - { - if (ret && !field) - X9_62_FIELDID_free(ret); - ret = NULL; - } - if (tmp) +err : if (tmp) BN_free(tmp); - if (char_two) - X9_62_CHARACTERISTIC_TWO_free(char_two); - if (penta) - X9_62_PENTANOMIAL_free(penta); - if (buffer) - OPENSSL_free(buffer); - return(ret); + return(ok); } -static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, - X9_62_CURVE *curve) +static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) { int ok=0, nid; - X9_62_CURVE *ret=NULL; - BIGNUM *tmp_1=NULL, - *tmp_2=NULL; - unsigned char *buffer_1=NULL, - *buffer_2=NULL, - *a_buf=NULL, - *b_buf=NULL; + BIGNUM *tmp_1=NULL, *tmp_2=NULL; + unsigned char *buffer_1=NULL, *buffer_2=NULL, + *a_buf=NULL, *b_buf=NULL; size_t len_1, len_2; unsigned char char_zero = 0; + if (!group || !curve || !curve->a || !curve->b) + return 0; + if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); goto err; } - if (curve == NULL) - { - if ((ret = X9_62_CURVE_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - } - else - { - ret = curve; - if (ret->a) - ASN1_OCTET_STRING_free(ret->a); - if (ret->b) - ASN1_OCTET_STRING_free(ret->b); - if (ret->seed) - ASN1_BIT_STRING_free(ret->seed); - } - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* get a and b */ @@ -572,14 +513,8 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, } /* set a and b */ - if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || - (ret->b = M_ASN1_OCTET_STRING_new()) == NULL ) - { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!M_ASN1_OCTET_STRING_set(ret->a, a_buf, len_1) || - !M_ASN1_OCTET_STRING_set(ret->b, b_buf, len_2)) + if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || + !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); goto err; @@ -588,8 +523,13 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, /* set the seed (optional) */ if (group->seed) { - if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err; - if (!ASN1_BIT_STRING_set(ret->seed, group->seed, + if (!curve->seed) + if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_BIT_STRING_set(curve->seed, group->seed, (int)group->seed_len)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); @@ -597,17 +537,17 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, } } else - ret->seed = NULL; + { + if (curve->seed) + { + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; + } + } ok = 1; -err : if (!ok) - { - if (ret && !curve) - X9_62_CURVE_free(ret); - ret = NULL; - } - if (buffer_1) +err: if (buffer_1) OPENSSL_free(buffer_1); if (buffer_2) OPENSSL_free(buffer_2); @@ -615,7 +555,7 @@ err : if (!ok) BN_free(tmp_1); if (tmp_2) BN_free(tmp_2); - return(ret); + return(ok); } static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, @@ -651,16 +591,14 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, ret->version = (long)0x1; /* set the fieldID */ - ret->fieldID = ec_asn1_group2field(group, ret->fieldID); - if (ret->fieldID == NULL) + if (!ec_asn1_group2fieldid(group, ret->fieldID)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); goto err; } /* set the curve */ - ret->curve = ec_asn1_group2curve(group, ret->curve); - if (ret->curve == NULL) + if (!ec_asn1_group2curve(group, ret->curve)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); goto err; @@ -803,12 +741,9 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) EC_GROUP *ret = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point=NULL; - X9_62_CHARACTERISTIC_TWO *char_two = NULL; - X9_62_PENTANOMIAL *penta = NULL; - unsigned char *pp; if (!params->fieldID || !params->fieldID->fieldType || - !params->fieldID->parameters) + !params->fieldID->p.ptr) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; @@ -840,72 +775,46 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) if (tmp == NID_X9_62_characteristic_two_field) { - ASN1_TYPE *parameters = params->fieldID->parameters; + X9_62_CHARACTERISTIC_TWO *char_two; - if (parameters->type != V_ASN1_SEQUENCE) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); - goto err; - } + char_two = params->fieldID->p.char_two; if ((p = BN_new()) == NULL) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); goto err; } - /* extract the X9_62_CHARACTERISTIC_TWO object */ - pp = M_ASN1_STRING_data(parameters->value.sequence); - char_two = d2i_X9_62_CHARACTERISTIC_TWO(NULL, - (const unsigned char **) &pp, - M_ASN1_STRING_length(parameters->value.sequence)); - if (char_two == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); - goto err; - } /* get the base type */ - tmp = OBJ_obj2nid(char_two->basis); + tmp = OBJ_obj2nid(char_two->type); if (tmp == NID_X9_62_tpBasis) { long tmp_long; - if (char_two->parameters->type != V_ASN1_INTEGER || - char_two->parameters->value.integer == NULL) + if (!char_two->p.tpBasis) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_ASN1_ERROR); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } - tmp_long = ASN1_INTEGER_get(char_two->parameters->value.integer); + tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); /* create the polynomial */ - if (!BN_set_bit(p, (int)char_two->m)) goto err; - if (!BN_set_bit(p, (int)tmp_long)) goto err; - if (!BN_set_bit(p, 0)) goto err; + if (!BN_set_bit(p, (int)char_two->m)) + goto err; + if (!BN_set_bit(p, (int)tmp_long)) + goto err; + if (!BN_set_bit(p, 0)) + goto err; } else if (tmp == NID_X9_62_ppBasis) { - if (char_two->parameters->type != V_ASN1_SEQUENCE || - char_two->parameters->value.sequence == NULL) + X9_62_PENTANOMIAL *penta; + + penta = char_two->p.ppBasis; + if (!penta) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_ASN1_ERROR); - goto err; - } - /* extract the pentanomial data */ - pp = M_ASN1_STRING_data( - char_two->parameters->value.sequence); - penta = d2i_X9_62_PENTANOMIAL(NULL, - (const unsigned char **) &pp, - M_ASN1_STRING_length( - char_two->parameters->value.sequence)); - if (penta == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - ERR_R_ASN1_LIB); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } /* create the polynomial */ @@ -917,8 +826,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) } else if (tmp == NID_X9_62_onBasis) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_NOT_IMPLEMENTED); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); goto err; } else /* error */ @@ -939,13 +847,12 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) { /* we have a curve over a prime field */ /* extract the prime number */ - if (params->fieldID->parameters->type != V_ASN1_INTEGER || - !params->fieldID->parameters->value.integer) + if (!params->fieldID->p.prime) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } - p = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL); + p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); if (p == NULL) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); @@ -1042,10 +949,6 @@ err: if (!ok) BN_free(b); if (point) EC_POINT_free(point); - if (char_two) - X9_62_CHARACTERISTIC_TWO_free(char_two); - if (penta) - X9_62_PENTANOMIAL_free(penta); return(ret); } @@ -1217,6 +1120,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->publicKey) { + const unsigned char *pub_oct; + size_t pub_oct_len; + if (ret->pub_key) EC_POINT_clear_free(ret->pub_key); ret->pub_key = EC_POINT_new(ret->group); @@ -1225,9 +1131,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; } + pub_oct = M_ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); if (!EC_POINT_oct2point(ret->group, ret->pub_key, - M_ASN1_STRING_data(priv_key->publicKey), - M_ASN1_STRING_length(priv_key->publicKey), NULL)) + pub_oct, pub_oct_len, NULL)) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; @@ -1368,7 +1277,6 @@ int i2d_ECParameters(EC_KEY *a, unsigned char **out) EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) { - EC_GROUP *group; EC_KEY *ret; if (in == NULL || *in == NULL) @@ -1377,14 +1285,6 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) return NULL; } - group = d2i_ECPKParameters(NULL, in, len); - - if (group == NULL) - { - ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); - return NULL; - } - if (a == NULL || *a == NULL) { if ((ret = EC_KEY_new()) == NULL) @@ -1398,11 +1298,12 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) else ret = *a; - if (ret->group) - EC_GROUP_clear_free(ret->group); + if (!d2i_ECPKParameters(&ret->group, in, len)) + { + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + return NULL; + } - ret->group = group; - return ret; } From 9dde17e8b43980d193dd7c117edeca9c602c41ab Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 13 Nov 2003 15:03:14 +0000 Subject: [PATCH 088/112] This rewrites two "for" loops in BN_rshift() - equality with zero is generally a more efficient comparison than comparing two integers, and the first of these two loops was off-by-one (copying one too many values). This change also removes a superfluous assignment that would set an unused word to zero (and potentially allow an overrun in some cases). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/bn/bn_shift.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 69c03570b..de9312dce 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -200,13 +200,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if (rb == 0) { - for (i=j+1; i > 0; i--) + for (i=j; i != 0; i--) *(t++)= *(f++); } else { l= *(f++); - for (i=1; i>rb)&BN_MASK2; l= *(f++); @@ -214,7 +214,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) } *(t++) =(l>>rb)&BN_MASK2; } - *t=0; bn_correct_top(r); bn_check_top(r); return(1); From d2cd46127c746191b5fdcec6b04719feac4735c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Nov 2003 14:06:40 +0000 Subject: [PATCH 089/112] Less restrictive debugging build. --- Configure | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configure b/Configure index 009c06c61..a08810fe3 100755 --- a/Configure +++ b/Configure @@ -145,10 +145,10 @@ my %table=( "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", From 1a0173304755bd44662a201734f80eca3afe8a9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 15 Nov 2003 08:37:50 +0000 Subject: [PATCH 090/112] BN_set_bit() etc should use "unsigned int". Keep it as is to avoid an API change, but check for negativ values. Submitted by: Nils Larsch --- crypto/bn/bn_lib.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 1f45b09d0..43c336f52 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -782,6 +782,9 @@ int BN_set_bit(BIGNUM *a, int n) { int i,j,k; + if (n < 0) + return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) @@ -801,6 +804,9 @@ int BN_clear_bit(BIGNUM *a, int n) { int i,j; + if (n < 0) + return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) return(0); @@ -825,6 +831,9 @@ int BN_mask_bits(BIGNUM *a, int n) { int b,w; + if (n < 0) + return 0; + w=n/BN_BITS2; b=n%BN_BITS2; if (w >= a->top) return(0); From ac9c6e10a42ae993f5d23db35743d699e4b801a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sun, 16 Nov 2003 12:24:45 +0000 Subject: [PATCH 091/112] The x9.62 tests replace the PRNG with specific numbers, so don't run them if BN_DEBUG_RAND is defined. Also, fix another small bug. Submitted by: Nils Larsch --- crypto/ecdsa/ecdsatest.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 7beae6f73..65f487047 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -328,6 +328,8 @@ int test_builtin(BIO *out) /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { + unsigned char dirt, offset; + nid = curves[n].nid; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) @@ -406,9 +408,10 @@ int test_builtin(BIO *out) } BIO_printf(out, "."); BIO_flush(out); - /* modify signature */ - signature[((int)signature[0])%sig_len] ^= - signature[((int)signature[1])%sig_len]; + /* modify a single byte of the signature */ + offset = signature[10] % sig_len; + dirt = signature[11]; + signature[offset] ^= dirt ? dirt : 1; if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); @@ -468,7 +471,9 @@ int main(void) RAND_seed(rnd_seed, sizeof(rnd_seed)); /* the tests */ +#ifndef BN_DEBUG_RAND if (!x9_62_tests(out)) goto err; +#endif if (!test_builtin(out)) goto err; ret = 1; From fda5e385518b017411fce9bd5c6c76ad311c391d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 16 Nov 2003 14:38:34 +0000 Subject: [PATCH 092/112] Provide ASFLAGS in the subdirectories handling assembler code. Submitted by: Tim Rice PR: #735, #765 --- crypto/bf/Makefile.ssl | 1 + crypto/des/Makefile.ssl | 1 + crypto/rc4/Makefile.ssl | 1 + crypto/ripemd/Makefile.ssl | 1 + crypto/sha/Makefile.ssl | 1 + 5 files changed, 5 insertions(+) diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl index bb14a0ee8..b6124cf10 100644 --- a/crypto/bf/Makefile.ssl +++ b/crypto/bf/Makefile.ssl @@ -22,6 +22,7 @@ BF_ENC= bf_enc.o #DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bftest.c diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 73ffab9c8..ba450e018 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o #DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=destest.c diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl index b210b42f8..59c87f166 100644 --- a/crypto/rc4/Makefile.ssl +++ b/crypto/rc4/Makefile.ssl @@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o #RC4_ENC=asm/rx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rc4test.c diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl index 3583dfdca..19f0c1c80 100644 --- a/crypto/ripemd/Makefile.ssl +++ b/crypto/ripemd/Makefile.ssl @@ -20,6 +20,7 @@ AR= ar r RIP_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rmdtest.c diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl index 864645c8b..9cfef67e3 100644 --- a/crypto/sha/Makefile.ssl +++ b/crypto/sha/Makefile.ssl @@ -20,6 +20,7 @@ AR= ar r SHA1_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=shatest.c sha1test.c From f35232e6f3dee19e8d54a9247d2af39144cb0da1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 16 Nov 2003 16:30:39 +0000 Subject: [PATCH 093/112] Catch error condition to prevent NULL pointer dereference. Submitted by: Goetz Babin-Ebell PR: #766 --- apps/apps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index b1916bbc0..62fa21d5d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -475,7 +475,7 @@ static int ui_read(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password[0] != '\0') + if (password && password[0] != '\0') { UI_set_result(ui, uis, password); return 1; @@ -499,7 +499,7 @@ static int ui_write(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password[0] != '\0') + if (password && password[0] != '\0') return 1; } default: From 31182ad39b569b2b34c396d5dbba282031c1517d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sun, 16 Nov 2003 19:33:31 +0000 Subject: [PATCH 094/112] re-enable the test, keeping the original method for RAND_pseudo_bytes which is used by BN_DEBUG_RAND Submitted by: Nils Larsch --- crypto/ecdsa/ecdsatest.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 65f487047..59f664f50 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -124,7 +124,7 @@ int change_rand(void) fake_rand.status = old_rand->status; /* use own random function */ fake_rand.bytes = fbytes; - fake_rand.pseudorand = fbytes; + fake_rand.pseudorand = old_rand->bytes; /* set new RAND_METHOD */ if (!RAND_set_rand_method(&fake_rand)) return 0; @@ -471,9 +471,7 @@ int main(void) RAND_seed(rnd_seed, sizeof(rnd_seed)); /* the tests */ -#ifndef BN_DEBUG_RAND if (!x9_62_tests(out)) goto err; -#endif if (!test_builtin(out)) goto err; ret = 1; From 95de3d204f7b28c88172c58fa4905583b05da4bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 18 Nov 2003 18:27:12 +0000 Subject: [PATCH 095/112] Make sure to initialize AES counters to obtain proper results. Submitted by: Kirill Kochetkov PR: #748 --- apps/speed.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/speed.c b/apps/speed.c index 5576f23fe..d9dd1b65d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1230,6 +1230,9 @@ int MAIN(int argc, char **argv) c[D_CBC_RC5][0]=count; c[D_CBC_BF][0]=count; c[D_CBC_CAST][0]=count; + c[D_CBC_128_AES][0]=count; + c[D_CBC_192_AES][0]=count; + c[D_CBC_256_AES][0]=count; for (i=1; i Date: Thu, 20 Nov 2003 18:33:20 +0000 Subject: [PATCH 096/112] ./config failed to correctly detect if gcc uses 64-bit ABI on HP-UX. PR: 772 --- config | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/config b/config index 79ce83aac..1722b8e76 100755 --- a/config +++ b/config @@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "$HPUXVER" in 1[0-9].*) # HPUX 10 and 11 targets are unified - echo "${MACHINE}-hp-hpux10"; exit 0 + echo "${MACHINE}-hp-hpux1x"; exit 0 ;; *) echo "${MACHINE}-hp-hpux"; exit 0 @@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then GCC_BITS="32" if [ $GCCVER -ge 30 ]; then # PA64 support only came in with gcc 3.0.x. - # We look for the preprocessor symbol __LP64__ indicating - # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64. - if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then + # We check if the preprocessor symbol __LP64__ is defined... + if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then + : # __LP64__ has slipped through, it therefore is not defined + else GCC_BITS="64" fi fi From ad5f0ed509932281a1e2c32a70fbf8354b02da33 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 20 Nov 2003 19:10:36 +0000 Subject: [PATCH 097/112] hpux64-parisc2-gcc target added. Once it is verified, ./config should be modified to choose it instead of hpux64-parisc-gcc, which should then be removed. hpux64-parisc-cc is removed already now as redundant [in case you wonder, 64-bit HP-UX ABI *implies* PA-RISC2.0]. --- Configure | 4 +- TABLE | 110 +++++++++++++++++++++++++++++++++--------------------- 2 files changed, 69 insertions(+), 45 deletions(-) diff --git a/Configure b/Configure index a08810fe3..ad8d83e58 100755 --- a/Configure +++ b/Configure @@ -241,7 +241,7 @@ my %table=( # suitable for execution on the host you're currently compiling at. # If the toolkit is ment to be used on various PA-RISC processors # consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's ment to be +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be # compatible with *future* releases. # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to # pass -D_REENTRANT on HP-UX 10 and later. @@ -256,10 +256,10 @@ my %table=( # Since there is mention of this in shlib/hpux10-cc.sh "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # 64bit PARISC for GCC without optimization, which seems to make problems. # Submitted by "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HP/UX IA-64 targets "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/TABLE b/TABLE index bad7f495c..333db5c34 100644 --- a/TABLE +++ b/TABLE @@ -1,4 +1,3 @@ -Output of `Configure TABLE': *** BC-16 $cc = bcc @@ -1500,6 +1499,31 @@ $shared_extension = $ranlib = $arflags = +*** debug-Cygwin +$cc = gcc +$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror +$unistd = +$thread_cflag = +$sys_id = CYGWIN32 +$lflags = +$bn_ops = +$bn_obj = +$des_obj = win32 +$bf_obj = cygwin-shared +$md5_obj = +$sha1_obj = +$cast_obj = .dll +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + *** debug-ben $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe @@ -1677,7 +1701,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1726,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1751,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1752,7 +1776,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2052,21 +2076,21 @@ $arflags = *** debug-ulf $cc = gcc -$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe +$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations $unistd = -$thread_cflag = -D_REENTRANT -$sys_id = +$thread_cflag = +$sys_id = CYGWIN32 $lflags = -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-elf.o asm/co86-elf.o -$des_obj = asm/dx86-elf.o asm/yx86-elf.o -$bf_obj = asm/bx86-elf.o -$md5_obj = asm/mx86-elf.o -$sha1_obj = asm/sx86-elf.o -$cast_obj = asm/cx86-elf.o -$rc4_obj = asm/rx86-elf.o -$rmd160_obj = asm/rm86-elf.o -$rc5_obj = asm/r586-elf.o +$bn_ops = +$bn_obj = +$des_obj = win32 +$bf_obj = cygwin-shared +$md5_obj = +$sha1_obj = +$cast_obj = .dll +$rc4_obj = +$rmd160_obj = +$rc5_obj = $dso_scheme = $shared_target= $shared_cflag = @@ -2600,31 +2624,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** hpux64-parisc-cc -$cc = cc -$cflags = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= hpux64-shared -$shared_cflag = +Z -$shared_ldflag = -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - *** hpux64-parisc-gcc $cc = gcc $cflags = -DB_ENDIAN -DMD32_XARRAY @@ -2675,6 +2674,31 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** hpux64-parisc2-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$bn_obj = asm/pa-risc2W.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= hpux64-shared +$shared_cflag = -fpic +$shared_ldflag = +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** hurd-x86 $cc = gcc $cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall From a8287a90ead0b3d266f2555885790edc7cbd7cbd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Nov 2003 22:45:06 +0000 Subject: [PATCH 098/112] Give CRLDP its standard name. Max req -x509 use V1 if extensions section absent. --- apps/req.c | 2 +- crypto/x509v3/v3_crld.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index bbef94286..79217c908 100644 --- a/apps/req.c +++ b/apps/req.c @@ -907,7 +907,7 @@ loop: if ((x509ss=X509_new()) == NULL) goto end; /* Set version to V3 */ - if(!X509_set_version(x509ss, 2)) goto end; + if(extensions && !X509_set_version(x509ss, 2)) goto end; if (serial) { if (!X509_set_serialNumber(x509ss, serial)) goto end; diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 894a8b94d..f90829c57 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) From ec2179cf81687380eaef3c745e2dbbc15bbbe2cb Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 21 Nov 2003 21:42:35 +0000 Subject: [PATCH 099/112] Fix a small bug in str_copy: if more than one variable is replaced, make sure the current length is used to calculate the new buffer length instead of using the old length (prior to any variable substitution). Submitted by: Nils Larsch --- crypto/conf/conf_def.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 57d2739ae..52a87aa76 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -629,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); while (*p) buf->data[to++]= *(p++); from=e; From 9e989810bade356f3edd599d5b62d159795f2d53 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 22 Nov 2003 20:23:41 +0000 Subject: [PATCH 100/112] BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words and bn_add_words to avoid using fake bignums to window other bignums that can lead to corruption. This change allows all bignum tests to pass with BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be tested on a few different architectures and configuration targets, as the bignum code this deals with is quite preprocessor (and assembly) sensitive. Submitted by: Nils Narsch Reviewed by: Geoff Thorpe, Ulf Moeller --- crypto/bn/bn_div.c | 81 +++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 36 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 0fef7ced2..2f464b31d 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -179,14 +179,16 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift,i,j,loop; + int norm_shift,i,loop; BIGNUM *tmp,wnum,*snum,*sdiv,*res; BN_ULONG *resp,*wnump; BN_ULONG d0,d1; int num_n,div_n; - bn_check_top(dv); - bn_check_top(rm); + if (dv) + bn_check_top(dv); + if (rm) + bn_check_top(rm); bn_check_top(num); bn_check_top(divisor); @@ -224,15 +226,16 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, div_n=sdiv->top; num_n=snum->top; loop=num_n-div_n; - /* Lets setup a 'window' into snum * This is the part that corresponds to the current * 'area' being divided */ - BN_init(&wnum); - wnum.flags = BN_FLG_STATIC_DATA; /* prevent accidental "expands" */ - wnum.d= &(snum->d[loop]); - wnum.top= div_n; - wnum.dmax= snum->dmax - loop; /* so we don't step out of bounds */ + wnum.neg = 0; + wnum.d = &(snum->d[loop]); + wnum.top = div_n; +#ifdef BN_DEBUG_RAND + /* only needed when BN_ucmp messes up the values between top and max */ + wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ +#endif /* Get the top 2 words of sdiv */ /* div_n=sdiv->top; */ @@ -251,22 +254,32 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; - bn_correct_top(&wnum); if (BN_ucmp(&wnum,sdiv) >= 0) { - if (!BN_usub(&wnum,&wnum,sdiv)) goto err; +#ifdef BN_DEBUG_RAND + /* If BN_DEBUG_RAND is defined BN_ucmp changes (via + * bn_pollute) the const bignum arguments => + * clean the values between top and max again */ + bn_clear_top2max(&wnum); +#endif + bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); *resp=1; - res->d[res->top-1]=1; } else res->top--; + /* if res->top == 0 then clear the neg value otherwise decrease + * the resp pointer */ if (res->top == 0) res->neg = 0; - resp--; + else + resp--; - for (i=0; i 0x%08X\n", #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); - wnum.d--; wnum.top++; wnum.dmax++; tmp->d[div_n]=l0; - /* XXX: Couldn't we replace this with; - * tmp->top = div_n; - * bn_fix_top(tmp); - */ - for (j=div_n+1; j>0; j--) - if (tmp->d[j-1]) break; - tmp->top=j; - - j=wnum.top; - bn_correct_top(&wnum); - if (!BN_sub(&wnum,&wnum,tmp)) goto err; - - snum->top=snum->top+wnum.top-j; - - if (wnum.neg) + wnum.d--; + /* ingore top values of the bignums just sub the two + * BN_ULONG arrays with bn_sub_words */ + if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) { + /* Note: As we have considered only the leading + * two BN_ULONGs in the calculation of q, sdiv * q + * might be greater than wnum (but then (q-1) * sdiv + * is less or equal than wnum) + */ q--; - j=wnum.top; - if (!BN_add(&wnum,&wnum,sdiv)) goto err; - snum->top+=wnum.top-j; + if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) + /* we can't have an overflow here (assuming + * that q != 0, but if q == 0 then tmp is + * zero anyway) */ + (*wnump)++; } - *(resp--)=q; - wnump--; + /* store part of the result */ + *resp = q; } if (rm != NULL) { @@ -391,7 +399,8 @@ X) -> 0x%08X\n", BN_CTX_end(ctx); return(1); err: - bn_check_top(rm); + if (rm) + bn_check_top(rm); BN_CTX_end(ctx); return(0); } From d7559f16cdded5c655f9228c1daf9f244f484a89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 24 Nov 2003 16:48:52 +0000 Subject: [PATCH 101/112] Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell --- crypto/engine/eng_cryptodev.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index e93b7fd1a..f8a4a292b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1055,14 +1055,17 @@ ENGINE_load_cryptodev(void) if (engine == NULL) return; - if ((fd = get_dev_crypto()) < 0) + if ((fd = get_dev_crypto()) < 0) { + ENGINE_free(engine); return; + } /* * find out what asymmetric crypto algorithms we support */ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { close(fd); + ENGINE_free(engine); return; } close(fd); From e1064adfd3b4d014c7de36e4390eaa5b129f4bfc Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Nov 2003 03:41:20 +0000 Subject: [PATCH 102/112] Some changes for bn_gf2m.c: better error checking plus some minor optimizations. Submitted by: Nils Larsch --- crypto/bn/bn_gf2m.c | 78 ++++++++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 30 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 0bb4f9b25..1cdad7473 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -323,8 +323,12 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) int n, dN, d0, d1; BN_ULONG zz, *z; - /* Since the algorithm does reduction in the r value, if a != r, copy the - * contents of a into r so we can do reduction in r. + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + + /* Since the algorithm does reduction in the r value, if a != r, copy + * the contents of a into r so we can do reduction in r. */ if (a != r) { @@ -345,7 +349,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (z[j] == 0) { j--; continue; } z[j] = 0; - for (k = 1; p[k] > 0; k++) + for (k = 1; p[k] != 0; k++) { /* reducing component t^p[k] */ n = p[0] - p[k]; @@ -375,7 +379,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ z[0] ^= zz; /* reduction t^0 component */ - for (k = 1; p[k] > 0; k++) + for (k = 1; p[k] != 0; k++) { BN_ULONG tmp_ulong; @@ -408,7 +412,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH); goto err; @@ -459,9 +464,9 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } bn_correct_top(s); - BN_GF2m_mod_arr(r, s, p); + if (BN_GF2m_mod_arr(r, s, p)) + ret = 1; bn_check_top(r); - ret = 1; err: BN_CTX_end(ctx); @@ -481,7 +486,8 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH); goto err; @@ -531,7 +537,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH); goto err; @@ -567,10 +574,6 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_GF2m_mod(u, a, p)) goto err; if (!BN_copy(v, p)) goto err; - u->neg = 0; /* Need to set u->neg = 0 because BN_is_one(u) checks - * the neg flag of the bignum. - */ - if (BN_is_zero(u)) goto err; while (1) @@ -585,7 +588,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_rshift1(b, b)) goto err; } - if (BN_is_one(u)) break; + if (BN_abs_is_word(u, 1)) break; if (BN_num_bits(u) < BN_num_bits(v)) { @@ -679,10 +682,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_copy(b, p)) goto err; if (!BN_zero(v)) goto err; - a->neg = 0; /* Need to set a->neg = 0 because BN_is_one(a) checks - * the neg flag of the bignum. - */ - while (!BN_is_odd(a)) { if (!BN_rshift1(a, a)) goto err; @@ -703,7 +702,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_rshift1(v, v)) goto err; } while (!BN_is_odd(b)); } - else if (BN_is_one(a)) + else if (BN_abs_is_word(a, 1)) break; else { @@ -763,9 +762,10 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig BIGNUM *u; if (BN_is_zero(b)) - { return(BN_one(r)); - } + + if (BN_abs_is_word(b, 1)) + return (BN_copy(r, a) != NULL); BN_CTX_start(ctx); @@ -804,7 +804,8 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); goto err; @@ -824,6 +825,10 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ { int ret = 0; BIGNUM *u; + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; @@ -850,7 +855,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); goto err; @@ -870,7 +876,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p int ret = 0, count = 0; unsigned int j; BIGNUM *a, *z, *rho, *w, *w2, *tmp; - + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + BN_CTX_start(ctx); a = BN_CTX_get(ctx); z = BN_CTX_get(ctx); @@ -951,7 +961,8 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH); goto err; @@ -963,21 +974,28 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * return ret; } -/* Convert the bit-string representation of a polynomial a into an array +/* Convert the bit-string representation of a polynomial + * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array * of integers corresponding to the bits with non-zero coefficient. * Up to max elements of the array will be filled. Return value is total * number of coefficients that would be extracted if array was large enough. */ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) { - int i, j, k; + int i, j, k = 0; BN_ULONG mask; - for (k = 0; k < max; k++) p[k] = 0; - k = 0; + if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) + /* a_0 == 0 => return error (the unsigned int array + * must be terminated by 0) + */ + return 0; for (i = a->top - 1; i >= 0; i--) { + if (!a->d[i]) + /* skip word if a->d[i] == 0 */ + continue; mask = BN_TBIT; for (j = BN_BITS2 - 1; j >= 0; j--) { @@ -1001,7 +1019,7 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) int i; BN_zero(a); - for (i = 0; p[i] > 0; i++) + for (i = 0; p[i] != 0; i++) { BN_set_bit(a, p[i]); } From 6defae04f3c44087d9129994fa88b4f9271b153f Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Nov 2003 20:39:19 +0000 Subject: [PATCH 103/112] Fix some handling in bn_word. This also resolves the issues observed in ticket 697 (though uses a different solution than the proposed one). This problem was initially raised by Otto Moerbeek. PR: 697 Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/bn/bn_word.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 560a49969..a24115015 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -85,12 +85,17 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) { - BN_ULONG ret; + BN_ULONG ret = 0; int i; - if (a->top == 0) return(0); - ret=0; - w&=BN_MASK2; + w &= BN_MASK2; + + if (!w) + /* actually this an error (division by zero) */ + return 0; + if (a->top == 0) + return 0; + for (i=a->top-1; i>=0; i--) { BN_ULONG l,d; @@ -111,6 +116,11 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) BN_ULONG l; int i; + w &= BN_MASK2; + + if (!w) + return 1; + if (a->neg) { a->neg=0; @@ -119,7 +129,6 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - w&=BN_MASK2; if (bn_wexpand(a,a->top+1) == NULL) return(0); i=0; for (;;) @@ -145,6 +154,11 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) { int i; + w &= BN_MASK2; + + if (!w) + return 1; + if (BN_is_zero(a) || a->neg) { a->neg=0; @@ -153,7 +167,6 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) return(i); } - w&=BN_MASK2; if ((a->top == 1) && (a->d[0] < w)) { a->d[0]=w-a->d[0]; From 81ba5f6713798374c3327e649b96db3decd7a8b8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Nov 2003 21:07:59 +0000 Subject: [PATCH 104/112] Due to recent debugging bursts, openssl should be more or less solid against inconsistent BIGNUMs coming out of any of its API functions. So this change no longer "fixes" the bn_print.c functions, but it makes for cleaner code. This patch was a part of ticket 697. PR: 697 Submitted by: Otto Moerbeek Reviewed by: Geoff Thorpe --- crypto/bn/bn_print.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 5b5eb8fc9..4bc51d303 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -79,7 +79,7 @@ char *BN_bn2hex(const BIGNUM *a) } p=buf; if (a->neg) *(p++)='-'; - if (a->top == 0) *(p++)='0'; + if (BN_is_zero(a)) *(p++)='0'; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-8; j >= 0; j-=8) @@ -122,7 +122,7 @@ char *BN_bn2dec(const BIGNUM *a) p=buf; lp=bn_data; if (t->neg) *(p++)='-'; - if (t->top == 0) + if (BN_is_zero(t)) { *(p++)='0'; *(p++)='\0'; @@ -301,7 +301,7 @@ int BN_print(BIO *bp, const BIGNUM *a) int ret=0; if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; - if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end; + if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-4; j >= 0; j-=4) From 4c8b4f9d03fb5db99fa22b235369b96039f60706 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 12:54:11 +0000 Subject: [PATCH 105/112] Change my debugging entries to do fierce BIGNUM debugging. --- Configure | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configure b/Configure index ad8d83e58..bc7d5d489 100755 --- a/Configure +++ b/Configure @@ -145,10 +145,10 @@ my %table=( "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", From 4d8743f490a5f96fa26d41985ee12cb6b9815a4c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 13:10:58 +0000 Subject: [PATCH 106/112] Netware-specific changes, PR: 780 Submitted by: Verdon Walker Reviewed by: Richard Levitte --- Configure | 18 +- INSTALL | 6 +- INSTALL.NW | 437 +++++++++++++++++++++++++ Netware/build.bat | 204 ++++++++++++ Netware/cpy_tests.bat | 112 +++++++ Netware/do_tests.pl | 585 ++++++++++++++++++++++++++++++++++ Netware/globals.txt | 254 +++++++++++++++ Netware/readme.txt | 19 ++ Netware/set_env.bat | 90 ++++++ apps/apps.c | 13 +- apps/apps.h | 2 + apps/ca.c | 2 +- apps/s_apps.h | 3 +- apps/s_client.c | 8 +- apps/s_server.c | 16 +- apps/s_socket.c | 38 ++- apps/s_time.c | 18 +- apps/speed.c | 43 ++- crypto/bf/bf_opts.c | 3 + crypto/bf/bfspeed.c | 3 + crypto/bf/bftest.c | 3 + crypto/bio/b_sock.c | 33 +- crypto/bio/bss_file.c | 15 +- crypto/bio/bss_log.c | 2 + crypto/bio/bss_sock.c | 2 +- crypto/bn/exptest.c | 3 + crypto/buffer/buffer.h | 3 + crypto/cast/cast_spd.c | 3 + crypto/cast/castopts.c | 3 + crypto/des/des_opts.c | 4 + crypto/des/destest.c | 3 + crypto/des/speed.c | 4 + crypto/dh/dhtest.c | 6 +- crypto/dsa/dsatest.c | 3 + crypto/idea/idea_spd.c | 3 + crypto/idea/ideatest.c | 3 + crypto/md2/md2test.c | 3 + crypto/md32_common.h | 2 + crypto/md5/md5test.c | 4 + crypto/mdc2/mdc2test.c | 3 + crypto/perlasm/x86asm.pl | 8 +- crypto/perlasm/x86mwasm_nw.pl | 363 +++++++++++++++++++++ crypto/perlasm/x86nasm_nw.pl | 364 +++++++++++++++++++++ crypto/rand/Makefile.ssl | 4 +- crypto/rand/rand_egd.c | 2 +- crypto/rand/rand_nw.c | 171 ++++++++++ crypto/rand/rand_unix.c | 3 +- crypto/rand/randtest.c | 3 + crypto/rc2/rc2speed.c | 3 + crypto/rc2/rc2test.c | 3 + crypto/rc4/rc4speed.c | 3 + crypto/rc4/rc4test.c | 3 + crypto/rc5/rc5speed.c | 3 + crypto/rsa/rsa_test.c | 3 + crypto/sha/sha1test.c | 4 + crypto/sha/shatest.c | 5 +- crypto/threads/mttest.c | 115 +++++++ crypto/threads/netware.bat | 79 +++++ crypto/tmdiff.c | 16 +- crypto/ui/ui_openssl.c | 10 +- crypto/uid.c | 2 +- e_os.h | 36 +++ e_os2.h | 6 + engines/e_aep.c | 4 + ssl/ssltest.c | 3 + util/mk1mf.pl | 11 + util/pl/netware.pl | 327 +++++++++++++++++++ 67 files changed, 3490 insertions(+), 43 deletions(-) create mode 100644 INSTALL.NW create mode 100644 Netware/build.bat create mode 100644 Netware/cpy_tests.bat create mode 100644 Netware/do_tests.pl create mode 100644 Netware/globals.txt create mode 100644 Netware/readme.txt create mode 100644 Netware/set_env.bat create mode 100644 crypto/perlasm/x86mwasm_nw.pl create mode 100644 crypto/perlasm/x86nasm_nw.pl create mode 100644 crypto/rand/rand_nw.c create mode 100644 crypto/threads/netware.bat create mode 100644 util/pl/netware.pl diff --git a/Configure b/Configure index bc7d5d489..fa96c762f 100755 --- a/Configure +++ b/Configure @@ -519,6 +519,12 @@ my %table=( "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32::::win32:cygwin-shared:::.dll", +# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm:::::${x86_gcc_opts}:::", +# netware-libc => LibC/NKS support +"netware-libc", "mwccnlm:::::BN_LLONG ${x86_gcc_opts}:::", + # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", @@ -570,8 +576,8 @@ my %table=( ); -my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS - BC-32 BC-16 Mingw32 OS2-EMX); +my @MK1MF_Builds=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS + BC-32 BC-16 Mingw32 OS2-EMX netware-clib netware-libc); my $idx = 0; my $idx_cc = $idx++; @@ -940,7 +946,7 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); -my $IsWindows=scalar grep /^$target$/,@WinTargets; +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $exe_ext=".exe" if ($target eq "Cygwin"); $exe_ext=".exe" if ($target eq "DJGPP"); @@ -954,7 +960,7 @@ $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -print "IsWindows=$IsWindows\n"; +print "IsMK1MF=$IsMK1MF\n"; my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); my $cc = $fields[$idx_cc]; @@ -1502,7 +1508,7 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; -if($IsWindows) { +if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <MINFO + generates a listing of source files (used by mk1mf) + + perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak + generates the makefile for NetWare + + gmake -f netware\nlm.mak + build with the make tool (nmake.exe also works) + +NOTE: If you are building using the assembly option, you must also run the +various Perl scripts to generate the assembly files. See build.bat +for an example of running the various assembly scripts. You must use the +"no-asm" option to build without assembly. The configure and mk1mf scripts +also have various other options. See the scripts for more information. + + +The output from the build is placed in the following directories: + + CLIB Debug build: + out_nw_clib.dbg - static libs & test nlm(s) + tmp_nw_clib.dbg - temporary build files + outinc_nw_clib - necessary include files + + CLIB Non-debug build: + out_nw_clib - static libs & test nlm(s) + tmp_nw_clib - temporary build files + outinc_nw_clib - necesary include files + + LibC Debug build: + out_nw_libc.dbg - static libs & test nlm(s) + tmp_nw_libc.dbg - temporary build files + outinc_nw_libc - necessary include files + + LibC Non-debug build: + out_nw_libc - static libs & test nlm(s) + tmp_nw_libc - temporary build files + outinc_nw_libc - necesary include files + + +TESTING: +-------- +The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib, +rsaglue.lib ) and several test programs. You should copy the test programs +to your NetWare server and run the tests. + +The batch file "netware\cpy_tests.bat" will copy all the necessary files +to your server for testing. In order to run the batch file, you need a +drive mapped to your target server. It will create an "OpenSSL" directory +on the drive and copy the test files to it. CAUTION: If a directory with the +name of "OpenSSL" already exists, it will be deleted. + +To run cpy_tests.bat: + + netware\cpy_tests [output directory] [NetWare drive] + + output directory - "out_nw_clib.dbg", "out_nw_libc", etc. + NetWare drive - drive letter of mapped drive + + CLIB ex: netware\cpy_tests out_nw_clib m: + LibC ex: netware\cpy_tests out_nw_libc m: + + +The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server +should be used to execute the tests. Before running the script, make sure +your SEARCH PATH includes the "OpenSSL" directory. For example, if you +copied the files to the "sys:" volume you use the command: + + SEARCH ADD SYS:\OPENSSL + + +To run do_tests.pl type (at the console prompt): + + perl \openssl\do_tests.pl [options] + + options: + -p - pause after executing each test + +The do_tests.pl script generates a log file "\openssl\test_out\tests.log" +which should be reviewed for errors. Any errors will be denoted by the word +"ERROR" in the log. + +NOTE: Currently (11/2002), the LibC test nlms report an error while loading + when launched from the perl script (do_tests.pl). The problems are + being addressed by the LibC development team and should be fixed in the + next release. Until the problems are corrected, the LibC test nlms + will have to be executed manually. + + +DEVELOPING WITH THE OPENSSL SDK: +-------------------------------- +Now that everything is built and tested, you are ready to use the OpenSSL +libraries in your development. + +There is no real installation procedure, just copy the static libs and +headers to your build location. The libs (crypto.lib & ssl.lib) are +located in the appropriate "out_nw_XXXX" directory +(out_nw_clib, out_nw_libc, etc). + +The headers are located in the appropriate "outinc_nw_XXX" directory +(outinc_nw_clib, outinc_nw_libc). + +One suggestion is to create the following directory +structure for the OpenSSL SDK: + + \openssl + |- bin + | |- openssl.nlm + | |- (other tests you want) + | + |- lib + | | - crypto.lib + | | - ssl.lib + | + |- include + | | - openssl + | | | - (all the headers in "outinc_nw\openssl") + + +The program "openssl.nlm" can be very useful. It has dozens of +options and you may want to keep it handy for debugging, testing, etc. + +When building your apps using OpenSSL, define "NETWARE". It is needed by +some of the OpenSSL headers. One way to do this is with a compile option, +for example "-DNETWARE". + + + +NOTES: +------ + +Resource leaks in Tests +------------------------ +Some OpenSSL tests do not clean up resources and NetWare reports +the resource leaks when the tests unload. If this really bugs you, +you can stop the messages by setting the developer option off at the console +prompt (set developer option = off). Or better yet, fix the tests to +clean up the resources! + + +Multi-threaded Development +--------------------------- +The NetWare version of OpenSSL is thread-safe however, multi-threaded +applications must provide the necessary locking function callbacks. This +is described in doc\threads.doc. The file "openssl\crypto\threads\mttest.c" +is a multi-threaded test program and demonstrates the locking functions. + + +What is openssl2.nlm? +--------------------- +The openssl program has numerous options and can be used for many different +things. Many of the options operate in an interactive mode requiring the +user to enter data. Because of this, a default screen is created for the +program. However, when running the test script it is not desirable to +have a seperate screen. Therefore, the build also creates openssl2.nlm. +Openssl2.nlm is functionally identical but uses the console screen. +Openssl2 can be used when a non-interactive mode is desired. + +NOTE: There are may other possibilities (command line options, etc) +which could have been used to address the screen issue. The openssl2.nlm +option was chosen because it impacted only the build not the code. + + +Why only static libraries? +-------------------------- +Globals, globals, and more globals. The OpenSSL code uses many global +variables that are allocated and initialized when used for the first time. + +On NetWare, most applications (at least historically) run in the kernel. +When running in the kernel, there is one instance of global variables. +For regular application type NLM(s) this isn't a problem because they are +the only ones using the globals. However, for a library NLM (an NLM which +exposes functions and has no threads of execution), the globals cause +problems. Applications could inadvertently step on each other if they +change some globals. Even worse, the first application that triggers a +global to be allocated and initialized has the allocated memory charged to +itself. Now when that application unloads, NetWare will clean up all the +applicaton's memory. The global pointer variables inside OpenSSL now +point to freed memory. An abend waiting to happen! + +To work correctly in the kernel, library NLM(s) that use globals need to +provide a set of globals (instance data) for each application. Another +option is to require the library only be loaded in a protected address +space along with the application using it. + +Modifying the OpenSSL code to provide a set of globals (instance data) for +each application isn't technically difficult, but due to the large number +globals it would require substantial code changes and it wasn't done. Hence, +the build currently only builds static libraries which are then linked +into each application. + +NOTE: If you are building a library NLM that uses the OpenSSL static +libraries, you will still have to deal with the global variable issue. +This is because when you link in the OpenSSL code you bring in all the +globals. One possible solution for the global pointer variables is to +register memory functions with OpenSSL which allocate memory and charge it +to your library NLM (see the function CRYPTO_set_mem_functions). However, +be aware that now all memory allocated by OpenSSL is charged to your NLM. + + +CodeWarrior Tools and W2K +--------------------------- +There have been problems reported with the CodeWarrior Linker +(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The +problems cause the link step to fail. The only work around is to obtain an +updated linker from Metrowerks. It is expected Metrowerks will release +PDK 3.0 (in beta testing at this time - May, 2001) in the near future which +will fix these problems. + + +Makefile "vclean" +------------------ +The generated makefile has a "vclean" target which cleans up the build +directories. If you have been building successfully and suddenly +experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry. + + +"Undefined Symbol" Linker errors +-------------------------------- +There have been linker errors reported when doing a CLIB build. The problems +occur because some versions of the CLIB SDK import files inadvertently +left out some symbols. One symbol in particular is "_lrotl". The missing +functions are actually delivered in the binaries, but they were left out of +the import files. The issues should be fixed in the September 2001 release +of the NDK. If you experience the problems you can temporarily +work around it by manually adding the missing symbols to your version of +"clib.imp". diff --git a/Netware/build.bat b/Netware/build.bat new file mode 100644 index 000000000..ee73da4df --- /dev/null +++ b/Netware/build.bat @@ -0,0 +1,204 @@ +@echo off + +rem ======================================================================== +rem Batch file to automate building OpenSSL for NetWare. +rem +rem usage: +rem build [target] [debug opts] [assembly opts] [configure opts] +rem +rem target - "netware-clib" - CLib NetWare build +rem - "netware-libc" - LibC NKS NetWare build +rem +rem debug opts - "debug" - build debug +rem +rem assembly opts - "nw-mwasm" - use Metrowerks assembler +rem "nw-nasm" - use NASM assembler +rem "no-asm" - don't use assembly +rem +rem configure opts- all unrecognized arguments are passed to the +rem perl configure script +rem +rem If no arguments are specified the default is to build non-debug with +rem no assembly. NOTE: there is no default BLD_TARGET. +rem + + + +rem No assembly is the default - Uncomment section below to change +rem the assembler default +set ASM_MODE= +set ASSEMBLER= +set NO_ASM=no-asm + +rem Uncomment to default to the Metrowerks assembler +rem set ASM_MODE=nw-mwasm +rem set ASSEMBLER=Metrowerks +rem set NO_ASM= + +rem Uncomment to default to the NASM assembler +rem set ASM_MODE=nw-nasm +rem set ASSEMBLER=NASM +rem set NO_ASM= + +rem No default Bld target +set BLD_TARGET=no_target +rem set BLD_TARGET=netware-clib +rem set BLD_TARGET=netware-libc + + +rem Default to build non-debug +set DEBUG= + +rem Uncomment to default to debug build +rem set DEBUG=debug + + +set CONFIG_OPTS= +set ARG_PROCESSED=NO + + +rem Process command line args +:opts +if "a%1" == "a" goto endopt +if "%1" == "no-asm" set NO_ASM=no-asm +if "%1" == "no-asm" set ARG_PROCESSED=YES +if "%1" == "debug" set DEBUG=debug +if "%1" == "debug" set ARG_PROCESSED=YES +if "%1" == "nw-nasm" set ASM_MODE=nw-nasm +if "%1" == "nw-nasm" set ASSEMBLER=NASM +if "%1" == "nw-nasm" set NO_ASM= +if "%1" == "nw-nasm" set ARG_PROCESSED=YES +if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm +if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks +if "%1" == "nw-mwasm" set NO_ASM= +if "%1" == "nw-mwasm" set ARG_PROCESSED=YES +if "%1" == "netware-clib" set BLD_TARGET=netware-clib +if "%1" == "netware-clib" set ARG_PROCESSED=YES +if "%1" == "netware-libc" set BLD_TARGET=netware-libc +if "%1" == "netware-libc" set ARG_PROCESSED=YES + +rem If we didn't recognize the argument, consider it an option for config +if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1 +if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO + +shift +goto opts +:endopt + +rem make sure a valid BLD_TARGET was specified +if "%BLD_TARGET%" == "no_target" goto no_target + +rem build the nlm make file name which includes target and debug info +set NLM_MAKE= +if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib +if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc +if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak +if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak + +if "%NO_ASM%" == "no-asm" set ASM_MODE= +if "%NO_ASM%" == "no-asm" set ASSEMBLER= +if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm +if "%NO_ASM%" == "no-asm" goto do_config + + +rem ================================================== +echo Generating x86 for %ASSEMBLER% assembler + +echo Bignum +cd crypto\bn\asm +perl x86.pl %ASM_MODE% > bn-nw.asm +cd ..\..\.. + +echo DES +cd crypto\des\asm +perl des-586.pl %ASM_MODE% > d-nw.asm +cd ..\..\.. + +echo "crypt(3)" + +cd crypto\des\asm +perl crypt586.pl %ASM_MODE% > y-nw.asm +cd ..\..\.. + +echo Blowfish + +cd crypto\bf\asm +perl bf-586.pl %ASM_MODE% > b-nw.asm +cd ..\..\.. + +echo CAST5 +cd crypto\cast\asm +perl cast-586.pl %ASM_MODE% > c-nw.asm +cd ..\..\.. + +echo RC4 +cd crypto\rc4\asm +perl rc4-586.pl %ASM_MODE% > r4-nw.asm +cd ..\..\.. + +echo MD5 +cd crypto\md5\asm +perl md5-586.pl %ASM_MODE% > m5-nw.asm +cd ..\..\.. + +echo SHA1 +cd crypto\sha\asm +perl sha1-586.pl %ASM_MODE% > s1-nw.asm +cd ..\..\.. + +echo RIPEMD160 +cd crypto\ripemd\asm +perl rmd-586.pl %ASM_MODE% > rm-nw.asm +cd ..\..\.. + +echo RC5\32 +cd crypto\rc5\asm +perl rc5-586.pl %ASM_MODE% > r5-nw.asm +cd ..\..\.. + +rem =============================================================== +rem +:do_config + +echo . +echo configure options: %CONFIG_OPTS% %BLD_TARGET% +echo . +perl configure %CONFIG_OPTS% %BLD_TARGET% + +perl util\mkfiles.pl >MINFO + +echo . +echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% +echo . +perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE% + +echo The makefile "%NLM_MAKE%" has been created use your maketool to +echo build (ex: gmake -f %NLM_MAKE%) +goto end + +rem =============================================================== +rem +:no_target +echo . +echo . No build target specified!!! +echo . +echo . usage: build [target] [debug opts] [assembly opts] [configure opts] +echo . +echo . target - "netware-clib" - CLib NetWare build +echo . - "netware-libc" - LibC NKS NetWare build +echo . +echo . debug opts - "debug" - build debug +echo . +echo . assembly opts - "nw-mwasm" - use Metrowerks assembler +echo . "nw-nasm" - use NASM assembler +echo . "no-asm" - don't use assembly +echo . +echo . configure opts- all unrecognized arguments are passed to the +echo . perl configure script +echo . +echo . If no debug or assembly opts are specified the default is to build +echo . non-debug without assembly +echo . + + +:end diff --git a/Netware/cpy_tests.bat b/Netware/cpy_tests.bat new file mode 100644 index 000000000..c2f07c00c --- /dev/null +++ b/Netware/cpy_tests.bat @@ -0,0 +1,112 @@ +@echo off + +rem Batch file to copy OpenSSL stuff to a NetWare server for testing + +rem This batch file will create an "opensssl" directory at the root of the +rem specified NetWare drive and copy the required files to run the tests. +rem It should be run from inside the "openssl\netware" subdirectory. + +rem Usage: +rem cpy_tests.bat +rem - out_nw.dbg | out_nw +rem - any mapped drive letter +rem +rem example ( copy from debug build to m: dirve ): +rem cpy_tests.bat out_nw.dbg m: +rem +rem CAUTION: If a directory named OpenSSL exists on the target drive +rem it will be deleted first. + + +if "%1" == "" goto usage +if "%2" == "" goto usage + +rem Assume running in \openssl directory unless cpy_tests.bat exists then +rem it must be the \openssl\netware directory +set loc=. +if exist cpy_tests.bat set loc=.. + +rem make sure the local build subdirectory specified is valid +if not exist %loc%\%1\NUL goto invalid_dir + +rem make sure target drive is valid +if not exist %2\NUL goto invalid_drive + +rem If an OpenSSL directory exists on the target drive, remove it +if exist %2\openssl\NUL goto remove_openssl +goto do_copy + +:remove_openssl +echo . +echo OpenSSL directory exists on %2 - it will be removed! +pause +rmdir %2\openssl /s /q + +:do_copy +rem make an "openssl" directory and others at the root of the NetWare drive +mkdir %2\openssl +mkdir %2\openssl\test_out +mkdir %2\openssl\apps +mkdir %2\openssl\certs +mkdir %2\openssl\test + + +rem copy the test nlms +copy %loc%\%1\*.nlm %2\openssl\ + +rem copy the test perl script +copy %loc%\netware\do_tests.pl %2\openssl\ + +rem copy the certs directory stuff +xcopy %loc%\certs\*.* %2\openssl\certs\ /s + +rem copy the test directory stuff +copy %loc%\test\CAss.cnf %2\openssl\test\ +copy %loc%\test\Uss.cnf %2\openssl\test\ +copy %loc%\test\pkcs7.pem %2\openssl\test\ +copy %loc%\test\pkcs7-1.pem %2\openssl\test\ +copy %loc%\test\testcrl.pem %2\openssl\test\ +copy %loc%\test\testp7.pem %2\openssl\test\ +copy %loc%\test\testreq2.pem %2\openssl\test\ +copy %loc%\test\testrsa.pem %2\openssl\test\ +copy %loc%\test\testsid.pem %2\openssl\test\ +copy %loc%\test\testx509.pem %2\openssl\test\ +copy %loc%\test\v3-cert1.pem %2\openssl\test\ +copy %loc%\test\v3-cert2.pem %2\openssl\test\ + +rem copy the apps directory stuff +copy %loc%\apps\client.pem %2\openssl\apps\ +copy %loc%\apps\server.pem %2\openssl\apps\ +copy %loc%\apps\openssl.cnf %2\openssl\apps\ + +echo . +echo Tests copied +echo Run the test script at the console by typing: +echo "Perl \openssl\do_tests.pl" +echo . +echo Make sure the Search path includes the OpenSSL subdirectory + +goto end + +:invalid_dir +echo. +echo Invalid build directory specified: %1 +echo. +goto usage + +:invalid_drive +echo. +echo Invalid drive: %2 +echo. +goto usage + +:usage +echo. +echo usage: cpy_tests.bat [test subdirectory] [NetWare drive] +echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. +echo [NetWare drive] - any mapped drive letter +echo. +echo example: cpy_test out_nw_clib.dbg M: +echo (copy from clib debug build area to M: drive) + +:end diff --git a/Netware/do_tests.pl b/Netware/do_tests.pl new file mode 100644 index 000000000..f4e11272d --- /dev/null +++ b/Netware/do_tests.pl @@ -0,0 +1,585 @@ +# perl script to run OpenSSL tests + + +my $base_path = "\\openssl"; + +my $output_path = "$base_path\\test_out"; +my $cert_path = "$base_path\\certs"; +my $test_path = "$base_path\\test"; +my $app_path = "$base_path\\apps"; + +my $tmp_cert = "$output_path\\cert.tmp"; +my $OpenSSL_config = "$app_path\\openssl.cnf"; +my $log_file = "$output_path\\tests.log"; + +my $pause = 0; + + +# process the command line args to see if they wanted us to pause +# between executing each command +foreach $i (@ARGV) +{ + if ($i =~ /^-p$/) + { $pause=1; } +} + + + +main(); + + +############################################################################ +sub main() +{ + # delete all the output files in the output directory + unlink <$output_path\\*.*>; + + # open the main log file + open(OUT, ">$log_file") || die "unable to open $log_file\n"; + + + algorithm_tests(); + encryption_tests(); + pem_tests(); + verify_tests(); + ssl_tests(); + ca_tests(); + + close(OUT); + + print("\nCompleted running tests.\n\n"); + print("Check log file for errors: $log_file\n"); +} + +############################################################################ +sub algorithm_tests +{ + my $i; + my $outFile; + my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test, + md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest, + dhtest, exptest ); + + print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); + + foreach $i (@tests) + { + $outFile = "$output_path\\$i.out"; + system("$i > $outFile"); + log_desc("Test: $i\.nlm:"); + log_output("", $outFile ); + } +} + +############################################################################ +sub encryption_tests +{ + my $i; + my $outFile; + my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", + "des-ofb", "des-ede-ofb", "des-ede3-ofb", + "des-ecb", "des-ede", "des-ede3", "des-cbc", + "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", + "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", + "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", + "bf-ofb", "bf-cbc" ); + + my $input = "$base_path\\do_tests.pl"; + my $cipher = "$output_path\\cipher.out"; + my $clear = "$output_path\\clear.out"; + + print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); + + foreach $i (@enc_tests) + { + log_desc("Testing: $i"); + + # do encryption + $outFile = "$output_path\\enc.out"; + system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" ); + log_output("Encrypting: $input --> $cipher", $outFile); + + # do decryption + $outFile = "$output_path\\dec.out"; + system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); + log_output("Decrypting: $cipher --> $clear", $outFile); + + # compare files + $x = compare_files( $input, $clear, 1); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $clear\n"); + print( OUT "SUCCESS - files match: $input, $clear\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + + do_wait(); + + # Now do the same encryption but use Base64 + + # do encryption B64 + $outFile = "$output_path\\B64enc.out"; + system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile"); + log_output("Encrypting(B64): $cipher --> $clear", $outFile); + + # do decryption B64 + $outFile = "$output_path\\B64dec.out"; + system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); + log_output("Decrypting(B64): $cipher --> $clear", $outFile); + + # compare files + $x = compare_files( $input, $clear, 1); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $clear\n"); + print( OUT "SUCCESS - files match: $input, $clear\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + + do_wait(); + + } # end foreach + + # delete the temporary files + unlink($cipher); + unlink($clear); +} + + +############################################################################ +sub pem_tests +{ + my $i; + my $tmp_out; + my $outFile = "$output_path\\pem.out"; + + my %pem_tests = ( + "crl" => "testcrl.pem", + "pkcs7" => "testp7.pem", + "req" => "testreq2.pem", + "rsa" => "testrsa.pem", + "x509" => "testx509.pem", + "x509" => "v3-cert1.pem", + "sess_id" => "testsid.pem" ); + + + print( "\nRUNNING PEM TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "PEM TESTS:\n\n"); + + foreach $i (keys(%pem_tests)) + { + log_desc( "Testing: $i"); + + my $input = "$test_path\\$pem_tests{$i}"; + + $tmp_out = "$output_path\\$pem_tests{$i}"; + + if ($i ne "req" ) + { + system("openssl2 $i -in $input -out $tmp_out > $outFile"); + log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); + } + else + { + system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile"); + log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); + } + + $x = compare_files( $input, $tmp_out); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $tmp_out\n"); + print( OUT "SUCCESS - files match: $input, $tmp_out\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + do_wait(); + + } # end foreach +} + + +############################################################################ +sub verify_tests +{ + my $i; + my $outFile = "$output_path\\verify.out"; + + my @cert_files = <$cert_path\\*.pem>; + + print( "\nRUNNING VERIFY TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "VERIFY TESTS:\n\n"); + + make_tmp_cert_file(); + + foreach $i (@cert_files) + { + system("openssl2 verify -CAfile $tmp_cert $i >$outFile"); + log_desc("Verifying cert: $i"); + log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); + } +} + + +############################################################################ +sub ssl_tests +{ + my $outFile = "$output_path\\ssl_tst.out"; + + print( "\nRUNNING SSL TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "SSL TESTS:\n\n"); + + make_tmp_cert_file(); + + system("ssltest -ssl2 >$outFile"); + log_desc("Testing sslv2:"); + log_output("ssltest -ssl2", $outFile); + + system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with server authentication:"); + log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with client authentication:"); + log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with both client and server authentication:"); + log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 >$outFile"); + log_desc("Testing sslv3:"); + log_output("ssltest -ssl3", $outFile); + + system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with server authentication:"); + log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with client authentication:"); + log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with both client and server authentication:"); + log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest >$outFile"); + log_desc("Testing sslv2/sslv3:"); + log_output("ssltest", $outFile); + + system("ssltest -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with server authentication:"); + log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with client authentication:"); + log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with both client and server authentication:"); + log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 >$outFile"); + log_desc("Testing sslv2 via BIO pair:"); + log_output("ssltest -bio_pair -ssl2", $outFile); + + system("ssltest -bio_pair -dhe1024dsa -v >$outFile"); + log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); + log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); + + system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 >$outFile"); + log_desc("Testing sslv3 via BIO pair:"); + log_output("ssltest -bio_pair -ssl3", $outFile); + + system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair >$outFile"); + log_desc("Testing sslv2/sslv3 via BIO pair:"); + log_output("ssltest -bio_pair", $outFile); + + system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile); +} + + +############################################################################ +sub ca_tests +{ + my $outFile = "$output_path\\ca_tst.out"; + + my($CAkey) = "$output_path\\keyCA.ss"; + my($CAcert) = "$output_path\\certCA.ss"; + my($CAserial) = "$output_path\\certCA.srl"; + my($CAreq) = "$output_path\\reqCA.ss"; + my($CAreq2) = "$output_path\\req2CA.ss"; + + my($CAconf) = "$test_path\\CAss.cnf"; + + my($Uconf) = "$test_path\\Uss.cnf"; + + my($Ukey) = "$output_path\\keyU.ss"; + my($Ureq) = "$output_path\\reqU.ss"; + my($Ucert) = "$output_path\\certU.ss"; + + print( "\nRUNNING CA TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "CA TESTS:\n"); + + system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile"); + log_desc("Make a certificate request using req:"); + log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); + + system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile"); + log_desc("Convert the certificate request into a self signed certificate using x509:"); + log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); + + system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile"); + log_desc("Convert a certificate into a certificate request using 'x509':"); + log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); + + system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile"); + log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); + + system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile"); + log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); + + system("openssl2 verify -CAfile $CAcert $CAcert >$outFile"); + log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); + + system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile"); + log_desc("Make another certificate request using req:"); + log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); + + system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile"); + log_desc("Sign certificate request with the just created CA via x509:"); + log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); + + system("openssl2 verify -CAfile $CAcert $Ucert >$outFile"); + log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); + + system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile"); + log_desc("Certificate details"); + log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); + + print(OUT "-- \n"); + print(OUT "The generated CA certificate is $CAcert\n"); + print(OUT "The generated CA private key is $CAkey\n"); + print(OUT "The current CA signing serial number is in $CAserial\n"); + + print(OUT "The generated user certificate is $Ucert\n"); + print(OUT "The generated user private key is $Ukey\n"); + print(OUT "--\n"); +} + +############################################################################ +sub log_output( $ $ ) +{ + my( $desc, $file ) = @_; + my($error) = 0; + my($key); + my($msg); + + if ($desc) + { + print("$desc\n"); + print(OUT "$desc\n"); + } + + # loop waiting for test program to complete + while ( stat($file) == 0) + { print(". "); sleep(1); } + + + # copy test output to log file + open(IN, "<$file"); + while () + { + print(OUT $_); + if ( $_ =~ /ERROR/ ) + { + $error = 1; + } + } + # close and delete the temporary test output file + close(IN); + unlink($file); + + if ( $error == 0 ) + { + $msg = "Test Succeeded"; + } + else + { + $msg = "Test Failed"; + } + + print(OUT "$msg\n"); + + if ($pause) + { + print("$msg - press ENTER to continue..."); + $key = getc; + print("\n"); + } + + # Several of the testing scripts run a loop loading the + # same NLM with different options. + # On slow NetWare machines there appears to be some delay in the + # OS actually unloading the test nlms and the OS complains about. + # the NLM already being loaded. This additional pause is to + # to help provide a little more time for unloading before trying to + # load again. + sleep(1); +} + + +############################################################################ +sub log_desc( $ ) +{ + my( $desc ) = @_; + + print("\n"); + print("$desc\n"); + + print(OUT "\n"); + print(OUT "$desc\n"); + print(OUT "======================================\n"); +} + +############################################################################ +sub compare_files( $ $ $ ) +{ + my( $file1, $file2, $binary ) = @_; + my( $n1, $n2, $b1, $b2 ); + my($ret) = 1; + + open(IN0, $file1) || die "\nunable to open $file1\n"; + open(IN1, $file2) || die "\nunable to open $file2\n"; + + if ($binary) + { + binmode IN0; + binmode IN1; + } + + for (;;) + { + $n1 = read(IN0, $b1, 512); + $n2 = read(IN1, $b2, 512); + + if ($n1 != $n2) {last;} + if ($b1 != $b2) {last;} + + if ($n1 == 0) + { + $ret = 0; + last; + } + } + close(IN0); + close(IN1); + return($ret); +} + +############################################################################ +sub do_wait() +{ + my($key); + + if ($pause) + { + print("Press ENTER to continue..."); + $key = getc; + print("\n"); + } +} + + +############################################################################ +sub make_tmp_cert_file() +{ + my @cert_files = <$cert_path\\*.pem>; + + # delete the file if it already exists + unlink($tmp_cert); + + open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; + + print("building temporary cert file\n"); + + # create a temporary cert file that contains all the certs + foreach $i (@cert_files) + { + open( IN_CERT, $i ) || die "\nunable to open $i\n"; + + for(;;) + { + $n = sysread(IN_CERT, $data, 1024); + + if ($n == 0) + { + close(IN_CERT); + last; + }; + + syswrite(TMP_CERT, $data, $n); + } + } + + close( TMP_CERT ); +} diff --git a/Netware/globals.txt b/Netware/globals.txt new file mode 100644 index 000000000..fe05d390c --- /dev/null +++ b/Netware/globals.txt @@ -0,0 +1,254 @@ +An initial review of the OpenSSL code was done to determine how many +global variables where present. The idea was to determine the amount of +work required to pull the globals into an instance data structure in +order to build a Library NLM for NetWare. This file contains the results +of the review. Each file is listed along with the globals in the file. +The initial review was done very quickly so this list is probably +not a comprehensive list. + + +cryptlib.c +=========================================== + +static STACK *app_locks=NULL; + +static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; + +static void (MS_FAR *locking_callback)(int mode,int type, + const char *file,int line)=NULL; +static int (MS_FAR *add_lock_callback)(int *pointer,int amount, + int type,const char *file,int line)=NULL; +static unsigned long (MS_FAR *id_callback)(void)=NULL; +static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) + (const char *file,int line)=NULL; +static void (MS_FAR *dynlock_lock_callback)(int mode, + struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; +static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, + const char *file,int line)=NULL; + + +mem.c +=========================================== +static int allow_customize = 1; /* we provide flexible functions for */ +static int allow_customize_debug = 1;/* exchanging memory-related functions at + +/* may be changed as long as `allow_customize' is set */ +static void *(*malloc_locked_func)(size_t) = malloc; +static void (*free_locked_func)(void *) = free; +static void *(*malloc_func)(size_t) = malloc; +static void *(*realloc_func)(void *, size_t)= realloc; +static void (*free_func)(void *) = free; + +/* use default functions from mem_dbg.c */ +static void (*malloc_debug_func)(void *,int,const char *,int,int) + = CRYPTO_dbg_malloc; +static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) + = CRYPTO_dbg_realloc; +static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; +static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; +static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; + + +mem_dbg.c +=========================================== +static int mh_mode=CRYPTO_MEM_CHECK_OFF; +static unsigned long order = 0; /* number of memory requests */ +static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ + +static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */ +static long options = /* extra information to be recorded */ +static unsigned long disabling_thread = 0; + + +err.c +=========================================== +static LHASH *error_hash=NULL; +static LHASH *thread_hash=NULL; + +several files have routines with static "init" to track if error strings + have been loaded ( may not want seperate error strings for each process ) + The "init" variable can't be left "global" because the error has is a ptr + that is malloc'ed. The malloc'ed error has is dependant on the "init" + vars. + + files: + pem_err.c + cpt_err.c + pk12err.c + asn1_err.c + bio_err.c + bn_err.c + buf_err.c + comp_err.c + conf_err.c + cpt_err.c + dh_err.c + dsa_err.c + dso_err.c + evp_err.c + obj_err.c + pkcs7err.c + rand_err.c + rsa_err.c + rsar_err.c + ssl_err.c + x509_err.c + v3err.c + err.c + +These file have similar "init" globals but they are for other stuff not +error strings: + + bn_lib.c + ecc_enc.c + s23_clnt.c + s23_meth.c + s23_srvr.c + s2_clnt.c + s2_lib.c + s2_meth.c + s2_srvr.c + s3_clnt.c + s3_lib.c + s3_srvr.c + t1_clnt.c + t1_meth.c + t1_srvr.c + +rand_lib.c +=========================================== +static RAND_METHOD *rand_meth= &rand_ssleay_meth; + +md_rand.c +=========================================== +static int state_num=0,state_index=0; +static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; +static unsigned char md[MD_DIGEST_LENGTH]; +static long md_count[2]={0,0}; +static double entropy=0; +static int initialized=0; + +/* This should be set to 1 only when ssleay_rand_add() is called inside + an already locked state, so it doesn't try to lock and thereby cause + a hang. And it should always be reset back to 0 before unlocking. */ +static int add_do_not_lock=0; + +obj_dat.c +============================================ +static int new_nid=NUM_NID; +static LHASH *added=NULL; + +b_sock.c +=========================================== +static unsigned long BIO_ghbn_hits=0L; +static unsigned long BIO_ghbn_miss=0L; +static struct ghbn_cache_st + { + char name[129]; + struct hostent *ent; + unsigned long order; + } ghbn_cache[GHBN_NUM]; + +static int wsa_init_done=0; + + +bio_lib.c +=========================================== +static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL; +static int bio_meth_num=0; + + +bn_lib.c +======================================== +static int bn_limit_bits=0; +static int bn_limit_num=8; /* (1< 4) && (p[n-4] == '.') && + ((p[n-3] == 'n') || (p[n-3] == 'N')) && + ((p[n-2] == 'l') || (p[n-2] == 'L')) && + ((p[n-1] == 'm') || (p[n-1] == 'M'))) + n-=4; +#else /* strip off trailing .exe if present. */ if ((n > 4) && (p[n-4] == '.') && ((p[n-3] == 'e') || (p[n-3] == 'E')) && ((p[n-2] == 'x') || (p[n-2] == 'X')) && ((p[n-1] == 'e') || (p[n-1] == 'E'))) n-=4; +#endif + if (n > size-1) n=size-1; diff --git a/apps/apps.h b/apps/apps.h index 0d50a9477..107001057 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -162,7 +162,9 @@ extern BIO *bio_err; #endif +#ifndef OPENSSL_SYS_NETWARE #include +#endif #ifdef SIGPIPE #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) diff --git a/apps/ca.c b/apps/ca.c index 15211b844..19d51477a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -83,7 +83,7 @@ # else # include # endif -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) # include # endif #endif diff --git a/apps/s_apps.h b/apps/s_apps.h index 66b6edd44..f4c85aa81 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,8 +108,9 @@ * Hudson (tjh@cryptsoft.com). * */ - +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ #include +#endif #include #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) diff --git a/apps/s_client.c b/apps/s_client.c index 294aad8b5..43934d87b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -256,7 +256,7 @@ int MAIN(int argc, char **argv) char *engine_id=NULL; ENGINE *e=NULL; #endif -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -640,7 +640,7 @@ re_start: if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -770,7 +770,7 @@ re_start: goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else @@ -857,6 +857,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif +#elif defined (OPENSSL_SYS_NETWARE) + else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif diff --git a/apps/s_server.c b/apps/s_server.c index 9b8fe570c..c342a2ba6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -124,13 +124,17 @@ #include #include #include -#include + #include #include #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +#include +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -997,7 +1001,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -1071,7 +1075,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -1081,7 +1085,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1501,7 +1505,9 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) +#if defined(OPENSSL_SYS_NETWARE) + delay(1000); +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; diff --git a/apps/s_socket.c b/apps/s_socket.c index 9a696d5f9..ff8c282a1 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -88,7 +88,7 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_SOCK static struct hostent *GetHostByName(char *name); -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); @@ -104,6 +104,10 @@ static int host_ip(char *str, unsigned char ip[4]); #define SOCKET_PROTOCOL IPPROTO_TCP #endif +#ifdef OPENSSL_SYS_NETWARE +static int wsa_init_done=0; +#endif + #ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; static int wsa_init_done=0; @@ -152,6 +156,15 @@ static void ssl_sock_cleanup(void) WSACleanup(); } } +#elif defined(OPENSSL_SYS_NETWARE) +static void sock_cleanup(void) + { + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } + } #endif static int ssl_sock_init(void) @@ -187,6 +200,27 @@ static int ssl_sock_init(void) SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); #endif /* OPENSSL_SYS_WIN16 */ } +#elif defined(OPENSSL_SYS_NETWARE) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); + return(0); + } + } #endif /* OPENSSL_SYS_WINDOWS */ return(1); } @@ -348,7 +382,7 @@ redoit: ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); if (ret == INVALID_SOCKET) { -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else diff --git a/apps/s_time.c b/apps/s_time.c index 1ad16cd60..1134020d2 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -85,7 +85,7 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) +#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -105,7 +105,7 @@ #undef TIMES #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include #endif @@ -384,6 +384,20 @@ static double tm_Time_F(int s) ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } +#elif defined(OPENSSL_SYS_NETWARE) + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } #elif defined(OPENSSL_SYS_VXWORKS) { static unsigned long tick_start, tick_end; diff --git a/apps/speed.c b/apps/speed.c index d9dd1b65d..d15b06e24 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -88,7 +88,7 @@ #include #include -#include + #include #include #include "apps.h" @@ -104,6 +104,10 @@ #include OPENSSL_UNISTD #endif +#ifndef OPENSSL_SYS_NETWARE +#include +#endif + #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) @@ -113,6 +117,12 @@ # define TIMEB #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TIMES +#undef TIMEB +#include +#endif + #ifndef _IRIX # include #endif @@ -137,7 +147,7 @@ #include #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -236,7 +246,7 @@ # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) # define HAVE_FORK 1 #endif @@ -298,6 +308,32 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 +#if defined(OPENSSL_SYS_NETWARE) + + /* for NetWare the best we can do is use clock() which returns the + * time, in hundredths of a second, since the NLM began executing + */ +static double Time_F(int s) + { + double ret; + + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } + } + +#else + static double Time_F(int s) { double ret; @@ -406,6 +442,7 @@ static double Time_F(int s) # endif #endif } +#endif /* if defined(OPENSSL_SYS_NETWARE) */ static const int KDF1_SHA1_len = 20; diff --git a/crypto/bf/bf_opts.c b/crypto/bf/bf_opts.c index 171dada2c..1721bb99b 100644 --- a/crypto/bf/bf_opts.c +++ b/crypto/bf/bf_opts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c index f346af64f..c41ef3b40 100644 --- a/crypto/bf/bfspeed.c +++ b/crypto/bf/bfspeed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 14bc4d7c8..97e6634d3 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -278,6 +278,9 @@ int main(int argc, char *argv[]) else ret=test(); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(0); } diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index c50100802..d619bcf99 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -79,7 +79,7 @@ #define MAX_LISTEN 32 #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) static int wsa_init_done=0; #endif @@ -473,6 +473,31 @@ int BIO_sock_init(void) if (sock_init()) return (-1); #endif + +#if defined(OPENSSL_SYS_NETWARE) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))BIO_sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + SYSerr(SYS_F_WSASTARTUP,err); + BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP); + return(-1); + } + } +#endif + return(1); } @@ -487,6 +512,12 @@ void BIO_sock_cleanup(void) #endif WSACleanup(); } +#elif defined(OPENSSL_SYS_NETWARE) + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } #endif } diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 1f9bd3312..774bc5a7e 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -218,6 +218,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) _setmode(fd,_O_TEXT); else _setmode(fd,_O_BINARY); +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) + /* Under CLib there are differences in file modes + */ + if (num & BIO_FP_TEXT) + _setmode(fileno((FILE *)ptr),O_TEXT); + else + _setmode(fileno((FILE *)ptr),O_BINARY); #elif defined(OPENSSL_SYS_MSDOS) { int fd = fileno((FILE*)ptr); @@ -270,7 +277,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) else strcat(p,"t"); #endif - fp=fopen(ptr,p); +#if defined(OPENSSL_SYS_NETWARE) + if (!(num & BIO_FP_TEXT)) + strcat(p,"b"); + else + strcat(p,"t"); +#endif +fp=fopen(ptr,p); if (fp == NULL) { SYSerr(SYS_F_FOPEN,get_last_sys_error()); diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 1eb678cac..6360dbc82 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -78,6 +78,8 @@ # include #elif defined(__ultrix) # include +#elif defined(OPENSSL_SYS_NETWARE) +# define NO_SYSLOG #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include #endif diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 7207a1fb8..472dd7582 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -246,7 +246,7 @@ int BIO_sock_non_fatal_error(int err) { switch (err) { -#if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) # if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: # endif diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index b09cf8870..37aec55b8 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -181,6 +181,9 @@ int main(int argc, char *argv[]) err: ERR_load_crypto_strings(); ERR_print_errors(out); +#ifdef OPENSSL_SYS_NETWARE + printf("ERROR\n"); +#endif EXIT(1); return(1); } diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 164f8aa6e..7f557c21c 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -64,7 +64,10 @@ extern "C" { #endif #include + +#if !defined(NO_SYS_TYPES_H) #include +#endif typedef struct buf_mem_st { diff --git a/crypto/cast/cast_spd.c b/crypto/cast/cast_spd.c index 76abf50d9..d650af475 100644 --- a/crypto/cast/cast_spd.c +++ b/crypto/cast/cast_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/cast/castopts.c b/crypto/cast/castopts.c index 1b858d153..33b2c7b06 100644 --- a/crypto/cast/castopts.c +++ b/crypto/cast/castopts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c index 79278b920..2df82962c 100644 --- a/crypto/des/des_opts.c +++ b/crypto/des/des_opts.c @@ -71,7 +71,11 @@ #include extern void exit(); #endif + +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 788f552c8..4584cf300 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -821,6 +821,9 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]); printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif printf("\n"); return(err); } diff --git a/crypto/des/speed.c b/crypto/des/speed.c index 48fc1d49f..1616f4b7c 100644 --- a/crypto/des/speed.c +++ b/crypto/des/speed.c @@ -69,7 +69,11 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#define crypt(c,s) (des_crypt((c),(s))) +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 492fbeefa..1b193649d 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -197,9 +197,9 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 1dbda6801..ccc456eab 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -221,6 +221,9 @@ end: BIO_free(bio_err); bio_err = NULL; } +#ifdef OPENSSL_SYS_NETWARE + if (!ret) printf("ERROR\n"); +#endif EXIT(!ret); return(0); } diff --git a/crypto/idea/idea_spd.c b/crypto/idea/idea_spd.c index 48ffaff52..699353e87 100644 --- a/crypto/idea/idea_spd.c +++ b/crypto/idea/idea_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index 98f805d72..e6ffc7025 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -169,6 +169,9 @@ int main(int argc, char *argv[]) else printf("ok\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 9c1e28b6c..13cbec4ab 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -124,6 +124,9 @@ int main(int argc, char *argv[]) R++; P++; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); } diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 511e5b2aa..0cdc06e31 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -184,6 +184,8 @@ # elif defined(__MWERKS__) # if defined(__POWERPC__) # define ROTATE(a,n) __rlwinm(a,n,0,31) +# elif defined(OPENSSL_SYSNAME_NETWARE) +# define ROTATE(a,n) _lrotl(a,n) # elif defined(__MC68K__) /* Motorola specific tweak. */ # define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index bfd62629e..667b6be34 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -120,6 +120,10 @@ int main(int argc, char *argv[]) R++; P++; } + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index c9abe99d9..017b31add 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -140,6 +140,9 @@ int main(int argc, char *argv[]) printf("pad2 - ok\n"); EVP_MD_CTX_cleanup(&c); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl index 1cb96e914..f9c7c37ac 100644 --- a/crypto/perlasm/x86asm.pl +++ b/crypto/perlasm/x86asm.pl @@ -18,7 +18,7 @@ sub main'asm_init ($type,$fn,$i386)=@_; $filename=$fn; - $elf=$cpp=$sol=$aout=$win32=$gaswin=0; + $elf=$cpp=$sol=$aout=$win32=$gaswin=$netware=0; if ( ($type eq "elf")) { $elf=1; require "x86unix.pl"; } elsif ( ($type eq "a.out")) @@ -33,6 +33,10 @@ sub main'asm_init { $win32=1; require "x86ms.pl"; } elsif ( ($type eq "win32n")) { $win32=1; require "x86nasm.pl"; } + elsif ( ($type eq "nw-nasm")) + { $netware=1; require "x86nasm_nw.pl"; } + elsif ( ($type eq "nw-mwasm")) + { $netware=1; require "x86mwasm_nw.pl"; } else { print STDERR <<"EOF"; @@ -43,6 +47,8 @@ Pick one target type from cpp - format so x86unix.cpp can be used win32 - Windows 95/Windows NT win32n - Windows 95/Windows NT NASM format + nw-nasm - NetWare NASM format + nw-mwasm- NetWare Metrowerks Assembler EOF exit(1); } diff --git a/crypto/perlasm/x86mwasm_nw.pl b/crypto/perlasm/x86mwasm_nw.pl new file mode 100644 index 000000000..7a691851c --- /dev/null +++ b/crypto/perlasm/x86mwasm_nw.pl @@ -0,0 +1,363 @@ +#!/usr/local/bin/perl + +# x86 CodeWarrior assembler for NetWare + +# This file is a slightly modified version of x86nasm.pl. The Metrowerks +# compiler for NetWare doesn't prefix symbols with an underscore. +# + +$label="L000"; + +%lb=( 'eax', 'al', + 'ebx', 'bl', + 'ecx', 'cl', + 'edx', 'dl', + 'ax', 'al', + 'bx', 'bl', + 'cx', 'cl', + 'dx', 'dl', + ); + +%hb=( 'eax', 'ah', + 'ebx', 'bh', + 'ecx', 'ch', + 'edx', 'dh', + 'ax', 'ah', + 'bx', 'bh', + 'cx', 'ch', + 'dx', 'dh', + ); + +sub main'asm_init_output +{ + @out=(); + &comment("NetWare: assembly for CodeWarrior assembler (mwasmnlm)"); +} +sub main'asm_get_output { return(@out); } +sub main'get_labels { return(@labels); } + +sub main'external_label +{ + push(@labels,@_); + foreach (@_) { + push(@out, ".extern\t$_\n"); + } +} + +sub main'LB + { + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; + return($lb{$_[0]}); + } + +sub main'HB + { + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; + return($hb{$_[0]}); + } + +sub main'BP + { + &get_mem("BYTE",@_); + } + +sub main'DWP + { + &get_mem("DWORD",@_); + } + +sub main'BC + { + return "@_"; + } + +sub main'DWC + { + return "@_"; + } + +sub main'stack_push + { + my($num)=@_; + $stack+=$num*4; + &main'sub("esp",$num*4); + } + +sub main'stack_pop + { + my($num)=@_; + $stack-=$num*4; + &main'add("esp",$num*4); + } + +sub get_mem + { + my($size,$addr,$reg1,$reg2,$idx)=@_; + my($t,$post); + my($ret)="$size PTR ["; + $addr =~ s/^\s+//; + if ($addr =~ /^(.+)\+(.+)$/) + { + $reg2=&conv($1); + $addr="$2"; + } + elsif ($addr =~ /^[_a-zA-Z]/) + { + $addr="$addr"; + } + + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + if (($addr ne "") && ($addr ne 0)) + { + if ($addr !~ /^-/) + { $ret.="${addr}+"; } + else { $post=$addr; } + } + if ($reg2 ne "") + { + $t=""; + $t="*$idx" if ($idx != 0); + $reg1="+".$reg1 if ("$reg1$post" ne ""); + $ret.="$reg2$t$reg1$post]"; + } + else + { + $ret.="$reg1$post]" + } + $ret =~ s/\+\]/]/; # in case $addr was the only argument + return($ret); + } + +sub main'mov { &out2("mov",@_); } +sub main'movb { &out2("mov",@_); } +sub main'and { &out2("and",@_); } +sub main'or { &out2("or",@_); } +sub main'shl { &out2("shl",@_); } +sub main'shr { &out2("shr",@_); } +sub main'xor { &out2("xor",@_); } +sub main'xorb { &out2("xor",@_); } +sub main'add { &out2("add",@_); } +sub main'adc { &out2("adc",@_); } +sub main'sub { &out2("sub",@_); } +sub main'rotl { &out2("rol",@_); } +sub main'rotr { &out2("ror",@_); } +sub main'exch { &out2("xchg",@_); } +sub main'cmp { &out2("cmp",@_); } +sub main'lea { &out2("lea",@_); } +sub main'mul { &out1("mul",@_); } +sub main'div { &out1("div",@_); } +sub main'dec { &out1("dec",@_); } +sub main'inc { &out1("inc",@_); } +sub main'jmp { &out1("jmp",@_); } +sub main'jmp_ptr { &out1p("jmp",@_); } + +sub main'je { &out1("je ",@_); } +sub main'jle { &out1("jle ",@_); } +sub main'jz { &out1("jz ",@_); } +sub main'jge { &out1("jge ",@_); } +sub main'jl { &out1("jl ",@_); } +sub main'ja { &out1("ja ",@_); } +sub main'jae { &out1("jae ",@_); } +sub main'jb { &out1("jb ",@_); } +sub main'jbe { &out1("jbe ",@_); } +sub main'jc { &out1("jc ",@_); } +sub main'jnc { &out1("jnc ",@_); } +sub main'jnz { &out1("jnz ",@_); } +sub main'jne { &out1("jne ",@_); } +sub main'jno { &out1("jno ",@_); } + +sub main'push { &out1("push",@_); $stack+=4; } +sub main'pop { &out1("pop",@_); $stack-=4; } +sub main'bswap { &out1("bswap",@_); &using486(); } +sub main'not { &out1("not",@_); } +sub main'call { &out1("call",$_[0]); } +sub main'ret { &out0("ret"); } +sub main'nop { &out0("nop"); } + +sub out2 + { + my($name,$p1,$p2)=@_; + my($l,$t); + + push(@out,"\t$name\t"); + $t=&conv($p1).","; + $l=length($t); + push(@out,$t); + $l=4-($l+9)/8; + push(@out,"\t" x $l); + push(@out,&conv($p2)); + push(@out,"\n"); + } + +sub out0 + { + my($name)=@_; + + push(@out,"\t$name\n"); + } + +sub out1 + { + my($name,$p1)=@_; + my($l,$t); + push(@out,"\t$name\t".&conv($p1)."\n"); + } + +sub conv + { + my($p)=@_; + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; + return $p; + } + +sub using486 + { + return if $using486; + $using486++; + grep(s/\.386/\.486/,@out); + } + +sub main'file + { + push(@out, ".section .text\n"); + } + +sub main'function_begin + { + my($func,$extra)=@_; + + push(@labels,$func); + my($tmp)=<<"EOF"; +.global $func +$func: + push ebp + push ebx + push esi + push edi +EOF + push(@out,$tmp); + $stack=20; + } + +sub main'function_begin_B + { + my($func,$extra)=@_; + my($tmp)=<<"EOF"; +.global $func +$func: +EOF + push(@out,$tmp); + $stack=4; + } + +sub main'function_end + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + $stack=0; + %label=(); + } + +sub main'function_end_B + { + $stack=0; + %label=(); + } + +sub main'function_end_A + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + } + +sub main'file_end + { + } + +sub main'wparam + { + my($num)=@_; + + return(&main'DWP($stack+$num*4,"esp","",0)); + } + +sub main'swtmp + { + return(&main'DWP($_[0]*4,"esp","",0)); + } + +# Should use swtmp, which is above esp. Linix can trash the stack above esp +#sub main'wtmp +# { +# my($num)=@_; +# +# return(&main'DWP(-(($num+1)*4),"esp","",0)); +# } + +sub main'comment + { + foreach (@_) + { + push(@out,"\t; $_\n"); + } + } + +sub main'label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + return($label{$_[0]}); + } + +sub main'set_label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + push(@out,"$label{$_[0]}:\n"); + } + +sub main'data_word + { + push(@out,"\t.long\t$_[0]\n"); + } + +sub out1p + { + my($name,$p1)=@_; + my($l,$t); + + push(@out,"\t$name\t ".&conv($p1)."\n"); + } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/perlasm/x86nasm_nw.pl b/crypto/perlasm/x86nasm_nw.pl new file mode 100644 index 000000000..e64766cf0 --- /dev/null +++ b/crypto/perlasm/x86nasm_nw.pl @@ -0,0 +1,364 @@ +#!/usr/local/bin/perl + +# x86 nasm assembler for NetWare + +# This file is a slightly modified version of x86nasm.pl. The Metrowerks +# compiler for NetWare doesn't prefix symbols with an underscore. +# + +$label="L000"; + +%lb=( 'eax', 'al', + 'ebx', 'bl', + 'ecx', 'cl', + 'edx', 'dl', + 'ax', 'al', + 'bx', 'bl', + 'cx', 'cl', + 'dx', 'dl', + ); + +%hb=( 'eax', 'ah', + 'ebx', 'bh', + 'ecx', 'ch', + 'edx', 'dh', + 'ax', 'ah', + 'bx', 'bh', + 'cx', 'ch', + 'dx', 'dh', + ); + +sub main'asm_init_output +{ + @out=(); + &comment("NetWare: assembly for NASM assembler (nasmw)"); +} +sub main'asm_get_output { return(@out); } +sub main'get_labels { return(@labels); } + +sub main'external_label +{ + push(@labels,@_); + foreach (@_) { + push(@out, "extern\t$_\n"); + } +} + +sub main'LB + { + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; + return($lb{$_[0]}); + } + +sub main'HB + { + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; + return($hb{$_[0]}); + } + +sub main'BP + { + &get_mem("BYTE",@_); + } + +sub main'DWP + { + &get_mem("DWORD",@_); + } + +sub main'BC + { + return "BYTE @_"; + } + +sub main'DWC + { + return "DWORD @_"; + } + +sub main'stack_push + { + my($num)=@_; + $stack+=$num*4; + &main'sub("esp",$num*4); + } + +sub main'stack_pop + { + my($num)=@_; + $stack-=$num*4; + &main'add("esp",$num*4); + } + +sub get_mem + { + my($size,$addr,$reg1,$reg2,$idx)=@_; + my($t,$post); + my($ret)="["; + $addr =~ s/^\s+//; + if ($addr =~ /^(.+)\+(.+)$/) + { + $reg2=&conv($1); + $addr="$2"; + } + elsif ($addr =~ /^[_a-zA-Z]/) + { + $addr="$addr"; + } + + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + if (($addr ne "") && ($addr ne 0)) + { + if ($addr !~ /^-/) + { $ret.="${addr}+"; } + else { $post=$addr; } + } + if ($reg2 ne "") + { + $t=""; + $t="*$idx" if ($idx != 0); + $reg1="+".$reg1 if ("$reg1$post" ne ""); + $ret.="$reg2$t$reg1$post]"; + } + else + { + $ret.="$reg1$post]" + } + $ret =~ s/\+\]/]/; # in case $addr was the only argument + return($ret); + } + +sub main'mov { &out2("mov",@_); } +sub main'movb { &out2("mov",@_); } +sub main'and { &out2("and",@_); } +sub main'or { &out2("or",@_); } +sub main'shl { &out2("shl",@_); } +sub main'shr { &out2("shr",@_); } +sub main'xor { &out2("xor",@_); } +sub main'xorb { &out2("xor",@_); } +sub main'add { &out2("add",@_); } +sub main'adc { &out2("adc",@_); } +sub main'sub { &out2("sub",@_); } +sub main'rotl { &out2("rol",@_); } +sub main'rotr { &out2("ror",@_); } +sub main'exch { &out2("xchg",@_); } +sub main'cmp { &out2("cmp",@_); } +sub main'lea { &out2("lea",@_); } +sub main'mul { &out1("mul",@_); } +sub main'div { &out1("div",@_); } +sub main'dec { &out1("dec",@_); } +sub main'inc { &out1("inc",@_); } +sub main'jmp { &out1("jmp",@_); } +sub main'jmp_ptr { &out1p("jmp",@_); } + +# This is a bit of a kludge: declare all branches as NEAR. +sub main'je { &out1("je NEAR",@_); } +sub main'jle { &out1("jle NEAR",@_); } +sub main'jz { &out1("jz NEAR",@_); } +sub main'jge { &out1("jge NEAR",@_); } +sub main'jl { &out1("jl NEAR",@_); } +sub main'ja { &out1("ja NEAR",@_); } +sub main'jae { &out1("jae NEAR",@_); } +sub main'jb { &out1("jb NEAR",@_); } +sub main'jbe { &out1("jbe NEAR",@_); } +sub main'jc { &out1("jc NEAR",@_); } +sub main'jnc { &out1("jnc NEAR",@_); } +sub main'jnz { &out1("jnz NEAR",@_); } +sub main'jne { &out1("jne NEAR",@_); } +sub main'jno { &out1("jno NEAR",@_); } + +sub main'push { &out1("push",@_); $stack+=4; } +sub main'pop { &out1("pop",@_); $stack-=4; } +sub main'bswap { &out1("bswap",@_); &using486(); } +sub main'not { &out1("not",@_); } +sub main'call { &out1("call",$_[0]); } +sub main'ret { &out0("ret"); } +sub main'nop { &out0("nop"); } + +sub out2 + { + my($name,$p1,$p2)=@_; + my($l,$t); + + push(@out,"\t$name\t"); + $t=&conv($p1).","; + $l=length($t); + push(@out,$t); + $l=4-($l+9)/8; + push(@out,"\t" x $l); + push(@out,&conv($p2)); + push(@out,"\n"); + } + +sub out0 + { + my($name)=@_; + + push(@out,"\t$name\n"); + } + +sub out1 + { + my($name,$p1)=@_; + my($l,$t); + push(@out,"\t$name\t".&conv($p1)."\n"); + } + +sub conv + { + my($p)=@_; + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; + return $p; + } + +sub using486 + { + return if $using486; + $using486++; + grep(s/\.386/\.486/,@out); + } + +sub main'file + { + push(@out, "segment .text\n"); + } + +sub main'function_begin + { + my($func,$extra)=@_; + + push(@labels,$func); + my($tmp)=<<"EOF"; +global $func +$func: + push ebp + push ebx + push esi + push edi +EOF + push(@out,$tmp); + $stack=20; + } + +sub main'function_begin_B + { + my($func,$extra)=@_; + my($tmp)=<<"EOF"; +global $func +$func: +EOF + push(@out,$tmp); + $stack=4; + } + +sub main'function_end + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + $stack=0; + %label=(); + } + +sub main'function_end_B + { + $stack=0; + %label=(); + } + +sub main'function_end_A + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + } + +sub main'file_end + { + } + +sub main'wparam + { + my($num)=@_; + + return(&main'DWP($stack+$num*4,"esp","",0)); + } + +sub main'swtmp + { + return(&main'DWP($_[0]*4,"esp","",0)); + } + +# Should use swtmp, which is above esp. Linix can trash the stack above esp +#sub main'wtmp +# { +# my($num)=@_; +# +# return(&main'DWP(-(($num+1)*4),"esp","",0)); +# } + +sub main'comment + { + foreach (@_) + { + push(@out,"\t; $_\n"); + } + } + +sub main'label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="\$${label}${_[0]}"; + $label++; + } + return($label{$_[0]}); + } + +sub main'set_label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + push(@out,"$label{$_[0]}:\n"); + } + +sub main'data_word + { + push(@out,"\tDD\t$_[0]\n"); + } + +sub out1p + { + my($name,$p1)=@_; + my($l,$t); + + push(@out,"\t$name\t ".&conv($p1)."\n"); + } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 3065234e2..0f7899c26 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -24,9 +24,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_os2.c + rand_win.c rand_unix.c rand_os2.c rand_nw.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ - rand_win.o rand_unix.o rand_os2.o + rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 1f168221e..8e1efc15a 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c new file mode 100644 index 000000000..0ff884783 --- /dev/null +++ b/crypto/rand/rand_nw.c @@ -0,0 +1,171 @@ +/* crypto/rand/rand_win.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include "rand_lcl.h" + +#if defined (OPENSSL_SYS_NETWARE) + +#if defined(NETWARE_LIBC) +#include +#endif + +extern long RunningProcess; + + /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed + */ +int RAND_poll(void) +{ + unsigned long l; + unsigned long tsc; + int i; + + /* There are several options to gather miscellaneous data + * but for now we will loop checking the time stamp counter (rdtsc) and + * the SuperHighResolutionTimer. Each iteration will collect 8 bytes + * of data but it is treated as only 1 byte of entropy. The call to + * ThreadSwitchWithDelay() will introduce additional variability into + * the data returned by rdtsc. + * + * Applications can agument the seed material by adding additional + * stuff with RAND_add() and should probably do so. + */ + l = GetProcessSwitchCount(); + RAND_add(&l,sizeof(l),1); + + l=RunningProcess; + RAND_add(&l,sizeof(l),1); + + for( i=2; i #define USE_SOCKETS #include "e_os.h" @@ -115,7 +116,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) #include #include diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c index 701932e6e..ef057c2c3 100644 --- a/crypto/rand/randtest.c +++ b/crypto/rand/randtest.c @@ -211,6 +211,9 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/rc2/rc2speed.c b/crypto/rc2/rc2speed.c index 47d34b444..b16e6e2ed 100644 --- a/crypto/rc2/rc2speed.c +++ b/crypto/rc2/rc2speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index b67bafb49..0e117436b 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -205,6 +205,9 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/rc4/rc4speed.c b/crypto/rc4/rc4speed.c index ced98c52d..0ebd38123 100644 --- a/crypto/rc4/rc4speed.c +++ b/crypto/rc4/rc4speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c index b9d8f2097..18154025e 100644 --- a/crypto/rc4/rc4test.c +++ b/crypto/rc4/rc4test.c @@ -197,6 +197,9 @@ int main(int argc, char *argv[]) } } printf("done\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/rc5/rc5speed.c b/crypto/rc5/rc5speed.c index 7d490d5b7..8e363be53 100644 --- a/crypto/rc5/rc5speed.c +++ b/crypto/rc5/rc5speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 924e9ad1f..236842a63 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -312,6 +312,9 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif return err; } #endif diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 4f2e4ada2..cddd598f2 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); EVP_MD_CTX_cleanup(&c); return(0); diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index 5d2b1d3b1..0e026c124 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -157,7 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - EVP_MD_CTX_cleanup(&c); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 54d598565..d0e088218 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -77,6 +77,12 @@ #ifdef PTHREADS #include #endif +#ifdef OPENSSL_SYS_NETWARE +#if !defined __int64 +# define __int64 long long +#endif +#include +#endif #include #include #include @@ -86,8 +92,18 @@ #include #include +#ifdef OPENSSL_NO_FP_API +#define APPS_WIN16 +#include "../buffer/bss_file.c" +#endif + +#ifdef OPENSSL_SYS_NETWARE +#define TEST_SERVER_CERT "/openssl/apps/server.pem" +#define TEST_CLIENT_CERT "/openssl/apps/client.pem" +#else #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" +#endif #define MAX_THREAD_NUMBER 100 @@ -100,10 +116,18 @@ void irix_locking_callback(int mode,int type,char *file,int line); void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); +void netware_locking_callback(int mode,int type,char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); +unsigned long netware_thread_id(void ); + +#if defined(OPENSSL_SYS_NETWARE) +static MPKMutex *lock_cs; +static MPKSema ThreadSem; +static long *lock_count; +#endif BIO *bio_err=NULL; BIO *bio_stdout=NULL; @@ -383,6 +407,9 @@ int ndoit(SSL_CTX *ssl_ctx[2]) SSL_free((SSL *)ctx[2]); SSL_free((SSL *)ctx[3]); } +# ifdef OPENSSL_SYS_NETWARE + MPKSemaphoreSignal(ThreadSem); +# endif return(0); } @@ -626,6 +653,9 @@ int doit(char *ctx[4]) } if ((done & S_DONE) && (done & C_DONE)) break; +# if defined(OPENSSL_SYS_NETWARE) + ThreadSwitchWithDelay(); +# endif } SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); @@ -1093,3 +1123,88 @@ unsigned long pthreads_thread_id(void) +#ifdef OPENSSL_SYS_NETWARE + +void thread_setup(void) +{ + int i; + + lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex)); + lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; ireferences,c_ctx->references); +} + +unsigned long netware_thread_id(void) +{ + unsigned long ret; + + ret=(unsigned long)GetThreadID(); + return(ret); +} +#endif /* NETWARE */ diff --git a/crypto/threads/netware.bat b/crypto/threads/netware.bat new file mode 100644 index 000000000..0b3eca3ca --- /dev/null +++ b/crypto/threads/netware.bat @@ -0,0 +1,79 @@ +@echo off +rem batch file to build multi-thread test ( mttest.nlm ) + +rem command line arguments: +rem debug => build using debug settings + +rem +rem After building, copy mttest.nlm to the server and run it, you'll probably +rem want to redirect stdout and stderr. An example command line would be +rem "mttest.nlm -thread 20 -loops 10 -CAfile \openssl\apps\server.pem >mttest.out 2>mttest.err" +rem + +del mttest.nlm + +set BLD_DEBUG= +set CFLAGS= +set LFLAGS= +set LIBS= + +if "%1" == "DEBUG" set BLD_DEBUG=YES +if "%1" == "debug" set BLD_DEBUG=YES + +if "%MWCIncludes%" == "" goto inc_error +if "%PRELUDE%" == "" goto prelude_error +if "%IMPORTS%" == "" goto imports_error + +set CFLAGS=-c -I..\..\outinc_nw -nosyspath -DOPENSSL_SYS_NETWARE -opt off -g -sym internal -maxerrors 20 + +if "%BLD_DEBUG%" == "YES" set LIBS=..\..\out_nw.dbg\ssl.lib ..\..\out_nw.dbg\crypto.lib +if "%BLD_DEBUG%" == "" set LIBS=..\..\out_nw\ssl.lib ..\..\out_nw\crypto.lib + +set LFLAGS=-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal + +rem generate command file for metrowerks +echo. +echo Generating Metrowerks command file: mttest.def +echo # dynamically generated command file for metrowerks build > mttest.def +echo IMPORT @%IMPORTS%\clib.imp >> mttest.def +echo IMPORT @%IMPORTS%\threads.imp >> mttest.def +echo IMPORT @%IMPORTS%\ws2nlm.imp >> mttest.def +echo IMPORT GetProcessSwitchCount >> mttest.def +echo MODULE clib >> mttest.def + +rem compile +echo. +echo Compiling mttest.c +mwccnlm.exe mttest.c %CFLAGS% +if errorlevel 1 goto end + +rem link +echo. +echo Linking mttest.nlm +mwldnlm.exe %LFLAGS% -screenname mttest -commandfile mttest.def mttest.o "%PRELUDE%" %LIBS% -o mttest.nlm +if errorlevel 1 goto end + +goto end + +:inc_error +echo. +echo Environment variable MWCIncludes is not set - see install.nw +goto end + +:prelude_error +echo. +echo Environment variable PRELUDE is not set - see install.nw +goto end + +:imports_error +echo. +echo Environment variable IMPORTS is not set - see install.nw +goto end + + +:end +set BLD_DEBUG= +set CFLAGS= +set LFLAGS= +set LIBS= + diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c index cbec38e17..1c6e052ac 100644 --- a/crypto/tmdiff.c +++ b/crypto/tmdiff.c @@ -72,7 +72,11 @@ # define TIMES #endif -#ifndef _IRIX +#ifdef OPENSSL_SYS_NETWARE +#undef TIMES +#endif + +#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE) # include #endif #ifdef TIMES @@ -94,7 +98,7 @@ #include #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include #endif @@ -129,6 +133,8 @@ struct ms_tm # ifdef OPENSSL_SYS_WIN32 HANDLE thread_id; FILETIME ms_win32; +# elif defined (OPENSSL_SYS_NETWARE) + clock_t ms_clock; # else # ifdef OPENSSL_SYS_VXWORKS unsigned long ticks; @@ -170,6 +176,8 @@ void ms_time_get(MS_TM *tm) #else # ifdef OPENSSL_SYS_WIN32 GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); +# elif defined (OPENSSL_SYS_NETWARE) + tm->ms_clock = clock(); # else # ifdef OPENSSL_SYS_VXWORKS tm->ticks = tickGet(); @@ -203,6 +211,8 @@ double ms_time_diff(MS_TM *a, MS_TM *b) lb+=b->ms_win32.dwLowDateTime; ret=((double)(lb-la))/1e7; } +# elif defined (OPENSSL_SYS_NETWARE) + ret= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); @@ -228,6 +238,8 @@ int ms_time_cmp(const MS_TM *a, const MS_TM *b) # ifdef OPENSSL_SYS_WIN32 d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; +# elif defined (OPENSSL_SYS_NETWARE) + d= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS d = (b->ticks - a->ticks); diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index ce1cb1dfc..fad17024a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -202,6 +202,12 @@ #undef SGTTY #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TERMIOS +#undef TERMIO +#undef SGTTY +#endif + #ifdef TERMIOS # include # define TTY_STRUCT struct termios @@ -250,7 +256,7 @@ struct IOSB { typedef int sig_atomic_t; #endif -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE) /* * This one needs work. As a matter of fact the code is unoperational * and this is only a trick to get it compiled. @@ -463,7 +469,7 @@ static int open_console(UI *ui) CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) tty_in=stdin; tty_out=stderr; #else diff --git a/crypto/uid.c b/crypto/uid.c index 73205a4ba..b1fd52bad 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int OPENSSL_issetugid(void) { diff --git a/e_os.h b/e_os.h index 6b75bbe15..aae3c79b8 100644 --- a/e_os.h +++ b/e_os.h @@ -321,6 +321,26 @@ extern "C" { __VMS_EXIT |= 0x10000000; \ exit(__VMS_EXIT); } while(0) # define NO_SYS_PARAM_H + +# elif defined(OPENSSL_SYS_NETWARE) +# include +# include +# define NO_SYS_TYPES_H +# undef DEVRANDOM +# ifdef NETWARE_CLIB +# define getpid GetThreadID +# endif +# define NO_SYSLOG +# define _setmode setmode +# define _kbhit kbhit +# define _O_TEXT O_TEXT +# define _O_BINARY O_BINARY +# define OPENSSL_CONF "openssl.cnf" +# define SSLEAY_CONF OPENSSL_CONF +# define RFILE ".rnd" +# define LIST_SEPARATOR_CHAR ';' +# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } + # else /* !defined VMS */ # ifdef OPENSSL_SYS_MPE @@ -393,6 +413,19 @@ extern HINSTANCE _hInstance; # define SHUTDOWN(fd) MacSocket_close(fd) # define SHUTDOWN2(fd) MacSocket_close(fd) +# elif defined(OPENSSL_SYS_NETWARE) + /* NetWare uses the WinSock2 interfaces + */ +# if defined(NETWARE_CLIB) +# include +# elif defined(NETWARE_LIBC) +# include +# endif +# define SSLeay_Write(a,b,c) send((a),(b),(c),0) +# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) +# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } +# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } + # else # ifndef NO_SYS_PARAM_H @@ -521,6 +554,9 @@ extern char *sys_errlist[]; extern int sys_nerr; #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) # define strcasecmp stricmp # define strncasecmp strnicmp +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +# define strcasecmp stricmp +# define strncasecmp strnicmp #else # ifdef NO_STRINGS_H int strcasecmp(); diff --git a/e_os2.h b/e_os2.h index 4fd6c62ac..ecfc6c5d4 100644 --- a/e_os2.h +++ b/e_os2.h @@ -76,6 +76,12 @@ extern "C" { # define OPENSSL_SYS_MACINTOSH_CLASSIC #endif +/* ----------------------- NetWare ----------------------------------------- */ +#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_NETWARE +#endif + /* ---------------------- Microsoft operating systems ---------------------- */ /* The 16 bit environments are pretty straightforward */ diff --git a/engines/e_aep.c b/engines/e_aep.c index 8e10bb776..5083c80ef 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -852,7 +852,11 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +#ifndef NETWARE_CLIB curr_pid = getpid(); +#else + curr_pid = GetThreadID(); +#endif /*Check if this is the first time this is being called from the current process*/ diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 5aadfa51d..68eb65457 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -157,6 +157,9 @@ #elif defined(OPENSSL_SYS_WINCE) # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" +#elif defined(OPENSSL_SYS_NETWARE) +# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" +# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" #else # define TEST_SERVER_CERT "../apps/server.pem" # define TEST_CLIENT_CERT "../apps/client.pem" diff --git a/util/mk1mf.pl b/util/mk1mf.pl index d85a20a60..4d370720a 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -39,6 +39,8 @@ $infile="MINFO"; "ultrix-mips","DEC mips ultrix", "FreeBSD","FreeBSD distribution", "OS2-EMX", "EMX GCC OS/2", + "netware-clib", "CodeWarrior for NetWare - CLib", + "netware-libc", "CodeWarrior for NetWare - LibC", "default","cc under unix", ); @@ -69,6 +71,8 @@ and [options] can be one of no-engine - No engine no-hw - No hw nasm - Use NASM for x86 asm + nw-nasm - Use NASM x86 asm for NetWare + nw-mwasm - Use Metrowerks x86 asm for NetWare gaswin - Use GNU as with Mingw32 no-socks - No socket code no-err - No error strings @@ -198,6 +202,11 @@ elsif ($platform eq "OS2-EMX") $wc=1; require 'OS2-EMX.pl'; } +elsif (($platform eq "netware-clib") || ($platform eq "netware-libc")) + { + $LIBC=1 if $platform eq "netware-libc"; + require 'netware.pl'; + } else { require "unix.pl"; @@ -928,6 +937,8 @@ sub read_options elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-asm$/) { $no_asm=1; } elsif (/^nasm$/) { $nasm=1; } + elsif (/^nw-nasm$/) { $nw_nasm=1; } + elsif (/^nw-mwasm$/) { $nw_mwasm=1; } elsif (/^gaswin$/) { $gaswin=1; } elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-ssl3$/) { $no_ssl3=1; } diff --git a/util/pl/netware.pl b/util/pl/netware.pl new file mode 100644 index 000000000..233612a91 --- /dev/null +++ b/util/pl/netware.pl @@ -0,0 +1,327 @@ +# Metrowerks Codewarrior for NetWare +# + +# The import files and other misc imports needed to link +if ($LIBC) +{ + @import_files = ("libc.imp", "ws2nlm.imp"); + @module_files = ("libc"); +} +else +{ + # clib build + @import_files = ("clib.imp", "ws2nlm.imp"); + @module_files = ("clib"); +} +@misc_imports = ("GetProcessSwitchCount", "RunningProcess", + "GetSuperHighResolutionTimer" ); + +# The "IMPORTS" environment variable must be set and point to the location +# where import files (*.imp) can be found. +# Example: set IMPORTS=c:\ndk\nwsdk\imports +$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n"); + + +# The "PRELUDE" environment variable must be set and point to the location +# and name of the prelude source to link with ( nwpre.obj is recommended ). +# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj +$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n"); + +#$ssl= "ssleay32"; +#$crypto="libeay32"; + +$o='\\\\'; +$cp='copy >nul:'; +$rm='del'; + +# C compiler +$cc="mwccnlm"; + +# Linker +$link="mwldnlm"; + +# librarian +$mklib="mwldnlm"; + +# assembler +if ($nw_nasm) +{ + $asm="nasmw -s -f coff"; + $afile="-o "; + $asm.=" -g" if $debug; +} +elsif ($nw_mwasm) +{ + $asm="mwasmnlm -maxerrors 20"; + $afile="-o "; + $asm.=" -g" if $debug; +} +elsif ($nw_masm) +{ +# masm assembly settings - it should be possible to use masm but haven't +# got it working. +# $asm='ml /Cp /coff /c /Cx'; +# $asm.=" /Zi" if $debug; +# $afile='/Fo'; + die("Support for masm assembler not yet functional\n"); +} +else +{ + $asm=""; + $afile=""; +} + + + +# compile flags +# +# NOTES: Several c files in the crypto subdirectory include headers from +# their local directories. Metrowerks wouldn't find these h files +# without adding individual include directives as compile flags +# or modifying the c files. Instead of adding individual include +# paths for each subdirectory a recursive include directive +# is used ( -ir crypto ). +# +# Turned off the "possible" warnings ( -w nopossible ). Metrowerks +# complained a lot about various stuff. May want to turn back +# on for further development. +$cflags="-ir crypto -msgstyle gcc -align 4 -processor pentium \\ + -char unsigned -w on -w nolargeargs -w nopossible -w nounusedarg \\ + -w noimplicitconv -relax_pointers -nosyspath -DL_ENDIAN \\ + -DOPENSSL_SYSNAME_NETWARE -U_WIN32 -maxerrors 20 "; + +# link flags +$lflags="-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal "; + + +# additional flags based upon debug | non-debug +if ($debug) +{ + $cflags.=" -opt off -g -sym internal -DDEBUG"; +} +else +{ +# CodeWarrior compiler has a problem with optimizations for floating +# points - no optimizations until further investigation +# $cflags.=" -opt all"; +} + +# If LibC build add in NKS_LIBC define and set the entry/exit +# routines - The default entry/exit routines are for CLib and don't exist +# in LibC +if ($LIBC) +{ + $cflags.=" -DNETWARE_LIBC"; + $lflags.=" -entry _LibCPrelude -exit _LibCPostlude -flags pseudopreemption"; +} +else +{ + $cflags.=" -DNETWARE_CLIB"; + $lflags.=" -entry _Prelude -exit _Stop"; +} + + +# linking stuff +# for the output directories use the mk1mf.pl values with "_nw" appended +if ($shlib) +{ + if ($LIBC) + { + $out_def.="_nw_libc_nlm"; + $tmp_def.="_nw_libc_nlm"; + $inc_def.="_nw_libc_nlm"; + } + else # NETWARE_CLIB + { + $out_def.="_nw_clib_nlm"; + $tmp_def.="_nw_clib_nlm"; + $inc_def.="_nw_clib_nlm"; + } +} +else +{ + $libp=".lib"; + $shlibp=".lib"; + $lib_flags="-nodefaults -type library"; + if ($LIBC) + { + $out_def.="_nw_libc"; + $tmp_def.="_nw_libc"; + $inc_def.="_nw_libc"; + } + else # NETWARE_CLIB + { + $out_def.="_nw_clib"; + $tmp_def.="_nw_clib"; + $inc_def.="_nw_clib"; + } +} + +# used by mk1mf.pl +$obj='.obj'; +$ofile='-o '; +$efile=''; +$exep='.nlm'; +$ex_libs=''; + +if (!$no_asm) +{ + $bn_asm_obj="crypto${o}bn${o}asm${o}bn-nw.obj"; + $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm"; + $des_enc_obj="crypto${o}des${o}asm${o}d-nw.obj crypto${o}des${o}asm${o}y-nw.obj"; + $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm"; + $bf_enc_obj="crypto${o}bf${o}asm${o}b-nw.obj"; + $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm"; + $cast_enc_obj="crypto${o}cast${o}asm${o}c-nw.obj"; + $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm"; + $rc4_enc_obj="crypto${o}rc4${o}asm${o}r4-nw.obj"; + $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm"; + $rc5_enc_obj="crypto${o}rc5${o}asm${o}r5-nw.obj"; + $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm"; + $md5_asm_obj="crypto${o}md5${o}asm${o}m5-nw.obj"; + $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm"; + $sha1_asm_obj="crypto${o}sha${o}asm${o}s1-nw.obj"; + $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm"; + $rmd160_asm_obj="crypto${o}ripemd${o}asm${o}rm-nw.obj"; + $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; +} +else +{ + $bn_asm_obj=''; + $bn_asm_src=''; + $des_enc_obj=''; + $des_enc_src=''; + $bf_enc_obj=''; + $bf_enc_src=''; + $cast_enc_obj=''; + $cast_enc_src=''; + $rc4_enc_obj=''; + $rc4_enc_src=''; + $rc5_enc_obj=''; + $rc5_enc_src=''; + $md5_asm_obj=''; + $md5_asm_src=''; + $sha1_asm_obj=''; + $sha1_asm_src=''; + $rmd160_asm_obj=''; + $rmd160_asm_src=''; +} + +# create the *.def linker command files in \openssl\netware\ directory +sub do_def_file +{ + # strip off the leading path + my($target) = bname(@_); + my($def_file); + my($mod_file); + my($i); + + if ($target =~ /(.*).nlm/) + { + $target = $1; + } + + # special case for openssl - the mk1mf.pl defines E_EXE = openssl + if ($target =~ /E_EXE/) + { + $target = "openssl"; + } + + # Note: originally tried to use full path ( \openssl\netware\$target.def ) + # Metrowerks linker choked on this with an assertion failure. bug??? + # + $def_file = "netware\\$target.def"; + + open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n"); + + print( DEF_OUT "# command file generated by netware.pl for Metrowerks build\n" ); + print( DEF_OUT "#\n"); + print( DEF_OUT "DESCRIPTION \"$target\"\n"); + + foreach $i (@misc_imports) + { + print( DEF_OUT "IMPORT $i\n"); + } + + foreach $i (@import_files) + { + print( DEF_OUT "IMPORT \@$import_path\\$i\n"); + } + + foreach $i (@module_files) + { + print( DEF_OUT "MODULE $i\n"); + } + + close(DEF_OUT); + return($def_file); +} + +sub do_lib_rule +{ + my($objs,$target,$name,$shlib)=@_; + my($ret); + + $ret.="$target: $objs\n"; + if (!$shlib) + { + $ret.="\t\@echo Building Lib: $name\n"; + $ret.="\t\$(MKLIB) $lib_flags -o $target $objs\n"; + $ret.="\t\@echo .\n" + } + else + { + die( "Building as NLM not currently supported!" ); + } + + $ret.="\n"; + return($ret); +} + +sub do_link_rule +{ + my($target,$files,$dep_libs,$libs)=@_; + my($ret); + my($def_file); + + $def_file = do_def_file($target); + + # special case for openssl - the mk1mf.pl defines E_EXE = openssl + + # NOTE: When building the test nlms no screen name is given + # which causes the console screen to be used. By using the console + # screen there is no "" message which + # requires user interaction. The test script ( tests.pl ) needs to be + # able to run the tests without requiring user interaction. + # + # However, the sample program "openssl.nlm" is used by the tests and is + # a interactive sample so a screen is desired when not be run by the + # tests. To solve the problem, two versions of the program are built: + # openssl2 - no screen used by tests + # openssl - default screen - use for normal interactive modes + # + if ($target =~ /E_EXE/) + { + my($target2) = $target; + + $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/; + + $ret.="$target: $files $dep_libs\n"; + + # openssl + $ret.="\t\$(LINK) \$(LFLAGS) -screenname openssl -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; + # openssl2 + $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target2\n"; + } + else + { + $ret.="$target: $files $dep_libs\n"; + $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; + } + + $ret.="\n"; + return($ret); +} + +1; From 7ce9e425bcf51c8a83e66afe3249381ed9391560 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:04:09 +0000 Subject: [PATCH 107/112] Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell Reviewed by: Richard Levitte (there will be some follow-up changes) --- apps/apps.h | 2 +- apps/ca.c | 52 +++++++++++++++++++++++++++++++++++----------------- apps/req.c | 25 +++++++++++++++---------- 3 files changed, 51 insertions(+), 28 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 107001057..257324ea3 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -316,7 +316,7 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); -X509_NAME *do_subject(char *str, long chtype); +X509_NAME *do_subject(char *str, long chtype, int multirdn); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/apps/ca.c b/apps/ca.c index 19d51477a..bd228afef 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -173,6 +173,7 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -subj arg - Use arg instead of request's subject\n", +" -multivalue-rdn - enable support for multivalued RDNs\n", " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", @@ -193,27 +194,27 @@ extern int EF_ALIGNMENT; static void lookup_fail(char *name,char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -272,6 +273,7 @@ int MAIN(int argc, char **argv) char *extensions=NULL; char *extfile=NULL; char *subj=NULL; + int multirdn = 0; char *tmp_email_dn=NULL; char *crl_ext=NULL; int rev_type = REV_NONE; @@ -351,6 +353,8 @@ EF_ALIGNMENT=0; subj= *(++argv); /* preserve=1; */ } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-startdate") == 0) { if (--argc < 1) goto bad; @@ -1134,7 +1138,7 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,extensions, + serial,subj,multirdn,email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) @@ -1158,7 +1162,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,subj,email_dn,startdate,enddate,days,batch, + db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); if (j < 0) goto err; @@ -1178,7 +1182,7 @@ bad: { total++; j=certify(&x,infile,pkey,x509p,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1198,7 +1202,7 @@ bad: { total++; j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1517,7 +1521,7 @@ static void lookup_fail(char *name, char *tag) static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) @@ -1573,7 +1577,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); @@ -1585,7 +1589,7 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) @@ -1627,7 +1631,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); @@ -1639,6 +1643,7 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1671,7 +1676,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC); + X509_NAME *n = do_subject(subj, MBSTRING_ASC, multirdn); if (!n) { @@ -2208,7 +2213,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2349,7 +2354,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: @@ -2842,13 +2847,14 @@ int make_revoked(X509_REVOKED *rev, char *str) * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -X509_NAME *do_subject(char *subject, long chtype) +X509_NAME *do_subject(char *subject, long chtype, int multirdn) { size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ char *buf = OPENSSL_malloc(buflen); size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); char *sp = subject, *bp = buf; int i, ne_num = 0; @@ -2869,6 +2875,9 @@ X509_NAME *do_subject(char *subject, long chtype) } sp++; /* skip leading / */ + /* no multivalued RDN by default */ + mval[ne_num] = 0; + while (*sp) { /* collect type */ @@ -2915,6 +2924,15 @@ X509_NAME *do_subject(char *subject, long chtype) else if (*sp == '/') { sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; break; } else @@ -2941,7 +2959,7 @@ X509_NAME *do_subject(char *subject, long chtype) continue; } - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) goto error; } diff --git a/apps/req.c b/apps/req.c index 79217c908..ecc46556b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -119,9 +119,10 @@ * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, - unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, + int attribs,unsigned long chtype); +static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, + int multirdn); static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, @@ -185,6 +186,7 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *p; char *subj = NULL; + int multirdn = 0; const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH @@ -440,6 +442,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; subj= *(++argv); } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -511,6 +515,7 @@ bad: BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -subj arg set or modify request subject\n"); + BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -batch do not ask anything during request generation\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); @@ -887,7 +892,7 @@ loop: goto end; } - i=make_REQ(req,pkey,subj,!x509, chtype); + i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); subj=NULL; /* done processing '-subj' option */ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { @@ -980,7 +985,7 @@ loop: print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); } - if (build_subject(req, subj, chtype) == 0) + if (build_subject(req, subj, chtype, multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); ex=1; @@ -1171,8 +1176,8 @@ end: OPENSSL_EXIT(ex); } -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, - unsigned long chtype) +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, + int attribs, unsigned long chtype) { int ret=0,i; char no_prompt = 0; @@ -1222,7 +1227,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, else { if (subj) - i = build_subject(req, subj, chtype); + i = build_subject(req, subj, chtype, multirdn); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); } @@ -1239,11 +1244,11 @@ err: * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) +static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) { X509_NAME *n; - if (!(n = do_subject(subject, chtype))) + if (!(n = do_subject(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) From 6d5ffb591ba0baa98be27df8acabf2018473dd3d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:07:14 +0000 Subject: [PATCH 108/112] Move do_subject() to apps.c and rename it to parse_name(). The rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better. --- apps/apps.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++ apps/ca.c | 138 +--------------------------------------------------- apps/req.c | 2 +- 3 files changed, 139 insertions(+), 138 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 0014cb536..8e3f5cdac 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1961,3 +1961,140 @@ void free_index(CA_DB *db) OPENSSL_free(db); } } + +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +X509_NAME *parse_name(char *subject, long chtype, int multirdn) + { + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); + + char *sp = subject, *bp = buf; + int i, ne_num = 0; + + X509_NAME *n = NULL; + int nid; + + if (!buf || !ne_types || !ne_values) + { + BIO_printf(bio_err, "malloc error\n"); + goto error; + } + + if (*subject != '/') + { + BIO_printf(bio_err, "Subject does not start with '/'.\n"); + goto error; + } + sp++; /* skip leading / */ + + /* no multivalued RDN by default */ + mval[ne_num] = 0; + + while (*sp) + { + /* collect type */ + ne_types[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') /* is there anything to escape in the type...? */ + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '=') + { + sp++; + *bp++ = '\0'; + break; + } + else + *bp++ = *sp++; + } + if (!*sp) + { + BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); + goto error; + } + ne_values[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '/') + { + sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; + break; + } + else + *bp++ = *sp++; + } + *bp++ = '\0'; + ne_num++; + } + + if (!(n = X509_NAME_new())) + goto error; + + for (i = 0; i < ne_num; i++) + { + if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) + { + BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); + continue; + } + + if (!*ne_values[i]) + { + BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); + continue; + } + + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) + goto error; + } + + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); + return n; + +error: + X509_NAME_free(n); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); + return NULL; +} + diff --git a/apps/ca.c b/apps/ca.c index bd228afef..7d10d825b 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1676,7 +1676,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC, multirdn); + X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn); if (!n) { @@ -2843,142 +2843,6 @@ int make_revoked(X509_REVOKED *rev, char *str) return ret; } -/* - * subject is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ - */ -X509_NAME *do_subject(char *subject, long chtype, int multirdn) - { - size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = OPENSSL_malloc(buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); - char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); - int *mval = OPENSSL_malloc (max_ne * sizeof (int)); - - char *sp = subject, *bp = buf; - int i, ne_num = 0; - - X509_NAME *n = NULL; - int nid; - - if (!buf || !ne_types || !ne_values) - { - BIO_printf(bio_err, "malloc error\n"); - goto error; - } - - if (*subject != '/') - { - BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error; - } - sp++; /* skip leading / */ - - /* no multivalued RDN by default */ - mval[ne_num] = 0; - - while (*sp) - { - /* collect type */ - ne_types[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') /* is there anything to escape in the type...? */ - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '=') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - if (!*sp) - { - BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error; - } - ne_values[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '/') - { - sp++; - /* no multivalued RDN by default */ - mval[ne_num+1] = 0; - break; - } - else if (*sp == '+' && multirdn) - { - /* a not escaped + signals a mutlivalued RDN */ - sp++; - mval[ne_num+1] = -1; - break; - } - else - *bp++ = *sp++; - } - *bp++ = '\0'; - ne_num++; - } - - if (!(n = X509_NAME_new())) - goto error; - - for (i = 0; i < ne_num; i++) - { - if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) - { - BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); - continue; - } - - if (!*ne_values[i]) - { - BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) - goto error; - } - - OPENSSL_free(ne_values); - OPENSSL_free(ne_types); - OPENSSL_free(buf); - return n; - -error: - X509_NAME_free(n); - if (ne_values) - OPENSSL_free(ne_values); - if (ne_types) - OPENSSL_free(ne_types); - if (buf) - OPENSSL_free(buf); - return NULL; -} - int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25],*pbuf, *p; diff --git a/apps/req.c b/apps/req.c index ecc46556b..c5becc9d4 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1248,7 +1248,7 @@ static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int { X509_NAME *n; - if (!(n = do_subject(subject, chtype, multirdn))) + if (!(n = parse_name(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) From d45a09847239c15f77c9b8b3398c802434b59b4e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:18:05 +0000 Subject: [PATCH 109/112] Forgot to change the declaration of do_subject() to one of parse_name()... --- apps/apps.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.h b/apps/apps.h index 257324ea3..2b49770df 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -316,7 +316,7 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); -X509_NAME *do_subject(char *str, long chtype, int multirdn); +X509_NAME *parse_name(char *str, long chtype, int multirdn); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 From 5ebdb390849f832428e00c0b811beec907a56c10 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:32:31 +0000 Subject: [PATCH 110/112] Let's use text/plain in the example instead of crapy HTML. PR: 777 Submitted by: Michael Shields --- doc/crypto/BIO_f_ssl.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index a56ee2b92..f0b731731 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -287,8 +287,8 @@ a client and also echoes the request to standard output. return 0; } - BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"); - BIO_puts(sbio, "
\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "
\r\n"); + BIO_puts(sbio, "\r\n"); /* Since there is a buffering BIO present we had better flush it */ BIO_flush(sbio); From 03ddbdd9b99ea60d0967b831ffc1fe93ae7f9792 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:45:09 +0000 Subject: [PATCH 111/112] Move another common functionality (reproduced so far with cut'n'paste) to apps.c, and give it the hopefully descriptive name parse_yesno(). --- apps/apps.c | 46 ++++++++++++++++++++++++++++++---------------- apps/apps.h | 1 + apps/ca.c | 20 +++----------------- 3 files changed, 34 insertions(+), 33 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 8e3f5cdac..6e72f1183 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1707,22 +1707,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - retdb->attributes.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - retdb->attributes.unique_subject = 1; - break; - } + retdb->attributes.unique_subject = parse_yesno(p,1); } } @@ -1962,6 +1947,35 @@ void free_index(CA_DB *db) } } +int parse_yesno(char *str, int def) + { + int ret = def; + if (str) + { + switch (*str) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ + ret = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ + ret = 0; + break; + default: + ret = def; + break; + } + } + return ret; + } + /* * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ diff --git a/apps/apps.h b/apps/apps.h index 2b49770df..7edafa424 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -315,6 +315,7 @@ int save_index(char *dbfile, char *suffix, CA_DB *db); int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); +int parse_yesno(char *str, int def); X509_NAME *parse_name(char *str, long chtype, int multirdn); diff --git a/apps/ca.c b/apps/ca.c index 7d10d825b..0b3381117 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -131,6 +131,7 @@ #define ENV_NAMEOPT "name_opt" #define ENV_CERTOPT "cert_opt" #define ENV_EXTCOPY "copy_extensions" +#define ENV_UNIQUE_SUBJECT "unique_subject" #define ENV_DATABASE "database" @@ -638,28 +639,13 @@ bad: app_RAND_load_file(randfile, bio_err, 0); db_attr.unique_subject = 1; - p = NCONF_get_string(conf, section, "unique_subject"); + p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) { #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - db_attr.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - db_attr.unique_subject = 1; - break; - } + db_attr.unique_subject = parse_yesno(p,1); } #ifdef RL_DEBUG else From 0b352c58db9f8d081c3abff6112e3b0c63a2b7b9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:51:30 +0000 Subject: [PATCH 112/112] Make a number of changes to the OS/2 build. Submitter's comment below. PR: 732 Submitted by: Ilya Zakharevich Submitter's comment: This patch: a) Introduces a new file os2/backwardify.pl. b) Introduces a new mk1mf.pl variable $preamble. As you can see, it may be used also to move some OS-specific code to VC-CE too (the the first chunk of the patch); c) The DESCRIPTION specifier of the .def file is made more informative: now it contains the version number too. On OS/2 it is made conformant to OS/2 conventions; in particular, when one runs the standard command BLDLEVEL this.DLL one can see: Vendor: www.openssl.org/ Revision: 0.9.7c Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto. Build for EMX -Zmtd [I did not make Win32 descriptions as informative as this - I'm afraid to break something. Be welcome to fix this.] d) On OS/2 the generated DLL was hardly usable (it had a shared initialized data segment). e) On OS/2 the generated DLLs had names like ssl.dll. However, DLL names on OS/2 are "global data". It is hard to have several DLLs with the same name on the system. Thus this precluded coexistence of OpenSSL with DLLs for other SLL implementations - or other name clashes. I transparently changed the names of the DLLs to open_ssl.dll and cryptssl.dll. f) The file added in (a) is used to create "forwarder" DLLs, so the applications expecting the "old" DLL names may use the new DLLs transparently. (A presence of these DLLs on the system nullifies (e), but makes old applications work. This is a stopgap measure until the old applications are relinked. Systems with no old applications do not need these DLLs, so may enjoy all the benefits of (e).) The new DLLs are placed in os2/ and os2/noname subdirectories. g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious meaningless failures). The change to util/pl/OS2-EMX.pl uses the variable introduced in (b) to switch the Makefiles to SHELL=sh syntax. All these backslashes are removed, and the generated Makefiles started to work. h) Running os2/OS2-EMX.cmd now prints out what to do next. --- os2/OS2-EMX.cmd | 36 ++++++++++++++++++++++++++++++++++++ os2/backwardify.pl | 32 ++++++++++++++++++++++++++++++++ util/mk1mf.pl | 2 ++ util/mkdef.pl | 38 +++++++++++++++++++++++++++++++++----- util/pl/OS2-EMX.pl | 42 ++++++++++++++++++++++-------------------- 5 files changed, 125 insertions(+), 25 deletions(-) create mode 100644 os2/backwardify.pl diff --git a/os2/OS2-EMX.cmd b/os2/OS2-EMX.cmd index acab99ac3..5924b50b6 100644 --- a/os2/OS2-EMX.cmd +++ b/os2/OS2-EMX.cmd @@ -64,3 +64,39 @@ echo RC5\32 cd crypto\rc5\asm perl rc5-586.pl a.out > r5-os2.asm cd ..\..\.. + +cd os2 + +if exist noname\backward_ssl.def goto nomkdir +mkdir noname +:nomkdir + +perl backwardify.pl crypto.def >backward_crypto.def +perl backwardify.pl ssl.def >backward_ssl.def +perl backwardify.pl -noname crypto.def >noname\backward_crypto.def +perl backwardify.pl -noname ssl.def >noname\backward_ssl.def + +echo Creating backward compatibility forwarder dlls: +echo crypto.dll +gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085 +echo ssl.dll +gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085 + +echo Creating smaller backward compatibility forwarder dlls: +echo These DLLs are not good for runtime resolution of symbols. +echo noname\crypto.dll +gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085 +echo noname\ssl.dll +gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085 + +echo Compressing forwarders (it is ok if lxlite is not found): +lxlite *.dll noname/*.dll + +cd .. + +echo Now run: +echo For static build: +echo make -f OS2-EMX.mak +echo For dynamic build: +echo make -f OS2-EMX-DLL.mak +echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll diff --git a/os2/backwardify.pl b/os2/backwardify.pl new file mode 100644 index 000000000..272423c8f --- /dev/null +++ b/os2/backwardify.pl @@ -0,0 +1,32 @@ +#!/usr/bin/perl -w +use strict; + +# Use as $0 +# Use as $0 -noname + +my $did_library; +my $did_description; +my $do_exports; +my @imports; +my $noname = (@ARGV and $ARGV[0] eq '-noname' and shift); +while (<>) { + unless ($did_library) { + s/\b(cryptssl)\b/crypto/ and $did_library = $1 if /^LIBRARY\s+cryptssl\b/; + s/\b(open_ssl)\b/ssl/ and $did_library = $1 if /^LIBRARY\s+open_ssl\b/; + } + unless ($did_description) { + s&^(DESCRIPTION\s+(['"])).*&${1}\@#www.openssl.org/:#\@forwarder DLL for pre-0.9.7c+ OpenSSL to the new dll naming scheme$2& and $did_description++; + } + if ($do_exports) {{ + last unless /\S/; + warn, last unless /^ \s* ( \w+ ) \s+ \@(\d+)\s*$/x; + push @imports, [$1, $2]; + s/$/ NONAME/ if $noname; + }} + $do_exports++ if not $do_exports and /^EXPORTS/; + print $_; +} +print "IMPORTS\n"; +for my $imp (@imports) { + print "\t$imp->[0]=$did_library.$imp->[1]\n"; +} diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 4d370720a..15813461f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -290,6 +290,8 @@ $defs= <<"EOF"; EOF +$defs .= $preamble if defined $preamble; + if ($platform eq "VC-CE") { $defs.= <<"EOF"; diff --git a/util/mkdef.pl b/util/mkdef.pl index 64e0430a1..ddc33c152 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -1135,27 +1135,55 @@ sub print_test_file } } +sub get_version { + local *MF; + my $v = '?'; + open MF, 'Makefile.ssl' or return $v; + while () { + $v = $1, last if /^VERSION=(.*?)\s*$/; + } + close MF; + return $v; +} + sub print_def_file { (*OUT,my $name,*nums,my @symbols)=@_; my $n = 1; my @e; my @r; my @v; my $prev=""; my $liboptions=""; + my $libname = $name; + my $http_vendor = 'www.openssl.org/'; + my $version = get_version(); + my $what = "OpenSSL: implementation of Secure Socket Layer"; + my $description = "$what $version, $name - http://$http_vendor"; if ($W32) - { $name.="32"; } + { $libname.="32"; } elsif ($W16) - { $name.="16"; } + { $libname.="16"; } elsif ($OS2) - { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } + { # DLL names should not clash on the whole system. + # However, they should not have any particular relationship + # to the name of the static library. Chose descriptive names + # (must be at most 8 chars). + my %translate = (ssl => 'open_ssl', crypto => 'cryptssl'); + $libname = $translate{$name} || $name; + $liboptions = <