From 08cb96bba2831a8fc3dbda697ab65d64bb05a371 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 14 Jan 2003 20:54:18 +0000 Subject: [PATCH 001/550] Set EXPORT_VAR_AS_FN for BC-32 to work around a compiler bug, --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 451330a0b..03f0b387d 100755 --- a/Configure +++ b/Configure @@ -501,7 +501,7 @@ my %table=( "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32", +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Mingw32 From 0e4aa0d2d2807e0cbeac29b65d2b9061daed8941 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 15 Jan 2003 02:01:55 +0000 Subject: [PATCH 002/550] As with RSA, which was modified recently, this change makes it possible to override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method. --- CHANGES | 6 ++++++ crypto/dh/dh.h | 2 ++ crypto/dh/dh_gen.c | 11 ++++++++++- crypto/dh/dh_key.c | 1 + crypto/dsa/dsa.h | 7 +++++++ crypto/dsa/dsa_gen.c | 15 +++++++++++++++ crypto/dsa/dsa_key.c | 9 +++++++++ crypto/dsa/dsa_ossl.c | 2 ++ engines/e_aep.c | 5 ++++- engines/e_atalla.c | 5 ++++- engines/e_cswift.c | 5 ++++- engines/e_ncipher.c | 1 + engines/e_nuron.c | 5 ++++- engines/e_sureware.c | 5 ++++- engines/e_ubsec.c | 5 ++++- 15 files changed, 77 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 404f76bd0..4b11fc9c5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + *) Change the "progress" mechanism used in key-generation and primality testing to functions that take a new BN_GENCB pointer in place of callback/argument pairs. The new API functions have "_ex" diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index cab9b1493..62dba4055 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -91,6 +91,8 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); } DH_METHOD; struct dh_st diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index a929a0f06..1f805073c 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -66,6 +66,15 @@ #include #include +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q @@ -91,7 +100,7 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) { BIGNUM *t1,*t2; int g,ok= -1; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1a0efca2c..5e58e0032 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -90,6 +90,7 @@ dh_bn_mod_exp, dh_init, dh_finish, 0, +NULL, NULL }; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 7a126e486..6ba79b01d 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -110,6 +110,13 @@ typedef struct dsa_method { int (*finish)(DSA *dsa); int flags; char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); } DSA_METHOD; struct dsa_st diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index ca2c86708..4b9aff368 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,10 +80,25 @@ #include #include +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_parameters_ex(DSA *ret, int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { + if(ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + } + +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) + { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH]; diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index ef87c3e63..48ff1f423 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -64,7 +64,16 @@ #include #include +static int dsa_builtin_keygen(DSA *dsa); + int DSA_generate_key(DSA *dsa) + { + if(dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); + } + +static int dsa_builtin_keygen(DSA *dsa) { int ok=0; BN_CTX *ctx=NULL; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index fc35dfe1f..313c06fa3 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -89,6 +89,8 @@ dsa_bn_mod_exp, dsa_init, dsa_finish, 0, +NULL, +NULL, NULL }; diff --git a/engines/e_aep.c b/engines/e_aep.c index 3bb979a5f..46ccac282 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -190,7 +190,9 @@ static DSA_METHOD aep_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -205,6 +207,7 @@ static DH_METHOD aep_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 6807e8400..64dcc046e 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -154,7 +154,9 @@ static DSA_METHOD atalla_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -169,6 +171,7 @@ static DH_METHOD atalla_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_cswift.c b/engines/e_cswift.c index d3bd9c657..28a51d1bf 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -172,7 +172,9 @@ static DSA_METHOD cswift_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -187,6 +189,7 @@ static DH_METHOD cswift_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index 8e8344379..bf95ca861 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -201,6 +201,7 @@ static DH_METHOD hwcrhk_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_nuron.c b/engines/e_nuron.c index 2d3f84b04..f9c379503 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -287,7 +287,9 @@ static DSA_METHOD nuron_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -301,6 +303,7 @@ static DH_METHOD nuron_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_sureware.c b/engines/e_sureware.c index ee7182cd0..cae8bf485 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -145,7 +145,8 @@ static DH_METHOD surewarehk_dh = NULL, /* init*/ NULL, /* finish*/ 0, /* flags*/ - NULL + NULL, + NULL }; #endif @@ -194,6 +195,8 @@ static DSA_METHOD surewarehk_dsa = NULL,/*finish*/ 0, NULL, + NULL, + NULL }; #endif diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index afb0c9ece..02927d7b3 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -162,7 +162,9 @@ static DSA_METHOD ubsec_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -177,6 +179,7 @@ static DH_METHOD ubsec_dh = NULL, NULL, 0, + NULL, NULL }; #endif From 8ec16ce7110a9b60bb6a616c4f0ad2df6cb08894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 15 Jan 2003 09:51:22 +0000 Subject: [PATCH 003/550] Really fix SSLv2 session ID handling PR: 377 --- CHANGES | 9 +++++++++ ssl/s2_clnt.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 4b11fc9c5..c3176727e 100644 --- a/CHANGES +++ b/CHANGES @@ -375,6 +375,15 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly + checked on reconnect on the client side, therefore session resumption + could still fail with a "ssl session id is different" error. This + behaviour is masked when SSL_OP_ALL is used due to + SSL_OP_MICROSOFT_SESS_ID_BUG being set. + Behaviour observed by Crispin Flowerday as + followup to PR #377. + [Lutz Jaenicke] + *) IA-32 assembler support enhancements: unified ELF targets, support for SCO/Caldera platforms, fix for Cygwin shared build. [Andy Polyakov] diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index c6319bb63..1d24dedc9 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s) if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { if ((s->session->session_id_length > sizeof s->session->session_id) - || (0 != memcmp(buf, s->session->session_id, + || (0 != memcmp(buf + 1, s->session->session_id, (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); From 365e14622a810d619f78f1f683580a7d2a353f60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 15 Jan 2003 11:47:28 +0000 Subject: [PATCH 004/550] update error library for EC... changes Submitted by: Nils Larsch --- crypto/err/err_all.c | 12 ++++++++++++ crypto/err/openssl.ec | 1 - 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 90029fd15..812ab7cbe 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -73,6 +73,12 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#ifndef OPENSSL_NO_ECDH +#include +#endif #include #include #include @@ -114,6 +120,12 @@ void ERR_load_crypto_strings(void) ERR_load_CRYPTO_strings(); #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); +#endif +#ifndef OPENSSL_NO_ECDSA + ERR_load_ECDSA_strings(); +#endif +#ifndef OPENSSL_NO_ECDH + ERR_load_ECDH_strings(); #endif /* skip ERR_load_SSL_strings() because it is not in this library */ ERR_load_BIO_strings(); diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 38d68f23e..3ac40512d 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -33,7 +33,6 @@ L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/ec/ec_lcl.h NONE -L NONE crypto/ecdsa/ecs_locl.h NONE F RSAREF_F_RSA_BN2BIN From a74333f90509a3bb48c1d604ed20237e7746aff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 15 Jan 2003 14:54:59 +0000 Subject: [PATCH 005/550] Fix initialization sequence to prevent freeing of unitialized objects. Submitted by: Nils Larsch PR: 459 --- CHANGES | 12 ++++++++++++ crypto/dsa/dsa_ossl.c | 13 +++++++++---- crypto/ecdsa/ecs_ossl.c | 7 +++++-- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index c3176727e..2fd057c41 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) ECDSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Nils Larsch + via PR#459) + [Lutz Jaenicke] + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD and DH_METHOD (eg. by ENGINE implementations) to override the normal software implementations. For DSA and DH, parameter generation can @@ -375,6 +381,12 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) DSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Ivan D Nestlerode , + Nils Larsch via PR#459) + [Lutz Jaenicke] + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly checked on reconnect on the client side, therefore session resumption could still fail with a "ssl session id is different" error. This diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 313c06fa3..70d60d9e2 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -108,13 +108,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + BN_init(&m); + BN_init(&xr); + if (!dsa->p || !dsa->q || !dsa->g) { reason=DSA_R_MISSING_PARAMETERS; goto err; } - BN_init(&m); - BN_init(&xr); + s=BN_new(); if (s == NULL) goto err; @@ -180,6 +182,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); return 0; } + + BN_init(&k); + if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -187,7 +192,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) else ctx=ctx_in; - BN_init(&k); if ((r=BN_new()) == NULL) goto err; kinv=NULL; @@ -243,11 +247,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } - if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&u1); BN_init(&u2); BN_init(&t1); + if ((ctx=BN_CTX_new()) == NULL) goto err; + if (BN_is_zero(sig->r) || BN_get_sign(sig->r) || BN_ucmp(sig->r, dsa->q) >= 0) { diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 215da3892..ba1c56121 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -94,6 +94,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } + + BN_init(&k); + if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) @@ -134,7 +137,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, do { /* get random k */ - BN_init(&k); do if (!BN_rand_range(&k,order)) { @@ -223,6 +225,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA_SIG *ret=NULL; ECDSA_DATA *ecdsa; + BN_init(&xr); + ecdsa = ecdsa_check(eckey); if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key @@ -231,7 +235,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); goto err; } - BN_init(&xr); if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || (tmp = BN_new()) == NULL || (m = BN_new()) == NULL || From 4e59cd3bb6d31bbe31575a3dad2cbd4a1b2865dd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 15 Jan 2003 17:23:16 +0000 Subject: [PATCH 006/550] Add verbosity --- INSTALL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index cc6b73174..1c3f3c3fe 100644 --- a/INSTALL +++ b/INSTALL @@ -321,7 +321,8 @@ cd objtree/"`uname -s`-`uname -r`-`uname -m`" (cd $OPENSSL_SOURCE; find . -type f) | while read F; do mkdir -p `dirname $F` - ln -s $OPENSSL_SOURCE/$F $F + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F done make -f Makefile.org clean From 28b958f732a7a09bb67ba142cb96573731a79392 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 06:00:55 +0000 Subject: [PATCH 007/550] Fix possible NULL dereferencial. Notified by Verdon Walker --- ssl/ssl_lib.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f4112678f..68c7ae7b6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1073,14 +1073,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, * preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) { - if ((s != NULL) && (s->cipher_list != NULL)) + if (s != NULL) { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) - { - return(s->ctx->cipher_list); + if (s->cipher_list != NULL) + { + return(s->cipher_list); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) + { + return(s->ctx->cipher_list); + } } return(NULL); } @@ -1089,14 +1092,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) * algorithm id */ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { - if ((s != NULL) && (s->cipher_list_by_id != NULL)) + if (s != NULL) { - return(s->cipher_list_by_id); - } - else if ((s != NULL) && (s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) - { - return(s->ctx->cipher_list_by_id); + if (s->cipher_list_by_id != NULL) + { + return(s->cipher_list_by_id); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) + { + return(s->ctx->cipher_list_by_id); + } } return(NULL); } From acad5755a2239d448e151a2b40650f44a5f85a7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 16 Jan 2003 07:54:52 +0000 Subject: [PATCH 008/550] ncr-scde target needs -lc89 for strcasecmp() and ftime() (Tim Rice, Martin Megele). PR: 450 --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 03f0b387d..77762cb2c 100755 --- a/Configure +++ b/Configure @@ -402,7 +402,7 @@ my %table=( "nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", # QNX 4 "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", From 44ea41cfff77ede56a56931d7851e5a806fb44b1 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 13:01:36 +0000 Subject: [PATCH 009/550] make update --- TABLE | 413 +++++++++++++++++----------------------------------------- 1 file changed, 119 insertions(+), 294 deletions(-) diff --git a/TABLE b/TABLE index adf02a6d6..7bce67f7f 100644 --- a/TABLE +++ b/TABLE @@ -32,7 +32,7 @@ $unistd = $thread_cflag = $sys_id = WIN32 $lflags = -$bn_ops = BN_LLONG DES_PTR RC4_INDEX +$bn_ops = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN $bn_obj = $des_obj = $bf_obj = @@ -225,6 +225,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** FreeBSD-sparc64 +$cc = gcc +$cflags = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** MPE/iX-gcc $cc = gcc $cflags = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB @@ -609,7 +634,7 @@ $sys_id = $lflags = $bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -634,7 +659,7 @@ $sys_id = $lflags = $bn_ops = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -683,15 +708,15 @@ $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr5-shared $shared_cflag = -Kpic @@ -708,15 +733,15 @@ $thread_cflag = -pthread $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr5-shared $shared_cflag = -fPIC @@ -725,56 +750,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** OpenUNIX-8-pentium -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - -*** OpenUNIX-8-pentium_pro -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium_pro -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - *** ReliantUNIX $cc = cc $cflags = -KPIC -g -DTERMIOS -DB_ENDIAN @@ -2302,7 +2277,7 @@ $arflags = *** hpux-ia64-cc $cc = cc -$cflags = -Ae +DD32 +O3 +ESlit -z -DB_ENDIAN +$cflags = -Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2577,7 +2552,7 @@ $arflags = *** hpux64-ia64-cc $cc = cc -$cflags = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN +$cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3025,6 +3000,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** linux-ia32-icc +$cc = icc +$cflags = -DL_ENDIAN -DTERMIO -O2 +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -KPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** linux-ia64 $cc = gcc $cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall @@ -3334,7 +3334,7 @@ $sys_id = $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -3359,7 +3359,7 @@ $sys_id = ULTRASPARC $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus.o $sha1_obj = @@ -3409,7 +3409,7 @@ $sys_id = ULTRASPARC $lflags = -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv9.o $sha1_obj = @@ -3658,15 +3658,15 @@ $thread_cflag = (unknown) $sys_id = $lflags = -lsocket -lresolv -lnsl $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr3-shared $shared_cflag = -Kpic @@ -3675,31 +3675,6 @@ $shared_extension = $ranlib = $arflags = -*** sco5-cc-pentium -$cc = cc -$cflags = -Kpentium -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** sco5-gcc $cc = gcc $cflags = -O3 -fomit-frame-pointer @@ -3809,7 +3784,7 @@ $sys_id = $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = asm/sparcv8.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -3834,7 +3809,7 @@ $sys_id = $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -3859,7 +3834,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus.o $sha1_obj = @@ -3884,7 +3859,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus.o $sha1_obj = @@ -3909,7 +3884,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus-gcc27.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus-gcc27.o $sha1_obj = @@ -3958,15 +3933,15 @@ $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-sol.o asm/co86-sol.o -$des_obj = asm/dx86-sol.o asm/yx86-sol.o -$bf_obj = asm/bx86-sol.o -$md5_obj = asm/mx86-sol.o -$sha1_obj = asm/sx86-sol.o -$cast_obj = asm/cx86-sol.o -$rc4_obj = asm/rx86-sol.o -$rmd160_obj = asm/rm86-sol.o -$rc5_obj = asm/r586-sol.o +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC @@ -3984,7 +3959,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv9.o $sha1_obj = @@ -4009,32 +3984,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = -$des_obj = -$bf_obj = -$md5_obj = asm/md5-sparcv9.o -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - -*** solaris64-sparcv9-gcc31 -$cc = gcc -$cflags = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv9.o $sha1_obj = @@ -4175,31 +4125,6 @@ $shared_extension = $ranlib = $arflags = -*** unixware-2.0-pentium -$cc = cc -$cflags = -DFILIO_H -DNO_STRINGS_H -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** unixware-2.1 $cc = cc $cflags = -O -DFILIO_H @@ -4225,56 +4150,6 @@ $shared_extension = $ranlib = $arflags = -*** unixware-2.1-p6 -$cc = cc -$cflags = -O -DFILIO_H -Kp6 -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - -*** unixware-2.1-pentium -$cc = cc -$cflags = -O -DFILIO_H -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** unixware-7 $cc = cc $cflags = -O -DFILIO_H -Kalloca @@ -4283,15 +4158,15 @@ $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr5-shared $shared_cflag = -Kpic @@ -4308,15 +4183,15 @@ $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= gnu-shared $shared_cflag = -fPIC @@ -4325,56 +4200,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** unixware-7-pentium -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - -*** unixware-7-pentium_pro -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium_pro -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - *** vxworks-ppc405 $cc = ccppc $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h From d745af4b0cc5d37ffa662aa04dcbfb2855c0f034 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 16 Jan 2003 16:05:23 +0000 Subject: [PATCH 010/550] avoid potential confusion about curves (prime192v1 and prime256v1 are also known as secp192r1 and secp256r1, respectively) Submitted by: Nils Larsch, Bodo Moeller --- apps/ecparam.c | 21 +++++++++++++++- crypto/ec/ec_curve.c | 50 ++++++++++++++++++++------------------ crypto/objects/objects.txt | 4 +++ 3 files changed, 50 insertions(+), 25 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index 3bd0a9748..010e214e5 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -383,7 +383,26 @@ bad: if (curve_name != NULL) { - int nid = OBJ_sn2nid(curve_name); + int nid; + + /* workaround for the SECG curve names secp192r1 + * and secp256r1 (which are the same as the curves + * prime192v1 and prime256v1 defined in X9.62) + */ + if (!strcmp(curve_name, "secp192r1")) + { + BIO_printf(bio_err, "using curve name prime192v1 " + "instead of secp192r1\n"); + nid = NID_X9_62_prime192v1; + } + else if (!strcmp(curve_name, "secp256r1")) + { + BIO_printf(bio_err, "using curve name prime256v1 " + "instead of secp256r1\n"); + nid = NID_X9_62_prime256v1; + } + else + nid = OBJ_sn2nid(curve_name); if (nid == 0) { diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index cb7776346..0b9b7ca7c 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -103,7 +103,7 @@ static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, _EC_NIST_PRIME_192_SEED, 20, - "192 bit prime curve from the X9.62 draft" + "192 bit prime curve from X9.62 and SECG" }; static const unsigned char _EC_NIST_PRIME_224_SEED[] = { @@ -175,7 +175,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, _EC_X9_62_PRIME_192V2_SEED, 20, - "192 bit prime curve from the X9.62 draft" + "192 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { @@ -190,7 +190,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, _EC_X9_62_PRIME_192V3_SEED, 20, - "192 bit prime curve from the X9.62 draft" + "192 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { @@ -205,7 +205,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, _EC_X9_62_PRIME_239V1_SEED, 20, - "239 bit prime curve from the X9.62 draft" + "239 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { @@ -220,7 +220,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, _EC_X9_62_PRIME_239V2_SEED, 20, - "239 bit prime curve from the X9.62 draft" + "239 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { @@ -235,7 +235,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, _EC_X9_62_PRIME_239V3_SEED, 20, - "239 bit prime curve from the X9.62 draft" + "239 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { @@ -250,7 +250,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, _EC_X9_62_PRIME_256V1_SEED, 20, - "256 bit prime curve from the X9.62 draft" + "256 bit prime curve from X9.62 and SECG" }; /* the secg prime curves (minus the nist and x9.62 prime curves) */ static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { @@ -733,7 +733,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", "0400000000000000000001E60FC8821CC74DAEAFC1", 2, _EC_X9_62_CHAR2_163V1_SEED, 20, - "163 bit binary curve from the X9.62 draft" + "163 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { @@ -748,7 +748,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { "079F684DDF6684C5CD258B3890021B2386DFD19FC5", "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, _EC_X9_62_CHAR2_163V2_SEED, 20, - "163 bit binary curve from the X9.62 draft" + "163 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { @@ -763,7 +763,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { "05B935590C155E17EA48EB3FF3718B893DF59A05D0", "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, _EC_X9_62_CHAR2_163V3_SEED, 20, - "163 bit binary curve from the X9.62 draft" + "163 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { @@ -775,7 +775,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, NULL, 0, - "176 bit binary curve from the X9.62 draft" + "176 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { @@ -790,7 +790,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", "40000000000000000000000004A20E90C39067C893BBB9A5", 2, _EC_X9_62_CHAR2_191V1_SEED, 20, - "191 bit binary curve from the X9.62 draft" + "191 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { @@ -805,7 +805,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", "20000000000000000000000050508CB89F652824E06B8173", 4, _EC_X9_62_CHAR2_191V2_SEED, 20, - "191 bit binary curve from the X9.62 draft" + "191 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { @@ -820,7 +820,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", "155555555555555555555555610C0B196812BFB6288A3EA3", 6, _EC_X9_62_CHAR2_191V3_SEED, 20, - "191 bit binary curve from the X9.62 draft" + "191 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { @@ -832,7 +832,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, NULL, 0, - "208 bit binary curve from the X9.62 draft" + "208 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { @@ -847,7 +847,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, _EC_X9_62_CHAR2_239V1_SEED, 20, - "239 bit binary curve from the X9.62 draft" + "239 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { @@ -862,7 +862,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, _EC_X9_62_CHAR2_239V2_SEED, 20, - "239 bit binary curve from the X9.62 draft" + "239 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { @@ -877,7 +877,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, _EC_X9_62_CHAR2_239V3_SEED, 20, - "239 bit binary curve from the X9.62 draft" + "239 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { @@ -891,7 +891,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 0xFF06, NULL, 0, - "272 bit binary curve from the X9.62 draft" + "272 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { @@ -909,7 +909,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" "443051D", 0xFE2E, NULL, 0, - "304 bit binary curve from the X9.62 draft" + "304 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { @@ -930,7 +930,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" "64FE7719E74F490758D3B", 0x4C, _EC_X9_62_CHAR2_359V1_SEED, 20, - "359 bit binary curve from the X9.62 draft" + "359 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { @@ -948,7 +948,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" "9AE40A6F131E9CFCE5BD967", 0xFF70, NULL, 0, - "368 bit binary curve from the X9.62 draft" + "368 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { @@ -966,7 +966,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { "0340340340340340340340340340340340340340340340340340340323C313FAB5058" "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, NULL, 0, - "431 bit binary curve from the X9.62 draft" + "431 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_WTLS_1 = { @@ -996,14 +996,16 @@ static const ec_list_element curve_list[] = { { NID_secp160k1, &_EC_SECG_PRIME_160K1}, { NID_secp160r1, &_EC_SECG_PRIME_160R1}, { NID_secp160r2, &_EC_SECG_PRIME_160R2}, + /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ { NID_secp192k1, &_EC_SECG_PRIME_192K1}, { NID_secp224k1, &_EC_SECG_PRIME_224K1}, { NID_secp224r1, &_EC_NIST_PRIME_224}, { NID_secp256k1, &_EC_SECG_PRIME_256K1}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ { NID_secp384r1, &_EC_NIST_PRIME_384}, { NID_secp521r1, &_EC_NIST_PRIME_521}, /* X9.62 curves */ - { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index e13912e7a..8ec0484c7 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -83,9 +83,13 @@ secg-ellipticCurve 9 : secp160k1 secg-ellipticCurve 8 : secp160r1 secg-ellipticCurve 30 : secp160r2 secg-ellipticCurve 31 : secp192k1 +# NOTE: the curve secp192r1 is the same as prime192v1 defined above +# and is therefore omitted secg-ellipticCurve 32 : secp224k1 secg-ellipticCurve 33 : secp224r1 secg-ellipticCurve 10 : secp256k1 +# NOTE: the curve secp256r1 is the same as prime256v1 defined above +# and is therefore omitted secg-ellipticCurve 34 : secp384r1 secg-ellipticCurve 35 : secp521r1 # SECG characteristic two curves OIDs From 018c56fdcad95befe7fe07b51d4c04d9af866c24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 16 Jan 2003 17:22:30 +0000 Subject: [PATCH 011/550] Armor against systems without ranlib... Submitted by: Thierry Lelegard PR: 461 --- crypto/engine/Makefile.ssl | 2 +- crypto/krb5/Makefile.ssl | 2 +- crypto/ocsp/Makefile.ssl | 2 +- crypto/ui/Makefile.ssl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 144526aed..6b9926372 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -46,7 +46,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/krb5/Makefile.ssl b/crypto/krb5/Makefile.ssl index cc47c0547..7136d7a40 100644 --- a/crypto/krb5/Makefile.ssl +++ b/crypto/krb5/Makefile.ssl @@ -41,7 +41,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl index 171a89ee7..8f2681953 100644 --- a/crypto/ocsp/Makefile.ssl +++ b/crypto/ocsp/Makefile.ssl @@ -43,7 +43,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/ui/Makefile.ssl b/crypto/ui/Makefile.ssl index 256f536a6..90ae7d4a4 100644 --- a/crypto/ui/Makefile.ssl +++ b/crypto/ui/Makefile.ssl @@ -44,7 +44,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: From 8228f302ddcb8b80ddc3696ce68f74af8bf8ae44 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 17:28:46 +0000 Subject: [PATCH 012/550] Add some debugging output. --- crypto/comp/c_zlib.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index d31ab63ad..3bcb7c960 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -207,6 +207,11 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, err = deflate(&state->ostream, Z_SYNC_FLUSH); if (err != Z_OK) return -1; +#ifdef DEBUG_ZLIB + fprintf(stderr,"compress(%4d)->%4d %s\n", + ilen,olen - state->ostream.avail_out, + (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); +#endif return olen - state->ostream.avail_out; } @@ -230,6 +235,11 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, err = inflate(&state->istream, Z_SYNC_FLUSH); if (err != Z_OK) return -1; +#ifdef DEBUG_ZLIB + fprintf(stderr,"expand(%4d)->%4d %s\n", + ilen,olen - state->istream.avail_out, + (ilen != olen - state->istream.avail_out)?"zlib":"clear"); +#endif return olen - state->istream.avail_out; } From c00cee00fd8756ca94c162794e02d7bf73a77ecf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 18:29:30 +0000 Subject: [PATCH 013/550] FreeBSD has /dev/crypto as well. PR: 462 --- crypto/engine/eng_all.c | 12 +++++------ crypto/engine/eng_cryptodev.c | 40 ++++++++++++++++++----------------- crypto/evp/c_all.c | 4 ++-- 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 6bb7e93bb..7cc05bfe0 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -97,19 +97,19 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_4758cca(); #endif #endif -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif #endif } -#ifdef __OpenBSD__ -void ENGINE_setup_openbsd(void) { - static int openbsd_default_loaded = 0; - if (!openbsd_default_loaded) { +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void) { + static int bsd_cryptodev_default_loaded = 0; + if (!bsd_cryptodev_default_loaded) { ENGINE_load_cryptodev(); ENGINE_register_all_complete(); } - openbsd_default_loaded=1; + bsd_cryptodev_default_loaded=1; } #endif diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index be7ed6bb3..a658528d3 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -33,31 +33,28 @@ #include #include -#ifndef __OpenBSD__ - -void -ENGINE_load_cryptodev(void) -{ - /* This is a NOP unless __OpenBSD__ is defined */ - return; -} - -#else /* __OpenBSD__ */ - -#include +#if (defined(__unix__) || defined(unix)) && !defined(USG) #include +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 50000) || __FreeBSD_version >= 50041) +# define HAVE_CRYPTODEV +# endif +# if (OpenBSD >= 200110) +# define HAVE_SYSLOG_R +# endif +#endif -#if OpenBSD < 200112 +#ifndef HAVE_CRYPTODEV void ENGINE_load_cryptodev(void) { - /* This is a NOP unless we have release 3.0 (released december 2001) */ + /* This is a NOP on platforms without /dev/crypto */ return; } -#else /* OpenBSD 3.0 or above */ - +#else + +#include #include #include #include @@ -1032,12 +1029,18 @@ static DH_METHOD cryptodev_dh = { static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { +#ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; +#endif switch (cmd) { default: +#ifdef HAVE_SYSLOG_R syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +#else + syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +#endif break; } return (1); @@ -1064,7 +1067,7 @@ ENGINE_load_cryptodev(void) close(fd); if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || !ENGINE_set_digests(engine, cryptodev_engine_digests) || !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || @@ -1126,5 +1129,4 @@ ENGINE_load_cryptodev(void) ERR_clear_error(); } -#endif /* OpenBSD 3.0 or above */ -#endif /* __OpenBSD__ */ +#endif /* HAVE_CRYPTODEV */ diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 1bd54d791..af3dd2616 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -73,7 +73,7 @@ void OPENSSL_add_all_algorithms_noconf(void) { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#ifdef __OpenBSD__ - ENGINE_setup_openbsd(); +#if defined(__OpenBSD__) || defined(__FreeBSD__) + ENGINE_setup_bsd_cryptodev(); #endif } From 06492aef016507799fb8bd7ffa7d9bcd6ee1cd19 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 21:20:30 +0000 Subject: [PATCH 014/550] make update --- TABLE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TABLE b/TABLE index 7bce67f7f..460976130 100644 --- a/TABLE +++ b/TABLE @@ -3431,7 +3431,7 @@ $cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -lsocket -lnsl +$lflags = -lsocket -lnsl -lc89 $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = $des_obj = From 2f0952450199c529e515e2476c449508059036b4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 21:32:56 +0000 Subject: [PATCH 015/550] A few more files to ignore --- crypto/bf/asm/.cvsignore | 1 + crypto/bn/asm/.cvsignore | 2 ++ crypto/des/asm/.cvsignore | 3 +++ crypto/md5/asm/.cvsignore | 1 + crypto/rc4/asm/.cvsignore | 1 + crypto/rc5/asm/.cvsignore | 1 + crypto/ripemd/asm/.cvsignore | 1 + crypto/sha/asm/.cvsignore | 1 + 8 files changed, 11 insertions(+) diff --git a/crypto/bf/asm/.cvsignore b/crypto/bf/asm/.cvsignore index 9505a25ec..3e14af16d 100644 --- a/crypto/bf/asm/.cvsignore +++ b/crypto/bf/asm/.cvsignore @@ -1 +1,2 @@ bx86unix.cpp +bx86-elf.s diff --git a/crypto/bn/asm/.cvsignore b/crypto/bn/asm/.cvsignore index bb16ec91c..671eb0201 100644 --- a/crypto/bn/asm/.cvsignore +++ b/crypto/bn/asm/.cvsignore @@ -1,2 +1,4 @@ bn86unix.cpp co86unix.cpp +bn86-elf.s +co86-elf.s diff --git a/crypto/des/asm/.cvsignore b/crypto/des/asm/.cvsignore index f30053622..c8436379e 100644 --- a/crypto/des/asm/.cvsignore +++ b/crypto/des/asm/.cvsignore @@ -1,2 +1,5 @@ dx86unix.cpp yx86unix.cpp +des_enc-sparc.S +dx86-elf.s +yx86-elf.s diff --git a/crypto/md5/asm/.cvsignore b/crypto/md5/asm/.cvsignore index 085a1b1a9..5dd0091ca 100644 --- a/crypto/md5/asm/.cvsignore +++ b/crypto/md5/asm/.cvsignore @@ -1 +1,2 @@ mx86unix.cpp +mx86-elf.s diff --git a/crypto/rc4/asm/.cvsignore b/crypto/rc4/asm/.cvsignore index 0ec20dc6f..b26170250 100644 --- a/crypto/rc4/asm/.cvsignore +++ b/crypto/rc4/asm/.cvsignore @@ -1 +1,2 @@ rx86unix.cpp +rx86-elf.s diff --git a/crypto/rc5/asm/.cvsignore b/crypto/rc5/asm/.cvsignore index f60a6a8d6..855415c90 100644 --- a/crypto/rc5/asm/.cvsignore +++ b/crypto/rc5/asm/.cvsignore @@ -1 +1,2 @@ r586unix.cpp +r586-elf.s diff --git a/crypto/ripemd/asm/.cvsignore b/crypto/ripemd/asm/.cvsignore index 64d70dbf3..e18b24f96 100644 --- a/crypto/ripemd/asm/.cvsignore +++ b/crypto/ripemd/asm/.cvsignore @@ -1 +1,2 @@ rm86unix.cpp +rm86-elf.s diff --git a/crypto/sha/asm/.cvsignore b/crypto/sha/asm/.cvsignore index 5e8206257..748a54a4b 100644 --- a/crypto/sha/asm/.cvsignore +++ b/crypto/sha/asm/.cvsignore @@ -1 +1,2 @@ sx86unix.cpp +sx86-elf.s From 0bdd2da5d222c1dad24b5479e0677e5a5fdd3cee Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 21:36:17 +0000 Subject: [PATCH 016/550] Ingore the correct flag file. --- engines/.cvsignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engines/.cvsignore b/engines/.cvsignore index bb22714f1..695fdd005 100644 --- a/engines/.cvsignore +++ b/engines/.cvsignore @@ -1,2 +1,2 @@ Makefile.save -libs +lib From 59ae8c941916a2f8850c59638cb0ee4329d57b3e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 17 Jan 2003 00:48:47 +0000 Subject: [PATCH 017/550] EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex(). --- crypto/evp/evp_enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 66c48d143..ccfcc7e1b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -236,7 +236,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); + return EVP_CipherInit(ctx, cipher, key, iv, 0); } int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, From 726c2231431f811d12bdfcd83052eb62d1fc626b Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 15:13:03 +0000 Subject: [PATCH 018/550] Fix for AIX shared build, see RT#463. --- Configure | 4 ++-- config | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 77762cb2c..3d74ceb10 100755 --- a/Configure +++ b/Configure @@ -440,9 +440,9 @@ my %table=( # IBM's AIX. "aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", "aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", +"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::", "aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", -"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64", +"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) diff --git a/config b/config index fe8a441b2..e72b98228 100755 --- a/config +++ b/config @@ -464,6 +464,10 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then fi fi +if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc + (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc +fi + CCVER=${CCVER:-0} # read the output of the embedded GuessOS From 7c4e24af38a70213b42519d65a29d8c0ac6c0940 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 15:17:26 +0000 Subject: [PATCH 019/550] Caldera/SCO targets erroneously limit themselves to 386. See RT#464. --- config | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/config b/config index e72b98228..16286a59e 100755 --- a/config +++ b/config @@ -74,34 +74,27 @@ if [ "x$XREL" != "x" ]; then echo "whatever-whatever-sco5"; exit 0 ;; 4.2MP) - if [ "x$VERSION" = "x2.01" ]; then - echo "${MACHINE}-whatever-unixware201"; exit 0 - elif [ "x$VERSION" = "x2.02" ]; then - echo "${MACHINE}-whatever-unixware202"; exit 0 - elif [ "x$VERSION" = "x2.03" ]; then - echo "${MACHINE}-whatever-unixware203"; exit 0 - elif [ "x$VERSION" = "x2.1.1" ]; then - echo "${MACHINE}-whatever-unixware211"; exit 0 - elif [ "x$VERSION" = "x2.1.2" ]; then - echo "${MACHINE}-whatever-unixware212"; exit 0 - elif [ "x$VERSION" = "x2.1.3" ]; then - echo "${MACHINE}-whatever-unixware213"; exit 0 - else - echo "${MACHINE}-whatever-unixware2"; exit 0 - fi + case "x${VERSION}" in + x2.0*) echo "${MACHINE}-whatever-unixware20"; exit 0 ;; + x2.1*) echo "${MACHINE}-whatever-unixware21"; exit 0 ;; + x2*) echo "${MACHINE}-whatever-unixware2"; exit 0 ;; + esac ;; 4.2) echo "whatever-whatever-unixware1"; exit 0 ;; - OpenUNIX) - if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then - echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0 - fi - ;; 5) - if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then - echo "${MACHINE}-sco-unixware7"; exit 0 - fi + case "x${VERSION}" in + # We hardcode i586 in place of ${MACHINE} for the + # following reason. The catch is that even though Pentium + # is minimum requirement for platforms in question, + # ${MACHINE} gets always assigned to i386. Now, problem + # with i386 is that it makes ./config pass 386 to + # ./Configure, which in turn makes make generate + # inefficient SHA-1 (for this moment) code. + x7*) echo "i586-sco-unixware7"; exit 0 ;; + x8*) echo "i586-unkn-OpenUNIX${VERSION}; exit 0 ;; + esac ;; esac fi From 80bcbaa02fb526065260711594b31402f9541bf3 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 18:12:23 +0000 Subject: [PATCH 020/550] -lresolv is not present on SCO Unix, RT#460. --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 3d74ceb10..37e4b6683 100755 --- a/Configure +++ b/Configure @@ -433,8 +433,8 @@ my %table=( "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", # IBM's AIX. From 42bf2a5cdc849f4ff8437f976a1598728d1baa1f Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 21:57:30 +0000 Subject: [PATCH 021/550] SCO target missed .so suffix. --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 37e4b6683..4d227e6d8 100755 --- a/Configure +++ b/Configure @@ -433,8 +433,8 @@ my %table=( "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # IBM's AIX. From 59b846c5156772a5ee556212dfd63e1988aed532 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 19 Jan 2003 11:39:19 +0000 Subject: [PATCH 022/550] Oops! Missed closing quote... Didn't have time to verify before a snapshot was cut... --- config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config b/config index 16286a59e..a2a56754a 100755 --- a/config +++ b/config @@ -92,8 +92,8 @@ if [ "x$XREL" != "x" ]; then # with i386 is that it makes ./config pass 386 to # ./Configure, which in turn makes make generate # inefficient SHA-1 (for this moment) code. - x7*) echo "i586-sco-unixware7"; exit 0 ;; - x8*) echo "i586-unkn-OpenUNIX${VERSION}; exit 0 ;; + x7*) echo "i586-sco-unixware7"; exit 0 ;; + x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;; esac ;; esac From 722d17cbac898bf02ee8f75dabba87ab1373500d Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 19 Jan 2003 21:29:59 +0000 Subject: [PATCH 023/550] This is an *initial* tune-up. This update puts Itanium2 back on par with Itanium. I mean if overall performance improvement over C version was X for Itanium, it's X even for Itanium2. --- crypto/bn/asm/ia64.S | 123 ++++++++++++++++++++++++++----------------- 1 file changed, 76 insertions(+), 47 deletions(-) diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 04e0cc540..7dfda8556 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -1,6 +1,6 @@ .explicit .text -.ident "ia64.S, Version 1.2" +.ident "ia64.S, Version 2.0" .ident "IA-64 ISA artwork by Andy Polyakov " // @@ -13,6 +13,35 @@ // disclaimed. // ==================================================================== // +// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is +// different from Itanium to this module viewpoint. Most notably, is it +// "wider" than Itanium? Can you experience loop scalability as +// discussed in commentary sections? Not really:-( Itanium2 has 6 +// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to +// spin twice as fast, as I need 8 IALU ports. Amount of floating point +// ports is the same, i.e. 2, while I need 4. In other words, to this +// module Itanium2 remains effectively as "wide" as Itanium. Yet it's +// essentially different in respect to this module, and a re-tune was +// required. Well, because some intruction latencies has changed. Most +// noticeably those intensively used: +// +// Itanium Itanium2 +// ldf8 9 6 L2 hit +// ld8 2 1 L1 hit +// getf 2 5 +// xma[->getf] 7[+1] 4[+0] +// add[->st8] 1[+1] 1[+0] +// +// What does it mean? You might ratiocinate that the original code +// should run just faster... Because sum of latencies is smaller... +// Wrong! Note that getf latency increased. This means that if a loop is +// scheduled for lower latency (and they are), then it will suffer from +// stall condition and the code will therefore turn anti-scalable, e.g. +// original bn_mul_words spun at 5*n or 2.5 times slower than expected +// on Itanium2! What to do? Reschedule loops for Itanium2? But then +// Itanium would exhibit anti-scalability. So I've chosen to reschedule +// for worst latency for every instruction aiming for best *all-round* +// performance. // Q. How much faster does it get? // A. Here is the output from 'openssl speed rsa dsa' for vanilla @@ -283,7 +312,7 @@ bn_mul_words: #ifdef XMA_TEMPTATION { .mfi; alloc r2=ar.pfs,4,0,0,0 };; #else -{ .mfi; alloc r2=ar.pfs,4,4,0,8 };; +{ .mfi; alloc r2=ar.pfs,4,12,0,16 };; #endif { .mib; mov r8=r0 // return value cmp4.le p6,p0=r34,r0 @@ -296,8 +325,8 @@ bn_mul_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16 } @@ -312,14 +341,14 @@ bn_mul_words: mov r15=r33 // ap #endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) - mov ar.ec=12 };; +{ .mii; mov r40=0 // serves as r35 at first (p27) + mov ar.ec=13 };; -// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2 -// cache (i.e. 9 ticks away) as floating point load/store instructions +// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium +// L2 cache (i.e. 9 ticks away) as floating point load/store instructions // bypass L1 cache and L2 latency is actually best-case scenario for -// ldf8. The loop is not scalable and shall run in 2*(n+11) even on -// "wider" IA-64 implementations. It's a trade-off here. n+22 loop +// ldf8. The loop is not scalable and shall run in 2*(n+12) even on +// "wider" IA-64 implementations. It's a trade-off here. n+24 loop // would give us ~5% in *overall* performance improvement on "wider" // IA-64, but would hurt Itanium for about same because of longer // epilogue. As it's a matter of few percents in either case I've @@ -327,25 +356,25 @@ bn_mul_words: // this very instruction sequence in bn_mul_add_words loop which in // turn is scalable). .L_bn_mul_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 + (p21) xmpy.hu f40=f37,f8 (p0) nop.i 0x0 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) st8 [r14]=r39,8 +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) st8 [r14]=r41,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_words_ctop };; .L_bn_mul_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p49,p53 -(p49) add r8=r34,r0 -(p53) add r8=r34,r0,1 } +.pred.rel "mutex",p51,p55 +(p51) add r8=r36,r0 +(p55) add r8=r36,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 } @@ -412,8 +441,8 @@ bn_mul_add_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 } { .mii; @@ -425,55 +454,55 @@ bn_mul_add_words: mov r15=r33 // ap #endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) +{ .mii; mov r40=0 // serves as r35 at first (p27) #if defined(_HPUX_SOURCE) && defined(_ILP32) addp4 r18=0,r32 // rp copy #else mov r18=r32 // rp copy #endif - mov ar.ec=14 };; + mov ar.ec=15 };; -// This loop spins in 3*(n+13) ticks on Itanium and should spin in -// 2*(n+13) on "wider" IA-64 implementations (to be verified with new +// This loop spins in 3*(n+14) ticks on Itanium and should spin in +// 2*(n+14) on "wider" IA-64 implementations (to be verified with new // µ-architecture manuals as they become available). As usual it's // possible to compress the epilogue, down to 10 in this case, at the // cost of scalability. Compressed (and therefore non-scalable) loop -// running at 3*(n+10) would buy you ~10% on Itanium but take ~35% +// running at 3*(n+11) would buy you ~10% on Itanium but take ~35% // from "wider" IA-64 so let it be scalable! Special attention was // paid for having the loop body split at 64-byte boundary. ld8 is // scheduled for L1 cache as the data is more than likely there. // Indeed, bn_mul_words has put it there a moment ago:-) .L_bn_mul_add_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 - (p27) add r43=r43,r39 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) cmp.ltu.unc p56,p0=r43,r39 + (p21) xmpy.hu f40=f37,f8 + (p28) add r45=r45,r41 };; +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) cmp.ltu.unc p60,p0=r45,r41 (p0) nop.f 0x0 (p0) nop.b 0x0 } -{ .mii; (p26) ld8 r42=[r18],8 - (p58) cmp.eq.or p57,p0=-1,r44 - (p58) add r44=1,r44 } -{ .mfb; (p29) st8 [r14]=r45,8 +{ .mii; (p27) ld8 r44=[r18],8 + (p62) cmp.eq.or p61,p0=-1,r46 + (p62) add r46=1,r46 } +{ .mfb; (p30) st8 [r14]=r47,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_add_words_ctop};; .L_bn_mul_add_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p51,p55 -(p51) add r8=r36,r0 -(p55) add r8=r36,r0,1 } +.pred.rel "mutex",p53,p57 +(p53) add r8=r38,r0 +(p57) add r8=r38,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 };; { .mii; -(p59) add r8=1,r8 +(p63) add r8=1,r8 mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh From 9abff96b2f488163e8f340161b9d70f4ffb7b2b7 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 19 Jan 2003 21:47:06 +0000 Subject: [PATCH 024/550] Suggestion was to change ${MACHINE} to i586 in lines in question. Well, "whatever" doesn't the same (avoids 386 being passed to ./Configure), consistent with other elder SCO targets and denotes that we probably shouldn't care much about every out-of-date platform. --- config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config b/config index a2a56754a..72905c90e 100755 --- a/config +++ b/config @@ -75,9 +75,9 @@ if [ "x$XREL" != "x" ]; then ;; 4.2MP) case "x${VERSION}" in - x2.0*) echo "${MACHINE}-whatever-unixware20"; exit 0 ;; - x2.1*) echo "${MACHINE}-whatever-unixware21"; exit 0 ;; - x2*) echo "${MACHINE}-whatever-unixware2"; exit 0 ;; + x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;; + x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;; + x2*) echo "whatever-whatever-unixware2"; exit 0 ;; esac ;; 4.2) From 9b3f03d5a23bd3abf22a48b07b11584ef8258434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 21 Jan 2003 09:53:14 +0000 Subject: [PATCH 025/550] fix warnings Submitted by: Nils Larsch --- crypto/ec/ec2_smpl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 1bc440eed..a6fa4da7e 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -170,8 +170,8 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) dest->poly[2] = src->poly[2]; dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; - bn_wexpand(&dest->a, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); - bn_wexpand(&dest->b, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; return 1; @@ -195,12 +195,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group, /* group->a */ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; - bn_wexpand(&group->a, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; /* group->b */ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; - bn_wexpand(&group->b, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; ret = 1; From 0c3426da8678d248c2ebfe02c84d6fdab122a21e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 23 Jan 2003 08:10:04 +0000 Subject: [PATCH 026/550] Missing 0 broke FreeBSD build. PR: 470 --- crypto/engine/eng_cryptodev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index a658528d3..b32be08c8 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -35,7 +35,7 @@ #if (defined(__unix__) || defined(unix)) && !defined(USG) #include -# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 50000) || __FreeBSD_version >= 50041) +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV # endif # if (OpenBSD >= 200110) From 04da4558dd70add8069d90ef7c1a5dd17c7b76c2 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 23 Jan 2003 09:52:34 +0000 Subject: [PATCH 027/550] The patch speaks for itself. --- PROBLEMS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/PROBLEMS b/PROBLEMS index 62e395f0a..1a956b548 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -89,3 +89,12 @@ failures in other parts of the code. (See Ticket #426.) Workaround: modify the target to +O2 when building with no-asm. + +* Poor support for AIX shared builds. + +do_aix-shared rule is not flexible enough to parameterize through a +config-line. './Configure aix43-cc shared' is working, but not +'./Configure aix64-gcc shared'. In latter case make fails to create shared +libraries. It's possible to build 64-bit shared libraries by running +'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one +supporting even gcc shared builds. See RT#463 for background information. From 97e6bf6b22d75b847b5c9c0472c54ffe3169eece Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 23 Jan 2003 10:05:39 +0000 Subject: [PATCH 028/550] Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5. --- crypto/aes/aes_core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index ea884f6f9..2f41a825f 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -750,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { - for (;;) { + while (1) { temp = rk[3]; rk[4] = rk[0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -770,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[4] = GETU32(userKey + 16); rk[5] = GETU32(userKey + 20); if (bits == 192) { - for (;;) { + while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -792,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[6] = GETU32(userKey + 24); rk[7] = GETU32(userKey + 28); if (bits == 256) { - for (;;) { + while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ From d3b5cb5343afa4e4ae64bee4621171e6b00aaa21 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 24 Jan 2003 01:12:01 +0000 Subject: [PATCH 029/550] Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if *_min or *_max is absent. --- CHANGES | 4 +++ apps/req.c | 6 +++++ crypto/asn1/a_time.c | 3 +++ crypto/asn1/asn1.h | 61 +++++++++++++++++++++--------------------- crypto/asn1/asn1_err.c | 3 ++- crypto/o_time.c | 3 ++- 6 files changed, 48 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index 2fd057c41..aa9a7ae8d 100644 --- a/CHANGES +++ b/CHANGES @@ -381,6 +381,10 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Under Win32 gmtime() can return NULL: check return value in + OPENSSL_gmtime(). Add error code for case where gmtime() fails. + [Steve Henson] + *) DSA routines: under certain error conditions uninitialized BN objects could be freed. Solution: make sure initialization is performed early enough. (Reported and fix supplied by Ivan D Nestlerode , diff --git a/apps/req.c b/apps/req.c index 4fa5ae6fe..361211498 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1318,11 +1318,17 @@ start: for (;;) sprintf(buf,"%s_min",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + { + ERR_clear_error(); n_min = -1; + } sprintf(buf,"%s_max",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + { + ERR_clear_error(); n_max = -1; + } if (!add_DN_object(subj,v->value,def,value,nid, n_min,n_max, chtype)) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 3a03c9e4e..7348da945 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) + { + ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); return NULL; + } if((ts->tm_year >= 50) && (ts->tm_year < 150)) return ASN1_UTCTIME_set(s, t); return ASN1_GENERALIZEDTIME_set(s,t); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 460e0eb6e..0eb97fa62 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -965,8 +965,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_A2I_ASN1_ENUMERATED 101 #define ASN1_F_A2I_ASN1_INTEGER 102 #define ASN1_F_A2I_ASN1_STRING 103 -#define ASN1_F_APPEND_TAG 177 -#define ASN1_F_ASN1_CB 178 +#define ASN1_F_APPEND_TAG 176 +#define ASN1_F_ASN1_CB 177 #define ASN1_F_ASN1_CHECK_TLEN 104 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 #define ASN1_F_ASN1_COLLECT 106 @@ -977,7 +977,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 -#define ASN1_F_ASN1_GENERATE_V3 182 +#define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 #define ASN1_F_ASN1_I2D_BIO 116 @@ -999,6 +999,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 @@ -1028,15 +1029,14 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_X509_PKEY 159 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 -#define ASN1_F_I2D_ECDSA_PUBKEY 174 -#define ASN1_F_I2D_EC_PUBKEY 176 +#define ASN1_F_I2D_EC_PUBKEY 181 #define ASN1_F_I2D_NETSCAPE_RSA 162 #define ASN1_F_I2D_PRIVATEKEY 163 #define ASN1_F_I2D_PUBLICKEY 164 #define ASN1_F_I2D_RSA_PUBKEY 165 #define ASN1_F_LONG_C2I 166 -#define ASN1_F_OID_MODULE_INIT 175 -#define ASN1_F_PARSE_TAGGING 181 +#define ASN1_F_OID_MODULE_INIT 174 +#define ASN1_F_PARSE_TAGGING 182 #define ASN1_F_PKCS5_PBE2_SET 167 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 @@ -1059,8 +1059,9 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DATA_IS_WRONG 109 #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 -#define ASN1_R_DEPTH_EXCEEDED 173 +#define ASN1_R_DEPTH_EXCEEDED 174 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 @@ -1073,57 +1074,57 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_FIELD_MISSING 121 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 #define ASN1_R_HEADER_TOO_LONG 123 -#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 174 -#define ASN1_R_ILLEGAL_BOOLEAN 175 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 #define ASN1_R_ILLEGAL_CHARACTERS 124 -#define ASN1_R_ILLEGAL_FORMAT 176 -#define ASN1_R_ILLEGAL_HEX 177 -#define ASN1_R_ILLEGAL_IMPLICIT_TAG 178 -#define ASN1_R_ILLEGAL_INTEGER 179 -#define ASN1_R_ILLEGAL_NESTED_TAGGING 180 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 -#define ASN1_R_ILLEGAL_NULL_VALUE 181 -#define ASN1_R_ILLEGAL_OBJECT 182 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 #define ASN1_R_ILLEGAL_TAGGED_ANY 127 -#define ASN1_R_ILLEGAL_TIME_VALUE 183 -#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 184 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 -#define ASN1_R_INVALID_MODIFIER 185 -#define ASN1_R_INVALID_NUMBER 186 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 #define ASN1_R_INVALID_UTF8STRING 134 #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 -#define ASN1_R_LIST_ERROR 187 +#define ASN1_R_LIST_ERROR 188 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 -#define ASN1_R_MISSING_VALUE 188 +#define ASN1_R_MISSING_VALUE 189 #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 #define ASN1_R_NON_HEX_CHARACTERS 141 -#define ASN1_R_NOT_ASCII_FORMAT 189 +#define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 -#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 190 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 195 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 -#define ASN1_R_TIME_NOT_ASCII_FORMAT 191 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 @@ -1133,13 +1134,13 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 -#define ASN1_R_UNKNOWN_TAG 192 -#define ASN1_R_UNKOWN_FORMAT 193 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 #define ASN1_R_UNSUPPORTED_CIPHER 165 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 -#define ASN1_R_UNSUPPORTED_TYPE 194 +#define ASN1_R_UNSUPPORTED_TYPE 196 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 55aef5e79..d83ed65cd 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -104,6 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, +{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, @@ -133,7 +134,6 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0), "I2D_ECDSA_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0), "i2d_EC_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, @@ -169,6 +169,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_DECODING_ERROR ,"decoding error"}, {ASN1_R_DEPTH_EXCEEDED ,"depth exceeded"}, {ASN1_R_ENCODE_ERROR ,"encode error"}, +{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, {ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, diff --git a/crypto/o_time.c b/crypto/o_time.c index 1bc0297b3..ca5f3ea48 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -80,7 +80,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); - memcpy(result, ts, sizeof(struct tm)); + if (ts != NULL) + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif #ifdef OPENSSL_SYS_VMS From 02bf9a151a435ceaa170f4b46387bba3afac0a78 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Fri, 24 Jan 2003 09:39:31 +0000 Subject: [PATCH 030/550] Provide "dummy" &main::picmeup even in Windows perlasm modules. --- crypto/perlasm/x86ms.pl | 6 ++++++ crypto/perlasm/x86nasm.pl | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl index abcb7c130..35f1a4ddb 100644 --- a/crypto/perlasm/x86ms.pl +++ b/crypto/perlasm/x86ms.pl @@ -367,4 +367,10 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index 796556159..f30b7466d 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -344,4 +344,10 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + sub main'blindpop { &out1("pop",@_); } From 9048c7245b095db7fa2f153777ce61e64c6cdd82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 24 Jan 2003 21:43:08 +0000 Subject: [PATCH 031/550] For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters' in AlgorithmIdentifier Submitted by: Nils Larsch --- crypto/asn1/a_sign.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 52ce7e397..37e1e84a1 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -229,10 +229,11 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, else a=algor2; if (a == NULL) continue; - if (type->pkey_type == NID_dsaWithSHA1) + if (type->pkey_type == NID_dsaWithSHA1 || + type->pkey_type == NID_ecdsa_with_SHA1) { - /* special case: RFC 2459 tells us to omit 'parameters' - * with id-dsa-with-sha1 */ + /* special case: RFC 3279 tells us to omit 'parameters' + * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ ASN1_TYPE_free(a->parameter); a->parameter = NULL; } From c1862f91361faa4783e2cf52feed3643593bb892 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 24 Jan 2003 22:28:32 +0000 Subject: [PATCH 032/550] consistency --- CHANGES | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index aa9a7ae8d..1a30ede2a 100644 --- a/CHANGES +++ b/CHANGES @@ -379,6 +379,15 @@ TODO: bug: pad x with leading zeros if necessary EC_GROUP_get_nid() [Nils Larsch , Bodo Moeller] +#if 0 + The following entry accidentily appeared in the CHANGES file + distributed with OpenSSL 0.9.7. The modifications described in + it do *not* apply to OpenSSL 0.9.7. + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there was actually never needed) and in BN_mul(). The removal in BN_mul() required a small change in bn_mul_part_recursive() and the addition @@ -2092,6 +2106,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k bn_sub_words() and bn_add_words() except they take arrays with differing sizes. [Richard Levitte] +#endif *) In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that From 82516e3baf2870cc9f4cece522dd6487bc96de38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 25 Jan 2003 15:28:49 +0000 Subject: [PATCH 033/550] cofactor is optional in parameter encodings Submitted by: Nils Larsch --- crypto/ec/ec_asn1.c | 64 +++++++++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 63d33a5f5..c1c6ffee5 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -224,7 +224,7 @@ ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), - ASN1_SIMPLE(ECPARAMETERS, cofactor, ASN1_INTEGER) + ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS) @@ -715,17 +715,15 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, goto err; } - /* set the cofactor */ - if (!EC_GROUP_get_cofactor(group, tmp, NULL)) + /* set the cofactor (optional) */ + if (EC_GROUP_get_cofactor(group, tmp, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); - goto err; - } - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); - if (ret->cofactor == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); - goto err; + ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + if (ret->cofactor == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); + goto err; + } } ok = 1; @@ -978,9 +976,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) ret->seed_len = params->curve->seed->length; } - /* extract the order, cofactor and generator */ - if (!params->order || !params->cofactor || !params->base || - !params->base->data) + if (!params->order || !params->base || !params->base->data) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; @@ -988,14 +984,11 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) if ((point = EC_POINT_new(ret)) == NULL) goto err; - a = ASN1_INTEGER_to_BN(params->order, a); - b = ASN1_INTEGER_to_BN(params->cofactor, b); - if (!a || !b) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); - goto err; - } + /* set the point conversion form */ + EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) + (params->base->data[0] & ~0x01)); + /* extract the ec point */ if (!EC_POINT_oct2point(ret, point, params->base->data, params->base->length, NULL)) { @@ -1003,10 +996,29 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) goto err; } - /* set the point conversion form */ - EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) - (params->base->data[0] & ~0x01)); - + /* extract the order */ + if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + + /* extract the cofactor (optional) */ + if (params->cofactor == NULL) + { + if (b) + { + BN_free(b); + b = NULL; + } + } + else + if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + /* set the generator, order and cofactor (if present) */ if (!EC_GROUP_set_generator(ret, point, a, b)) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); From da45180de49b60be97ae0d5e574864417d7ddebd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 26 Jan 2003 13:38:56 +0000 Subject: [PATCH 034/550] Correct EVP_SealInit() documentation, iv is an output parameter. --- doc/crypto/EVP_SealInit.pod | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 25ef07f7c..b5e477e29 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -18,22 +18,28 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION The EVP envelope routines are a high level interface to envelope -encryption. They generate a random key and then "envelope" it by -using public key encryption. Data can then be encrypted using this -key. +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key. EVP_SealInit() initializes a cipher context B for encryption -with cipher B using a random secret key and IV supplied in -the B parameter. B is normally supplied by a function such -as EVP_des_cbc(). The secret key is encrypted using one or more public -keys, this allows the same encrypted data to be decrypted using any -of the corresponding private keys. B is an array of buffers where -the public key encrypted secret key will be written, each buffer must -contain enough room for the corresponding encrypted key: that is +with cipher B using a random secret key and IV. B is normally +supplied by a function such as EVP_des_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. B is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is B must have room for B bytes. The actual size of each encrypted secret key is written to the array B. B is an array of B public keys. +The B parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type). + +If the cipher does not require an IV then the B parameter is ignored +and can be B. + EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as documented on the L manual From bd1217a1768f15366cd99175c81b5da98e7715fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 28 Jan 2003 13:08:21 +0000 Subject: [PATCH 035/550] simplify Submitted by: Nils Larsch --- crypto/ec/ecp_nist.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 559cb5c41..ba5d180e1 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -165,21 +165,7 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, goto err; } - /* group->field */ - if (!BN_copy(&group->field, p)) goto err; - BN_set_sign(&group->field, 0); - - /* group->a */ - if (!group->field_mod_func(&group->a, a, p, ctx)) goto err; - - /* group->b */ - if (!group->field_mod_func(&group->b, b, p, ctx)) goto err; - - /* group->a_is_minus3 */ - if (!BN_add_word(tmp_bn, 3)) goto err; - group->a_is_minus3 = (0 == BN_cmp(tmp_bn, &group->field)); - - ret = 1; + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); err: BN_CTX_end(ctx); From b637670f039cef574e96e60f5bd660b899221021 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 29 Jan 2003 15:06:35 +0000 Subject: [PATCH 036/550] DVCS (see RFC 3029) was missing among the possible purposes. Notified privately to me by Peter Sylvester , one of the authors of said RFC --- crypto/x509v3/v3_purp.c | 4 ++++ crypto/x509v3/x509v3.h | 1 + 2 files changed, 5 insertions(+) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index b739e4fd8..4d145f71f 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -378,6 +378,10 @@ static void x509v3_cache_extensions(X509 *x) case NID_time_stamp: x->ex_xkusage |= XKU_TIMESTAMP; break; + + case NID_dvcs: + x->ex_xkusage |= XKU_DVCS; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index e1334b471..b4dd52a95 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -351,6 +351,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define XKU_SGC 0x10 #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 From 4e78074b39063d19ebab54209d5cf6eceb770141 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 10:27:43 +0000 Subject: [PATCH 037/550] cert_sk isn't always allocated, so freeing it may cause a crash. PR: 481 --- apps/ca.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 028dd98d3..2a56e556a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1641,7 +1641,8 @@ err: BIO_free_all(out); BIO_free_all(in); - sk_X509_pop_free(cert_sk,X509_free); + if (cert_sk) + sk_X509_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); app_RAND_write_file(randfile, bio_err); From 2e60ea7634125fcad082cc4b493e429ee440ea83 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 11:00:34 +0000 Subject: [PATCH 038/550] Fix a memory leak in SSL. PR: 477 --- ssl/ssl_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 68c7ae7b6..ea76cf117 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2047,6 +2047,7 @@ SSL *SSL_dup(SSL *s) * they should not both point to the same object, * and thus we can't use SSL_copy_session_id. */ + ret->method->ssl_free(ret); ret->method = s->method; ret->method->ssl_new(ret); From c0a93e31ab0bba212092b1125fb076fed69b8b01 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 11:08:44 +0000 Subject: [PATCH 039/550] Small typo, OENSSL should really be spelled OPENSSL. PR: 476 --- crypto/md5/md5.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h index cfdbf03fe..a252e0211 100644 --- a/crypto/md5/md5.h +++ b/crypto/md5/md5.h @@ -78,7 +78,7 @@ extern "C" { #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) #define MD5_LONG unsigned long -#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define MD5_LONG unsigned long #define MD5_LONG_LOG2 3 /* From bb3e67f3157cc44f20c1d3b96611126d4660d225 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 14:58:44 +0000 Subject: [PATCH 040/550] "openssl engine" will not display ENGINE/DSO load failure errors when testing availability of engines with "-t" - the old behaviour of is produced by increasing the feature's verbosity with "-tt". --- apps/engine.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/engine.c b/apps/engine.c index b718ae124..1a22d5dee 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -77,7 +77,8 @@ static char *engine_usage[]={ " -vvv will also add the input flags for each command\n", " -vvvv will also show internal input flags\n", " -c - for each engine, also list the capabilities\n", -" -t - for each engine, check that they are really available\n", +" -t[t] - for each engine, check that they are really available\n", +" -tt will display error trace for unavailable engines\n", " -pre - runs command 'cmd' against the ENGINE before any attempts\n", " to load it (if -t is used)\n", " -post - runs command 'cmd' against the ENGINE after loading it\n", @@ -342,7 +343,7 @@ int MAIN(int argc, char **argv) { int ret=1,i; char **pp; - int verbose=0, list_cap=0, test_avail=0; + int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; STACK *engines = sk_new_null(); STACK *pre_cmds = sk_new_null(); @@ -380,8 +381,14 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-c") == 0) list_cap=1; - else if (strcmp(*argv,"-t") == 0) + else if (strncmp(*argv,"-t",2) == 0) + { test_avail=1; + if(strspn(*argv + 1, "t") < strlen(*argv + 1)) + goto skip_arg_loop; + if((test_avail_noise = strlen(*argv + 1) - 1) > 1) + goto skip_arg_loop; + } else if (strcmp(*argv,"-pre") == 0) { argc--; argv++; @@ -496,7 +503,8 @@ skip_digests: else { BIO_printf(bio_out, "[ unavailable ]\n"); - ERR_print_errors_fp(stdout); + if(test_avail_noise) + ERR_print_errors_fp(stdout); ERR_clear_error(); } } From a85bef18995496a5f503350d921b2c98686cd12e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 15:43:07 +0000 Subject: [PATCH 041/550] Commit a slightly modified version of an old experiment to do RSA private key operations using the GMP library. The default is not to build (or use) this code unless OPENSSL_USE_GMP is defined (because it will impose header and linker dependencies that might need specifying too). --- engines/.cvsignore | 1 + engines/Makefile.ssl | 5 +- engines/e_gmp.c | 435 +++++++++++++++++++++++++++++++++++++++++++ engines/e_gmp.ec | 1 + engines/e_gmp_err.c | 137 ++++++++++++++ engines/e_gmp_err.h | 81 ++++++++ 6 files changed, 659 insertions(+), 1 deletion(-) create mode 100644 engines/e_gmp.c create mode 100644 engines/e_gmp.ec create mode 100644 engines/e_gmp_err.c create mode 100644 engines/e_gmp_err.h diff --git a/engines/.cvsignore b/engines/.cvsignore index 695fdd005..d7169dd1f 100644 --- a/engines/.cvsignore +++ b/engines/.cvsignore @@ -1,2 +1,3 @@ Makefile.save lib +libs diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index d20f2bdab..15d92844e 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -27,12 +27,13 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758_cca aep atalla cswift ncipher nuron sureware ubsec +LIBNAMES= 4758_cca aep atalla cswift gmp ncipher nuron sureware ubsec LIBSRC= e_4758_cca.c \ e_aep.c \ e_atalla.c \ e_cswift.c \ + e_gmp.c \ e_ncipher.c \ e_nuron.c \ e_sureware.c \ @@ -41,6 +42,7 @@ LIBOBJ= e_4758_cca.o \ e_aep.o \ e_atalla.o \ e_cswift.o \ + e_gmp.o \ e_ncipher.o \ e_nuron.o \ e_sureware.o \ @@ -53,6 +55,7 @@ HEADER= e_4758_cca_err.c e_4758_cca_err.h \ e_aep_err.c e_aep_err.h \ e_atalla_err.c e_atalla_err.h \ e_cswift_err.c e_cswift_err.h \ + e_gmp_err.c e_gmp_err.h \ e_ncipher_err.c e_ncipher_err.h \ e_nuron_err.c e_nuron_err.h \ e_sureware_err.c e_sureware_err.h \ diff --git a/engines/e_gmp.c b/engines/e_gmp.c new file mode 100644 index 000000000..8d778fcbf --- /dev/null +++ b/engines/e_gmp.c @@ -0,0 +1,435 @@ +/* crypto/engine/e_gmp.c */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* This engine is not (currently) compiled in by default. Do enable it, + * reconfigure OpenSSL with "-DOPENSSL_USE_GMP -lgmp". The GMP libraries and + * headers must reside in one of the paths searched by the compiler/linker, + * otherwise paths must be specified - eg. try configuring with + * "-DOPENSSL_USE_GMP -I -L -lgmp". YMMV. */ + +/* As for what this does - it's a largely unoptimised implementation of an + * ENGINE that uses the GMP library to perform RSA private key operations. To + * obtain more information about what "unoptimised" means, see my original mail + * on the subject (though ignore the build instructions which have since + * changed); + * + * http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html + * + * On my athlon system at least, it appears the builtin OpenSSL code is now + * slightly faster, which is to say that the RSA-related MPI performance + * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty + * balanced for this chip, and so the performance degradation in this ENGINE by + * having to convert to/from GMP formats (and not being able to cache + * montgomery forms) is probably the difference. However, if some unconfirmed + * reports from users is anything to go by, the situation on some other + * chipsets might be a good deal more favourable to the GMP version (eg. PPC). + * Feedback welcome. */ + +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_HW +#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP) + +#include + +#define E_GMP_LIB_NAME "gmp engine" +#include "e_gmp_err.c" + +static int e_gmp_destroy(ENGINE *e); +static int e_gmp_init(ENGINE *e); +static int e_gmp_finish(ENGINE *e); +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); + +#ifndef OPENSSL_NO_RSA +/* RSA stuff */ +static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); +static int e_gmp_rsa_finish(RSA *r); +#endif + +/* The definitions for control commands specific to this engine */ +/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */ +static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = { +#if 0 + {E_GMP_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the 'e_gmp' shared library", + ENGINE_CMD_FLAG_STRING}, +#endif + {0, NULL, NULL, 0} + }; + +#ifndef OPENSSL_NO_RSA +/* Our internal RSA_METHOD that we provide pointers to */ +static RSA_METHOD e_gmp_rsa = + { + "GMP RSA method", + NULL, + NULL, + NULL, + NULL, + e_gmp_rsa_mod_exp, + NULL, + NULL, + e_gmp_rsa_finish, + /* These flags initialise montgomery crud that GMP ignores, however it + * makes sure the public key ops (which are done in openssl) don't seem + * *slower* than usual :-) */ + RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE, + NULL, + NULL, + NULL + }; +#endif + +/* Constants used when creating the ENGINE */ +static const char *engine_e_gmp_id = "gmp"; +static const char *engine_e_gmp_name = "GMP engine support"; + +/* This internal function is used by ENGINE_gmp() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) + { +#ifndef OPENSSL_NO_RSA + const RSA_METHOD *meth1; +#endif + if(!ENGINE_set_id(e, engine_e_gmp_id) || + !ENGINE_set_name(e, engine_e_gmp_name) || +#ifndef OPENSSL_NO_RSA + !ENGINE_set_RSA(e, &e_gmp_rsa) || +#endif + !ENGINE_set_destroy_function(e, e_gmp_destroy) || + !ENGINE_set_init_function(e, e_gmp_init) || + !ENGINE_set_finish_function(e, e_gmp_finish) || + !ENGINE_set_ctrl_function(e, e_gmp_ctrl) || + !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns)) + return 0; + +#ifndef OPENSSL_NO_RSA + meth1 = RSA_PKCS1_SSLeay(); + e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc; + e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec; + e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc; + e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec; + e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp; +#endif + + /* Ensure the e_gmp error handling is set up */ + ERR_load_GMP_strings(); + return 1; + } + +static ENGINE *engine_gmp(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_gmp(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_gmp(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + +#ifndef OPENSSL_NO_RSA +/* Used to attach our own key-data to an RSA structure */ +static int hndidx_rsa = -1; +#endif + +static int e_gmp_destroy(ENGINE *e) + { + ERR_unload_GMP_strings(); + return 1; + } + +/* (de)initialisation functions. */ +static int e_gmp_init(ENGINE *e) + { +#ifndef OPENSSL_NO_RSA + if (hndidx_rsa == -1) + hndidx_rsa = RSA_get_ex_new_index(0, + "GMP-based RSA key handle", + NULL, NULL, NULL); +#endif + if (hndidx_rsa == -1) + return 0; + return 1; + } + +static int e_gmp_finish(ENGINE *e) + { + return 1; + } + +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int to_return = 1; + + switch(cmd) + { +#if 0 + case E_GMP_CMD_SO_PATH: + /* ... */ +#endif + /* The command isn't understood by this engine */ + default: + GMPerr(GMP_F_E_GMP_CTRL, + GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED); + to_return = 0; + break; + } + + return to_return; + } + +/* HACK - use text I/O functions in openssl and GMP to handle conversions. This + * is vile. */ +static int bn2gmp(const BIGNUM *bn, mpz_t g) + { + int toret; + char *tmpchar = BN_bn2hex(bn); + if(!tmpchar) return 0; + toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0); + OPENSSL_free(tmpchar); + return toret; + } + +static int gmp2bn(mpz_t g, BIGNUM *bn) + { + int toret; + char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); + if(!tmpchar) return 0; + mpz_get_str(tmpchar, 16, g); + toret = BN_hex2bn(&bn, tmpchar); + OPENSSL_free(tmpchar); + return toret; + } + +#ifndef OPENSSL_NO_RSA +typedef struct st_e_gmp_rsa_ctx + { + int public_only; + mpz_t n; + mpz_t d; + mpz_t e; + mpz_t p; + mpz_t q; + mpz_t dmp1; + mpz_t dmq1; + mpz_t iqmp; + mpz_t r0, r1, I0, m1; + } E_GMP_RSA_CTX; + +static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa) + { + E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if(hptr) return hptr; + hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX)); + if(!hptr) return NULL; + /* These inits could probably be replaced by more intelligent + * mpz_init2() versions, to reduce malloc-thrashing. */ + mpz_init(hptr->n); + mpz_init(hptr->d); + mpz_init(hptr->e); + mpz_init(hptr->p); + mpz_init(hptr->q); + mpz_init(hptr->dmp1); + mpz_init(hptr->dmq1); + mpz_init(hptr->iqmp); + mpz_init(hptr->r0); + mpz_init(hptr->r1); + mpz_init(hptr->I0); + mpz_init(hptr->m1); + if(!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e)) + goto err; + if(!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) + { + hptr->public_only = 1; + return hptr; + } + if(!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) || + !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) || + !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp)) + goto err; + hptr->public_only = 0; + RSA_set_ex_data(rsa, hndidx_rsa, hptr); + return hptr; +err: + mpz_clear(hptr->n); + mpz_clear(hptr->d); + mpz_clear(hptr->e); + mpz_clear(hptr->p); + mpz_clear(hptr->q); + mpz_clear(hptr->dmp1); + mpz_clear(hptr->dmq1); + mpz_clear(hptr->iqmp); + mpz_clear(hptr->r0); + mpz_clear(hptr->r1); + mpz_clear(hptr->I0); + mpz_clear(hptr->m1); + OPENSSL_free(hptr); + return NULL; + } + +static int e_gmp_rsa_finish(RSA *rsa) + { + E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if(!hptr) return 0; + mpz_clear(hptr->n); + mpz_clear(hptr->d); + mpz_clear(hptr->e); + mpz_clear(hptr->p); + mpz_clear(hptr->q); + mpz_clear(hptr->dmp1); + mpz_clear(hptr->dmq1); + mpz_clear(hptr->iqmp); + mpz_clear(hptr->r0); + mpz_clear(hptr->r1); + mpz_clear(hptr->I0); + mpz_clear(hptr->m1); + OPENSSL_free(hptr); + RSA_set_ex_data(rsa, hndidx_rsa, NULL); + return 1; + } + +static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) + { + E_GMP_RSA_CTX *hptr; + int to_return = 0; + + hptr = e_gmp_get_rsa(rsa); + if(!hptr) + { + GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, + GMP_R_KEY_CONTEXT_ERROR); + return 0; + } + if(hptr->public_only) + { + GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, + GMP_R_MISSING_KEY_COMPONENTS); + return 0; + } + + /* ugh!!! */ + if(!bn2gmp(I, hptr->I0)) + return 0; + + /* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into + * GMP-speak. It may be that GMP's API facilitates cleaner formulations + * of this stuff, eg. better handling of negatives, or functions that + * combine operations. */ + + mpz_mod(hptr->r1, hptr->I0, hptr->q); + mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q); + + mpz_mod(hptr->r1, hptr->I0, hptr->p); + mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p); + + mpz_sub(hptr->r0, hptr->r0, hptr->m1); + + if(mpz_sgn(hptr->r0) < 0) + mpz_add(hptr->r0, hptr->r0, hptr->p); + mpz_mul(hptr->r1, hptr->r0, hptr->iqmp); + mpz_mod(hptr->r0, hptr->r1, hptr->p); + + if(mpz_sgn(hptr->r0) < 0) + mpz_add(hptr->r0, hptr->r0, hptr->p); + mpz_mul(hptr->r1, hptr->r0, hptr->q); + mpz_add(hptr->r0, hptr->r1, hptr->m1); + + /* ugh!!! */ + if(gmp2bn(hptr->r0, r)) + to_return = 1; + + return 1; + } +#endif + +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_e_gmp_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + +#endif /* !OPENSSL_NO_HW_GMP */ +#endif /* !OPENSSL_NO_HW */ + diff --git a/engines/e_gmp.ec b/engines/e_gmp.ec new file mode 100644 index 000000000..72ec447fb --- /dev/null +++ b/engines/e_gmp.ec @@ -0,0 +1 @@ +L GMP e_gmp_err.h e_gmp_err.c diff --git a/engines/e_gmp_err.c b/engines/e_gmp_err.c new file mode 100644 index 000000000..383832ad2 --- /dev/null +++ b/engines/e_gmp_err.c @@ -0,0 +1,137 @@ +/* e_gmp_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include "e_gmp_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA GMP_str_functs[]= + { +{ERR_PACK(0,GMP_F_E_GMP_CTRL,0), "E_GMP_CTRL"}, +{ERR_PACK(0,GMP_F_E_GMP_RSA_MOD_EXP,0), "E_GMP_RSA_MOD_EXP"}, +{0,NULL} + }; + +static ERR_STRING_DATA GMP_str_reasons[]= + { +{GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{GMP_R_KEY_CONTEXT_ERROR ,"key context error"}, +{GMP_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{0,NULL} + }; + +#endif + +#ifdef GMP_LIB_NAME +static ERR_STRING_DATA GMP_lib_name[]= + { +{0 ,GMP_LIB_NAME}, +{0,NULL} + }; +#endif + + +static int GMP_lib_error_code=0; +static int GMP_error_init=1; + +static void ERR_load_GMP_strings(void) + { + if (GMP_lib_error_code == 0) + GMP_lib_error_code=ERR_get_next_error_library(); + + if (GMP_error_init) + { + GMP_error_init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(GMP_lib_error_code,GMP_str_functs); + ERR_load_strings(GMP_lib_error_code,GMP_str_reasons); +#endif + +#ifdef GMP_LIB_NAME + GMP_lib_name->error = ERR_PACK(GMP_lib_error_code,0,0); + ERR_load_strings(0,GMP_lib_name); +#endif + } + } + +static void ERR_unload_GMP_strings(void) + { + if (GMP_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(GMP_lib_error_code,GMP_str_functs); + ERR_unload_strings(GMP_lib_error_code,GMP_str_reasons); +#endif + +#ifdef GMP_LIB_NAME + ERR_unload_strings(0,GMP_lib_name); +#endif + GMP_error_init=1; + } + } + +static void ERR_GMP_error(int function, int reason, char *file, int line) + { + if (GMP_lib_error_code == 0) + GMP_lib_error_code=ERR_get_next_error_library(); + ERR_PUT_error(GMP_lib_error_code,function,reason,file,line); + } diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h new file mode 100644 index 000000000..cf46f0ec7 --- /dev/null +++ b/engines/e_gmp_err.h @@ -0,0 +1,81 @@ +/* ==================================================================== + * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_GMP_ERR_H +#define HEADER_GMP_ERR_H + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +static void ERR_load_GMP_strings(void); +static void ERR_unload_GMP_strings(void); +static void ERR_GMP_error(int function, int reason, char *file, int line); +#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the GMP functions. */ + +/* Function codes. */ +#define GMP_F_E_GMP_CTRL 100 +#define GMP_F_E_GMP_RSA_MOD_EXP 101 + +/* Reason codes. */ +#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100 +#define GMP_R_KEY_CONTEXT_ERROR 101 +#define GMP_R_MISSING_KEY_COMPONENTS 102 + +#ifdef __cplusplus +} +#endif +#endif From f3c22ef10de7a506f0c127892835961c7f07837c Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 15:49:03 +0000 Subject: [PATCH 042/550] This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing of other builtin ENGINEs to be alphabetical (though "dynamic" will still come first). --- crypto/engine/eng_all.c | 25 ++++++++++++++----------- crypto/engine/engine.h | 15 ++++++++------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 7cc05bfe0..64ec2db90 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -72,34 +72,37 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_dynamic(); #ifndef OPENSSL_NO_STATIC_ENGINE #ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_4758_CCA + ENGINE_load_4758cca(); +#endif +#ifndef OPENSSL_NO_HW_AEP + ENGINE_load_aep(); +#endif +#ifndef OPENSSL_NO_HW_ATALLA + ENGINE_load_atalla(); +#endif #ifndef OPENSSL_NO_HW_CSWIFT ENGINE_load_cswift(); #endif #ifndef OPENSSL_NO_HW_NCIPHER ENGINE_load_chil(); #endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif #ifndef OPENSSL_NO_HW_NURON ENGINE_load_nuron(); #endif -#ifndef OPENSSL_NO_HW_UBSEC - ENGINE_load_ubsec(); -#endif -#ifndef OPENSSL_NO_HW_AEP - ENGINE_load_aep(); -#endif #ifndef OPENSSL_NO_HW_SUREWARE ENGINE_load_sureware(); #endif -#ifndef OPENSSL_NO_HW_4758_CCA - ENGINE_load_4758cca(); +#ifndef OPENSSL_NO_HW_UBSEC + ENGINE_load_ubsec(); #endif #endif #if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif +#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP) + ENGINE_load_gmp(); +#endif #endif } diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 8ed684c0e..44b3849b2 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -320,14 +320,15 @@ ENGINE *ENGINE_by_id(const char *id); void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); #ifndef OPENSSL_NO_STATIC_ENGINE -void ENGINE_load_cswift(void); -void ENGINE_load_chil(void); -void ENGINE_load_atalla(void); -void ENGINE_load_nuron(void); -void ENGINE_load_ubsec(void); -void ENGINE_load_aep(void); -void ENGINE_load_sureware(void); void ENGINE_load_4758cca(void); +void ENGINE_load_aep(void); +void ENGINE_load_atalla(void); +void ENGINE_load_chil(void); +void ENGINE_load_cswift(void); +void ENGINE_load_gmp(void); +void ENGINE_load_nuron(void); +void ENGINE_load_sureware(void); +void ENGINE_load_ubsec(void); #endif void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); From 96f7065f6392e19f1449578aaeabb8dc39294fa7 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 15:52:40 +0000 Subject: [PATCH 043/550] Summarise the last couple of commits. --- CHANGES | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/CHANGES b/CHANGES index 1a30ede2a..32056ac1f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,22 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) Added an ENGINE that implements RSA by performing private key + exponentiations with the GMP library. The conversions to and from + GMP's mpz_t format aren't optimised nor are any montgomery forms + cached, and on x86 it appears OpenSSL's own performance has caught up. + However there are likely to be other architectures where GMP could + provide a boost. This ENGINE is not built in by default, but it can be + specified at Configure time and should be accompanied by the necessary + linker additions, eg; + ./config -DOPENSSL_USE_GMP -lgmp + [Geoff Thorpe] + + *) "openssl engine" will not display ENGINE/DSO load failure errors when + testing availability of engines with "-t" - the old behaviour is + produced by increasing the feature's verbosity with "-tt". + [Geoff Thorpe] + *) ECDSA routines: under certain error conditions uninitialized BN objects could be freed. Solution: make sure initialization is performed early enough. (Reported and fix supplied by Nils Larsch From 0b13e9f055d3f7be066dc2e89fc9f9822b12eca7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 17:39:26 +0000 Subject: [PATCH 044/550] Add the possibility to build without the ENGINE framework. PR: 287 --- CHANGES | 3 ++ Configure | 3 +- apps/apps.c | 8 +++++ apps/apps.h | 69 +++++++++++++++++++++++++++----------- apps/ca.c | 8 +++++ apps/dgst.c | 8 +++++ apps/dh.c | 15 ++++++++- apps/dhparam.c | 13 ++++++- apps/dsa.c | 15 ++++++++- apps/dsaparam.c | 10 ++++++ apps/enc.c | 10 ++++++ apps/engine.c | 3 ++ apps/gendh.c | 10 ++++++ apps/gendsa.c | 10 ++++++ apps/genrsa.c | 10 ++++++ apps/openssl.c | 2 ++ apps/pkcs12.c | 8 +++++ apps/pkcs7.c | 10 ++++++ apps/pkcs8.c | 8 +++++ apps/progs.h | 4 +++ apps/rand.c | 10 ++++++ apps/req.c | 10 +++++- apps/rsa.c | 8 +++++ apps/rsautl.c | 8 +++++ apps/s_client.c | 8 +++++ apps/s_server.c | 12 +++++++ apps/smime.c | 8 +++++ apps/speed.c | 6 ++++ apps/spkac.c | 8 +++++ apps/verify.c | 12 ++++++- apps/x509.c | 8 +++++ crypto/conf/conf_mall.c | 4 +++ crypto/conf/conf_sap.c | 4 +++ crypto/dh/dh.h | 2 ++ crypto/dh/dh_key.c | 2 ++ crypto/dh/dh_lib.c | 10 ++++++ crypto/dsa/dsa.h | 2 ++ crypto/dsa/dsa_lib.c | 10 ++++++ crypto/dsa/dsa_ossl.c | 2 ++ crypto/dsa/dsa_sign.c | 2 ++ crypto/dsa/dsa_vrf.c | 2 ++ crypto/dsa/dsatest.c | 2 ++ crypto/ec/ectest.c | 4 +++ crypto/engine/engine.h | 5 +++ crypto/engine/enginetest.c | 11 +++++- crypto/err/err_all.c | 4 +++ crypto/evp/digest.c | 13 ++++++- crypto/evp/evp.h | 4 +++ crypto/evp/evp_acnf.c | 2 ++ crypto/evp/evp_enc.c | 10 ++++++ crypto/evp/evp_test.c | 9 +++++ crypto/rand/rand.h | 2 ++ crypto/rand/rand_lib.c | 10 ++++++ crypto/rsa/rsa.h | 2 ++ crypto/rsa/rsa_eay.c | 2 ++ crypto/rsa/rsa_lib.c | 10 ++++++ crypto/rsa/rsa_sign.c | 6 ++++ crypto/rsa/rsa_test.c | 2 ++ demos/x509/mkcert.c | 4 +++ demos/x509/mkreq.c | 4 +++ ssl/ssltest.c | 4 +++ util/bat.sh | 2 ++ util/mk1mf.pl | 8 +++++ util/mkdef.pl | 8 +++-- 64 files changed, 463 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index 32056ac1f..8196fd23f 100644 --- a/CHANGES +++ b/CHANGES @@ -406,6 +406,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie via Richard Levitte] + *) Under Win32 gmtime() can return NULL: check return value in OPENSSL_gmtime(). Add error code for case where gmtime() fails. [Steve Henson] diff --git a/Configure b/Configure index 4d227e6d8..0f270d72e 100755 --- a/Configure +++ b/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -38,6 +38,7 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # +# no-engine do not compile in any engine code. # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware diff --git a/apps/apps.c b/apps/apps.c index 4a8c9263a..ec3e391b6 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp @@ -859,6 +861,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -868,6 +871,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -935,6 +939,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -944,6 +949,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -1329,6 +1335,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) return NULL; } +#ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { @@ -1385,6 +1392,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } return e; } +#endif int load_config(BIO *err, CONF *cnf) { diff --git a/apps/apps.h b/apps/apps.h index 7b1f8ded7..c36b9d256 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -121,7 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -179,30 +181,57 @@ extern BIO *bio_err; do_pipe_sig() # define apps_shutdown() #else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# ifndef OPENSSL_NO_ENGINE +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# endif # else # define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ + setup_ui_method(); } while(0) # endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# endif +# else +# define apps_startup() \ + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); \ + setup_ui_method(); } while(0) +# endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # endif -# define apps_shutdown() \ - do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) #endif typedef struct args_st @@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); +#ifndef OPENSSL_NO_ENGINE ENGINE *setup_engine(BIO *err, const char *engine, int debug); +#endif int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/apps/ca.c b/apps/ca.c index 2a56e556a..6722c5dbc 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -196,7 +196,9 @@ static char *ca_usage[]={ " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -status serial - Shows certificate status given the serial number\n", " -updatedb - Updates db for expired certificates\n", NULL @@ -333,7 +335,9 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *tofree=NULL; #ifdef EFENCE @@ -537,11 +541,13 @@ EF_ALIGNMENT=0; rev_arg = *(++argv); rev_type = REV_CA_COMPROMISE; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { bad: @@ -562,7 +568,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /*****************************************************************/ tofree=NULL; diff --git a/apps/dgst.c b/apps/dgst.c index 280f79b4a..47d1309b1 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -100,7 +100,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -166,11 +168,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyform=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; engine= *(++argv); } +#endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -208,7 +212,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -228,7 +234,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); diff --git a/apps/dh.c b/apps/dh.c index c10ea96b9..cd01fed13 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -87,12 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif apps_startup(); @@ -103,7 +108,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -134,11 +141,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -170,13 +179,17 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/dhparam.c b/apps/dhparam.c index cbc65bcc5..dc00355b9 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -148,7 +148,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -157,7 +159,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL,*engine=NULL; + char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif int num = 0, g = 0; apps_startup(); @@ -199,11 +204,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -249,7 +256,9 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -259,7 +268,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 65988717b..e9de3a3bd 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -98,7 +100,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -112,7 +117,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -153,11 +160,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -189,7 +198,9 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA @@ -207,7 +218,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index b6abe785a..14e79f9a2 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -110,7 +110,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -118,7 +120,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif #ifdef GENCB_TEST int timebomb=0; #endif @@ -162,11 +166,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if(strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } +#endif #ifdef GENCB_TEST else if(strcmp(*argv, "-timebomb") == 0) { @@ -221,7 +227,9 @@ bad: BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif #ifdef GENCB_TEST BIO_printf(bio_err," -timebomb n interrupt keygen after seconds\n"); #endif @@ -268,7 +276,9 @@ bad: } } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) { diff --git a/apps/enc.c b/apps/enc.c index 42ddfd244..0a9f7310b 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -100,7 +100,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -119,7 +121,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif apps_startup(); @@ -163,11 +167,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -270,7 +276,9 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); +#endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, @@ -284,7 +292,9 @@ bad: argv++; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (bufsize != NULL) { diff --git a/apps/engine.c b/apps/engine.c index 1a22d5dee..3b3464a84 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_ENGINE + #include #include #include @@ -526,3 +528,4 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#endif diff --git a/apps/gendh.c b/apps/gendh.c index 574a13a57..b90087493 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -87,13 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif BIO *out=NULL; apps_startup(); @@ -121,11 +125,13 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -144,14 +150,18 @@ bad: BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) diff --git a/apps/gendsa.c b/apps/gendsa.c index 4600711c3..6d2ed06c8 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -77,7 +77,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -85,7 +87,9 @@ int MAIN(int argc, char **argv) char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -111,11 +115,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -167,7 +173,9 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -176,7 +184,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/genrsa.c b/apps/genrsa.c index 6079688ce..0ce23946e 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -87,7 +87,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; RSA *rsa=NULL; int i,num=DEFBITS; @@ -96,7 +98,9 @@ int MAIN(int argc, char **argv) unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *inrand=NULL; BIO *out=NULL; @@ -128,11 +132,13 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -183,7 +189,9 @@ bad: BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -197,7 +205,9 @@ bad: goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (outfile == NULL) { diff --git a/apps/openssl.c b/apps/openssl.c index 47896472e..45af2ba7f 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #include "progs.h" #include "s_apps.h" diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e445c24b9..dd56a2b80 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -120,7 +120,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -259,11 +261,13 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else badarg = 1; } else badarg = 1; @@ -311,14 +315,18 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(passarg) { if(export_cert) passargout = passarg; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 738dd853c..6c58c67eb 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -82,7 +82,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -134,11 +138,13 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -161,14 +167,18 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif ret = 1; goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 1debccb17..6be27e7f4 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); @@ -145,11 +147,13 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*args,"-engine") == 0) { if (!args[1]) goto bad; engine= *(++args); } +#endif else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -182,11 +186,15 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif return (1); } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/progs.h b/apps/progs.h index 999de31bd..b551e1de9 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -37,7 +37,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); +#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); +#endif extern int ocsp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 @@ -119,7 +121,9 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, +#ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, +#endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, diff --git a/apps/rand.c b/apps/rand.c index eaaa6e35a..63724bc73 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -76,7 +76,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -84,7 +86,9 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -106,6 +110,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(argv[i], "-engine") == 0) { if ((argv[i+1] != NULL) && (engine == NULL)) @@ -113,6 +118,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#endif else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -150,13 +156,17 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/req.c b/apps/req.c index 361211498..8304df8aa 100644 --- a/apps/req.c +++ b/apps/req.c @@ -172,7 +172,9 @@ int MAIN(int argc, char **argv) int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *extensions = NULL; char *req_exts = NULL; const EVP_CIPHER *cipher=NULL; @@ -220,11 +222,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -488,7 +492,9 @@ bad: BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); +#endif BIO_printf(bio_err," -subject output the request's subject\n"); BIO_printf(bio_err," -passin private key password source\n"); BIO_printf(bio_err," -key file use the private key contained in file\n"); @@ -516,7 +522,7 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -680,7 +686,9 @@ bad: if ((in == NULL) || (out == NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (keyfile != NULL) { diff --git a/apps/rsa.c b/apps/rsa.c index aebec744a..0acdb08b2 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif int modulus=0; apps_startup(); @@ -156,11 +158,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -212,13 +216,17 @@ bad: BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/rsautl.c b/apps/rsautl.c index 36957e5b8..5a6fd115f 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -125,9 +127,11 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); +#ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; engine = *(++argv); +#endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -162,7 +166,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -305,7 +311,9 @@ static void usage() BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-hexdump hex dump output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif } diff --git a/apps/s_client.c b/apps/s_client.c index 738588c6a..2e73f3467 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -222,7 +222,9 @@ static void sc_usage(void) BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\" is supported.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -254,8 +256,10 @@ int MAIN(int argc, char **argv) SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; +#endif #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -415,11 +419,13 @@ int MAIN(int argc, char **argv) else goto bad; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id = *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -444,7 +450,9 @@ bad: OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/s_server.c b/apps/s_server.c index 39013c2b0..814f3b9c1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -255,7 +255,9 @@ static int s_msg=0; static int s_quiet=0; static int hack=0; +#ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; +#endif static const char *session_id_prefix=NULL; #ifdef MONOLITH @@ -280,7 +282,9 @@ static void s_server_init(void) s_msg=0; s_quiet=0; hack=0; +#ifndef OPENSSL_NO_ENGINE engine_id=NULL; +#endif } #endif @@ -337,7 +341,9 @@ static void sv_usage(void) BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -512,7 +518,9 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; +#endif char *inrand=NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) @@ -696,11 +704,13 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; session_id_prefix = *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -725,7 +735,9 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/smime.c b/apps/smime.c index ef0e47746..cc248d377 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif args = argv + 1; ret = 1; @@ -176,11 +178,13 @@ int MAIN(int argc, char **argv) inrand = *args; } else badarg = 1; need_rand = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -330,7 +334,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); @@ -339,7 +345,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/speed.c b/apps/speed.c index ad455e507..758ce250d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -398,7 +398,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -731,6 +733,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -elapsed gets confused with an algorithm. */ } +#ifndef OPENSSL_NO_ENGINE else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) { argc--; @@ -747,6 +750,7 @@ int MAIN(int argc, char **argv) means all of them should be run) */ j--; } +#endif #ifdef HAVE_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { @@ -1064,7 +1068,9 @@ int MAIN(int argc, char **argv) #if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); diff --git a/apps/spkac.c b/apps/spkac.c index ed370c5ca..47ee53f1e 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -92,7 +92,9 @@ int MAIN(int argc, char **argv) CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -141,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -171,7 +175,9 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } @@ -181,7 +187,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(keyfile) { pkey = load_key(bio_err, diff --git a/apps/verify.c b/apps/verify.c index 9a18213ec..6a93c018b 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -86,7 +86,9 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -142,11 +144,13 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto end; engine= *(++argv); } +#endif else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-ignore_critical") == 0) @@ -170,7 +174,9 @@ int MAIN(int argc, char **argv) break; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); @@ -219,7 +225,11 @@ int MAIN(int argc, char **argv) ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," [-engine e]"); +#endif + BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; diff --git a/apps/x509.c b/apps/x509.c index 9709628df..cea33f58a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -131,7 +131,9 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -certopt arg - various certificate text options\n", NULL }; @@ -183,7 +185,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif reqfile=0; @@ -360,11 +364,13 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -450,7 +456,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) app_RAND_load_file(NULL, bio_err, 0); diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index d702af689..4ba40cf44 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all OpenSSL builtin modules */ @@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); +#endif } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 97fb17430..e15c2e554 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, @@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name) return; OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 62dba4055..38214082f 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -119,7 +119,9 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; +#endif }; #define DH_GENERATOR_2 2 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 5e58e0032..28c20750b 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ba5fd4105..09965ee2e 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE if (dh->engine) { ENGINE_finish(dh->engine); dh->engine = NULL; } +#endif dh->meth = meth; if (meth->init) meth->init(dh); return 1; @@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine) } ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -182,8 +190,10 @@ void DH_free(DH *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 6ba79b01d..63fcce9a3 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -142,8 +142,10 @@ struct dsa_st int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 579f73f86..4171af24c 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; } +#endif dsa->meth = meth; if (meth->init) meth->init(dsa); return 1; @@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine) return(NULL); } ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -189,8 +197,10 @@ void DSA_free(DSA *r) if(r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if(r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 70d60d9e2..3a8d2bbc3 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index e9469ca62..5cdc8ed85 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 066c6b5b2..fffb129f8 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index c341c1b49..75eca097a 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -74,7 +74,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #include "../bio/bss_file.c" #endif diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e292da338..e91c8fffb 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -86,7 +86,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include #include @@ -1227,7 +1229,9 @@ int main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 44b3849b2..43500a867 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -65,6 +65,11 @@ #define HEADER_ENGINE_H #include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include #include #ifndef OPENSSL_NO_RSA diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c index 87fa8c57b..c2d029739 100644 --- a/crypto/engine/enginetest.c +++ b/crypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include #include #include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include #include #include #include @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 812ab7cbe..6da4326b2 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -88,7 +88,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -134,7 +136,9 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); +#endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 33013c41a..5b2104ac1 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -113,7 +113,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -183,7 +186,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else ctx->engine = NULL; } - else if(!ctx->digest) + else +#endif + if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; @@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->ctx_size) ctx->md_data=OPENSSL_malloc(type->ctx_size); } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif return ctx->digest->init(ctx); } @@ -246,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); return 0; } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); return 0; } +#endif EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); @@ -304,10 +313,12 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index b084a3580..a58ece3a4 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -277,7 +277,9 @@ struct env_md_st struct env_md_ctx_st { const EVP_MD *digest; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ +#endif unsigned long flags; void *md_data; } /* EVP_MD_CTX */; @@ -349,7 +351,9 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ +#endif int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index a68b979bd..54c073ca4 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -59,7 +59,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index ccfcc7e1b..be0758a87 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include "evp_locl.h" const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; @@ -91,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -98,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp if (ctx->engine && ctx->cipher && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; +#endif if (cipher) { /* Ensure a context left lying around from last time is cleared @@ -107,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp /* Restore encrypt field: it is zeroed by cleanup */ ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; +#endif ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); @@ -159,7 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); return 0; } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -460,10 +468,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) } if (c->cipher_data) OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(c->engine); +#endif memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 698aff21d..28460173f 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -53,7 +53,10 @@ #include "../e_os.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#include #include static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -330,11 +333,14 @@ int main(int argc,char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -343,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -384,7 +391,9 @@ int main(int argc,char **argv) } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 66e39991e..606382dd2 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -87,7 +87,9 @@ extern int rand_predictable; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5cf5dc118..513e33898 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -60,19 +60,25 @@ #include #include "cryptlib.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; +#endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifndef OPENSSL_NO_ENGINE if(funct_ref) { ENGINE_finish(funct_ref); funct_ref = NULL; } +#endif default_RAND_meth = meth; return 1; } @@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void) { if (!default_RAND_meth) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = ENGINE_get_default_RAND(); if(e) { @@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; } +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine) funct_ref = engine; return 1; } +#endif void RAND_cleanup(void) { diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b005b4b0b..68696f821 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -128,8 +128,10 @@ struct rsa_st int pad; long version; const RSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif BIGNUM *n; BIGNUM *e; BIGNUM *d; diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index cab34847d..d4e30647d 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifndef RSA_NULL diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 93235744f..889c36d3a 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; @@ -108,11 +110,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE if (rsa->engine) { ENGINE_finish(rsa->engine); rsa->engine = NULL; } +#endif rsa->meth = meth; if (meth->init) meth->init(rsa); return 1; @@ -130,6 +134,7 @@ RSA *RSA_new_method(ENGINE *engine) } ret->meth = RSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -154,6 +159,7 @@ RSA *RSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -175,8 +181,10 @@ RSA *RSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -205,8 +213,10 @@ void RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 4ac2de340..9dd62ac95 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -77,10 +79,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_sign) return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, m, m_len, sigret, siglen, rsa); +#endif /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -155,10 +159,12 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_verify) return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); +#endif s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index b8b462d33..99abb1fde 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,7 +16,9 @@ int main(int argc, char *argv[]) } #else #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/demos/x509/mkcert.c b/demos/x509/mkcert.c index 8304d30e0..c5e67b8e2 100644 --- a/demos/x509/mkcert.c +++ b/demos/x509/mkcert.c @@ -9,7 +9,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(X509 *cert, int nid, char *value); @@ -35,7 +37,9 @@ int main(int argc, char **argv) X509_free(x509); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/demos/x509/mkreq.c b/demos/x509/mkreq.c index d69dcc392..3dfc65f16 100644 --- a/demos/x509/mkreq.c +++ b/demos/x509/mkreq.c @@ -8,7 +8,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value); @@ -33,7 +35,9 @@ int main(int argc, char **argv) X509_REQ_free(req); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fc27f018d..49360d5f9 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -133,7 +133,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -828,7 +830,9 @@ end: #ifndef OPENSSL_NO_RSA free_tmp_rsa(); #endif +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/util/bat.sh b/util/bat.sh index c6f48e8a7..4d9a8287d 100755 --- a/util/bat.sh +++ b/util/bat.sh @@ -62,6 +62,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; @@ -116,6 +117,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 8c6370bc5..5f3ab059f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -65,6 +65,8 @@ and [options] can be one of no-krb5 - No KRB5 no-ec - No EC no-ecdsa - No ECDSA + no-ecdh - No ECDH + no-engine - No engine nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -234,6 +236,8 @@ $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; +$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -663,6 +667,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -723,6 +728,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -925,6 +931,8 @@ sub read_options elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } elsif (/^no-ecdsa$/) { $no_ecdsa=1; } + elsif (/^no-ecdh$/) { $no_ecdh=1; } + elsif (/^no-engine$/) { $no_engine=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkdef.pl b/util/mkdef.pl index d868a3503..517493965 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -93,7 +93,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # External "algorithms" "FP_API", "STDIO", "SOCK", "KRB5", # Engines - "STATIC_ENGINE", + "STATIC_ENGINE", "ENGINE", # Deprecated functions "DEPRECATED" ); @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_fp_api; my $no_static_engine; my $no_deprecated; foreach (@ARGV, split(/ /, $options)) @@ -182,6 +182,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-comp$/) { $no_comp=1; } elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } + elsif (/^no-engine$/) { $no_engine=1; } } @@ -243,7 +244,7 @@ $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; -$crypto.=" crypto/engine/engine.h"; +$crypto.=" crypto/engine/engine.h"; # unless $no_engine; $crypto.=" crypto/stack/stack.h" ; # unless $no_stack; $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer; $crypto.=" crypto/bio/bio.h" ; # unless $no_bio; @@ -1065,6 +1066,7 @@ sub is_valid if ($keyword eq "COMP" && $no_comp) { return 0; } if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } + if ($keyword eq "ENGINE" && $no_engine) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } From a1d57849b3b0248d7b159849675e3a695ee1765c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 17:53:02 +0000 Subject: [PATCH 045/550] make update --- TABLE | 18 ++-- engines/Makefile.ssl | 12 +++ util/libeay.num | 249 ++++++++++++++++++++++--------------------- 3 files changed, 146 insertions(+), 133 deletions(-) diff --git a/TABLE b/TABLE index 460976130..bf14584c2 100644 --- a/TABLE +++ b/TABLE @@ -1093,10 +1093,10 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= +$shared_target= aix-shared $shared_cflag = $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = @@ -1143,10 +1143,10 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= +$shared_target= aix-shared $shared_cflag = -$shared_ldflag = -$shared_extension = +$shared_ldflag = -q64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -X 64 @@ -3656,7 +3656,7 @@ $cflags = -belf $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -lsocket -lresolv -lnsl +$lflags = -lsocket -lnsl $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = asm/bn86-elf.o asm/co86-elf.o $des_obj = asm/dx86-elf.o asm/yx86-elf.o @@ -3671,7 +3671,7 @@ $dso_scheme = dlfcn $shared_target= svr3-shared $shared_cflag = -Kpic $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = @@ -3681,7 +3681,7 @@ $cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -lsocket -lresolv -lnsl +$lflags = -lsocket -lnsl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = asm/bn86-elf.o asm/co86-elf.o $des_obj = asm/dx86-elf.o asm/yx86-elf.o @@ -3696,7 +3696,7 @@ $dso_scheme = dlfcn $shared_target= svr3-shared $shared_cflag = -fPIC $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index 15d92844e..6a010e05d 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -184,6 +184,18 @@ e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_cswift.o: ../include/openssl/safestack.h ../include/openssl/stack.h e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h +e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_gmp.o: ../include/openssl/crypto.h ../include/openssl/dh.h +e_gmp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/ui.h e_gmp.c e_ncipher.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ncipher.o: ../include/openssl/crypto.h ../include/openssl/dh.h diff --git a/util/libeay.num b/util/libeay.num index 069c13d0b..efaf93c94 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1881,72 +1881,72 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: BN_bntest_rand 2464 EXIST::FUNCTION: OPENSSL_issetugid 2465 EXIST::FUNCTION: BN_rand_range 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE +ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE +ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION: DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION: -ENGINE_set_DH 2473 EXIST::FUNCTION: +ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: +ENGINE_init 2475 EXIST::FUNCTION:ENGINE DH_get_default_openssl_method 2476 NOEXIST::FUNCTION: RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION: -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: +ENGINE_finish 2478 EXIST::FUNCTION:ENGINE +ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE +ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE +ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE +ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE +ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE +ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE +ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE +ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE +ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE +ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE +ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE +ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE +ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE +ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION: -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: +ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE +ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: +ENGINE_remove 2501 EXIST::FUNCTION:ENGINE +ENGINE_free 2502 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: +ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE +ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: +ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: +ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE +ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: +ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE +ENGINE_new 2515 EXIST::FUNCTION:ENGINE +ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION: -ENGINE_add 2518 EXIST::FUNCTION: +ENGINE_add 2518 EXIST::FUNCTION:ENGINE DH_set_default_openssl_method 2519 NOEXIST::FUNCTION: -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: +ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE +ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE +ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_ciphers 2528 EXIST::FUNCTION: -ENGINE_get_ciphers 2529 EXIST::FUNCTION: +ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE +ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -1959,15 +1959,15 @@ X509V3_add1_i2d 2536 EXIST::FUNCTION: PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_add_input_boolean 2538 EXIST::FUNCTION: -ENGINE_unregister_RSA 2539 EXIST::FUNCTION: +ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf 2540 EXIST::FUNCTION: ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: X509_print_ex 2544 EXIST::FUNCTION:BIO OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: -ENGINE_register_all_RAND 2546 EXIST::FUNCTION: -ENGINE_load_dynamic 2547 EXIST::FUNCTION: +ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE +ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: @@ -1987,7 +1987,7 @@ X509_STORE_set_purpose 2559 EXIST::FUNCTION: i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: OCSP_response_status 2561 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: -ENGINE_get_digest_engine 2563 EXIST::FUNCTION: +ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: _ossl_old_des_random_key 2566 EXIST::FUNCTION:DES @@ -2011,7 +2011,7 @@ _shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA _shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES asn1_do_adb 2582 EXIST::FUNCTION: ASN1_template_i2d 2583 EXIST::FUNCTION: -ENGINE_register_DH 2584 EXIST::FUNCTION: +ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE UI_construct_prompt 2585 EXIST::FUNCTION: X509_STORE_set_trust 2586 EXIST::FUNCTION: UI_dup_input_string 2587 EXIST::FUNCTION: @@ -2039,7 +2039,7 @@ OCSP_resp_find 2605 EXIST::FUNCTION: BN_nnmod 2606 EXIST::FUNCTION: X509_CRL_sort 2607 EXIST::FUNCTION: X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION: -ENGINE_register_RAND 2609 EXIST::FUNCTION: +ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC @@ -2049,11 +2049,11 @@ SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_dup_input_boolean 2614 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION: EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC -ENGINE_load_cryptodev 2617 EXIST::FUNCTION: +ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE DSO_convert_filename 2618 EXIST::FUNCTION: POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_ciphers 2620 EXIST::FUNCTION: +ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE BN_mod_lshift_quick 2621 EXIST::FUNCTION: DSO_set_filename 2622 EXIST::FUNCTION: ASN1_item_free 2623 EXIST::FUNCTION: @@ -2062,7 +2062,7 @@ AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: KRB5_APREQBODY_new 2626 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: -ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION: +ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: EVP_MD_CTX_init 2630 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: @@ -2071,8 +2071,8 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION:STATIC_ENGINE -ENGINE_register_all_digests 2637 EXIST::FUNCTION: +ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS12_unpack_authsafes 2639 EXIST::FUNCTION: @@ -2098,16 +2098,16 @@ OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: _ossl_old_des_crypt 2654 EXIST::FUNCTION:DES ASN1_item_i2d 2655 EXIST::FUNCTION: EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: -ENGINE_load_openssl 2657 EXIST::FUNCTION: -ENGINE_get_cmd_defns 2658 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION: -ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION: +ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE +ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE +ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE EVP_EncryptFinal_ex 2660 EXIST::FUNCTION: -ENGINE_set_default_digests 2661 EXIST::FUNCTION: +ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: asn1_ex_i2c 2663 EXIST::FUNCTION: -ENGINE_register_RSA 2664 EXIST::FUNCTION: -ENGINE_unregister_DSA 2665 EXIST::FUNCTION: +ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE _ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2120,7 +2120,7 @@ PKCS12_certbag2x509 2672 EXIST::FUNCTION: _ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: -ENGINE_set_ciphers 2676 EXIST::FUNCTION: +ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2156,7 +2156,7 @@ NCONF_get_number_e 2704 EXIST::FUNCTION: _ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES X509_signature_print 2706 EXIST::FUNCTION:EVP OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: -ENGINE_load_builtin_engines 2708 EXIST::FUNCTION: +ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: @@ -2184,7 +2184,7 @@ X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: _ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES -RAND_set_rand_engine 2730 EXIST::FUNCTION: +RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE DSO_get_loaded_filename 2731 EXIST::FUNCTION: X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2206,7 +2206,7 @@ i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC -ENGINE_get_digest 2748 EXIST::FUNCTION: +ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2219,16 +2219,16 @@ PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PKCS12_certbag2x509crl 2754 EXIST::FUNCTION: PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_cipher 2756 EXIST::FUNCTION: +ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE i2d_OCSP_CRLID 2757 EXIST::FUNCTION: OCSP_SINGLERESP_new 2758 EXIST::FUNCTION: -ENGINE_cmd_is_executable 2759 EXIST::FUNCTION: +ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE RSA_up_ref 2760 EXIST::FUNCTION:RSA ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_DSA 2762 EXIST::FUNCTION: +ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION: +ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE PKCS8_decrypt 2765 EXIST::FUNCTION: PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2265,7 +2265,7 @@ UI_method_set_flusher 2789 EXIST::FUNCTION: X509_ocspid_print 2790 EXIST::FUNCTION:BIO KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION: +ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE UI_add_user_data 2793 EXIST::FUNCTION: OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: UI_get_method 2795 EXIST::FUNCTION: @@ -2289,16 +2289,16 @@ ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_ex_data 2807 EXIST::FUNCTION: _ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES -ENGINE_register_all_RSA 2809 EXIST::FUNCTION: +ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_digests 2813 EXIST::FUNCTION: +ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: -ENGINE_get_digests 2816 EXIST::FUNCTION: +ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE _ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 EXIST::FUNCTION: @@ -2309,7 +2309,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION: +ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE OCSP_REQUEST_free 2827 EXIST::FUNCTION: OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2343,7 +2343,7 @@ EC_POINT_method_of 2852 EXIST::FUNCTION:EC i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: _ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: -ENGINE_get_ex_data 2856 EXIST::FUNCTION: +ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE UI_destroy_method 2857 EXIST::FUNCTION: ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: @@ -2367,7 +2367,7 @@ PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION: OCSP_request_add1_nonce 2874 EXIST::FUNCTION: -ENGINE_set_cmd_defns 2875 EXIST::FUNCTION: +ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_free 2876 EXIST::FUNCTION: EC_GROUP_free 2877 EXIST::FUNCTION:EC ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2384,7 +2384,7 @@ EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION: PKCS12_item_pack_safebag 2887 EXIST::FUNCTION: asn1_ex_c2i 2888 EXIST::FUNCTION: -ENGINE_register_digests 2889 EXIST::FUNCTION: +ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION: asn1_enc_restore 2891 EXIST::FUNCTION: UI_free 2892 EXIST::FUNCTION: @@ -2395,7 +2395,7 @@ EC_POINT_invert 2896 EXIST::FUNCTION:EC OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: OCSP_check_nonce 2899 EXIST::FUNCTION: -ENGINE_ctrl_cmd 2900 EXIST::FUNCTION: +ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: OCSP_parse_url 2902 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: @@ -2403,12 +2403,12 @@ OCSP_CRLID_free 2904 EXIST::FUNCTION: OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION: RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -ENGINE_register_all_DH 2907 EXIST::FUNCTION: +ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE i2d_EDIPARTYNAME 2908 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC OCSP_CRLID_new 2910 EXIST::FUNCTION: -ENGINE_get_flags 2911 EXIST::FUNCTION: +ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_process 2913 EXIST::FUNCTION: @@ -2416,8 +2416,8 @@ ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_CipherInit_ex 2915 EXIST::FUNCTION: UI_get_string_type 2916 EXIST::FUNCTION: -ENGINE_unregister_DH 2917 EXIST::FUNCTION: -ENGINE_register_all_DSA 2918 EXIST::FUNCTION: +ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: bn_dup_expand 2920 EXIST::FUNCTION: OCSP_cert_id_new 2921 EXIST::FUNCTION: @@ -2438,11 +2438,11 @@ BN_mod_sub_quick 2933 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: OCSP_request_sign 2935 EXIST::FUNCTION: EVP_DigestFinal_ex 2936 EXIST::FUNCTION: -ENGINE_set_digests 2937 EXIST::FUNCTION: +ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE OCSP_id_issuer_cmp 2938 EXIST::FUNCTION: OBJ_NAME_do_all 2939 EXIST::FUNCTION: EC_POINTs_mul 2940 EXIST::FUNCTION:EC -ENGINE_register_complete 2941 EXIST::FUNCTION: +ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION: ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2451,7 +2451,7 @@ RAND_query_egd_bytes 2945 EXIST::FUNCTION: UI_method_get_writer 2946 EXIST::FUNCTION: UI_OpenSSL 2947 EXIST::FUNCTION: PEM_def_callback 2948 EXIST::FUNCTION: -ENGINE_cleanup 2949 EXIST::FUNCTION: +ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2475,7 +2475,7 @@ OCSP_RESPID_new 2967 EXIST::FUNCTION: OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION: -ENGINE_register_all_complete 2970 EXIST::FUNCTION: +ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE OCSP_check_validity 2971 EXIST::FUNCTION: PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2487,7 +2487,7 @@ KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_supported_extension 2977 EXIST::FUNCTION: i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: UI_method_get_opener 2979 EXIST::FUNCTION: -ENGINE_set_ex_data 2980 EXIST::FUNCTION: +ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE OCSP_REQUEST_print 2981 EXIST::FUNCTION: CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2501,7 +2501,7 @@ OCSP_single_get0_status 2989 EXIST::FUNCTION: BN_swap 2990 EXIST::FUNCTION: POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_set_destroy_function 2992 EXIST::FUNCTION: +ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE asn1_enc_free 2993 EXIST::FUNCTION: OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2523,8 +2523,8 @@ EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_get0_test_string 3007 EXIST::FUNCTION: -ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: -ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: +ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE +ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: _ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES @@ -2545,9 +2545,9 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: -ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: +ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION: @@ -2565,7 +2565,7 @@ AES_decrypt 3040 EXIST::FUNCTION:AES asn1_enc_init 3041 EXIST::FUNCTION: UI_get_result_maxsize 3042 EXIST::FUNCTION: OCSP_CERTID_new 3043 EXIST::FUNCTION: -ENGINE_unregister_RAND 3044 EXIST::FUNCTION: +ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE UI_method_get_closer 3045 EXIST::FUNCTION: d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: OCSP_request_onereq_count 3047 EXIST::FUNCTION: @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2598,15 +2598,15 @@ ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: -ENGINE_set_table_flags 3073 EXIST::FUNCTION: +ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_destroy_function 3080 EXIST::FUNCTION: +ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE CONF_set_nconf 3081 EXIST::FUNCTION: ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2685,7 +2685,7 @@ UI_method_set_opener 3140 EXIST::FUNCTION: ASN1_item_ex_free 3141 EXIST::FUNCTION: ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_table_flags 3143 EXIST::FUNCTION: +ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE UI_create_method 3144 EXIST::FUNCTION: OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION: _shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES @@ -2709,7 +2709,7 @@ PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: -ENGINE_set_flags 3162 EXIST::FUNCTION: +ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE _ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES OCSP_response_get1_basic 3164 EXIST::FUNCTION: EVP_Digest 3165 EXIST::FUNCTION: @@ -2721,8 +2721,8 @@ ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION: BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: AES_cbc_encrypt 3171 EXIST::FUNCTION:AES -ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION: -ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION: +ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE OCSP_RESPONSE_free 3173 EXIST::FUNCTION: UI_method_set_reader 3174 EXIST::FUNCTION: i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: @@ -2736,7 +2736,7 @@ OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: -ENGINE_set_default_string 3184 EXIST::FUNCTION: +ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE CONF_module_get_usr_data 3185 EXIST::FUNCTION: ASN1_add_oid_module 3186 EXIST::FUNCTION: CONF_modules_finish 3187 EXIST::FUNCTION: @@ -2754,7 +2754,7 @@ CONF_imodule_get_name 3198 EXIST::FUNCTION: ERR_peek_top_error 3199 NOEXIST::FUNCTION: CONF_imodule_get_usr_data 3200 EXIST::FUNCTION: CONF_imodule_set_flags 3201 EXIST::FUNCTION: -ENGINE_add_conf_module 3202 EXIST::FUNCTION: +ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE ERR_peek_last_error_line 3203 EXIST::FUNCTION: ERR_peek_last_error_line_data 3204 EXIST::FUNCTION: ERR_peek_last_error 3205 EXIST::FUNCTION: @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION:STATIC_ENGINE -ENGINE_load_sureware 3211 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES @@ -2793,7 +2793,7 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO -ENGINE_up_ref 3238 EXIST::FUNCTION: +ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE BUF_MEM_grow_clean 3239 EXIST::FUNCTION: CRYPTO_realloc_clean 3240 EXIST::FUNCTION: BUF_strlcat 3241 EXIST::FUNCTION: @@ -2802,12 +2802,12 @@ BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: BN_get0_nist_prime_384 3246 EXIST::FUNCTION: -ENGINE_register_ECDSA 3247 EXIST::FUNCTION: +ENGINE_register_ECDSA 3247 EXIST::FUNCTION:ENGINE BN_nist_mod_192 3248 EXIST::FUNCTION: EC_GROUP_get_trinomial_basis 3249 EXIST::FUNCTION:EC ECDH_get_default_method 3250 EXIST::FUNCTION:ECDH PKCS12_add_safe 3251 EXIST::FUNCTION: -ENGINE_register_ECDH 3252 EXIST::FUNCTION: +ENGINE_register_ECDH 3252 EXIST::FUNCTION:ENGINE i2d_ECPrivateKey 3253 EXIST::FUNCTION:EC BN_get0_nist_prime_192 3254 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GF2m 3255 EXIST:!VMS:FUNCTION:EC @@ -2821,10 +2821,10 @@ EC_GROUP_check_discriminant 3261 EXIST::FUNCTION:EC EC_POINT_point2bn 3262 EXIST::FUNCTION:EC EC_GROUP_new_curve_GF2m 3263 EXIST::FUNCTION:EC EVP_PKEY_get1_EC_KEY 3264 EXIST::FUNCTION:EC -ENGINE_get_default_ECDH 3265 EXIST::FUNCTION: +ENGINE_get_default_ECDH 3265 EXIST::FUNCTION:ENGINE ASN1_OCTET_STRING_NDEF_it 3266 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OCTET_STRING_NDEF_it 3266 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_static_state 3267 EXIST::FUNCTION: +ENGINE_get_static_state 3267 EXIST::FUNCTION:ENGINE ECDSA_SIG_new 3268 EXIST::FUNCTION:ECDSA BN_GF2m_mod_sqr 3269 EXIST::FUNCTION: EC_POINT_bn2point 3270 EXIST::FUNCTION:EC @@ -2845,7 +2845,7 @@ BN_GF2m_mod_arr 3283 EXIST::FUNCTION: PEM_write_bio_X509_CERT_PAIR 3284 EXIST::FUNCTION: ECDH_get_ex_data 3285 EXIST::FUNCTION:ECDH ECDSA_do_sign 3286 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3287 EXIST::FUNCTION: +ENGINE_unregister_ECDH 3287 EXIST::FUNCTION:ENGINE ECDH_OpenSSL 3288 EXIST::FUNCTION:ECDH EC_POINT_dup 3289 EXIST::FUNCTION:EC EC_get_builtin_curves 3290 EXIST::FUNCTION:EC @@ -2863,7 +2863,7 @@ i2d_ECParameters 3301 EXIST::FUNCTION:EC i2d_ECPKParameters 3302 EXIST::FUNCTION:EC BN_ncopy 3303 EXIST::FUNCTION: d2i_ECPKParameters 3304 EXIST::FUNCTION:EC -ENGINE_set_ECDH 3305 EXIST::FUNCTION: +ENGINE_set_ECDH 3305 EXIST::FUNCTION:ENGINE PEM_write_bio_EC_PUBKEY 3306 EXIST::FUNCTION:EC ECParameters_print 3307 EXIST::FUNCTION:BIO,EC ASN1_generate_nconf 3308 EXIST::FUNCTION: @@ -2886,7 +2886,7 @@ X509_CERT_PAIR_it 3324 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA X509_CERT_PAIR_it 3324 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BN_GF2m_mod_sqr_arr 3325 EXIST::FUNCTION: EC_GROUP_set_curve_GF2m 3326 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION: +ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION:ENGINE BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH EC_KEY_generate_key 3330 EXIST::FUNCTION:EC @@ -2911,7 +2911,7 @@ BN_GF2m_mod_exp 3348 EXIST::FUNCTION: EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC ecdsa_check 3350 EXIST::FUNCTION:ECDSA BN_GF2m_mod_div_arr 3351 EXIST::FUNCTION: -ENGINE_set_ECDSA 3352 EXIST::FUNCTION: +ENGINE_set_ECDSA 3352 EXIST::FUNCTION:ENGINE ECPKParameters_print 3353 EXIST::FUNCTION:BIO,EC PEM_write_EC_PUBKEY 3354 EXIST:!WIN16:FUNCTION:EC ECDH_set_method 3355 EXIST::FUNCTION:ECDH @@ -2935,14 +2935,14 @@ BN_nist_mod_384 3370 EXIST::FUNCTION: i2d_X509_CERT_PAIR 3371 EXIST::FUNCTION: PEM_write_ECPKParameters 3372 EXIST:!WIN16:FUNCTION:EC ECDH_compute_key 3373 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3374 EXIST::FUNCTION: +ENGINE_register_all_ECDH 3374 EXIST::FUNCTION:ENGINE BN_GF2m_mod_solve_quad 3375 EXIST::FUNCTION: i2d_ECPrivateKey_fp 3376 EXIST::FUNCTION:EC,FP_API -ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION: +ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION:ENGINE EC_POINT_get_affine_coordinates_GF2m 3378 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GF2m 3378 EXIST:VMS:FUNCTION:EC EC_GROUP_dup 3379 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION: +ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION:ENGINE EC_KEY_new 3381 EXIST::FUNCTION:EC ECDSA_verify 3382 EXIST::FUNCTION:ECDSA EC_POINT_point2hex 3383 EXIST::FUNCTION:EC @@ -2962,10 +2962,10 @@ ECDSA_size 3396 EXIST::FUNCTION:ECDSA d2i_EC_PUBKEY_bio 3397 EXIST::FUNCTION:BIO,EC BN_get0_nist_prime_521 3398 EXIST::FUNCTION: PEM_read_bio_ECPrivateKey 3399 EXIST::FUNCTION:EC -ENGINE_get_ECDH 3400 EXIST::FUNCTION: +ENGINE_get_ECDH 3400 EXIST::FUNCTION:ENGINE d2i_ECDSA_SIG 3401 EXIST::FUNCTION:ECDSA ECDSA_sign 3402 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3403 EXIST::FUNCTION: +ENGINE_get_ECDSA 3403 EXIST::FUNCTION:ENGINE EVP_ecdsa 3404 EXIST::FUNCTION:SHA PKCS12_add_cert 3405 EXIST::FUNCTION: ERR_load_ECDH_strings 3406 EXIST::FUNCTION:ECDH @@ -2982,12 +2982,12 @@ d2i_EC_PUBKEY_fp 3416 EXIST::FUNCTION:EC,FP_API ecdh_check 3417 EXIST::FUNCTION:ECDH ECDSA_DATA_new_method 3418 EXIST::FUNCTION:ECDSA PEM_read_bio_X509_CERT_PAIR 3419 EXIST::FUNCTION: -ENGINE_set_default_ECDH 3420 EXIST::FUNCTION: +ENGINE_set_default_ECDH 3420 EXIST::FUNCTION:ENGINE PKCS12_add_key 3421 EXIST::FUNCTION: DSO_merge 3422 EXIST::FUNCTION: EC_POINT_hex2point 3423 EXIST::FUNCTION:EC BN_GF2m_mod_inv_arr 3424 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION:ENGINE BN_GENCB_call 3426 EXIST::FUNCTION: BN_is_prime_ex 3427 EXIST::FUNCTION: RSA_generate_key_ex 3428 EXIST::FUNCTION:RSA @@ -2995,3 +2995,4 @@ DSA_generate_parameters_ex 3429 EXIST::FUNCTION:DSA BN_generate_prime_ex 3430 EXIST::FUNCTION: DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: +ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE From 5fe11c7533f43fd49bcf20992c8eb7c6f773770d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 18:52:46 +0000 Subject: [PATCH 046/550] The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all the header files where the problem existed include ossl_typ.h, which makes a 'forward declaration' of the ENGINE type. --- crypto/dh/dh.h | 2 -- crypto/dsa/dsa.h | 2 -- crypto/evp/evp.h | 4 ---- crypto/rsa/rsa.h | 2 -- 4 files changed, 10 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 38214082f..62dba4055 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -119,9 +119,7 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; -#ifndef OPENSSL_NO_ENGINE ENGINE *engine; -#endif }; #define DH_GENERATOR_2 2 diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 63fcce9a3..6ba79b01d 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -142,10 +142,8 @@ struct dsa_st int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; -#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; -#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index a58ece3a4..b084a3580 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -277,9 +277,7 @@ struct env_md_st struct env_md_ctx_st { const EVP_MD *digest; -#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ -#endif unsigned long flags; void *md_data; } /* EVP_MD_CTX */; @@ -351,9 +349,7 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; -#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ -#endif int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 68696f821..b005b4b0b 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -128,10 +128,8 @@ struct rsa_st int pad; long version; const RSA_METHOD *meth; -#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; -#endif BIGNUM *n; BIGNUM *e; BIGNUM *d; From 3d6a84c42aa11e1be0660c83dc433a7b729d3caa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 19:01:56 +0000 Subject: [PATCH 047/550] For VC++7 and up, the file is VSVARS32.BAT. PR: 327 --- FAQ | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/FAQ b/FAQ index 13eefd1c2..7634d169b 100644 --- a/FAQ +++ b/FAQ @@ -490,10 +490,13 @@ and then redo the compilation. What you should really do is make sure Sometimes, you may get reports from VC++ command line (cl) that it can't find standard include files like stdio.h and other weirdnesses. One possible cause is that the environment isn't correctly set up. -To solve that problem, one should run VCVARS32.BAT which is found in -the 'bin' subdirectory of the VC++ installation directory (somewhere -under 'Program Files'). This needs to be done prior to running NMAKE, -and the changes are only valid for the current DOS session. +To solve that problem for VC++ versions up to 6, one should run +VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ +installation directory (somewhere under 'Program Files'). For VC++ +version 7 (and up?), which is also called VS.NET, the file is called +VSVARS32.BAT instead. +This needs to be done prior to running NMAKE, and the changes are only +valid for the current DOS session. * What is special about OpenSSL on Redhat? From db5006df04483571424227bb7bfac3e085be1642 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 19:05:25 +0000 Subject: [PATCH 048/550] The MASM situation is more difficult than described so far. It is part of VC++ 7. PR: 327 --- INSTALL.W32 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 8a875cf0b..fd182595c 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -26,12 +26,13 @@ * Microsoft MASM (aka "ml") * Free Netwide Assembler NASM. - MASM was at one point distributed with VC++. It is now distributed with some - Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If - you do not have either of these DDKs then you can just download the binaries - for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and - XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both - DDKs can be downloaded from the Microsoft developers site www.msdn.com. + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. NASM is freely available. Version 0.98 was used during testing: other versions may also work. It is available from many places, see for example: From 5cd48abf9f4bf721545abf675e25ea5b2a33a7fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 20:03:45 +0000 Subject: [PATCH 049/550] The util scripts need to handled no-hw. PR: 327 --- util/mk1mf.pl | 5 +++++ util/mkdef.pl | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5f3ab059f..e14391164 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -67,6 +67,7 @@ and [options] can be one of no-ecdsa - No ECDSA no-ecdh - No ECDH no-engine - No engine + no-hw - No hw nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -238,6 +239,7 @@ $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; +$cflags.=" -DOPENSSL_NO_HW" if $no_hw; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -668,6 +670,7 @@ sub var_add local(@a,$_,$ret); return("") if $no_engine && $dir =~ /\/engine/; + return("") if $no_hw && $dir =~ /\/hw/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -729,6 +732,7 @@ sub var_add @a=grep(!/_mdc2$/,@a) if $no_mdc2; @a=grep(!/^engine$/,@a) if $no_engine; + @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -933,6 +937,7 @@ sub read_options elsif (/^no-ecdsa$/) { $no_ecdsa=1; } elsif (/^no-ecdh$/) { $no_ecdh=1; } elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkdef.pl b/util/mkdef.pl index 517493965..f7f0e6ebf 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -93,7 +93,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # External "algorithms" "FP_API", "STDIO", "SOCK", "KRB5", # Engines - "STATIC_ENGINE", "ENGINE", + "STATIC_ENGINE", "ENGINE", "HW", # Deprecated functions "DEPRECATED" ); @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine; my $no_deprecated; foreach (@ARGV, split(/ /, $options)) @@ -183,6 +183,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } } @@ -1067,6 +1068,7 @@ sub is_valid if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } if ($keyword eq "ENGINE" && $no_engine) { return 0; } + if ($keyword eq "HW" && $no_hw) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } From 5d780babe3e0e60e92e41bc38c96963abfe3655f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 21:49:12 +0000 Subject: [PATCH 050/550] A few small bugs with BIO popping. PR: 364 --- crypto/bio/bio_lib.c | 3 ++- ssl/bio_ssl.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 98ce39551..692c8fb5c 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -395,6 +395,8 @@ BIO *BIO_pop(BIO *b) if (b == NULL) return(NULL); ret=b->next_bio; + BIO_ctrl(b,BIO_CTRL_POP,0,NULL); + if (b->prev_bio != NULL) b->prev_bio->next_bio=b->next_bio; if (b->next_bio != NULL) @@ -402,7 +404,6 @@ BIO *BIO_pop(BIO *b) b->next_bio=NULL; b->prev_bio=NULL; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); return(ret); } diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 467e14994..1301549e2 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -403,6 +403,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO_free_all(ssl->wbio); } + if (b->next_bio != NULL) + { + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); + } ssl->wbio=NULL; ssl->rbio=NULL; break; From bfa35550813c3afa5bd121a13f5bbe280c4c919e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 22:02:27 +0000 Subject: [PATCH 051/550] Document -engine where missing. PR: 424 --- doc/apps/ca.pod | 8 ++++++++ doc/apps/dhparam.pod | 8 ++++++++ doc/apps/dsa.pod | 8 ++++++++ doc/apps/dsaparam.pod | 8 ++++++++ doc/apps/gendsa.pod | 8 ++++++++ doc/apps/genrsa.pod | 8 ++++++++ doc/apps/pkcs7.pod | 8 ++++++++ doc/apps/pkcs8.pod | 8 ++++++++ doc/apps/req.pod | 8 ++++++++ doc/apps/rsa.pod | 8 ++++++++ doc/apps/spkac.pod | 8 +++++++- doc/apps/x509.pod | 7 +++++++ 12 files changed, 94 insertions(+), 1 deletion(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 183cd475c..de66c534b 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -43,6 +43,7 @@ B B [B<-msie_hack>] [B<-extensions section>] [B<-extfile section>] +[B<-engine id>] =head1 DESCRIPTION @@ -195,6 +196,13 @@ an additional configuration file to read certificate extensions from (using the default section unless the B<-extensions> option is also used). +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CRL OPTIONS diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index ff8a6e5e5..c31db95a4 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -18,6 +18,7 @@ B [B<-2>] [B<-5>] [B<-rand> I] +[B<-engine id>] [I] =head1 DESCRIPTION @@ -96,6 +97,13 @@ this option prints out the DH parameters in human readable form. this option converts the parameters into C code. The parameters can then be loaded by calling the BIB<()> function. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 WARNINGS diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod index 28e534bb9..ed06b8806 100644 --- a/doc/apps/dsa.pod +++ b/doc/apps/dsa.pod @@ -21,6 +21,7 @@ B B [B<-modulus>] [B<-pubin>] [B<-pubout>] +[B<-engine id>] =head1 DESCRIPTION @@ -106,6 +107,13 @@ by default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod index 50c2f6124..b9b1b93b4 100644 --- a/doc/apps/dsaparam.pod +++ b/doc/apps/dsaparam.pod @@ -16,6 +16,7 @@ B [B<-C>] [B<-rand file(s)>] [B<-genkey>] +[B<-engine id>] [B] =head1 DESCRIPTION @@ -82,6 +83,13 @@ this option specifies that a parameter set should be generated of size B. It must be the last option. If this option is included then the input file (if any) is ignored. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod index 74318fe7f..2c56cc788 100644 --- a/doc/apps/gendsa.pod +++ b/doc/apps/gendsa.pod @@ -12,6 +12,7 @@ B B [B<-des3>] [B<-idea>] [B<-rand file(s)>] +[B<-engine id>] [B] =head1 DESCRIPTION @@ -37,6 +38,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =item B This option specifies the DSA parameter file to use. The parameters in this diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod index cdcc03c12..25af4d147 100644 --- a/doc/apps/genrsa.pod +++ b/doc/apps/genrsa.pod @@ -15,6 +15,7 @@ B B [B<-f4>] [B<-3>] [B<-rand file(s)>] +[B<-engine id>] [B] =head1 DESCRIPTION @@ -54,6 +55,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =item B the size of the private key to generate in bits. This must be the last option diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod index 9871c0e0c..a0a636328 100644 --- a/doc/apps/pkcs7.pod +++ b/doc/apps/pkcs7.pod @@ -14,6 +14,7 @@ B B [B<-print_certs>] [B<-text>] [B<-noout>] +[B<-engine id>] =head1 DESCRIPTION @@ -59,6 +60,13 @@ issuer names. don't output the encoded version of the PKCS#7 structure (or certificates is B<-print_certs> is set). +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 EXAMPLES diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index a56b2dd00..68ecd65b1 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -21,6 +21,7 @@ B B [B<-nsdb>] [B<-v2 alg>] [B<-v1 alg>] +[B<-engine id>] =head1 DESCRIPTION @@ -122,6 +123,13 @@ B, B and B. It is recommended that B is used. This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete list of possible algorithms is included below. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/req.pod b/doc/apps/req.pod index d9f247655..e2b5d0d8e 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -41,6 +41,7 @@ B B [B<-nameopt>] [B<-batch>] [B<-verbose>] +[B<-engine id>] =head1 DESCRIPTION @@ -244,6 +245,13 @@ non-interactive mode. print extra details about the operations being performed. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CONFIGURATION FILE FORMAT diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index ef74f1adf..4d7640995 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -24,6 +24,7 @@ B B [B<-check>] [B<-pubin>] [B<-pubout>] +[B<-engine id>] =head1 DESCRIPTION @@ -117,6 +118,13 @@ by default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod index bb84dfbe3..c3f1ff9c6 100644 --- a/doc/apps/spkac.pod +++ b/doc/apps/spkac.pod @@ -17,7 +17,7 @@ B B [B<-spksect section>] [B<-noout>] [B<-verify>] - +[B<-engine id>] =head1 DESCRIPTION @@ -79,6 +79,12 @@ being created). verifies the digital signature on the supplied SPKAC. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index f04417783..50343cd68 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -50,6 +50,7 @@ B B [B<-clrext>] [B<-extfile filename>] [B<-extensions section>] +[B<-engine id>] =head1 DESCRIPTION @@ -98,6 +99,12 @@ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not specified then MD5 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back From c029841e366b5156982d2a691726a3481dbf8ea0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 31 Jan 2003 12:20:35 +0000 Subject: [PATCH 052/550] We can't say in advance what the argument to BIO_socket_ioctl() should be, so let's make that a void *. Also, BIO_socket_nbio() should send it an int argument, not a long. PR: 457 --- crypto/bio/b_sock.c | 4 ++-- crypto/bio/bio.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 86f38172f..601a14f37 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -492,7 +492,7 @@ void BIO_sock_cleanup(void) #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 -int BIO_socket_ioctl(int fd, long type, unsigned long *arg) +int BIO_socket_ioctl(int fd, long type, void *arg) { int i; @@ -742,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on) int BIO_socket_nbio(int s, int mode) { int ret= -1; - unsigned long l; + int l; l=mode; #ifdef FIONBIO diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index ecd289991..f10930816 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -585,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name); * and an appropriate error code is set). */ int BIO_sock_error(int sock); -int BIO_socket_ioctl(int fd, long type, unsigned long *arg); +int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd,int mode); int BIO_get_port(const char *str, unsigned short *port_ptr); int BIO_get_host_ip(const char *str, unsigned char *ip); From 33cc07f79acf91dfbe4970e94665c53f42c89112 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 1 Feb 2003 20:55:29 +0000 Subject: [PATCH 053/550] Fix warning. --- crypto/engine/engine.h | 3 +++ crypto/evp/c_all.c | 1 + 2 files changed, 4 insertions(+) diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 43500a867..f56c1c67e 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -685,6 +685,9 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, * values. */ void *ENGINE_get_static_state(void); +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index af3dd2616..19737f39f 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include #if 0 #undef OpenSSL_add_all_algorithms From 26196762563f25d48466fb7168fd355d7651adb4 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 1 Feb 2003 20:58:59 +0000 Subject: [PATCH 054/550] Old-style callbacks can be NULL! --- crypto/bn/bn_prime.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 6c1602995..fd863933e 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -142,6 +142,8 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b) { case 1: /* Deprecated-style callbacks */ + if(!cb->cb.cb_1) + return 1; cb->cb.cb_1(a, b, cb->arg); return 1; case 2: From c09a2978923ea161699698e26af4ce237b6349fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 4 Feb 2003 12:28:11 +0000 Subject: [PATCH 055/550] Update PRNG entry: - OpenSSL version differences - Sun /dev/urandom patch information --- FAQ | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/FAQ b/FAQ index 7634d169b..4d2b0a9bf 100644 --- a/FAQ +++ b/FAQ @@ -189,18 +189,30 @@ for permission to use their software with OpenSSL. Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness -device" that serves this purpose. On other systems, applications have -to call the RAND_add() or RAND_seed() function with appropriate data -before generating keys or performing public key encryption. -(These functions initialize the pseudo-random number generator, PRNG.) +device" (/dev/urandom or /dev/random) that serves this purpose. +All OpenSSL versions try to use /dev/urandom by default; starting with +version 0.9.7, OpenSSL also tries /dev/random is /dev/urandom is not +available. -Some broken applications do not do this. As of version 0.9.5, the -OpenSSL functions that need randomness report an error if the random -number generator has not been seeded with at least 128 bits of -randomness. If this error occurs, please contact the author of the -application you are using. It is likely that it never worked -correctly. OpenSSL 0.9.5 and later make the error visible by refusing -to perform potentially insecure encryption. +On other systems, applications have to call the RAND_add() or +RAND_seed() function with appropriate data before generating keys or +performing public key encryption. (These functions initialize the +pseudo-random number generator, PRNG.) Some broken applications do +not do this. As of version 0.9.5, the OpenSSL functions that need +randomness report an error if the random number generator has not been +seeded with at least 128 bits of randomness. If this error occurs and +is not discussed in the documentation of the application you are +using, please contact the author of that application; it is likely +that it never worked correctly. OpenSSL 0.9.5 and later make the +error visible by refusing to perform potentially insecure encryption. + +If you are using Solaris 8, you can add /dev/urandom and /dev/random +devices by installing patch 112438 (Sparc) or 112439 (x86), which are +available via the Patchfinder at +(Solaris 9 includes these devices by default). For /dev/random support +for earlier Solaris versions, see Sun's statement at + +(the SUNWski package is available in patch 105710). On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for @@ -233,18 +245,6 @@ OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. -For Solaris 2.6, Tim Nibbe and others have suggested -installing the SUNski package from Sun patch 105710-01 (Sparc) which -adds a /dev/random device and make sure it gets used, usually through -$RANDFILE. There are probably similar patches for the other Solaris -versions. An official statement from Sun with respect to /dev/random -support can be found at - http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski -However, be warned that /dev/random is usually a blocking device, which -may have some effects on OpenSSL. -A third party /dev/random solution for Solaris is available at - http://www.cosy.sbg.ac.at/~andi/ - * Why do I get an "unable to write 'random state'" error message? From 379e568950b365b07f67b9dccc2bbb9b46797e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 4 Feb 2003 12:57:34 +0000 Subject: [PATCH 056/550] typo --- FAQ | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ b/FAQ index 4d2b0a9bf..d6673b183 100644 --- a/FAQ +++ b/FAQ @@ -191,7 +191,7 @@ Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions try to use /dev/urandom by default; starting with -version 0.9.7, OpenSSL also tries /dev/random is /dev/urandom is not +version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not available. On other systems, applications have to call the RAND_add() or From 4e5d3a7f986c8ade22793a848e95447fafafece0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 5 Feb 2003 00:34:31 +0000 Subject: [PATCH 057/550] IPv6 display and input support for extensions usingh GeneralName. --- CHANGES | 6 ++ crypto/x509v3/v3_alt.c | 64 ++++++++----- crypto/x509v3/v3_utl.c | 210 ++++++++++++++++++++++++++++++++++++++++- crypto/x509v3/x509v3.h | 1 + 4 files changed, 256 insertions(+), 25 deletions(-) diff --git a/CHANGES b/CHANGES index 8196fd23f..7dd56c3cd 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) IPv6 support for certificate extensions. The various extensions + which use the IP:a.b.c.d can now take IPv6 addresses using the + formats of RFC1884 2.2 . IPv6 addresses are now also displayed + correctly. + [Steve Henson] + *) Added an ENGINE that implements RSA by performing private key exponentiations with the GMP library. The conversions to and from GMP's mpz_t format aren't optimised nor are any montgomery forms diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index baa9ca103..64e51d612 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -1,9 +1,9 @@ /* v3_alt.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -100,7 +100,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) { unsigned char *p; - char oline[256]; + char oline[256], htmp[5]; + int i; switch (gen->type) { case GEN_OTHERNAME: @@ -134,12 +135,25 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { + if(gen->d.ip->length == 4) + sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + else if(gen->d.ip->length == 16) + { + oline[0] = 0; + for (i = 0; i < 8; i++) + { + sprintf(htmp, "%X", p[0] << 8 | p[1]); + p += 2; + strcat(oline, htmp); + if (i != 7) + strcat(oline, ":"); + } + } + else + { X509V3_add_value("IP Address","", &ret); break; - } - sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + } X509V3_add_value("IP Address",oline, &ret); break; @@ -154,6 +168,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) { unsigned char *p; + int i; switch (gen->type) { case GEN_OTHERNAME: @@ -188,12 +203,24 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { + if(gen->d.ip->length == 4) + BIO_printf(out, "IP Address:%d.%d.%d.%d", + p[0], p[1], p[2], p[3]); + else if(gen->d.ip->length == 16) + { + BIO_printf(out, "IP Address"); + for (i = 0; i < 8; i++) + { + BIO_printf(out, ":%X", p[0] << 8 | p[1]); + p += 2; + } + BIO_puts(out, "\n"); + } + else + { BIO_printf(out,"IP Address:"); break; - } - BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + } break; case GEN_RID: @@ -418,21 +445,12 @@ if(!name_cmp(name, "email")) { gen->d.rid = obj; type = GEN_RID; } else if(!name_cmp(name, "IP")) { - int i1,i2,i3,i4; - unsigned char ip[4]; - if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) || - (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) || - (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) { + if(!(gen->d.ip = a2i_IPADDRESS(value))) + { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; - } - ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; - if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || - !ASN1_STRING_set(gen->d.ip, ip, 4)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; - } + } type = GEN_IPADD; } else if(!name_cmp(name, "otherName")) { if (!do_othername(gen, value, ctx)) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index a11243db8..4b85378e9 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -1,9 +1,9 @@ /* v3_utl.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,11 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(void *str); static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static int ipv4_from_asc(unsigned char *v4, const char *in); +static int ipv6_from_asc(unsigned char *v6, const char *in); +static int ipv6_cb(const char *elem, int len, void *usr); +static int ipv6_hex(unsigned char *out, const char *in, int inlen); + /* Add a CONF_VALUE name value pair to stack */ int X509V3_add_value(const char *name, const char *value, @@ -534,3 +539,204 @@ void X509_email_free(STACK *sk) { sk_pop_free(sk, str_free); } + +/* Convert IP addresses both IPv4 and IPv6 into an + * OCTET STRING compatible with RFC3280. + */ + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) + { + unsigned char ipout[16]; + ASN1_OCTET_STRING *ret; + int iplen; + + /* If string contains a ':' assume IPv6 */ + + if (strchr(ipasc, ':')) + { + if (!ipv6_from_asc(ipout, ipasc)) + return NULL; + iplen = 16; + } + else + { + if (!ipv4_from_asc(ipout, ipasc)) + return NULL; + iplen = 4; + } + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + return NULL; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) + { + ASN1_OCTET_STRING_free(ret); + return NULL; + } + return ret; + } + +static int ipv4_from_asc(unsigned char *v4, const char *in) + { + int a0, a1, a2, a3; + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + return 0; + if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) + || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) + return 0; + v4[0] = a0; + v4[1] = a1; + v4[2] = a2; + v4[3] = a3; + return 1; + } + +typedef struct { + /* Temporary store for IPV6 output */ + unsigned char tmp[16]; + /* Total number of bytes in tmp */ + int total; + /* The position of a zero (corresponding to '::') */ + int zero_pos; + /* Number of zeroes */ + int zero_cnt; + } IPV6_STAT; + + +static int ipv6_from_asc(unsigned char *v6, const char *in) + { + IPV6_STAT v6stat; + v6stat.total = 0; + v6stat.zero_pos = -1; + v6stat.zero_cnt = 0; + /* Treat the IPv6 representation as a list of values + * separated by ':'. The presence of a '::' will parse + * as one, two or three zero length elements. + */ + if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) + return 0; + + /* Now for some sanity checks */ + + if (v6stat.zero_pos == -1) + { + /* If no '::' must have exactly 16 bytes */ + if (v6stat.total != 16) + return 0; + } + else + { + /* If '::' must have less than 16 bytes */ + if (v6stat.total == 16) + return 0; + /* More than three zeroes is an error */ + if (v6stat.zero_cnt > 3) + return 0; + /* Can only have three zeroes if nothing else present */ + else if (v6stat.zero_cnt == 3) + { + if (v6stat.total > 0) + return 0; + } + /* Can only have two zeroes if at start or end */ + else if (v6stat.zero_cnt == 2) + { + if ((v6stat.zero_pos != 0) + && (v6stat.zero_pos != v6stat.total)) + return 0; + } + else + /* Can only have one zero if *not* start or end */ + { + if ((v6stat.zero_pos == 0) + || (v6stat.zero_pos == v6stat.total)) + return 0; + } + } + + /* Format result */ + + /* Copy initial part */ + if (v6stat.zero_pos > 0) + memcpy(v6, v6stat.tmp, v6stat.zero_pos); + /* Zero middle */ + if (v6stat.total != 16) + memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); + /* Copy final part */ + if (v6stat.total != v6stat.zero_pos) + memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); + + return 1; + } + +static int ipv6_cb(const char *elem, int len, void *usr) + { + IPV6_STAT *s = usr; + /* Error if 16 bytes written */ + if (s->total == 16) + return 0; + if (len == 0) + { + /* Zero length element, corresponds to '::' */ + if (s->zero_pos == -1) + s->zero_pos = s->total; + /* If we've already got a :: its an error */ + else if (s->zero_pos != s->total) + return 0; + s->zero_cnt++; + } + else + { + /* If more than 4 characters could be final a.b.c.d form */ + if (len > 4) + { + /* Need at least 4 bytes left */ + if (s->total > 12) + return 0; + /* Must be end of string */ + if (elem[len]) + return 0; + if (!ipv4_from_asc(s->tmp + s->total, elem)) + return 0; + s->total += 4; + } + else + { + if (!ipv6_hex(s->tmp + s->total, elem, len)) + return 0; + s->total += 2; + } + } + return 1; + } + +/* Convert a string of up to 4 hex digits into the corresponding + * IPv6 form. + */ + +static int ipv6_hex(unsigned char *out, const char *in, int inlen) + { + unsigned char c; + unsigned int num = 0; + if (inlen > 4) + return 0; + while(inlen--) + { + c = *in++; + num <<= 4; + if ((c >= '0') && (c <= '9')) + num |= c - '0'; + else if ((c >= 'A') && (c <= 'F')) + num |= c - 'A' + 10; + else if ((c >= 'a') && (c <= 'f')) + num |= c - 'a' + 10; + else + return 0; + } + out[0] = num >> 8; + out[1] = num & 0xff; + return 1; + } + diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index b4dd52a95..a720ff2b9 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -547,6 +547,7 @@ STACK *X509_get1_email(X509 *x); STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes From 0e9035ac98383d5758a4376ddde4aafdb3162b85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 5 Feb 2003 16:40:29 +0000 Subject: [PATCH 058/550] SSL_add_dir_cert_subjects_to_stack now exists for WIN32 --- ssl/ssl.h | 2 -- ssl/ssl_cert.c | 2 +- util/ssleay.num | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index 5177a8a12..466b8a712 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1241,14 +1241,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -#ifndef OPENSSL_SYS_WIN32 #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif #endif -#endif #endif diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index b0e20ed94..144b90dd1 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -810,7 +810,7 @@ err: #endif #endif -#else +#else /* OPENSSL_SYS_WIN32 */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) diff --git a/util/ssleay.num b/util/ssleay.num index d027a1c45..7c15d0f05 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -169,7 +169,7 @@ SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH -SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS,!WIN32:FUNCTION:STDIO +SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION: SSL_set_session_id_context 189 EXIST::FUNCTION: SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO From 772ec4135c4c6f65c8cb6b3c7deb18f6e50dd6f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 5 Feb 2003 16:54:10 +0000 Subject: [PATCH 059/550] typo in WIN16 section Submitted by: Toni Andjelkovic --- crypto/bio/bio.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index f10930816..fbbc16d00 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -244,7 +244,7 @@ typedef struct bio_method_st long (_far *ctrl)(); int (_far *create)(); int (_far *destroy)(); - long (_fat *callback_ctrl)(); + long (_far *callback_ctrl)(); } BIO_METHOD; #endif From 37c660ff9b22d6f0eb19a9881d3b663ca4f63449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 6 Feb 2003 19:25:12 +0000 Subject: [PATCH 060/550] implement fast point multiplication with precomputation Submitted by: Nils Larsch Reviewed by: Bodo Moeller --- CHANGES | 8 + apps/speed.c | 3 + crypto/ec/ec.h | 16 +- crypto/ec/ec2_mult.c | 22 +- crypto/ec/ec2_smpl.c | 10 +- crypto/ec/ec_err.c | 6 +- crypto/ec/ec_lcl.h | 20 +- crypto/ec/ec_lib.c | 59 +++- crypto/ec/ec_mult.c | 585 +++++++++++++++++++++++++++++++++------- crypto/ec/ecp_mont.c | 5 +- crypto/ec/ecp_nist.c | 5 +- crypto/ec/ecp_recp.c | 5 +- crypto/ec/ecp_smpl.c | 5 +- crypto/evp/Makefile.ssl | 9 +- util/mkerr.pl | 4 +- 15 files changed, 628 insertions(+), 134 deletions(-) diff --git a/CHANGES b/CHANGES index 7dd56c3cd..36c6bd176 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) In crypto/ec/ec_mult.c, implement fast point multiplication with + precomputation, based one wNAF splitting: EC_GROUP_precompute_mult() + will now compute a table of multiples of the generator that + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul + faster (notably in the case of a single point multiplication, + scalar * generator). + [Nils Larsch, Bodo Moeller] + *) IPv6 support for certificate extensions. The various extensions which use the IP:a.b.c.d can now take IPv6 addresses using the formats of RFC1884 2.2 . IPv6 addresses are now also displayed diff --git a/apps/speed.c b/apps/speed.c index 758ce250d..d6f78fb5d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1933,6 +1933,9 @@ int MAIN(int argc, char **argv) } else { +#if 1 + EC_GROUP_precompute_mult(ecdsa[j]->group, NULL); +#endif /* Perform ECDSA signature test */ EC_KEY_generate_key(ecdsa[j]); ret = ECDSA_sign(0, buf, 20, ecdsasig, diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 53fb8cfc5..f68963e66 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -101,7 +101,7 @@ typedef struct ec_group_st -- field definition -- curve coefficients -- optional generator with associated information (order, cofactor) - -- optional extra data (TODO: precomputed table for fast computation of multiples of generator) + -- optional extra data (precomputed table for fast computation of multiples of generator) -- ASN1 stuff */ EC_GROUP; @@ -241,7 +241,11 @@ int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); + +/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *); @@ -403,7 +407,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET_CURVE_GF2M 172 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 #define EC_F_EC_GROUP_GET_DEGREE 173 -#define EC_F_EC_GROUP_GET_EXTRA_DATA 107 #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 @@ -444,6 +447,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_TO_INFINITY 127 +#define EC_F_EC_PRE_COMP_DUP 207 #define EC_F_EC_WNAF_MUL 187 #define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 #define EC_F_GFP_MONT_GROUP_SET_CURVE 189 @@ -462,7 +466,6 @@ void ERR_load_EC_strings(void); #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 -#define EC_R_INTERNAL_ERROR 132 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 @@ -473,12 +476,11 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 -#define EC_R_NOT_A_NIST_PRIME 135 -#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 #define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 #define EC_R_NO_FIELD_MOD 133 -#define EC_R_NO_SUCH_EXTRA_DATA 105 #define EC_R_PASSED_NULL_PARAMETER 134 #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index eefb41a15..a0effa95a 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -326,9 +326,10 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } /* This implementation is more efficient than the wNAF implementation for 2 - * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points. + * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, + * or if we can perform a fast multiplication based on precomputation. */ - if ((scalar && (num > 1)) || (num > 2)) + if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) { ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); goto err; @@ -364,12 +365,15 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* Precomputation for point multiplication. */ +/* Precomputation for point multiplication: fall back to wNAF methods + * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ + int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { - /* There is no precomputation to do for Montgomery scalar multiplication but - * since this implementation falls back to the wNAF multiplication for more than - * two points, call the wNAF implementation's precompute. - */ return ec_wNAF_precompute_mult(group, ctx); - } + } + +int ec_GF2m_have_precompute_mult(const EC_GROUP *group) + { + return ec_wNAF_have_precompute_mult(group); + } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index a6fa4da7e..89e815201 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -99,13 +99,17 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_GF2m_simple_add, ec_GF2m_simple_dbl, ec_GF2m_simple_invert, - ec_GF2m_simple_mul, - ec_GF2m_precompute_mult, ec_GF2m_simple_is_at_infinity, ec_GF2m_simple_is_on_curve, ec_GF2m_simple_cmp, ec_GF2m_simple_make_affine, ec_GF2m_simple_points_make_affine, + + /* the following three method functions are defined in ec2_mult.c */ + ec_GF2m_simple_mul, + ec_GF2m_precompute_mult, + ec_GF2m_have_precompute_mult, + ec_GF2m_simple_field_mul, ec_GF2m_simple_field_sqr, ec_GF2m_simple_field_div, diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 58ae9d682..7730402d0 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -122,7 +122,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GF2M,0), "EC_GROUP_get_curve_GF2m"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_DEGREE,0), "EC_GROUP_get_degree"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,0), "EC_GROUP_get_pentanomial_basis"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,0), "EC_GROUP_get_trinomial_basis"}, @@ -163,6 +162,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, +{ERR_PACK(0,EC_F_EC_PRE_COMP_DUP,0), "EC_PRE_COMP_DUP"}, {ERR_PACK(0,EC_F_EC_WNAF_MUL,0), "ec_wNAF_mul"}, {ERR_PACK(0,EC_F_EC_WNAF_PRECOMPUTE_MULT,0), "ec_wNAF_precompute_mult"}, {ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE,0), "GFP_MONT_GROUP_SET_CURVE"}, @@ -184,7 +184,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_GROUP2PKPARAMETERS_FAILURE ,"group2pkparameters failure"}, {EC_R_I2D_ECPKPARAMETERS_FAILURE ,"i2d ecpkparameters failure"}, {EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, -{EC_R_INTERNAL_ERROR ,"internal error"}, {EC_R_INVALID_ARGUMENT ,"invalid argument"}, {EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, {EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, @@ -200,7 +199,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_NOT_IMPLEMENTED ,"not implemented"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, {EC_R_NO_FIELD_MOD ,"no field mod"}, -{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, {EC_R_PASSED_NULL_PARAMETER ,"passed null parameter"}, {EC_R_PKPARAMETERS2GROUP_FAILURE ,"pkparameters2group failure"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index a96d0df1a..54b6a45f3 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -136,11 +136,6 @@ struct ec_method_st { int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *); - /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult: */ - int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); - int (*precompute_mult)(EC_GROUP *group, BN_CTX *); - /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */ int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *); int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *); @@ -150,6 +145,13 @@ struct ec_method_st { int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); + /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult + * (default implementations are used if the 'mul' pointer is 0): */ + int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); + int (*precompute_mult)(EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult)(const EC_GROUP *group); + /* internal functions */ @@ -248,10 +250,13 @@ struct ec_point_st { -/* method functions in ec_mult.c */ +/* method functions in ec_mult.c + * (ec_lib.c uses these as defaults if group->method->mul is 0 */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +int ec_wNAF_have_precompute_mult(const EC_GROUP *group); + /* method functions in ecp_smpl.c */ int ec_GFp_simple_group_init(EC_GROUP *); @@ -363,3 +368,4 @@ int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GF2m_have_precompute_mult(const EC_GROUP *group); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 2cc0dc0ec..5e3fb5c20 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -503,7 +503,9 @@ void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func || (group->extra_data_free_func != extra_data_free_func) || (group->extra_data_clear_free_func != extra_data_clear_free_func)) { +#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); +#endif return NULL; } @@ -956,3 +958,58 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], } return group->meth->points_make_affine(group, num, points, ctx); } + + +/* Functions for point multiplication. + * + * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; + * otherwise we dispatch through methods. + */ + +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + } + +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) + { + /* just a convenient interface to EC_POINTs_mul() */ + + const EC_POINT *points[1]; + const BIGNUM *scalars[1]; + + points[0] = point; + scalars[0] = p_scalar; + + return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); + } + +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_precompute_mult(group, ctx); + + if (group->meth->precompute_mult != 0) + return group->meth->precompute_mult(group, ctx); + else + return 1; /* nothing to do, so report success */ + } + +int EC_GROUP_have_precompute_mult(const EC_GROUP *group) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_have_precompute_mult(group); + + if (group->meth->have_precompute_mult != 0) + return group->meth->have_precompute_mult(group); + else + return 0; /* cannot tell whether precomputation has been performed */ + } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f5312aa23..42cd98181 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -1,9 +1,9 @@ /* crypto/ec/ec_mult.c */ /* - * Originally written by Bodo Moeller for the OpenSSL project. + * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -66,16 +66,137 @@ #include "ec_lcl.h" -/* TODO: optional precomputation of multiples of the generator */ - - - /* - * wNAF-based interleaving multi-exponentation method - * () + * This file implements the wNAF-based interleaving multi-exponentation method + * (); + * for multiplication with precomputation, we use wNAF splitting + * (). */ + + +/* structure for precomputed multiples of the generator */ +typedef struct ec_pre_comp_st { + const EC_GROUP *group; /* parent EC_GROUP object */ + size_t blocksize; /* block size for wNAF splitting */ + size_t numblocks; /* max. number of blocks for which we have precomputation */ + size_t w; /* window size */ + EC_POINT **points; /* array with pre-calculated multiples of generator: + * 'num' pointers to EC_POINT objects followed by a NULL */ + size_t num; /* numblocks * 2^(w-1) */ +} EC_PRE_COMP; + +/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ +static void *ec_pre_comp_dup(void *); +static void ec_pre_comp_free(void *); +static void ec_pre_comp_clear_free(void *); + +static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) + { + EC_PRE_COMP *ret = NULL; + + if (!group) + return NULL; + + ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); + if (!ret) + return ret; + ret->group = group; + ret->blocksize = 8; /* default */ + ret->numblocks = 0; + ret->w = 4; /* default */ + ret->points = NULL; + ret->num = 0; + return ret; + } + +static void *ec_pre_comp_dup(void *src_) + { + const EC_PRE_COMP *src = src_; + EC_PRE_COMP *ret = NULL; + + ret = ec_pre_comp_new(src->group); + if (!ret) + return ret; + ret->blocksize = src->blocksize; + ret->numblocks = src->numblocks; + ret->w = src->w; + ret->num = 0; + + if (src->points) + { + EC_POINT **src_var, **dest_var; + + ret->points = (EC_POINT **)OPENSSL_malloc((src->num + 1) * sizeof(EC_POINT *)); + if (!ret->points) + { + ec_pre_comp_free(ret); + return NULL; + } + + for (dest_var = ret->points, src_var = src->points; *src_var != NULL; src_var++, dest_var++) + { + *dest_var = EC_POINT_dup(*src_var, src->group); + if (*dest_var == NULL) + { + ec_pre_comp_free(ret); + return NULL; + } + ret->num++; + } + + ret->points[ret->num] = NULL; + if (ret->num != src->num) + { + ec_pre_comp_free(ret); + ECerr(EC_F_EC_PRE_COMP_DUP, ERR_R_INTERNAL_ERROR); + return NULL; + } + } + + return ret; + } + +static void ec_pre_comp_free(void *pre_) + { + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + if (pre->points) + { + EC_POINT **var; + + for (var = pre->points; *var != NULL; var++) + EC_POINT_free(*var); + OPENSSL_free(pre->points); + } + OPENSSL_free(pre); + } + +static void ec_pre_comp_clear_free(void *pre_) + { + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + if (pre->points) + { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_clear_free(*p); + OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_free(pre->points); + } + OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_free(pre); + } + + + + /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying @@ -108,7 +229,9 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) } len = BN_num_bits(scalar); - r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation */ + r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation + * (*ret_len will be set to the actual length, i.e. at most + * BN_num_bits(scalar) + 1) */ if (r == NULL) goto err; if (scalar->d == NULL || scalar->top == 0) @@ -224,6 +347,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; + size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ + size_t pre_points_per_block = 0; size_t i, j; int k; int r_is_inverted = 0; @@ -235,19 +360,23 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num_val; EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ + EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ + EC_PRE_COMP *pre_comp = NULL; + int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, + * i.e. precomputation is not available */ int ret = 0; - if (scalar != NULL) + if (group->meth != r->meth) { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); - return 0; - } + ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; } - + + if ((scalar == NULL) && (num == 0)) + { + return EC_POINT_set_to_infinity(group, r); + } + for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) @@ -257,40 +386,209 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } - totalnum = num + (scalar != NULL); - - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); - if (wNAF != NULL) + if (ctx == NULL) { - wNAF[0] = NULL; /* preliminary pivot */ + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; } - if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err; - /* num_val := total number of points to precompute */ + if (scalar != NULL) + { + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); + goto err; + } + + /* look if we can use precomputed multiples of generator */ + + pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) + { + blocksize = pre_comp->blocksize; + + /* determine maximum number of blocks that wNAF splitting may yield + * (NB: maximum wNAF length is bit length plus one) */ + numblocks = (BN_num_bits(scalar) / blocksize) + 1; + + /* we cannot use more blocks than we have precomputation for */ + if (numblocks > pre_comp->numblocks) + numblocks = pre_comp->numblocks; + + pre_points_per_block = 1u << (pre_comp->w - 1); + + /* check that pre_comp looks sane */ + if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + } + else + { + /* can't use precomputation */ + pre_comp = NULL; + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ + } + } + + totalnum = num + numblocks; + + wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); + wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ + val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + + if (!wsize || !wNAF_len || !wNAF || !val_sub) + goto err; + + wNAF[0] = NULL; /* preliminary pivot */ + + /* num_val will be the total number of temporarily precomputed points */ num_val = 0; - for (i = 0; i < totalnum; i++) + + for (i = 0; i < num + num_scalar; i++) { size_t bits; bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); num_val += 1u << (wsize[i] - 1); + wNAF[i + 1] = NULL; /* make sure we always have a pivot */ + wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); + if (wNAF[i] == NULL) + goto err; + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; } - /* all precomputed points go into a single array 'val', - * 'val_sub[i]' is a pointer to the subarray for the i-th point */ + if (numblocks) + { + /* we go here iff scalar != NULL */ + + if (pre_comp == NULL) + { + if (num_scalar != 1) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + /* we have already generated a wNAF for 'scalar' */ + } + else + { + signed char *tmp_wNAF = NULL; + size_t tmp_len = 0; + + if (num_scalar != 0) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + + /* use the window size for which we have precomputation */ + wsize[num] = pre_comp->w; + tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); + if (!tmp_wNAF) + goto err; + + if (tmp_len <= max_len) + { + /* One of the other wNAFs is at least as long + * as the wNAF belonging to the generator, + * so wNAF splitting will not buy us anything. */ + + numblocks = 1; + totalnum = num + 1; /* don't use wNAF splitting */ + wNAF[num] = tmp_wNAF; + wNAF[num + 1] = NULL; + wNAF_len[num] = tmp_len; + if (tmp_len > max_len) + max_len = tmp_len; + /* pre_comp->points starts with the points that we need here: */ + val_sub[num] = pre_comp->points; + } + else + { + /* don't include tmp_wNAF directly into wNAF array + * - use wNAF splitting and include the blocks */ + + signed char *pp; + EC_POINT **tmp_points; + + if (tmp_len < numblocks * blocksize) + { + /* possibly we can do with fewer blocks than estimated */ + numblocks = (tmp_len + blocksize - 1) / blocksize; + if (numblocks > pre_comp->numblocks) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + totalnum = num + numblocks; + } + + /* split wNAF in 'numblocks' parts */ + pp = tmp_wNAF; + tmp_points = pre_comp->points; + + for (i = num; i < totalnum; i++) + { + if (i < totalnum - 1) + { + wNAF_len[i] = blocksize; + if (tmp_len < blocksize) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + tmp_len -= blocksize; + } + else + /* last block gets whatever is left + * (this could be more or less than 'blocksize'!) */ + wNAF_len[i] = tmp_len; + + wNAF[i + 1] = NULL; + wNAF[i] = OPENSSL_malloc(wNAF_len[i]); + if (wNAF[i] == NULL) + { + OPENSSL_free(tmp_wNAF); + goto err; + } + memcpy(wNAF[i], pp, wNAF_len[i]); + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + + if (*tmp_points == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); + goto err; + } + val_sub[i] = tmp_points; + tmp_points += pre_points_per_block; + pp += blocksize; + } + OPENSSL_free(tmp_wNAF); + } + } + } + + /* All points we precompute now go into a single array 'val'. + * 'val_sub[i]' is a pointer to the subarray for the i-th point, + * or to a subarray of 'pre_comp->points' if we already have precomputation. */ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); if (val == NULL) goto err; val[num_val] = NULL; /* pivot element */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); - if (val_sub == NULL) goto err; - /* allocate points for precomputation */ v = val; - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { val_sub[i] = v; for (j = 0; j < (1u << (wsize[i] - 1)); j++) @@ -306,15 +604,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - - tmp = EC_POINT_new(group); - if (tmp == NULL) goto err; + if (!(tmp = EC_POINT_new(group))) + goto err; /* prepare precomputed values: * val_sub[i][0] := points[i] @@ -322,7 +613,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * val_sub[i][2] := 5 * points[i] * ... */ - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { if (i < num) { @@ -341,16 +632,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; } } - - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); - if (wNAF[i] == NULL) goto err; - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; } #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + goto err; #endif r_is_at_infinity = 1; @@ -446,86 +732,203 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* Generic multiplication method. - * If group->meth does not provide a multiplication method, default to ec_wNAF_mul; - * otherwise use the group->meth's multiplication. +/* ec_wNAF_precompute_mult() + * creates an EC_PRE_COMP object with preprecomputed multiples of the generator + * for use with wNAF splitting as implemented in ec_wNAF_mul(). + * + * 'pre_comp->points' is an array of multiples of the generator + * of the following form: + * points[0] = generator; + * points[1] = 3 * generator; + * ... + * points[2^(w-1)-1] = (2^(w-1)-1) * generator; + * points[2^(w-1)] = 2^blocksize * generator; + * points[2^(w-1)+1] = 3 * 2^blocksize * generator; + * ... + * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator + * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator + * ... + * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator + * points[2^(w-1)*numblocks] = NULL */ -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { - if (group->meth->mul == 0) - return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - else - return group->meth->mul(group, r, scalar, num, points, scalars, ctx); - } - - -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) - { - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; - - points[0] = point; - scalars[0] = p_scalar; - - return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); - } - - int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { const EC_POINT *generator; + EC_POINT *tmp_point = NULL, *base = NULL, **var; BN_CTX *new_ctx = NULL; BIGNUM *order; + size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; + EC_POINT **points = NULL; + EC_PRE_COMP *pre_comp, *new_pre_comp = NULL; int ret = 0; + pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + if (pre_comp == NULL) + if ((pre_comp = new_pre_comp = ec_pre_comp_new(group)) == NULL) + return 0; + +CRYPTO_push_info("ec_wNAF_precompute_mult"); + generator = EC_GROUP_get0_generator(group); if (generator == NULL) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); - return 0; + goto err; } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) - return 0; + goto err; } BN_CTX_start(ctx); order = BN_CTX_get(ctx); if (order == NULL) goto err; - if (!EC_GROUP_get_order(group, order, ctx)) return 0; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; if (BN_is_zero(order)) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); goto err; } - /* TODO */ + bits = BN_num_bits(order); + blocksize = 8; + w = 4; + if (EC_window_bits_for_scalar_size(bits) > w) + { + /* let's not make the window too small ... */ + w = EC_window_bits_for_scalar_size(bits); + } + + numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ + + pre_points_per_block = 1u << (w - 1); + num = pre_points_per_block * numblocks; /* number of points to compute and store */ + + points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); + if (!points) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + var = points; + var[num] = NULL; /* pivot */ + for (i = 0; i < num; i++) + { + if ((var[i] = EC_POINT_new(group)) == NULL) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_copy(base, generator)) + goto err; + + /* do the precomputation */ + for (i = 0; i < numblocks; i++) + { + size_t j; + + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + goto err; + + if (!EC_POINT_copy(*var++, base)) + goto err; + + for (j = 1; j < pre_points_per_block; j++, var++) + { + /* calculate odd multiples of the current base point */ + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + goto err; + } + + if (i < numblocks - 1) + { + /* get the next base (multiply current one by 2^blocksize) */ + size_t k; + + if (blocksize <= 2) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + goto err; + for (k = 2; k < blocksize; k++) + { + if (!EC_POINT_dbl(group,base,base,ctx)) + goto err; + } + } + } + + if (!EC_POINTs_make_affine(group, num, points, ctx)) + goto err; + + pre_comp->group = group; + pre_comp->blocksize = blocksize; + pre_comp->numblocks = numblocks; + pre_comp->w = w; + if (pre_comp->points) + { + EC_POINT **p; + + for (p = pre_comp->points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(pre_comp->points); + } + pre_comp->points = points; + points = NULL; + pre_comp->num = num; + + if (new_pre_comp) + { + if (!EC_GROUP_set_extra_data(group, new_pre_comp, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + new_pre_comp = NULL; + } ret = 1; - err: + CRYPTO_pop_info(); + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); + if (new_pre_comp) + ec_pre_comp_free(new_pre_comp); + if (points) + { + EC_POINT **p; + + for (p = points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(points); + } + if (tmp_point) + EC_POINT_free(tmp_point); + if (base) + EC_POINT_free(base); return ret; } -/* Generic multiplicaiton precomputation method. - * If group->meth does not provide a multiplication method, default to ec_wNAF_mul and do its - * precomputation; otherwise use the group->meth's precomputation if it exists. - */ -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +int ec_wNAF_have_precompute_mult(const EC_GROUP *group) { - if (group->meth->mul == 0) - return ec_wNAF_precompute_mult(group, ctx); - else if (group->meth->precompute_mult != 0) - return group->meth->precompute_mult(group, ctx); - else + if (EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) return 1; + else + return 0; } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 36f823686..b64fa68b5 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -93,13 +93,14 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_mont_field_mul, ec_GFp_mont_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index ba5d180e1..c28b27530 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -92,13 +92,14 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index bf456dbc4..e0b28c1cf 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -91,13 +91,14 @@ const EC_METHOD *EC_GFp_recp_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_recp_field_mul, ec_GFp_recp_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 267134af4..1abe831a3 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -94,13 +94,14 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr, 0 /* field_div */, diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index f6fcb9a4f..8fd8c718a 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -141,13 +141,18 @@ bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h bio_ok.o: ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +c_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +c_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +c_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +c_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +c_all.o: ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/util/mkerr.pl b/util/mkerr.pl index 4105047b2..f1178602e 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -262,7 +262,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2003 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -404,7 +404,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From 27a9bf17c77bd528bab9457ff42df4650e2bf101 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 6 Feb 2003 19:30:06 +0000 Subject: [PATCH 061/550] PKCS#1 has a new RFC, which we do implement --- doc/standards.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/standards.txt b/doc/standards.txt index 44d263bd1..edbe2f3a5 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -45,10 +45,6 @@ whole or at least great parts) in OpenSSL. 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) -2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski, - J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes - RFC2313) (Status: INFORMATIONAL) - PKCS#8: Private-Key Information Syntax Standard PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. @@ -87,6 +83,11 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes RFC2459) (Status: PROPOSED STANDARD) +3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography + Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. + (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: + INFORMATIONAL) + Related: -------- From 24893ca9990eaf8d341a8a91dd9a366d81520552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 6 Feb 2003 19:32:06 +0000 Subject: [PATCH 062/550] typo --- CHANGES | 4 ++-- crypto/ec/ec_lcl.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 36c6bd176..f7ab58394 100644 --- a/CHANGES +++ b/CHANGES @@ -5,9 +5,9 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] *) In crypto/ec/ec_mult.c, implement fast point multiplication with - precomputation, based one wNAF splitting: EC_GROUP_precompute_mult() + precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() will now compute a table of multiples of the generator that - makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul() faster (notably in the case of a single point multiplication, scalar * generator). [Nils Larsch, Bodo Moeller] diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 54b6a45f3..06e666983 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -251,7 +251,7 @@ struct ec_point_st { /* method functions in ec_mult.c - * (ec_lib.c uses these as defaults if group->method->mul is 0 */ + * (ec_lib.c uses these as defaults if group->method->mul is 0) */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); From 82871eaa177142f6d420bf7fabf6502e5a13166f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 7 Feb 2003 11:54:57 +0000 Subject: [PATCH 063/550] comment --- crypto/ec/ec_mult.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 42cd98181..937004ac4 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -795,6 +795,13 @@ CRYPTO_push_info("ec_wNAF_precompute_mult"); } bits = BN_num_bits(order); + /* The following parameters mean we precompute (approximately) + * one point per bit. + * + * TBD: The combination 8, 4 is perfect for 160 bits; for other + * bit lengths, other parameter combinations might provide better + * efficiency. + */ blocksize = 8; w = 4; if (EC_window_bits_for_scalar_size(bits) > w) From 65b254e8c02a52be4fa3af47e62c19eb8dab4169 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 8 Feb 2003 15:56:05 +0000 Subject: [PATCH 064/550] remove debugging leftovers --- crypto/ec/ec_mult.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 937004ac4..2ebb2af72 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -767,8 +767,6 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) if ((pre_comp = new_pre_comp = ec_pre_comp_new(group)) == NULL) return 0; -CRYPTO_push_info("ec_wNAF_precompute_mult"); - generator = EC_GROUP_get0_generator(group); if (generator == NULL) { @@ -909,8 +907,6 @@ CRYPTO_push_info("ec_wNAF_precompute_mult"); ret = 1; err: - CRYPTO_pop_info(); - BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); From d42d2d1ab6a558769d84f31b6c7088192f311b62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 8 Feb 2003 19:49:16 +0000 Subject: [PATCH 065/550] avoid coredump Submitted by: Nils Larsch --- apps/speed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/speed.c b/apps/speed.c index d6f78fb5d..df892c51f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2051,7 +2051,7 @@ int MAIN(int argc, char **argv) } else { - ecdh_b[j]->group = ecdh_a[j]->group; + ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group); /* generate two ECDH key pairs */ if (!EC_KEY_generate_key(ecdh_a[j]) || From e2c9c91b5b4b836fef2839c50eca4fe574242a7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 8 Feb 2003 19:51:37 +0000 Subject: [PATCH 066/550] fix EC_GROUP_copy for EC_GFp_nist_method() Submitted by: Nils Larsch --- crypto/ec/ec_lcl.h | 1 + crypto/ec/ecp_nist.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 06e666983..f4e9700bb 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -322,6 +322,7 @@ int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX * /* method functions in ecp_nist.c */ +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index c28b27530..d2dbfe674 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -72,7 +72,7 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_group_init, ec_GFp_simple_group_finish, ec_GFp_simple_group_clear_finish, - ec_GFp_simple_group_copy, + ec_GFp_nist_group_copy, ec_GFp_nist_group_set_curve, ec_GFp_simple_group_get_curve, ec_GFp_simple_group_get_degree, @@ -114,6 +114,12 @@ const EC_METHOD *EC_GFp_nist_method(void) #define NO_32_BIT_TYPE #endif +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) + { + dest->field_mod_func = src->field_mod_func; + + return ec_GFp_simple_group_copy(dest, src); + } int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) From 28f573a28dcfba4da90605d17f614c8ecb2243fc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 10 Feb 2003 11:14:35 +0000 Subject: [PATCH 067/550] Make sure memcpy() is properly declared by including string.h. --- crypto/ec/ec_mult.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 2ebb2af72..f4e5f9084 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -61,6 +61,8 @@ * and contributed to the OpenSSL project. */ +#include + #include #include "ec_lcl.h" From 33075f229ed85825ee3ec3bb5f231f1a692e7868 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 10 Feb 2003 17:52:10 +0000 Subject: [PATCH 068/550] Typo. --- apps/pkcs12.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index dd56a2b80..a00b438f9 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -558,7 +558,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("creating PKCS#12 structure"); #endif - p12 = PKCS12_create(pass, name, key, ucert, certs, + p12 = PKCS12_create(cpass, name, key, ucert, certs, key_pbe, cert_pbe, iter, -1, keytype); if (!p12) From a8f5b2ed50f0aedc618d0364fa5b517b50216f48 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 11 Feb 2003 14:06:27 +0000 Subject: [PATCH 069/550] GeneralString support in mini-ASN1 compiler --- crypto/asn1/asn1_gen.c | 2 ++ doc/crypto/ASN1_generate_nconf.pod | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 097b4b8ec..3d9d2ce07 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -578,6 +578,8 @@ static int asn1_str2tag(const char *tagstr, int len) ASN1_GEN_STR("T61", V_ASN1_T61STRING), ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), + ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), /* Special cases */ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index b4c89377f..ba6e3c2e8 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -97,7 +97,7 @@ bits is set to zero. =item B, B, B, B, B, B, B, B, B, B, B, B, B, -B, B +B, B, B These encode the corresponding string types. B represents the contents of this structure. The format can be B or B. From 8537943e8bb9e191f764f8e7f6c691cd41a8c8d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 11 Feb 2003 16:42:30 +0000 Subject: [PATCH 070/550] first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8" --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f7ab58394..d3765179a 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] *) In crypto/ec/ec_mult.c, implement fast point multiplication with precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() From ea513641d05cfaa3f787de4ad19fdf9307869ad3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 12 Feb 2003 14:17:41 +0000 Subject: [PATCH 071/550] comments --- ssl/s3_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 35fde29c8..559924d36 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -474,6 +474,7 @@ int ssl3_enc(SSL *s, int send) ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); return 0; } + /* otherwise, rec->length >= bs */ } EVP_Cipher(ds,rec->data,rec->input,l); @@ -482,7 +483,7 @@ int ssl3_enc(SSL *s, int send) { i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; - * padding bytes (except that last) are arbitrary */ + * padding bytes (except the last one) are arbitrary */ if (i > bs) { /* Incorrect padding. SSLerr() and ssl3_alert are done @@ -491,6 +492,7 @@ int ssl3_enc(SSL *s, int send) * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ return -1; } + /* now i <= bs <= rec->length */ rec->length-=i; } } From cf56663fb71ce279eb8ea603faf0a3c98cc7bc47 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Feb 2003 17:06:02 +0000 Subject: [PATCH 072/550] Option to disable SSL auto chain build --- CHANGES | 18 ++++++++++++++++++ ssl/s3_both.c | 17 ++++++++++++++--- ssl/ssl.h | 2 ++ 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index d3765179a..cde8cca58 100644 --- a/CHANGES +++ b/CHANGES @@ -420,6 +420,24 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Allow an application to disable the automatic SSL chain building. + Before this a rather primitive chain build was always performed in + ssl3_output_cert_chain(): an application had no way to send the + correct chain if the automatic operation produced an incorrect result. + + Now the chain builder is disabled if either: + + 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert(). + + 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set. + + The reasoning behind this is that an application would not want the + auto chain building to take place if extra chain certificates are + present and it might also want a means of sending no additional + certificates (for example the chain has two certificates and the + root is omitted). + [Steve Henson] + *) Add the possibility to build without the ENGINE framework. [Steven Reddie via Richard Levitte] diff --git a/ssl/s3_both.c b/ssl/s3_both.c index a17b87273..94df0e5c6 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -273,6 +273,13 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) X509_STORE_CTX xs_ctx; X509_OBJECT obj; + int no_chain; + + if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) + no_chain = 1; + else + no_chain = 0; + /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; if (!BUF_MEM_grow_clean(buf,10)) @@ -282,7 +289,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) + if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); @@ -300,6 +307,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) l2n3(n,p); i2d_X509(x,&p); l+=n+3; + + if (no_chain) + break; + if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) break; @@ -311,8 +322,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) * ref count */ X509_free(x); } - - X509_STORE_CTX_cleanup(&xs_ctx); + if (!no_chain) + X509_STORE_CTX_cleanup(&xs_ctx); } /* Thawte special :-) */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 466b8a712..97b313fd8 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -529,6 +529,8 @@ typedef struct ssl_session_st /* Never bother the application with retries if the transport * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, From 9ec1d35f29c5d3c0c6a2461610c7db494a0d9aa9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 12 Feb 2003 17:20:39 +0000 Subject: [PATCH 073/550] Adjust DES_cbc_cksum() so the returned value is the same as MIT's mit_des_cbc_cksum(). The difference was first observed, then verified by looking at the MIT source. --- CHANGES | 6 ++++++ crypto/des/cbc_cksm.c | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index cde8cca58..08c012489 100644 --- a/CHANGES +++ b/CHANGES @@ -420,6 +420,12 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT + Kerberos function mit_des_cbc_cksum(). Before this change, + the value returned by DES_cbc_cksum() was like the one from + mit_des_cbc_cksum(), except the bytes were swapped. + [Kevin Greaney and Richard Levitte] + *) Allow an application to disable the automatic SSL chain building. Before this a rather primitive chain build was always performed in ssl3_output_cert_chain(): an application had no way to send the diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c index 6c5305b99..09a7ba56a 100644 --- a/crypto/des/cbc_cksm.c +++ b/crypto/des/cbc_cksm.c @@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, l2c(tout1,out); } tout0=tin0=tin1=tin[0]=tin[1]=0; + /* + Transform the data in tout1 so that it will + match the return value that the MIT Kerberos + mit_des_cbc_cksum API returns. + */ + tout1 = ((tout1 >> 24L) & 0x000000FF) + | ((tout1 >> 8L) & 0x0000FF00) + | ((tout1 << 8L) & 0x00FF0000) + | ((tout1 << 24L) & 0xFF000000); return(tout1); } From ba729265a819d4c36df730449aeb301927ca74f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 12 Feb 2003 18:30:16 +0000 Subject: [PATCH 074/550] Allow EC_GROUP objects to share precomputation for improved memory efficiency (EC_PRE_COMP objects are now constant once completed). Extend 'extra_data' API to support arbitrarily many slots (although we need only one at the moment). Modify EC internal 'extra_data' API: EC_GROUP_[clear_]free_extra_data now frees only a single slot (the previous functions are available as EC_GROUP_[clear_]free_all_extra_data). Submitted by: Nils Larsch Reviewed by: Bodo Moeller --- crypto/ec/ec_lcl.h | 31 ++++--- crypto/ec/ec_lib.c | 191 +++++++++++++++++++++++++++++++------------- crypto/ec/ec_mult.c | 99 ++++++++--------------- 3 files changed, 187 insertions(+), 134 deletions(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index f4e9700bb..f59fe0e44 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -167,6 +167,13 @@ struct ec_method_st { int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); } /* EC_METHOD */; +typedef struct ec_extra_data_st { + struct ec_extra_data_st *next; + void *data; + void *(*dup_func)(void *); + void (*free_func)(void *); + void (*clear_free_func)(void *); +} EC_EXTRA_DATA; /* used in EC_GROUP */ struct ec_group_st { const EC_METHOD *meth; @@ -181,10 +188,7 @@ struct ec_group_st { unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ size_t seed_len; - void *extra_data; - void *(*extra_data_dup_func)(void *); - void (*extra_data_free_func)(void *); - void (*extra_data_clear_free_func)(void *); + EC_EXTRA_DATA *extra_data; /* linked list */ /* The following members are handled by the method functions, * even if they appear generic */ @@ -224,14 +228,17 @@ struct ec_group_st { * (with visibility limited to 'package' level for now). * We use the function pointers as index for retrieval; this obviates * global ex_data-style index tables. - * (Currently, we have one slot only, but is is possible to extend this - * if necessary.) */ -int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void EC_GROUP_free_extra_data(EC_GROUP *); -void EC_GROUP_clear_free_extra_data(EC_GROUP *); + */ +int EC_GROUP_set_extra_data(EC_GROUP *, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void *EC_GROUP_get_extra_data(const EC_GROUP *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_free_extra_data(EC_GROUP*, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_clear_free_extra_data(EC_GROUP*, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_free_all_extra_data(EC_GROUP *); +void EC_GROUP_clear_free_all_extra_data(EC_GROUP *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 5e3fb5c20..c00875cd7 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -98,9 +98,6 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->meth = meth; ret->extra_data = NULL; - ret->extra_data_dup_func = 0; - ret->extra_data_free_func = 0; - ret->extra_data_clear_free_func = 0; ret->generator = NULL; BN_init(&ret->order); @@ -130,7 +127,7 @@ void EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_free_extra_data(group); + EC_GROUP_free_all_extra_data(group); if (group->generator != NULL) EC_POINT_free(group->generator); @@ -153,7 +150,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) else if (group->meth != NULL && group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_clear_free_extra_data(group); + EC_GROUP_clear_free_all_extra_data(group); if (group->generator != NULL) EC_POINT_clear_free(group->generator); @@ -173,6 +170,8 @@ void EC_GROUP_clear_free(EC_GROUP *group) int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { + EC_EXTRA_DATA *d; + if (dest->meth->group_copy == 0) { ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -186,19 +185,16 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_GROUP_clear_free_extra_data(dest); - if (src->extra_data_dup_func) - { - if (src->extra_data != NULL) - { - dest->extra_data = src->extra_data_dup_func(src->extra_data); - if (dest->extra_data == NULL) - return 0; - } + EC_GROUP_free_all_extra_data(dest); - dest->extra_data_dup_func = src->extra_data_dup_func; - dest->extra_data_free_func = src->extra_data_free_func; - dest->extra_data_clear_free_func = src->extra_data_clear_free_func; + for (d = src->extra_data; d != NULL; d = d->next) + { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_GROUP_set_extra_data(dest, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; } if (src->generator != NULL) @@ -475,67 +471,148 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) /* this has 'package' visibility */ -int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +int EC_GROUP_set_extra_data(EC_GROUP *group, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data != NULL) - || (group->extra_data_dup_func != 0) - || (group->extra_data_free_func != 0) - || (group->extra_data_clear_free_func != 0)) - { - ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + EC_EXTRA_DATA *d; + + if (group == NULL) return 0; + + for (d = group->extra_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + { + ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + return 0; + } } - group->extra_data = extra_data; - group->extra_data_dup_func = extra_data_dup_func; - group->extra_data_free_func = extra_data_free_func; - group->extra_data_clear_free_func = extra_data_clear_free_func; + if (data == NULL) + /* no explicit entry needed */ + return 1; + + d = OPENSSL_malloc(sizeof *d); + if (d == NULL) + return 0; + + d->data = data; + d->dup_func = dup_func; + d->free_func = free_func; + d->clear_free_func = clear_free_func; + + d->next = group->extra_data; + group->extra_data = d; + return 1; } - /* this has 'package' visibility */ -void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +void *EC_GROUP_get_extra_data(const EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data_dup_func != extra_data_dup_func) - || (group->extra_data_free_func != extra_data_free_func) - || (group->extra_data_clear_free_func != extra_data_clear_free_func)) - { -#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ - ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); -#endif + EC_EXTRA_DATA *d; + + if (group == NULL) return NULL; + + for (d = group->extra_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + return d->data; } - - return group->extra_data; + + return NULL; } - /* this has 'package' visibility */ -void EC_GROUP_free_extra_data(EC_GROUP *group) +void EC_GROUP_free_extra_data(EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); - group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; + EC_EXTRA_DATA **p; + + if (group == NULL) + return; + + for (p = &group->extra_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } } +/* this has 'package' visibility */ +void EC_GROUP_clear_free_extra_data(EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (group == NULL) + return; + + for (p = &group->extra_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->clear_free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } + } /* this has 'package' visibility */ -void EC_GROUP_clear_free_extra_data(EC_GROUP *group) +void EC_GROUP_free_all_extra_data(EC_GROUP *group) { - if (group->extra_data_clear_free_func) - group->extra_data_clear_free_func(group->extra_data); - else if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); + EC_EXTRA_DATA *d; + + if (group == NULL) + return; + + d = group->extra_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->free_func(d->data); + OPENSSL_free(d); + + d = next; + } + group->extra_data = NULL; + } + +/* this has 'package' visibility */ +void EC_GROUP_clear_free_all_extra_data(EC_GROUP *group) + { + EC_EXTRA_DATA *d; + + if (group == NULL) + return; + + d = group->extra_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->clear_free_func(d->data); + OPENSSL_free(d); + + d = next; + } group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f4e5f9084..c71a69ac0 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -87,6 +87,7 @@ typedef struct ec_pre_comp_st { EC_POINT **points; /* array with pre-calculated multiples of generator: * 'num' pointers to EC_POINT objects followed by a NULL */ size_t num; /* numblocks * 2^(w-1) */ + int references; } EC_PRE_COMP; /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ @@ -110,68 +111,39 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) ret->w = 4; /* default */ ret->points = NULL; ret->num = 0; + ret->references = 1; return ret; } static void *ec_pre_comp_dup(void *src_) { - const EC_PRE_COMP *src = src_; - EC_PRE_COMP *ret = NULL; + EC_PRE_COMP *src = src_; - ret = ec_pre_comp_new(src->group); - if (!ret) - return ret; - ret->blocksize = src->blocksize; - ret->numblocks = src->numblocks; - ret->w = src->w; - ret->num = 0; + /* no need to actually copy, these objects never change! */ - if (src->points) - { - EC_POINT **src_var, **dest_var; + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); - ret->points = (EC_POINT **)OPENSSL_malloc((src->num + 1) * sizeof(EC_POINT *)); - if (!ret->points) - { - ec_pre_comp_free(ret); - return NULL; - } - - for (dest_var = ret->points, src_var = src->points; *src_var != NULL; src_var++, dest_var++) - { - *dest_var = EC_POINT_dup(*src_var, src->group); - if (*dest_var == NULL) - { - ec_pre_comp_free(ret); - return NULL; - } - ret->num++; - } - - ret->points[ret->num] = NULL; - if (ret->num != src->num) - { - ec_pre_comp_free(ret); - ECerr(EC_F_EC_PRE_COMP_DUP, ERR_R_INTERNAL_ERROR); - return NULL; - } - } - - return ret; + return src_; } static void ec_pre_comp_free(void *pre_) { + int i; EC_PRE_COMP *pre = pre_; if (!pre) return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + if (pre->points) { - EC_POINT **var; + EC_POINT **p; - for (var = pre->points; *var != NULL; var++) - EC_POINT_free(*var); + for (p = pre->points; *p != NULL; p++) + EC_POINT_free(*p); OPENSSL_free(pre->points); } OPENSSL_free(pre); @@ -179,10 +151,16 @@ static void ec_pre_comp_free(void *pre_) static void ec_pre_comp_clear_free(void *pre_) { + int i; EC_PRE_COMP *pre = pre_; if (!pre) return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + if (pre->points) { EC_POINT **p; @@ -363,7 +341,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ - EC_PRE_COMP *pre_comp = NULL; + const EC_PRE_COMP *pre_comp = NULL; int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, * i.e. precomputation is not available */ int ret = 0; @@ -761,13 +739,14 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) BIGNUM *order; size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; EC_POINT **points = NULL; - EC_PRE_COMP *pre_comp, *new_pre_comp = NULL; + EC_PRE_COMP *pre_comp; int ret = 0; - pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); - if (pre_comp == NULL) - if ((pre_comp = new_pre_comp = ec_pre_comp_new(group)) == NULL) - return 0; + /* if there is an old EC_PRE_COMP object, throw it away */ + EC_GROUP_free_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if ((pre_comp = ec_pre_comp_new(group)) == NULL) + return 0; generator = EC_GROUP_get0_generator(group); if (generator == NULL) @@ -888,32 +867,22 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) pre_comp->blocksize = blocksize; pre_comp->numblocks = numblocks; pre_comp->w = w; - if (pre_comp->points) - { - EC_POINT **p; - - for (p = pre_comp->points; *p != NULL; p++) - EC_POINT_free(*p); - OPENSSL_free(pre_comp->points); - } pre_comp->points = points; points = NULL; pre_comp->num = num; - if (new_pre_comp) - { - if (!EC_GROUP_set_extra_data(group, new_pre_comp, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) - goto err; - new_pre_comp = NULL; - } + if (!EC_GROUP_set_extra_data(group, pre_comp, + ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + pre_comp = NULL; ret = 1; err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (new_pre_comp) - ec_pre_comp_free(new_pre_comp); + if (pre_comp) + ec_pre_comp_free(pre_comp); if (points) { EC_POINT **p; From abd22c9c46e089cda5023b6dc6f872723d95fd24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 12 Feb 2003 22:01:12 +0000 Subject: [PATCH 075/550] new lock for EC_PRE_COMP structures Submitted by: Nils Larsch --- crypto/cryptlib.c | 5 +++-- crypto/crypto.h | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index fb3e93fe2..bc023e3f4 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -1,6 +1,6 @@ /* crypto/cryptlib.c */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -166,7 +166,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ec", "ecdh", "bn", -#if CRYPTO_NUM_LOCKS != 36 + "ec_pre_comp", +#if CRYPTO_NUM_LOCKS != 37 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto.h b/crypto/crypto.h index a7491fde1..fa799a762 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -1,6 +1,6 @@ /* crypto/crypto.h */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -189,7 +189,8 @@ extern "C" { #define CRYPTO_LOCK_EC 33 #define CRYPTO_LOCK_ECDH 34 #define CRYPTO_LOCK_BN 35 -#define CRYPTO_NUM_LOCKS 36 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_NUM_LOCKS 37 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 From e4b52ac3530849a48aae3b18b9781019cb16826b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 13 Feb 2003 08:53:40 +0000 Subject: [PATCH 076/550] Oh, the destest program did look at the return value... --- crypto/des/destest.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 7799e6e4b..687c00c79 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -320,7 +320,11 @@ static unsigned char ofb_cipher[24]= 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; +#if 0 static DES_LONG cbc_cksum_ret=0xB462FEF7L; +#else +static DES_LONG cbc_cksum_ret=0xF7FE62B4L; +#endif static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; static char *pt(unsigned char *p); From 4989f0599f408aeed89bf559c58d60d951823713 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 13 Feb 2003 13:21:13 +0000 Subject: [PATCH 077/550] Another long name to deal with --- crypto/symhacks.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/symhacks.h b/crypto/symhacks.h index c22560206..a40e4fa46 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -199,6 +199,8 @@ #define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form #undef EC_GROUP_get_point_conversion_form #define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +#undef EC_GROUP_clear_free_all_extra_data +#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data #undef EC_POINT_set_Jprojective_coordinates_GFp #define EC_POINT_set_Jprojective_coordinates_GFp \ EC_POINT_set_Jproj_coords_GFp From 2d3de726c5cc64d419dcdebf427b0cb58c608b36 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 13 Feb 2003 23:52:54 +0000 Subject: [PATCH 078/550] Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it. Note: this has only been tested on GNU-based platforms (Linux), and needs to be tested on all others. Additionally, it's not yet supported on the following platforms, for lack of information: Darwin (MacOS X) Cygwin OSF1/Alpha SVR3 ReliantUNIX Please help out with testing and the platforms we don't yet know well enough. --- CHANGES | 5 + Makefile.org | 1 + Makefile.shared | 201 +++++++++++++++++++++----- apps/Makefile.ssl | 22 ++- test/Makefile.ssl | 351 ++++++++++++++++++++++++++++++++++------------ 5 files changed, 453 insertions(+), 127 deletions(-) diff --git a/CHANGES b/CHANGES index 08c012489..4439a673a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add full support for -rpath/-R, both in shared libraries and + applications, at least on the platforms where it's known how + to do it. + [Richard Levitte] + *) In crypto/ec/ec_mult.c, implement fast point multiplication with precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() will now compute a table of multiples of the generator that diff --git a/Makefile.org b/Makefile.org index 3568efc31..847bcebad 100644 --- a/Makefile.org +++ b/Makefile.org @@ -286,6 +286,7 @@ do_$(SHLIB_TARGET): LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ LIBDEPS="$$libs $(EX_LIBS)" \ + LIBRPATH="$(INSTALLTOP)/lib" \ link_a.$(SHLIB_TARGET); \ libs="$$libs -l$$i"; \ done diff --git a/Makefile.shared b/Makefile.shared index a3acc9877..9178b829a 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -7,19 +7,32 @@ # CC contains the current compiler. This one MUST be defined CC=cc -# LDFLAGS contains flags to be used when the temporary object file is -# created. SHARED_LDFLAGS contains flags to be used when the shared -# library is created. +# LDFLAGS contains flags to be used when temporary object files (when building +# shared libraries) are created, or when an application is linked. +# SHARED_LDFLAGS contains flags to be used when the shared library is created. LDFLAGS= SHARED_LDFLAGS= -# LIBNAME contains just the name of thhe library, without prefix ("lib" +# LIBNAME contains just the name of the library, without prefix ("lib" # on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so, -# .dll, ...). This one MUST have a value when using this makefile. +# .dll, ...). This one MUST have a value when using this makefile to +# build shared libraries. # For example, to build libfoo.so, you need to do the following: #LIBNAME=foo LIBNAME= +# APPNAME contains just the name of the application, without suffix ("" +# on Unix, ".exe" on Windows, ...). This one MUST have a value when using +# this makefile to build applications. +# For example, to build foo, you need to do the following: +#APPNAME=foo +APPNAME= + +# OBJECTS contains all the object files to link together into the application. +# This must contain at least one object file. +#OBJECTS=foo.o +OBJECTS= + # LIBEXTRAS contains extra modules to link together with the library. # For example, if a second library, say libbar.a needs to be linked into # libfoo.so, you need to do the following: @@ -73,8 +86,12 @@ CALC_VERSIONS= \ done; \ fi +LINK_APP= \ + ( $(DEBUG); \ + $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) + LINK_SO= \ - ( $(DEBUG); \ + ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \ @@ -111,19 +128,25 @@ LINK_SO_A_UNPACKED= \ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null -DO_GNU=$(CALC_VERSIONS); \ +DO_GNU_SO=$(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \ SHAREDCMD='$(CC)' +DO_GNU_APP=LDCMD=$(CC);\ + LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME=$(APPNAME) link_o.gnu: - @ $(DO_GNU); $(LINK_SO_O) + @ $(DO_GNU_SO); $(LINK_SO_O) link_a.gnu: - @ $(DO_GNU); $(LINK_SO_A) + @ $(DO_GNU_SO); $(LINK_SO_A) +link_app.gnu: + @ $(DO_GNU_APP); $(LINK_APP) # For Darwin AKA Mac OS/X (dyld) link_o.darwin: @@ -158,6 +181,12 @@ link_a.darwin: SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \ fi; \ $(LINK_SO_A) +link_app.darwin: + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + $(LINK_APP) link_o.cygwin: @ $(CALC_VERSIONS); \ @@ -183,10 +212,16 @@ link_a.cygwin: SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ SHAREDCMD='${CC}'; \ $(LINK_SO_A) +link_app.cygwin: + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME).exe" + $(LINK_APP) link_o.alpha-osf1: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -209,7 +244,7 @@ link_o.alpha-osf1: $(LINK_SO_O) link_a.alpha-osf1: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -230,12 +265,22 @@ link_a.alpha-osf1: fi; \ fi; \ $(LINK_SO_A) +link_app.alpha-osf1: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + fi; \ + $(LINK_APP) # The difference between alpha-osf1-shared and tru64-shared is the `-msym' # option passed to the linker. link_o.tru64: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -249,7 +294,7 @@ link_o.tru64: SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="-shared -msym"; \ + SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ @@ -258,7 +303,7 @@ link_o.tru64: $(LINK_SO_O) link_a.tru64: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -272,19 +317,29 @@ link_a.tru64: SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="-shared -msym"; \ + SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ fi; \ $(LINK_SO_A) +link_app.tru64: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-rpath $(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) # The difference between tru64-shared and tru64-shared-rpath is the # -rpath ${LIBRPATH} passed to the linker. link_o.tru64-rpath: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -307,7 +362,7 @@ link_o.tru64-rpath: $(LINK_SO_O) link_a.tru64-rpath: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -328,10 +383,20 @@ link_a.tru64-rpath: fi; \ fi; \ $(LINK_SO_A) +link_app.tru64-rpath: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-rpath $(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) link_o.solaris: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ MINUSZ='-z '; \ @@ -341,13 +406,13 @@ link_o.solaris: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS="$${MINUSZ}allextract"; \ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ - SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) link_a.solaris: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ MINUSZ='-z '; \ @@ -357,16 +422,26 @@ link_a.solaris: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS="$${MINUSZ}allextract"; \ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ - SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A) +link_app.solaris: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-R $(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) # OpenServer 5 native compilers used # UnixWare 7 and OpenUNIX 8 native compilers used link_o.svr3: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -380,7 +455,7 @@ link_o.svr3: $(LINK_SO_O) link_a.svr3: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -392,10 +467,20 @@ link_a.svr3: SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A_UNPACKED) +link_app.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) link_o.irix: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -403,13 +488,13 @@ link_o.irix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) link_a.irix: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -417,10 +502,20 @@ link_a.irix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A) +link_app.irix: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) # HP-UX includes the full pathname of libs we depend on, so we would get # ./libcrypto (with ./ as path information) compiled into libssl, hence @@ -439,7 +534,7 @@ link_o.hpux32: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-Fl'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX link_a.hpux32: @@ -449,9 +544,15 @@ link_a.hpux32: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-Fl'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +link_app.hpux32: + LDCMD=$(CC);\ + LDFLAGS="-Wl,+b,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) # HP-UX includes the full pathname of libs we depend on, so we would get # ./libcrypto (with ./ as path information) compiled into libssl, hence @@ -468,7 +569,7 @@ link_o.hpux64: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='+forceload'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX link_a.hpux64: @@ -478,9 +579,15 @@ link_a.hpux64: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='+forceload'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +link_app.hpux64: + LDCMD=$(CC);\ + LDFLAGS="-Wl,+b,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) link_o.aix: @ $(CALC_VERSIONS); \ @@ -489,7 +596,7 @@ link_o.aix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \ SHAREDCMD='$(CC)'; \ $(LINK_SO_O) link_a.aix: @@ -499,9 +606,15 @@ link_a.aix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \ SHAREDCMD='$(CC)'; \ $(LINK_SO_A_VIA_O) +link_app.aix: + LDCMD=$(CC);\ + LDFLAGS="-blibpath:$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) link_o.reliantunix: @ $(CALC_VERSIONS); \ @@ -523,6 +636,12 @@ link_a.reliantunix: SHAREDFLAGS='-G'; \ SHAREDCMD='$(CC)'; \ $(LINK_SO_A_UNPACKED) +link_app.reliantunix: + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) # Targets to build symbolic links when needed symlink.gnu symlink.solaris symlink.svr3 symlink.irix \ @@ -545,43 +664,57 @@ symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath: # Compatibility targets link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu +link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu link_o.darwin-shared: link_o.darwin link_a.darwin-shared: link_a.darwin +link_app.darwin-shared: link_app.darwin symlink.darwin-shared: symlink.darwin link_o.cygwin-shared: link_o.cygwin link_a.cygwin-shared: link_a.cygwin +link_app.cygwin-shared: link_app.cygwin symlink.cygwin-shared: symlink.cygwin link_o.alpha-osf1-shared: link_o.alpha-osf1 link_a.alpha-osf1-shared: link_a.alpha-osf1 +link_app.alpha-osf1-shared: link_app.alpha-osf1 symlink.alpha-osf1-shared: symlink.alpha-osf1 link_o.tru64-shared: link_o.tru64 link_a.tru64-shared: link_a.tru64 +link_app.tru64-shared: link_app.tru64 symlink.tru64-shared: symlink.tru64 link_o.tru64-shared-rpath: link_o.tru64-rpath link_a.tru64-shared-rpath: link_a.tru64-rpath +link_app.tru64-shared-rpath: link_app.tru64-rpath symlink.tru64-shared-rpath: symlink.tru64-rpath link_o.solaris-shared: link_o.solaris link_a.solaris-shared: link_a.solaris +link_app.solaris-shared: link_app.solaris symlink.solaris-shared: symlink.solaris link_o.svr3-shared: link_o.svr3 link_a.svr3-shared: link_a.svr3 +link_app.svr3-shared: link_app.svr3 symlink.svr3-shared: symlink.svr3 link_o.svr5-shared: link_o.svr3 link_a.svr5-shared: link_a.svr3 +link_app.svr5-shared: link_app.svr3 symlink.svr5-shared: symlink.svr3 link_o.irix-shared: link_o.irix link_a.irix-shared: link_a.irix +link_app.irix-shared: link_app.irix symlink.irix-shared: symlink.irix link_o.hpux-shared: link_o.hpux32 link_a.hpux-shared: link_a.hpux32 +link_app.hpux-shared: link_app.hpux32 symlink.hpux-shared: symlink.hpux32 link_o.hpux64-shared: link_o.hpux64 link_a.hpux64-shared: link_a.hpux64 +link_app.hpux64-shared: link_app.hpux64 symlink.hpux64-shared: symlink.hpux64 link_o.aix-shared: link_o.aix link_a.aix-shared: link_a.aix +link_app.aix-shared: link_app.aix symlink.aix-shared: symlink.aix link_o.reliantunix-shared: link_o.reliantunix link_a.reliantunix-shared: link_a.reliantunix +link_app.reliantunix-shared: link_app.reliantunix symlink.reliantunix-shared: symlink.reliantunix diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index ab266f19b..af0002341 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -10,7 +10,8 @@ CFLAG= -g -static INSTALL_PREFIX= INSTALLTOP= /usr/local/ssl OPENSSLDIR= /usr/local/ssl -MAKE= make -f Makefile.ssl +NEWMAKE= make +MAKE= $(NEWMAKE) -f Makefile.ssl MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile.ssl @@ -86,7 +87,12 @@ all: exe exe: $(PROGRAM) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) - $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=req LDFLAGS="$(CFLAG)" \ + OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -144,10 +150,16 @@ $(DLIBCRYPTO): $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ else \ - $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(PROGRAM) LDFLAGS="$(CFLAG)" \ + OBJECTS="$(PROGRAM).o $(E_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 6d4d6292b..a75727b06 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -11,7 +11,8 @@ INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl INSTALLTOP= /usr/local/ssl MAKEFILE= Makefile.ssl -MAKE= make -f $(MAKEFILE) +NEWMAKE= make +MAKE= $(NEWMAKE) -f $(MAKEFILE) MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl @@ -298,199 +299,367 @@ $(DLIBCRYPTO): $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RSATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RSATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(BNTEST): $(BNTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(BNTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(BNTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ECTEST): $(ECTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ECTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ECTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(EXPTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(EXPTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(IDEATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(IDEATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MD2TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MD2TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(SHATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(SHATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(SHA1TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(SHA1TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RMDTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RMDTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MDC2TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MDC2TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MD4TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MD4TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MD5TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MD5TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(HMACTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(HMACTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RC2TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RC2TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(BFTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(BFTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(CASTTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(CASTTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RC4TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RC4TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RC5TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RC5TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(DESTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(DESTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RANDTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RANDTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(DHTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(DHTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(DSATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(DSATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(METHTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(METHTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)"; \ else \ - $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(SSLTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(SSLTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ENGINETEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ENGINETEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(EVPTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(EVPTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ECDSATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ECDSATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ECDHTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ECDHTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -504,10 +673,16 @@ $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) dummytest: dummytest.o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=dummytest LDFLAGS="$(CFLAGS)" \ + OBJECTS="dummytest.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) # DO NOT DELETE THIS LINE -- make depend depends on it. From 85d686e7231b2cf04ec73457ac6d7009724569c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 01:02:58 +0000 Subject: [PATCH 079/550] Make it possible to disable OCSP, the speed application, and the use of sockets. PR: 358 --- apps/ocsp.c | 11 +++++++++++ apps/progs.h | 2 ++ apps/speed.c | 3 +++ crypto/x509v3/ext_dat.h | 6 ++++++ crypto/x509v3/v3_ocsp.c | 3 +++ ssl/bio_ssl.c | 2 ++ 6 files changed, 27 insertions(+) diff --git a/apps/ocsp.c b/apps/ocsp.c index 92922bc8a..6182410f6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -55,6 +55,7 @@ * Hudson (tjh@cryptsoft.com). * */ +#ifndef OPENSSL_NO_OCSP #include #include @@ -722,7 +723,12 @@ int MAIN(int argc, char **argv) } else if (host) { +#ifndef OPENSSL_NO_SOCK cbio = BIO_new_connect(host); +#else + BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); + goto end; +#endif if (!cbio) { BIO_printf(bio_err, "Error creating connect BIO\n"); @@ -1139,7 +1145,11 @@ static BIO *init_responder(char *port) bufbio = BIO_new(BIO_f_buffer()); if (!bufbio) goto err; +#ifndef OPENSSL_NO_SOCK acbio = BIO_new_accept(port); +#else + BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); +#endif if (!acbio) goto err; BIO_set_accept_bios(acbio, bufbio); @@ -1226,3 +1236,4 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } +#endif diff --git a/apps/progs.h b/apps/progs.h index b551e1de9..131a721a3 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -102,7 +102,9 @@ FUNCTION functions[] = { #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif +#ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, +#endif #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif diff --git a/apps/speed.c b/apps/speed.c index df892c51f..8a2abf73d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -71,6 +71,8 @@ /* most of this code has been pilfered from my libdes speed.c program */ +#ifndef OPENSSL_NO_SPEED + #undef SECONDS #define SECONDS 3 #define RSA_SECONDS 10 @@ -2579,3 +2581,4 @@ static int do_multi(int multi) return 1; } #endif +#endif diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 2fb97d892..544248059 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -90,17 +90,23 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_crld, &v3_ext_ku, &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP &v3_crl_invdate, +#endif &v3_sxnet, &v3_info, +#ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, &v3_ocsp_accresp, &v3_ocsp_nocheck, &v3_ocsp_acutoff, &v3_ocsp_serviceloc, +#endif &v3_sinfo, +#ifndef OPENSSL_NO_OCSP &v3_crl_hold +#endif }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c index 083112314..21badc13f 100644 --- a/crypto/x509v3/v3_ocsp.c +++ b/crypto/x509v3/v3_ocsp.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_OCSP + #include #include "cryptlib.h" #include @@ -270,3 +272,4 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int err: return 0; } +#endif diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 1301549e2..d683ee43e 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -513,6 +513,7 @@ static int ssl_puts(BIO *bp, const char *str) BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) { +#ifndef OPENSSL_NO_SOCK BIO *ret=NULL,*buf=NULL,*ssl=NULL; if ((buf=BIO_new(BIO_f_buffer())) == NULL) @@ -525,6 +526,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) err: if (buf != NULL) BIO_free(buf); if (ssl != NULL) BIO_free(ssl); +#endif return(NULL); } From 7e38616d1f142fba491a27bd2e8ae88f6ec1cf52 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 05:20:25 +0000 Subject: [PATCH 080/550] Change no_rmd160 to no_ripemd for consistency. PR: 500 --- util/mk1mf.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index e14391164..4e768fa56 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -222,7 +222,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160; +$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; @@ -714,7 +714,7 @@ sub var_add @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; + @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; @@ -941,7 +941,7 @@ sub read_options elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; - $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; + $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; $no_aes=1; } elsif (/^rsaref$/) { } From e270cf9c5ec253ca74a55ab6d537394e764c4d9a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 05:24:22 +0000 Subject: [PATCH 081/550] Pay attention to disabled SSL versions. PR: 500 --- apps/ocsp.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/apps/ocsp.c b/apps/ocsp.c index 6182410f6..f05ec0e65 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -738,7 +738,16 @@ int MAIN(int argc, char **argv) if (use_ssl == 1) { BIO *sbio; +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) ctx = SSL_CTX_new(SSLv23_client_method()); +#elif !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv3_client_method()); +#elif !defined(OPENSSL_NO_SSL2) + ctx = SSL_CTX_new(SSLv2_client_method()); +#else + BIO_printf(bio_err, "SSL is disabled\n"); + goto end; +#endif SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); sbio = BIO_new_ssl(ctx, 1); cbio = BIO_push(sbio, cbio); From 794a386af3cf5617929f3c689b2caf7c5b34f2f7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 08:56:21 +0000 Subject: [PATCH 082/550] Update linux-mips and linux-mipsel to support threads and shared libraries. I also updated the bn_ops field with values taken from OpenBSD-mips. PR: 498 --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 0f270d72e..123095852 100755 --- a/Configure +++ b/Configure @@ -383,8 +383,8 @@ my %table=( "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", -"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", +"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From c1269c81fd52a031595ec69a4a88ed80df100008 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 13:12:00 +0000 Subject: [PATCH 083/550] Handle krb5 libraries separately and make sure only libssl.so depends on it. --- Configure | 4 ++-- Makefile.org | 6 +++++- apps/Makefile.ssl | 1 + test/Makefile.ssl | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index 123095852..3b649de25 100755 --- a/Configure +++ b/Configure @@ -650,6 +650,7 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; +my $libkrb5=""; my $target; my $options; my $symlink; @@ -1037,8 +1038,6 @@ else $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" if $withargs{"krb5-include"} eq "" && $withargs{"krb5-dir"} ne ""; - - $libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne ""; } # The DSO code currently always implements all functions so that no @@ -1273,6 +1272,7 @@ while () s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; + s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); diff --git a/Makefile.org b/Makefile.org index 847bcebad..1baf7e8b4 100644 --- a/Makefile.org +++ b/Makefile.org @@ -167,6 +167,7 @@ RMD160_ASM_OBJ= asm/rm86-out.o # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= DIRS= crypto ssl engines apps test tools SHLIBDIRS= crypto ssl @@ -280,6 +281,9 @@ build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): @ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ $(NEWMAKE) -f Makefile.shared \ CC="$(CC)" LDFLAGS="$(LDFLAGS)" \ SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ @@ -288,7 +292,7 @@ do_$(SHLIB_TARGET): LIBDEPS="$$libs $(EX_LIBS)" \ LIBRPATH="$(INSTALLTOP)/lib" \ link_a.$(SHLIB_TARGET); \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done openssl.pc: Makefile.ssl diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index af0002341..7dce73d61 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -19,6 +19,7 @@ PERL= perl RM= rm -f # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= diff --git a/test/Makefile.ssl b/test/Makefile.ssl index a75727b06..344d21ef8 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -16,6 +16,9 @@ MAKE= $(NEWMAKE) -f $(MAKEFILE) MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= #-lnsl -lsocket From b7bbac72c42bec0f8bf3d7cd96ee10cd54f66c2f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 13:30:35 +0000 Subject: [PATCH 084/550] Add support for IA64. PR: 454 --- CHANGES | 3 +++ Configure | 1 + config | 1 + 3 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index 4439a673a..1bfbb2741 100644 --- a/CHANGES +++ b/CHANGES @@ -425,6 +425,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Add support for FreeBSD on IA64. + [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT Kerberos function mit_des_cbc_cksum(). Before this change, the value returned by DES_cbc_cksum() was like the one from diff --git a/Configure b/Configure index 3b649de25..717d79a80 100755 --- a/Configure +++ b/Configure @@ -396,6 +396,7 @@ my %table=( "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/config b/config index 72905c90e..7bbd1c248 100755 --- a/config +++ b/config @@ -641,6 +641,7 @@ EOF *-*-sunos4) OUT="sunos-$CC" ;; alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; + ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; *86*-*-netbsd) OUT="NetBSD-x86" ;; From ffa49dc3d98b08db46522781f7537155e00d44d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 14 Feb 2003 14:21:58 +0000 Subject: [PATCH 085/550] make update --- TABLE | 53 ++++++++++++++++++++++++++++++++++++------------- util/libeay.num | 3 +++ 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/TABLE b/TABLE index bf14584c2..e029431f0 100644 --- a/TABLE +++ b/TABLE @@ -225,6 +225,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** FreeBSD-ia64 +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR +$bn_obj = asm/ia64-cpp.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** FreeBSD-sparc64 $cc = gcc $cflags = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer @@ -3104,10 +3129,10 @@ $arflags = $cc = gcc $cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = -$thread_cflag = (unknown) +$thread_cflag = -D_REENTRANT $sys_id = -$lflags = -$bn_ops = BN_LLONG +$lflags = -ldl +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2 $bn_obj = $des_obj = $bf_obj = @@ -3117,11 +3142,11 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = @@ -3129,10 +3154,10 @@ $arflags = $cc = gcc $cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = -$thread_cflag = (unknown) +$thread_cflag = -D_REENTRANT $sys_id = -$lflags = -$bn_ops = BN_LLONG +$lflags = -ldl +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2 $bn_obj = $des_obj = $bf_obj = @@ -3142,11 +3167,11 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = diff --git a/util/libeay.num b/util/libeay.num index efaf93c94..bfddc357f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2996,3 +2996,6 @@ BN_generate_prime_ex 3430 EXIST::FUNCTION: DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +a2i_IPADDRESS 3434 EXIST::FUNCTION: +ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE +EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC From 79221bc26587c2f58c7198cc73d89eda6bdd6025 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 14 Feb 2003 23:21:19 +0000 Subject: [PATCH 086/550] David Brumley noted and corrected a case in the verification step of CRT private key operations in the RSA code - previously no montgomery form was checked or used for 'n', and so it would be generated on the fly each time. As a result, private key operations are now a percent or two faster. Rather than adding this as another repetition of the nearly-identical montgomery "check for first-use" initialisation code blocks, I've taken this chance to create a helper function and macro-wrapper to replace them. PR: 475 --- crypto/rsa/rsa_eay.c | 145 ++++++++++++++----------------------------- 1 file changed, 45 insertions(+), 100 deletions(-) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index d4e30647d..04cefd38b 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -100,6 +100,43 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } +/* Static helper to reduce oodles of code duplication. As a slight + * optimisation, the "MONT_HELPER() macro must be used as front-end to this + * function, to prevent unnecessary function calls - there is an initial test + * that is performed by the macro-generated code. */ +static int rsa_eay_mont_helper(BN_MONT_CTX **ptr, const BIGNUM *modulus, BN_CTX *ctx) + { + BN_MONT_CTX *bn_mont_ctx; + if((bn_mont_ctx = BN_MONT_CTX_new()) == NULL) + return 0; + if(!BN_MONT_CTX_set(bn_mont_ctx, modulus, ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + return 0; + } + if (*ptr == NULL) /* other thread may have finished first */ + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (*ptr == NULL) /* check again in the lock to stop races */ + { + *ptr = bn_mont_ctx; + bn_mont_ctx = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + if (bn_mont_ctx) + BN_MONT_CTX_free(bn_mont_ctx); + return 1; + } +/* Usage example; + * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + */ +#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ + if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ + !rsa_eay_mont_helper(&((rsa)->_method_mod_##m), \ + (rsa)->m, (ctx))) \ + err_instr + static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -149,30 +186,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -418,31 +433,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - /* do the decrypt */ - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -487,57 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) BN_init(&vrfy); if ((ctx=BN_CTX_new()) == NULL) goto err; - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) - { - if (rsa->_method_mod_p == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_p == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_p == NULL) - { - rsa->_method_mod_p = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } + MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - if (rsa->_method_mod_q == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_q == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_q == NULL) - { - rsa->_method_mod_q = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - } - if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, rsa->_method_mod_q)) goto err; @@ -568,7 +513,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (rsa->e && rsa->n) { - if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; /* If 'I' was greater than (or equal to) rsa->n, the operation * will be equivalent to using 'I mod n'. However, the result of * the verify will *always* be less than 'n' so we don't check From b12753dffcf096c7d7110397ea9905b07a2ed573 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 15 Feb 2003 00:18:38 +0000 Subject: [PATCH 087/550] We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE. Also, I've added handling for other mod_exp calls that were not using any cached montgomery forms. These cases matter only for special RSA keys (eg. ones that are missing information) so are unlikely to be used in normal circumstances. --- crypto/rsa/rsa_eay.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 04cefd38b..24c77699f 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -269,7 +269,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) @@ -349,7 +351,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } @@ -481,7 +485,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, @@ -526,7 +530,8 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) /* 'I' and 'vrfy' aren't congruent mod n. Don't leak * miscalculated CRT output, just do a raw (slower) * mod_exp and return that instead. */ - if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } ret=1; err: From 27068df7e05d5d3cadd4b0f10762b32cf8b01beb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 15 Feb 2003 00:50:55 +0000 Subject: [PATCH 088/550] Single pass processing to cleartext S/MIME signing. --- CHANGES | 11 ++++++++ apps/smime.c | 12 ++++++--- crypto/pkcs7/pk7_mime.c | 56 +++++++++++++++++++++++++++++++++++----- crypto/pkcs7/pk7_smime.c | 22 +++++++++------- crypto/pkcs7/pkcs7.h | 1 + 5 files changed, 82 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index 1bfbb2741..aab19157d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,17 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for single pass processing for S/MIME signing. This now + means that S/MIME signing can be done from a pipe, in addition + cleartext signing (multipart/signed type) is effectively streaming + and the signed data does not need to be all held in memory. + + This is done with a new flag PKCS7_PARTSIGN. When this flag is set + PKCS7_sign() only initializes the PKCS7 structure and the actual signing + is done after the data is output (and digests calculated) in + SMIME_write_PKCS7(). + [Steve Henson] + *) Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it. diff --git a/apps/smime.c b/apps/smime.c index cc248d377..83daa71ca 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -1,9 +1,9 @@ /* smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -478,8 +478,14 @@ int MAIN(int argc, char **argv) if(operation == SMIME_ENCRYPT) { p7 = PKCS7_encrypt(encerts, in, cipher, flags); } else if(operation == SMIME_SIGN) { + /* If detached data and SMIME output enable partial + * signing. + */ + if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) + flags |= PKCS7_PARTSIGN; p7 = PKCS7_sign(signer, key, other, in, flags); - if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) { + /* Don't need to rewind for partial signing */ + if (!(flags & PKCS7_PARTSIGN) && (BIO_reset(in) != 0)) { BIO_printf(bio_err, "Can't rewind input file\n"); goto end; } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 5100c84b8..51be77768 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -1,9 +1,9 @@ /* pk7_mime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ DECLARE_STACK_OF(MIME_HEADER) IMPLEMENT_STACK_OF(MIME_HEADER) +static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); static PKCS7 *B64_read_PKCS7(BIO *bio); static char * strip_ends(char *name); @@ -150,7 +151,6 @@ static PKCS7 *B64_read_PKCS7(BIO *bio) int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { - char linebuf[MAX_SMLEN]; char bound[33], c; int i; if((flags & PKCS7_DETACHED) && data) { @@ -171,9 +171,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) BIO_printf(bio, "This is an S/MIME signed message\n\n"); /* Now write out the first part */ BIO_printf(bio, "------%s\r\n", bound); - if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); - while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) - BIO_write(bio, linebuf, i); + + pkcs7_output_data(bio, data, p7, flags); + BIO_printf(bio, "\n------%s\n", bound); /* Headers for signature */ @@ -195,6 +195,47 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) return 1; } +/* Handle output of PKCS#7 data */ + + +static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) + { + BIO *tmpbio, *p7bio; + + if (!(flags & PKCS7_PARTSIGN)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + /* Partial sign operation */ + + /* Initialize sign operation */ + p7bio = PKCS7_dataInit(p7, out); + + /* Copy data across, computing digests etc */ + SMIME_crlf_copy(data, p7bio, flags); + + /* Must be detached */ + PKCS7_set_detached(p7, 1); + + /* Finalize signatures */ + PKCS7_dataFinal(p7, p7bio); + + /* Now remove any digests from output BIO */ + + while (1) + { + tmpbio = BIO_pop(p7bio); + if (tmpbio == out) + break; + BIO_free(tmpbio); + } + + return 1; + + } + /* SMIME reader: handle multipart/signed and opaque signing. * in multipart case the content is placed in a memory BIO * pointed to by "bcont". In opaque this is set to NULL @@ -314,7 +355,8 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_write(out, linebuf, len); return 1; } - if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + if(flags & PKCS7_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = 0; while(iscrlf(linebuf[len - 1])) { diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index f0d071e28..b170fe285 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -1,9 +1,9 @@ /* pk7_smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -97,14 +97,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, PKCS7_add_certificate(p7, sk_X509_value(certs, i)); } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; - } - - - SMIME_crlf_copy(data, p7bio, flags); - if(!(flags & PKCS7_NOATTR)) { PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); @@ -133,6 +125,16 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } + if (flags & PKCS7_PARTSIGN) + return p7; + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + SMIME_crlf_copy(data, p7bio, flags); + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 226fb6434..a2956589a 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,6 +260,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_PARTSIGN 0x400 /* Flags: for compatibility with older code */ From 4cadedef57d790c699bc672cd39a41861590fabc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 15 Feb 2003 01:09:55 +0000 Subject: [PATCH 089/550] Update docs. --- doc/crypto/PKCS7_sign.pod | 24 ++++++++++++++++++++---- doc/crypto/SMIME_write_PKCS7.pod | 14 ++++++++------ 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod index fc7e649b3..ffd0c734b 100644 --- a/doc/crypto/PKCS7_sign.pod +++ b/doc/crypto/PKCS7_sign.pod @@ -51,6 +51,24 @@ If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included. +If the flags B is set then the returned B structure +is just initialized ready to perform the signing operation. The signing +is however B performed and the data to be signed is not read from +the B parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. Currently the +flag B B also be set. + +=head1 NOTES + +Currently the flag B is only supported for detached +data. If this flag is set the returned B structure is B +complete and outputting its contents via a function that does not +properly finalize the B structure will give unpredictable +results. + +At present only the SMIME_write_PKCS7() function properly finalizes the +structure. + =head1 BUGS PKCS7_sign() is somewhat limited. It does not support multiple signers, some @@ -64,10 +82,6 @@ signed due to memory restraints. There should be a way to sign data without having to hold it all in memory, this would however require fairly major revisions of the OpenSSL ASN1 code. -Clear text signing does not store the content in memory but the way PKCS7_sign() -operates means that two passes of the data must typically be made: one to compute -the signatures and a second to output the data along with the signature. There -should be a way to process the data with only a single pass. =head1 RETURN VALUES @@ -82,4 +96,6 @@ L, L PKCS7_sign() was added to OpenSSL 0.9.5 +The B flag was added in OpenSSL 0.9.8 + =cut diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod index 2cfad2e04..61945b388 100644 --- a/doc/crypto/SMIME_write_PKCS7.pod +++ b/doc/crypto/SMIME_write_PKCS7.pod @@ -30,18 +30,20 @@ If the B flag is set MIME headers for type B are added to the content, this only makes sense if B is also set. -If cleartext signing is being used then the data must be read twice: -once to compute the signature in PKCS7_sign() and once to output the -S/MIME message. +If the B flag is set the signed data is finalized +and output along with the content. This flag should only be set +if B is also set and the previous call to PKCS7_sign() +also set these flags. + +If cleartext signing is being used and B not set then +the data must be read twice: once to compute the signature in PKCS7_sign() +and once to output the S/MIME message. =head1 BUGS SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there should be an option to disable this. -There should really be a way to produce cleartext signing using only -a single pass of the data. - =head1 RETURN VALUES SMIME_write_PKCS7() returns 1 for success or 0 for failure. From b653327d4746cff0906eff8e740622aae4439e80 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 15 Feb 2003 20:32:13 +0000 Subject: [PATCH 090/550] Declare prototypes for function pointer types, even if they are likely to be cast later on. --- crypto/engine/engine.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index f56c1c67e..d4d08d962 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -276,11 +276,11 @@ typedef struct ENGINE_CMD_DEFN_st } ENGINE_CMD_DEFN; /* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR)(); +typedef int (*ENGINE_GEN_FUNC_PTR)(void); /* Generic function pointer taking no arguments */ typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); /* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); /* Generic load_key function pointer */ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, UI_METHOD *ui_method, void *callback_data); @@ -397,7 +397,7 @@ int ENGINE_register_all_complete(void); * reference to an engine, but many control commands may require the engine be * functional. The caller should be aware of trying commands that require an * operational ENGINE, and only use functional references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* This function tests if an ENGINE-specific command is usable as a "setting". * Eg. in an application's config file that gets processed through @@ -410,7 +410,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to * use the cmd_name and cmd_optional. */ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional); + long i, void *p, void (*f)(void), int cmd_optional); /* This function passes a command-name and argument to an ENGINE. The cmd_name * is converted to a command number and the control command is called using From 4879ec7bf3dc684e33f330d8b5b9eed5f4a2c344 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 15 Feb 2003 20:38:57 +0000 Subject: [PATCH 091/550] Session cache implementations shouldn't have to access SSL_SESSION elements directly, so this missing functionality is required. PR: 276 --- ssl/ssl.h | 1 + ssl/ssl_sess.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/ssl/ssl.h b/ssl/ssl.h index 97b313fd8..7cd7ece4c 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1266,6 +1266,7 @@ void SSL_copy_session_id(SSL *to,SSL *from); SSL_SESSION *SSL_SESSION_new(void); unsigned long SSL_SESSION_hash(SSL_SESSION *a); int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); #ifndef OPENSSL_NO_FP_API int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); #endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index fbc30b94e..b4fb90448 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -127,6 +127,13 @@ SSL_SESSION *SSL_SESSION_new(void) return(ss); } +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if(len) + *len = s->session_id_length; + return s->session_id; + } + /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly * until we have no conflict is going to complete in one iteration pretty much From 26e97244588fef483bb905cd7947004fd0cf3569 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sun, 16 Feb 2003 20:10:23 +0000 Subject: [PATCH 092/550] Remove "+Olibcalls" option from HPUX targets. Reportedly this option is deprecated, and on some systems "make test" fails if it is included. PR: 495 --- Configure | 8 ++++---- TABLE | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Configure b/Configure index 717d79a80..ba190776d 100755 --- a/Configure +++ b/Configure @@ -270,12 +270,12 @@ my %table=( # # Chris Ruemmler # Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Isn't the line below meaningless? HP-UX cc optimizes for host by default. # hpux-parisc1_0-cc with +DAportable flag would make more sense. -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or diff --git a/TABLE b/TABLE index e029431f0..0dbd4736f 100644 --- a/TABLE +++ b/TABLE @@ -2352,7 +2352,7 @@ $arflags = *** hpux-parisc-cc $cc = cc -$cflags = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY +$cflags = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2427,7 +2427,7 @@ $arflags = *** hpux-parisc1_1-cc $cc = cc -$cflags = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$cflags = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2452,7 +2452,7 @@ $arflags = *** hpux-parisc2-cc $cc = cc -$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2652,7 +2652,7 @@ $arflags = *** hpux64-parisc2-cc $cc = cc -$cflags = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = From 758f942b882ce8a9047595512f99a91a43060876 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 18 Feb 2003 12:14:57 +0000 Subject: [PATCH 093/550] Make the no-err option work properly --- CHANGES | 11 +++++++++++ Configure | 5 +++++ crypto/err/err.c | 2 ++ 3 files changed, 18 insertions(+) diff --git a/CHANGES b/CHANGES index aab19157d..6c07f9124 100644 --- a/CHANGES +++ b/CHANGES @@ -436,6 +436,17 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Make the no-err option work as intended. The intention with no-err + is not to have the whole error stack handling routines removed from + libcrypto, it's only intended to remove all the function name and + reason texts, thereby removing some of the footprint that may not + be interesting if those errors aren't displayed anyway. + + NOTE: it's still possible for any application or module to have it's + own set of error texts inserted. The routines are there, just not + used by default when no-err is given. + [Richard Levitte] + *) Add support for FreeBSD on IA64. [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] diff --git a/Configure b/Configure index ba190776d..78ad1d8a8 100755 --- a/Configure +++ b/Configure @@ -692,6 +692,11 @@ PROCESS_ARGS: $flags .= "-DOPENSSL_NO_ASM "; $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; } + elsif (/^no-err$/) + { + $flags .= "-DOPENSSL_NO_ERR "; + $openssl_other_defines .= "#define OPENSSL_NO_ERR\n"; + } elsif (/^no-hw-(.+)$/) { my $hw=$1; diff --git a/crypto/err/err.c b/crypto/err/err.c index 85ff9a52d..1f943c82a 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -212,6 +212,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= {0,NULL}, }; +#endif /* Define the predeclared (but externally opaque) "ERR_FNS" type */ @@ -492,6 +493,7 @@ static int int_err_get_next_lib(void) } +#ifndef OPENSSL_NO_ERR #define NUM_SYS_STR_REASONS 127 #define LEN_SYS_STR_REASON 32 From 988e8458ad365d61d7554b2d0094e083aa8ee82d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 18 Feb 2003 12:46:47 +0000 Subject: [PATCH 094/550] Typo. --- crypto/asn1/asn1_gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 3d9d2ce07..c162042a0 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -597,7 +597,7 @@ static int asn1_str2tag(const char *tagstr, int len) /* SEQUENCE wrapper */ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), /* SET wrapper */ - ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SEQWRAP), + ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), /* BIT STRING wrapper */ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), From c893bffae7601a2010ac57212257bd4e9784af6b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 19 Feb 2003 01:04:34 +0000 Subject: [PATCH 095/550] Update debub-steve* entries. --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 78ad1d8a8..3df57f633 100755 --- a/Configure +++ b/Configure @@ -143,8 +143,8 @@ my %table=( "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", +"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", +"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 77e270d10e4c8ec047ef9080fccc281022ccb840 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 11:22:15 +0000 Subject: [PATCH 096/550] Borland C++ Builder 5 complains about unreachable statements. --- crypto/md2/md2test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index d2f6dce97..901d0a7d8 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -125,7 +125,6 @@ int main(int argc, char *argv[]) P++; } EXIT(err); - return(0); } static char *pt(unsigned char *md) From d5234c7b3a4ebcd6dcc31a042838d90a27b57c82 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 11:54:42 +0000 Subject: [PATCH 097/550] Make sure the memory allocation routines check for negative sizes --- crypto/mem.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/mem.c b/crypto/mem.c index d7d3cda5d..57f295877 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -252,6 +252,8 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; + if (num < 0) return NULL; + allow_customize = 0; if (malloc_debug_func != NULL) { @@ -291,6 +293,8 @@ void *CRYPTO_malloc(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; + if (num < 0) return NULL; + allow_customize = 0; if (malloc_debug_func != NULL) { @@ -319,6 +323,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -338,6 +345,9 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (str == NULL) return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); From 5b0b0e98cec653ae1e65e2251c3e0fc273945df5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 12:03:59 +0000 Subject: [PATCH 098/550] Security fix: Vaudenay timing attack on CBC. An advisory will be posted to the web. Expect a release within the hour. --- CHANGES | 24 +++++++++++++++++++++++- ssl/s3_pkt.c | 47 +++++++++++++++++++++++++++++++---------------- 2 files changed, 54 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index 6c07f9124..4c6ad1e31 100644 --- a/CHANGES +++ b/CHANGES @@ -434,7 +434,17 @@ TODO: bug: pad x with leading zeros if necessary differing sizes. [Richard Levitte] - Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] *) Make the no-err option work as intended. The intention with no-err is not to have the whole error stack handling routines removed from @@ -2325,6 +2335,18 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 6ccea9aee..3f88429e7 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s) unsigned int mac_size; int clear=0; size_t extra; + int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); sess=s->session; @@ -353,8 +355,11 @@ again: /* SSLerr() and ssl3_send_alert() have been called */ goto err; - /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; + /* Otherwise enc_err == -1, which indicates bad padding + * (rec->length has not been changed in this case). + * To minimize information leaked via timing, we will perform + * the MAC computation anyway. */ + decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG @@ -380,28 +385,46 @@ printf("\n"); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { + rr->length -= mac_size; + mac = &rr->data[rr->length]; + } + else + { + /* record (minus padding) is too short to contain a MAC */ #if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; + rr->length = 0; #endif } - rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); - if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (mac == NULL || memcmp(md, mac, mac_size) != 0) { - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* A separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption + * failure is directly visible from the ciphertext anyway, + * we should not reveal which kind of error occured -- this + * might become visible to an attacker (e.g. via a logfile) */ + al=SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + goto f_err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { @@ -443,14 +466,6 @@ printf("\n"); return(1); -decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: From d8cbc9358545634c7f00666702e696814f258821 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 14:02:37 +0000 Subject: [PATCH 099/550] Update release information --- FAQ | 2 +- NEWS | 15 +++++++++++++++ STATUS | 4 +++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/FAQ b/FAQ index d6673b183..389d786da 100644 --- a/FAQ +++ b/FAQ @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.7 was released on December 31, 2002. +OpenSSL 0.9.7a was released on February 19, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at Date: Wed, 19 Feb 2003 16:29:47 +0000 Subject: [PATCH 100/550] typo PR: 511 Submitted by: Eric Cronin --- crypto/ec/ec_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index d7758c91d..aef3934c1 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -199,7 +199,7 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey) /* copy the private key */ if (eckey->priv_key) { - ret->priv_key = BN_dup(ret->priv_key); + ret->priv_key = BN_dup(eckey->priv_key); if (ret->priv_key == NULL) ok = 0; } From 5672e3a32152ec5f844cd0999494c129606ff9b9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Feb 2003 13:37:48 +0000 Subject: [PATCH 101/550] Fix bug in base64 bios during write an non blocking I/O: if the write fails when flushing the buffer return the value to the application so it can retry. --- crypto/evp/bio_b64.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 6e550f6a4..66004922e 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -484,10 +484,7 @@ again: { i=b64_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { From 542a1b1a2ef205d1869614dd83ff19eae36437c3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Feb 2003 13:39:30 +0000 Subject: [PATCH 102/550] Re enable the read side non blocking test BIO code. For some reason it was disabled... --- crypto/bio/bf_nbio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 1ce2bfacc..c72a23c2e 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -127,7 +127,7 @@ static int nbiof_read(BIO *b, char *out, int outl) { NBIO_TEST *nt; int ret=0; -#if 0 +#if 1 int num; unsigned char n; #endif @@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl) nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); -#if 0 +#if 1 RAND_pseudo_bytes(&n,1); num=(n&0x07); From 8214e74f7680156c6ce5fd7ff37bef12311d1796 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Feb 2003 17:13:21 +0000 Subject: [PATCH 103/550] Ooops forgot to recognise V_ASN1_GENERALSTRING. --- crypto/asn1/asn1_gen.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index c162042a0..c035cc0f5 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -722,6 +722,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_UTF8STRING: case V_ASN1_VISIBLESTRING: case V_ASN1_UNIVERSALSTRING: + case V_ASN1_GENERALSTRING: if (format == ASN1_GEN_FORMAT_ASCII) format = MBSTRING_ASC; From 62e3163b1b153a2414d5c258ace557a3b4d373c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 13:58:23 +0000 Subject: [PATCH 104/550] ECPublicKey_set_octet_string and ECPublicKey_get_octet_string behaviour was not quite consistent with the conventions for d2i and i2d functions as far as handling of the 'out' or 'in' pointer is concerned. This patch changes this behaviour, and renames the functions to o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the external encoding is just a raw object string without any DER icing). Submitted by: Nils Larsch --- crypto/asn1/d2i_pu.c | 5 ++--- crypto/asn1/i2d_pu.c | 2 +- crypto/ec/ec.h | 16 ++++++++-------- crypto/ec/ec_asn1.c | 20 ++++++++++---------- crypto/ec/ec_err.c | 4 ++-- util/libeay.num | 4 ++-- 6 files changed, 25 insertions(+), 26 deletions(-) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index cf97b83ea..4c2bd4e5c 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -113,9 +113,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if ((ret->pkey.eckey = ECPublicKey_set_octet_string( - &(ret->pkey.eckey), (const unsigned char **)pp, - length)) == NULL) + if ((ret->pkey.eckey = o2i_ECPublicKey(&(ret->pkey.eckey), + (const unsigned char **)pp, length)) == NULL) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c index 85220b44d..44f186442 100644 --- a/crypto/asn1/i2d_pu.c +++ b/crypto/asn1/i2d_pu.c @@ -85,7 +85,7 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - return(ECPublicKey_get_octet_string(a->pkey.eckey, pp)); + return(i2o_ECPublicKey(a->pkey.eckey, pp)); #endif default: ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index f68963e66..1013bd8fa 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -319,16 +319,16 @@ int EC_KEY_generate_key(EC_KEY *); /* EC_KEY_check_key() */ int EC_KEY_check_key(const EC_KEY *); -/* de- and encode functions for the SEC1 ECPrivateKey */ +/* de- and encoding functions for SEC1 ECPrivateKey */ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); -/* de- and encode functions for the elliptic curve parameters */ +/* de- and encoding functions for EC parameters */ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); int i2d_ECParameters(EC_KEY *a, unsigned char **out); - -EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, - long len); -int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC public key + * (octet string, not DER -- hence 'o2i' and 'i2o') */ +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); #ifndef OPENSSL_NO_BIO int ECParameters_print(BIO *bp, const EC_KEY *x); @@ -359,8 +359,6 @@ void ERR_load_EC_strings(void); #define EC_F_ECPARAMETERS_PRINT_FP 148 #define EC_F_ECPKPARAMETERS_PRINT 149 #define EC_F_ECPKPARAMETERS_PRINT_FP 150 -#define EC_F_ECPUBLICKEY_GET_OCTET 151 -#define EC_F_ECPUBLICKEY_SET_OCTET 152 #define EC_F_ECP_NIST_MOD_192 203 #define EC_F_ECP_NIST_MOD_224 204 #define EC_F_ECP_NIST_MOD_256 205 @@ -455,6 +453,8 @@ void ERR_load_EC_strings(void); #define EC_F_I2D_ECPARAMETERS 190 #define EC_F_I2D_ECPKPARAMETERS 191 #define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_O2I_ECPUBLICKEY 152 /* Reason codes. */ #define EC_R_ASN1_ERROR 115 diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c1c6ffee5..927a3716c 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1406,8 +1406,7 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) return ret; } -EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, - long len) +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) { EC_KEY *ret=NULL; @@ -1415,33 +1414,34 @@ EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, { /* sorry, but a EC_GROUP-structur is necessary * to set the public key */ - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } ret = *a; if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_EC_LIB); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); return 0; } /* save the point conversion form */ ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); + *in += len; return ret; } -int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out) +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) { size_t buf_len=0; if (a == NULL) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -1455,17 +1455,17 @@ int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out) if (*out == NULL) if ((*out = OPENSSL_malloc(buf_len)) == NULL) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, *out, buf_len, NULL)) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_EC_LIB); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); OPENSSL_free(*out); *out = NULL; return 0; } + *out += buf_len; return buf_len; } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 7730402d0..d74ddace5 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -74,8 +74,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_ECPARAMETERS_PRINT_FP,0), "ECParameters_print_fp"}, {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT,0), "ECPKParameters_print"}, {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT_FP,0), "ECPKParameters_print_fp"}, -{ERR_PACK(0,EC_F_ECPUBLICKEY_GET_OCTET,0), "ECPUBLICKEY_GET_OCTET"}, -{ERR_PACK(0,EC_F_ECPUBLICKEY_SET_OCTET,0), "ECPUBLICKEY_SET_OCTET"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_192,0), "ECP_NIST_MOD_192"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_224,0), "ECP_NIST_MOD_224"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_256,0), "ECP_NIST_MOD_256"}, @@ -170,6 +168,8 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_I2D_ECPARAMETERS,0), "i2d_ECParameters"}, {ERR_PACK(0,EC_F_I2D_ECPKPARAMETERS,0), "i2d_ECPKParameters"}, {ERR_PACK(0,EC_F_I2D_ECPRIVATEKEY,0), "i2d_ECPrivateKey"}, +{ERR_PACK(0,EC_F_I2O_ECPUBLICKEY,0), "i2o_ECPublicKey"}, +{ERR_PACK(0,EC_F_O2I_ECPUBLICKEY,0), "o2i_ECPublicKey"}, {0,NULL} }; diff --git a/util/libeay.num b/util/libeay.num index bfddc357f..c03f58d64 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2871,7 +2871,7 @@ BN_GF2m_mod_mul 3309 EXIST::FUNCTION: EC_GROUP_set_seed 3310 EXIST::FUNCTION:EC EC_GROUP_get_curve_GF2m 3311 EXIST::FUNCTION:EC PEM_read_X509_CERT_PAIR 3312 EXIST:!WIN16:FUNCTION: -ECPublicKey_set_octet_string 3313 EXIST::FUNCTION:EC +o2i_ECPublicKey 3313 EXIST::FUNCTION:EC ECDSA_get_ex_data 3314 EXIST::FUNCTION:ECDSA BN_GF2m_mod 3315 EXIST::FUNCTION: EC_GROUP_get_seed_len 3316 EXIST::FUNCTION:EC @@ -2891,7 +2891,7 @@ BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH EC_KEY_generate_key 3330 EXIST::FUNCTION:EC BN_GF2m_arr2poly 3331 EXIST::FUNCTION: -ECPublicKey_get_octet_string 3332 EXIST::FUNCTION:EC +i2o_ECPublicKey 3332 EXIST::FUNCTION:EC EC_GROUP_check 3333 EXIST::FUNCTION:EC d2i_ECPrivateKey_bio 3334 EXIST::FUNCTION:BIO,EC d2i_ECPrivateKey 3335 EXIST::FUNCTION:EC From f2aa055ec63ab25ba606225cbb8977857d3039d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 16:06:39 +0000 Subject: [PATCH 105/550] treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c) --- crypto/ec/ec_asn1.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 927a3716c..f31ac45d9 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1437,7 +1437,8 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) { - size_t buf_len=0; + size_t buf_len=0; + int new_buffer = 0; if (a == NULL) { @@ -1453,11 +1454,14 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) return buf_len; if (*out == NULL) + { if ((*out = OPENSSL_malloc(buf_len)) == NULL) { ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } + new_buffer = 1; + } if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, *out, buf_len, NULL)) { @@ -1466,6 +1470,7 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) *out = NULL; return 0; } - *out += buf_len; + if (!new_buffer) + *out += buf_len; return buf_len; } From 5be4a42e9903c453257beb98d5a33b904b9d6a37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 22:09:52 +0000 Subject: [PATCH 106/550] update mingw info --- INSTALL.W32 | 552 ++++++++++++++++++++++++++-------------------------- 1 file changed, 274 insertions(+), 278 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index fd182595c..de09fcba4 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -1,278 +1,274 @@ - - INSTALLATION ON THE WIN32 PLATFORM - ---------------------------------- - - [Instructions for building for Windows CE can be found in INSTALL.WCE] - - Heres a few comments about building OpenSSL in Windows environments. Most - of this is tested on Win32 but it may also work in Win 3.1 with some - modification. - - You need Perl for Win32. Unless you will build on Cygwin, you will need - ActiveState Perl, available from http://www.activestate.com/ActivePerl. - For Cygwin users, there's more info in the Cygwin section. - - and one of the following C compilers: - - * Visual C++ - * Borland C - * GNU C (Mingw32 or Cygwin) - - If you want to compile in the assembly language routines with Visual C++ then - you will need an assembler. This is worth doing because it will result in - faster code: for example it will typically result in a 2 times speedup in the - RSA routines. Currently the following assemblers are supported: - - * Microsoft MASM (aka "ml") - * Free Netwide Assembler NASM. - - MASM is distributed with most versions of VC++. For the versions where it is - not included in VC++, it is also distributed with some Microsoft DDKs, for - example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have - either of these DDKs then you can just download the binaries for the Windows - 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to - ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be - downloaded from the Microsoft developers site www.msdn.com. - - NASM is freely available. Version 0.98 was used during testing: other versions - may also work. It is available from many places, see for example: - http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ - The NASM binary nasmw.exe needs to be installed anywhere on your PATH. - - If you are compiling from a tarball or a CVS snapshot then the Win32 files - may well be not up to date. This may mean that some "tweaking" is required to - get it all to work. See the trouble shooting section later on for if (when?) - it goes wrong. - - Visual C++ - ---------- - - Firstly you should run Configure: - - > perl Configure VC-WIN32 - - Next you need to build the Makefiles and optionally the assembly language - files: - - - If you are using MASM then run: - - > ms\do_masm - - - If you are using NASM then run: - - > ms\do_nasm - - - If you don't want to use the assembly language files at all then run: - - > ms\do_ms - - If you get errors about things not having numbers assigned then check the - troubleshooting section: you probably won't be able to compile it as it - stands. - - Then from the VC++ environment at a prompt do: - - > nmake -f ms\ntdll.mak - - If all is well it should compile and you will have some DLLs and executables - in out32dll. If you want to try the tests then do: - - > cd out32dll - > ..\ms\test - - Tweaks: - - There are various changes you can make to the Win32 compile environment. By - default the library is not compiled with debugging symbols. If you add 'debug' - to the mk1mf.pl lines in the do_* batch file then debugging symbols will be - compiled in. Note that mk1mf.pl expects the platform to be the last argument - on the command line, so 'debug' must appear before that, as all other options. - - The default Win32 environment is to leave out any Windows NT specific - features. - - If you want to enable the NT specific features of OpenSSL (currently only the - logging BIO) follow the instructions above but call the batch file do_nt.bat - instead of do_ms.bat. - - You can also build a static version of the library using the Makefile - ms\nt.mak - - Borland C++ builder 5 - --------------------- - - * Configure for building with Borland Builder: - > perl Configure BC-32 - - * Create the appropriate makefile - > ms\do_nasm - - * Build - > make -f ms\bcb.mak - - Borland C++ builder 3 and 4 - --------------------------- - - * Setup PATH. First must be GNU make then bcb4/bin - - * Run ms\bcb4.bat - - * Run make: - > make -f bcb.mak - - GNU C (Mingw32) - --------------- - - To build OpenSSL, you need the Mingw32 package and GNU make. - - * Compiler installation: - - Mingw32 is available from . Extract it - to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to - the PATH environment variable in "System Properties"; or edit and - run C:\gcc-2.95.2\mingw32.bat to set the PATH. - - * Compile OpenSSL: - - > ms\mingw32 - - This will create the library and binaries in out. In case any problems - occur, try - > ms\mingw32 no-asm - instead. - - libcrypto.a and libssl.a are the static libraries. To use the DLLs, - link with libeay32.a and libssl32.a instead. - - See troubleshooting if you get error messages about functions not having - a number assigned. - - * You can now try the tests: - - > cd out - > ..\ms\test - - GNU C (Cygwin) - -------------- - - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other W32 makes which are - based on a single makefile approach. Cygwin implements Posix/Unix - calls through cygwin1.dll, and is contrasted to Mingw32 which links - dynamically to msvcrt.dll or crtdll.dll. - - To build OpenSSL using Cygwin: - - * Install Cygwin (see http://cygwin.com/) - - * Install Perl and ensure it is in the path (recent Cygwin perl - (version 5.6.1-2 of the latter has been reported to work) or - ActivePerl) - - * Run the Cygwin bash shell - - * $ tar zxvf openssl-x.x.x.tar.gz - $ cd openssl-x.x.x - $ ./config - [...] - $ make - [...] - $ make test - $ make install - - This will create a default install in /usr/local/ssl. - - Cygwin Notes: - - "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - "bc" is not provided in older Cygwin distribution. This causes a - non-fatal error in "make test" but is otherwise harmless. If - desired and needed, GNU bc can be built with Cygwin without change. - - - Installation - ------------ - - If you used the Cygwin procedure above, you have already installed and - can skip this section. For all other procedures, there's currently no real - installation procedure for Win32. There are, however, some suggestions: - - - do nothing. The include files are found in the inc32/ subdirectory, - all binaries are found in out32dll/ or out32/ depending if you built - dynamic or static libraries. - - - do as is written in INSTALL.Win32 that comes with modssl: - - $ md c:\openssl - $ md c:\openssl\bin - $ md c:\openssl\lib - $ md c:\openssl\include - $ md c:\openssl\include\openssl - $ copy /b inc32\* c:\openssl\include\openssl - $ copy /b out32dll\ssleay32.lib c:\openssl\lib - $ copy /b out32dll\libeay32.lib c:\openssl\lib - $ copy /b out32dll\ssleay32.dll c:\openssl\bin - $ copy /b out32dll\libeay32.dll c:\openssl\bin - $ copy /b out32dll\openssl.exe c:\openssl\bin - - Of course, you can choose another device than c:. C: is used here - because that's usually the first (and often only) harddisk device. - Note: in the modssl INSTALL.Win32, p: is used rather than c:. - - - Troubleshooting - --------------- - - Since the Win32 build is only occasionally tested it may not always compile - cleanly. If you get an error about functions not having numbers assigned - when you run ms\do_ms then this means the Win32 ordinal files are not up to - date. You can do: - - > perl util\mkdef.pl crypto ssl update - - then ms\do_XXX should not give a warning any more. However the numbers that - get assigned by this technique may not match those that eventually get - assigned in the CVS tree: so anything linked against this version of the - library may need to be recompiled. - - If you get errors about unresolved symbols there are several possible - causes. - - If this happens when the DLL is being linked and you have disabled some - ciphers then it is possible the DEF file generator hasn't removed all - the disabled symbols: the easiest solution is to edit the DEF files manually - to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. - - Another cause is if you missed or ignored the errors about missing numbers - mentioned above. - - If you get warnings in the code then the compilation will halt. - - The default Makefile for Win32 halts whenever any warnings occur. Since VC++ - has its own ideas about warnings which don't always match up to other - environments this can happen. The best fix is to edit the file with the - warning in and fix it. Alternatively you can turn off the halt on warnings by - editing the CFLAG line in the Makefile and deleting the /WX option. - - You might get compilation errors. Again you will have to fix these or report - them. - - One final comment about compiling applications linked to the OpenSSL library. - If you don't use the multithreaded DLL runtime library (/MD option) your - program will almost certainly crash because malloc gets confused -- the - OpenSSL DLLs are statically linked to one version, the application must - not use a different one. You might be able to work around such problems - by adding CRYPTO_malloc_init() to your program before any calls to the - OpenSSL libraries: This tells the OpenSSL libraries to use the same - malloc(), free() and realloc() as the application. However there are many - standard library functions used by OpenSSL that call malloc() internally - (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot - rely on CRYPTO_malloc_init() solving your problem, and you should - consistently use the multithreaded library. + + INSTALLATION ON THE WIN32 PLATFORM + ---------------------------------- + + [Instructions for building for Windows CE can be found in INSTALL.WCE] + + Heres a few comments about building OpenSSL in Windows environments. Most + of this is tested on Win32 but it may also work in Win 3.1 with some + modification. + + You need Perl for Win32. Unless you will build on Cygwin, you will need + ActiveState Perl, available from http://www.activestate.com/ActivePerl. + For Cygwin users, there's more info in the Cygwin section. + + and one of the following C compilers: + + * Visual C++ + * Borland C + * GNU C (MinGW or Cygwin) + + If you want to compile in the assembly language routines with Visual C++ then + you will need an assembler. This is worth doing because it will result in + faster code: for example it will typically result in a 2 times speedup in the + RSA routines. Currently the following assemblers are supported: + + * Microsoft MASM (aka "ml") + * Free Netwide Assembler NASM. + + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. + + NASM is freely available. Version 0.98 was used during testing: other versions + may also work. It is available from many places, see for example: + http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ + The NASM binary nasmw.exe needs to be installed anywhere on your PATH. + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- + + Firstly you should run Configure: + + > perl Configure VC-WIN32 + + Next you need to build the Makefiles and optionally the assembly language + files: + + - If you are using MASM then run: + + > ms\do_masm + + - If you are using NASM then run: + + > ms\do_nasm + + - If you don't want to use the assembly language files at all then run: + + > ms\do_ms + + If you get errors about things not having numbers assigned then check the + troubleshooting section: you probably won't be able to compile it as it + stands. + + Then from the VC++ environment at a prompt do: + + > nmake -f ms\ntdll.mak + + If all is well it should compile and you will have some DLLs and executables + in out32dll. If you want to try the tests then do: + + > cd out32dll + > ..\ms\test + + Tweaks: + + There are various changes you can make to the Win32 compile environment. By + default the library is not compiled with debugging symbols. If you add 'debug' + to the mk1mf.pl lines in the do_* batch file then debugging symbols will be + compiled in. Note that mk1mf.pl expects the platform to be the last argument + on the command line, so 'debug' must appear before that, as all other options. + + The default Win32 environment is to leave out any Windows NT specific + features. + + If you want to enable the NT specific features of OpenSSL (currently only the + logging BIO) follow the instructions above but call the batch file do_nt.bat + instead of do_ms.bat. + + You can also build a static version of the library using the Makefile + ms\nt.mak + + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + + Borland C++ builder 3 and 4 + --------------------------- + + * Setup PATH. First must be GNU make then bcb4/bin + + * Run ms\bcb4.bat + + * Run make: + > make -f bcb.mak + + GNU C (MinGW) + ------------- + + * Compiler installation: + + MinGW is available from http://www.mingw.org. Run the installer and + set the MinGW \bin directory to the PATH in "System Properties" or + autoexec.bat. + + * Compile OpenSSL: + + > ms\mingw32 + + This will create the library and binaries in out. In case any problems + occur, try + > ms\mingw32 no-asm + instead. + + libcrypto.a and libssl.a are the static libraries. To use the DLLs, + link with libeay32.a and libssl32.a instead. + + See troubleshooting if you get error messages about functions not having + a number assigned. + + * You can now try the tests: + + > cd out + > ..\ms\test + + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other W32 makes which are + based on a single makefile approach. Cygwin implements Posix/Unix + calls through cygwin1.dll, and is contrasted to MingW which links + dynamically to msvcrt.dll or crtdll.dll. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path (recent Cygwin perl + (version 5.6.1-2 of the latter has been reported to work) or + ActivePerl) + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + + + Installation + ------------ + + If you used the Cygwin procedure above, you have already installed and + can skip this section. For all other procedures, there's currently no real + installation procedure for Win32. There are, however, some suggestions: + + - do nothing. The include files are found in the inc32/ subdirectory, + all binaries are found in out32dll/ or out32/ depending if you built + dynamic or static libraries. + + - do as is written in INSTALL.Win32 that comes with modssl: + + $ md c:\openssl + $ md c:\openssl\bin + $ md c:\openssl\lib + $ md c:\openssl\include + $ md c:\openssl\include\openssl + $ copy /b inc32\* c:\openssl\include\openssl + $ copy /b out32dll\ssleay32.lib c:\openssl\lib + $ copy /b out32dll\libeay32.lib c:\openssl\lib + $ copy /b out32dll\ssleay32.dll c:\openssl\bin + $ copy /b out32dll\libeay32.dll c:\openssl\bin + $ copy /b out32dll\openssl.exe c:\openssl\bin + + Of course, you can choose another device than c:. C: is used here + because that's usually the first (and often only) harddisk device. + Note: in the modssl INSTALL.Win32, p: is used rather than c:. + + + Troubleshooting + --------------- + + Since the Win32 build is only occasionally tested it may not always compile + cleanly. If you get an error about functions not having numbers assigned + when you run ms\do_ms then this means the Win32 ordinal files are not up to + date. You can do: + + > perl util\mkdef.pl crypto ssl update + + then ms\do_XXX should not give a warning any more. However the numbers that + get assigned by this technique may not match those that eventually get + assigned in the CVS tree: so anything linked against this version of the + library may need to be recompiled. + + If you get errors about unresolved symbols there are several possible + causes. + + If this happens when the DLL is being linked and you have disabled some + ciphers then it is possible the DEF file generator hasn't removed all + the disabled symbols: the easiest solution is to edit the DEF files manually + to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. + + Another cause is if you missed or ignored the errors about missing numbers + mentioned above. + + If you get warnings in the code then the compilation will halt. + + The default Makefile for Win32 halts whenever any warnings occur. Since VC++ + has its own ideas about warnings which don't always match up to other + environments this can happen. The best fix is to edit the file with the + warning in and fix it. Alternatively you can turn off the halt on warnings by + editing the CFLAG line in the Makefile and deleting the /WX option. + + You might get compilation errors. Again you will have to fix these or report + them. + + One final comment about compiling applications linked to the OpenSSL library. + If you don't use the multithreaded DLL runtime library (/MD option) your + program will almost certainly crash because malloc gets confused -- the + OpenSSL DLLs are statically linked to one version, the application must + not use a different one. You might be able to work around such problems + by adding CRYPTO_malloc_init() to your program before any calls to the + OpenSSL libraries: This tells the OpenSSL libraries to use the same + malloc(), free() and realloc() as the application. However there are many + standard library functions used by OpenSSL that call malloc() internally + (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot + rely on CRYPTO_malloc_init() solving your problem, and you should + consistently use the multithreaded library. From 0214893e6a2cf9eed6545729b72dbfeddcd0107d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 22:59:20 +0000 Subject: [PATCH 107/550] clean up MinGW build. MinGW make now supports the Windows path name conventions. --- ms/mingw32.bat | 9 ++---- util/pl/Mingw32.pl | 34 ++++++++++----------- util/pl/Mingw32f.pl | 73 --------------------------------------------- 3 files changed, 19 insertions(+), 97 deletions(-) delete mode 100644 util/pl/Mingw32f.pl diff --git a/ms/mingw32.bat b/ms/mingw32.bat index 1968f4150..df8e0af15 100644 --- a/ms/mingw32.bat +++ b/ms/mingw32.bat @@ -66,21 +66,16 @@ cd ..\..\.. echo Generating makefile perl util\mkfiles.pl >MINFO perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak -perl util\mk1mf.pl gaswin Mingw32-files >ms\mingw32f.mak echo Generating DLL definition files perl util\mkdef.pl 32 libeay >ms\libeay32.def if errorlevel 1 goto end perl util\mkdef.pl 32 ssleay >ms\ssleay32.def if errorlevel 1 goto end -rem Create files -- this can be skipped if using the GNU file utilities -make -f ms/mingw32f.mak -echo You can ignore the error messages above - -copy ms\tlhelp32.h outinc +rem copy ms\tlhelp32.h outinc echo Building the libraries -make -f ms/mingw32a.mak +mingw32-make -f ms/mingw32a.mak if errorlevel 1 goto end echo Generating the DLLs and input libraries diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index 45ab68597..043a3a53e 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -1,17 +1,17 @@ #!/usr/local/bin/perl # -# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) +# Mingw32.pl -- Mingw # $o='/'; $cp='cp'; -$rm='rem'; # use 'rm -f' if using GNU file utilities +$rm='rm -f'; $mkdir='gmkdir'; -# gcc wouldn't accept backslashes in paths -#$o='\\'; -#$cp='copy'; -#$rm='del'; +$o='\\'; +$cp='copy'; +$rm='del'; +$mkdir='mkdir'; # C compiler stuff @@ -19,29 +19,29 @@ $cc='gcc'; if ($debug) { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } else - { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; } + { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; } if ($gaswin and !$no_asm) { - $bn_asm_obj='$(OBJ_D)/bn-win32.o'; + $bn_asm_obj='$(OBJ_D)\bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; - $bnco_asm_obj='$(OBJ_D)/co-win32.o'; + $bnco_asm_obj='$(OBJ_D)\co-win32.o'; $bnco_asm_src='crypto/bn/asm/co-win32.s'; - $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; + $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o'; $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; - $bf_enc_obj='$(OBJ_D)/b-win32.o'; + $bf_enc_obj='$(OBJ_D)\b-win32.o'; $bf_enc_src='crypto/bf/asm/b-win32.s'; -# $cast_enc_obj='$(OBJ_D)/c-win32.o'; +# $cast_enc_obj='$(OBJ_D)\c-win32.o'; # $cast_enc_src='crypto/cast/asm/c-win32.s'; - $rc4_enc_obj='$(OBJ_D)/r4-win32.o'; + $rc4_enc_obj='$(OBJ_D)\r4-win32.o'; $rc4_enc_src='crypto/rc4/asm/r4-win32.s'; - $rc5_enc_obj='$(OBJ_D)/r5-win32.o'; + $rc5_enc_obj='$(OBJ_D)\r5-win32.o'; $rc5_enc_src='crypto/rc5/asm/r5-win32.s'; - $md5_asm_obj='$(OBJ_D)/m5-win32.o'; + $md5_asm_obj='$(OBJ_D)\m5-win32.o'; $md5_asm_src='crypto/md5/asm/m5-win32.s'; - $rmd160_asm_obj='$(OBJ_D)/rm-win32.o'; + $rmd160_asm_obj='$(OBJ_D)\rm-win32.o'; $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; - $sha1_asm_obj='$(OBJ_D)/s1-win32.o'; + $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; $sha1_asm_src='crypto/sha/asm/s1-win32.s'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; } diff --git a/util/pl/Mingw32f.pl b/util/pl/Mingw32f.pl deleted file mode 100644 index 44f5673d7..000000000 --- a/util/pl/Mingw32f.pl +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/local/bin/perl -# -# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. -# - -$o='\\'; -$cp='copy'; -$rm='del'; - -# C compiler stuff - -$cc='gcc'; -if ($debug) - { $cflags="-g2 -ggdb -DDSO_WIN32"; } -else - { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; } - -$obj='.o'; -$ofile='-o '; - -# EXE linking stuff -$link='${CC}'; -$lflags='${CFLAGS}'; -$efile='-o '; -$exep=''; -$ex_libs="-lwsock32 -lgdi32"; - -# static library stuff -$mklib='ar r'; -$mlflags=''; -$ranlib='ranlib'; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; -$lfile=''; - -$asm='as'; -$afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; - -sub do_lib_rule - { - local($obj,$target,$name,$shlib)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - $target="$target"; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } -1; - From 94949a50aa4605a65ca1f92244bca772be139f8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 23:19:50 +0000 Subject: [PATCH 108/550] avoid duplicate definiton of bn_sub_part_words --- util/pl/Mingw32.pl | 2 +- util/pl/linux.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index 043a3a53e..d0472df27 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -43,7 +43,7 @@ if ($gaswin and !$no_asm) $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; $sha1_asm_src='crypto/sha/asm/s1-win32.s'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; } diff --git a/util/pl/linux.pl b/util/pl/linux.pl index 8924ed548..d24f7b729 100644 --- a/util/pl/linux.pl +++ b/util/pl/linux.pl @@ -39,7 +39,7 @@ if (!$no_asm) $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp'; $sha1_asm_obj='$(OBJ_D)/sx86-elf.o'; $sha1_asm_src='crypto/sha/asm/sx86unix.cpp'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; } $cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall"; From c8252b71b5930216367bdd4b5b3a23fc75ee3845 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 01:20:55 +0000 Subject: [PATCH 109/550] add test --- ms/test.bat | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ms/test.bat b/ms/test.bat index 8f6919428..c3a1b0c28 100755 --- a/ms/test.bat +++ b/ms/test.bat @@ -67,6 +67,10 @@ echo dsatest dsatest if errorlevel 1 goto done +echo ectest +ectest +if errorlevel 1 goto done + echo testenc call %test%\testenc openssl if errorlevel 1 goto done From 5562cfaca4f3a007ce7e322f98e7ef57835771a7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 22 Feb 2003 02:12:52 +0000 Subject: [PATCH 110/550] Base64 bio fixes. The base64 bio was seriously broken when reading from a non blocking BIO. It would incorrectly interpret retries as EOF, incorrectly buffer initial data and have no buffering at all after initial data (data would be sent one byte at a time to EVP_DecodeUpdate). --- CHANGES | 5 +++++ crypto/evp/bio_b64.c | 33 +++++++++++++++++++++++++++------ 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 4c6ad1e31..0e70062f1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + [Steve Henson] + *) Support for single pass processing for S/MIME signing. This now means that S/MIME signing can be done from a pipe, in addition cleartext signing (multipart/signed type) is effectively streaming diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 66004922e..33349c2f9 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl) ret_code=0; while (outl > 0) { - if (ctx->cont <= 0) break; + + if (ctx->cont <= 0) + break; i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), B64_BLOCK_SIZE-ctx->tmp_len); @@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl) /* Should be continue next time we are called? */ if (!BIO_should_retry(b->next_bio)) + { ctx->cont=i; - /* else we should continue when called again */ - break; + /* If buffer empty break */ + if(ctx->tmp_len == 0) + break; + /* Fall through and process what we have */ + else + i = 0; + } + /* else we retry and add more data to buffer */ + else + break; } i+=ctx->tmp_len; + ctx->tmp_len = i; /* We need to scan, a line at a time until we * have a valid line if we are starting. */ @@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl) * reading until a new line. */ if (p == (unsigned char *)&(ctx->tmp[0])) { - ctx->tmp_nl=1; - ctx->tmp_len=0; + /* Check buffer full */ + if (i == B64_BLOCK_SIZE) + { + ctx->tmp_nl=1; + ctx->tmp_len=0; + } } else if (p != q) /* finished on a '\n' */ { @@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl) else ctx->tmp_len=0; } + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ + else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + continue; if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { @@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl) i=EVP_DecodeUpdate(&(ctx->base64), (unsigned char *)ctx->buf,&ctx->buf_len, (unsigned char *)ctx->tmp,i); + ctx->tmp_len = 0; } - ctx->cont=i; ctx->buf_off=0; if (i < 0) { From 132eaa59dafcc36b513ab081b9f76a49e2525cc6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 22 Feb 2003 14:41:34 +0000 Subject: [PATCH 111/550] Allow building applications against static libraries with Makefile.shared. --- CHANGES | 8 ++ Makefile.shared | 12 +++ apps/Makefile.ssl | 12 ++- test/Makefile.ssl | 203 +++++++++++++++++++++++++++++++++------------- 4 files changed, 174 insertions(+), 61 deletions(-) diff --git a/CHANGES b/CHANGES index 0e70062f1..bedf11efc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make it possible to link applications using Makefile.shared. + Make that possible even when linking against static libraries! + [Richard Levitte] + *) Various fixes to base64 BIO and non blocking I/O. On write flushes were not handled properly if the BIO retried. On read data was not being buffered properly and had various logic bugs. @@ -439,6 +443,10 @@ TODO: bug: pad x with leading zeros if necessary differing sizes. [Richard Levitte] + Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + + *) + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked diff --git a/Makefile.shared b/Makefile.shared index 9178b829a..e33c10b5a 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -141,6 +141,18 @@ DO_GNU_APP=LDCMD=$(CC);\ LIBDEPS="$(LIBDEPS) -lc"; \ APPNAME=$(APPNAME) +#This is rather special. It's a special target with which one can link +#applications without bothering with any features that have anything to +#do with shared libraries, for example when linking against static +#libraries. It's mostly here to avoid a lot of conditionals everywhere +#else... +link_app.: + LDCMD=$(CC); \ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS)"; \ + APPNAME="$(APPNAME)"; \ + $(LINK_APP) + link_o.gnu: @ $(DO_GNU_SO); $(LINK_SO_O) link_a.gnu: diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 7dce73d61..593c9a5ac 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -88,12 +88,15 @@ all: exe exe: $(PROGRAM) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ $(NEWMAKE) -f $(TOP)/Makefile.shared \ APPNAME=req LDFLAGS="$(CFLAG)" \ OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \ LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -150,7 +153,10 @@ $(DLIBCRYPTO): $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ else \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ @@ -160,7 +166,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 344d21ef8..26ae0dcb6 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -301,7 +301,10 @@ $(DLIBCRYPTO): (cd ..; $(MAKE) DIRS=crypto all) $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -311,10 +314,13 @@ $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) OBJECTS="$(RSATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(BNTEST): $(BNTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -324,10 +330,13 @@ $(BNTEST): $(BNTEST).o $(DLIBCRYPTO) OBJECTS="$(BNTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ECTEST): $(ECTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -337,10 +346,13 @@ $(ECTEST): $(ECTEST).o $(DLIBCRYPTO) OBJECTS="$(ECTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -350,10 +362,13 @@ $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) OBJECTS="$(EXPTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -363,10 +378,13 @@ $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) OBJECTS="$(IDEATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -376,10 +394,13 @@ $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) OBJECTS="$(MD2TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -389,10 +410,13 @@ $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) OBJECTS="$(SHATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -402,10 +426,13 @@ $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) OBJECTS="$(SHA1TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -415,10 +442,13 @@ $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) OBJECTS="$(RMDTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -428,10 +458,13 @@ $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) OBJECTS="$(MDC2TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -441,10 +474,13 @@ $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO) OBJECTS="$(MD4TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -454,10 +490,13 @@ $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) OBJECTS="$(MD5TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -467,10 +506,13 @@ $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) OBJECTS="$(HMACTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -480,10 +522,13 @@ $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) OBJECTS="$(RC2TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -493,10 +538,13 @@ $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) OBJECTS="$(BFTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -506,10 +554,13 @@ $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) OBJECTS="$(CASTTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -519,10 +570,13 @@ $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) OBJECTS="$(RC4TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -532,10 +586,13 @@ $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) OBJECTS="$(RC5TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -545,10 +602,13 @@ $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) OBJECTS="$(DESTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -558,10 +618,13 @@ $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) OBJECTS="$(RANDTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -571,10 +634,13 @@ $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) OBJECTS="$(DHTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -584,10 +650,13 @@ $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) OBJECTS="$(DSATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -597,10 +666,13 @@ $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) OBJECTS="$(METHTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)"; \ @@ -610,10 +682,13 @@ $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) OBJECTS="$(SSLTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -623,10 +698,13 @@ $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) OBJECTS="$(ENGINETEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -636,10 +714,13 @@ $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) OBJECTS="$(EVPTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -649,10 +730,13 @@ $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) OBJECTS="$(ECDSATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -662,7 +746,7 @@ $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) OBJECTS="$(ECDHTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -675,7 +759,10 @@ $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) # fi dummytest: dummytest.o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -685,7 +772,7 @@ dummytest: dummytest.o $(DLIBCRYPTO) OBJECTS="dummytest.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} # DO NOT DELETE THIS LINE -- make depend depends on it. From 7841edc9c1aa18b4b2454b18c6e72eb5cb2f4ae5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 22 Feb 2003 15:04:03 +0000 Subject: [PATCH 112/550] Remove duplication and have clean depend on libclean --- Makefile.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.org b/Makefile.org index 1baf7e8b4..3956dfcce 100644 --- a/Makefile.org +++ b/Makefile.org @@ -314,10 +314,10 @@ Makefile.ssl: Makefile.org @false libclean: - rm -f *.so *.so.* engines/*.so *.a */lib */*/lib + rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib -clean: - rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c +clean: libclean + rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c @for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ @@ -327,7 +327,7 @@ clean: fi; \ done; rm -f openssl.pc - rm -f *.a *.o speed.* *.map *.so .pure core + rm -f speed.* .pure rm -f $(TARFILE) @for i in $(ONEDIRS) ;\ do \ From 66ecdf3bfb0320647b8e2ab9f93ffc3f231e54e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 18:00:14 +0000 Subject: [PATCH 113/550] more mingw related cleanups. --- Configure | 6 ++---- apps/apps.c | 4 ---- crypto/bn/bntest.c | 9 --------- crypto/bn/exptest.c | 3 --- crypto/dh/dhtest.c | 7 ------- crypto/dsa/dsatest.c | 3 --- crypto/threads/mttest.c | 5 ----- ms/mingw32.bat | 2 +- ms/mw.bat | 5 ----- ssl/ssltest.c | 1 - 10 files changed, 3 insertions(+), 42 deletions(-) diff --git a/Configure b/Configure index 3df57f633..0f64c4cb0 100755 --- a/Configure +++ b/Configure @@ -506,10 +506,8 @@ my %table=( "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", -# Mingw32 -# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl -# and its library files in util/pl/*) -"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", +# MinGW +"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll", # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", diff --git a/apps/apps.c b/apps/apps.c index ec3e391b6..007e3e06c 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -140,10 +140,6 @@ #include "apps.h" #undef NON_MAIN -#ifdef OPENSSL_SYS_WINDOWS -# include "bss_file.c" -#endif - typedef struct { char *name; unsigned long flag; diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 0149e8c3c..fe057dc22 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -87,10 +87,6 @@ #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - const int num0 = 100; /* number of tests */ const int num1 = 50; /* additional tests for some functions */ const int num2 = 5; /* number of tests for slow functions */ @@ -124,11 +120,6 @@ int test_sqrt(BIO *bp,BN_CTX *ctx); int rand_neg(void); static int results=0; -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index 621e6a9ee..b09cf8870 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -66,9 +66,6 @@ #include #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #define NUM_BITS (BN_BITS*2) diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 33a49f2d7..dc25283f7 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -68,9 +68,6 @@ #include "../e_os.h" -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #include #include #include @@ -93,10 +90,6 @@ int main(int argc, char *argv[]) #endif static void MS_CALLBACK cb(int p, int n, void *arg); -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif static const char rnd_seed[] = "string to make the random number generator think it has entropy"; diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 75eca097a..940d97d0e 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -77,9 +77,6 @@ #ifndef OPENSSL_NO_ENGINE #include #endif -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 7142e4edc..54d598565 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -86,11 +86,6 @@ #include #include -#ifdef OPENSSL_NO_FP_API -#define APPS_WIN16 -#include "../buffer/bss_file.c" -#endif - #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" diff --git a/ms/mingw32.bat b/ms/mingw32.bat index df8e0af15..8c7c63e0f 100644 --- a/ms/mingw32.bat +++ b/ms/mingw32.bat @@ -1,7 +1,7 @@ @rem OpenSSL with Mingw32+GNU as @rem --------------------------- -perl Configure Mingw32 %1 %2 %3 %4 %5 %6 %7 %8 +perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8 @echo off diff --git a/ms/mw.bat b/ms/mw.bat index dc37913b7..c5ccd693e 100644 --- a/ms/mw.bat +++ b/ms/mw.bat @@ -4,17 +4,12 @@ @rem Makefile perl util\mkfiles.pl >MINFO perl util\mk1mf.pl Mingw32 >ms\mingw32.mak -perl util\mk1mf.pl Mingw32-files >ms\mingw32f.mak @rem DLL definition files perl util\mkdef.pl 32 libeay >ms\libeay32.def if errorlevel 1 goto end perl util\mkdef.pl 32 ssleay >ms\ssleay32.def if errorlevel 1 goto end -@rem Create files -- this can be skipped if using the GNU file utilities -make -f ms/mingw32f.mak -echo You can ignore the error messages above - @rem Build the libraries make -f ms/mingw32.mak if errorlevel 1 goto end diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 49360d5f9..45b211b4c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -147,7 +147,6 @@ #ifdef OPENSSL_SYS_WINDOWS #include -#include "../crypto/bio/bss_file.c" #else #include OPENSSL_UNISTD #endif From c8c5cec1f9fb290f6a1273f91b529475051ff16e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 22:15:31 +0000 Subject: [PATCH 114/550] remove some more useless code. The mingw target can now be built under cygwin. --- crypto/ecdh/ecdhtest.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 8af35322b..6e0c14dc1 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -73,9 +73,6 @@ #include "../e_os.h" -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #include #include #include @@ -103,11 +100,6 @@ int main(int argc, char *argv[]) static void MS_CALLBACK cb(int p, int n, void *arg); #endif -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int test_ecdh_curve(int , char *, BN_CTX *, BIO *); From b4f43344d5b517e4c620cbc4b7eb6b5859e18161 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 22:19:48 +0000 Subject: [PATCH 115/550] Copy rather than symlink the test data. This is needed because Windows doesn't support symlinks. The Cygwin/MinGW build now passes "make test". --- crypto/evp/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 8fd8c718a..0f82cf78d 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -70,7 +70,7 @@ links: @$(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA) + cp $(TESTDATA) ../../test @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: From 63ff3e83fc549c342786dff6f59fc671701fac87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 23:03:42 +0000 Subject: [PATCH 116/550] Add instructions for building the MinGW target in Cygwin, and rearrange some of the other text for better readability. --- CHANGES | 4 +- INSTALL.W32 | 122 +++++++++++++++++++++++++++++----------------------- 2 files changed, 71 insertions(+), 55 deletions(-) diff --git a/CHANGES b/CHANGES index bedf11efc..98b44d561 100644 --- a/CHANGES +++ b/CHANGES @@ -445,7 +445,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7a and 0.9.7b [xx XXX 2003] - *) + *) Target "mingw" now allows native Windows code to be generated in + the Cygwin environment as well as with the MinGW compiler. + [Ulf Moeller] Changes between 0.9.7 and 0.9.7a [19 Feb 2003] diff --git a/INSTALL.W32 b/INSTALL.W32 index de09fcba4..d4996560d 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -10,13 +10,20 @@ You need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl. - For Cygwin users, there's more info in the Cygwin section. and one of the following C compilers: * Visual C++ * Borland C - * GNU C (MinGW or Cygwin) + * GNU C (Cygwin or MinGW) + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- If you want to compile in the assembly language routines with Visual C++ then you will need an assembler. This is worth doing because it will result in @@ -39,14 +46,6 @@ http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ The NASM binary nasmw.exe needs to be installed anywhere on your PATH. - If you are compiling from a tarball or a CVS snapshot then the Win32 files - may well be not up to date. This may mean that some "tweaking" is required to - get it all to work. See the trouble shooting section later on for if (when?) - it goes wrong. - - Visual C++ - ---------- - Firstly you should run Configure: > perl Configure VC-WIN32 @@ -120,13 +119,71 @@ * Run make: > make -f bcb.mak + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other the other Win32 + makes. + + Cygwin implements a Posix/Unix runtime system (cygwin1.dll). + It is also possible to create Win32 binaries that only use the + Microsoft C runtime system (msvcrt.dll or crtdll.dll) using + MinGW. MinGW can be used in the Cygwin development environment + or in a standalone setup as described in the following section. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path. Both Cygwin perl + (5.6.1-2 or newer) and ActivePerl work. + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + + To build the Cygwin version of OpenSSL: + + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + To build the MinGW version (native Windows) in Cygwin: + + $ ./Configure mingw + [...] + $ make + [...] + $ make test + $ make install + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + GNU C (MinGW) ------------- * Compiler installation: MinGW is available from http://www.mingw.org. Run the installer and - set the MinGW \bin directory to the PATH in "System Properties" or + set the MinGW bin directory to the PATH in "System Properties" or autoexec.bat. * Compile OpenSSL: @@ -149,49 +206,6 @@ > cd out > ..\ms\test - GNU C (Cygwin) - -------------- - - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other W32 makes which are - based on a single makefile approach. Cygwin implements Posix/Unix - calls through cygwin1.dll, and is contrasted to MingW which links - dynamically to msvcrt.dll or crtdll.dll. - - To build OpenSSL using Cygwin: - - * Install Cygwin (see http://cygwin.com/) - - * Install Perl and ensure it is in the path (recent Cygwin perl - (version 5.6.1-2 of the latter has been reported to work) or - ActivePerl) - - * Run the Cygwin bash shell - - * $ tar zxvf openssl-x.x.x.tar.gz - $ cd openssl-x.x.x - $ ./config - [...] - $ make - [...] - $ make test - $ make install - - This will create a default install in /usr/local/ssl. - - Cygwin Notes: - - "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - "bc" is not provided in older Cygwin distribution. This causes a - non-fatal error in "make test" but is otherwise harmless. If - desired and needed, GNU bc can be built with Cygwin without change. - Installation ------------ From 5c9a9c9c332b8def46e849ea5df88afe7ced2a30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 24 Feb 2003 17:15:28 +0000 Subject: [PATCH 117/550] include OpenSSL license (in addition to EAY license) --- crypto/evp/m_ecdsa.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c index 4e8b01070..26e4206e5 100644 --- a/crypto/evp/m_ecdsa.c +++ b/crypto/evp/m_ecdsa.c @@ -1,4 +1,57 @@ /* crypto/evp/m_ecdsa.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * From 0185803cc224c8d88ca39ae07c296a4f1854e478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 24 Feb 2003 17:18:01 +0000 Subject: [PATCH 118/550] year 2003 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 7b93e0dbc..dddb07842 100644 --- a/LICENSE +++ b/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From e9ec63961be610bbd386f482335772bc23dc095e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 25 Feb 2003 19:03:31 +0000 Subject: [PATCH 119/550] Fix indefinite length encoding so EOC correctly updates the buffer pointer. Rename PKCS7_PARTSIGN to PKCS7_STREAM. Guess what that's for :-) --- CHANGES | 2 +- apps/smime.c | 4 ++-- crypto/asn1/tasn_enc.c | 6 ++++-- crypto/pkcs7/pk7_mime.c | 2 +- crypto/pkcs7/pk7_smime.c | 2 +- crypto/pkcs7/pkcs7.h | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 98b44d561..b032498a2 100644 --- a/CHANGES +++ b/CHANGES @@ -18,7 +18,7 @@ cleartext signing (multipart/signed type) is effectively streaming and the signed data does not need to be all held in memory. - This is done with a new flag PKCS7_PARTSIGN. When this flag is set + This is done with a new flag PKCS7_STREAM. When this flag is set PKCS7_sign() only initializes the PKCS7 structure and the actual signing is done after the data is output (and digests calculated) in SMIME_write_PKCS7(). diff --git a/apps/smime.c b/apps/smime.c index 83daa71ca..1d7d828e0 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -482,10 +482,10 @@ int MAIN(int argc, char **argv) * signing. */ if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) - flags |= PKCS7_PARTSIGN; + flags |= PKCS7_STREAM; p7 = PKCS7_sign(signer, key, other, in, flags); /* Don't need to rewind for partial signing */ - if (!(flags & PKCS7_PARTSIGN) && (BIO_reset(in) != 0)) { + if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) { BIO_printf(bio_err, "Can't rewind input file\n"); goto end; } diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 5ce38e192..2e8065507 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -494,7 +494,10 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A if(out) { if(usetag) ASN1_put_object(out, ndef, len, tag, aclass); asn1_ex_i2c(pval, *out, &utype, it); - *out += len; + if (ndef) + ASN1_put_eoc(out); + else + *out += len; } if(usetag) return ASN1_object_size(ndef, len, tag); @@ -598,7 +601,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ { strtmp->data = cout; strtmp->length = 0; - ASN1_put_eoc(&cout); } /* Special return code */ return -2; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 51be77768..431aff94f 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -202,7 +202,7 @@ static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) { BIO *tmpbio, *p7bio; - if (!(flags & PKCS7_PARTSIGN)) + if (!(flags & PKCS7_STREAM)) { SMIME_crlf_copy(data, out, flags); return 1; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index b170fe285..333a8aa38 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -125,7 +125,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } - if (flags & PKCS7_PARTSIGN) + if (flags & PKCS7_STREAM) return p7; if (!(p7bio = PKCS7_dataInit(p7, NULL))) { diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index a2956589a..e6f657266 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,7 +260,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_PARTSIGN 0x400 +#define PKCS7_STREAM 0x400 /* Flags: for compatibility with older code */ From f0dc08e6564df980f3c38965f6f85c7c807cfbb8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Feb 2003 01:54:11 +0000 Subject: [PATCH 120/550] Support for dirName from config files in GeneralName extensions. --- CHANGES | 4 ++++ crypto/x509v3/v3_alt.c | 32 ++++++++++++++++++++++++++++++++ crypto/x509v3/v3_conf.c | 12 +++++++++++- crypto/x509v3/v3_utl.c | 35 +++++++++++++++++++++++++++++++++++ crypto/x509v3/v3err.c | 8 +++++++- crypto/x509v3/x509v3.h | 8 ++++++++ 6 files changed, 97 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index b032498a2..749bc19f7 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for directoryName in GeneralName related extensions + in config files. + [Steve Henson] + *) Make it possible to link applications using Makefile.shared. Make that possible even when linking against static libraries! [Richard Levitte] diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 64e51d612..8642dd510 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -66,6 +66,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); X509V3_EXT_METHOD v3_alt[] = { { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), @@ -452,6 +453,13 @@ if(!name_cmp(name, "email")) { goto err; } type = GEN_IPADD; +} else if(!name_cmp(name, "dirName")) { + type = GEN_DIRNAME; + if (!do_dirname(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); + goto err; + } } else if(!name_cmp(name, "otherName")) { if (!do_othername(gen, value, ctx)) { @@ -507,3 +515,27 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) return 0; return 1; } + +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + int ret; + STACK_OF(CONF_VALUE) *sk; + X509_NAME *nm; + if (!(nm = X509_NAME_new())) + return 0; + sk = X509V3_get_section(ctx, value); + if (!sk) + { + X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); + ERR_add_error_data(2, "section=", value); + X509_NAME_free(nm); + return 0; + } + /* FIXME: should allow other character types... */ + ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); + if (!ret) + X509_NAME_free(nm); + gen->d.dirn = nm; + + return ret; + } diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 372c65d88..eeb365b08 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -151,7 +151,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, } else if(method->r2i) { - if(!ctx->db) + if(!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); return NULL; @@ -383,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) { + if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) + { + X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); + return NULL; + } if (ctx->db_meth->get_string) return ctx->db_meth->get_string(ctx->db, name, section); return NULL; @@ -390,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) { + if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) + { + X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); + return NULL; + } if (ctx->db_meth->get_section) return ctx->db_meth->get_section(ctx->db, section); return NULL; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 4b85378e9..2af05e555 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -740,3 +740,38 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) return 1; } + +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype) + { + CONF_VALUE *v; + int i; + char *p, *type; + if (!nm) + return 0; + + for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) + { + v=sk_CONF_VALUE_value(dn_sk,i); + type=v->name; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = type; *p ; p++) +#ifndef CHARSET_EBCDIC + if ((*p == ':') || (*p == ',') || (*p == '.')) +#else + if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) +#endif + { + p++; + if(*p) type = p; + break; + } + if (!X509_NAME_add_entry_by_txt(nm,type, chtype, + (unsigned char *) v->value,-1,-1,0)) + return 0; + + } + return 1; + } diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 3cb543e62..28f44e00c 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* crypto/x509v3/v3err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= { {ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, {ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, +{ERR_PACK(0,X509V3_F_DO_DIRNAME,0), "DO_DIRNAME"}, {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, @@ -104,6 +105,8 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, +{ERR_PACK(0,X509V3_F_X509V3_GET_SECTION,0), "X509V3_get_section"}, +{ERR_PACK(0,X509V3_F_X509V3_GET_STRING,0), "X509V3_get_string"}, {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, @@ -117,6 +120,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_BAD_OBJECT ,"bad object"}, {X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, {X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, +{X509V3_R_DIRNAME_ERROR ,"dirname error"}, {X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, {X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, {X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, @@ -152,7 +156,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_NO_PUBLIC_KEY ,"no public key"}, {X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, {X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, +{X509V3_R_OPERATION_NOT_DEFINED ,"operation not defined"}, {X509V3_R_OTHERNAME_ERROR ,"othername error"}, +{X509V3_R_SECTION_NOT_FOUND ,"section not found"}, {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, {X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index a720ff2b9..d2edc9f65 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -548,6 +548,8 @@ STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -560,6 +562,7 @@ void ERR_load_X509V3_strings(void); /* Function codes. */ #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 +#define X509V3_F_DO_DIRNAME 144 #define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_I2D 135 #define X509V3_F_HEX_TO_STRING 111 @@ -596,6 +599,8 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 #define X509V3_F_X509V3_EXT_I2D 136 +#define X509V3_F_X509V3_GET_SECTION 142 +#define X509V3_F_X509V3_GET_STRING 143 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509_PURPOSE_ADD 137 @@ -606,6 +611,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_BAD_OBJECT 119 #define X509V3_R_BN_DEC2BN_ERROR 100 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 #define X509V3_R_DUPLICATE_ZONE_ID 133 #define X509V3_R_ERROR_CONVERTING_ZONE 131 #define X509V3_R_ERROR_CREATING_EXTENSION 144 @@ -641,7 +647,9 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_NO_PUBLIC_KEY 114 #define X509V3_R_NO_SUBJECT_DETAILS 125 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +#define X509V3_R_OPERATION_NOT_DEFINED 148 #define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_SECTION_NOT_FOUND 150 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 From 155bd1137e3c87c64be1f09ddfa2120adcd25e67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 27 Feb 2003 12:25:35 +0000 Subject: [PATCH 121/550] add Certicom licensing e-mail address --- crypto/ec/ec2_smpt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ec2_smpt.c b/crypto/ec/ec2_smpt.c index 1b014e5d9..f7e3d3815 100644 --- a/crypto/ec/ec2_smpt.c +++ b/crypto/ec/ec2_smpt.c @@ -61,7 +61,8 @@ * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. * Note that the simple implementation only uses affine coordinates. * - * This algorithm is patented by Certicom Corp. under US Patent 6,141,420. + * This algorithm is patented by Certicom Corp. under US Patent 6,141,420 + * (for licensing information, contact licensing@certicom.com). * This function is disabled by default and can be enabled by defining the * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. */ From 6ac26a5ce5e2891c35a283961a5aa0d9dcc65d6e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Feb 2003 13:02:46 +0000 Subject: [PATCH 122/550] Typo. --- doc/crypto/BIO_f_cipher.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BIO_f_cipher.pod b/doc/crypto/BIO_f_cipher.pod index 4182f2c30..02439cea9 100644 --- a/doc/crypto/BIO_f_cipher.pod +++ b/doc/crypto/BIO_f_cipher.pod @@ -28,7 +28,7 @@ BIO_flush() on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO. -BIO_set_cipher() sets the cipher of BIO to B using key B +BIO_set_cipher() sets the cipher of BIO B to B using key B and IV B. B should be set to 1 for encryption and zero for decryption. From b8dc9693a73bb96688c3e8eaac232fc5b2393609 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Feb 2003 14:07:59 +0000 Subject: [PATCH 123/550] Encryption BIOs misbehave when used with non blocking I/O. Two fixes: 1. If BIO_write() fails inside enc_write() it should return the total number of bytes successfully written. 2. If BIO_write() fails during BIO_flush() it should return immediately with the error code: previously it would fall through to the final encrypt, corrupting the buffer. --- crypto/evp/bio_enc.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 510e1bc8a..ab8185150 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl) if (i <= 0) { BIO_copy_next_retry(b); - return(i); + return (ret == inl) ? i : ret - inl; } n-=i; ctx->buf_off+=i; @@ -325,10 +325,7 @@ again: { i=enc_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (!ctx->finished) From 57376542a06dc756299b3b4ce9d5afaa9217cd2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 28 Feb 2003 15:07:10 +0000 Subject: [PATCH 124/550] use tabs for indentation, not spaces --- ssl/s3_clnt.c | 156 +++++++++++++++++++++++++------------------------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 477b68164..2f1269537 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -785,7 +785,7 @@ static int ssl3_get_server_certificate(SSL *s) STACK_OF(X509) *sk=NULL; SESS_CERT *sc; EVP_PKEY *pkey=NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ + int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ n=ssl3_get_message(s, SSL3_ST_CR_CERT_A, @@ -860,10 +860,10 @@ static int ssl3_get_server_certificate(SSL *s) i=ssl_verify_cert_chain(s,sk); if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) #ifndef OPENSSL_NO_KRB5 - && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - != (SSL_aKRB5|SSL_kKRB5) + && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + != (SSL_aKRB5|SSL_kKRB5) #endif /* OPENSSL_NO_KRB5 */ - ) + ) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); @@ -886,16 +886,16 @@ static int ssl3_get_server_certificate(SSL *s) pkey=X509_get_pubkey(x); - /* VRS: allow null cert if auth == KRB5 */ - need_cert = ((s->s3->tmp.new_cipher->algorithms - & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - == (SSL_aKRB5|SSL_kKRB5))? 0: 1; + /* VRS: allow null cert if auth == KRB5 */ + need_cert = ((s->s3->tmp.new_cipher->algorithms + & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + == (SSL_aKRB5|SSL_kKRB5))? 0: 1; #ifdef KSSL_DEBUG printf("pkey,x = %p, %p\n", pkey,x); printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithms, need_cert); + s->s3->tmp.new_cipher->algorithms, need_cert); #endif /* KSSL_DEBUG */ if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) @@ -917,31 +917,31 @@ static int ssl3_get_server_certificate(SSL *s) goto f_err; } - if (need_cert) - { - sc->peer_cert_type=i; - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - /* Why would the following ever happen? - * We just created sc a couple of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509=x; - sc->peer_key= &(sc->peer_pkeys[i]); + if (need_cert) + { + sc->peer_cert_type=i; + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + /* Why would the following ever happen? + * We just created sc a couple of lines ago. */ + if (sc->peer_pkeys[i].x509 != NULL) + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509=x; + sc->peer_key= &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) - X509_free(s->session->peer); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; - } - else - { - sc->peer_cert_type=i; - sc->peer_key= NULL; + if (s->session->peer != NULL) + X509_free(s->session->peer); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + s->session->peer=x; + } + else + { + sc->peer_cert_type=i; + sc->peer_key= NULL; - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=NULL; - } + if (s->session->peer != NULL) + X509_free(s->session->peer); + s->session->peer=NULL; + } s->session->verify_result = s->verify_result; x=NULL; @@ -1584,7 +1584,7 @@ static int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY *pkey=NULL; #endif #ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; + KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH EC_KEY *clnt_ecdh = NULL; @@ -1602,8 +1602,8 @@ static int ssl3_send_client_key_exchange(SSL *s) l=s->s3->tmp.new_cipher->algorithms; - /* Fool emacs indentation */ - if (0) {} + /* Fool emacs indentation */ + if (0) {} #ifndef OPENSSL_NO_RSA else if (l & SSL_kRSA) { @@ -1665,12 +1665,12 @@ static int ssl3_send_client_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_KRB5 else if (l & SSL_kKRB5) - { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; + { + krb5_error_code krb5rc; + KSSL_CTX *kssl_ctx = s->kssl_ctx; + /* krb5_data krb5_ap_req; */ + krb5_data *enc_ticket; + krb5_data authenticator, *authp = NULL; EVP_CIPHER_CTX ciph_ctx; EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -1682,8 +1682,8 @@ static int ssl3_send_client_key_exchange(SSL *s) EVP_CIPHER_CTX_init(&ciph_ctx); #ifdef KSSL_DEBUG - printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - l, SSL_kKRB5); + printf("ssl3_send_client_key_exchange(%lx & %lx)\n", + l, SSL_kKRB5); #endif /* KSSL_DEBUG */ authp = NULL; @@ -1691,37 +1691,37 @@ static int ssl3_send_client_key_exchange(SSL *s) if (KRB5SENDAUTH) authp = &authenticator; #endif /* KRB5SENDAUTH */ - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, + krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err); enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; + if (enc == NULL) + goto err; #ifdef KSSL_DEBUG - { - printf("kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) + { + printf("kssl_cget_tkt rtn %d\n", krb5rc); + if (krb5rc && kssl_err.text) printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); - } + } #endif /* KSSL_DEBUG */ - if (krb5rc) - { - ssl3_send_alert(s,SSL3_AL_FATAL, + if (krb5rc) + { + ssl3_send_alert(s,SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } + goto err; + } /* 20010406 VRS - Earlier versions used KRB5 AP_REQ ** in place of RFC 2712 KerberosWrapper, as in: ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** + ** Send ticket (copy to *p, set n = length) + ** n = krb5_ap_req.length; + ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + ** if (krb5_ap_req.data) + ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + ** ** Now using real RFC 2712 KerberosWrapper ** (Thanks to Simon Wilkinson ) ** Note: 2712 "opaque" types are here replaced @@ -1786,14 +1786,14 @@ static int ssl3_send_client_key_exchange(SSL *s) p+=outl; n+=outl + 2; - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key_length= + s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(epms, outl); - } + } #endif #ifndef OPENSSL_NO_DH else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) @@ -1928,7 +1928,7 @@ static int ssl3_send_client_key_exchange(SSL *s) clnt_ecdh->group = srvr_group; if (ecdh_clnt_cert) { - /* Reuse key info from our certificate + /* Reuse key info from our certificate * We only need our private key to perform * the ECDH computation. */ @@ -1945,25 +1945,25 @@ static int ssl3_send_client_key_exchange(SSL *s) } } - /* use the 'p' output buffer for the ECDH key, but - * make sure to clear it out afterwards + /* use the 'p' output buffer for the ECDH key, but + * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh); + n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh); if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; + goto err; } - /* generate master key from the result */ - s->session->master_key_length = s->method->ssl3_enc \ + /* generate master key from the result */ + s->session->master_key_length = s->method->ssl3_enc \ -> generate_master_secret(s, s->session->master_key, p, n); - memset(p, 0, n); /* clean up */ + memset(p, 0, n); /* clean up */ if (ecdh_clnt_cert) { @@ -1999,7 +1999,7 @@ static int ssl3_send_client_key_exchange(SSL *s) encodedPoint, encoded_pt_len, bn_ctx); *p = n; /* length of encoded point */ - /* Encoded point will be copied here */ + /* Encoded point will be copied here */ p += 1; /* copy the point */ memcpy((unsigned char *)p, encodedPoint, n); @@ -2012,7 +2012,7 @@ static int ssl3_send_client_key_exchange(SSL *s) if (encodedPoint != NULL) OPENSSL_free(encodedPoint); if (clnt_ecdh != NULL) { - /* group is shared */ + /* group is shared */ clnt_ecdh->group = NULL; EC_KEY_free(clnt_ecdh); } @@ -2049,7 +2049,7 @@ err: clnt_ecdh->group = NULL; EC_KEY_free(clnt_ecdh); } - EVP_PKEY_free(srvr_pub_pkey); + EVP_PKEY_free(srvr_pub_pkey); #endif return(-1); } From fe14ee96db3ccef6a7a090bd0264d476a79e3f43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 28 Feb 2003 15:17:45 +0000 Subject: [PATCH 125/550] memset problem has been handled PR: 343 --- STATUS | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/STATUS b/STATUS index 1a6be62fb..fe860ae30 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2003/02/19 14:02:37 $ + ______________ $Date: 2003/02/28 15:17:45 $ DEVELOPMENT STATE @@ -29,17 +29,7 @@ RELEASE SHOWSTOPPERS - o [2002-11-21] - PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may - be optimized away in modern compilers. This is definitely not good - and needs to be fixed immediately. The formula to use is presented - in: - - http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0 - - The problem report that mentions this is: - - https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343 + o AVAILABLE PATCHES From 176f31ddec84a51d35871dc021a013df9f3cbccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 28 Feb 2003 15:37:10 +0000 Subject: [PATCH 126/550] - new ECDH_compute_key interface (KDF is no longer a fixed built-in) - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary --- CHANGES | 2 -- apps/speed.c | 26 +++++++++++++++----- crypto/ecdh/ecdh.h | 10 ++++---- crypto/ecdh/ecdhtest.c | 25 +++++++++++++++---- crypto/ecdh/ech_err.c | 2 +- crypto/ecdh/ech_key.c | 7 +++--- crypto/ecdh/ech_lib.c | 8 +------ crypto/ecdh/ech_ossl.c | 54 ++++++++++++++++++++++++++++++++---------- ssl/s3_clnt.c | 17 +++++++++++-- ssl/s3_srvr.c | 17 +++++++++++-- 10 files changed, 122 insertions(+), 46 deletions(-) diff --git a/CHANGES b/CHANGES index 749bc19f7..4408928e8 100644 --- a/CHANGES +++ b/CHANGES @@ -208,8 +208,6 @@ [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] *) Add ECDH in new directory crypto/ecdh/. -TODO: more general interface (return x coordinate, not its hash) -TODO: bug: pad x with leading zeros if necessary [Douglas Stebila (Sun Microsystems Laboratories)] *) Let BN_rand_range() abort with an error after 100 iterations diff --git a/apps/speed.c b/apps/speed.c index 8a2abf73d..c4add36d2 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -396,6 +396,20 @@ static double Time_F(int s) #endif } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + + int MAIN(int, char **); int MAIN(int argc, char **argv) @@ -2065,12 +2079,12 @@ int MAIN(int argc, char **argv) } else { - secret_size_a = ECDH_compute_key(secret_a, + secret_size_a = ECDH_compute_key(secret_a, KDF1_SHA1_len, ecdh_b[j]->pub_key, - ecdh_a[j]); - secret_size_b = ECDH_compute_key(secret_b, + ecdh_a[j], KDF1_SHA1); + secret_size_b = ECDH_compute_key(secret_b, KDF1_SHA1_len, ecdh_a[j]->pub_key, - ecdh_b[j]); + ecdh_b[j], KDF1_SHA1); if (secret_size_a != secret_size_b) ecdh_checks = 0; else @@ -2099,9 +2113,9 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(ecdh_c[j][0]); count++) { - ECDH_compute_key(secret_a, + ECDH_compute_key(secret_a, KDF1_SHA1_len, ecdh_b[j]->pub_key, - ecdh_a[j]); + ecdh_a[j], KDF1_SHA1); } d=Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index 1ab131cde..cc6d858d6 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -84,7 +84,8 @@ extern "C" { typedef struct ecdh_method { const char *name; - int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh); + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); #if 0 int (*init)(EC_KEY *eckey); int (*finish)(EC_KEY *eckey); @@ -118,9 +119,8 @@ void ECDH_set_default_method(const ECDH_METHOD *); const ECDH_METHOD *ECDH_get_default_method(void); int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); -int ECDH_size(const EC_KEY *); -int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh); - +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -141,9 +141,9 @@ void ERR_load_ECDH_strings(void); #define ECDH_F_ECDH_DATA_NEW 101 /* Reason codes. */ +#define ECDH_R_KDF_FAILED 102 #define ECDH_R_NO_PRIVATE_VALUE 100 #define ECDH_R_POINT_ARITHMETIC_FAILURE 101 -#define ECDH_R_SHA1_DIGEST_FAILED 102 #ifdef __cplusplus } diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 6e0c14dc1..f9162b7e8 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -79,6 +79,7 @@ #include #include #include +#include #include #ifdef OPENSSL_NO_ECDH @@ -102,6 +103,20 @@ static void MS_CALLBACK cb(int p, int n, void *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + + int test_ecdh_curve(int , char *, BN_CTX *, BIO *); int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) @@ -180,9 +195,9 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) BIO_flush(out); #endif - alen=ECDH_size(a); + alen=KDF1_SHA1_len; abuf=(unsigned char *)OPENSSL_malloc(alen); - aout=ECDH_compute_key(abuf,b->pub_key,a); + aout=ECDH_compute_key(abuf,alen,b->pub_key,a,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key1 ="); @@ -197,9 +212,9 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) BIO_flush(out); #endif - blen=ECDH_size(b); + blen=KDF1_SHA1_len; bbuf=(unsigned char *)OPENSSL_malloc(blen); - bout=ECDH_compute_key(bbuf,a->pub_key,b); + bout=ECDH_compute_key(bbuf,blen,a->pub_key,b,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key2 ="); diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c index 819b8abf4..76fbe3838 100644 --- a/crypto/ecdh/ech_err.c +++ b/crypto/ecdh/ech_err.c @@ -73,9 +73,9 @@ static ERR_STRING_DATA ECDH_str_functs[]= static ERR_STRING_DATA ECDH_str_reasons[]= { +{ECDH_R_KDF_FAILED ,"KDF failed"}, {ECDH_R_NO_PRIVATE_VALUE ,"no private value"}, {ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"}, -{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"}, {0,NULL} }; diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c index f000b8c8a..923a7e9dd 100644 --- a/crypto/ecdh/ech_key.c +++ b/crypto/ecdh/ech_key.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,10 +70,11 @@ #include "ecdh.h" #include -int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey) +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) { ECDH_DATA *ecdh = ecdh_check(eckey); if (ecdh == NULL) return 0; - return ecdh->meth->compute_key(key, pub_key, eckey); + return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); } diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index 59526f33b..8b3e5f1dd 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -203,12 +203,6 @@ static void ecdh_finish(EC_KEY *key) } -int ECDH_size(const EC_KEY *ecdh) - { - return 20; - } - - int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 182e825b7..b00c6c431 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,12 +68,15 @@ */ -#include "ecdh.h" +#include + +#include #include #include #include -static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh); +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); static ECDH_METHOD openssl_ecdh_meth = { "OpenSSL ECDH method", @@ -95,16 +98,23 @@ const ECDH_METHOD *ECDH_OpenSSL(void) /* This implementation is based on the following primitives in the IEEE 1363 standard: * - ECKAS-DH1 * - ECSVDP-DH - * - KDF1 with SHA-1 + * Finally an optional KDF is applied. */ -static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh) +static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) { BN_CTX *ctx; EC_POINT *tmp=NULL; BIGNUM *x=NULL, *y=NULL; - int ret= -1, len; + int ret= -1, buflen, len; unsigned char *buf=NULL; + if (outlen > INT_MAX) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ + return -1; + } + if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); x = BN_CTX_get(ctx); @@ -145,26 +155,44 @@ static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY } } - if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL) + buflen = (EC_GROUP_get_degree(ecdh->group) + 7)/8; + len = BN_num_bytes(x); + if (len > buflen) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); + goto err; + } + if ((buf = OPENSSL_malloc(buflen)) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); goto err; } - if ((len = BN_bn2bin(x,buf)) <= 0) + memset(buf, 0, buflen - len); + if (len != BN_bn2bin(x, buf + buflen - len)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; } - if ((SHA1(buf, len, key) == NULL)) + if (KDF != 0) { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED); - goto err; + if (KDF(buf, buflen, out, outlen) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); + goto err; + } + ret = outlen; + } + else + { + /* no KDF, just copy as much as we can */ + if (outlen > buflen) + outlen = buflen; + memcpy(out, buf, outlen); + ret = outlen; } - ret = 20; - err: if (tmp) EC_POINT_free(tmp); if (ctx) BN_CTX_end(ctx); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2f1269537..211dd03b1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1574,6 +1574,19 @@ static int ssl3_get_server_done(SSL *s) return(ret); } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + static int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p,*d; @@ -1949,7 +1962,7 @@ static int ssl3_send_client_key_exchange(SSL *s) * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh); + n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 3db3e78d5..a2f5b843d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1577,6 +1577,19 @@ err: return(-1); } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + static int ssl3_get_client_key_exchange(SSL *s) { int i,al,ok; @@ -2047,7 +2060,7 @@ static int ssl3_get_client_key_exchange(SSL *s) } /* Compute the shared pre-master secret */ - i = ECDH_compute_key(p, clnt_ecpoint, srvr_ecdh); + i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, From 879650b866996f343e494ebe04503fedd534e5a2 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 11 Mar 2003 01:49:21 +0000 Subject: [PATCH 127/550] The default implementation of DSA_METHOD has an interdependence on the dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key). This change allows the default DSA_METHOD to function in such circumstances by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist, otherwise using BIGNUM implementations directly (which is what those handlers did before this change). There should be no noticable difference for the software case, or indeed any custom case that didn't already segfault, except perhaps that there is now one less level of indirection in all cases. PR: 507 --- CHANGES | 7 ++++ crypto/dsa/dsa_ossl.c | 85 +++++++++++++++++++++---------------------- 2 files changed, 48 insertions(+), 44 deletions(-) diff --git a/CHANGES b/CHANGES index 4408928e8..6d5704a6d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make sure the default DSA_METHOD implementation only uses its + dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, + and change its own handlers to be NULL so as to remove unnecessary + indirection. This lets alternative implementations fallback to the + default implementation more easily. + [Geoff Thorpe] + *) Support for directoryName in GeneralName related extensions in config files. [Steve Henson] diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 3a8d2bbc3..b6e08584a 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -74,20 +74,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", dsa_do_sign, dsa_sign_setup, dsa_do_verify, -dsa_mod_exp, -dsa_bn_mod_exp, +NULL, /* dsa_mod_exp, */ +NULL, /* dsa_bn_mod_exp, */ dsa_init, dsa_finish, 0, @@ -96,6 +90,41 @@ NULL, NULL }; +/* These macro wrappers replace attempts to use the dsa_mod_exp() and + * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of + * having a the macro work as an expression by bundling an "err_instr". So; + * + * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + * dsa->method_mont_p)) goto err; + * + * can be replaced by; + * + * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, + * dsa->method_mont_p); + */ + +#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ + do { \ + int _tmp_res53; \ + if((dsa)->meth->dsa_mod_exp) \ + _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ + (a2), (p2), (m), (ctx), (in_mont)); \ + else \ + _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ + (m), (ctx), (in_mont)); \ + if(!_tmp_res53) err_instr; \ + } while(0) +#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ + do { \ + int _tmp_res53; \ + if((dsa)->meth->bn_mod_exp) \ + _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ + (m), (ctx), (m_ctx)); \ + else \ + _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ + if(!_tmp_res53) err_instr; \ + } while(0) + const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; @@ -210,8 +239,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } /* Compute r = (g^k mod p) mod q */ - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, - (BN_MONT_CTX *)dsa->method_mont_p)) goto err; + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, + (BN_MONT_CTX *)dsa->method_mont_p); if (!BN_mod(r,r,dsa->q,ctx)) goto err; /* Compute part of 's = inv(k) (m + xr) mod q' */ @@ -289,31 +318,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, } mont=(BN_MONT_CTX *)dsa->method_mont_p; -#if 0 - { - BIGNUM t2; - BN_init(&t2); - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; - BN_free(&t2); - } - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; -#else - { - if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, - dsa->p,ctx,mont)) goto err; + DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; - } -#endif + /* V is now in u1. If the signature is correct, it will be * equal to R. */ ret=(BN_ucmp(&u1, sig->r) == 0); @@ -340,16 +350,3 @@ static int dsa_finish(DSA *dsa) return(1); } -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); -} - -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -} From 90e8a3102b62fb4d30cb2d105b93f55cbee75136 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Mar 2003 02:31:40 +0000 Subject: [PATCH 128/550] Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE. --- crypto/evp/digest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 5b2104ac1..b22eed442 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -187,12 +187,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->engine = NULL; } else -#endif if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; } +#endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) From 767712fa62eeff0ac6cb9ea6fdc186040f17279d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Mar 2003 02:38:57 +0000 Subject: [PATCH 129/550] Avoid warnings for no-engine and PEDANTIC --- apps/engine.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/engine.c b/apps/engine.c index 3b3464a84..953b4d97a 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -520,6 +520,14 @@ skip_digests: ret=0; end: +#else + +# if PEDANTIC + +void *dummy=&dummy; + +# endif + ERR_print_errors(bio_err); sk_pop_free(engines, identity); sk_pop_free(pre_cmds, identity); From 52c4c51f02c1bec0440f520aa98765072d1f0286 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Mar 2003 14:13:53 +0000 Subject: [PATCH 130/550] Return an error if gmtime returns NULL. --- crypto/o_time.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index ca5f3ea48..723eb1b5a 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -80,8 +80,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); - if (ts != NULL) - memcpy(result, ts, sizeof(struct tm)); + if (ts == NULL) + return NULL; + + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif #ifdef OPENSSL_SYS_VMS From bba2cb3ada31318b4483b404a910f3787b627770 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 13 Mar 2003 20:28:42 +0000 Subject: [PATCH 131/550] Fix a bone-head bug. This warrants a CHANGES entry because it could affect applications if they were passing a bogus 'flags' parameter yet having things work as they wanted anyway. --- CHANGES | 6 ++++++ crypto/engine/eng_fat.c | 12 ++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 6d5704a6d..bf9d55c4a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Fixed a typo bug that would cause ENGINE_set_default() to set an + ENGINE as defaults for all supported algorithms irrespective of + the 'flags' parameter. 'flags' is now honoured, so applications + should make sure they are passing it correctly. + [Geoff Thorpe] + *) Make sure the default DSA_METHOD implementation only uses its dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, and change its own handlers to be NULL so as to remove unnecessary diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index c0d03ccbf..a5ffbec94 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -71,26 +71,26 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA - if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e)) + if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA - if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e)) + if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH - if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) + if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDH - if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e)) + if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDSA - if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e)) + if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) return 0; #endif - if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) + if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; } From 12d4e7b8c8750dda0db0e943cdec42e70a995be8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Mar 2003 21:28:03 +0000 Subject: [PATCH 132/550] Fix PEDANTIC stuff... --- apps/engine.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/apps/engine.c b/apps/engine.c index 953b4d97a..feee96532 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -520,13 +520,6 @@ skip_digests: ret=0; end: -#else - -# if PEDANTIC - -void *dummy=&dummy; - -# endif ERR_print_errors(bio_err); sk_pop_free(engines, identity); @@ -536,4 +529,10 @@ void *dummy=&dummy; apps_shutdown(); OPENSSL_EXIT(ret); } +#else + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif From ba5df66a8b20236f7f0f1a4761ec69e812e529a0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Mar 2003 23:37:55 +0000 Subject: [PATCH 133/550] Add some OIDs. --- crypto/objects/obj_dat.h | 21 ++++++++++++++++----- crypto/objects/obj_mac.h | 10 ++++++++++ crypto/objects/obj_mac.num | 2 ++ crypto/objects/objects.txt | 4 ++++ 4 files changed, 32 insertions(+), 5 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 56e6d8742..03803827a 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 718 -#define NUM_SN 713 -#define NUM_LN 713 -#define NUM_OBJ 687 +#define NUM_NID 720 +#define NUM_SN 715 +#define NUM_LN 715 +#define NUM_OBJ 689 -static unsigned char lvalues[4869]={ +static unsigned char lvalues[4876]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -755,6 +755,8 @@ static unsigned char lvalues[4869]={ 0x67,0x2B,0x0D,0x04,0x0C, /* [4843] OBJ_wap_wsg_idm_ecid_wtls12 */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4848] OBJ_ms_smartcard_login */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */ +0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ +0x55,0x1D,0x21, /* [4872] OBJ_policy_mapping */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1879,6 +1881,9 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ 10,&(lvalues[4848]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, &(lvalues[4858]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4868]),0}, +{"policyMapping","X509v3 Policy Mapping",NID_policy_mapping,3, + &(lvalues[4872]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2019,6 +2024,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[363]),/* "ad_timestamping" */ &(nid_objs[376]),/* "algorithm" */ &(nid_objs[405]),/* "ansi-X9-62" */ +&(nid_objs[718]),/* "anyPolicy" */ &(nid_objs[370]),/* "archiveCutoff" */ &(nid_objs[484]),/* "associatedDomain" */ &(nid_objs[485]),/* "associatedName" */ @@ -2361,6 +2367,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ +&(nid_objs[719]),/* "policyMapping" */ &(nid_objs[506]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ @@ -2679,6 +2686,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[375]),/* "Trust Root" */ &(nid_objs[12]),/* "X509" */ &(nid_objs[402]),/* "X509v3 AC Targeting" */ +&(nid_objs[718]),/* "X509v3 Any Policy" */ &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ &(nid_objs[87]),/* "X509v3 Basic Constraints" */ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ @@ -2691,6 +2699,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ +&(nid_objs[719]),/* "X509v3 Policy Mapping" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ @@ -3365,6 +3374,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ +&(nid_objs[719]),/* OBJ_policy_mapping 2 5 29 33 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ @@ -3389,6 +3399,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +&(nid_objs[718]),/* OBJ_any_policy 2 5 29 32 0 */ &(nid_objs[583]),/* OBJ_setct_PANData 2 23 42 0 0 */ &(nid_objs[584]),/* OBJ_setct_PANToken 2 23 42 0 1 */ &(nid_objs[585]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 990e18113..ecbe9c23a 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2041,6 +2041,16 @@ #define NID_certificate_policies 89 #define OBJ_certificate_policies OBJ_id_ce,32L +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 718 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mapping "policyMapping" +#define LN_policy_mapping "X509v3 Policy Mapping" +#define NID_policy_mapping 719 +#define OBJ_policy_mapping OBJ_id_ce,33L + #define SN_authority_key_identifier "authorityKeyIdentifier" #define LN_authority_key_identifier "X509v3 Authority Key Identifier" #define NID_authority_key_identifier 90 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 81936507e..eec29229a 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -715,3 +715,5 @@ wap_wsg_idm_ecid_wtls11 714 wap_wsg_idm_ecid_wtls12 715 ms_smartcard_login 716 ms_upn 717 +any_policy 718 +policy_mapping 719 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 8ec0484c7..2d01c4d3a 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -662,6 +662,10 @@ id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies id-ce 32 : certificatePolicies : X509v3 Certificate Policies +!Cname any-policy +certificate-policies 0 : anyPolicy : X509v3 Any Policy +!Cname policy-mapping +id-ce 33 : policyMapping : X509v3 Policy Mapping !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints From e6539fe22db44154799c976558cda6d6cd71863b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 14 Mar 2003 01:44:42 +0000 Subject: [PATCH 134/550] Add entry for domainComponent so it is treated correctly. Add table order test to end of a_strnid.c --- crypto/asn1/a_strnid.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 04789d1c6..aa49e9d7d 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -173,6 +173,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} }; @@ -249,4 +250,38 @@ static void st_free(ASN1_STRING_TABLE *tbl) if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); } + IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) + +#ifdef STRING_TABLE_TEST + +main() +{ + ASN1_STRING_TABLE *tmp; + int i, last_nid = -1; + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + { + if (tmp->nid < last_nid) + { + last_nid = 0; + break; + } + last_nid = tmp->nid; + } + + if (last_nid != 0) + { + printf("Table order OK\n"); + exit(0); + } + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, + OBJ_nid2ln(tmp->nid)); + +} + +#endif From bc441b739bbb0f473abff2568fb5e1abf62bb104 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 14 Mar 2003 23:38:34 +0000 Subject: [PATCH 135/550] Don't give an error if response reason absent in OCSP HTTP. --- crypto/ocsp/ocsp_ht.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 357709a84..9213e58ae 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -110,7 +110,7 @@ Content-Length: %d\r\n\r\n"; } /* Parse the HTTP response. This will look like this: * "HTTP/1.0 200 OK". We need to obtain the numeric code and - * informational message. + * (optional) informational message. */ /* Skip to first white space (passed protocol info) */ @@ -138,13 +138,19 @@ Content-Length: %d\r\n\r\n"; if(*r) goto err; /* Skip over any leading white space in message */ while(*q && isspace((unsigned char)*q)) q++; - if(!*q) goto err; + if(*q) { /* Finally zap any trailing white space in message (include CRLF) */ /* We know q has a non white space character so this is OK */ - for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; + for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; + } if(retcode != 200) { OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); - ERR_add_error_data(4, "Code=", p, ",Reason=", q); + if(!*q) { + ERR_add_error_data(2, "Code=", p); + } + else { + ERR_add_error_data(4, "Code=", p, ",Reason=", q); + } goto err; } /* Find blank line marking beginning of content */ From e8e0e3716a1a808a2b68eaac766082e567236483 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 15 Mar 2003 01:28:55 +0000 Subject: [PATCH 136/550] Fix for no-ec on Windows. --- util/mk1mf.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 4e768fa56..d85a20a60 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -680,6 +680,7 @@ sub var_add return("") if $no_rsa && $dir =~ /^rsaref/; return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; + return("") if $no_ec && $dir =~ /\/ec/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) From 500df82a96fa9a1105a0da6367a9fc0e9c909715 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 18 Mar 2003 12:52:02 +0000 Subject: [PATCH 137/550] fix formatting --- FAQ | 1 + 1 file changed, 1 insertion(+) diff --git a/FAQ b/FAQ index 389d786da..1b129bc5a 100644 --- a/FAQ +++ b/FAQ @@ -732,6 +732,7 @@ The general answer is to check the config.log file generated when running the OpenSSH configure script. It should contain the detailed information on why the OpenSSL library was not detected or considered incompatible. + * Can I use OpenSSL's SSL library with non-blocking I/O? Yes; make sure to read the SSL_get_error(3) manual page! From 9ed1fa481312c1f2d18d3cf7cf44d3538213bab8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 19 Mar 2003 13:55:48 +0000 Subject: [PATCH 138/550] Fix Certificate and CRL adding in X509_load_cert_crl_file: an X509_INFO structure can contain more than one object, for example a certififcate and a CRL. --- crypto/x509/by_file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 22be90cdc..b4b04183d 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -285,7 +285,8 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) if(itmp->x509) { X509_STORE_add_cert(ctx->store_ctx, itmp->x509); count++; - } else if(itmp->crl) { + } + if(itmp->crl) { X509_STORE_add_crl(ctx->store_ctx, itmp->crl); count++; } From 02da5bcd83083c323eab2382336fec0d7388247e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 19 Mar 2003 19:19:53 +0000 Subject: [PATCH 139/550] countermeasure against new Klima-Pokorny-Rosa atack --- CHANGES | 10 ++++++++++ ssl/s3_srvr.c | 25 ++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index bf9d55c4a..ea29f5abf 100644 --- a/CHANGES +++ b/CHANGES @@ -460,6 +460,16 @@ Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + +yet to be integrated into this CVS branch: +- RSA blinding changes +- Geoff's ENGINE_set_default() fix + *) Target "mingw" now allows native Windows code to be generated in the Cygwin environment as well as with the MinGW compiler. [Ulf Moeller] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a2f5b843d..084b9cfd8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1684,7 +1684,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ } if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) @@ -1700,30 +1700,29 @@ static int ssl3_get_client_key_exchange(SSL *s) (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ + + /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (http://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. */ + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20"; } } if (al != -1) { -#if 0 - goto f_err; -#else /* Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - */ + * (see RFC 2246, section 7.4.7.1). */ ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ -#endif } s->session->master_key_length= From 3285eb336ceae667d95fe356a8366dfa24c9ae3b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 10:50:36 +0000 Subject: [PATCH 140/550] Add the target linux-ia64-ecc, suggested by Keith Thompson . PR: 516 --- Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index 0f64c4cb0..616a9c170 100755 --- a/Configure +++ b/Configure @@ -390,6 +390,7 @@ my %table=( "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 42a559163dad698265cc0b23b41dc8ded58ff76d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 10:57:09 +0000 Subject: [PATCH 141/550] Shut up an ANSI compiler about uninitialised variables. PR: 517 --- crypto/pkcs12/p12_npas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index a549433ee..af708a274 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) { STACK_OF(PKCS7) *asafes, *newsafes; STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; + int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; From aa9d896b0d007424d21787c43a8070c5efd8b0ad Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:15:12 +0000 Subject: [PATCH 142/550] hinv may generate more than one line (1 line per CPU). PR: 520 --- config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config b/config index 7bbd1c248..2f3878f10 100755 --- a/config +++ b/config @@ -473,7 +473,7 @@ echo Operating system: $GUESSOS # more time that I want to waste at the moment case "$GUESSOS" in mips2-sgi-irix) - CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 4000 ]; then options="$options -mips2" @@ -481,7 +481,7 @@ case "$GUESSOS" in OUT="irix-$CC" ;; mips3-sgi-irix) - CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 5000 ]; then options="$options -mips4" @@ -497,7 +497,7 @@ case "$GUESSOS" in echo " You have about 5 seconds to press Ctrl-C to abort." (stty -icanon min 0 time 50; read waste) < /dev/tty fi - CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 5000 ]; then options="$options -mips4" From 48f1fa7482efbbc9d6b8e33c619fa5e2921d1e17 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:37:47 +0000 Subject: [PATCH 143/550] Make sure that all the library paths are modified in prepend mode, not replace mode. PR: 528 --- Makefile.org | 16 +++++++++++----- apps/Makefile.ssl | 5 ++++- test/Makefile.ssl | 6 +++++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Makefile.org b/Makefile.org index 3956dfcce..06766807b 100644 --- a/Makefile.org +++ b/Makefile.org @@ -377,7 +377,10 @@ rehash: rehash.time rehash.time: certs @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ - LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ + LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ + LIBPATH="`pwd`:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) @@ -388,10 +391,13 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - apps/openssl version -a + @LD_LIBRARY_PATH="`pwd`:LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:SHLIB_PATH"; \ + LIBPATH="`pwd`:LIBPATH"; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ + apps/openssl version -a report: @$(PERL) util/selftest.pl diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 593c9a5ac..168fb0623 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -168,7 +168,10 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) LIBRPATH=$(INSTALLTOP)/lib \ link_app.$${shlib_target} -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ - LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ + LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ + LIBPATH="`pwd`:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 26ae0dcb6..543789434 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -127,7 +127,11 @@ tests: exe apps $(TESTS) apps: @(cd ..; $(MAKE) DIRS=apps all) -SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \ +SET_SO_PATHS=OSSL_LIBPATH="`cd ..; pwd`"; \ + LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \ + LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH From d177e6180d2b353b2fa024a5b98bcb017168edbd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:41:59 +0000 Subject: [PATCH 144/550] Spelling errors. PR: 538 --- doc/ssl/SSL_CTX_set_options.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index f5e2ec355..766f0c920 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -176,7 +176,7 @@ will send his list of preferences to the client and the client chooses. =item SSL_OP_NETSCAPE_CA_DN_BUG If we accept a netscape connection, demand a client cert, have a -non-self-sighed CA which does not have it's CA in netscape, and the +non-self-signed CA which does not have its CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG From 439909a0689c586097ffcd62e44ec2b5bb50f04f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:44:28 +0000 Subject: [PATCH 145/550] Some shells (ksh in this case) don't say 'command not found'. PR: 540 --- config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config b/config index 2f3878f10..79ce83aac 100755 --- a/config +++ b/config @@ -458,7 +458,7 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then fi if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc - (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc + (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc fi CCVER=${CCVER:-0} From ce06265a37c1129ad0c9607314184a7dfb96d13e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 14:21:36 +0000 Subject: [PATCH 146/550] make update --- TABLE | 79 ++++++++++++++++++++++++++-------------- crypto/ecdh/Makefile.ssl | 7 ++-- test/Makefile.ssl | 3 +- util/libeay.num | 3 +- util/ssleay.num | 1 + 5 files changed, 61 insertions(+), 32 deletions(-) diff --git a/TABLE b/TABLE index 0dbd4736f..966087157 100644 --- a/TABLE +++ b/TABLE @@ -300,31 +300,6 @@ $shared_extension = $ranlib = $arflags = -*** Mingw32 -$cc = gcc -$cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** NetBSD-m68 $cc = gcc $cflags = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN @@ -2018,7 +1993,7 @@ $rc4_obj = asm/rx86-elf.o $rmd160_obj = asm/rm86-elf.o $rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn -$shared_target= +$shared_target= linux-shared $shared_cflag = $shared_ldflag = $shared_extension = @@ -2035,7 +2010,7 @@ $lflags = -rdynamic -ldl $bn_ops = SIXTY_FOUR_BIT $bn_obj = $des_obj = dlfcn -$bf_obj = +$bf_obj = linux-shared $md5_obj = $sha1_obj = $cast_obj = @@ -3075,6 +3050,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** linux-ia64-ecc +$cc = ecc +$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR +$bn_obj = asm/ia64.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** linux-k6 $cc = gcc $cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall @@ -3450,6 +3450,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** mingw +$cc = gcc +$cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall +$unistd = +$thread_cflag = +$sys_id = MINGW32 +$lflags = -mno-cygwin -lwsock32 -lgdi32 +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-out.o asm/co86-out.o +$des_obj = asm/dx86-out.o asm/yx86-out.o +$bf_obj = asm/bx86-out.o +$md5_obj = asm/mx86-out.o +$sha1_obj = asm/sx86-out.o +$cast_obj = asm/cx86-out.o +$rc4_obj = asm/rx86-out.o +$rmd160_obj = asm/rm86-out.o +$rc5_obj = asm/r586-out.o +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = .dll +$ranlib = +$arflags = + *** ncr-scde $cc = cc $cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index eb2e7605e..7ab015070 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -115,9 +115,10 @@ ech_lib.o: ech_lib.c ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h +ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_ossl.o: ../../include/openssl/opensslconf.h ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_ossl.o: ecdh.h ech_ossl.c +ech_ossl.o: ech_ossl.c diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 543789434..2b61e6f00 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -830,7 +830,8 @@ ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c +ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h diff --git a/util/libeay.num b/util/libeay.num index c03f58d64..243d9f12d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2905,7 +2905,7 @@ BN_nist_mod_224 3342 EXIST::FUNCTION: i2d_EC_PUBKEY_bio 3343 EXIST::FUNCTION:BIO,EC EC_GROUP_get_asn1_flag 3344 EXIST::FUNCTION:EC ECDH_get_ex_new_index 3345 EXIST::FUNCTION:ECDH -ECDH_size 3346 EXIST::FUNCTION:ECDH +ECDH_size 3346 NOEXIST::FUNCTION: BN_GF2m_mod_inv 3347 EXIST::FUNCTION: BN_GF2m_mod_exp 3348 EXIST::FUNCTION: EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC @@ -2999,3 +2999,4 @@ ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGIN a2i_IPADDRESS 3434 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC +X509V3_NAME_from_section 3437 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 7c15d0f05..865005ac6 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -217,3 +217,4 @@ SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: SSL_set_msg_callback 267 EXIST::FUNCTION: SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH +SSL_SESSION_get_id 270 EXIST::FUNCTION: From e986704d24e486850794cc20c0245431884b2a58 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 16:34:27 +0000 Subject: [PATCH 147/550] Add documentation for -starttls (s_client) and -id_prefix (s_server). PR: 542 --- doc/apps/s_client.pod | 7 +++++++ doc/apps/s_server.pod | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 7fca9cbdb..47dc93cb3 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -33,6 +33,7 @@ B B [B<-no_tls1>] [B<-bugs>] [B<-cipher cipherlist>] +[B<-starttls protocol>] [B<-engine id>] [B<-rand file(s)>] @@ -163,6 +164,12 @@ the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the B command for more information. +=item B<-starttls protocol> + +send the protocol-specific message(s) to switch to TLS for communication. +B is a keyword for the intended protocol. Currently, the only +supported keyword is "smtp". + =item B<-engine id> specifying an engine (by it's unique B string) will cause B diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 4b1e4260e..1d21921e4 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -42,6 +42,7 @@ B B [B<-WWW>] [B<-HTTP>] [B<-engine id>] +[B<-id_prefix arg>] [B<-rand file(s)>] =head1 DESCRIPTION @@ -209,6 +210,13 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-id_prefix arg> + +generate SSL/TLS session IDs prefixed by B. This is mostly useful +for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). + =item B<-rand file(s)> a file or files containing random data used to seed the random number From 10a66ad38993c9f2b9e7d9d97ccc3e15c4eff495 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:09:46 +0000 Subject: [PATCH 148/550] Avoid warning. --- crypto/ecdh/ech_ossl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b00c6c431..076eb2ea1 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -70,6 +70,8 @@ #include +#include "cryptlib.h" + #include #include #include From 6f528cac5a56f33a00694dbebf1abee3a91dbdda Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:14:27 +0000 Subject: [PATCH 149/550] Typo: OID should be policyMappings --- crypto/objects/obj_dat.h | 10 +++++----- crypto/objects/obj_mac.h | 8 ++++---- crypto/objects/obj_mac.num | 2 +- crypto/objects/objects.txt | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 03803827a..24d885501 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -756,7 +756,7 @@ static unsigned char lvalues[4876]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4848] OBJ_ms_smartcard_login */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4872] OBJ_policy_mapping */ +0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1882,7 +1882,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, &(lvalues[4858]),0}, {"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4868]),0}, -{"policyMapping","X509v3 Policy Mapping",NID_policy_mapping,3, +{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, &(lvalues[4872]),0}, }; @@ -2367,7 +2367,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ -&(nid_objs[719]),/* "policyMapping" */ +&(nid_objs[719]),/* "policyMappings" */ &(nid_objs[506]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ @@ -2699,7 +2699,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ -&(nid_objs[719]),/* "X509v3 Policy Mapping" */ +&(nid_objs[719]),/* "X509v3 Policy Mappings" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ @@ -3374,7 +3374,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ -&(nid_objs[719]),/* OBJ_policy_mapping 2 5 29 33 */ +&(nid_objs[719]),/* OBJ_policy_mappings 2 5 29 33 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index ecbe9c23a..eefdd169f 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2046,10 +2046,10 @@ #define NID_any_policy 718 #define OBJ_any_policy OBJ_certificate_policies,0L -#define SN_policy_mapping "policyMapping" -#define LN_policy_mapping "X509v3 Policy Mapping" -#define NID_policy_mapping 719 -#define OBJ_policy_mapping OBJ_id_ce,33L +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 719 +#define OBJ_policy_mappings OBJ_id_ce,33L #define SN_authority_key_identifier "authorityKeyIdentifier" #define LN_authority_key_identifier "X509v3 Authority Key Identifier" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index eec29229a..0a85cb6a4 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -716,4 +716,4 @@ wap_wsg_idm_ecid_wtls12 715 ms_smartcard_login 716 ms_upn 717 any_policy 718 -policy_mapping 719 +policy_mappings 719 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 2d01c4d3a..bea8db109 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -664,8 +664,8 @@ id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points id-ce 32 : certificatePolicies : X509v3 Certificate Policies !Cname any-policy certificate-policies 0 : anyPolicy : X509v3 Any Policy -!Cname policy-mapping -id-ce 33 : policyMapping : X509v3 Policy Mapping +!Cname policy-mappings +id-ce 33 : policyMappings : X509v3 Policy Mappings !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints From a1d12daed2087944f3530f6ec4b5ec23f36ce41a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:26:44 +0000 Subject: [PATCH 150/550] Support for policyMappings --- CHANGES | 3 + crypto/stack/safestack.h | 20 +++++ crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/ext_dat.h | 4 +- crypto/x509v3/v3_pmaps.c | 153 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3err.c | 1 + crypto/x509v3/x509v3.h | 13 ++++ 7 files changed, 195 insertions(+), 3 deletions(-) create mode 100644 crypto/x509v3/v3_pmaps.c diff --git a/CHANGES b/CHANGES index ea29f5abf..0a5913ce1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for policyMappings certificate extension. + [Steve Henson] + *) Fixed a typo bug that would cause ENGINE_set_default() to set an ENGINE as defaults for all supported algorithms irrespective of the 'flags' parameter. 'flags' is now honoured, so applications diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ed9ed2c23..6ffb132be 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -944,6 +944,26 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) + #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 60af357a0..df6002656 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c +v3_ocsp.c v3_akeya.c v3_pmaps.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o +v3_ocsp.o v3_akeya.o v3_pmaps.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 544248059..4c801c2c1 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -64,6 +64,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; +extern X509V3_EXT_METHOD v3_policy_mappings; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -105,8 +106,9 @@ static X509V3_EXT_METHOD *standard_exts[] = { #endif &v3_sinfo, #ifndef OPENSSL_NO_OCSP -&v3_crl_hold +&v3_crl_hold, #endif +&v3_policy_mappings }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c new file mode 100644 index 000000000..897640fc1 --- /dev/null +++ b/crypto/x509v3/v3_pmaps.c @@ -0,0 +1,153 @@ +/* v3_pmaps.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include + +static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + void *pmps, STACK_OF(CONF_VALUE) *extlist); + +X509V3_EXT_METHOD v3_policy_mappings = { + NID_policy_mappings, 0, + ASN1_ITEM_ref(POLICY_MAPPINGS), + 0,0,0,0, + 0,0, + i2v_POLICY_MAPPINGS, + v2i_POLICY_MAPPINGS, + 0,0, + NULL +}; + +ASN1_SEQUENCE(POLICY_MAPPING) = { + ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), + ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) +} ASN1_SEQUENCE_END(POLICY_MAPPING) + +ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, + POLICY_MAPPING) +ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) + +IMPLEMENT_ASN1_FUNCTIONS(POLICY_MAPPING) + + +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + void *a, STACK_OF(CONF_VALUE) *ext_list) +{ + POLICY_MAPPINGS *pmaps = a; + POLICY_MAPPING *pmap; + int i; + char obj_tmp1[80]; + char obj_tmp2[80]; + for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { + pmap = sk_POLICY_MAPPING_value(pmaps, i); + i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); + i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); + X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); + } + return ext_list; +} + +static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + POLICY_MAPPINGS *pmaps; + POLICY_MAPPING *pmap; + ASN1_OBJECT *obj1, *obj2; + CONF_VALUE *val; + int i; + + if(!(pmaps = sk_POLICY_MAPPING_new_null())) { + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); + return NULL; + } + + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if(!val->value || !val->name) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + obj1 = OBJ_txt2obj(val->name, 0); + obj2 = OBJ_txt2obj(val->value, 0); + if(!obj1 || !obj2) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + pmap = POLICY_MAPPING_new(); + if (!pmap) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); + return NULL; + } + pmap->issuerDomainPolicy = obj1; + pmap->subjectDomainPolicy = obj2; + sk_POLICY_MAPPING_push(pmaps, pmap); + } + return pmaps; +} diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 28f44e00c..80b821dda 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -98,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, +{ERR_PACK(0,X509V3_F_V2I_POLICY_MAPPINGS,0), "V2I_POLICY_MAPPINGS"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index d2edc9f65..fda50c95a 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -286,6 +286,15 @@ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; DECLARE_STACK_OF(POLICYINFO) DECLARE_ASN1_SET_OF(POLICYINFO) +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -455,6 +464,9 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); @@ -592,6 +604,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXT_KU 103 #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V3_GENERIC_EXTENSION 116 #define X509V3_F_X509V3_ADD_I2D 140 #define X509V3_F_X509V3_ADD_VALUE 105 From c554155b58f5c0dda132048bb0a68a2d1a463d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 20 Mar 2003 17:31:30 +0000 Subject: [PATCH 151/550] make sure RSA blinding works when the PRNG is not properly seeded; enable it automatically for the built-in engine --- CHANGES | 13 ++++++++++++- crypto/rsa/rsa.h | 7 +++++++ crypto/rsa/rsa_eay.c | 35 +++++++++++++++++++++++++++-------- crypto/rsa/rsa_lib.c | 21 +++++++++++++++++---- 4 files changed, 63 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 0a5913ce1..a03875767 100644 --- a/CHANGES +++ b/CHANGES @@ -469,8 +469,19 @@ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). [Bodo Moeller] + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). + [Bodo Moeller] + yet to be integrated into this CVS branch: -- RSA blinding changes - Geoff's ENGINE_set_default() fix *) Target "mingw" now allows native Windows code to be generated in diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b005b4b0b..604fc2644 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -162,6 +162,11 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -174,6 +179,8 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 +#define RSA_FLAG_NO_BLINDING 0x80 + #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 24c77699f..6bc6ef391 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -211,6 +211,25 @@ err: return(r); } +static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) + { + int ret = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + /* Check again inside the lock - the macro's check is racey */ + if(rsa->blinding == NULL) + ret = RSA_blinding_on(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + return ret; + } + +#define BLINDING_HELPER(rsa, ctx, err_instr) \ + do { \ + if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \ + ((rsa)->blinding == NULL) && \ + !rsa_eay_blinding(rsa, ctx)) \ + err_instr \ + } while(0) + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -255,9 +274,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) + BLINDING_HELPER(rsa, ctx, goto err;); + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || @@ -274,7 +293,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; } - if (rsa->flags & RSA_FLAG_BLINDING) + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; /* put in leading 0 bytes if the number is less than the @@ -336,9 +355,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) + BLINDING_HELPER(rsa, ctx, goto err;); + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; /* do the decrypt */ @@ -357,7 +376,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (rsa->flags & RSA_FLAG_BLINDING) + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; p=buf; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 889c36d3a..33ca8330c 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -72,7 +72,9 @@ static const RSA_METHOD *default_RSA_meth=NULL; RSA *RSA_new(void) { - return(RSA_new_method(NULL)); + RSA *r=RSA_new_method(NULL); + + return r; } void RSA_set_default_method(const RSA_METHOD *meth) @@ -307,7 +309,8 @@ void RSA_blinding_off(RSA *rsa) BN_BLINDING_free(rsa->blinding); rsa->blinding=NULL; } - rsa->flags&= ~RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_NO_BLINDING; } int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) @@ -328,13 +331,23 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) BN_CTX_start(ctx); A = BN_CTX_get(ctx); - if (!BN_rand_range(A,rsa->n)) goto err; + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); - rsa->flags|=RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_NO_BLINDING; BN_free(Ai); ret=1; err: From ea3675b5b60789f87a998bad8aab0ca53b3af4ed Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:58:33 +0000 Subject: [PATCH 152/550] New ASN1 macros to just implement and declare the new and free functions and changes to mkdef.pl so it recognises them. Use these in policyMappings extension. --- crypto/asn1/asn1.h | 12 ++++++++---- crypto/asn1/asn1t.h | 3 +++ crypto/x509v3/v3_pmaps.c | 2 +- crypto/x509v3/x509v3.h | 1 + util/libeay.num | 6 ++++++ util/mkdef.pl | 4 ++++ 6 files changed, 23 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 0eb97fa62..19414444a 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -264,14 +264,15 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ @@ -291,6 +292,9 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; name *name##_new(void); \ void name##_free(name *a); +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); /* The following macros and typedefs allow an ASN1_ITEM * to be embedded in a structure and referenced. Since diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index 479225bea..c1a4bea8f 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -775,6 +775,9 @@ typedef struct ASN1_AUX_st { #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index 897640fc1..137be58ad 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -89,7 +89,7 @@ ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = POLICY_MAPPING) ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) -IMPLEMENT_ASN1_FUNCTIONS(POLICY_MAPPING) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index fda50c95a..2cbe1b963 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -465,6 +465,7 @@ DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) DECLARE_ASN1_ITEM(POLICY_MAPPINGS) #ifdef HEADER_CONF_H diff --git a/util/libeay.num b/util/libeay.num index 243d9f12d..b97228ce3 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3000,3 +3000,9 @@ a2i_IPADDRESS 3434 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC X509V3_NAME_from_section 3437 EXIST::FUNCTION: +POLICY_MAPPING_it 3438 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPING_it 3438 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_MAPPING_new 3440 EXIST::FUNCTION: +POLICY_MAPPING_free 3441 EXIST::FUNCTION: diff --git a/util/mkdef.pl b/util/mkdef.pl index f7f0e6ebf..3091e2035 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -673,6 +673,10 @@ sub do_defs "EXPORT_VAR_AS_FUNCTION", "FUNCTION"); next; + } elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) { + $def .= "int $1_free(void);"; + $def .= "int $1_new(void);"; + next; } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { $def .= "int d2i_$2(void);"; $def .= "int i2d_$2(void);"; From b24668626e348bc31224aa6d6cfb4bb913a53ddb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:59:39 +0000 Subject: [PATCH 153/550] make update --- crypto/ecdh/Makefile.ssl | 7 ++++--- crypto/x509v3/Makefile.ssl | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index 7ab015070..8a0e43852 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -112,8 +112,9 @@ ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h ech_lib.o: ech_lib.c -ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h +ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h @@ -121,4 +122,4 @@ ech_ossl.o: ../../include/openssl/opensslconf.h ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_ossl.o: ech_ossl.c +ech_ossl.o: ../cryptlib.h ech_ossl.c diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index df6002656..a353fec25 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -353,6 +353,22 @@ v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c +v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h +v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_pmaps.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_pmaps.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_pmaps.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_pmaps.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_pmaps.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_pmaps.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +v3_pmaps.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pmaps.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pmaps.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pmaps.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pmaps.c v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h From d4a47a5778fa227abc634b4ededb6e011e6e7065 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:14:49 +0000 Subject: [PATCH 154/550] Because it may be needed in public header files, move the definition of OPENSSL_NO_FP_API on existence of OPENSSL_SYS_MSDOS to e_os2.h. --- e_os.h | 2 +- e_os2.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/e_os.h b/e_os.h index f7d09c529..f70958df8 100644 --- a/e_os.h +++ b/e_os.h @@ -184,7 +184,6 @@ extern "C" { #endif #ifdef WIN16 -# define OPENSSL_NO_FP_API # define MS_CALLBACK _far _loadds # define MS_FAR _far #else @@ -193,6 +192,7 @@ extern "C" { #endif #ifdef OPENSSL_NO_STDIO +# undef OPENSSL_NO_FP_API # define OPENSSL_NO_FP_API #endif diff --git a/e_os2.h b/e_os2.h index 81be3025f..80ec03ee8 100644 --- a/e_os2.h +++ b/e_os2.h @@ -201,6 +201,7 @@ extern "C" { /* Specials for I/O an exit */ #ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_NO_FP_API # define OPENSSL_UNISTD_IO # define OPENSSL_DECLARE_EXIT extern void exit(int); #else From 940767b03f3a9f5ca35a9f001f83c13eef1f5cd7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:15:51 +0000 Subject: [PATCH 155/550] Make sure we get the definition of OPENSSL_NO_AES. --- crypto/aes/aes.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 8294a41a3..7f4b0e806 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -52,6 +52,8 @@ #ifndef HEADER_AES_H #define HEADER_AES_H +#include + #ifdef OPENSSL_NO_AES #error AES is disabled. #endif From 536b73e78e5f0d5d81644742591d7e58ed5ddc07 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:16:45 +0000 Subject: [PATCH 156/550] Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA. --- crypto/asn1/asn1.h | 2 +- crypto/asn1/n_pkey.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 19414444a..790e7b967 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -60,10 +60,10 @@ #define HEADER_ASN1_H #include +#include #ifndef OPENSSL_NO_BIO #include #endif -#include #include #include #include diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 766b51c53..a5a02e843 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" +#ifndef OPENSSL_NO_RSA #include #include #include From 44deca977d7bca6e959bedf2c02b69f7f0c036d9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:17:04 +0000 Subject: [PATCH 157/550] Make sure we get the definition of OPENSSL_NO_BF. --- crypto/bf/bftest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 24d526b14..14bc4d7c8 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -62,6 +62,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_BF is defined */ #include "../e_os.h" From 7b5a6c7a6278eb255ab0f28a72a702bef456f526 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:17:23 +0000 Subject: [PATCH 158/550] Make sure we get the definition of OPENSSL_NO_FP_API. --- crypto/bio/bio.h | 3 ++- crypto/crypto.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index fbbc16d00..ce8b19ce2 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -59,13 +59,14 @@ #ifndef HEADER_BIO_H #define HEADER_BIO_H +#include + #ifndef OPENSSL_NO_FP_API # include #endif #include #include -#include #ifdef __cplusplus extern "C" { diff --git a/crypto/crypto.h b/crypto/crypto.h index fa799a762..0f15a5654 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -119,6 +119,8 @@ #include +#include + #ifndef OPENSSL_NO_FP_API #include #endif From 9ba4cc007b3af0b5e893716f8fe44943a5e3b234 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:18:32 +0000 Subject: [PATCH 159/550] Make sure we get the definition of OPENSSL_NO_SOCK. --- crypto/bio/b_sock.c | 4 ++-- crypto/bio/bss_acpt.c | 4 ++-- crypto/bio/bss_conn.c | 4 ++-- crypto/bio/bss_sock.c | 5 +---- 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 601a14f37..c50100802 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -56,8 +56,6 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #include @@ -65,6 +63,8 @@ #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 8ea1db158..d090b7272 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -56,14 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 743db6ff9..33702eb99 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -56,14 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 2c1c405ec..7207a1fb8 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -56,8 +56,6 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS @@ -279,7 +277,7 @@ int BIO_sock_non_fatal_error(int err) #endif #ifdef EAGAIN -#if EWOULDBLOCK != EAGAIN +# if EWOULDBLOCK != EAGAIN case EAGAIN: # endif #endif @@ -302,4 +300,3 @@ int BIO_sock_non_fatal_error(int err) } return(0); } -#endif From 78951e771128452077388acf79c79c72f379dce1 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:19:41 +0000 Subject: [PATCH 160/550] Make sure we get the definition of OPENSSL_NO_ERR. --- crypto/bio/bio_err.c | 1 + crypto/bn/bn_err.c | 1 + crypto/buffer/buf_err.c | 1 + crypto/comp/comp_err.c | 1 + crypto/conf/conf_err.c | 1 + crypto/dh/dh_err.c | 1 + crypto/dsa/dsa_err.c | 1 + crypto/dso/dso_err.c | 1 + crypto/ecdsa/ecs_err.c | 1 + 9 files changed, 9 insertions(+) diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index 68a119d89..5df17ff89 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index bcc7ff97a..747591f9c 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 5eee653e1..655906078 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index 1652b8c2c..54edbb0e9 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index ee07bfe9d..bc16eeaa5 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index d837950ae..443a741da 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 79aa4ff52..b1064f07e 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index ac783e279..8ec7ba9f9 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c index 75c789448..c9bed9dd8 100644 --- a/crypto/ecdsa/ecs_err.c +++ b/crypto/ecdsa/ecs_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR From 0c7d61ee0e742adf90e8c815c52eee181cd89dea Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:20:15 +0000 Subject: [PATCH 161/550] Make sure we get the definition of OPENSSL_NO_CAST. --- crypto/cast/cast.h | 2 ++ crypto/cast/casttest.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/cast/cast.h b/crypto/cast/cast.h index b28e4e4f3..90b45b950 100644 --- a/crypto/cast/cast.h +++ b/crypto/cast/cast.h @@ -63,6 +63,8 @@ extern "C" { #endif +#include + #ifdef OPENSSL_NO_CAST #error CAST is disabled. #endif diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index 83e5a16c7..0d020d697 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -59,6 +59,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_CAST is defined */ #include "../e_os.h" From 0f3879455bab6f06457685fc80748bcbb545439b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:21:10 +0000 Subject: [PATCH 162/550] Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG and OPENSSL_NO_DESCBCM. --- crypto/des/des.h | 6 +++--- crypto/des/des_old.h | 4 ++-- crypto/des/ede_cbcm_enc.c | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/des/des.h b/crypto/des/des.h index daaf239db..4475143db 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -59,13 +59,13 @@ #ifndef HEADER_NEW_DES_H #define HEADER_NEW_DES_H +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, + DES_LONG (via openssl/opensslconf.h */ + #ifdef OPENSSL_NO_DES #error DES is disabled. #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ - #ifdef OPENSSL_BUILD_SHLIBCRYPTO # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 1d840b474..8a238d1ce 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -91,6 +91,8 @@ #ifndef HEADER_DES_H #define HEADER_DES_H +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ + #ifdef OPENSSL_NO_DES #error DES is disabled. #endif @@ -103,8 +105,6 @@ #error replaces . #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ #include #ifdef OPENSSL_BUILD_SHLIBCRYPTO diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c index fa45aa272..adfcb75cf 100644 --- a/crypto/des/ede_cbcm_enc.c +++ b/crypto/des/ede_cbcm_enc.c @@ -68,6 +68,8 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz */ +#include /* To see if OPENSSL_NO_DESCBCM is defined */ + #ifndef OPENSSL_NO_DESCBCM #include "des_locl.h" From d3ae5b1c8a01436d6cd51ee603ab79cf41c2a5ce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:21:27 +0000 Subject: [PATCH 163/550] Make sure we get the definition of OPENSSL_NO_DH. --- crypto/dh/dh.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 62dba4055..db4e11090 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -59,6 +59,8 @@ #ifndef HEADER_DH_H #define HEADER_DH_H +#include + #ifdef OPENSSL_NO_DH #error DH is disabled. #endif From 751ff1d376feae3beaee90ca66dd7fe92e2316d2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:21:51 +0000 Subject: [PATCH 164/550] Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA. --- crypto/dsa/dsa.h | 2 ++ crypto/dsa/dsa_gen.c | 2 ++ crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsatest.c | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 6ba79b01d..651add43a 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -65,6 +65,8 @@ #ifndef HEADER_DSA_H #define HEADER_DSA_H +#include + #ifdef OPENSSL_NO_DSA #error DSA is disabled. #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 4b9aff368..dffd588ff 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -69,6 +69,8 @@ #define HASH EVP_sha1() #endif +#include /* To see if OPENSSL_NO_SHA is defined */ + #ifndef OPENSSL_NO_SHA #include diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 48ff1f423..8427b7797 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include #include "cryptlib.h" +#ifndef OPENSSL_NO_SHA #include #include #include diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 940d97d0e..71ff566ed 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -76,6 +76,7 @@ #include #ifndef OPENSSL_NO_ENGINE #include +#include #endif #ifdef OPENSSL_NO_DSA From 87c9c659ded39508fe0ff3ede830306c261ef5cc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:22:06 +0000 Subject: [PATCH 165/550] Make sure we get the definition of OPENSSL_NO_EC. --- crypto/ec/ec.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 1013bd8fa..431a28b38 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -72,6 +72,8 @@ #ifndef HEADER_EC_H #define HEADER_EC_H +#include + #ifdef OPENSSL_NO_EC #error EC is disabled. #endif From 03829b2b4774d20e40fc61fb4d8b5e8b39bcae6f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:22:17 +0000 Subject: [PATCH 166/550] Make sure we get the definition of OPENSSL_NO_ECDH. --- crypto/ecdh/ecdh.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index cc6d858d6..db6fd4870 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -69,6 +69,8 @@ #ifndef HEADER_ECDH_H #define HEADER_ECDH_H +#include + #ifdef OPENSSL_NO_ECDH #error ECDH is disabled. #endif From 3b6aa36c77307dbb22b767b484a62e8e5e4bcc4e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:22:31 +0000 Subject: [PATCH 167/550] Make sure we get the definition of OPENSSL_NO_ECDSA. --- crypto/ecdsa/ecdsa.h | 2 ++ crypto/ecdsa/ecdsatest.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index d72d0b136..e82762d35 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -55,6 +55,8 @@ #ifndef HEADER_ECDSA_H #define HEADER_ECDSA_H +#include + #ifdef OPENSSL_NO_ECDSA #error ECDSA is disabled. #endif diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 402e988f4..7beae6f73 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -79,6 +79,8 @@ #include #include +#include /* To see if OPENSSL_NO_ECDSA is defined */ + #ifdef OPENSSL_NO_ECDSA int main(int argc, char * argv[]) { From e8cc7de4f4be4574dd3b0d87ed9cb66d8dc3b109 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:23:43 +0000 Subject: [PATCH 168/550] Make sure we get the definition of OPENSSL_NO_HMAC. --- crypto/hmac/hmac.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 0364a1fcb..72077ad19 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -58,6 +58,8 @@ #ifndef HEADER_HMAC_H #define HEADER_HMAC_H +#include + #ifdef OPENSSL_NO_HMAC #error HMAC is disabled. #endif From 83054771574f69e31a2d084de7fcbb221fbd057b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:24:32 +0000 Subject: [PATCH 169/550] Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT. --- crypto/idea/idea.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h index 67132414e..5782e54b0 100644 --- a/crypto/idea/idea.h +++ b/crypto/idea/idea.h @@ -59,6 +59,8 @@ #ifndef HEADER_IDEA_H #define HEADER_IDEA_H +#include /* IDEA_INT, OPENSSL_NO_IDEA */ + #ifdef OPENSSL_NO_IDEA #error IDEA is disabled. #endif @@ -66,7 +68,6 @@ #define IDEA_ENCRYPT 1 #define IDEA_DECRYPT 0 -#include /* IDEA_INT */ #define IDEA_BLOCK 8 #define IDEA_KEY_LENGTH 16 From 08a54f6e6a2bf705eb26489e2023b53e1e99607d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:24:47 +0000 Subject: [PATCH 170/550] Make sure we get the definition of OPENSSL_NO_FP_API. --- crypto/err/err.h | 2 ++ crypto/lhash/lhash.h | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/err/err.h b/crypto/err/err.h index ec895c4d1..95658addf 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -59,6 +59,8 @@ #ifndef HEADER_ERR_H #define HEADER_ERR_H +#include + #ifndef OPENSSL_NO_FP_API #include #include diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index dee820733..7c1d48642 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -63,6 +63,7 @@ #ifndef HEADER_LHASH_H #define HEADER_LHASH_H +#include #ifndef OPENSSL_NO_FP_API #include #endif From c11b9af75e1b42ca2a9373dde3ae3fac63c297c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:24:59 +0000 Subject: [PATCH 171/550] Make sure we get the definition of OPENSSL_NO_MD2. --- crypto/md2/md2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/md2/md2.h b/crypto/md2/md2.h index ad9241455..6fcb9b1bd 100644 --- a/crypto/md2/md2.h +++ b/crypto/md2/md2.h @@ -59,13 +59,13 @@ #ifndef HEADER_MD2_H #define HEADER_MD2_H +#include /* OPENSSL_NO_MD2, MD2_INT */ #ifdef OPENSSL_NO_MD2 #error MD2 is disabled. #endif #define MD2_DIGEST_LENGTH 16 #define MD2_BLOCK 16 -#include /* MD2_INT */ #ifdef __cplusplus extern "C" { From 59ade20500db906b11a9e7420ee811d210fe0aa2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:26:32 +0000 Subject: [PATCH 172/550] Include e_os.h correctly. --- crypto/threads/th-lock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index a6a79b9f4..14aae5f91 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -80,7 +80,7 @@ #include #include #include -#include +#include "../../e_os.h" #include #include #include From 741dae576fdfaaa4030e386791edc32852388286 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:26:46 +0000 Subject: [PATCH 173/550] Make sure we get the definition of OPENSSL_NO_BIO. --- crypto/pem/pem.h | 2 +- crypto/txt_db/txt_db.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 02dd9f2b6..57a2cfe92 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -59,6 +59,7 @@ #ifndef HEADER_PEM_H #define HEADER_PEM_H +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -68,7 +69,6 @@ #include #include #include -#include #ifdef __cplusplus extern "C" { diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h index 563392aef..c98e28770 100644 --- a/crypto/txt_db/txt_db.h +++ b/crypto/txt_db/txt_db.h @@ -59,6 +59,7 @@ #ifndef HEADER_TXT_DB_H #define HEADER_TXT_DB_H +#include #ifndef OPENSSL_NO_BIO #include #endif From d5ef1442227796e65d6bf149ac464bc670c5aa98 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:27:17 +0000 Subject: [PATCH 174/550] Make sure we get the definition of a number of OPENSSL_NO_* macros. --- crypto/x509/x509.h | 2 +- crypto/x509/x509_vfy.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index f1ccc0f04..53a8f6c75 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -64,6 +64,7 @@ #ifndef HEADER_X509_H #define HEADER_X509_H +#include #include #ifndef OPENSSL_NO_BUFFER #include @@ -104,7 +105,6 @@ #ifndef OPENSSL_NO_SHA #include #endif -#include #include #ifdef __cplusplus diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index f0be21f45..3a0ccbe48 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -65,6 +65,7 @@ #ifndef HEADER_X509_VFY_H #define HEADER_X509_VFY_H +#include #ifndef OPENSSL_NO_LHASH #include #endif From 8c84b677e29487b168a700a917dcf58d377a2fba Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:03 +0000 Subject: [PATCH 175/550] Make sure we get the definition of OPENSSL_NO_AES. --- crypto/evp/e_aes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index c323fa289..bf7c45fa2 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -48,6 +48,7 @@ * */ +#include #ifndef OPENSSL_NO_AES #include #include From abf21308d28dc1de4b533bdecae6a7bd4143ab6c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:16 +0000 Subject: [PATCH 176/550] Make sure we get the definition of OPENSSL_NO_BF. --- crypto/evp/e_bf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index e74337567..cc224e536 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_BF #include #include "cryptlib.h" +#ifndef OPENSSL_NO_BF #include #include "evp_locl.h" #include From fb10590910a801dd0a1012e9df53a069a2dbd73c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:27 +0000 Subject: [PATCH 177/550] Make sure we get the definition of OPENSSL_NO_CAST. --- crypto/evp/e_cast.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 3400fef18..d77bcd929 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_CAST - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_CAST #include #include #include "evp_locl.h" From 786b0075d5c07a1211d35c2db214632901b90b5b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:55 +0000 Subject: [PATCH 178/550] Make sure we get the definition of OPENSSL_NO_IDEA. --- crypto/evp/e_idea.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index b9efa75ae..48c33a774 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_IDEA - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_IDEA #include #include #include "evp_locl.h" From c7e7fc3ee42c03313b4957ea23db3b6f40d3affb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:06 +0000 Subject: [PATCH 179/550] Make sure we get the definition of OPENSSL_NO_RC2. --- crypto/evp/e_rc2.c | 5 +++-- crypto/rc2/rc2.h | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index d42cbfd17..3932f60e5 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC2 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC2 + #include #include #include "evp_locl.h" diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h index 7816b454d..34c836231 100644 --- a/crypto/rc2/rc2.h +++ b/crypto/rc2/rc2.h @@ -59,6 +59,7 @@ #ifndef HEADER_RC2_H #define HEADER_RC2_H +#include /* OPENSSL_NO_RC2, RC2_INT */ #ifdef OPENSSL_NO_RC2 #error RC2 is disabled. #endif @@ -66,7 +67,6 @@ #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 -#include /* RC2_INT */ #define RC2_BLOCK 8 #define RC2_KEY_LENGTH 16 From 39c4b7092c2acb0051c57fb0f6c05490cf7274c4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:17 +0000 Subject: [PATCH 180/550] Make sure we get the definition of OPENSSL_NO_RC4. --- crypto/evp/e_rc4.c | 5 +++-- crypto/rc4/rc4.h | 3 +-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index d58f50783..eadd8d427 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC4 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC4 + #include #include #include diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h index 8722091f2..7aec04fe9 100644 --- a/crypto/rc4/rc4.h +++ b/crypto/rc4/rc4.h @@ -59,12 +59,11 @@ #ifndef HEADER_RC4_H #define HEADER_RC4_H +#include /* OPENSSL_NO_RC4, RC4_INT */ #ifdef OPENSSL_NO_RC4 #error RC4 is disabled. #endif -#include /* RC4_INT */ - #ifdef __cplusplus extern "C" { #endif From f118514501c5fdd2c5b83130eba94df47c57c474 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:26 +0000 Subject: [PATCH 181/550] Make sure we get the definition of OPENSSL_NO_RC5. --- crypto/evp/e_rc5.c | 5 +++-- crypto/rc5/rc5.h | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index 3c7713b18..19a10c640 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC5 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC5 + #include #include #include "evp_locl.h" diff --git a/crypto/rc5/rc5.h b/crypto/rc5/rc5.h index 4adfd2db5..4b3c153b5 100644 --- a/crypto/rc5/rc5.h +++ b/crypto/rc5/rc5.h @@ -59,6 +59,8 @@ #ifndef HEADER_RC5_H #define HEADER_RC5_H +#include /* OPENSSL_NO_RC5 */ + #ifdef __cplusplus extern "C" { #endif From 9e9e8cb6a8c26210f65823e2b28f7e4eb47817f5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:38 +0000 Subject: [PATCH 182/550] Make sure we get the definition of OPENSSL_NO_DES. --- crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 2 +- crypto/evp/e_xcbc_d.c | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 105266a4b..92f6ebc34 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" +#ifndef OPENSSL_NO_DES #include #include #include "evp_locl.h" diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 077860e7b..e036d07ba 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" +#ifndef OPENSSL_NO_DES #include #include #include "evp_locl.h" diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index a6f849e93..cb82815a8 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_DES + #include #include #include From 641e6ef2cbc6f58bb02504a7c6bdb07a41715482 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:30:04 +0000 Subject: [PATCH 183/550] Make sure we get the definition of OPENSSL_NO_MD2. --- crypto/evp/m_md2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index 50914c83b..38ce7f8cd 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD2 + #include #include #include From bff8e1dddbfaf4eb1f4f8a4e7c56c7cb0c645231 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:24 +0000 Subject: [PATCH 184/550] Make sure we get the definition of OPENSSL_NO_MD4. --- crypto/evp/m_md4.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index e19b66375..a3f6be4f3 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD4 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD4 + #include #include #include From c988c9b839bb0109b996eb47b0bb75347ea74d45 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:34 +0000 Subject: [PATCH 185/550] Make sure we get the definition of OPENSSL_NO_MD5. --- crypto/evp/m_md5.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index b00a03e04..cc4216a53 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD5 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD5 + #include #include #include From cd6ab56da0213d2a241e07fa67b07f257322d2e0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:44 +0000 Subject: [PATCH 186/550] Make sure we get the definition of OPENSSL_NO_MDC2. --- crypto/evp/m_mdc2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 9f6467c93..58df547e0 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MDC2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MDC2 + #include #include #include From dfefdb41f76d842df68ee0a3e8e7d71cc79eed3f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:56 +0000 Subject: [PATCH 187/550] Make sure we get the definition of OPENSSL_NO_RIPEMD. --- crypto/evp/m_ripemd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 64725528d..ca8ed7585 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RIPEMD #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RIPEMD + #include #include #include From 69104cdf34462d4973e6bdddaf0ffb9cba041fb8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:32:16 +0000 Subject: [PATCH 188/550] Make sure we get the definition of OPENSSL_NO_SHA. --- crypto/evp/m_dss1.c | 4 +++- crypto/evp/m_sha.c | 4 +++- crypto/evp/m_sha1.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index f5668ebda..9a0ebe0a5 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c index 10697c7ed..a3343bb2e 100644 --- a/crypto/evp/m_sha.c +++ b/crypto/evp/m_sha.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index d6be3502f..838225bf8 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include From 9c35452842cc2e3a4ed1a6a67ca312740d13c4e3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:34:08 +0000 Subject: [PATCH 189/550] Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA. --- crypto/evp/p5_crpt2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 1f94e1ef8..b161d7664 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -55,10 +55,10 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include "cryptlib.h" +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include From be9bec9bc77fdfe81cab9b6312ccdc4817e37938 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:34:28 +0000 Subject: [PATCH 190/550] Make sure we get the definition of OPENSSL_NO_RSA. --- crypto/evp/p_open.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 5a933d1cd..bc3940847 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RSA + #include #include #include From 37892848074f79f91d71a16eed4d8dcef76a274e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:51:35 +0000 Subject: [PATCH 191/550] Sometimes, we have partial comments on the same line as other stuff we parse. Make sure to read in the whole comment, so it can be entirely removed. --- util/mkdef.pl | 4 ++++ util/pl/VC-16.pl | 2 +- util/pl/VC-CE.pl | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index 3091e2035..dc5b12b90 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -448,6 +448,10 @@ sub do_defs } s/\/\*.*?\*\///gs; # ignore comments + if (/\/\*/) { # if we have part + $line = $_; # of a comment, + next; # continue reading + } s/{[^{}]*}//gs; # ignore {} blocks print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; diff --git a/util/pl/VC-16.pl b/util/pl/VC-16.pl index 7cda5e67a..ab97c4c9b 100644 --- a/util/pl/VC-16.pl +++ b/util/pl/VC-16.pl @@ -44,7 +44,7 @@ if ($win16) else { $no_sock=1; - $cflags.=" -DMSDOS"; + $cflags.=" -DOPENSSL_SYSNAME_MSDOS"; $lflags.=" /EXEPACK"; $ex_libs.="oldnames.lib llibce.lib"; } diff --git a/util/pl/VC-CE.pl b/util/pl/VC-CE.pl index 1805ef9d9..3267cd489 100644 --- a/util/pl/VC-CE.pl +++ b/util/pl/VC-CE.pl @@ -12,7 +12,7 @@ $rm='del'; # C compiler stuff $cc='$(CC)'; -$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include'; +$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include'; $lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref'; $mlflags=''; @@ -22,7 +22,7 @@ $inc_def="inc32"; if ($debug) { - $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; + $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WINCE -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; $lflags.=" /debug"; $mlflags.=' /debug'; } From 543105ac17fb62a1921cca1d7a90808bc8e70a13 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:52:41 +0000 Subject: [PATCH 192/550] Don't put configuration macro definitions on the command line, we're just fooling ourselves and then screwing up for other applications. --- Configure | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/Configure b/Configure index 616a9c170..54536235f 100755 --- a/Configure +++ b/Configure @@ -688,7 +688,7 @@ PROCESS_ARGS: elsif (/^no-asm$/) { $no_asm=1; - $flags .= "-DOPENSSL_NO_ASM "; + #$flags .= "-DOPENSSL_NO_ASM "; $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; } elsif (/^no-err$/) @@ -700,12 +700,12 @@ PROCESS_ARGS: { my $hw=$1; $hw =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_HW_$hw "; + #$flags .= "-DOPENSSL_NO_HW_$hw "; $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n"; } elsif (/^no-hw$/) { - $flags .= "-DOPENSSL_NO_HW "; + #$flags .= "-DOPENSSL_NO_HW "; $openssl_other_defines .= "#define OPENSSL_NO_HW\n"; } elsif (/^no-dso$/) @@ -741,22 +741,22 @@ PROCESS_ARGS: my $algo=$1; push @skip,$algo; $algo =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_$algo "; - $depflags .= "-DOPENSSL_NO_$algo "; + #$flags .= "-DOPENSSL_NO_$algo "; + #$depflags .= "-DOPENSSL_NO_$algo "; $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n"; if ($algo eq "RIJNDAEL") { push @skip, "aes"; - $flags .= "-DOPENSSL_NO_AES "; - $depflags .= "-DOPENSSL_NO_AES "; + #$flags .= "-DOPENSSL_NO_AES "; + #$depflags .= "-DOPENSSL_NO_AES "; $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n"; } if ($algo eq "DES") { push @skip, "mdc2"; $options .= " no-mdc2"; - $flags .= "-DOPENSSL_NO_MDC2 "; - $depflags .= "-DOPENSSL_NO_MDC2 "; + #$flags .= "-DOPENSSL_NO_MDC2 "; + #$depflags .= "-DOPENSSL_NO_MDC2 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n"; } if ($algo eq "EC") @@ -892,24 +892,24 @@ $no_tls1=1 if ($no_dh); if ($no_ssl2) { push @skip,"SSL2"; - $flags .= "-DOPENSSL_NO_SSL2 "; - $depflags .= "-DOPENSSL_NO_SSL2 "; + #$flags .= "-DOPENSSL_NO_SSL2 "; + #$depflags .= "-DOPENSSL_NO_SSL2 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n"; } if ($no_ssl3) { push @skip,"SSL3"; - $flags .= "-DOPENSSL_NO_SSL3 "; - $depflags .= "-DOPENSSL_NO_SSL3 "; + #$flags .= "-DOPENSSL_NO_SSL3 "; + #$depflags .= "-DOPENSSL_NO_SSL3 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n"; } if ($no_tls1) { push @skip,"TLS1"; - $flags .= "-DOPENSSL_NO_TLS1 "; - $depflags .= "-DOPENSSL_NO_TLS1 "; + #$flags .= "-DOPENSSL_NO_TLS1 "; + #$depflags .= "-DOPENSSL_NO_TLS1 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n"; } @@ -987,7 +987,7 @@ if ($no_krb5 || !defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") { - $cflags="-DOPENSSL_NO_KRB5 $cflags"; + #$cflags="-DOPENSSL_NO_KRB5 $cflags"; $options.=" no-krb5" unless $no_krb5; $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n"; } @@ -1113,7 +1113,7 @@ if (!$no_shared) if ($threads) { - $cflags=$thread_cflags; + #$cflags=$thread_cflags; $openssl_thread_defines .= $thread_defines; } @@ -1141,18 +1141,18 @@ if (!$no_shared) if ($no_shared) { - $cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags"; + #$cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags"; $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; } else { - $cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags"; + #$cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags"; $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; } if ($sys_id ne "") { - $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; + #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; } From ea17e1f00f655a80cbb72a0b842387cd95b55c7e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:54:33 +0000 Subject: [PATCH 193/550] make update --- crypto/rc5/Makefile.ssl | 16 ++++++++++------ test/Makefile.ssl | 14 ++++---------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl index 3ad665594..fcdeb1e81 100644 --- a/crypto/rc5/Makefile.ssl +++ b/crypto/rc5/Makefile.ssl @@ -99,9 +99,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h -rc5_ecb.o: rc5_ecb.c rc5_locl.h -rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h -rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c -rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c -rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c +rc5_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rc5_ecb.o: ../../include/openssl/rc5.h rc5_ecb.c rc5_locl.h +rc5_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5_enc.o: rc5_enc.c rc5_locl.h +rc5_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5_skey.o: rc5_locl.h rc5_skey.c +rc5cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5cfb64.o: rc5_locl.h rc5cfb64.c +rc5ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5ofb64.o: rc5_locl.h rc5ofb64.c diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 2b61e6f00..61cb2af7a 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -822,16 +822,10 @@ dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c -ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h -ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h -ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c +ecdhtest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h +ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h From 8b5bcef7981ed9c561619fed3a6000b5c6ee6b95 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 21 Mar 2003 00:04:14 +0000 Subject: [PATCH 194/550] Make sure to declare mem*() properly. --- crypto/ecdh/ech_ossl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 076eb2ea1..b3cff5ad9 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -68,6 +68,7 @@ */ +#include #include #include "cryptlib.h" From 9b94f215b11e5d6048c62c505e1ce9e0f222283b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 21 Mar 2003 00:05:14 +0000 Subject: [PATCH 195/550] Define COMP method function prototypes properly. --- crypto/comp/comp.h | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h index ab48b78ae..5d59354a5 100644 --- a/crypto/comp/comp.h +++ b/crypto/comp/comp.h @@ -8,19 +8,26 @@ extern "C" { #endif +typedef struct comp_ctx_st COMP_CTX; + typedef struct comp_method_st { int type; /* NID for compression library */ const char *name; /* A text string to identify the library */ - int (*init)(); - void (*finish)(); - int (*compress)(); - int (*expand)(); - long (*ctrl)(); - long (*callback_ctrl)(); + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); } COMP_METHOD; -typedef struct comp_ctx_st +struct comp_ctx_st { COMP_METHOD *meth; unsigned long compress_in; @@ -29,7 +36,7 @@ typedef struct comp_ctx_st unsigned long expand_out; CRYPTO_EX_DATA ex_data; - } COMP_CTX; + }; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); From 33b34a9d8fd187fdcf36a2d3d7a3f56fee92ef27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Mar 2003 13:11:14 +0000 Subject: [PATCH 196/550] remove patch ID (which is supposed to appear in patched variants of old OpenSSL releases, but not in new releases) --- ssl/s3_srvr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 084b9cfd8..e94106841 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1709,7 +1709,6 @@ static int ssl3_get_client_key_exchange(SSL *s) * made up by the adversary is properly formatted except * that the version number is wrong. To avoid such attacks, * we should treat this just like any other decryption error. */ - p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20"; } } From f80153e20b9db5f0e18db6a259f8bdb88ff79273 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Mar 2003 16:26:20 +0000 Subject: [PATCH 197/550] Support for policy constraints. --- CHANGES | 3 + crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/ext_dat.h | 3 +- crypto/x509v3/v3_conf.c | 2 +- crypto/x509v3/v3_pcons.c | 136 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3err.c | 2 + crypto/x509v3/x509v3.h | 10 +++ 7 files changed, 156 insertions(+), 4 deletions(-) create mode 100644 crypto/x509v3/v3_pcons.c diff --git a/CHANGES b/CHANGES index a03875767..1cea4962c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for policyConstraints certificate extension. + [Steve Henson] + *) Support for policyMappings certificate extension. [Steve Henson] diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index a353fec25..3167b8ba3 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c v3_pmaps.c +v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o v3_pmaps.o +v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 4c801c2c1..1e005c229 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -64,7 +64,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; -extern X509V3_EXT_METHOD v3_policy_mappings; +extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -105,6 +105,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_ocsp_serviceloc, #endif &v3_sinfo, +&v3_policy_constraints, #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index eeb365b08..7e813db0d 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -134,7 +134,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, { if(*value == '@') nval = NCONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); - if(!nval) + if(sk_CONF_VALUE_num(nval) <= 0) { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c new file mode 100644 index 000000000..10d2120c3 --- /dev/null +++ b/crypto/x509v3/v3_pcons.c @@ -0,0 +1,136 @@ +/* v3_pcons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *bcons, STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); + +X509V3_EXT_METHOD v3_policy_constraints = { +NID_policy_constraints, 0, +ASN1_ITEM_ref(POLICY_CONSTRAINTS), +0,0,0,0, +0,0, +i2v_POLICY_CONSTRAINTS, +v2i_POLICY_CONSTRAINTS, +NULL,NULL, +NULL +}; + +ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { + ASN1_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER), + ASN1_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER) +} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + + +static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, STACK_OF(CONF_VALUE) *extlist) +{ + POLICY_CONSTRAINTS *pcons = a; + X509V3_add_value_int("Require Explicit Policy", + pcons->requireExplicitPolicy, &extlist); + X509V3_add_value_int("Inhibit Policy Mapping", + pcons->inhibitPolicyMapping, &extlist); + return extlist; +} + +static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +{ + POLICY_CONSTRAINTS *pcons=NULL; + CONF_VALUE *val; + int i; + if(!(pcons = POLICY_CONSTRAINTS_new())) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_CONF_VALUE_num(values); i++) { + val = sk_CONF_VALUE_value(values, i); + if(!strcmp(val->name, "requireExplicitPolicy")) { + if(!X509V3_get_value_int(val, + &pcons->requireExplicitPolicy)) goto err; + } else if(!strcmp(val->name, "inhibitPolicyMapping")) { + if(!X509V3_get_value_int(val, + &pcons->inhibitPolicyMapping)) goto err; + } else { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3_conf_err(val); + goto err; + } + } + if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); + goto err; + } + + return pcons; + err: + POLICY_CONSTRAINTS_free(pcons); + return NULL; +} + diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 80b821dda..a4c8e59ef 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -98,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, +{ERR_PACK(0,X509V3_F_V2I_POLICY_CONSTRAINTS,0), "V2I_POLICY_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_V2I_POLICY_MAPPINGS,0), "V2I_POLICY_MAPPINGS"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, @@ -132,6 +133,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, {X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, +{X509V3_R_ILLEGAL_EMPTY_EXTENSION ,"illegal empty extension"}, {X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, {X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, {X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 2cbe1b963..65c74cbff 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -295,6 +295,11 @@ DECLARE_STACK_OF(POLICY_MAPPING) typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -468,6 +473,9 @@ DECLARE_ASN1_ITEM(POLICY_MAPPING) DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) DECLARE_ASN1_ITEM(POLICY_MAPPINGS) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); @@ -605,6 +613,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXT_KU 103 #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 #define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V3_GENERIC_EXTENSION 116 #define X509V3_F_X509V3_ADD_I2D 140 @@ -636,6 +645,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_EXTENSION_NOT_FOUND 102 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 #define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 From 5cc5ec1bbaf2ae01475ef841ea6e0ed10fff997b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Mar 2003 16:28:29 +0000 Subject: [PATCH 198/550] make update --- crypto/x509v3/Makefile.ssl | 16 ++++++++++++++++ test/Makefile.ssl | 14 ++++++++++---- util/libeay.num | 4 ++++ 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 3167b8ba3..f719973fe 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -337,6 +337,22 @@ v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c +v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_pcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_pcons.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_pcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_pcons.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_pcons.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_pcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +v3_pcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pcons.c v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 61cb2af7a..2b61e6f00 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -822,10 +822,16 @@ dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c -ecdhtest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h -ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h -ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c +ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h +ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h +ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h diff --git a/util/libeay.num b/util/libeay.num index b97228ce3..6b1293277 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3006,3 +3006,7 @@ POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: POLICY_MAPPING_new 3440 EXIST::FUNCTION: POLICY_MAPPING_free 3441 EXIST::FUNCTION: +POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: +POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: From abfc6a3a9bcc3391181940213ce840130a35f1cd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 22 Mar 2003 22:33:52 +0000 Subject: [PATCH 199/550] To define OPENSSL_NO_FP_API for all MSDOS type targets was unfair against DJGPP, and much more restricted than previous definitions. --- e_os2.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/e_os2.h b/e_os2.h index 80ec03ee8..4fd6c62ac 100644 --- a/e_os2.h +++ b/e_os2.h @@ -200,8 +200,10 @@ extern "C" { /* Specials for I/O an exit */ -#ifdef OPENSSL_SYS_MSDOS +#ifdef OPENSSL_SYS_WIN16 # define OPENSSL_NO_FP_API +#endif +#ifdef OPENSSL_SYS_MSDOS # define OPENSSL_UNISTD_IO # define OPENSSL_DECLARE_EXIT extern void exit(int); #else From 32e75dd3f02a6d93fcf74dadaccf2d0402c782df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 23 Mar 2003 10:18:05 +0000 Subject: [PATCH 200/550] Add SCO5 shared library scripts. Upate SVR5 scripts for the upcoming 0.9.7b. Submitted by: Boyd Lynn Gerber --- shlib/sco5-shared-gcc.sh | 48 +++++++++++++++++++++++++++++++++++++ shlib/sco5-shared-installed | 28 ++++++++++++++++++++++ shlib/sco5-shared.sh | 48 +++++++++++++++++++++++++++++++++++++ shlib/svr5-shared-gcc.sh | 2 +- shlib/svr5-shared-installed | 3 +-- shlib/svr5-shared.sh | 2 +- 6 files changed, 127 insertions(+), 4 deletions(-) create mode 100755 shlib/sco5-shared-gcc.sh create mode 100755 shlib/sco5-shared-installed create mode 100755 shlib/sco5-shared.sh diff --git a/shlib/sco5-shared-gcc.sh b/shlib/sco5-shared-gcc.sh new file mode 100755 index 000000000..fe4a457b5 --- /dev/null +++ b/shlib/sco5-shared-gcc.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +major="0" +minor="9.7b" + +slib=libssl +sh_slib=$slib.so.$major.$minor + +clib=libcrypto +sh_clib=$clib.so.$major.$minor + +FLAGS="-O3 -fomit-frame-pointer" +SHFLAGS="-DPIC -fPIC" + +touch $sh_clib +touch $sh_slib + +echo collecting all object files for $clib.so +OBJS= +find . -name \*.o -print > allobjs +for obj in `ar t libcrypto.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $clib.so +gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket + +rm -f $clib.so +ln -s $sh_clib $clib.so + +echo collecting all object files for $slib.so +OBJS= +for obj in `ar t libssl.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $slib.so +gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto + +rm -f $slib.so +ln -s $sh_slib $slib.so + +mv libRSAglue.a libRSAglue.a.orig +mv libcrypto.a libcrypto.a.orig +mv libssl.a libssl.a.orig + diff --git a/shlib/sco5-shared-installed b/shlib/sco5-shared-installed new file mode 100755 index 000000000..509902833 --- /dev/null +++ b/shlib/sco5-shared-installed @@ -0,0 +1,28 @@ +#!/bin/sh + +major="0" +minor="9.7b" + +slib=libssl +sh_slib=$slib.so.$major.$minor + +clib=libcrypto +sh_clib=$clib.so.$major.$minor + +# If you want them in /usr/local/lib then change INSTALLTOP to point there. +#INSTALLTOP=/usr/local/ssl/lib +INSTALLTOP=/usr/local/lib + +cp -p $sh_clib $INSTALLTOP +cp -p $sh_slib $INSTALLTOP + +PWD=`pwd` +cd $INSTALLTOP +rm -f $INSTALLTOP/$clib.so +ln -s $INSTALLTOP/$sh_clib $clib.so + +rm -f $INSTALLTOP/$slib.so +ln -s $INSTALLTOP/$sh_slib $slib.so + +cd $PWD + diff --git a/shlib/sco5-shared.sh b/shlib/sco5-shared.sh new file mode 100755 index 000000000..b3365d9f5 --- /dev/null +++ b/shlib/sco5-shared.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +major="0" +minor="9.7b" + +slib=libssl +sh_slib=$slib.so.$major.$minor + +clib=libcrypto +sh_clib=$clib.so.$major.$minor + +FLAGS="-O -DFILIO_H -Kalloca" +SHFLAGS="-Kpic -DPIC" + +touch $sh_clib +touch $sh_slib + +echo collecting all object files for $clib.so +OBJS= +find . -name \*.o -print > allobjs +for obj in `ar t libcrypto.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $clib.so +cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket + +rm -f $clib.so +ln -s $sh_clib $clib.so + +echo collecting all object files for $slib.so +OBJS= +for obj in `ar t libssl.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $slib.so +cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto + +rm -f $slib.so +ln -s $sh_slib $slib.so + +mv libRSAglue.a libRSAglue.a.orig +mv libcrypto.a libcrypto.a.orig +mv libssl.a libssl.a.orig + diff --git a/shlib/svr5-shared-gcc.sh b/shlib/svr5-shared-gcc.sh index 76957df94..c5d0cc56a 100755 --- a/shlib/svr5-shared-gcc.sh +++ b/shlib/svr5-shared-gcc.sh @@ -1,7 +1,7 @@ #!/usr/bin/sh major="0" -minor="9.7" +minor="9.7b" slib=libssl sh_slib=$slib.so.$major.$minor diff --git a/shlib/svr5-shared-installed b/shlib/svr5-shared-installed index 544f5a941..b1def35d5 100755 --- a/shlib/svr5-shared-installed +++ b/shlib/svr5-shared-installed @@ -1,7 +1,7 @@ #!/usr/bin/sh major="0" -minor="9.7" +minor="9.7b" slib=libssl sh_slib=$slib.so.$major.$minor @@ -25,4 +25,3 @@ rm -f $INSTALLTOP/$slib.so ln -s $INSTALLTOP/$sh_slib $slib.so cd $PWD - diff --git a/shlib/svr5-shared.sh b/shlib/svr5-shared.sh index a70bb65ba..9edf26e9a 100755 --- a/shlib/svr5-shared.sh +++ b/shlib/svr5-shared.sh @@ -1,7 +1,7 @@ #!/usr/bin/sh major="0" -minor="9.7" +minor="9.7b" slib=libssl sh_slib=$slib.so.$major.$minor From 1c2d14123887c54b1a0111b3f2bcb75ec72f82ca Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 24 Mar 2003 00:56:09 +0000 Subject: [PATCH 201/550] Name Constraints OID. --- crypto/objects/obj_dat.h | 18 ++++++++++++------ crypto/objects/obj_mac.h | 5 +++++ crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 2 ++ 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 24d885501..c16ff8581 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 720 -#define NUM_SN 715 -#define NUM_LN 715 -#define NUM_OBJ 689 +#define NUM_NID 721 +#define NUM_SN 716 +#define NUM_LN 716 +#define NUM_OBJ 690 -static unsigned char lvalues[4876]={ +static unsigned char lvalues[4879]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -757,6 +757,7 @@ static unsigned char lvalues[4876]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ 0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ +0x55,0x1D,0x1E, /* [4875] OBJ_name_constraints */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1884,6 +1885,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4868]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, &(lvalues[4872]),0}, +{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, + &(lvalues[4875]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2320,6 +2323,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[717]),/* "msUPN" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ +&(nid_objs[720]),/* "nameConstraints" */ &(nid_objs[369]),/* "noCheck" */ &(nid_objs[403]),/* "noRevAvail" */ &(nid_objs[72]),/* "nsBaseUrl" */ @@ -2697,6 +2701,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ +&(nid_objs[720]),/* "X509v3 Name Constraints" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ &(nid_objs[719]),/* "X509v3 Policy Mappings" */ @@ -3328,8 +3333,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[527]),/* OBJ_identified_organization 1 3 */ +&(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ @@ -3372,6 +3377,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */ &(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ +&(nid_objs[720]),/* OBJ_name_constraints 2 5 29 30 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ &(nid_objs[719]),/* OBJ_policy_mappings 2 5 29 33 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index eefdd169f..9417e8c7c 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2031,6 +2031,11 @@ #define NID_delta_crl 140 #define OBJ_delta_crl OBJ_id_ce,27L +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 720 +#define OBJ_name_constraints OBJ_id_ce,30L + #define SN_crl_distribution_points "crlDistributionPoints" #define LN_crl_distribution_points "X509v3 CRL Distribution Points" #define NID_crl_distribution_points 103 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 0a85cb6a4..e84922d45 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -717,3 +717,4 @@ ms_smartcard_login 716 ms_upn 717 any_policy 718 policy_mappings 719 +name_constraints 720 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index bea8db109..feeed99b5 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -658,6 +658,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator +!Cname name-constraints +id-ce 30 : nameConstraints : X509v3 Name Constraints !Cname crl-distribution-points id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies From 520b76ffd95cb27839471055fa4950ff9bf50be2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 24 Mar 2003 17:04:44 +0000 Subject: [PATCH 202/550] Support for name constraints. --- CHANGES | 3 + crypto/stack/safestack.h | 20 ++++ crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/ext_dat.h | 4 +- crypto/x509v3/v3_alt.c | 195 +++++++++++++++++++------------- crypto/x509v3/v3_info.c | 3 +- crypto/x509v3/v3_ncons.c | 220 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3_utl.c | 80 ++++++++++++-- crypto/x509v3/v3err.c | 2 + crypto/x509v3/x509v3.h | 27 ++++- 10 files changed, 461 insertions(+), 97 deletions(-) create mode 100644 crypto/x509v3/v3_ncons.c diff --git a/CHANGES b/CHANGES index 1cea4962c..719a7ff22 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for nameConstraints certificate extension. + [Steve Henson] + *) Support for policyConstraints certificate extension. [Steve Henson] diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 6ffb132be..ecb2b8ffe 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -544,6 +544,26 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) + #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index f719973fe..b7f1123fe 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c +v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o +v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 1e005c229..0879ae5dd 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -65,6 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern X509V3_EXT_METHOD v3_name_constraints; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -109,7 +110,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif -&v3_policy_mappings +&v3_policy_mappings, +&v3_name_constraints }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 8642dd510..ad6cb08e2 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -407,89 +407,126 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf) -{ -char is_string = 0; -int type; -GENERAL_NAME *gen = NULL; - -char *name, *value; - -name = cnf->name; -value = cnf->value; - -if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); - return NULL; -} - -if(!(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - return NULL; -} - -if(!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; -} else if(!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; -} else if(!name_cmp(name, "DNS")) { - is_string = 1; - type = GEN_DNS; -} else if(!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; + { + return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } - gen->d.rid = obj; - type = GEN_RID; -} else if(!name_cmp(name, "IP")) { - if(!(gen->d.ip = a2i_IPADDRESS(value))) - { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); - ERR_add_error_data(2, "value=", value); - goto err; - } - type = GEN_IPADD; -} else if(!name_cmp(name, "dirName")) { - type = GEN_DIRNAME; - if (!do_dirname(gen, value, ctx)) - { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); - goto err; - } -} else if(!name_cmp(name, "otherName")) { - if (!do_othername(gen, value, ctx)) - { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); - goto err; - } - type = GEN_OTHERNAME; -} else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); - goto err; -} -if(is_string) { - if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf, int is_nc) + { + char is_string = 0; + int type; + GENERAL_NAME *gen = NULL; + + char *name, *value; + + name = cnf->name; + value = cnf->value; + + if(!value) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); + return NULL; + } + + if (out) + gen = out; + else + { + gen = GENERAL_NAME_new(); + if(gen == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + return NULL; + } + } + + if(!name_cmp(name, "email")) + { + is_string = 1; + type = GEN_EMAIL; + } + else if(!name_cmp(name, "URI")) + { + is_string = 1; + type = GEN_URI; + } + else if(!name_cmp(name, "DNS")) + { + is_string = 1; + type = GEN_DNS; + } + else if(!name_cmp(name, "RID")) + { + ASN1_OBJECT *obj; + if(!(obj = OBJ_txt2obj(value,0))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", value); + goto err; + } + gen->d.rid = obj; + type = GEN_RID; + } + else if(!name_cmp(name, "IP")) + { + if (is_nc) + gen->d.ip = a2i_IPADDRESS_NC(value); + else + gen->d.ip = a2i_IPADDRESS(value); + if(gen->d.ip == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); + ERR_add_error_data(2, "value=", value); + goto err; + } + type = GEN_IPADD; + } + else if(!name_cmp(name, "dirName")) + { + type = GEN_DIRNAME; + if (!do_dirname(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); + goto err; + } + } + else if(!name_cmp(name, "otherName")) + { + if (!do_othername(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); + goto err; + } + type = GEN_OTHERNAME; + } + else + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); + ERR_add_error_data(2, "name=", name); goto err; + } + + if(is_string) + { + if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, + strlen(value))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + goto err; + } + } + + gen->type = type; + + return gen; + + err: + GENERAL_NAME_free(gen); + return NULL; } -} - -gen->type = type; - -return gen; - -err: -GENERAL_NAME_free(gen); -return NULL; -} static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e269df137..4e1a1f3a4 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -158,8 +158,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho objlen = ptmp - cnf->name; ctmp.name = ptmp + 1; ctmp.value = cnf->value; - GENERAL_NAME_free(acc->location); - if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) + if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; if(!(objtmp = OPENSSL_malloc(objlen + 1))) { X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c new file mode 100644 index 000000000..5fded6910 --- /dev/null +++ b/crypto/x509v3/v3_ncons.c @@ -0,0 +1,220 @@ +/* v3_ncons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include + +static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind); +static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name); +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + +X509V3_EXT_METHOD v3_name_constraints = { + NID_name_constraints, 0, + ASN1_ITEM_ref(NAME_CONSTRAINTS), + 0,0,0,0, + 0,0, + 0, v2i_NAME_CONSTRAINTS, + i2r_NAME_CONSTRAINTS,0, + NULL +}; + +ASN1_SEQUENCE(GENERAL_SUBTREE) = { + ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), + ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), + ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) +} ASN1_SEQUENCE_END(GENERAL_SUBTREE) + +ASN1_SEQUENCE(NAME_CONSTRAINTS) = { + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, + GENERAL_SUBTREE, 0), + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, + GENERAL_SUBTREE, 1), +} ASN1_SEQUENCE_END(NAME_CONSTRAINTS) + + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { + int i; + CONF_VALUE tval, *val; + STACK_OF(GENERAL_SUBTREE) **ptree = NULL; + NAME_CONSTRAINTS *ncons = NULL; + GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); + if (!ncons) + goto memerr; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) + { + val = sk_CONF_VALUE_value(nval, i); + if (!strncmp(val->name, "permitted", 9) && val->name[9]) + { + ptree = &ncons->permittedSubtrees; + tval.name = val->name + 10; + } + else if (!strncmp(val->name, "excluded", 8) && val->name[8]) + { + ptree = &ncons->excludedSubtrees; + tval.name = val->name + 9; + } + else + { + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); + goto err; + } + tval.value = val->value; + sub = GENERAL_SUBTREE_new(); + if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) + goto err; + if (!*ptree) + *ptree = sk_GENERAL_SUBTREE_new_null(); + if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + goto memerr; + sub = NULL; + } + + return ncons; + + memerr: + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + err: + if (ncons) + NAME_CONSTRAINTS_free(ncons); + if (sub) + GENERAL_SUBTREE_free(sub); + + return NULL; + } + + + + +static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind) + { + NAME_CONSTRAINTS *ncons = a; + do_i2r_name_constraints(method, ncons->permittedSubtrees, + bp, ind, "Permitted"); + do_i2r_name_constraints(method, ncons->excludedSubtrees, + bp, ind, "Excluded"); + return 1; + } + +static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) + { + GENERAL_SUBTREE *tree; + int i; + if (sk_GENERAL_SUBTREE_num(trees) > 0) + BIO_printf(bp, "%*s%s:\n", ind, "", name); + for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) + { + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_printf(bp, "%*s", ind + 2, ""); + if (tree->base->type == GEN_IPADD) + print_nc_ipadd(bp, tree->base->d.ip); + else + GENERAL_NAME_print(bp, tree->base); + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_puts(bp, "\n"); + } + return 1; + } + +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) + { + int i, len; + unsigned char *p; + p = ip->data; + len = ip->length; + BIO_puts(bp, "IP:"); + if(len == 8) + { + BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", + p[0], p[1], p[2], p[3], + p[4], p[5], p[6], p[7]); + } + else if(len == 32) + { + for (i = 0; i < 16; i++) + { + BIO_printf(bp, "%X", p[0] << 8 | p[1]); + p += 2; + if (i == 7) + BIO_puts(bp, "/"); + else if (i != 15) + BIO_puts(bp, ":"); + } + } + else + BIO_printf(bp, "IP Address:"); + return 1; + } + diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 2af05e555..9770b5167 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -70,6 +70,7 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(void *str); static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static int a2i_ipadd(unsigned char *ipout, const char *ipasc); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); static int ipv6_cb(const char *elem, int len, void *usr); @@ -552,18 +553,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) /* If string contains a ':' assume IPv6 */ - if (strchr(ipasc, ':')) - { - if (!ipv6_from_asc(ipout, ipasc)) - return NULL; - iplen = 16; - } - else - { - if (!ipv4_from_asc(ipout, ipasc)) - return NULL; - iplen = 4; - } + iplen = a2i_ipadd(ipout, ipasc); + + if (!iplen) + return NULL; ret = ASN1_OCTET_STRING_new(); if (!ret) @@ -576,6 +569,69 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) return ret; } +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) + { + ASN1_OCTET_STRING *ret = NULL; + unsigned char ipout[32]; + char *iptmp = NULL, *p; + int iplen1, iplen2; + p = strchr(ipasc,'/'); + if (!p) + return NULL; + iptmp = BUF_strdup(ipasc); + if (!iptmp) + return NULL; + p = iptmp + (p - ipasc); + *p++ = 0; + + iplen1 = a2i_ipadd(ipout, iptmp); + + if (!iplen1) + goto err; + + iplen2 = a2i_ipadd(ipout + iplen1, p); + + OPENSSL_free(iptmp); + iptmp = NULL; + + if (!iplen2 || (iplen1 != iplen2)) + goto err; + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + goto err; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) + goto err; + + return ret; + + err: + if (iptmp) + OPENSSL_free(iptmp); + if (ret) + ASN1_OCTET_STRING_free(ret); + return NULL; + } + + +static int a2i_ipadd(unsigned char *ipout, const char *ipasc) + { + /* If string contains a ':' assume IPv6 */ + + if (strchr(ipasc, ':')) + { + if (!ipv6_from_asc(ipout, ipasc)) + return 0; + return 16; + } + else + { + if (!ipv4_from_asc(ipout, ipasc)) + return 0; + return 4; + } + } + static int ipv4_from_asc(unsigned char *v4, const char *in) { int a0, a1, a2, a3; diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index a4c8e59ef..648ed3562 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -71,6 +71,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_DO_DIRNAME,0), "DO_DIRNAME"}, {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, +{ERR_PACK(0,X509V3_F_DO_I2V_NAME_CONSTRAINTS,0), "DO_I2V_NAME_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, @@ -98,6 +99,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, +{ERR_PACK(0,X509V3_F_V2I_NAME_CONSTRAINTS,0), "V2I_NAME_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_V2I_POLICY_CONSTRAINTS,0), "V2I_POLICY_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_V2I_POLICY_MAPPINGS,0), "V2I_POLICY_MAPPINGS"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 65c74cbff..25b049bfb 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -295,6 +295,19 @@ DECLARE_STACK_OF(POLICY_MAPPING) typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +typedef struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +} NAME_CONSTRAINTS; + typedef struct POLICY_CONSTRAINTS_st { ASN1_INTEGER *requireExplicitPolicy; ASN1_INTEGER *inhibitPolicyMapping; @@ -473,11 +486,20 @@ DECLARE_ASN1_ITEM(POLICY_MAPPING) DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) DECLARE_ASN1_ITEM(POLICY_MAPPINGS) +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) #ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); @@ -569,6 +591,7 @@ STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype); @@ -586,6 +609,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_DO_DIRNAME 144 #define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_I2D 135 +#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 @@ -613,6 +637,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXT_KU 103 #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_NAME_CONSTRAINTS 147 #define X509V3_F_V2I_POLICY_CONSTRAINTS 146 #define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V3_GENERIC_EXTENSION 116 From 81bd0446a96594201ee3bb761592b5c03521fa57 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 24 Mar 2003 17:06:25 +0000 Subject: [PATCH 203/550] make update --- crypto/x509v3/Makefile.ssl | 16 ++++++++++++++++ util/libeay.num | 10 ++++++++++ 2 files changed, 26 insertions(+) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index b7f1123fe..be8a6ca72 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -321,6 +321,22 @@ v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c +v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_ncons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_ncons.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_ncons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_ncons.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_ncons.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_ncons.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +v3_ncons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ncons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ncons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ncons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ncons.c v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h diff --git a/util/libeay.num b/util/libeay.num index 6b1293277..c83c89ad6 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3010,3 +3010,13 @@ POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: +v2i_GENERAL_NAME_ex 3445 EXIST::FUNCTION: +NAME_CONSTRAINTS_free 3446 EXIST::FUNCTION: +a2i_IPADDRESS_NC 3447 EXIST::FUNCTION: +NAME_CONSTRAINTS_it 3448 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAME_CONSTRAINTS_it 3448 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NAME_CONSTRAINTS_new 3449 EXIST::FUNCTION: +GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: +GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: From d6cab100fa30eb65c48f01066f75c4d8f0d1b775 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 25 Mar 2003 20:56:06 +0000 Subject: [PATCH 204/550] Missed a few dollars. PR: 528 --- Makefile.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.org b/Makefile.org index 06766807b..58c0807fb 100644 --- a/Makefile.org +++ b/Makefile.org @@ -391,10 +391,10 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`:LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:SHLIB_PATH"; \ - LIBPATH="`pwd`:LIBPATH"; \ + @LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ + LIBPATH="`pwd`:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ apps/openssl version -a From c4d00669a058eb8a26b496746c25beaef6cdad1b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 25 Mar 2003 21:17:28 +0000 Subject: [PATCH 205/550] Let's limit the extent of the definition of _XOPEN_SOURCE. --- ssl/kssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/kssl.c b/ssl/kssl.c index 327b92f33..a80f5b2f7 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -70,6 +70,7 @@ #define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */ #include +#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ #include #include From e5b0508a145178dc86bfbca44139d9a3c65254ae Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 26 Mar 2003 00:46:47 +0000 Subject: [PATCH 206/550] Update ocsp usage message and docs. --- apps/ocsp.c | 6 +++--- doc/apps/ocsp.pod | 37 +++++++++++++++++++++++++++---------- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index f05ec0e65..17e84366d 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -524,7 +524,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-serial n serial number to check\n"); BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); - BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n"); + BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n"); BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); BIO_printf (bio_err, "-req_text print text form of request\n"); BIO_printf (bio_err, "-resp_text print text form of response\n"); @@ -544,10 +544,10 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); BIO_printf (bio_err, "-noverify don't verify response at all\n"); - BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n"); + BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n"); BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); - BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n"); + BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n"); BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); BIO_printf (bio_err, "-no_chain don't chain verify response\n"); BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index da201b95e..4f266058e 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -11,6 +11,10 @@ B B [B<-issuer file>] [B<-cert file>] [B<-serial n>] +[B<-signer file>] +[B<-signkey file>] +[B<-sign_other file>] +[B<-no_certs>] [B<-req_text>] [B<-resp_text>] [B<-text>] @@ -20,27 +24,36 @@ B B [B<-respin file>] [B<-nonce>] [B<-no_nonce>] -[B<-url responder_url>] +[B<-url URL>] [B<-host host:n>] [B<-path>] -[B<-CApath file>] +[B<-CApath dir>] [B<-CAfile file>] [B<-VAfile file>] -[B<-verify_certs file>] +[B<-validity_period n>] +[B<-status_age n>] [B<-noverify>] +[B<-verify_other file>] [B<-trust_other>] [B<-no_intern>] -[B<-no_sig_verify>] +[B<-no_signature_verify>] [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] -[B<-validity_period nsec>] -[B<-status_age nsec>] +[B<-port num>] +[B<-index file>] +[B<-CA file>] +[B<-rsigner file>] +[B<-rkey file>] +[B<-rother file>] +[B<-resp_no_certs>] +[B<-nmin n>] +[B<-ndays n>] +[B<-resp_key_id>] +[B<-nrequest n>] =head1 DESCRIPTION -B - The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560). @@ -83,6 +96,10 @@ the B option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed. +=item B<-sign_other filename> + +Additional certificates to include in the signed request. + =item B<-nonce>, B<-no_nonce> Add an OCSP nonce extension to a request or disable OCSP nonce addition. @@ -120,7 +137,7 @@ or "/" by default. file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. -=item B<-verify_certs file> +=item B<-verify_other file> file containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responders omit the actual signer's @@ -151,7 +168,7 @@ ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the B<-verify_certs> or B<-VAfile> options. -=item B<-no_sig_verify> +=item B<-no_signature_verify> don't check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes. From a47789e849da9edbe9d0e4a7626f0b55af9e6681 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 26 Mar 2003 14:34:38 +0000 Subject: [PATCH 207/550] Update VMS building system --- crypto/crypto-lib.com | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index dce3291b8..c118da309 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -250,7 +250,7 @@ $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - - "v3_ocsp,v3_akeya" + "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons" $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" $ LIB_TXT_DB = "txt_db" $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - From 423b1a840c72423ae20b3dcbfe34f4b204a125bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 27 Mar 2003 22:04:05 +0000 Subject: [PATCH 208/550] Add warning about unwanted side effect when calling SSL_CTX_free(): sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" PR: 547 --- doc/ssl/SSL_CTX_free.pod | 12 +++++++++++- doc/ssl/SSL_CTX_sess_set_get_cb.pod | 12 +++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod index 55e592f5f..51d867696 100644 --- a/doc/ssl/SSL_CTX_free.pod +++ b/doc/ssl/SSL_CTX_free.pod @@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. +=head1 WARNINGS + +If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this +callback will be called for each session being freed from B's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(B, NULL) prior to calling SSL_CTX_free(). + =head1 RETURN VALUES SSL_CTX_free() does not provide diagnostic information. =head1 SEE ALSO -L, L +L, L, +L =cut diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod index 7c0b2baf6..b9d54a40a 100644 --- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -60,10 +60,11 @@ B. If the callback returns B<0>, the session will be immediately removed again. The remove_session_cb() is called, whenever the SSL engine removes a session -from the internal cache. This happens if the session is removed because -it is expired or when a connection was not shutdown cleanly. The -remove_session_cb() is passed the B and the ssl session B. -It does not provide any feedback. +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +L is called. The remove_session_cb() is passed +the B and the ssl session B. It does not provide any feedback. The get_session_cb() is only called on SSL/TLS servers with the session id proposed by the client. The get_session_cb() is always called, also when @@ -80,6 +81,7 @@ L. L, L, L, L, -L +L, +L =cut From d0a4bd00b6fe6dc7f3de37ad1e8682656629e21c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Mar 2003 08:57:04 +0000 Subject: [PATCH 209/550] OpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better (will be tested tonight). --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 54536235f..b156d9d5c 100755 --- a/Configure +++ b/Configure @@ -433,7 +433,7 @@ my %table=( "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 1a15c89988f1be6e3f46b184cc1b27e6cf43e869 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 30 Mar 2003 01:51:16 +0000 Subject: [PATCH 210/550] Multi valued AVA support. --- CHANGES | 4 ++++ apps/req.c | 31 +++++++++++++++++++++++++------ crypto/x509v3/v3_utl.c | 15 +++++++++++++-- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 719a7ff22..e6a179fa5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Generate muti valued AVAs using '+' notation in config files for + req and dirName. + [Steve Henson] + *) Support for nameConstraints certificate extension. [Steve Henson] diff --git a/apps/req.c b/apps/req.c index 8304df8aa..c29759961 100644 --- a/apps/req.c +++ b/apps/req.c @@ -133,7 +133,7 @@ static int add_attribute_object(X509_REQ *req, char *text, char *def, char *value, int nid, int n_min, int n_max, unsigned long chtype); static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int n_min,int n_max, unsigned long chtype); + int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA static void MS_CALLBACK req_cb(int p,int n,void *arg); #endif @@ -1259,7 +1259,7 @@ static int prompt_info(X509_REQ *req, int i; char *p,*q; char buf[100]; - int nid; + int nid, mval; long n_min,n_max; char *type,*def,*value; CONF_VALUE *v; @@ -1302,6 +1302,13 @@ start: for (;;) if(*p) type = p; break; } + if (*type == '+') + { + mval = -1; + type++; + } + else + mval = 0; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; @@ -1339,7 +1346,7 @@ start: for (;;) } if (!add_DN_object(subj,v->value,def,value,nid, - n_min,n_max, chtype)) + n_min,n_max, chtype, mval)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1429,6 +1436,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { + int mval; v=sk_CONF_VALUE_value(dn_sk,i); p=q=NULL; type=v->name; @@ -1445,8 +1453,19 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, if(*p) type = p; break; } +#ifndef CHARSET_EBCDIC + if (*p == '+') +#else + if (*p == os_toascii['+']) +#endif + { + p++; + mval = -1; + } + else + mval = 0; if (!X509_NAME_add_entry_by_txt(subj,type, chtype, - (unsigned char *) v->value,-1,-1,0)) return 0; + (unsigned char *) v->value,-1,-1,mval)) return 0; } @@ -1469,7 +1488,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int n_min, int n_max, unsigned long chtype) + int nid, int n_min, int n_max, unsigned long chtype, int mval) { int i,ret=0; MS_STATIC char buf[1024]; @@ -1519,7 +1538,7 @@ start: #endif if(!req_check_len(i, n_min, n_max)) goto start; if (!X509_NAME_add_entry_by_NID(n,nid, chtype, - (unsigned char *) buf, -1,-1,0)) goto err; + (unsigned char *) buf, -1,-1,mval)) goto err; ret=1; err: return(ret); diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 9770b5167..a2bb7b004 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -801,7 +801,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype) { CONF_VALUE *v; - int i; + int i, mval; char *p, *type; if (!nm) return 0; @@ -824,8 +824,19 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, if(*p) type = p; break; } +#ifndef CHARSET_EBCDIC + if (*p == '+') +#else + if (*p == os_toascii['+']) +#endif + { + mval = -1; + p++; + } + else + mval = 0; if (!X509_NAME_add_entry_by_txt(nm,type, chtype, - (unsigned char *) v->value,-1,-1,0)) + (unsigned char *) v->value,-1,-1,mval)) return 0; } From 03eeb07152ce9413c017cdef83bd8b5b82bef31d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 31 Mar 2003 13:06:24 +0000 Subject: [PATCH 211/550] Add usage string for -fingerprint. PR: 560 --- apps/crl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/crl.c b/apps/crl.c index c6089ace5..81d66587c 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -81,6 +81,7 @@ static char *crl_usage[]={ " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", " -hash - print hash value\n", +" -fingerprint - print the crl fingerprint\n", " -issuer - print issuer DN\n", " -lastupdate - lastUpdate field\n", " -nextupdate - nextUpdate field\n", From 6dd6da60054382a9d8e14ec8755d0ecf48bdf102 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 31 Mar 2003 13:24:02 +0000 Subject: [PATCH 212/550] Don't feil when indent is 0. PR: 559 --- crypto/x509v3/v3_prn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index aeaf6170f..754808b62 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -178,7 +178,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts ASN1_OBJECT *obj; X509_EXTENSION *ex; ex=sk_X509_EXTENSION_value(exts, i); - if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0; + if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0; obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); From d678cc07eddbb9114fe672230a9797ebdb62104e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 31 Mar 2003 13:56:52 +0000 Subject: [PATCH 213/550] No need to test -setalias twice. PR: 556 --- apps/x509.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index cea33f58a..9a6f98179 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -358,12 +358,6 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } - else if (strcmp(*argv,"-setalias") == 0) - { - if (--argc < 1) goto bad; - alias= *(++argv); - trustout = 1; - } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { From 4390d66179bfbe44f91692c1ded52f2d4602859a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 31 Mar 2003 22:29:25 +0000 Subject: [PATCH 214/550] Update from stable branch. --- doc/crypto/engine.pod | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 61e0264bb..c77dad556 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -187,7 +187,7 @@ tell which one you are dealing with at any given point in time (after all they are both simply (ENGINE *) pointers, the difference is in the way they are used). -=head3 Structural references +I This basic type of reference is typically used for creating new ENGINEs dynamically, iterating across OpenSSL's internal linked-list of loaded @@ -224,7 +224,7 @@ To clarify a particular function's handling of references, one should always consult that function's documentation "man" page, or failing that the openssl/engine.h header file includes some hints. -=head3 Functional references +I As mentioned, functional references exist when the cryptographic functionality of an ENGINE is required to be available. A functional @@ -386,7 +386,7 @@ things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the source code to openssl's builtin utilities as guides. -=head3 Using a specific ENGINE implementation +I Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of @@ -418,7 +418,7 @@ illustrates how to approach this; /* Release the structural reference from ENGINE_by_id() */ ENGINE_free(e); -=head3 Automatically using builtin ENGINE implementations +I Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by @@ -469,7 +469,7 @@ in same cases both. ENGINE implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation. -=head3 Issuing control commands to an ENGINE +I Let's illustrate by example; a function for which the caller supplies the name of the ENGINE it wishes to use, a table of string-pairs for use before @@ -526,7 +526,7 @@ return success without doing anything. In this case we assume the user is only supplying commands specific to the given ENGINE so we set this to FALSE. -=head3 Discovering supported control commands +I It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported from a structural From 24692fc5d78f7f4ed272e8fbf01fd8d858250ba9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 1 Apr 2003 10:59:15 +0000 Subject: [PATCH 215/550] It seems like gcc-drivven shared library building on OpenUnix 8 requires -shared rather than -G. --- Configure | 2 +- Makefile.shared | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index b156d9d5c..54536235f 100755 --- a/Configure +++ b/Configure @@ -433,7 +433,7 @@ my %table=( "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/Makefile.shared b/Makefile.shared index e33c10b5a..3584158b9 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -456,12 +456,14 @@ link_o.svr3: $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ + SHARE_FLAG='-G'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-z allextract'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) @@ -470,12 +472,14 @@ link_a.svr3: $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ + SHARE_FLAG='-G'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-z allextract'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A_UNPACKED) From 5679bcce070335745652c1b9689f6ba06c7b6596 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 2 Apr 2003 09:50:22 +0000 Subject: [PATCH 216/550] make RSA blinding thread-safe --- CHANGES | 9 +++- crypto/bn/bn.h | 2 + crypto/rsa/rsa_eay.c | 114 ++++++++++++++++++++++++++++++++++++++++--- crypto/rsa/rsa_lib.c | 11 ++++- 4 files changed, 124 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index e6a179fa5..77da6273c 100644 --- a/CHANGES +++ b/CHANGES @@ -483,12 +483,17 @@ to avoid a timing attack. Applications that don't want it can call RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. They would be ill-advised to do so in most cases. - [Ben Laurie, Steve Henson, Geoff Thorpe] + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] *) Change RSA blinding code so that it works when the PRNG is not seeded (in this case, the secret RSA exponent is abused as an unpredictable seed -- if it is not unpredictable, there - is no point in blinding anyway). + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). [Bodo Moeller] yet to be integrated into this CVS branch: diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 58263baf9..d7a5fce6e 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -261,6 +261,8 @@ typedef struct bn_blinding_st BIGNUM *A; BIGNUM *Ai; BIGNUM *mod; /* just a reference */ + unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; + * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ } BN_BLINDING; /* Used for montgomery multiplication */ diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 6bc6ef391..ad6ccf634 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -230,6 +230,40 @@ static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) err_instr \ } while(0) +static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx) + { + BIGNUM *A, *Ai; + BN_BLINDING *ret = NULL; + + /* added in OpenSSL 0.9.6j and 0.9.7b */ + + /* NB: similar code appears in RSA_blinding_on (rsa_lib.c); + * this should be placed in a new function of its own, but for reasons + * of binary compatibility can't */ + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } + if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; + + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + goto err; + ret = BN_BLINDING_new(A,Ai,rsa->n); + BN_free(Ai); +err: + BN_CTX_end(ctx); + return ret; + } + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -238,6 +272,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + int local_blinding = 0; + BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); @@ -275,9 +311,38 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } BLINDING_HELPER(rsa, ctx, goto err;); - + blinding = rsa->blinding; + + /* Now unless blinding is disabled, 'blinding' is non-NULL. + * But the BN_BLINDING object may be owned by some other thread + * (we don't want to keep it constant and we don't want to use + * lots of locking to avoid race conditions, so only a single + * thread can use it; other threads have to use local blinding + * factors) */ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + { + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (blinding != NULL) + { + if (blinding->thread_id != CRYPTO_thread_id()) + { + /* we need a local one-time blinding factor */ + + blinding = setup_blinding(rsa, ctx); + if (blinding == NULL) + goto err; + local_blinding = 1; + } + } + + if (blinding) + if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || ((rsa->p != NULL) && @@ -293,8 +358,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; } - if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ @@ -308,6 +373,8 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&ret); BN_clear_free(&f); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { OPENSSL_cleanse(buf,num); @@ -324,6 +391,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + int local_blinding = 0; + BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); @@ -356,9 +425,38 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } BLINDING_HELPER(rsa, ctx, goto err;); - + blinding = rsa->blinding; + + /* Now unless blinding is disabled, 'blinding' is non-NULL. + * But the BN_BLINDING object may be owned by some other thread + * (we don't want to keep it constant and we don't want to use + * lots of locking to avoid race conditions, so only a single + * thread can use it; other threads have to use local blinding + * factors) */ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + { + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (blinding != NULL) + { + if (blinding->thread_id != CRYPTO_thread_id()) + { + /* we need a local one-time blinding factor */ + + blinding = setup_blinding(rsa, ctx); + if (blinding == NULL) + goto err; + local_blinding = 1; + } + } + + if (blinding) + if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; /* do the decrypt */ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || @@ -376,8 +474,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; p=buf; j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 33ca8330c..3ebde4fd9 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -329,6 +329,10 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) if (rsa->blinding != NULL) BN_BLINDING_free(rsa->blinding); + /* NB: similar code appears in setup_blinding (rsa_eay.c); + * this should be placed in a new function of its own, but for reasons + * of binary compatibility can't */ + BN_CTX_start(ctx); A = BN_CTX_get(ctx); if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) @@ -344,8 +348,11 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) - goto err; - rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); + goto err; + if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; + /* to make things thread-safe without excessive locking, + * rsa->blinding will be used just by the current thread: */ + rsa->blinding->thread_id = CRYPTO_thread_id(); rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; BN_free(Ai); From f85b68cd4982c28c02070c2e036da1c84cf0e7af Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 16:33:03 +0000 Subject: [PATCH 217/550] Make it possible to have multiple active certificates with the same subject. --- CHANGES | 8 + apps/apps.c | 442 +++++++++++++++++++++++++++++++++++++++++++++++ apps/apps.h | 32 +++- apps/ca.c | 425 +++++++++------------------------------------ apps/ocsp.c | 46 ++--- apps/openssl.cnf | 2 + apps/x509.c | 78 +-------- 7 files changed, 585 insertions(+), 448 deletions(-) diff --git a/CHANGES b/CHANGES index 77da6273c..505ef5188 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + *) Generate muti valued AVAs using '+' notation in config files for req and dirName. [Steve Henson] diff --git a/apps/apps.c b/apps/apps.c index 007e3e06c..475e47e57 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1422,3 +1422,445 @@ char *make_config_name() return p; } + +static unsigned long index_serial_hash(const char **a) + { + const char *n; + + n=a[DB_serial]; + while (*n == '0') n++; + return(lh_strhash(n)); + } + +static int index_serial_cmp(const char **a, const char **b) + { + const char *aa,*bb; + + for (aa=a[DB_serial]; *aa == '0'; aa++); + for (bb=b[DB_serial]; *bb == '0'; bb++); + return(strcmp(aa,bb)); + } + +static int index_name_qual(char **a) + { return(a[0][0] == 'V'); } + +static unsigned long index_name_hash(const char **a) + { return(lh_strhash(a[DB_name])); } + +int index_name_cmp(const char **a, const char **b) + { return(strcmp(a[DB_name], + b[DB_name])); } + +static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) +static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) + +#undef BSIZE +#define BSIZE 256 + +BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) + { + BIO *in=NULL; + BIGNUM *ret=NULL; + MS_STATIC char buf[1024]; + ASN1_INTEGER *ai=NULL; + + ai=ASN1_INTEGER_new(); + if (ai == NULL) goto err; + + if ((in=BIO_new(BIO_s_file())) == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + if (BIO_read_filename(in,serialfile) <= 0) + { + if (!create) + { + perror(serialfile); + goto err; + } + else + { + ASN1_INTEGER_set(ai,1); + ret=BN_new(); + if (ret == NULL) + BIO_printf(bio_err, "Out of memory\n"); + else + BN_one(ret); + } + } + else + { + if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) + { + BIO_printf(bio_err,"unable to load number from %s\n", + serialfile); + goto err; + } + ret=ASN1_INTEGER_to_BN(ai,NULL); + if (ret == NULL) + { + BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); + goto err; + } + } + + if (ret && retai) + { + *retai = ai; + ai = NULL; + } + err: + if (in != NULL) BIO_free(in); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai) + { + BIO *out; + int ret=0; + ASN1_INTEGER *ai=NULL; + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_write_filename(out,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + + if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) + { + BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); + goto err; + } + i2a_ASN1_INTEGER(out,ai); + BIO_puts(out,"\n"); + ret=1; + if (retai) + { + *retai = ai; + ai = NULL; + } +err: + if (out != NULL) BIO_free_all(out); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) + { + CA_DB *retdb = NULL; + TXT_DB *tmpdb = NULL; + BIO *in = BIO_new(BIO_s_file()); + CONF *dbattr_conf = NULL; + char buf[1][BSIZE]; + long errorline= -1; + + if (in == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_read_filename(in,dbfile) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL) + { + if (tmpdb != NULL) TXT_DB_free(tmpdb); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); +#else + BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); +#endif + dbattr_conf = NCONF_new(NULL); + if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0) + { + if (errorline > 0) + { + BIO_printf(bio_err, + "error on line %ld of db attribute file '%s'\n" + ,errorline,buf[0]); + goto err; + } + else + { + NCONF_free(dbattr_conf); + dbattr_conf = NULL; + } + } + + if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) + { + fprintf(stderr, "Out of memory\n"); + goto err; + } + + retdb->db = tmpdb; + tmpdb = NULL; + if (db_attr) + retdb->attributes = *db_attr; + else + { + retdb->attributes.unique_subject = 1; + } + + if (dbattr_conf) + { + char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); + if (p) + { + BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); + switch(*p) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + retdb->attributes.unique_subject = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + default: + retdb->attributes.unique_subject = 1; + break; + } + } + } + + err: + if (dbattr_conf) NCONF_free(dbattr_conf); + if (tmpdb) TXT_DB_free(tmpdb); + if (in) BIO_free_all(in); + return retdb; + } + +int index_index(CA_DB *db) + { + if (!TXT_DB_create_index(db->db, DB_serial, NULL, + LHASH_HASH_FN(index_serial_hash), + LHASH_COMP_FN(index_serial_cmp))) + { + BIO_printf(bio_err, + "error creating serial number index:(%ld,%ld,%ld)\n", + db->db->error,db->db->arg1,db->db->arg2); + return 0; + } + + if (db->attributes.unique_subject + && !TXT_DB_create_index(db->db, DB_name, index_name_qual, + LHASH_HASH_FN(index_name_hash), + LHASH_COMP_FN(index_name_cmp))) + { + BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", + db->db->error,db->db->arg1,db->db->arg2); + return 0; + } + return 1; + } + +int save_index(char *dbfile, char *suffix, CA_DB *db) + { + char buf[3][BSIZE]; + BIO *out = BIO_new(BIO_s_file()); + int j; + + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + j = strlen(dbfile) + strlen(suffix); + if (j + 6 >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); +#else + j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); +#endif + BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); + if (BIO_write_filename(out,buf[0]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n", dbfile); + goto err; + } + j=TXT_DB_write(out,db->db); + if (j <= 0) goto err; + + BIO_free(out); + + out = BIO_new(BIO_s_file()); + BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]); + if (BIO_write_filename(out,buf[1]) <= 0) + { + perror(buf[2]); + BIO_printf(bio_err,"unable to open '%s'\n", buf[2]); + goto err; + } + BIO_printf(out,"unique_subject = %s\n", + db->attributes.unique_subject ? "yes" : "no"); + BIO_free(out); + + return 1; + err: + return 0; + } + +int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) + { + char buf[5][BSIZE]; + int i,j; + struct stat sb; + + i = strlen(dbfile) + strlen(old_suffix); + j = strlen(dbfile) + strlen(new_suffix); + if (i > j) j = i; + if (j + 6 >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); +#else + j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", + dbfile, new_suffix); +#else + j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", + dbfile, new_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", + dbfile, new_suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", + dbfile, new_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", + dbfile, old_suffix); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", + dbfile, old_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", + dbfile, old_suffix); +#else + j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", + dbfile, old_suffix); +#endif + if (stat(dbfile,&sb) < 0) + { + if (errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR) +#endif + goto err; + } + else + { + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + dbfile, buf[1]); + if (rename(dbfile,buf[1]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + dbfile, buf[1]); + perror("reason"); + goto err; + } + } + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[0],dbfile); + if (rename(buf[0],dbfile) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[0],dbfile); + perror("reason"); + rename(buf[1],dbfile); + goto err; + } + if (stat(buf[4],&sb) < 0) + { + if (errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR) +#endif + goto err; + } + else + { + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[4],buf[3]); + if (rename(buf[4],buf[3]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[4], buf[3]); + perror("reason"); + rename(dbfile,buf[0]); + rename(buf[1],dbfile); + goto err; + } + } + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[2],buf[4]); + if (rename(buf[2],buf[4]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[2],buf[4]); + perror("reason"); + rename(buf[3],buf[4]); + rename(dbfile,buf[0]); + rename(buf[1],dbfile); + goto err; + } + return 1; + err: + return 0; + } + +void free_index(CA_DB *db) + { + TXT_DB_free(db->db); + OPENSSL_free(db); + } diff --git a/apps/apps.h b/apps/apps.h index c36b9d256..974eb4f1c 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -287,7 +287,37 @@ char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str); -int make_serial_index(TXT_DB *db); + +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique when active and not disabled */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' +#define DB_TYPE_EXP 'E' +#define DB_TYPE_VAL 'V' + +typedef struct db_attr_st + { + int unique_subject; + } DB_ATTR; +typedef struct ca_db_st + { + DB_ATTR attributes; + TXT_DB *db; + } CA_DB; + +BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); +int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai); +CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); +int index_index(CA_DB *db); +int save_index(char *dbfile, char *suffix, CA_DB *db); +int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); +void free_index(CA_DB *db); +int index_name_cmp(const char **a, const char **b); X509_NAME *do_subject(char *str, long chtype); diff --git a/apps/ca.c b/apps/ca.c index 6722c5dbc..574cdd7fd 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -143,18 +143,6 @@ #define ENV_DATABASE "database" -#define DB_type 0 -#define DB_exp_date 1 -#define DB_rev_date 2 -#define DB_serial 3 /* index - unique */ -#define DB_file 4 -#define DB_name 5 /* index - unique for active */ -#define DB_NUMBER 6 - -#define DB_TYPE_REV 'R' -#define DB_TYPE_EXP 'E' -#define DB_TYPE_VAL 'V' - /* Additional revocation information types */ #define REV_NONE 0 /* No addditional information */ @@ -211,43 +199,36 @@ extern int EF_ALIGNMENT; #endif static void lookup_fail(char *name,char *tag); -static unsigned long index_serial_hash(const char **a); -static int index_serial_cmp(const char **a, const char **b); -static unsigned long index_name_hash(const char **a); -static int index_name_qual(char **a); -static int index_name_cmp(const char **a,const char **b); -static BIGNUM *load_serial(char *serialfile); -static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, - const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval); -static int get_certificate_status(const char *ser_status, TXT_DB *db); -static int do_updatedb(TXT_DB *db); +static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); +static int get_certificate_status(const char *ser_status, CA_DB *db); +static int do_updatedb(CA_DB *db); static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, char *str); @@ -259,11 +240,6 @@ static char *section=NULL; static int preserve=0; static int msie_hack=0; -static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) -static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) - int MAIN(int, char **); @@ -320,14 +296,13 @@ int MAIN(int argc, char **argv) X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; - TXT_DB *db=NULL; + CA_DB *db=NULL; X509_CRL *crl=NULL; X509_REVOKED *r=NULL; ASN1_TIME *tmptm; ASN1_INTEGER *tmpser; char **pp,*p,*f; int i,j; - long l; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(X509) *cert_sk=NULL; @@ -339,6 +314,7 @@ int MAIN(int argc, char **argv) char *engine = NULL; #endif char *tofree=NULL; + DB_ATTR db_attr; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -659,6 +635,33 @@ bad: if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); + + db_attr.unique_subject = 1; + p = NCONF_get_string(conf, section, "unique_subject"); + if (p) + { + BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); + switch(*p) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + db_attr.unique_subject = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + default: + db_attr.unique_subject = 1; + break; + } + } + else + BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p); + BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", + db_attr.unique_subject); in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); @@ -679,17 +682,10 @@ bad: lookup_fail(section,ENV_DATABASE); goto err; } - if (BIO_read_filename(in,dbfile) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - db=TXT_DB_read(in,DB_NUMBER); + db = load_index(dbfile,&db_attr); if (db == NULL) goto err; - if (!make_serial_index(db)) - goto err; + if (!index_index(db)) goto err; if (get_certificate_status(ser_status,db) != 1) BIO_printf(bio_err,"Error verifying serial %s!\n", @@ -849,19 +845,13 @@ bad: lookup_fail(section,ENV_DATABASE); goto err; } - if (BIO_read_filename(in,dbfile) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - db=TXT_DB_read(in,DB_NUMBER); + db = load_index(dbfile, &db_attr); if (db == NULL) goto err; /* Lets check some fields */ - for (i=0; idata); i++) + for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->data,i); + pp=(char **)sk_value(db->db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { @@ -912,23 +902,13 @@ bad: out = BIO_push(tmpbio, out); } #endif - TXT_DB_write(out,db); + TXT_DB_write(out,db->db); BIO_printf(bio_err,"%d entries loaded from the database\n", - db->data->num); + db->db->data->num); BIO_printf(bio_err,"generating index\n"); } - if (!make_serial_index(db)) - goto err; - - if (!TXT_DB_create_index(db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name_hash), - LHASH_COMP_FN(index_name_cmp))) - { - BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", - db->error,db->arg1,db->arg2); - goto err; - } + if (!index_index(db)) goto err; /*****************************************************************/ /* Update the db file for expired certificates */ @@ -951,62 +931,9 @@ bad: } else { - out = BIO_new(BIO_s_file()); - if (out == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile); -#else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile); -#endif - if (j < 0 || j >= sizeof buf[0]) - { - BIO_printf(bio_err, "file name too long\n"); - goto err; - } - if (BIO_write_filename(out,buf[0]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n", - dbfile); - goto err; - } - j=TXT_DB_write(out,db); - if (j <= 0) goto err; - - BIO_free(out); - out = NULL; -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile); -#else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile); -#endif - if (j < 0 || j >= sizeof buf[1]) - { - BIO_printf(bio_err, "file name too long\n"); - goto err; - } - if (rename(dbfile,buf[1]) < 0) - { - BIO_printf(bio_err, - "unable to rename %s to %s\n", - dbfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0],dbfile) < 0) - { - BIO_printf(bio_err, - "unable to rename %s to %s\n", - buf[0],dbfile); - perror("reason"); - rename(buf[1],dbfile); - goto err; - } + if (!save_index(dbfile,"new",db)) goto err; + + if (!rotate_index(dbfile,"new","old")) goto err; if (verbose) BIO_printf(bio_err, "Done. %d entries marked as expired\n",i); @@ -1167,7 +1094,7 @@ bad: goto err; } - if ((serial=load_serial(serialfile)) == NULL) + if ((serial=load_serial(serialfile, 0, NULL)) == NULL) { BIO_printf(bio_err,"error while loading serial number\n"); goto err; @@ -1315,24 +1242,9 @@ bad: strcat(buf[0],".new"); #endif - if (!save_serial(buf[0],serial)) goto err; + if (!save_serial(buf[0],serial,NULL)) goto err; - strcpy(buf[1],dbfile); - -#ifdef OPENSSL_SYS_VMS - strcat(buf[1],"-new"); -#else - strcat(buf[1],".new"); -#endif - - if (BIO_write_filename(out,buf[1]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - l=TXT_DB_write(out,db); - if (l <= 0) goto err; + if (!save_index(dbfile, "new", db)) goto err; } if (verbose) @@ -1419,30 +1331,8 @@ bad: goto err; } - strncpy(buf[2],dbfile,BSIZE-4); - buf[2][BSIZE-4]='\0'; + if (!rotate_index(dbfile,"new","old")) goto err; -#ifdef OPENSSL_SYS_VMS - strcat(buf[2],"-old"); -#else - strcat(buf[2],".old"); -#endif - - if (rename(dbfile,buf[2]) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - dbfile,buf[2]); - perror("reason"); - goto err; - } - if (rename(buf[1],dbfile) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - buf[1],dbfile); - perror("reason"); - rename(buf[2],dbfile); - goto err; - } BIO_printf(bio_err,"Data Base Updated\n"); } } @@ -1501,9 +1391,9 @@ bad: ASN1_TIME_free(tmptm); - for (i=0; idata); i++) + for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->data,i); + pp=(char **)sk_value(db->db->data,i); if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; @@ -1592,50 +1482,10 @@ bad: if (j <= 0) goto err; X509_free(revcert); - if(strlen(dbfile) > BSIZE-5) - { - BIO_printf(bio_err,"filename too long\n"); - goto err; - } + if (!save_index(dbfile, "new", db)) goto err; + + if (!rotate_index(dbfile, "new", "old")) goto err; - strcpy(buf[0],dbfile); -#ifndef OPENSSL_SYS_VMS - strcat(buf[0],".new"); -#else - strcat(buf[0],"-new"); -#endif - if (BIO_write_filename(out,buf[0]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - j=TXT_DB_write(out,db); - if (j <= 0) goto err; - strncpy(buf[1],dbfile,BSIZE-4); - buf[1][BSIZE-4]='\0'; -#ifndef OPENSSL_SYS_VMS - strcat(buf[1],".old"); -#else - strcat(buf[1],"-old"); -#endif - BIO_free(in); - in = NULL; - BIO_free(out); - out = NULL; - if (rename(dbfile,buf[1]) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0],dbfile) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile); - perror("reason"); - rename(buf[1],dbfile); - goto err; - } BIO_printf(bio_err,"Data Base Updated\n"); } } @@ -1657,7 +1507,7 @@ err: if (free_key && key) OPENSSL_free(key); BN_free(serial); - TXT_DB_free(db); + free_index(db); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); @@ -1672,106 +1522,8 @@ static void lookup_fail(char *name, char *tag) BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } -static unsigned long index_serial_hash(const char **a) - { - const char *n; - - n=a[DB_serial]; - while (*n == '0') n++; - return(lh_strhash(n)); - } - -static int index_serial_cmp(const char **a, const char **b) - { - const char *aa,*bb; - - for (aa=a[DB_serial]; *aa == '0'; aa++); - for (bb=b[DB_serial]; *bb == '0'; bb++); - return(strcmp(aa,bb)); - } - -static unsigned long index_name_hash(const char **a) - { return(lh_strhash(a[DB_name])); } - -static int index_name_qual(char **a) - { return(a[0][0] == 'V'); } - -static int index_name_cmp(const char **a, const char **b) - { return(strcmp(a[DB_name], - b[DB_name])); } - -static BIGNUM *load_serial(char *serialfile) - { - BIO *in=NULL; - BIGNUM *ret=NULL; - MS_STATIC char buf[1024]; - ASN1_INTEGER *ai=NULL; - - if ((in=BIO_new(BIO_s_file())) == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - - if (BIO_read_filename(in,serialfile) <= 0) - { - perror(serialfile); - goto err; - } - ai=ASN1_INTEGER_new(); - if (ai == NULL) goto err; - if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) - { - BIO_printf(bio_err,"unable to load number from %s\n", - serialfile); - goto err; - } - ret=ASN1_INTEGER_to_BN(ai,NULL); - if (ret == NULL) - { - BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); - goto err; - } -err: - if (in != NULL) BIO_free(in); - if (ai != NULL) ASN1_INTEGER_free(ai); - return(ret); - } - -static int save_serial(char *serialfile, BIGNUM *serial) - { - BIO *out; - int ret=0; - ASN1_INTEGER *ai=NULL; - - out=BIO_new(BIO_s_file()); - if (out == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - if (BIO_write_filename(out,serialfile) <= 0) - { - perror(serialfile); - goto err; - } - - if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) - { - BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); - goto err; - } - i2a_ASN1_INTEGER(out,ai); - BIO_puts(out,"\n"); - ret=1; -err: - if (out != NULL) BIO_free_all(out); - if (ai != NULL) ASN1_INTEGER_free(ai); - return(ret); - } - static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1833,7 +1585,7 @@ err: } static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1887,7 +1639,7 @@ err: } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1905,7 +1657,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int ok= -1,i,j,last,nid; char *p; CONF_VALUE *cv; - char *row[DB_NUMBER],**rrow,**irow=NULL; + char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; char buf[25]; tmptm=ASN1_UTCTIME_new(); @@ -2142,15 +1894,19 @@ again2: goto err; } - rrow=TXT_DB_get_by_index(db,DB_name,row); - if (rrow != NULL) + if (db->attributes.unique_subject) { - BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", - row[DB_name]); + rrow=TXT_DB_get_by_index(db->db,DB_name,row); + if (rrow != NULL) + { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } } - else + if (rrow == NULL) { - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); if (rrow != NULL) { BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", @@ -2384,10 +2140,10 @@ again2: } irow[DB_NUMBER]=NULL; - if (!TXT_DB_insert(db,irow)) + if (!TXT_DB_insert(db->db,irow)) { BIO_printf(bio_err,"failed to update database\n"); - BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); + BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); goto err; } ok=1; @@ -2438,7 +2194,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) } static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) @@ -2617,7 +2373,7 @@ static int check_time_format(char *str) return(ASN1_UTCTIME_check(&tm)); } -static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) +static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) { ASN1_UTCTIME *tm=NULL; char *row[DB_NUMBER],**rrow,**irow; @@ -2642,10 +2398,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) /* We have to lookup by serial number because name lookup * skips revoked certs */ - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); if (rrow == NULL) { - BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); + BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); /* We now just add it to the database */ row[DB_type]=(char *)OPENSSL_malloc(2); @@ -2685,10 +2441,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) } irow[DB_NUMBER]=NULL; - if (!TXT_DB_insert(db,irow)) + if (!TXT_DB_insert(db->db,irow)) { BIO_printf(bio_err,"failed to update database\n"); - BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); + BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); goto err; } @@ -2733,7 +2489,7 @@ err: return(ok); } -static int get_certificate_status(const char *serial, TXT_DB *db) +static int get_certificate_status(const char *serial, CA_DB *db) { char *row[DB_NUMBER],**rrow; int ok=-1,i; @@ -2774,7 +2530,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db) ok=1; /* Search for the certificate */ - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); if (rrow == NULL) { BIO_printf(bio_err,"Serial %s not present in db.\n", @@ -2821,7 +2577,7 @@ err: return(ok); } -static int do_updatedb (TXT_DB *db) +static int do_updatedb (CA_DB *db) { ASN1_UTCTIME *a_tm = NULL; int i, cnt = 0; @@ -2847,9 +2603,9 @@ static int do_updatedb (TXT_DB *db) else a_y2k = 0; - for (i = 0; i < sk_num(db->data); i++) + for (i = 0; i < sk_num(db->db->data); i++) { - rrow = (char **) sk_value(db->data, i); + rrow = (char **) sk_value(db->db->data, i); if (rrow[DB_type][0] == 'V') { @@ -3337,16 +3093,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G return ret; } -int make_serial_index(TXT_DB *db) - { - if (!TXT_DB_create_index(db, DB_serial, NULL, - LHASH_HASH_FN(index_serial_hash), - LHASH_COMP_FN(index_serial_cmp))) - { - BIO_printf(bio_err, - "error creating serial number index:(%ld,%ld,%ld)\n", - db->error,db->arg1,db->arg2); - return 0; - } - return 1; - } diff --git a/apps/ocsp.c b/apps/ocsp.c index 17e84366d..885e68e36 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -68,19 +68,6 @@ /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) -/* CA index.txt definitions */ -#define DB_type 0 -#define DB_exp_date 1 -#define DB_rev_date 2 -#define DB_serial 3 /* index - unique */ -#define DB_file 4 -#define DB_name 5 /* index - unique for active */ -#define DB_NUMBER 6 - -#define DB_TYPE_REV 'R' -#define DB_TYPE_EXP 'E' -#define DB_TYPE_VAL 'V' - static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, STACK_OF(OCSP_CERTID) *ids); static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, @@ -89,12 +76,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, STACK *names, STACK_OF(OCSP_CERTID) *ids, long nsec, long maxage); -static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, +static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, STACK_OF(X509) *rother, unsigned long flags, int nmin, int ndays); -static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser); +static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); @@ -142,7 +129,7 @@ int MAIN(int argc, char **argv) X509 *rca_cert = NULL; char *ridx_filename = NULL; char *rca_filename = NULL; - TXT_DB *rdb = NULL; + CA_DB *rdb = NULL; int nmin = 0, ndays = -1; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -697,22 +684,9 @@ int MAIN(int argc, char **argv) if (ridx_filename && !rdb) { - BIO *db_bio = NULL; - db_bio = BIO_new_file(ridx_filename, "r"); - if (!db_bio) - { - BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename); - goto end; - } - rdb = TXT_DB_read(db_bio, DB_NUMBER); - BIO_free(db_bio); - if (!rdb) - { - BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename); - goto end; - } - if (!make_serial_index(rdb)) - goto end; + rdb = load_index(ridx_filename, NULL); + if (!rdb) goto end; + if (!index_index(rdb)) goto end; } if (rdb) @@ -894,7 +868,7 @@ end: X509_free(cert); X509_free(rsigner); X509_free(rca_cert); - TXT_DB_free(rdb); + free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); BIO_free(out); @@ -1036,7 +1010,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, } -static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, +static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, STACK_OF(X509) *rother, unsigned long flags, int nmin, int ndays) @@ -1128,7 +1102,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *d } -static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) +static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) { int i; BIGNUM *bn = NULL; @@ -1141,7 +1115,7 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) itmp = BN_bn2hex(bn); row[DB_serial] = itmp; BN_free(bn); - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); OPENSSL_free(itmp); return rrow; } diff --git a/apps/openssl.cnf b/apps/openssl.cnf index eca51c332..2696044cf 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -38,6 +38,8 @@ dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate diff --git a/apps/x509.c b/apps/x509.c index 9a6f98179..64eb83dd6 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1034,12 +1034,11 @@ end: OPENSSL_EXIT(ret); } -static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) +static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) { char *buf = NULL, *p; MS_STATIC char buf2[1024]; - ASN1_INTEGER *bs = NULL, *bs2 = NULL; - BIO *io = NULL; + ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; buf=OPENSSL_malloc( ((serialfile == NULL) @@ -1059,80 +1058,19 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) } else strcpy(buf,serialfile); - serial=BN_new(); - bs=ASN1_INTEGER_new(); - if ((serial == NULL) || (bs == NULL)) - { - ERR_print_errors(bio_err); - goto end; - } - io=BIO_new(BIO_s_file()); - if (io == NULL) - { - ERR_print_errors(bio_err); - goto end; - } - - if (BIO_read_filename(io,buf) <= 0) - { - if (!create) - { - perror(buf); - goto end; - } - else - { - ASN1_INTEGER_set(bs,1); - BN_one(serial); - } - } - else - { - if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) - { - BIO_printf(bio_err,"unable to load serial number from %s\n",buf); - ERR_print_errors(bio_err); - goto end; - } - else - { - serial=BN_bin2bn(bs->data,bs->length,serial); - if (serial == NULL) - { - BIO_printf(bio_err,"error converting bin 2 bn"); - goto end; - } - } - } + serial = load_serial(buf, create, NULL); + if (serial == NULL) goto end; if (!BN_add_word(serial,1)) { BIO_printf(bio_err,"add_word failure\n"); goto end; } - if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL))) - { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; } - if (BIO_write_filename(io,buf) <= 0) - { - BIO_printf(bio_err,"error attempting to write serial number file\n"); - perror(buf); - goto end; - } - i2a_ASN1_INTEGER(io,bs2); - BIO_puts(io,"\n"); - BIO_free(io); + if (!save_serial(buf, serial, &bs)) goto end; + + end: if (buf) OPENSSL_free(buf); - ASN1_INTEGER_free(bs2); BN_free(serial); - io=NULL; return bs; - - end: - if (buf) OPENSSL_free(buf); - BIO_free(io); - ASN1_INTEGER_free(bs); - BN_free(serial); - return NULL; - } static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, @@ -1154,7 +1092,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, goto end; } if (sno) bs = sno; - else if (!(bs = load_serial(CAfile, serialfile, create))) + else if (!(bs = x509_load_serial(CAfile, serialfile, create))) goto end; if (!X509_STORE_add_cert(ctx,x)) goto end; From 63b6fe2bf6d33222546b83755f65896d73cf940b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 18:07:39 +0000 Subject: [PATCH 218/550] Conditionalise all debug strings. --- apps/apps.c | 12 ++++++++++++ apps/ca.c | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/apps/apps.c b/apps/apps.c index 475e47e57..bdd14dd51 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1709,7 +1709,9 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) #else j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); #endif +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); +#endif if (BIO_write_filename(out,buf[0]) <= 0) { perror(dbfile); @@ -1722,7 +1724,9 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) BIO_free(out); out = BIO_new(BIO_s_file()); +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]); +#endif if (BIO_write_filename(out,buf[1]) <= 0) { perror(buf[2]); @@ -1796,8 +1800,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) } else { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); +#endif if (rename(dbfile,buf[1]) < 0) { BIO_printf(bio_err, @@ -1807,8 +1813,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) goto err; } } +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0],dbfile); +#endif if (rename(buf[0],dbfile) < 0) { BIO_printf(bio_err, @@ -1828,8 +1836,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) } else { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4],buf[3]); +#endif if (rename(buf[4],buf[3]) < 0) { BIO_printf(bio_err, @@ -1841,8 +1851,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) goto err; } } +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2],buf[4]); +#endif if (rename(buf[2],buf[4]) < 0) { BIO_printf(bio_err, diff --git a/apps/ca.c b/apps/ca.c index 574cdd7fd..0f8abc85e 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -640,7 +640,9 @@ bad: p = NCONF_get_string(conf, section, "unique_subject"); if (p) { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); +#endif switch(*p) { case 'f': /* false */ @@ -658,10 +660,14 @@ bad: break; } } +#ifdef RL_DEBUG else BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p); +#endif +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", db_attr.unique_subject); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); From c4448f60d67f594ca2016a6a4f6277eda67b8f55 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 18:50:15 +0000 Subject: [PATCH 219/550] Reset the version number of the issuer certificate? I believe this hasn't been tested in a long while... --- apps/ca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 0f8abc85e..0f65506d7 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1960,7 +1960,7 @@ again2: #ifdef X509_V3 /* Make it an X509 v3 certificate. */ - if (!X509_set_version(x509,2)) goto err; + if (!X509_set_version(ret,2)) goto err; #endif if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) From 0998cfaadde11b2c2c6ceaa4bedcd11bfb95bf6b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 19:07:27 +0000 Subject: [PATCH 220/550] Remove unused variable. --- apps/x509.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/x509.c b/apps/x509.c index 64eb83dd6..efb7b0d8b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1037,7 +1037,6 @@ end: static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) { char *buf = NULL, *p; - MS_STATIC char buf2[1024]; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; From 8382ec5d372c273aef65a824338b3242c796051a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 19:10:32 +0000 Subject: [PATCH 221/550] Reindent for readability. --- crypto/x509v3/v3_akey.c | 190 ++++++++++++++++++++++------------------ 1 file changed, 104 insertions(+), 86 deletions(-) diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 97e686f97..c481b6f12 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -68,15 +68,17 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -X509V3_EXT_METHOD v3_akey_id = { -NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, -(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -0,0, -NULL -}; +X509V3_EXT_METHOD v3_akey_id = + { + NID_authority_key_identifier, + X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), + 0,0,0,0, + 0,0, + (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, + (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, + 0,0, + NULL + }; static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) @@ -108,83 +110,99 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -{ -char keyid=0, issuer=0; -int i; -CONF_VALUE *cnf; -ASN1_OCTET_STRING *ikeyid = NULL; -X509_NAME *isname = NULL; -GENERAL_NAMES * gens = NULL; -GENERAL_NAME *gen = NULL; -ASN1_INTEGER *serial = NULL; -X509_EXTENSION *ext; -X509 *cert; -AUTHORITY_KEYID *akeyid; -for(i = 0; i < sk_CONF_VALUE_num(values); i++) { - cnf = sk_CONF_VALUE_value(values, i); - if(!strcmp(cnf->name, "keyid")) { - keyid = 1; - if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if(!strcmp(cnf->name, "issuer")) { - issuer = 1; - if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; - } else { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); - ERR_add_error_data(2, "name=", cnf->name); - return NULL; - } -} + { + char keyid=0, issuer=0; + int i; + CONF_VALUE *cnf; + ASN1_OCTET_STRING *ikeyid = NULL; + X509_NAME *isname = NULL; + GENERAL_NAMES * gens = NULL; + GENERAL_NAME *gen = NULL; + ASN1_INTEGER *serial = NULL; + X509_EXTENSION *ext; + X509 *cert; + AUTHORITY_KEYID *akeyid; -if(!ctx || !ctx->issuer_cert) { - if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); + for(i = 0; i < sk_CONF_VALUE_num(values); i++) + { + cnf = sk_CONF_VALUE_value(values, i); + if(!strcmp(cnf->name, "keyid")) + { + keyid = 1; + if(cnf->value && !strcmp(cnf->value, "always")) + keyid = 2; + } + else if(!strcmp(cnf->name, "issuer")) + { + issuer = 1; + if(cnf->value && !strcmp(cnf->value, "always")) + issuer = 2; + } + else + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); + ERR_add_error_data(2, "name=", cnf->name); + return NULL; + } + } + + if(!ctx || !ctx->issuer_cert) + { + if(ctx && (ctx->flags==CTX_TEST)) + return AUTHORITY_KEYID_new(); + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); + return NULL; + } + + cert = ctx->issuer_cert; + + if(keyid) + { + i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); + if((i >= 0) && (ext = X509_get_ext(cert, i))) + ikeyid = X509V3_EXT_d2i(ext); + if(keyid==2 && !ikeyid) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + return NULL; + } + } + + if((issuer && !ikeyid) || (issuer == 2)) + { + isname = X509_NAME_dup(X509_get_issuer_name(cert)); + serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if(!isname || !serial) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); + goto err; + } + } + + if(!(akeyid = AUTHORITY_KEYID_new())) goto err; + + if(isname) + { + if(!(gens = sk_GENERAL_NAME_new_null()) + || !(gen = GENERAL_NAME_new()) + || !sk_GENERAL_NAME_push(gens, gen)) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); + goto err; + } + gen->type = GEN_DIRNAME; + gen->d.dirn = isname; + } + + akeyid->issuer = gens; + akeyid->serial = serial; + akeyid->keyid = ikeyid; + + return akeyid; + + err: + X509_NAME_free(isname); + M_ASN1_INTEGER_free(serial); + M_ASN1_OCTET_STRING_free(ikeyid); return NULL; -} - -cert = ctx->issuer_cert; - -if(keyid) { - i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); - if((i >= 0) && (ext = X509_get_ext(cert, i))) - ikeyid = X509V3_EXT_d2i(ext); - if(keyid==2 && !ikeyid) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); - return NULL; } -} - -if((issuer && !ikeyid) || (issuer == 2)) { - isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); - if(!isname || !serial) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); - goto err; - } -} - -if(!(akeyid = AUTHORITY_KEYID_new())) goto err; - -if(isname) { - if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) - || !sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); - goto err; - } - gen->type = GEN_DIRNAME; - gen->d.dirn = isname; -} - -akeyid->issuer = gens; -akeyid->serial = serial; -akeyid->keyid = ikeyid; - -return akeyid; - -err: -X509_NAME_free(isname); -M_ASN1_INTEGER_free(serial); -M_ASN1_OCTET_STRING_free(ikeyid); -return NULL; - -} - From db598fbce2af2cc7c835b0e10253f49dda5b1b41 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 20:03:23 +0000 Subject: [PATCH 222/550] Don't try to free NULL values... --- apps/apps.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index bdd14dd51..6092c395e 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1873,6 +1873,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) void free_index(CA_DB *db) { - TXT_DB_free(db->db); - OPENSSL_free(db); + if (db) + { + if (db->db) TXT_DB_free(db->db); + OPENSSL_free(db); + } } From 4ce4884a5b629843f65a8269b4af1528cb719175 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 21:55:55 +0000 Subject: [PATCH 223/550] Typo correction --- doc/HOWTO/certificates.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index 82166e0dc..d7e16c1da 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -48,7 +48,7 @@ you have your own certificate authority, you may sign it yourself, or if you need a self-signed certificate (because you just want a test certificate or because you are setting up your own CA). -The certificate is created like this: +The certificate request is created like this: openssl req -new -key privkey.pem -out cert.csr From 8152d887992c8f15fcf63c7da48c5d8805f1b3b2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:12:48 +0000 Subject: [PATCH 224/550] It's recommended to use req rather than x509 to create self-signed certificates --- doc/HOWTO/certificates.txt | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index d7e16c1da..d3a62545a 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -71,13 +71,11 @@ received. If you don't want to deal with another certificate authority, or just want to create a test certificate for yourself, or are setting up a certificate authority of your own, you may want to make the requested -certificate a self-signed one. If you have created a certificate -request as shown above, you can sign it using the 'openssl x509' -command, for example like this (to create a self-signed CA -certificate): +certificate a self-signed one. This is similar to creating a +certificate request, but creates a certificate instead of a +certificate request (1095 is 3 years): - openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \ - -signkey privkey.pem -out cacert.pem -trustout + openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 5. What to do with the certificate From e6526fbf4dc894d71ae3517a1ba484475b79b402 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:27:24 +0000 Subject: [PATCH 225/550] Add functionality to help making self-signed certificate. --- CHANGES | 5 ++++ crypto/evp/evp.h | 2 ++ crypto/evp/p_lib.c | 46 +++++++++++++++++++++++++++++++ crypto/x509/x509.h | 3 ++ crypto/x509/x509_cmp.c | 62 ++++++++++++------------------------------ crypto/x509/x509_err.c | 3 +- crypto/x509/x509_req.c | 40 +++++++++++++++++++++++++++ 7 files changed, 116 insertions(+), 45 deletions(-) diff --git a/CHANGES b/CHANGES index 505ef5188..0d767703c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add functionality to check the public key of a certificate request + against a given private. This is useful to check that a certificate + request can be signed by that key (self-signing). + [Richard Levitte] + *) Make it possible to have multiple active certificates with the same subject in the CA index file. This is done only if the keyword 'unique_subject' is set to 'no' in the main CA section (default diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index b084a3580..4e4a667ab 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -754,6 +754,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp(EVP_PKEY *a,EVP_PKEY *b); + int EVP_CIPHER_type(const EVP_CIPHER *ctx); /* calls methods */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index c7a3dee10..8d23c0bd7 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -237,6 +237,52 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) return(-1); } +int EVP_PKEY_cmp(EVP_PKEY *a, EVP_PKEY *b) + { + if (a->type != b->type) + return -1; + + switch (a->type) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + { + int r = EC_POINT_cmp(b->pkey.eckey->group, + b->pkey.eckey->pub_key,a->pkey.eckey->pub_key,NULL); + if (r != 0) + { + if (r == 1) + return 0; + else + return -2; + } + } + break; +#endif +#ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + return -2; +#endif + default: + return -2; + } + + return 1; + } + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 53a8f6c75..049308ba8 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1038,6 +1038,8 @@ int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); + int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1271,6 +1273,7 @@ void ERR_load_X509_strings(void); #define X509_F_X509_PRINT_FP 118 #define X509_F_X509_PUBKEY_GET 119 #define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 #define X509_F_X509_REQ_PRINT 121 #define X509_F_X509_REQ_PRINT_FP 122 #define X509_F_X509_REQ_TO_X509 123 diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9b2891140..5dfdcd41c 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -374,62 +374,36 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) int ok=0; xk=X509_get_pubkey(x); - if (xk->type != k->type) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); - goto err; - } - switch (k->type) + switch (EVP_PKEY_cmp(xk, k)) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 - || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 1: + ok=1; break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 0: + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); break; -#endif + case -1: + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + break; + case -2: #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - int r = EC_POINT_cmp(xk->pkey.eckey->group, - xk->pkey.eckey->pub_key,k->pkey.eckey->pub_key,NULL); - if (r != 0) + if (k->type == EVP_PKEY_EC) { - if (r == 1) - X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH); - else - X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); - - goto err; + X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; } - } - break; #endif #ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - /* No idea */ - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); - goto err; + if (k->type == EVP_PKEY_DH) + { + /* No idea */ + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + break; + } #endif - default: X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); - goto err; } - ok=1; -err: EVP_PKEY_free(xk); return(ok); } diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 5bbf4acf7..7a6d5a007 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* crypto/x509/x509_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -95,6 +95,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, {ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, {ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, +{ERR_PACK(0,X509_F_X509_REQ_CHECK_PRIVATE_KEY,0), "X509_REQ_check_private_key"}, {ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 0affa3bf3..b4ad53431 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) return(X509_PUBKEY_get(req->req_info->pubkey)); } +int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) + { + EVP_PKEY *xk=NULL; + int ok=0; + + xk=X509_REQ_get_pubkey(x); + switch (EVP_PKEY_cmp(xk, k)) + { + case 1: + ok=1; + break; + case 0: + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + break; + case -1: + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + break; + case -2: +#ifndef OPENSSL_NO_EC + if (k->type == EVP_PKEY_EC) + { + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; + } +#endif +#ifndef OPENSSL_NO_DH + if (k->type == EVP_PKEY_DH) + { + /* No idea */ + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + break; + } +#endif + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); + } + + EVP_PKEY_free(xk); + return(ok); + } + /* It seems several organisations had the same idea of including a list of * extensions in a certificate request. There are at least two OIDs that are * used and there may be more: so the list is configurable. From 16b1b03543fc6362f9e48f1bd9d4b153ea58c553 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:33:59 +0000 Subject: [PATCH 226/550] Implement self-signing in 'openssl ca'. This makes it easier to have the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier. --- CHANGES | 7 +++ apps/CA.pl.in | 11 +++-- apps/CA.sh | 13 ++++-- apps/ca.c | 90 +++++++++++++++++++++++++------------- doc/HOWTO/certificates.txt | 11 +++-- 5 files changed, 88 insertions(+), 44 deletions(-) diff --git a/CHANGES b/CHANGES index 0d767703c..66870e6c8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make it possible to create self-signed certificates with 'openssl ca' + in such a way that the self-signed certificate becomes part of the + CA database and uses the same mechanisms for serial number generation + as all other certificate signing. The new flag '-selfsign' enables + this functionality. Adapt CA.sh and CA.pl.in. + [Richard Levitte] + *) Add functionality to check the public key of a certificate request against a given private. This is useful to check that a certificate request can be signed by that key (self-signing). diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 8b2ce7ea4..2242f7e03 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -37,7 +37,8 @@ # demoCA ... where everything is stored $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; $VERIFY="openssl verify"; @@ -46,6 +47,7 @@ $PKCS12="openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -101,8 +103,11 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } diff --git a/apps/CA.sh b/apps/CA.sh index d9f3069fb..e63a2267e 100644 --- a/apps/CA.sh +++ b/apps/CA.sh @@ -30,7 +30,8 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored -DAYS="-days 365" +DAYS="-days 365" # 1 year +CADAYS="-days 1095" # 3 years REQ="openssl req $SSLEAY_CONFIG" CA="openssl ca $SSLEAY_CONFIG" VERIFY="openssl verify" @@ -38,6 +39,7 @@ X509="openssl x509" CATOP=./demoCA CAKEY=./cakey.pem +CAREQ=./careq.pem CACERT=./cacert.pem for i @@ -70,7 +72,7 @@ case $i in mkdir ${CATOP}/crl mkdir ${CATOP}/newcerts mkdir ${CATOP}/private - echo "01" > ${CATOP}/serial + echo "00" > ${CATOP}/serial touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,8 +85,11 @@ case $i in RET=$? else echo "Making CA certificate ..." - $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ - -out ${CATOP}/$CACERT $DAYS + $REQ -new -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CAREQ + $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + -keyfile ${CATOP}/private/$CAKEY -selfsign \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi diff --git a/apps/ca.c b/apps/ca.c index 0f65506d7..eb328f2b8 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -204,7 +204,7 @@ static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy); + int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, @@ -225,7 +225,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy); + int ext_copy, int selfsign); static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); @@ -292,7 +292,8 @@ int MAIN(int argc, char **argv) unsigned long nameopt = 0, certopt = 0; int default_op = 1; int ext_copy = EXT_COPY_NONE; - X509 *x509=NULL; + int selfsign = 0; + X509 *x509=NULL, *x509p = NULL; X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; @@ -406,6 +407,8 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; certfile= *(++argv); } + else if (strcmp(*argv,"-selfsign") == 0) + selfsign=1; else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; @@ -700,7 +703,7 @@ bad: } /*****************************************************************/ - /* we definitely need a public key, so let's get it */ + /* we definitely need a private key, so let's get it */ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) @@ -728,22 +731,27 @@ bad: /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, - section,ENV_CERTIFICATE)) == NULL)) + if (!selfsign || spkac_file || ss_cert_file || gencrl) { - lookup_fail(section,ENV_CERTIFICATE); - goto err; - } - x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, - "CA certificate"); - if (x509 == NULL) - goto err; + if ((certfile == NULL) + && ((certfile=NCONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, + "CA certificate"); + if (x509 == NULL) + goto err; - if (!X509_check_private_key(x509,pkey)) - { - BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); - goto err; + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } } + if (!selfsign) x509p = x509; f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if (f == NULL) @@ -1175,10 +1183,10 @@ bad: if (infile != NULL) { total++; - j=certify(&x,infile,pkey,x509,dgst,attribs,db, + j=certify(&x,infile,pkey,x509p,dgst,attribs,db, serial,subj,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, - default_op, ext_copy); + default_op, ext_copy, selfsign); if (j < 0) goto err; if (j > 0) { @@ -1195,10 +1203,10 @@ bad: for (i=0; i 0) { @@ -1515,7 +1523,7 @@ err: BN_free(serial); free_index(db); EVP_PKEY_free(pkey); - X509_free(x509); + if (x509) X509_free(x509); X509_CRL_free(crl); NCONF_free(conf); OBJ_cleanup(); @@ -1533,7 +1541,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_REQ *req=NULL; BIO *in=NULL; @@ -1558,6 +1566,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err,"Check that the request matches the signature\n"); + if (selfsign && !X509_REQ_check_private_key(req,pkey)) + { + BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); + ok=0; + goto err; + } if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); @@ -1582,7 +1596,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, - certopt, nameopt, default_op, ext_copy); + certopt, nameopt, default_op, ext_copy, selfsign); err: if (req != NULL) X509_REQ_free(req); @@ -1636,7 +1650,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (rreq != NULL) X509_REQ_free(rreq); @@ -1649,7 +1663,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; ASN1_UTCTIME *tm,*tmptm; @@ -1753,7 +1767,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, } /* take a copy of the issuer name before we mess with it. */ - CAname=X509_NAME_dup(x509->cert_info->subject); + if (selfsign) + CAname=X509_NAME_dup(name); + else + CAname=X509_NAME_dup(x509->cert_info->subject); if (CAname == NULL) goto err; str=str2=NULL; @@ -1965,8 +1982,16 @@ again2: if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) goto err; - if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) - goto err; + if (selfsign) + { + if (!X509_set_issuer_name(ret,subject)) + goto err; + } + else + { + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + } if (strcmp(startdate,"today") == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); @@ -2001,7 +2026,10 @@ again2: ci->extensions = NULL; /* Initialize the context structure */ - X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + if (selfsign) + X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); + else + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); if (extconf) { @@ -2344,7 +2372,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, EVP_PKEY_free(pktmp); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index d3a62545a..a8a34c7ab 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -66,14 +66,13 @@ Section 5 will tell you more on how to handle the certificate you received. -4. Creating a self-signed certificate +4. Creating a self-signed test certificate If you don't want to deal with another certificate authority, or just -want to create a test certificate for yourself, or are setting up a -certificate authority of your own, you may want to make the requested -certificate a self-signed one. This is similar to creating a -certificate request, but creates a certificate instead of a -certificate request (1095 is 3 years): +want to create a test certificate for yourself. This is similar to +creating a certificate request, but creates a certificate instead of +a certificate request. This is NOT the recommended way to create a +CA certificate, see ca.txt. openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 From 4342c5c1a0715eafc56a523e92160da51db37bd1 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:38:31 +0000 Subject: [PATCH 227/550] Add a CA section, to make sure the test will work with the changes in CA.sh. --- test/CAss.cnf | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/test/CAss.cnf b/test/CAss.cnf index b941b7ae1..0884fee36 100644 --- a/test/CAss.cnf +++ b/test/CAss.cnf @@ -23,3 +23,52 @@ organizationName_value = Dodgy Brothers commonName = Common Name (eg, YOUR name) commonName_value = Dodgy CA + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = v3_ca # The extentions to add to the cert + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true From 83b23ed967d1847e7393dfb9ff14a2c03b28654b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:01:20 +0000 Subject: [PATCH 228/550] One more debug line to conditionalise. --- apps/apps.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/apps.c b/apps/apps.c index 6092c395e..0cdc1ad69 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1624,7 +1624,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); if (p) { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); +#endif switch(*p) { case 'f': /* false */ From 57544ee2248a2f9d976844fe8eaaf404d4d70f1a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:04:48 +0000 Subject: [PATCH 229/550] Counter for GCC attributes. --- util/mkdef.pl | 10 +++++----- util/mkerr.pl | 14 +++++++------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index dc5b12b90..4c15a942d 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -833,14 +833,14 @@ sub do_defs } elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) { $s = $1; print STDERR "DEBUG: found ANSI C function $s\n" if $debug; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) { + } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s) { # K&R C print STDERR "DEBUG: found K&R C function $s\n" if $debug; next; - } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; + } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { + while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { + s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; + s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; } s/\(void\)//; /(\w+(\{[0-9]+\})?)\W*\(\)/s; diff --git a/util/mkerr.pl b/util/mkerr.pl index f1178602e..cf34a35ce 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -128,20 +128,20 @@ while (($hdr, $lib) = each %libinc) s/^[\n\s]*//g; s/[\n\s]*$//g; next if(/typedef\W/); - if (/\(\*(\w*)\([^\)]+/) { + if (/\(\*(\w*)\([^\)]+\)(\s*__attribute__\(.*\)\s*)?$/) { my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){ + } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){ # K&R C next ; - } elsif (/\w+\W+\w+\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; + } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { + while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { + s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; + s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; } s/\(void\)//; - /(\w+)\W*\(\)/s; + /(\w+(\{[0-9]+\})?)\W*\(\)/s; my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; From 68b42986cb47be2bb22c05a5c44584e749599616 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:06:05 +0000 Subject: [PATCH 230/550] Add GCC attributes when compiled with gcc. This helps find out if we're using the printing functions correctly or not. I used the corresponding attributes found in the header files of my Linux installation. --- crypto/bio/bio.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index ce8b19ce2..e8bb8aa4d 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -612,10 +612,17 @@ void BIO_copy_next_retry(BIO *b); /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ -int BIO_printf(BIO *bio, const char *format, ...); -int BIO_vprintf(BIO *bio, const char *format, va_list args); -int BIO_snprintf(char *buf, size_t n, const char *format, ...); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); +#ifndef __GNUC__ +#define __attribute__(x) +#endif +int BIO_printf(BIO *bio, const char *format, ...) + __attribute__((__format__(__printf__,2,3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) + __attribute__((__format__(__printf__,2,0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) + __attribute__((__format__(__printf__,3,4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + __attribute__((__format__(__printf__,3,0))); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes From c433d72593bb77c0200d2f3b61c9192f81163631 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:35:14 +0000 Subject: [PATCH 231/550] Make %p and %# work properly, at least with pointers and floats. --- crypto/bio/b_print.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 3f5d6a74b..a9e552f24 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -378,7 +378,7 @@ _dopr( case 'p': value = (long)va_arg(args, void *); fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags); + value, 16, min, max, flags|DP_F_NUM); break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -482,8 +482,9 @@ fmtint( int flags) { int signvalue = 0; + char *prefix = ""; unsigned LLONG uvalue; - char convert[DECIMAL_SIZE(value)+1]; + char convert[DECIMAL_SIZE(value)+3]; int place = 0; int spadlen = 0; int zpadlen = 0; @@ -501,6 +502,10 @@ fmtint( else if (flags & DP_F_SPACE) signvalue = ' '; } + if (flags & DP_F_NUM) { + if (base == 8) prefix = "0"; + if (base == 16) prefix = "0x"; + } if (flags & DP_F_UP) caps = 1; do { @@ -514,7 +519,7 @@ fmtint( convert[place] = 0; zpadlen = max - place; - spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) @@ -536,6 +541,12 @@ fmtint( if (signvalue) doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + /* prefix */ + while (*prefix) { + doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + prefix++; + } + /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { @@ -692,7 +703,7 @@ fmtfp( * Decimal point. This should probably use locale to find the correct * char to print out. */ - if (max > 0) { + if (max > 0 || (flags & DP_F_NUM)) { doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); while (fplace > 0) From 3ae70939baf60524135f7e3c47e93ad2a55e611b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:39:48 +0000 Subject: [PATCH 232/550] Correct a lot of printing calls. Remove extra arguments... --- apps/ca.c | 2 +- apps/ocsp.c | 4 ++-- apps/pkcs12.c | 5 +++-- apps/pkcs8.c | 11 +++++------ apps/req.c | 4 ++-- apps/s_cb.c | 4 ++-- apps/s_server.c | 22 +++++++++++----------- apps/speed.c | 4 ++-- crypto/asn1/t_crl.c | 2 +- crypto/asn1/t_req.c | 2 +- crypto/dsa/dsatest.c | 2 +- crypto/ocsp/ocsp_prn.c | 4 ++-- crypto/x509v3/v3_prn.c | 2 +- crypto/x509v3/v3_sxnet.c | 2 +- ssl/ssltest.c | 2 +- 15 files changed, 36 insertions(+), 36 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index eb328f2b8..ea84facac 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2096,7 +2096,7 @@ again2: BIO_printf(bio_err,"Certificate is to be certified until "); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - if (days) BIO_printf(bio_err," (%d days)",days); + if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); if (!batch) diff --git a/apps/ocsp.c b/apps/ocsp.c index 885e68e36..0cf4aad3f 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -781,7 +781,7 @@ int MAIN(int argc, char **argv) if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%ld)\n", + BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); ret = 0; goto end; @@ -845,7 +845,7 @@ int MAIN(int argc, char **argv) if(i <= 0) { - BIO_printf(bio_err, "Response Verify Failure\n", i); + BIO_printf(bio_err, "Response Verify Failure\n"); ERR_print_errors(bio_err); } else diff --git a/apps/pkcs12.c b/apps/pkcs12.c index a00b438f9..385011b45 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -814,8 +814,9 @@ int alg_print (BIO *x, X509_ALGOR *alg) unsigned char *p; p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); - BIO_printf (bio_err, "%s, Iteration %d\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + BIO_printf (bio_err, "%s, Iteration %ld\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free (pbe); return 0; } diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 6be27e7f4..ee8cf0281 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -235,7 +235,7 @@ int MAIN(int argc, char **argv) return (1); } if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { - BIO_printf(bio_err, "Error converting key\n", outfile); + BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); return (1); } @@ -259,8 +259,7 @@ int MAIN(int argc, char **argv) if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, p8pass, strlen(p8pass), NULL, 0, iter, p8inf))) { - BIO_printf(bio_err, "Error encrypting key\n", - outfile); + BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); return (1); } @@ -303,7 +302,7 @@ int MAIN(int argc, char **argv) } if (!p8) { - BIO_printf (bio_err, "Error reading key\n", outfile); + BIO_printf (bio_err, "Error reading key\n"); ERR_print_errors(bio_err); return (1); } @@ -317,13 +316,13 @@ int MAIN(int argc, char **argv) } if (!p8inf) { - BIO_printf(bio_err, "Error decrypting key\n", outfile); + BIO_printf(bio_err, "Error decrypting key\n"); ERR_print_errors(bio_err); return (1); } if (!(pkey = EVP_PKCS82PKEY(p8inf))) { - BIO_printf(bio_err, "Error converting key\n", outfile); + BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); return (1); } diff --git a/apps/req.c b/apps/req.c index c29759961..80b623c50 100644 --- a/apps/req.c +++ b/apps/req.c @@ -728,10 +728,10 @@ bad: if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); - BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); goto end; } - BIO_printf(bio_err,"Generating a %d bit %s private key\n", + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", newkey,(pkey_type == TYPE_RSA)?"RSA": (pkey_type == TYPE_DSA)?"DSA":"EC"); diff --git a/apps/s_cb.c b/apps/s_cb.c index 675527df1..1410178d6 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -239,14 +239,14 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", + BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", + BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } diff --git a/apps/s_server.c b/apps/s_server.c index 814f3b9c1..7ce65a3e8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -971,23 +971,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) { BIO_printf(bio,"%4ld items in the session cache\n", SSL_CTX_sess_number(ssl_ctx)); - BIO_printf(bio,"%4d client connects (SSL_connect())\n", + BIO_printf(bio,"%4ld client connects (SSL_connect())\n", SSL_CTX_sess_connect(ssl_ctx)); - BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", + BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", SSL_CTX_sess_connect_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d client connects that finished\n", + BIO_printf(bio,"%4ld client connects that finished\n", SSL_CTX_sess_connect_good(ssl_ctx)); - BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", SSL_CTX_sess_accept(ssl_ctx)); - BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", + BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", SSL_CTX_sess_accept_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d server accepts that finished\n", + BIO_printf(bio,"%4ld server accepts that finished\n", SSL_CTX_sess_accept_good(ssl_ctx)); - BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); - BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); - BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); - BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", SSL_CTX_sess_cache_full(ssl_ctx), SSL_CTX_sess_get_cache_size(ssl_ctx)); } diff --git a/apps/speed.c b/apps/speed.c index c4add36d2..a634b1172 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2382,8 +2382,8 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, static void print_result(int alg,int run_no,int count,double time_used) { - BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" - : "%ld %s's in %.2fs\n",count,names[alg],time_used); + BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n" + : "%d %s's in %.2fs\n",count,names[alg],time_used); results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 757c148df..f183a11b6 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -121,7 +121,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) r = sk_X509_REVOKED_value(rev, i); BIO_printf(out," Serial Number: "); i2a_ASN1_INTEGER(out,r->serialNumber); - BIO_printf(out,"\n Revocation Date: ",""); + BIO_printf(out,"\n Revocation Date: "); ASN1_TIME_print(out,r->revocationDate); BIO_printf(out,"\n"); X509V3_extensions_print(out, "CRL entry extensions", diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index b70bda71d..7088486a9 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -254,7 +254,7 @@ get_next: obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) goto err; if(!X509V3_EXT_print(bp, ex, 0, 16)) { diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 71ff566ed..53c73c5cc 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -166,7 +166,7 @@ int main(int argc, char **argv) BIO_printf(bio_err,"%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } - BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); + BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); if (dsa == NULL) goto end; DSA_print(bio_err,dsa,0); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 4b7bc2876..3dfb51c1e 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -194,7 +194,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; l=ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", + if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; if (BIO_puts(bp," Response Type: ") <= 0) @@ -252,7 +252,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { l=ASN1_ENUMERATED_get(rev->revocationReason); if (BIO_printf(bp, - "\n Revocation Reason: %s (0x%x)", + "\n Revocation Reason: %s (0x%lx)", OCSP_crl_reason_str(l), l) <= 0) goto err; } diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 754808b62..9be6c95a6 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -182,7 +182,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) return 0; if(!X509V3_EXT_print(bp, ex, flag, 12)) { diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index d3f4ba3a7..860909a83 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -109,7 +109,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, SXNETID *id; int i; v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); + BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 45b211b4c..a304398b9 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1597,7 +1597,7 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) (void)BIO_flush(bio_err); if(!RSA_generate_key_ex(rsa_tmp,keylength,RSA_F4,NULL)) { - BIO_printf(bio_err, "Error generating key.", keylength); + BIO_printf(bio_err, "Error generating key."); RSA_free(rsa_tmp); rsa_tmp = NULL; } From b5f96e8818188c542dcff3d38deb9303ccd2ccca Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 14:19:00 +0000 Subject: [PATCH 233/550] There's no need to check for __attribute__ with ANSI functions, since we only check to the opening parenthesis anyway... --- util/mkerr.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index cf34a35ce..1b2915c76 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -128,7 +128,7 @@ while (($hdr, $lib) = each %libinc) s/^[\n\s]*//g; s/[\n\s]*$//g; next if(/typedef\W/); - if (/\(\*(\w*)\([^\)]+\)(\s*__attribute__\(.*\)\s*)?$/) { + if (/\(\*(\w*)\([^\)]+/) { my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; From 6fcf7354975b839ad8bf76e9427e721d8ed5f5cf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 14:19:15 +0000 Subject: [PATCH 234/550] make update --- util/libeay.num | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/libeay.num b/util/libeay.num index c83c89ad6..865fa9fe7 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3020,3 +3020,5 @@ GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: +EVP_PKEY_cmp 3453 EXIST::FUNCTION: +X509_REQ_check_private_key 3454 EXIST::FUNCTION: From d6df2b281f4eb0524606e3313afe8caf45d7e342 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 14:39:44 +0000 Subject: [PATCH 235/550] Add documentation on the added functionality in 'openssl ca'. --- apps/ca.c | 1 + doc/apps/ca.pod | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/apps/ca.c b/apps/ca.c index ea84facac..34b1507ae 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -169,6 +169,7 @@ static char *ca_usage[]={ " -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", +" -selfsign - sign a certificate with the key associated with it\n", " -in file - The input PEM encoded certificate request(s)\n", " -out file - Where to put the output file(s)\n", " -outdir dir - Where to put output certificates\n", diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index de66c534b..6d010216e 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -30,6 +30,7 @@ B B [B<-key arg>] [B<-passin arg>] [B<-cert file>] +[B<-selfsign>] [B<-in file>] [B<-out file>] [B<-notext>] @@ -113,6 +114,20 @@ the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. +=item B<-selfsign> + +indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with B<-keyfile>). +Cerificate requests signed with a different key are ignored. If +B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is +ignored. + +A consequence of using B<-selfsign> is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option B), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. + =item B<-passin arg> the key password source. For more information about the format of B @@ -359,6 +374,16 @@ the same as the B<-md> option. The message digest to use. Mandatory. the text database file to use. Mandatory. This file must be present though initially it will be empty. +=item B + +if the value B is given, the valid certificate entries in the +database must have unique subjects. if the value B is given, +several valid certificate entries may have the exact same subject. +The default value is B, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make CA certificate roll-over easier, +it's recommended to use the value B, especially if combined with +the B<-selfsign> command line option. + =item B a text file containing the next serial number to use in hex. Mandatory. From 4c771796d59f895c58e88bb7161fc0d711d05604 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 15:10:35 +0000 Subject: [PATCH 236/550] Convert save_serial() to work like save_index(), and add a rotate_serial() that works like rotate_index(). --- apps/apps.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++-- apps/apps.h | 3 +- apps/ca.c | 45 ++--------------------- apps/x509.c | 2 +- 4 files changed, 103 insertions(+), 48 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 0cdc1ad69..ac9e3daa5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1519,19 +1519,44 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) return(ret); } -int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai) +int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai) { - BIO *out; + char buf[1][BSIZE]; + BIO *out = NULL; int ret=0; ASN1_INTEGER *ai=NULL; + int j; + if (suffix == NULL) + j = strlen(serialfile); + else + j = strlen(serialfile) + strlen(suffix) + 1; + if (j >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + if (suffix == NULL) + BUF_strlcpy(buf[0], serialfile, BSIZE); + else + { +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); +#endif + } +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto err; } - if (BIO_write_filename(out,serialfile) <= 0) + if (BIO_write_filename(out,buf[0]) <= 0) { perror(serialfile); goto err; @@ -1556,6 +1581,76 @@ err: return(ret); } +int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) + { + char buf[5][BSIZE]; + int i,j; + struct stat sb; + + i = strlen(serialfile) + strlen(old_suffix); + j = strlen(serialfile) + strlen(new_suffix); + if (i > j) j = i; + if (j + 1 >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", + serialfile, new_suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", + serialfile, new_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", + serialfile, old_suffix); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", + serialfile, old_suffix); +#endif + if (stat(serialfile,&sb) < 0) + { + if (errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR) +#endif + goto err; + } + else + { +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + serialfile, buf[1]); +#endif + if (rename(serialfile,buf[1]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + serialfile, buf[1]); + perror("reason"); + goto err; + } + } +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[0],serialfile); +#endif + if (rename(buf[0],serialfile) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[0],serialfile); + perror("reason"); + rename(buf[1],serialfile); + goto err; + } + return 1; + err: + return 0; + } + CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) { CA_DB *retdb = NULL; diff --git a/apps/apps.h b/apps/apps.h index 974eb4f1c..8a9c4ab0a 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -311,7 +311,8 @@ typedef struct ca_db_st } CA_DB; BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); -int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai); +int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); +int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); int save_index(char *dbfile, char *suffix, CA_DB *db); diff --git a/apps/ca.c b/apps/ca.c index 34b1507ae..618d88b2d 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1243,21 +1243,7 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) - { - BIO_printf(bio_err,"file name too long\n"); - goto err; - } - - strcpy(buf[0],serialfile); - -#ifdef OPENSSL_SYS_VMS - strcat(buf[0],"-new"); -#else - strcat(buf[0],".new"); -#endif - - if (!save_serial(buf[0],serial,NULL)) goto err; + if (!save_serial(serialfile,"new",serial,NULL)) goto err; if (!save_index(dbfile, "new", db)) goto err; } @@ -1317,34 +1303,7 @@ bad: if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - strncpy(buf[2],serialfile,BSIZE-4); - buf[2][BSIZE-4]='\0'; - -#ifdef OPENSSL_SYS_VMS - strcat(buf[2],"-old"); -#else - strcat(buf[2],".old"); -#endif - - BIO_free(in); - BIO_free_all(out); - in=NULL; - out=NULL; - if (rename(serialfile,buf[2]) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - serialfile,buf[2]); - perror("reason"); - goto err; - } - if (rename(buf[0],serialfile) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - buf[0],serialfile); - perror("reason"); - rename(buf[2],serialfile); - goto err; - } + if (!rotate_serial(serialfile,"new","old")) goto err; if (!rotate_index(dbfile,"new","old")) goto err; diff --git a/apps/x509.c b/apps/x509.c index efb7b0d8b..ed9e40574 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1064,7 +1064,7 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create if (!BN_add_word(serial,1)) { BIO_printf(bio_err,"add_word failure\n"); goto end; } - if (!save_serial(buf, serial, &bs)) goto end; + if (!save_serial(buf, NULL, serial, &bs)) goto end; end: if (buf) OPENSSL_free(buf); From 8d570498a268acff0c311c1149f872bf84827583 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 5 Apr 2003 21:21:26 +0000 Subject: [PATCH 237/550] Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564 --- crypto/evp/c_all.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 19737f39f..879d84ae7 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -74,7 +74,9 @@ void OPENSSL_add_all_algorithms_noconf(void) { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#if defined(__OpenBSD__) || defined(__FreeBSD__) +#ifndef OPENSSL_NO_ENGINE +# if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_setup_bsd_cryptodev(); +# endif #endif } From af0f0f3e8fce83cf65c7f306eef88fa2d7516e5f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 6 Apr 2003 15:31:18 +0000 Subject: [PATCH 238/550] Constify --- crypto/evp/evp.h | 8 ++++---- crypto/evp/p_lib.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 4e4a667ab..a1dd3da1b 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -749,12 +749,12 @@ EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); -int EVP_PKEY_cmp(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_CIPHER_type(const EVP_CIPHER *ctx); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 8d23c0bd7..74a007e29 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -150,7 +150,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, cpnst EVP_PKEY *from) { if (to->type != from->type) { @@ -198,7 +198,7 @@ err: return(0); } -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) @@ -221,7 +221,7 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) return(0); } -int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { #ifndef OPENSSL_NO_DSA if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) @@ -237,7 +237,7 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) return(-1); } -int EVP_PKEY_cmp(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { if (a->type != b->type) return -1; From a8b728445c6d2d3f1d3ef568b8bff2b651aa0b52 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 7 Apr 2003 10:09:44 +0000 Subject: [PATCH 239/550] Correct a typo. Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note about the lack of parameter comparison for EC. --- crypto/evp/p_lib.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 74a007e29..2760d7b1e 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -150,7 +150,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, cpnst EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { @@ -242,6 +242,15 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) if (a->type != b->type) return -1; + /* XXXXX + We should really check for != 0, but cmp_paramters doesn't compare EC + groups, and I'm currently unsure how to handle that case... Except for + adding such functionality to cmp_parameters, but that would require + things like EC_GROUP_cmp(), which I'm not currently ready to write. + -- Richard Levitte */ + if (EVP_PKEY_cmp_parameters(a, b) == 1) + return 1; + switch (a->type) { #ifndef OPENSSL_NO_RSA From 7b36590b1778c26ad96a36002b55b17fa3e41bf6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 7 Apr 2003 10:15:32 +0000 Subject: [PATCH 240/550] What was I smoking? EVP_PKEY_cmp() should return with 0 if EVP_PKEY_cmp_parameters() returned 0, otherwise it should go on processing the public key component. Thia has nothing to do with the proper handling of EC parameters or not. --- crypto/evp/p_lib.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 2760d7b1e..730ef4d0a 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -242,14 +242,8 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) if (a->type != b->type) return -1; - /* XXXXX - We should really check for != 0, but cmp_paramters doesn't compare EC - groups, and I'm currently unsure how to handle that case... Except for - adding such functionality to cmp_parameters, but that would require - things like EC_GROUP_cmp(), which I'm not currently ready to write. - -- Richard Levitte */ - if (EVP_PKEY_cmp_parameters(a, b) == 1) - return 1; + if (EVP_PKEY_cmp_parameters(a, b) == 0) + return 0; switch (a->type) { From 0a861ab7f36b6a8436e62dcf9f98446bc022b6ff Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 7 Apr 2003 19:15:25 +0000 Subject: [PATCH 241/550] RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework. --- crypto/rsa/rsa_sign.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 9dd62ac95..619755ce0 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -79,12 +79,16 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; + if(rsa->flags & RSA_FLAG_SIGN_VER) + { #ifndef OPENSSL_NO_ENGINE - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_sign) - return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, - m, m_len, sigret, siglen, rsa); + if(ENGINE_get_RSA(rsa->engine)->rsa_sign) + return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, + m, m_len, sigret, siglen, rsa); #endif + return rsa->meth->rsa_sign(type, m, m_len, + sigret, siglen, rsa); + } /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -159,12 +163,16 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } + if(rsa->flags & RSA_FLAG_SIGN_VER) + { #ifndef OPENSSL_NO_ENGINE - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_verify) - return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, - m, m_len, sigbuf, siglen, rsa); + if(ENGINE_get_RSA(rsa->engine)->rsa_verify) + return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, + m, m_len, sigbuf, siglen, rsa); #endif + return rsa->meth->rsa_verify(dtype, m, m_len, + sigbuf, siglen, rsa); + } s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) From 43eb3b0130539b6ebce32e683b56c531f19adb1e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 06:00:05 +0000 Subject: [PATCH 242/550] We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h. --- crypto/dh/dh_key.c | 3 --- crypto/dsa/dsa_ossl.c | 3 --- crypto/dsa/dsa_sign.c | 3 --- crypto/dsa/dsa_vrf.c | 3 --- crypto/dsa/dsatest.c | 4 ---- crypto/evp/evp_acnf.c | 3 --- crypto/rsa/rsa_eay.c | 3 --- crypto/rsa/rsa_test.c | 3 --- 8 files changed, 25 deletions(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 28c20750b..48e7be45c 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,9 +61,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b6e08584a..c3ad7a14a 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,9 +64,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 5cdc8ed85..89205026f 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,9 +64,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index fffb129f8..c4aeddd05 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,9 +65,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 53c73c5cc..49c630b10 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -74,10 +74,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#include -#endif #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index 54c073ca4..ff3e311cc 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -59,9 +59,6 @@ #include "cryptlib.h" #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index ad6ccf634..aff86343c 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -61,9 +61,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #ifndef RSA_NULL diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 99abb1fde..924e9ad1f 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,9 +16,6 @@ int main(int argc, char *argv[]) } #else #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ From 0b553683063250d29c4e5405844b860724fb8009 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 06:01:55 +0000 Subject: [PATCH 243/550] We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer.. --- crypto/rsa/rsa_sign.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 619755ce0..02eb8136b 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -62,9 +62,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -81,11 +78,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, ASN1_OCTET_STRING digest; if(rsa->flags & RSA_FLAG_SIGN_VER) { -#ifndef OPENSSL_NO_ENGINE - if(ENGINE_get_RSA(rsa->engine)->rsa_sign) - return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, - m, m_len, sigret, siglen, rsa); -#endif return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } @@ -165,11 +157,6 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, if(rsa->flags & RSA_FLAG_SIGN_VER) { -#ifndef OPENSSL_NO_ENGINE - if(ENGINE_get_RSA(rsa->engine)->rsa_verify) - return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, - m, m_len, sigbuf, siglen, rsa); -#endif return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } From f65a75786b4eaf633ffab2ccb52f2c0dd51d268d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 8 Apr 2003 06:31:36 +0000 Subject: [PATCH 244/550] Fix ordering of compare functions: strncmp() must be used first, a the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" --- ssl/ssl_ciph.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d4f86f6ed..f175dc875 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -715,13 +715,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * So additionally check whether the cipher name found * has the correct length. We can save a strlen() call: * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. + * sufficient, we have to strncmp() anyway. (We cannot + * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; while (ca_list[j]) { - if ((ca_list[j]->name[buflen] == '\0') && - !strncmp(buf, ca_list[j]->name, buflen)) + if (!strncmp(buf, ca_list[j]->name, buflen) && + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; From e96133e4cf60f9185203202b7bbbd79485eeeb12 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 08:36:20 +0000 Subject: [PATCH 245/550] It seems like OpenUnix's ld uses LD_LIBRARY_PATH to search for libraries. What's worse, the directories given in LD_LIBRARY_PATH are checked first! Therefore, we need a hack to prepend all the directories we give with -L to the current value of LD_LIBRARY_PATH, thereby temporarly forming a hacked value. Only copy LIBEXTRAS if they are given. Svr5 doesn't use -z allextract... --- Makefile.shared | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index 3584158b9..c39c8424e 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -88,11 +88,17 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \ $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp ) @@ -122,7 +128,8 @@ LINK_SO_A_VIA_O= \ $(LINK_SO) && rm -f $(LIBNAME).o LINK_SO_A_UNPACKED= \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ - (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && cp $(LIBEXTRAS) $$UNPACKDIR && \ + (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \ + ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ SHOBJECTS=$$UNPACKDIR/*.o; \ $(LINK_SO) && rm -rf $$UNPACKDIR @@ -457,11 +464,11 @@ link_o.svr3: else \ $(CALC_VERSIONS); \ SHARE_FLAG='-G'; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ - ALLSYMSFLAGS='-z allextract'; \ + ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ @@ -473,11 +480,11 @@ link_a.svr3: else \ $(CALC_VERSIONS); \ SHARE_FLAG='-G'; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ - ALLSYMSFLAGS='-z allextract'; \ + ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ From d6fd88fffd7afffaa666d7206b1cb55db8adb69f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 08:57:23 +0000 Subject: [PATCH 246/550] I forgot to continuation mark. --- Makefile.shared | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index c39c8424e..ec1e1788b 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -89,7 +89,7 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) @@ -97,7 +97,7 @@ LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \ From 4a4a04622e21c6ef3a14771b62094e32538594e4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 08:58:56 +0000 Subject: [PATCH 247/550] A single quote too many. --- Makefile.shared | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index ec1e1788b..22a3bd927 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -88,7 +88,7 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) @@ -96,7 +96,7 @@ LINK_APP= \ LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ From a10922010776ff15413d0a04ba339aaea150ee82 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 09:27:43 +0000 Subject: [PATCH 248/550] Correct a few typos. It seems that svr3 and svr5 differ, after all. --- Makefile.shared | 59 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 10 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index 22a3bd927..aee364bea 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -88,7 +88,7 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) @@ -96,7 +96,7 @@ LINK_APP= \ LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ @@ -457,8 +457,47 @@ link_app.solaris: $(LINK_APP) # OpenServer 5 native compilers used -# UnixWare 7 and OpenUNIX 8 native compilers used link_o.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDCMD='$(CC)'; \ + fi; \ + $(LINK_SO_O) +link_a.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDCMD='$(CC)'; \ + fi; \ + $(LINK_SO_A_UNPACKED) +link_app.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) + +# UnixWare 7 and OpenUNIX 8 native compilers used +link_o.svr5: @ if ${DETECT_GNU_LD}; then \ $(DO_GNU_SO); \ else \ @@ -474,7 +513,7 @@ link_o.svr3: SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) -link_a.svr3: +link_a.svr5: @ if ${DETECT_GNU_LD}; then \ $(DO_GNU_SO); \ else \ @@ -490,7 +529,7 @@ link_a.svr3: SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A_UNPACKED) -link_app.svr3: +link_app.svr5: @ if ${DETECT_GNU_LD}; then \ $(DO_GNU_APP); \ else \ @@ -667,7 +706,7 @@ link_app.reliantunix: $(LINK_APP) # Targets to build symbolic links when needed -symlink.gnu symlink.solaris symlink.svr3 symlink.irix \ +symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ symlink.aix symlink.reliantunix: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -717,10 +756,10 @@ link_o.svr3-shared: link_o.svr3 link_a.svr3-shared: link_a.svr3 link_app.svr3-shared: link_app.svr3 symlink.svr3-shared: symlink.svr3 -link_o.svr5-shared: link_o.svr3 -link_a.svr5-shared: link_a.svr3 -link_app.svr5-shared: link_app.svr3 -symlink.svr5-shared: symlink.svr3 +link_o.svr5-shared: link_o.svr5 +link_a.svr5-shared: link_a.svr5 +link_app.svr5-shared: link_app.svr5 +symlink.svr5-shared: symlink.svr5 link_o.irix-shared: link_o.irix link_a.irix-shared: link_a.irix link_app.irix-shared: link_app.irix From 721688c2f8d6fd8f4559af8167cbfdc377169ad4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 11:07:05 +0000 Subject: [PATCH 249/550] Include rand.h, so RAND_status() and friends get properly declared. --- crypto/rsa/rsa_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 3ebde4fd9..53c509201 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -62,6 +62,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_ENGINE #include #endif From 0b1c00abeb0a33e5a63b804c797a41e2b72ad92d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 10 Apr 2003 00:04:02 +0000 Subject: [PATCH 250/550] Typo. --- crypto/asn1/asn1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 790e7b967..a9ba2d6e9 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -132,7 +132,7 @@ extern "C" { #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 #define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0008 +#define B_ASN1_TELETEXSTRING 0x0004 #define B_ASN1_VIDEOTEXSTRING 0x0008 #define B_ASN1_IA5STRING 0x0010 #define B_ASN1_GRAPHICSTRING 0x0020 From c93fbfaebc661e3a601c9af70bdf2aa0d2abd054 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 05:46:51 +0000 Subject: [PATCH 251/550] Explicitely tell the compiler we're mips3 for the target irix-mips3-cc. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 54536235f..b829d6632 100755 --- a/Configure +++ b/Configure @@ -218,7 +218,7 @@ my %table=( # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # N64 ABI builds. "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 5924c21608fcd31d5ac9773c71f101e5ff3b7217 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 18:36:31 +0000 Subject: [PATCH 252/550] There's a problem building shared libraries on the sco5-gcc target. However, it's time for a release, so I'm just adding an enty in PROBLEMS, and will hopefully solve this for a later release --- PROBLEMS | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/PROBLEMS b/PROBLEMS index 1a956b548..85e96a5eb 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -98,3 +98,34 @@ config-line. './Configure aix43-cc shared' is working, but not libraries. It's possible to build 64-bit shared libraries by running 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one supporting even gcc shared builds. See RT#463 for background information. + +* Problems building shared libraries on SCO OpenServer Release 5.0.6 + with gcc 2.95.3 + +The symptoms appear when running the test suite, more specifically +test/ectest, with the following result: + +OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest +ectest.c:186: ABORT + +The cause of the problem seems to be that isxdigit(), called from +BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further +investigation shows that any of the isxxx() macros return 0 on any +input. A direct look in the information array that the isxxx() use, +called __ctype, shows that it contains all zeroes... + +Taking a look at the newly created libcrypto.so with nm, one can see +that the variable __ctype is defined in libcrypto's .bss (which +explains why it is filled with zeroes): + +$ nm -Pg libcrypto.so | grep __ctype +__ctype B 0011659c +__ctype2 U + +Curiously, __ctype2 is undefined, in spite of being declared in +/usr/include/ctype.h in exactly the same way as __ctype. + +Any information helping to solve this issue would be deeply +appreciated. + +NOTE: building non-shared doesn't come with this problem. From 26abc8f01ad1007615bdd3e6c595857bbbac55c9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 19:11:32 +0000 Subject: [PATCH 253/550] Remove all those infernal stupid CR characters --- INSTALL.W32 | 576 ++++++++++++++++++++++++++-------------------------- 1 file changed, 288 insertions(+), 288 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index d4996560d..78d289e16 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -1,288 +1,288 @@ - - INSTALLATION ON THE WIN32 PLATFORM - ---------------------------------- - - [Instructions for building for Windows CE can be found in INSTALL.WCE] - - Heres a few comments about building OpenSSL in Windows environments. Most - of this is tested on Win32 but it may also work in Win 3.1 with some - modification. - - You need Perl for Win32. Unless you will build on Cygwin, you will need - ActiveState Perl, available from http://www.activestate.com/ActivePerl. - - and one of the following C compilers: - - * Visual C++ - * Borland C - * GNU C (Cygwin or MinGW) - - If you are compiling from a tarball or a CVS snapshot then the Win32 files - may well be not up to date. This may mean that some "tweaking" is required to - get it all to work. See the trouble shooting section later on for if (when?) - it goes wrong. - - Visual C++ - ---------- - - If you want to compile in the assembly language routines with Visual C++ then - you will need an assembler. This is worth doing because it will result in - faster code: for example it will typically result in a 2 times speedup in the - RSA routines. Currently the following assemblers are supported: - - * Microsoft MASM (aka "ml") - * Free Netwide Assembler NASM. - - MASM is distributed with most versions of VC++. For the versions where it is - not included in VC++, it is also distributed with some Microsoft DDKs, for - example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have - either of these DDKs then you can just download the binaries for the Windows - 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to - ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be - downloaded from the Microsoft developers site www.msdn.com. - - NASM is freely available. Version 0.98 was used during testing: other versions - may also work. It is available from many places, see for example: - http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ - The NASM binary nasmw.exe needs to be installed anywhere on your PATH. - - Firstly you should run Configure: - - > perl Configure VC-WIN32 - - Next you need to build the Makefiles and optionally the assembly language - files: - - - If you are using MASM then run: - - > ms\do_masm - - - If you are using NASM then run: - - > ms\do_nasm - - - If you don't want to use the assembly language files at all then run: - - > ms\do_ms - - If you get errors about things not having numbers assigned then check the - troubleshooting section: you probably won't be able to compile it as it - stands. - - Then from the VC++ environment at a prompt do: - - > nmake -f ms\ntdll.mak - - If all is well it should compile and you will have some DLLs and executables - in out32dll. If you want to try the tests then do: - - > cd out32dll - > ..\ms\test - - Tweaks: - - There are various changes you can make to the Win32 compile environment. By - default the library is not compiled with debugging symbols. If you add 'debug' - to the mk1mf.pl lines in the do_* batch file then debugging symbols will be - compiled in. Note that mk1mf.pl expects the platform to be the last argument - on the command line, so 'debug' must appear before that, as all other options. - - The default Win32 environment is to leave out any Windows NT specific - features. - - If you want to enable the NT specific features of OpenSSL (currently only the - logging BIO) follow the instructions above but call the batch file do_nt.bat - instead of do_ms.bat. - - You can also build a static version of the library using the Makefile - ms\nt.mak - - Borland C++ builder 5 - --------------------- - - * Configure for building with Borland Builder: - > perl Configure BC-32 - - * Create the appropriate makefile - > ms\do_nasm - - * Build - > make -f ms\bcb.mak - - Borland C++ builder 3 and 4 - --------------------------- - - * Setup PATH. First must be GNU make then bcb4/bin - - * Run ms\bcb4.bat - - * Run make: - > make -f bcb.mak - - GNU C (Cygwin) - -------------- - - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other the other Win32 - makes. - - Cygwin implements a Posix/Unix runtime system (cygwin1.dll). - It is also possible to create Win32 binaries that only use the - Microsoft C runtime system (msvcrt.dll or crtdll.dll) using - MinGW. MinGW can be used in the Cygwin development environment - or in a standalone setup as described in the following section. - - To build OpenSSL using Cygwin: - - * Install Cygwin (see http://cygwin.com/) - - * Install Perl and ensure it is in the path. Both Cygwin perl - (5.6.1-2 or newer) and ActivePerl work. - - * Run the Cygwin bash shell - - * $ tar zxvf openssl-x.x.x.tar.gz - $ cd openssl-x.x.x - - To build the Cygwin version of OpenSSL: - - $ ./config - [...] - $ make - [...] - $ make test - $ make install - - This will create a default install in /usr/local/ssl. - - To build the MinGW version (native Windows) in Cygwin: - - $ ./Configure mingw - [...] - $ make - [...] - $ make test - $ make install - - Cygwin Notes: - - "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - "bc" is not provided in older Cygwin distribution. This causes a - non-fatal error in "make test" but is otherwise harmless. If - desired and needed, GNU bc can be built with Cygwin without change. - - GNU C (MinGW) - ------------- - - * Compiler installation: - - MinGW is available from http://www.mingw.org. Run the installer and - set the MinGW bin directory to the PATH in "System Properties" or - autoexec.bat. - - * Compile OpenSSL: - - > ms\mingw32 - - This will create the library and binaries in out. In case any problems - occur, try - > ms\mingw32 no-asm - instead. - - libcrypto.a and libssl.a are the static libraries. To use the DLLs, - link with libeay32.a and libssl32.a instead. - - See troubleshooting if you get error messages about functions not having - a number assigned. - - * You can now try the tests: - - > cd out - > ..\ms\test - - - Installation - ------------ - - If you used the Cygwin procedure above, you have already installed and - can skip this section. For all other procedures, there's currently no real - installation procedure for Win32. There are, however, some suggestions: - - - do nothing. The include files are found in the inc32/ subdirectory, - all binaries are found in out32dll/ or out32/ depending if you built - dynamic or static libraries. - - - do as is written in INSTALL.Win32 that comes with modssl: - - $ md c:\openssl - $ md c:\openssl\bin - $ md c:\openssl\lib - $ md c:\openssl\include - $ md c:\openssl\include\openssl - $ copy /b inc32\* c:\openssl\include\openssl - $ copy /b out32dll\ssleay32.lib c:\openssl\lib - $ copy /b out32dll\libeay32.lib c:\openssl\lib - $ copy /b out32dll\ssleay32.dll c:\openssl\bin - $ copy /b out32dll\libeay32.dll c:\openssl\bin - $ copy /b out32dll\openssl.exe c:\openssl\bin - - Of course, you can choose another device than c:. C: is used here - because that's usually the first (and often only) harddisk device. - Note: in the modssl INSTALL.Win32, p: is used rather than c:. - - - Troubleshooting - --------------- - - Since the Win32 build is only occasionally tested it may not always compile - cleanly. If you get an error about functions not having numbers assigned - when you run ms\do_ms then this means the Win32 ordinal files are not up to - date. You can do: - - > perl util\mkdef.pl crypto ssl update - - then ms\do_XXX should not give a warning any more. However the numbers that - get assigned by this technique may not match those that eventually get - assigned in the CVS tree: so anything linked against this version of the - library may need to be recompiled. - - If you get errors about unresolved symbols there are several possible - causes. - - If this happens when the DLL is being linked and you have disabled some - ciphers then it is possible the DEF file generator hasn't removed all - the disabled symbols: the easiest solution is to edit the DEF files manually - to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. - - Another cause is if you missed or ignored the errors about missing numbers - mentioned above. - - If you get warnings in the code then the compilation will halt. - - The default Makefile for Win32 halts whenever any warnings occur. Since VC++ - has its own ideas about warnings which don't always match up to other - environments this can happen. The best fix is to edit the file with the - warning in and fix it. Alternatively you can turn off the halt on warnings by - editing the CFLAG line in the Makefile and deleting the /WX option. - - You might get compilation errors. Again you will have to fix these or report - them. - - One final comment about compiling applications linked to the OpenSSL library. - If you don't use the multithreaded DLL runtime library (/MD option) your - program will almost certainly crash because malloc gets confused -- the - OpenSSL DLLs are statically linked to one version, the application must - not use a different one. You might be able to work around such problems - by adding CRYPTO_malloc_init() to your program before any calls to the - OpenSSL libraries: This tells the OpenSSL libraries to use the same - malloc(), free() and realloc() as the application. However there are many - standard library functions used by OpenSSL that call malloc() internally - (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot - rely on CRYPTO_malloc_init() solving your problem, and you should - consistently use the multithreaded library. + + INSTALLATION ON THE WIN32 PLATFORM + ---------------------------------- + + [Instructions for building for Windows CE can be found in INSTALL.WCE] + + Heres a few comments about building OpenSSL in Windows environments. Most + of this is tested on Win32 but it may also work in Win 3.1 with some + modification. + + You need Perl for Win32. Unless you will build on Cygwin, you will need + ActiveState Perl, available from http://www.activestate.com/ActivePerl. + + and one of the following C compilers: + + * Visual C++ + * Borland C + * GNU C (Cygwin or MinGW) + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- + + If you want to compile in the assembly language routines with Visual C++ then + you will need an assembler. This is worth doing because it will result in + faster code: for example it will typically result in a 2 times speedup in the + RSA routines. Currently the following assemblers are supported: + + * Microsoft MASM (aka "ml") + * Free Netwide Assembler NASM. + + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. + + NASM is freely available. Version 0.98 was used during testing: other versions + may also work. It is available from many places, see for example: + http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ + The NASM binary nasmw.exe needs to be installed anywhere on your PATH. + + Firstly you should run Configure: + + > perl Configure VC-WIN32 + + Next you need to build the Makefiles and optionally the assembly language + files: + + - If you are using MASM then run: + + > ms\do_masm + + - If you are using NASM then run: + + > ms\do_nasm + + - If you don't want to use the assembly language files at all then run: + + > ms\do_ms + + If you get errors about things not having numbers assigned then check the + troubleshooting section: you probably won't be able to compile it as it + stands. + + Then from the VC++ environment at a prompt do: + + > nmake -f ms\ntdll.mak + + If all is well it should compile and you will have some DLLs and executables + in out32dll. If you want to try the tests then do: + + > cd out32dll + > ..\ms\test + + Tweaks: + + There are various changes you can make to the Win32 compile environment. By + default the library is not compiled with debugging symbols. If you add 'debug' + to the mk1mf.pl lines in the do_* batch file then debugging symbols will be + compiled in. Note that mk1mf.pl expects the platform to be the last argument + on the command line, so 'debug' must appear before that, as all other options. + + The default Win32 environment is to leave out any Windows NT specific + features. + + If you want to enable the NT specific features of OpenSSL (currently only the + logging BIO) follow the instructions above but call the batch file do_nt.bat + instead of do_ms.bat. + + You can also build a static version of the library using the Makefile + ms\nt.mak + + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + + Borland C++ builder 3 and 4 + --------------------------- + + * Setup PATH. First must be GNU make then bcb4/bin + + * Run ms\bcb4.bat + + * Run make: + > make -f bcb.mak + + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other the other Win32 + makes. + + Cygwin implements a Posix/Unix runtime system (cygwin1.dll). + It is also possible to create Win32 binaries that only use the + Microsoft C runtime system (msvcrt.dll or crtdll.dll) using + MinGW. MinGW can be used in the Cygwin development environment + or in a standalone setup as described in the following section. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path. Both Cygwin perl + (5.6.1-2 or newer) and ActivePerl work. + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + + To build the Cygwin version of OpenSSL: + + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + To build the MinGW version (native Windows) in Cygwin: + + $ ./Configure mingw + [...] + $ make + [...] + $ make test + $ make install + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + + GNU C (MinGW) + ------------- + + * Compiler installation: + + MinGW is available from http://www.mingw.org. Run the installer and + set the MinGW bin directory to the PATH in "System Properties" or + autoexec.bat. + + * Compile OpenSSL: + + > ms\mingw32 + + This will create the library and binaries in out. In case any problems + occur, try + > ms\mingw32 no-asm + instead. + + libcrypto.a and libssl.a are the static libraries. To use the DLLs, + link with libeay32.a and libssl32.a instead. + + See troubleshooting if you get error messages about functions not having + a number assigned. + + * You can now try the tests: + + > cd out + > ..\ms\test + + + Installation + ------------ + + If you used the Cygwin procedure above, you have already installed and + can skip this section. For all other procedures, there's currently no real + installation procedure for Win32. There are, however, some suggestions: + + - do nothing. The include files are found in the inc32/ subdirectory, + all binaries are found in out32dll/ or out32/ depending if you built + dynamic or static libraries. + + - do as is written in INSTALL.Win32 that comes with modssl: + + $ md c:\openssl + $ md c:\openssl\bin + $ md c:\openssl\lib + $ md c:\openssl\include + $ md c:\openssl\include\openssl + $ copy /b inc32\* c:\openssl\include\openssl + $ copy /b out32dll\ssleay32.lib c:\openssl\lib + $ copy /b out32dll\libeay32.lib c:\openssl\lib + $ copy /b out32dll\ssleay32.dll c:\openssl\bin + $ copy /b out32dll\libeay32.dll c:\openssl\bin + $ copy /b out32dll\openssl.exe c:\openssl\bin + + Of course, you can choose another device than c:. C: is used here + because that's usually the first (and often only) harddisk device. + Note: in the modssl INSTALL.Win32, p: is used rather than c:. + + + Troubleshooting + --------------- + + Since the Win32 build is only occasionally tested it may not always compile + cleanly. If you get an error about functions not having numbers assigned + when you run ms\do_ms then this means the Win32 ordinal files are not up to + date. You can do: + + > perl util\mkdef.pl crypto ssl update + + then ms\do_XXX should not give a warning any more. However the numbers that + get assigned by this technique may not match those that eventually get + assigned in the CVS tree: so anything linked against this version of the + library may need to be recompiled. + + If you get errors about unresolved symbols there are several possible + causes. + + If this happens when the DLL is being linked and you have disabled some + ciphers then it is possible the DEF file generator hasn't removed all + the disabled symbols: the easiest solution is to edit the DEF files manually + to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. + + Another cause is if you missed or ignored the errors about missing numbers + mentioned above. + + If you get warnings in the code then the compilation will halt. + + The default Makefile for Win32 halts whenever any warnings occur. Since VC++ + has its own ideas about warnings which don't always match up to other + environments this can happen. The best fix is to edit the file with the + warning in and fix it. Alternatively you can turn off the halt on warnings by + editing the CFLAG line in the Makefile and deleting the /WX option. + + You might get compilation errors. Again you will have to fix these or report + them. + + One final comment about compiling applications linked to the OpenSSL library. + If you don't use the multithreaded DLL runtime library (/MD option) your + program will almost certainly crash because malloc gets confused -- the + OpenSSL DLLs are statically linked to one version, the application must + not use a different one. You might be able to work around such problems + by adding CRYPTO_malloc_init() to your program before any calls to the + OpenSSL libraries: This tells the OpenSSL libraries to use the same + malloc(), free() and realloc() as the application. However there are many + standard library functions used by OpenSSL that call malloc() internally + (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot + rely on CRYPTO_malloc_init() solving your problem, and you should + consistently use the multithreaded library. From 1774e22d6f4cfec2b7c078f27b130c1dfeeeb41b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 19:33:09 +0000 Subject: [PATCH 254/550] New NEWS --- NEWS | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/NEWS b/NEWS index 629d77f95..31eaa7eab 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,17 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Configuration: Irix fixes, AIX fixes, better mingw support. + o Support for new platforms: linux-ia64-ecc. + o Build: shared library support fixes. + o ASN.1: treat domainComponent correctly. + o Documentation: fixes and additions. + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: o Security: Important security related bugfixes. From 1a0c1f90525ae2815784184546bc07649a2c788b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 20:11:09 +0000 Subject: [PATCH 255/550] make update --- TABLE | 2 +- crypto/dh/Makefile.ssl | 14 +++++--------- crypto/dsa/Makefile.ssl | 25 ++++++++----------------- crypto/evp/Makefile.ssl | 9 ++------- crypto/rsa/Makefile.ssl | 22 ++++++++-------------- test/Makefile.ssl | 24 +++++++++--------------- 6 files changed, 33 insertions(+), 63 deletions(-) diff --git a/TABLE b/TABLE index 966087157..d8fd63c06 100644 --- a/TABLE +++ b/TABLE @@ -2727,7 +2727,7 @@ $arflags = *** irix-mips3-cc $cc = cc -$cflags = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index c1ccf0060..1f72d521e 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -120,18 +120,14 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dh_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dh_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_key.o: ../../include/openssl/ui.h ../cryptlib.h dh_key.c +dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 29fa723c6..6a60976f4 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -149,38 +149,29 @@ dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_ossl.o: ../cryptlib.h dsa_ossl.c dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dsa_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 0f82cf78d..2d51730d2 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -321,18 +321,13 @@ encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -evp_acnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_acnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -evp_acnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_acnf.o: ../cryptlib.h evp_acnf.c +evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index 31fe777b2..cd7f94deb 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -113,16 +113,12 @@ rsa_depr.o: ../cryptlib.h rsa_depr.c rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -rsa_eay.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rsa_eay.o: ../cryptlib.h rsa_eay.c +rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -213,15 +209,13 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_sign.o: ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_sign.o: ../cryptlib.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 2b61e6f00..15247879c 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -811,17 +811,14 @@ dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c -dsatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -dsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -dsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -dsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -dsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -dsatest.o: ../include/openssl/engine.h ../include/openssl/err.h -dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h +dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h +dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c +dsatest.o: ../include/openssl/symhacks.h dsatest.c ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h @@ -952,15 +949,12 @@ rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h rmdtest.o: ../include/openssl/symhacks.h rmdtest.c rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h -rsa_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h -rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -rsa_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -rsa_test.o: ../include/openssl/engine.h ../include/openssl/err.h +rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -rsa_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h rsa_test.c +rsa_test.o: ../include/openssl/symhacks.h rsa_test.c sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sha1test.o: ../include/openssl/bn.h ../include/openssl/crypto.h sha1test.o: ../include/openssl/e_os2.h ../include/openssl/evp.h From 138f970e6ea32914eac3d9216dabc8511088ad71 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 20:38:24 +0000 Subject: [PATCH 256/550] Add the 0.9.6j news. --- NEWS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS b/NEWS index 31eaa7eab..cc9405c3b 100644 --- a/NEWS +++ b/NEWS @@ -70,6 +70,13 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Build: shared library support fixes. + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: o Important security related bugfixes. From 7a04fdd87f544cef6aa08d54f7b9ff6b1eb4e7ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 11 Apr 2003 15:03:12 +0000 Subject: [PATCH 257/550] include 'Changes between 0.9.6i and 0.9.6j' --- CHANGES | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/CHANGES b/CHANGES index 66870e6c8..6b1d73c5e 100644 --- a/CHANGES +++ b/CHANGES @@ -2424,6 +2424,31 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked From cd1226bc6a7849e8103bb5fae55fe560ad16d20f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 15 Apr 2003 13:01:37 +0000 Subject: [PATCH 258/550] Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt() --- crypto/rsa/rsa_eay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index aff86343c..ee2a70bb4 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -504,6 +504,8 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&f); BN_clear_free(&ret); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { OPENSSL_cleanse(buf,num); From 040c687ce479bda5b68fd865d5ab97a91035e29e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 16 Apr 2003 06:25:21 +0000 Subject: [PATCH 259/550] Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice. --- crypto/rsa/rsa.h | 11 +++++------ crypto/rsa/rsa_lib.c | 8 ++++++-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 604fc2644..12689fc22 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -162,11 +162,6 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -179,7 +174,11 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 -#define RSA_FLAG_NO_BLINDING 0x80 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 53c509201..e4d622851 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa) int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { - BIGNUM *A,*Ai; + BIGNUM *A,*Ai = NULL; BN_CTX *ctx; int ret=0; @@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) else ctx=p_ctx; + /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ if (rsa->blinding != NULL) + { BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; + } /* NB: similar code appears in setup_blinding (rsa_eay.c); * this should be placed in a new function of its own, but for reasons @@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) rsa->blinding->thread_id = CRYPTO_thread_id(); rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; - BN_free(Ai); ret=1; err: + if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); if (ctx != p_ctx) BN_CTX_free(ctx); return(ret); From 1cc087fe4f8367075058d30aee6c04816fcbe74a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 21 Apr 2003 22:00:36 +0000 Subject: [PATCH 260/550] Make it possible to affect the extension of man pages. PR: 578 --- Makefile.org | 13 +++++++------ openssl.spec | 7 +------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/Makefile.org b/Makefile.org index 58c0807fb..6f2188ad8 100644 --- a/Makefile.org +++ b/Makefile.org @@ -191,6 +191,7 @@ MAKE= $(NEWMAKE) -f Makefile.ssl MANDIR=$(OPENSSLDIR)/man MAN1=1 MAN3=3 +MANSUFFIX= SHELL=/bin/sh TOP= . @@ -568,33 +569,33 @@ install_docs: for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ - echo "installing man$$sec/$$fn.$$sec"; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$$sec $$n.$$sec; \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ done); \ done; \ for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ - echo "installing man$$sec/$$fn.$$sec"; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$$sec $$n.$$sec; \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ done); \ done diff --git a/openssl.spec b/openssl.spec index 3085d3e94..27b74934a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -102,12 +102,7 @@ LD_LIBRARY_PATH=`pwd` make test %install rm -rf $RPM_BUILD_ROOT -make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install - -# Rename manpages -for x in $RPM_BUILD_ROOT/usr/man/man*/* - do mv ${x} ${x}ssl -done +make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install # Make backwards-compatibility symlink to ssleay ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay From eec7968f18bf16034ff924cd56ce07611fb188da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 22 Apr 2003 08:29:21 +0000 Subject: [PATCH 261/550] fix typo Submitted by: Nils Larsch --- crypto/x509/x509type.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 8eaf10248..4af98214a 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -102,10 +102,10 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_RSA: ret|=EVP_PKS_RSA; break; - case EVP_PKS_DSA: + case EVP_PKEY_DSA: ret|=EVP_PKS_DSA; break; - case EVP_PKS_EC: + case EVP_PKEY_EC: ret|=EVP_PKS_EC; break; default: From ea5240a5edceccc6c6410a56b68ec4d8038da4bb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:25:21 +0000 Subject: [PATCH 262/550] Add an extended variant of OBJ_bsearch() that can be given a few flags. --- CHANGES | 15 +++++++++++++++ crypto/objects/obj_dat.c | 35 +++++++++++++++++++++++++++-------- crypto/objects/objects.h | 7 ++++++- 3 files changed, 48 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 6b1d73c5e..c65cf1f5f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,21 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but + takes an extra flags argument for optional functionality. Currently, + the following flags are defined: + + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. + + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. + *) Make it possible to create self-signed certificates with 'openssl ca' in such a way that the self-signed certificate becomes part of the CA database and uses the same mechanisms for serial number generation diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5d983e3ed..adab7a734 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -556,8 +556,14 @@ static int obj_cmp(const void *ap, const void *bp) const char *OBJ_bsearch(const char *key, const char *base, int num, int size, int (*cmp)(const void *, const void *)) { + return OBJ_bsearch_ex(key, base, num, size, cmp, 0); + } + +const char *OBJ_bsearch_ex(const char *key, const char *base, int num, + int size, int (*cmp)(const void *, const void *), int flags) + { int l,h,i,c; - const char *p; + const char *p = NULL; if (num == 0) return(NULL); l=0; @@ -572,20 +578,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, else if (c > 0) l=i+1; else - return(p); + break; } #ifdef CHARSET_EBCDIC /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and * I don't have perl (yet), we revert to a *LINEAR* search * when the object wasn't found in the binary search. */ - for (i=0; i 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) + i--; + p = &(base[i*size]); + } + return(p); } int OBJ_create_objects(BIO *in) diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index de1053281..8b509516f 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -966,7 +966,10 @@ #define OBJ_NAME_TYPE_COMP_METH 0x04 #define OBJ_NAME_TYPE_NUM 0x05 -#define OBJ_NAME_ALIAS 0x8000 +#define OBJ_NAME_ALIAS 0x8000 + +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 #ifdef __cplusplus @@ -1010,6 +1013,8 @@ int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); const char * OBJ_bsearch(const char *key,const char *base,int num,int size, int (*cmp)(const void *, const void *)); +const char * OBJ_bsearch_ex(const char *key,const char *base,int num, + int size, int (*cmp)(const void *, const void *), int flags); int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); From 26851b6b42260bdfd5c5b8332b5d3d00fa60f3df Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:30:55 +0000 Subject: [PATCH 263/550] Add an extended variant of sk_find() which returns a non-NULL pointer even if an exact match wasn't found. --- crypto/stack/safestack.h | 78 ++++++++++++++++++++++++++++++++++++++++ crypto/stack/stack.c | 26 +++++++------- crypto/stack/stack.h | 1 + util/mkstack.pl | 1 + 4 files changed, 93 insertions(+), 13 deletions(-) diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ecb2b8ffe..3110e50a8 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -214,6 +214,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) @@ -234,6 +235,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) @@ -254,6 +256,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) @@ -274,6 +277,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) @@ -294,6 +298,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) @@ -314,6 +319,7 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) @@ -334,6 +340,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) @@ -354,6 +361,7 @@ STACK_OF(type) \ #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) @@ -374,6 +382,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) @@ -394,6 +403,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) @@ -414,6 +424,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) @@ -434,6 +445,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) @@ -454,6 +466,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) @@ -474,6 +487,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) @@ -494,6 +508,7 @@ STACK_OF(type) \ #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) @@ -514,6 +529,7 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) @@ -534,6 +550,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) @@ -554,6 +571,7 @@ STACK_OF(type) \ #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) @@ -574,6 +592,7 @@ STACK_OF(type) \ #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) @@ -594,6 +613,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) @@ -614,6 +634,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) @@ -634,6 +655,7 @@ STACK_OF(type) \ #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) @@ -654,6 +676,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) @@ -674,6 +697,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) @@ -694,6 +718,7 @@ STACK_OF(type) \ #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) @@ -714,6 +739,7 @@ STACK_OF(type) \ #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) @@ -734,6 +760,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) @@ -754,6 +781,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) @@ -774,6 +802,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) @@ -794,6 +823,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) @@ -814,6 +844,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) @@ -834,6 +865,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) @@ -854,6 +886,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) @@ -874,6 +907,7 @@ STACK_OF(type) \ #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) @@ -894,6 +928,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) @@ -914,6 +949,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) @@ -934,6 +970,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) @@ -954,6 +991,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) @@ -974,6 +1012,7 @@ STACK_OF(type) \ #define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) #define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) #define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) @@ -994,6 +1033,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) @@ -1014,6 +1054,7 @@ STACK_OF(type) \ #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) @@ -1024,6 +1065,27 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) + #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) @@ -1034,6 +1096,7 @@ STACK_OF(type) \ #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) @@ -1054,6 +1117,7 @@ STACK_OF(type) \ #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) @@ -1074,6 +1138,7 @@ STACK_OF(type) \ #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) @@ -1094,6 +1159,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) @@ -1114,6 +1180,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) @@ -1134,6 +1201,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) @@ -1154,6 +1222,7 @@ STACK_OF(type) \ #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) @@ -1174,6 +1243,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) @@ -1194,6 +1264,7 @@ STACK_OF(type) \ #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) @@ -1214,6 +1285,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) @@ -1234,6 +1306,7 @@ STACK_OF(type) \ #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) @@ -1254,6 +1327,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) @@ -1274,6 +1348,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) @@ -1294,6 +1369,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) @@ -1314,6 +1390,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) @@ -1334,6 +1411,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 2496f28a8..98a3eeee6 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -210,7 +210,7 @@ char *sk_delete(STACK *st, int loc) return(ret); } -int sk_find(STACK *st, char *data) +static int internal_find(STACK *st, char *data, int ret_val_options) { char **r; int i; @@ -233,19 +233,19 @@ int sk_find(STACK *st, char *data) * not (type *) pointers, but the *pointers* to (type *) pointers, * so we get our extra level of pointer dereferencing that way. */ comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)bsearch(&data,(char *)st->data, - st->num,sizeof(char *), comp_func); + r=(char **)OBJ_bsearch(&data,(char *)st->data, + st->num,sizeof(char *),comp_func,ret_val_options); if (r == NULL) return(-1); - i=(int)(r-st->data); - for ( ; i>0; i--) - /* This needs a cast because the type being pointed to from - * the "&" expressions are (char *) rather than (const char *). - * For an explanation, read: - * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ - if ((*st->comp)((const char * const *)&(st->data[i-1]), - (const char * const *)&data) < 0) - break; - return(i); + return((int)(r-st->data)); + } + +int sk_find(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); + } +int sk_find_ex(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); } int sk_push(STACK *st, char *data) diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h index 8b436ca4b..0058d50f1 100644 --- a/crypto/stack/stack.h +++ b/crypto/stack/stack.h @@ -89,6 +89,7 @@ int sk_insert(STACK *sk,char *data,int where); char *sk_delete(STACK *st,int loc); char *sk_delete_ptr(STACK *st, char *p); int sk_find(STACK *st,char *data); +int sk_find_ex(STACK *st,char *data); int sk_push(STACK *st,char *data); int sk_unshift(STACK *st,char *data); char *sk_shift(STACK *st); diff --git a/util/mkstack.pl b/util/mkstack.pl index 085c50f79..be2cb4f1e 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -75,6 +75,7 @@ while() { #define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val)) #define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val)) #define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val)) +#define sk_${type_thing}_find_ex(st, val) SKM_sk_find_ex($type_thing, (st), (val)) #define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i)) #define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr)) #define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i)) From 9d6c32d6d1e35274277a861ac3199a1db3f3f81a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:31:58 +0000 Subject: [PATCH 264/550] Correct documentation. sk_find_ex() doesn't return a pointer, it returns an index. --- CHANGES | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGES b/CHANGES index c65cf1f5f..2a926d191 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the function sk_find_ex() which works like sk_find(), but will + return an index to an element even if an exact match couldn't be + found. The index is guaranteed to point at the element where the + searched-for key would be inserted to preserve sorting order. + [Richard Levitte] + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but takes an extra flags argument for optional functionality. Currently, the following flags are defined: @@ -18,6 +24,7 @@ element where the comparing function returns zero. This is useful if there are more than one element where the comparing function returns zero. + [Richard Levitte] *) Make it possible to create self-signed certificates with 'openssl ca' in such a way that the self-signed certificate becomes part of the From 54dbdd983702525a5d11c11e18aa1fe07a6aeb43 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:45:36 +0000 Subject: [PATCH 265/550] Some variables were uninitialised... --- crypto/objects/obj_dat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index adab7a734..d463c11f5 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -562,7 +562,7 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, const char *OBJ_bsearch_ex(const char *key, const char *base, int num, int size, int (*cmp)(const void *, const void *), int flags) { - int l,h,i,c; + int l,h,i=0,c=0; const char *p = NULL; if (num == 0) return(NULL); From d584fd6b661604e2e70cc5d27321666733ceed78 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:46:32 +0000 Subject: [PATCH 266/550] Include objects.h to get a correct declaration of OBJ_bsearch_ex(), not to mention the OBJ_BSEARCH_* macros. --- crypto/stack/stack.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 98a3eeee6..1d2b47ee6 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -68,6 +68,7 @@ #include #include "cryptlib.h" #include +#include #undef MIN_NODES #define MIN_NODES 4 @@ -233,7 +234,7 @@ static int internal_find(STACK *st, char *data, int ret_val_options) * not (type *) pointers, but the *pointers* to (type *) pointers, * so we get our extra level of pointer dereferencing that way. */ comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)OBJ_bsearch(&data,(char *)st->data, + r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, st->num,sizeof(char *),comp_func,ret_val_options); if (r == NULL) return(-1); return((int)(r-st->data)); From 7ae46c676142a675ea3fd0c8ca66d2cbc6a5a30e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 21:35:28 +0000 Subject: [PATCH 267/550] make update --- crypto/stack/Makefile.ssl | 12 +++++++----- crypto/stack/safestack.h | 21 --------------------- util/libeay.num | 2 ++ 3 files changed, 9 insertions(+), 26 deletions(-) diff --git a/crypto/stack/Makefile.ssl b/crypto/stack/Makefile.ssl index e4acfe6ab..5e32ad90e 100644 --- a/crypto/stack/Makefile.ssl +++ b/crypto/stack/Makefile.ssl @@ -79,10 +79,12 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -stack.o: ../../e_os.h ../../include/openssl/bio.h -stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +stack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +stack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +stack.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +stack.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +stack.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h stack.o: ../cryptlib.h stack.c diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 3110e50a8..ce4bf3538 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1065,27 +1065,6 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) -#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) -#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) -#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) -#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) -#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) -#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) -#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) -#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) -#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) -#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) - #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) diff --git a/util/libeay.num b/util/libeay.num index 865fa9fe7..dc31ec3f5 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3022,3 +3022,5 @@ GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: EVP_PKEY_cmp 3453 EXIST::FUNCTION: X509_REQ_check_private_key 3454 EXIST::FUNCTION: +sk_find_ex 3455 EXIST::FUNCTION: +OBJ_bsearch_ex 3456 EXIST::FUNCTION: From 1ae0a83bdd37cdbe09d6612b7d50627dbabbe882 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 22:08:57 +0000 Subject: [PATCH 268/550] Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code that uses them that I'll commit in a few days. --- CHANGES | 6 ++++++ crypto/buffer/buf_err.c | 5 +++-- crypto/buffer/buffer.c | 29 ++++++++++++++++++++++++----- crypto/buffer/buffer.h | 4 ++++ 4 files changed, 37 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 2a926d191..9a416dea6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() + works like BUF_strdup() but can be used to duplicate a portion of + a string. The copy gets NUL-terminated. BUF_memdup() duplicates + a memory area. + [Richard Levitte] + *) Add the function sk_find_ex() which works like sk_find(), but will return an index to an element even if an exact match couldn't be found. The index is guaranteed to point at the element where the diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 655906078..73702f0f1 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* crypto/buffer/buf_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,15 +61,16 @@ #include #include #include -#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA BUF_str_functs[]= { +{ERR_PACK(0,BUF_F_BUF_MEMDUP,0), "BUF_memdup"}, {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, {ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, +{ERR_PACK(0,BUF_F_BUF_STRNDUP,0), "BUF_strndup"}, {0,NULL} }; diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index d96487e7d..03ebf23a1 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -163,23 +163,42 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) } char *BUF_strdup(const char *str) + { + if (str == NULL) return(NULL); + return BUF_strndup(str, strlen(str)); + } + +char *BUF_strndup(const char *str, size_t siz) { char *ret; - int n; if (str == NULL) return(NULL); - n=strlen(str); - ret=OPENSSL_malloc(n+1); + ret=OPENSSL_malloc(siz+1); if (ret == NULL) { - BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); + BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); return(NULL); } - memcpy(ret,str,n+1); + BUF_strlcpy(ret,str,siz+1); return(ret); } +void *BUF_memdup(const void *data, size_t siz) + { + void *ret; + + if (data == NULL) return(NULL); + + ret=OPENSSL_malloc(siz); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + return memcpy(ret, data, siz); + } + size_t BUF_strlcpy(char *dst, const char *src, size_t size) { size_t l = 0; diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 465dc34f3..164f8aa6e 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -78,6 +78,8 @@ void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +char * BUF_strndup(const char *str, size_t siz); +void * BUF_memdup(const void *data, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst,const char *src,size_t siz); @@ -93,9 +95,11 @@ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ /* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 #define BUF_F_BUF_MEM_GROW 100 #define BUF_F_BUF_MEM_NEW 101 #define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 /* Reason codes. */ From 7e4140f73f3a3762523f1ca2eec3595852d89ed0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 22:24:17 +0000 Subject: [PATCH 269/550] make update --- util/libeay.num | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/libeay.num b/util/libeay.num index dc31ec3f5..32389b624 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3024,3 +3024,5 @@ EVP_PKEY_cmp 3453 EXIST::FUNCTION: X509_REQ_check_private_key 3454 EXIST::FUNCTION: sk_find_ex 3455 EXIST::FUNCTION: OBJ_bsearch_ex 3456 EXIST::FUNCTION: +BUF_memdup 3457 EXIST::FUNCTION: +BUF_strndup 3458 EXIST::FUNCTION: From 535fba49073d9f144469a83e0220b7ec0c283bf2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:45:18 +0000 Subject: [PATCH 270/550] Define the OPENSSL_ITEM structure. --- CHANGES | 5 +++++ crypto/crypto.h | 14 +++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9a416dea6..57f503b67 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add a generic structure called OPENSSL_ITEM. This can be used to + pass a list of arguments to any function as well as provide a way + for a function to pass data back to the caller. + [Richard Levitte] + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() works like BUF_strdup() but can be used to duplicate a portion of a string. The copy gets NUL-terminated. BUF_memdup() duplicates diff --git a/crypto/crypto.h b/crypto/crypto.h index 0f15a5654..dd90cfa55 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -152,6 +152,16 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st + { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ + } OPENSSL_ITEM; + + /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock * names in cryptlib.c */ @@ -192,7 +202,8 @@ extern "C" { #define CRYPTO_LOCK_ECDH 34 #define CRYPTO_LOCK_BN 35 #define CRYPTO_LOCK_EC_PRE_COMP 36 -#define CRYPTO_NUM_LOCKS 37 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_NUM_LOCKS 38 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -302,6 +313,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) #define CRYPTO_EX_INDEX_ECDSA 12 #define CRYPTO_EX_INDEX_ECDH 13 #define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 /* Dynamically assigned indexes start from this value (don't use directly, use * via CRYPTO_ex_data_new_class). */ From 9236b5b01351315532a36764f1d844d6b2d744c9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:46:10 +0000 Subject: [PATCH 271/550] Define a STORE lock (the STORE type will be committed later). --- crypto/cryptlib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index bc023e3f4..9c38f15ab 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -167,7 +167,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ecdh", "bn", "ec_pre_comp", -#if CRYPTO_NUM_LOCKS != 37 + "store", +#if CRYPTO_NUM_LOCKS != 38 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; From a5db6fa5760f21d16d59e025e930c02456e00fef Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:53:12 +0000 Subject: [PATCH 272/550] Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h. --- CHANGES | 6 + Makefile.org | 3 +- crypto/Makefile.ssl | 3 +- crypto/crypto-lib.com | 4 +- crypto/err/err.h | 3 + crypto/err/openssl.ec | 2 + crypto/store/.cvsignore | 2 + crypto/store/Makefile.ssl | 141 ++++ crypto/store/README | 94 +++ crypto/store/store.h | 482 ++++++++++++ crypto/store/str_err.c | 176 +++++ crypto/store/str_lib.c | 1507 +++++++++++++++++++++++++++++++++++++ crypto/store/str_locl.h | 123 +++ crypto/store/str_mem.c | 324 ++++++++ crypto/store/str_meth.c | 215 ++++++ util/mkdef.pl | 1 + 16 files changed, 3083 insertions(+), 3 deletions(-) create mode 100644 crypto/store/.cvsignore create mode 100644 crypto/store/Makefile.ssl create mode 100644 crypto/store/README create mode 100644 crypto/store/store.h create mode 100644 crypto/store/str_err.c create mode 100644 crypto/store/str_lib.c create mode 100644 crypto/store/str_locl.h create mode 100644 crypto/store/str_mem.c create mode 100644 crypto/store/str_meth.c diff --git a/CHANGES b/CHANGES index 57f503b67..7389f3592 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + *) Add a generic structure called OPENSSL_ITEM. This can be used to pass a list of arguments to any function as well as provide a way for a function to pass data back to the caller. diff --git a/Makefile.org b/Makefile.org index 6f2188ad8..02cad4dfa 100644 --- a/Makefile.org +++ b/Makefile.org @@ -178,7 +178,8 @@ SDIRS= \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa dh ecdh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store # tests to perform. "alltests" is a special word indicating that all tests # should be performed. diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 522a162c1..b52157e4d 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -30,7 +30,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa ecdh dh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store GENERAL=Makefile README crypto-lib.com install.com diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index c118da309..a6838c248 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -80,7 +80,8 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" + "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - + "STORE" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -265,6 +266,7 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - $ LIB_UI_COMPAT = ",ui_compat" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT $ LIB_KRB5 = "krb5_asn" +$ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $! $! Setup exceptional compilations $! diff --git a/crypto/err/err.h b/crypto/err/err.h index 95658addf..08838190f 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -135,6 +135,7 @@ typedef struct err_state_st #define ERR_LIB_COMP 41 #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 #define ERR_LIB_USER 128 @@ -165,6 +166,7 @@ typedef struct err_state_st #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -219,6 +221,7 @@ typedef struct err_state_st #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 3ac40512d..64200fceb 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -27,8 +27,10 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c +L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c +L STORE crypto/store/store.h crypto/store/str_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/store/.cvsignore b/crypto/store/.cvsignore new file mode 100644 index 000000000..695fdd005 --- /dev/null +++ b/crypto/store/.cvsignore @@ -0,0 +1,2 @@ +Makefile.save +lib diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl new file mode 100644 index 000000000..2d8135504 --- /dev/null +++ b/crypto/store/Makefile.ssl @@ -0,0 +1,141 @@ +# +# OpenSSL/crypto/store/Makefile +# + +DIR= store +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +#TEST= storetest.c +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c +LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o + +SRC= $(LIBSRC) + +EXHEADER= store.h str_compat.h +HEADER= $(EXHEADER) str_locl.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +str_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +str_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +str_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_err.o: str_err.c +str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +str_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h +str_mem.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_mem.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_mem.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_mem.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_mem.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_mem.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_mem.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_mem.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_mem.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_mem.o: ../../include/openssl/x509_vfy.h str_locl.h str_mem.c +str_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_meth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_meth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_meth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_meth.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +str_meth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_meth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_meth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_meth.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_meth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_meth.o: ../../include/openssl/x509_vfy.h str_locl.h str_meth.c diff --git a/crypto/store/README b/crypto/store/README new file mode 100644 index 000000000..a5a494899 --- /dev/null +++ b/crypto/store/README @@ -0,0 +1,94 @@ +The STORE type +============== + +A STORE, as defined in this code section, is really a rather simple +thing which stores objects and per-object associations to a number +of attributes. What attributes are supported entirely depends on +the particular implementation of a STORE. It has some support for +generation of certain objects (for example, keys and CRLs). + + +Supported object types +---------------------- + +For now, the objects that are supported are the following: + +X.509 certificate +X.509 CRL +private key +public key +number + +The intention is that a STORE should be able to store everything +needed by an application that wants a cert/key store, as well as +the data a CA might need to store (this includes the serial number +counter, which explains the support for numbers). + + +Supported attribute types +------------------------- + +For now, the following attributes are supported: + +Friendly Name - the value is a normal C string +Key ID - the value is a 160 bit SHA1 hash +Issuer Key ID - the value is a 160 bit SHA1 hash +Subject Key ID - the value is a 160 bit SHA1 hash +Issuer/Serial Hash - the value is a 160 bit SHA1 hash +Issuer - the value is a X509_NAME +Serial - the value is a BIGNUM +Subject - the value is a X509_NAME +Certificate Hash - the value is a 160 bit SHA1 hash +Email - the value is a normal C string +Filename - the value is a normal C string + +It is expected that these attributes should be enough to support +the need from most, if not all, current applications. Applications +that need to do certificate verification would typically use Subject +Key ID, Issuer/Serial Hash or Subject to look up issuer certificates. +S/MIME applications would typically use Email to look up recipient +and signer certificates. + +There's added support for combined sets of attributes to search for, +with the special OR attribute. + + +Supported basic functionality +----------------------------- + +The functions that are supported through the STORE type are these: + +generate_object - for example to generate keys and CRLs +get_object - to look up one object + NOTE: this function is really rather + redundant and probably of lesser usage + than the list functions +store_object - store an object and the attributes + associated with it +modify_object - modify the attributes associated with + a specific object +revoke_object - revoke an object + NOTE: this only marks an object as + invalid, it doesn't remove the object + from the database +delete_object - remove an object from the database +list_object - list objects associated with a given + set of attributes + NOTE: this is really four functions: + list_start, list_next, list_end and + list_endp +update_store - update the internal data of the store +lock_store - lock the store +unlock_store - unlock the store + +The list functions need some extra explanation: list_start is +used to set up a lookup. That's where the attributes to use in +the search are set up. It returns a search context. list_next +returns the next object searched for. list_end closes the search. +list_endp is used to check if we have reached the end. + +A few words on the store functions as well: update_store is +typically used by a CA application to update the internal +structure of a database. This may for example involve automatic +removal of expired certificates. lock_store and unlock_store +are used for locking a store to allow exclusive writes. diff --git a/crypto/store/store.h b/crypto/store/store.h new file mode 100644 index 000000000..f99a26414 --- /dev/null +++ b/crypto/store/store.h @@ -0,0 +1,482 @@ +/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_H +#define HEADER_STORE_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* The STORE type is a per-store context that holds all the necessary data + to perform all the supported storage operations. */ +typedef struct store_st STORE; + +/* All instances of STORE have a reference to a method structure, which is a + ordered vector of functions that implement the lower level things to do. + There is an instruction on the implementation further down, in the section + for method implementors. */ +typedef struct store_method_st STORE_METHOD; + + +/* All the following functions return 0, a negative number or NULL on error. + When everything is fine, they return a positive value or a non-NULL + pointer, all depending on their purpose. */ + +/* Creators and destructor. */ +STORE *STORE_new_method(const STORE_METHOD *method); +void STORE_free(STORE *ui); + + +/* Give a user interface parametrised control commands. This can be used to + send down an integer, a data pointer or a function pointer, as well as + be used to get information from a STORE. */ +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)()); + +/* A control to set the directory with keys and certificates. Used by the + built-in directory level method. */ +#define STORE_CTRL_SET_DIRECTORY 0x0001 +/* A control to set a file to load. Used by the built-in file level method. */ +#define STORE_CTRL_SET_FILE 0x0002 +/* A control to set a configuration file to load. Can be used by any method + that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_FILE 0x0003 +/* A control to set a the section of the loaded configuration file. Can be + used by any method that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_SECTION 0x0004 + + +/* Some methods may use extra data */ +#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) +#define STORE_get_app_data(s) STORE_get_ex_data(s,0) +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int STORE_set_ex_data(STORE *r,int idx,void *arg); +void *STORE_get_ex_data(STORE *r, int idx); + +/* Use specific methods instead of the built-in one */ +const STORE_METHOD *STORE_get_method(STORE *store); +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); + +/* The standard OpenSSL methods. */ +/* This is the in-memory method. It does everything except revoking and updating, + and is of course volatile. It's used by other methods that have an in-memory + cache. */ +const STORE_METHOD *STORE_Memory(void); +/* This is the directory store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. */ +const STORE_METHOD *STORE_Directory(void); +/* This is the file store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. Certificates are added + to it with the store operation, and it will only get cached certificates. */ +const STORE_METHOD *STORE_File(void); + + +/* Store functions take a type code for the type of data they should store + or fetch */ +typedef enum STORE_object_types + { + STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, + STORE_OBJECT_TYPE_X509_CRL= 0x02, + STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, + STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, + STORE_OBJECT_TYPE_NUMBER= 0x05, + STORE_OBJECT_TYPE_NUM= 0x05 /* The amount of known + object types */ + } STORE_OBJECT_TYPES; +/* List of text strings corresponding to the object types. */ +extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1]; + +/* Some store functions take a parameter list. Those parameters come with + one of the following codes. The comments following the codes below indicate + what type the value should be a pointer to. */ +typedef enum STORE_params + { + STORE_PARAM_EVP_TYPE= 0x01, /* int */ + STORE_PARAM_BITS= 0x02, /* size_t */ + STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ + STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ + STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known + parameter types */ + } STORE_PARAM_TYPES; +/* Parameter value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1]; + +/* Store functions take attribute lists. Those attributes come with codes. + The comments following the codes below indicate what type the value should + be a pointer to. */ +typedef enum STORE_attribs + { + STORE_ATTR_END= 0x00, + STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */ + STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */ + STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */ + STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */ + STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */ + STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */ + STORE_ATTR_EMAIL= 0x0a, /* C string */ + STORE_ATTR_FILENAME= 0x0b, /* C string */ + STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known + attribute types */ + STORE_ATTR_OR= 0xff /* This is a special + separator, which + expresses the OR + operation. */ + } STORE_ATTR_TYPES; +/* Attribute value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1]; + +typedef enum STORE_certificate_status + { + STORE_X509_VALID= 0x00, + STORE_X509_EXPIRED= 0x01, + STORE_X509_SUSPENDED= 0x02, + STORE_X509_REVOKED= 0x03 + } STORE_CERTIFICATE_STATUS; + +/* Engine store functions will return a structure that contains all the necessary + * information, including revokation status for certificates. This is really not + * needed for application authors, as the ENGINE framework functions will extract + * the OpenSSL-specific information when at all possible. However, for engine + * authors, it's crucial to know this structure. */ +typedef struct STORE_OBJECT_st + { + STORE_OBJECT_TYPES type; + union + { + struct + { + STORE_CERTIFICATE_STATUS status; + X509 *certificate; + } x509; + X509_CRL *crl; + EVP_PKEY *key; + BIGNUM *number; + } data; + } STORE_OBJECT; +DECLARE_STACK_OF(STORE_OBJECT); +STORE_OBJECT *STORE_OBJECT_new(void); +void STORE_OBJECT_free(STORE_OBJECT *data); + + + +/* The following functions handle the storage. They return 0, a negative number + or NULL on error, anything else on success. */ +X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[]); +int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[]); +X509 *STORE_list_certificate_next(STORE *e, void *handle); +int STORE_list_certificate_end(STORE *e, void *handle); +int STORE_list_certificate_endp(STORE *e, void *handle); +EVP_PKEY *STORE_generate_key(STORE *e, + int evp_type, size_t bits, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_private_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); +int STORE_list_private_key_end(STORE *e, void *handle); +int STORE_list_private_key_endp(STORE *e, void *handle); +EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); +int STORE_list_public_key_end(STORE *e, void *handle); +int STORE_list_public_key_endp(STORE *e, void *handle); +X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[]); +int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_list_crl_next(STORE *e, void *handle); +int STORE_list_crl_end(STORE *e, void *handle); +int STORE_list_crl_endp(STORE *e, void *handle); +int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); + + +/* Create and manipulate methods */ +STORE_METHOD *STORE_create_method(char *name); +void STORE_destroy_method(STORE_METHOD *store_method); + +/* These callback types are use for store handlers */ +typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); +typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); +typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[]); +typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); +typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[]); +typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); + +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR gen_f); +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR gen_f); +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f); +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f); +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f); +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f); +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f); + +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm); +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm); +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm); +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm); +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm); +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm); +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); + +/* Method helper structures and functions. */ + +/* This structure is the result of parsing through the information in a list + of OPENSSL_ITEMs. It stores all the necessary information in a structured + way.*/ +typedef struct STORE_attr_info_st STORE_ATTR_INFO; + +/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. + Note that we do this in the list form, since the list of OPENSSL_ITEMs can + come in blocks separated with STORE_ATTR_OR. Note that the value returned + by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */ +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); +int STORE_parse_attrs_end(void *handle); +int STORE_parse_attrs_endp(void *handle); + +/* Creator and destructor */ +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); + +/* Manipulators */ +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code); +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); + +/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values + in each contained attribute. */ +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a are also set in b. */ +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_STORE_strings(void); + +/* Error codes for the STORE functions. */ + +/* Function codes. */ +#define STORE_F_MEM_DELETE 134 +#define STORE_F_MEM_GENERATE 135 +#define STORE_F_MEM_LIST_NEXT 136 +#define STORE_F_MEM_LIST_START 137 +#define STORE_F_MEM_STORE 138 +#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 +#define STORE_F_STORE_ATTR_INFO_GET0_DN 140 +#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 +#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 +#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 +#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 +#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 +#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 +#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 +#define STORE_F_STORE_ATTR_INFO_SET_DN 148 +#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 +#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 +#define STORE_F_STORE_CERTIFICATE 100 +#define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_DELETE_CERTIFICATE 102 +#define STORE_F_STORE_DELETE_CRL 103 +#define STORE_F_STORE_DELETE_NUMBER 104 +#define STORE_F_STORE_DELETE_PRIVATE_KEY 105 +#define STORE_F_STORE_DELETE_PUBLIC_KEY 106 +#define STORE_F_STORE_GENERATE_CRL 107 +#define STORE_F_STORE_GENERATE_KEY 108 +#define STORE_F_STORE_GET_CERTIFICATE 109 +#define STORE_F_STORE_GET_CRL 110 +#define STORE_F_STORE_GET_NUMBER 111 +#define STORE_F_STORE_GET_PRIVATE_KEY 112 +#define STORE_F_STORE_GET_PUBLIC_KEY 113 +#define STORE_F_STORE_LIST_CERTIFICATE_END 114 +#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 +#define STORE_F_STORE_LIST_CERTIFICATE_START 116 +#define STORE_F_STORE_LIST_CRL_END 117 +#define STORE_F_STORE_LIST_CRL_NEXT 118 +#define STORE_F_STORE_LIST_CRL_START 119 +#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 +#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 +#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 +#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +#define STORE_F_STORE_NEW_ENGINE 133 +#define STORE_F_STORE_NEW_METHOD 132 +#define STORE_F_STORE_NUMBER 126 +#define STORE_F_STORE_PARSE_ATTRS_END 151 +#define STORE_F_STORE_PARSE_ATTRS_NEXT 152 +#define STORE_F_STORE_PRIVATE_KEY 127 +#define STORE_F_STORE_PUBLIC_KEY 128 +#define STORE_F_STORE_REVOKE_CERTIFICATE 129 +#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 +#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 + +/* Reason codes. */ +#define STORE_R_ALREADY_HAS_A_VALUE 127 +#define STORE_R_FAILED_DELETING_CERTIFICATE 100 +#define STORE_R_FAILED_DELETING_KEY 101 +#define STORE_R_FAILED_DELETING_NUMBER 102 +#define STORE_R_FAILED_GENERATING_CRL 103 +#define STORE_R_FAILED_GENERATING_KEY 104 +#define STORE_R_FAILED_GETTING_CERTIFICATE 105 +#define STORE_R_FAILED_GETTING_KEY 106 +#define STORE_R_FAILED_GETTING_NUMBER 107 +#define STORE_R_FAILED_LISTING_CERTIFICATES 108 +#define STORE_R_FAILED_LISTING_KEYS 109 +#define STORE_R_FAILED_REVOKING_CERTIFICATE 110 +#define STORE_R_FAILED_REVOKING_KEY 111 +#define STORE_R_FAILED_STORING_CERTIFICATE 112 +#define STORE_R_FAILED_STORING_KEY 113 +#define STORE_R_FAILED_STORING_NUMBER 114 +#define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 +#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 +#define STORE_R_NO_GENERATE_CRL_FUNCTION 117 +#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +#define STORE_R_NO_GET_OBJECT_FUNCTION 119 +#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 +#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 +#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 +#define STORE_R_NO_STORE 129 +#define STORE_R_NO_STORE_OBJECT_FUNCTION 125 +#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 +#define STORE_R_NO_VALUE 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c new file mode 100644 index 000000000..ac88dff0e --- /dev/null +++ b/crypto/store/str_err.c @@ -0,0 +1,176 @@ +/* crypto/store/str_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA STORE_str_functs[]= + { +{ERR_PACK(0,STORE_F_MEM_DELETE,0), "MEM_DELETE"}, +{ERR_PACK(0,STORE_F_MEM_GENERATE,0), "MEM_GENERATE"}, +{ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, +{ERR_PACK(0,STORE_F_MEM_LIST_START,0), "MEM_LIST_START"}, +{ERR_PACK(0,STORE_F_MEM_STORE,0), "MEM_STORE"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_CSTR,0), "STORE_ATTR_INFO_get0_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_DN,0), "STORE_ATTR_INFO_get0_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_NUMBER,0), "STORE_ATTR_INFO_get0_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,0), "STORE_ATTR_INFO_get0_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,0), "STORE_ATTR_INFO_modify_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_DN,0), "STORE_ATTR_INFO_modify_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,0), "STORE_ATTR_INFO_modify_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,0), "STORE_ATTR_INFO_modify_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_CSTR,0), "STORE_ATTR_INFO_set_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_DN,0), "STORE_ATTR_INFO_set_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_NUMBER,0), "STORE_ATTR_INFO_set_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, +{ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_NUMBER,0), "STORE_delete_number"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_PRIVATE_KEY,0), "STORE_delete_private_key"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_PUBLIC_KEY,0), "STORE_delete_public_key"}, +{ERR_PACK(0,STORE_F_STORE_GENERATE_CRL,0), "STORE_generate_crl"}, +{ERR_PACK(0,STORE_F_STORE_GENERATE_KEY,0), "STORE_generate_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_CERTIFICATE,0), "STORE_get_certificate"}, +{ERR_PACK(0,STORE_F_STORE_GET_CRL,0), "STORE_get_crl"}, +{ERR_PACK(0,STORE_F_STORE_GET_NUMBER,0), "STORE_get_number"}, +{ERR_PACK(0,STORE_F_STORE_GET_PRIVATE_KEY,0), "STORE_get_private_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_PUBLIC_KEY,0), "STORE_get_public_key"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_END,0), "STORE_list_certificate_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_NEXT,0), "STORE_list_certificate_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_START,0), "STORE_list_certificate_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_END,0), "STORE_list_crl_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_NEXT,0), "STORE_list_crl_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_START,0), "STORE_list_crl_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_END,0), "STORE_list_private_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,0), "STORE_list_private_key_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_START,0), "STORE_list_private_key_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_END,0), "STORE_list_public_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, +{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, +{ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, +{ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_PARSE_ATTRS_END"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_NEXT,0), "STORE_parse_attrs_next"}, +{ERR_PACK(0,STORE_F_STORE_PRIVATE_KEY,0), "STORE_PRIVATE_KEY"}, +{ERR_PACK(0,STORE_F_STORE_PUBLIC_KEY,0), "STORE_PUBLIC_KEY"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_CERTIFICATE,0), "STORE_revoke_certificate"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_PRIVATE_KEY,0), "STORE_revoke_private_key"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_PUBLIC_KEY,0), "STORE_revoke_public_key"}, +{0,NULL} + }; + +static ERR_STRING_DATA STORE_str_reasons[]= + { +{STORE_R_ALREADY_HAS_A_VALUE ,"already has a value"}, +{STORE_R_FAILED_DELETING_CERTIFICATE ,"failed deleting certificate"}, +{STORE_R_FAILED_DELETING_KEY ,"failed deleting key"}, +{STORE_R_FAILED_DELETING_NUMBER ,"failed deleting number"}, +{STORE_R_FAILED_GENERATING_CRL ,"failed generating crl"}, +{STORE_R_FAILED_GENERATING_KEY ,"failed generating key"}, +{STORE_R_FAILED_GETTING_CERTIFICATE ,"failed getting certificate"}, +{STORE_R_FAILED_GETTING_KEY ,"failed getting key"}, +{STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, +{STORE_R_FAILED_LISTING_CERTIFICATES ,"failed listing certificates"}, +{STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, +{STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, +{STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, +{STORE_R_FAILED_STORING_CERTIFICATE ,"failed storing certificate"}, +{STORE_R_FAILED_STORING_KEY ,"failed storing key"}, +{STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, +{STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, +{STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, +{STORE_R_NO_GENERATE_CRL_FUNCTION ,"no generate crl function"}, +{STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, +{STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, +{STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, +{STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, +{STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, +{STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, +{STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, +{STORE_R_NO_STORE ,"no store"}, +{STORE_R_NO_STORE_OBJECT_FUNCTION ,"no store object function"}, +{STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION ,"no store object number function"}, +{STORE_R_NO_VALUE ,"no value"}, +{0,NULL} + }; + +#endif + +void ERR_load_STORE_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ERR_LIB_STORE,STORE_str_functs); + ERR_load_strings(ERR_LIB_STORE,STORE_str_reasons); +#endif + + } + } diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c new file mode 100644 index 000000000..8383a30e1 --- /dev/null +++ b/crypto/store/str_lib.c @@ -0,0 +1,1507 @@ +/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include "str_locl.h" + +const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = + { + 0, + "X.509 Certificate", + "X.509 CRL", + "Private Key", + "Public Key", + "Number" + }; + +const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = + { + 0, + sizeof(int), /* EVP_TYPE */ + sizeof(size_t), /* BITS */ + -1, /* KEY_PARAMETERS */ + 0 /* KEY_NO_PARAMETERS */ + }; + +const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = + { + 0, + -1, /* FRIENDLYNAME: C string */ + SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ + sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ + sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ + sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ + SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ + -1, /* EMAIL: C string */ + -1, /* FILENAME: C string */ + }; + +STORE *STORE_new_method(const STORE_METHOD *method) + { + STORE *ret; + + ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return NULL; + } + if (method == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + else + ret->meth=method; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); + if (ret->meth->init && !ret->meth->init(ret)) + { + STORE_free(ret); + ret = NULL; + } + return ret; + } + +STORE *STORE_new_engine(ENGINE *engine) + { + STORE *ret = NULL; + ENGINE *e = engine; + const STORE_METHOD *meth = 0; + +#ifdef OPENSSL_NO_ENGINE + e = NULL; +#else + if (engine) + { + if (!ENGINE_init(engine)) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); + return NULL; + } + e = engine; + } + else + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if(e) + { + meth = ENGINE_get_STORE(e); + if(!meth) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, + ERR_R_ENGINE_LIB); + ENGINE_finish(e); + return NULL; + } + } +#endif + + ret = STORE_new_method(meth); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB); + return NULL; + } + + ret->engine = e; + + return(ret); + } + +void STORE_free(STORE *store) + { + if (store == NULL) + return; + if (store->meth->clean) + store->meth->clean(store); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); + OPENSSL_free(store); + } + + +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, + new_func, dup_func, free_func); + } + +int STORE_set_ex_data(STORE *r, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +void *STORE_get_ex_data(STORE *r, int idx) + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + +const STORE_METHOD *STORE_get_method(STORE *store) + { + return store->meth; + } + +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) + { + store->meth=meth; + return store->meth; + } + + +/* API helpers */ + +#define check_store(s,fncode,fnname,fnerrcode) \ + do \ + { \ + if ((s) == NULL || (s)->meth) \ + { \ + STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ + return 0; \ + } \ + if ((s)->meth->fnname == NULL) \ + { \ + STOREerr((fncode), (fnerrcode)); \ + return 0; \ + } \ + } \ + while(0) + +/* API functions */ + +X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_GET_CERTIFICATE, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_GET_CERTIFICATE, + STORE_R_FAILED_GETTING_CERTIFICATE); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_CERTIFICATE, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + object->data.x509.certificate = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_CERTIFICATE, + STORE_R_FAILED_STORING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + { + STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, + STORE_R_FAILED_REVOKING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, + STORE_R_FAILED_DELETING_CERTIFICATE); + return 0; + } + return 1; + } + +void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return handle; + } + +X509 *STORE_list_certificate_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int STORE_list_certificate_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +int STORE_list_certificate_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_generate_key(STORE *s, + int evp_type, size_t bits, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + OPENSSL_ITEM params[3]; + + params[0].code = STORE_PARAM_EVP_TYPE; + params[0].value = &evp_type; + params[0].value_size = sizeof(evp_type); + params[1].code = STORE_PARAM_BITS; + params[1].value = &bits; + params[1].value_size = sizeof(bits); + params[2].code = 0; + + check_store(s,STORE_F_STORE_GENERATE_KEY, + generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + params, attributes); + if (!object || !object->data.key) + { + STOREerr(STORE_F_STORE_GENERATE_KEY, + STORE_R_FAILED_GENERATING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_PRIVATE_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_private_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_private_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_PUBLIC_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_PUBLIC_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_PUBLIC_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_PUBLIC_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_public_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_public_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_GENERATE_CRL, + generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, 0, attributes); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_GENERATE_CRL, + STORE_R_FAILED_GENERATING_CRL); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_GET_CRL, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_GET_CRL, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_CRL, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_CRL, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + object->data.crl = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_CRL, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_CRL, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_CRL, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CRL_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CRL_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +X509_CRL *STORE_list_crl_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_LIST_CRL_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_LIST_CRL_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +int STORE_list_crl_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CRL_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CRL_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_crl_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CRL_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CRL_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_NUMBER, + store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_NUMBER, + ERR_R_MALLOC_FAILURE); + return 0; + } + + object->data.number = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_NUMBER, + STORE_R_FAILED_STORING_NUMBER); + return 0; + } + return 1; + } + +BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + BIGNUM *n; + + check_store(s,STORE_F_STORE_GET_NUMBER, + get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes); + if (!object || !object->data.number) + { + STOREerr(STORE_F_STORE_GET_NUMBER, + STORE_R_FAILED_GETTING_NUMBER); + return 0; + } + n = object->data.number; + object->data.number = NULL; + STORE_OBJECT_free(object); + return n; + } + +int STORE_delete_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_NUMBER, + delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_NUMBER, + STORE_R_FAILED_DELETING_NUMBER); + return 0; + } + return 1; + } + +STORE_OBJECT *STORE_OBJECT_new(void) + { + STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); + if (object) memset(object, 0, sizeof(STORE_OBJECT)); + return object; + } +void STORE_OBJECT_free(STORE_OBJECT *data) + { + if (!data) return; + switch (data->type) + { + case STORE_OBJECT_TYPE_X509_CERTIFICATE: + X509_free(data->data.x509.certificate); + break; + case STORE_OBJECT_TYPE_X509_CRL: + X509_CRL_free(data->data.crl); + break; + case STORE_OBJECT_TYPE_PRIVATE_KEY: + case STORE_OBJECT_TYPE_PUBLIC_KEY: + EVP_PKEY_free(data->data.key); + break; + case STORE_OBJECT_TYPE_NUMBER: + BN_free(data->data.number); + break; + } + OPENSSL_free(data); + } + +IMPLEMENT_STACK_OF(STORE_OBJECT*); + + +struct STORE_attr_info_st + { + unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; + union + { + char *cstring; + unsigned char *sha1string; + X509_NAME *dn; + BIGNUM *number; + void *any; + } values[STORE_ATTR_TYPE_NUM+1]; + size_t value_sizes[STORE_ATTR_TYPE_NUM+1]; + }; + +#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ + && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) +#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) +#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) + +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) + { + return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); + } +static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code) + { + if (ATTR_IS_SET(attrs,code)) + { + switch(code) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + STORE_ATTR_INFO_modify_dn(attrs, code, NULL); + break; + case STORE_ATTR_SERIAL: + STORE_ATTR_INFO_modify_number(attrs, code, NULL); + break; + default: + break; + } + } + } +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs) + { + if (attrs) + { + STORE_ATTR_TYPES i; + for(i = 0; i++ < STORE_ATTR_TYPE_NUM;) + STORE_ATTR_INFO_attr_free(attrs, i); + OPENSSL_free(attrs); + } + return 1; + } +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].cstring; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, + STORE_R_NO_VALUE); + return NULL; + } +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].sha1string; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, + STORE_R_NO_VALUE); + return NULL; + } +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].dn; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, + STORE_R_NO_VALUE); + return NULL; + } +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].number; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, + STORE_R_NO_VALUE); + return NULL; + } +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].sha1string = + (unsigned char *)BUF_memdup(sha1str, + sha1str_size))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].dn = X509_NAME_dup(dn))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].number = BN_dup(number))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].cstring); + attrs->values[code].cstring = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); + } +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].sha1string); + attrs->values[code].sha1string = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); + } +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].dn); + attrs->values[code].dn = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_dn(attrs, code, dn); + } +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].number); + attrs->values[code].number = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_number(attrs, code, number); + } + +struct attr_list_ctx_st + { + OPENSSL_ITEM *attributes; + }; +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) + { + if (attributes) + { + struct attr_list_ctx_st *context = + (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); + if (context) + context->attributes = attributes; + else + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, + ERR_R_MALLOC_FAILURE); + return context; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { + STORE_ATTR_INFO *attrs = NULL; + + while(context->attributes + && context->attributes->code != STORE_ATTR_OR + && context->attributes->code != STORE_ATTR_END) + { + switch(context->attributes->code) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_set_cstr(attrs, + context->attributes->code, + context->attributes->value, + context->attributes->value_size); + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_set_sha1str(attrs, + context->attributes->code, + context->attributes->value, + context->attributes->value_size); + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_modify_dn(attrs, + context->attributes->code, + context->attributes->value); + break; + case STORE_ATTR_SERIAL: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_modify_number(attrs, + context->attributes->code, + context->attributes->value); + break; + } + context->attributes++; + } + if (context->attributes->code == STORE_ATTR_OR) + context->attributes++; + return attrs; + err: + while(context->attributes + && context->attributes->code != STORE_ATTR_OR + && context->attributes->code != STORE_ATTR_END) + context->attributes++; + if (context->attributes->code == STORE_ATTR_OR) + context->attributes++; + return NULL; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } +int STORE_parse_attrs_end(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { +#if 0 + OPENSSL_ITEM *attributes = context->attributes; +#endif + OPENSSL_free(context); + return 1; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + +int STORE_parse_attrs_endp(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { + return context->attributes->code == STORE_ATTR_END; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + +int STORE_ATTR_INFO_cmp(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned char *abits, *bbits; + int i; + + if (a == b) return 0; + if (!a) return -1; + if (!b) return 1; + abits = a->set; + bbits = b->set; + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (*abits < *bbits) return -1; + if (*abits > *bbits) return 1; + } + return 0; + } +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned char *abits, *bbits; + int i; + + if (a == b) return 1; + if (!a) return 0; + if (!b) return 0; + abits = a->set; + bbits = b->set; + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (*abits && *bbits != *abits) + return 0; + } + return 1; + } +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + STORE_ATTR_TYPES i; + + if (a == b) return 1; + if (!STORE_ATTR_INFO_in(a, b)) return 0; + for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) + if (ATTR_IS_SET(a, i)) + { + switch(i) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + if (strcmp(a->values[i].cstring, + b->values[i].cstring)) + return 0; + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + if (memcmp(a->values[i].sha1string, + b->values[i].sha1string, + a->value_sizes[i])) + return 0; + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + if (X509_NAME_cmp(a->values[i].dn, + b->values[i].dn)) + return 0; + break; + case STORE_ATTR_SERIAL: + if (BN_cmp(a->values[i].number, + b->values[i].number)) + return 0; + break; + default: + break; + } + } + + return 1; + } diff --git a/crypto/store/str_locl.h b/crypto/store/str_locl.h new file mode 100644 index 000000000..fac0f44b0 --- /dev/null +++ b/crypto/store/str_locl.h @@ -0,0 +1,123 @@ +/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_LOCL_H +#define HEADER_STORE_LOCL_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct store_method_st + { + char *name; + + /* All the functions return a positive integer or non-NULL for success + and 0, a negative integer or NULL for failure */ + + /* Initialise the STORE with private data */ + STORE_INITIALISE_FUNC_PTR init; + /* Initialise the STORE with private data */ + STORE_CLEANUP_FUNC_PTR clean; + /* Generate an object of a given type */ + STORE_GENERATE_OBJECT_FUNC_PTR generate_object; + /* Get an object of a given type. This function isn't really very + useful since the listing functions (below) can be used for the + same purpose and are much more general. */ + STORE_GET_OBJECT_FUNC_PTR get_object; + /* Store an object of a given type. */ + STORE_STORE_OBJECT_FUNC_PTR store_object; + /* Modify the attributes bound to an object of a given type. */ + STORE_MODIFY_OBJECT_FUNC_PTR modify_object; + /* Revoke an object of a given type. */ + STORE_HANDLE_OBJECT_FUNC_PTR revoke_object; + /* Delete an object of a given type. */ + STORE_HANDLE_OBJECT_FUNC_PTR delete_object; + /* List a bunch of objects of a given type and with the associated + attributes. */ + STORE_START_OBJECT_FUNC_PTR list_object_start; + STORE_NEXT_OBJECT_FUNC_PTR list_object_next; + STORE_END_OBJECT_FUNC_PTR list_object_end; + STORE_END_OBJECT_FUNC_PTR list_object_endp; + /* Store-level function to make any necessary update operations. */ + STORE_GENERIC_FUNC_PTR update_store; + /* Store-level function to get exclusive access to the store. */ + STORE_GENERIC_FUNC_PTR lock_store; + /* Store-level function to release exclusive access to the store. */ + STORE_GENERIC_FUNC_PTR unlock_store; + + /* Generic control function */ + STORE_CTRL_FUNC_PTR ctrl; + }; + +struct store_st + { + const STORE_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + + CRYPTO_EX_DATA ex_data; + int references; + }; +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c new file mode 100644 index 000000000..a6ca31d66 --- /dev/null +++ b/crypto/store/str_mem.c @@ -0,0 +1,324 @@ +/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "str_locl.h" + +struct mem_object_data_st + { + STORE_OBJECT *object; + STORE_ATTR_INFO *attr_info; + int references; + }; + +struct mem_data_st + { + STACK *data; /* A stack of mem_object_data_st, + potentially sorted with a wrapper + around STORE_ATTR_INFO_cmp(). */ + unsigned int compute_components : 1; /* Currently unused, but can + be used to add attributes + from parts of the data. */ + }; + +struct mem_ctx_st + { + int type; /* The type we're searching for */ + STACK *search_attributes; /* Sets of attributes to search for. + Each element is a STORE_ATTR_INFO. */ + int search_index; /* which of the search attributes we found a match + for, -1 when we still haven't found any */ + int index; /* -1 as long as we're searching for the first */ + }; + +static int mem_init(STORE *s); +static void mem_clean(STORE *s); +static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); +static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]); +static int mem_store(STORE *s, STORE_OBJECT_TYPES type, + STORE_OBJECT *data, OPENSSL_ITEM attributes[]); +static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); +static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]); +static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]); +static STORE_OBJECT *mem_list_next(STORE *s, void *handle); +static int mem_list_end(STORE *s, void *handle); +static int mem_list_endp(STORE *s, void *handle); +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]); +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]); +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()); + +static STORE_METHOD store_memory = + { + "OpenSSL memory store interface", + mem_init, + mem_clean, + mem_generate, + mem_get, + mem_store, + mem_modify, + NULL, /* revoke */ + mem_delete, + mem_list_start, + mem_list_next, + mem_list_end, + mem_list_endp, + NULL, /* update */ + mem_lock, + mem_unlock, + mem_ctrl + }; + +const STORE_METHOD *STORE_Memory(void) + { + return &store_memory; + } + +static int mem_init(STORE *s) + { + return 1; + } + +static void mem_clean(STORE *s) + { + return; + } + +static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]) + { + STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]) + { + void *context = mem_list_start(s, type, attributes); + + if (context) + { + STORE_OBJECT *object = mem_list_next(s, context); + + if (mem_list_end(s, context)) + return object; + } + return NULL; + } +static int mem_store(STORE *s, STORE_OBJECT_TYPES type, + STORE_OBJECT *data, OPENSSL_ITEM attributes[]) + { + STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]) + { + STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]) + { + STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]) + { + struct mem_ctx_st *context = + (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); + void *attribute_context = NULL; + STORE_ATTR_INFO *attrs = NULL; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); + return 0; + } + memset(context, 0, sizeof(struct mem_ctx_st)); + + attribute_context = STORE_parse_attrs_start(attributes); + if (!attribute_context) + { + STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); + goto err; + } + + while((attrs = STORE_parse_attrs_next(attribute_context))) + { + if (context->search_attributes == NULL) + { + context->search_attributes = + sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); + if (!context->search_attributes) + { + STOREerr(STORE_F_MEM_LIST_START, + ERR_R_MALLOC_FAILURE); + goto err; + } + } + sk_push(context->search_attributes,(char *)attrs); + } + if (!STORE_parse_attrs_endp(attribute_context)) + goto err; + STORE_parse_attrs_end(attribute_context); + context->search_index = -1; + context->index = -1; + return context; + err: + if (attribute_context) STORE_parse_attrs_end(attribute_context); + mem_list_end(s, context); + return NULL; + } +static STORE_OBJECT *mem_list_next(STORE *s, void *handle) + { + int i; + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + struct mem_object_data_st key = { 0, 0, 1 }; + struct mem_data_st *store = + (struct mem_data_st *)STORE_get_ex_data(s, 1); + int srch; + int cres = 0; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (!store) + { + STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); + return NULL; + } + + if (context->search_index == -1) + { + for (i = 0; i < sk_num(context->search_attributes); i++) + { + key.attr_info = + (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); + srch = sk_find_ex(store->data, (char *)&key); + + if (srch >= 0) + { + context->search_index = srch; + break; + } + } + } + if (context->search_index < 0) + return NULL; + + key.attr_info = + (STORE_ATTR_INFO *)sk_value(context->search_attributes, + context->search_index); + for(srch = context->search_index; + srch < sk_num(store->data) + && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, + (STORE_ATTR_INFO *)sk_value(store->data, srch))); + srch++) + ; + + context->search_index = srch; + if (cres) + return ((struct mem_object_data_st *)sk_value(store->data, + srch))->object; + return NULL; + } +static int mem_list_end(STORE *s, void *handle) + { + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (context && context->search_attributes) + sk_free(context->search_attributes); + if (context) OPENSSL_free(context); + return 1; + } +static int mem_list_endp(STORE *s, void *handle) + { + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + + if (!context + || context->search_index == sk_num(context->search_attributes)) + return 1; + return 0; + } +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]) + { + return 1; + } +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]) + { + return 1; + } +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()) + { + return 1; + } diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c new file mode 100644 index 000000000..ad6708a12 --- /dev/null +++ b/crypto/store/str_meth.c @@ -0,0 +1,215 @@ +/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "str_locl.h" + +STORE_METHOD *STORE_create_method(char *name) + { + STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); + + if (store_method) + memset(store_method, 0, sizeof(*store_method)); + store_method->name = BUF_strdup(name); + return store_method; + } + +/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method + (that is, it hasn't been allocated using STORE_create_method(), you deserve + anything Murphy can throw at you and more! You have been warned. */ +void STORE_destroy_method(STORE_METHOD *store_method) + { + if (!store_method) return; + OPENSSL_free(store_method->name); + store_method->name = NULL; + OPENSSL_free(store_method); + } + +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) + { + sm->generate_object = generate_f; + return 1; + } + +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f) + { + sm->get_object = get_f; + return 1; + } + +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f) + { + sm->store_object = store_f; + return 1; + } + +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) + { + sm->revoke_object = revoke_f; + return 1; + } + +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f) + { + sm->delete_object = delete_f; + return 1; + } + +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f) + { + sm->list_object_start = list_start_f; + return 1; + } + +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f) + { + sm->list_object_next = list_next_f; + return 1; + } + +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f) + { + sm->list_object_end = list_end_f; + return 1; + } + +int STORE_method_set_update_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) + { + sm->update_store = update_f; + return 1; + } + +int STORE_method_set_lock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) + { + sm->lock_store = lock_f; + return 1; + } + +int STORE_method_set_unlock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) + { + sm->unlock_store = unlock_f; + return 1; + } + +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) + { + sm->ctrl = ctrl_f; + return 1; + } + +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) + { + return sm->generate_object; + } + +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm) + { + return sm->get_object; + } + +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) + { + return sm->store_object; + } + +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) + { + return sm->revoke_object; + } + +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm) + { + return sm->delete_object; + } + +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm) + { + return sm->list_object_start; + } + +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm) + { + return sm->list_object_next; + } + +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) + { + return sm->list_object_end; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_update_function(STORE_METHOD *sm) + { + return sm->update_store; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_function(STORE_METHOD *sm) + { + return sm->lock_store; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_function(STORE_METHOD *sm) + { + return sm->unlock_store; + } + +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm) + { + return sm->ctrl; + } + diff --git a/util/mkdef.pl b/util/mkdef.pl index 4c15a942d..64e0430a1 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -273,6 +273,7 @@ $crypto.=" crypto/ocsp/ocsp.h"; $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/tmdiff.h"; +$crypto.=" crypto/store/store.h"; my $symhacks="crypto/symhacks.h"; From 3bbb0212f3d059d7148c62c73d719e6d79954901 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:57:46 +0000 Subject: [PATCH 273/550] Add STORE support in ENGINE. --- CHANGES | 3 + crypto/crypto-lib.com | 3 +- crypto/engine/Makefile.ssl | 435 ++++++++++++++++++++++--------------- crypto/engine/eng_int.h | 1 + crypto/engine/eng_lib.c | 1 + crypto/engine/eng_list.c | 1 + crypto/engine/engine.h | 26 ++- crypto/engine/tb_store.c | 120 ++++++++++ 8 files changed, 409 insertions(+), 181 deletions(-) create mode 100644 crypto/engine/tb_store.c diff --git a/CHANGES b/CHANGES index 7389f3592..a84028462 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add support for STORE in ENGINE. + [Richard Levitte] + *) Add the STORE type. The intention is to provide a common interface to certificate and key stores, be they simple file-based stores, or HSM-type store, or LDAP stores, or... diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index a6838c248..da1ee269b 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -202,7 +202,8 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - "dso_openssl,dso_win32,dso_vms" $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_rand,tb_cipher,tb_digest,tb_ecdh,"+ - + "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - + "tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 6b9926372..153039932 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -25,11 +25,13 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.c \ + tb_cipher.o tb_digest.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o SRC= $(LIBSRC) @@ -86,17 +88,21 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_all.o: eng_all.c eng_int.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -104,27 +110,34 @@ eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h eng_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c +eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cnf.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_cryptodev.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h -eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cryptodev.o: ../../include/openssl/ui.h eng_cryptodev.c +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cryptodev.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/store.h +eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cryptodev.o: eng_cryptodev.c eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -132,12 +145,16 @@ eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_ctrl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_ctrl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_ctrl.o: ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h +eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_ctrl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_ctrl.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_ctrl.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -145,24 +162,32 @@ eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h eng_dyn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_dyn.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_dyn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_dyn.o: ../../include/openssl/ui.h ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_dyn.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_err.o: eng_err.c +eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -170,12 +195,16 @@ eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h eng_fat.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_fat.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_fat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_fat.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_fat.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_fat.o: ../../include/openssl/ui.h ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -183,12 +212,16 @@ eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_init.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_init.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_init.o: ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_init.o: ../cryptlib.h eng_init.c eng_int.h +eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_init.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_init.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -196,11 +229,15 @@ eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -209,12 +246,16 @@ eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_list.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_list.o: ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_list.o: ../cryptlib.h eng_int.h eng_list.c +eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_list.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_list.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -232,9 +273,9 @@ eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_openssl.o: ../cryptlib.h eng_openssl.c +eng_openssl.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -242,130 +283,176 @@ eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_pkey.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_pkey.o: ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c +eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_pkey.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_pkey.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_table.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_table.o: eng_int.h eng_table.c +eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_table.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_table.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_table.o: ../../include/openssl/x509_vfy.h eng_int.h eng_table.c tb_cipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_cipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_cipher.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_cipher.o: eng_int.h tb_cipher.c +tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_cipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_cipher.o: ../../include/openssl/x509_vfy.h eng_int.h tb_cipher.c tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_dh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_dh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_dh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dh.o: ../../include/openssl/ui.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dh.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_dh.o: ../../include/openssl/x509_vfy.h eng_int.h tb_dh.c tb_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_digest.o: eng_int.h tb_digest.c +tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_digest.o: ../../include/openssl/x509_vfy.h eng_int.h tb_digest.c tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_dsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_dsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_dsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dsa.o: ../../include/openssl/ui.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_dsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_dsa.c tb_ecdh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_ecdh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_ecdh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_ecdh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_ecdh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../../include/openssl/ui.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_ecdsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_ecdsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_ecdsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_ecdsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_ecdsa.o: eng_int.h tb_ecdsa.c +tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_ecdsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_ecdsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_ecdsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_ecdsa.c tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_rand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../../include/openssl/ui.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h eng_int.h tb_rand.c tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_rsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_rsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rsa.o: ../../include/openssl/ui.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_rsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_rsa.c +tb_store.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_store.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_store.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_store.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_store.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_store.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_store.o: ../../include/openssl/x509_vfy.h eng_int.h tb_store.c diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 2c82861eb..395c7fff1 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -154,6 +154,7 @@ struct engine_st const ECDH_METHOD *ecdh_meth; const ECDSA_METHOD *ecdsa_meth; const RAND_METHOD *rand_meth; + const STORE_METHOD *store_meth; /* Cipher handling is via this callback */ ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 999061a8e..66ab06de7 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -92,6 +92,7 @@ void engine_set_all_null(ENGINE *e) e->dsa_meth = NULL; e->dh_meth = NULL; e->rand_meth = NULL; + e->store_meth = NULL; e->ciphers = NULL; e->digests = NULL; e->destroy = NULL; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 55b646da2..f94d593b0 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->ecdsa_meth = src->ecdsa_meth; #endif dest->rand_meth = src->rand_meth; + dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; dest->destroy = src->destroy; diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index d4d08d962..3a8753d50 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -88,6 +88,7 @@ #include #endif #include +#include #include #include #include @@ -123,6 +124,7 @@ typedef void ECDSA_METHOD; #define ENGINE_METHOD_ECDSA (unsigned int)0x0020 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -192,9 +194,15 @@ typedef void ECDSA_METHOD; handles/connections etc. */ #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ /* These control commands allow an application to deal with an arbitrary engine * in a dynamic way. Warn: Negative return values indicate errors FOR THESE @@ -241,7 +249,7 @@ typedef void ECDSA_METHOD; /* ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -#define ENGINE_CMD_BASE 200 +#define ENGINE_CMD_BASE 200 /* NB: These 2 nCipher "chil" control commands are deprecated, and their * functionality is now available through ENGINE-specific control commands @@ -375,6 +383,10 @@ int ENGINE_register_RAND(ENGINE *e); void ENGINE_unregister_RAND(ENGINE *e); void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + int ENGINE_register_ciphers(ENGINE *e); void ENGINE_unregister_ciphers(ENGINE *e); void ENGINE_register_all_ciphers(void); @@ -451,6 +463,7 @@ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -485,6 +498,7 @@ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -576,10 +590,10 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c new file mode 100644 index 000000000..ee89133e4 --- /dev/null +++ b/crypto/engine/tb_store.c @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is + * used by STORE to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_STORE_DEBUG */ + +static ENGINE_TABLE *store_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_STORE(ENGINE *e) + { + engine_table_unregister(&store_table, e); + } + +static void engine_unregister_all_STORE(void) + { + engine_table_cleanup(&store_table); + } + +int ENGINE_register_STORE(ENGINE *e) + { + if(e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_STORE() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_STORE(e); + } + +int ENGINE_set_default_STORE(ENGINE *e) + { + if(e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 1); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_STORE(void) + { + return engine_table_select(&store_table, dummy_nid); + } + +/* Obtains an STORE implementation from an ENGINE functional reference */ +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) + { + return e->store_meth; + } + +/* Sets an STORE implementation in an ENGINE structure */ +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) + { + e->store_meth = store_meth; + return 1; + } From d1465bac90641251fdd8c4e71ac14aa7b6f14341 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 04:10:32 +0000 Subject: [PATCH 274/550] make update --- apps/Makefile.ssl | 330 +++++++++++++++++++++----------------- crypto/conf/Makefile.ssl | 12 +- crypto/dh/Makefile.ssl | 14 +- crypto/dsa/Makefile.ssl | 10 +- crypto/ecdh/Makefile.ssl | 48 +++--- crypto/ecdsa/Makefile.ssl | 72 +++++---- crypto/err/Makefile.ssl | 8 +- crypto/evp/Makefile.ssl | 31 ++-- crypto/rand/Makefile.ssl | 14 +- crypto/rsa/Makefile.ssl | 10 +- crypto/stack/safestack.h | 21 +++ crypto/store/Makefile.ssl | 19 +-- crypto/store/store.h | 5 + crypto/store/str_err.c | 7 +- test/Makefile.ssl | 90 ++++++----- util/libeay.num | 113 +++++++++++++ 16 files changed, 517 insertions(+), 287 deletions(-) diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 168fb0623..a8a8eb0bd 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -195,10 +195,10 @@ app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -app_rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c -app_rand.o: apps.h +app_rand.o: ../include/openssl/stack.h ../include/openssl/store.h +app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h +app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -214,9 +214,10 @@ apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h apps.o: ../include/openssl/sha.h ../include/openssl/stack.h -apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -apps.o: ../include/openssl/ui.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/store.h ../include/openssl/symhacks.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -231,10 +232,10 @@ asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h -asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -asn1pars.o: asn1pars.c +asn1pars.o: ../include/openssl/stack.h ../include/openssl/store.h +asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h +asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -250,9 +251,10 @@ ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ca.o: ../include/openssl/sha.h ../include/openssl/stack.h -ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ca.o: ../include/openssl/ui.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c +ca.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h ca.c ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -270,10 +272,11 @@ ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/ui.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c +ciphers.o: ../include/openssl/stack.h ../include/openssl/store.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ciphers.o: ciphers.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -288,10 +291,10 @@ crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -crl.o: ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/stack.h ../include/openssl/store.h +crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl.o: ../include/openssl/ui.h ../include/openssl/x509.h +crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -306,10 +309,10 @@ crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -crl2p7.o: crl2p7.c +crl2p7.o: ../include/openssl/stack.h ../include/openssl/store.h +crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h +crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -324,9 +327,10 @@ dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c +dgst.o: ../include/openssl/stack.h ../include/openssl/store.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h +dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -341,9 +345,10 @@ dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c +dh.o: ../include/openssl/stack.h ../include/openssl/store.h +dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dh.o: ../include/openssl/ui.h ../include/openssl/x509.h +dh.o: ../include/openssl/x509_vfy.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -358,9 +363,10 @@ dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c +dsa.o: ../include/openssl/stack.h ../include/openssl/store.h +dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -375,10 +381,10 @@ dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -dsaparam.o: dsaparam.c +dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h +dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h ec.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -393,9 +399,10 @@ ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ec.o: ../include/openssl/rand.h ../include/openssl/rsa.h ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ec.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c +ec.o: ../include/openssl/stack.h ../include/openssl/store.h +ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ec.o: ../include/openssl/ui.h ../include/openssl/x509.h +ec.o: ../include/openssl/x509_vfy.h apps.h ec.c ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -410,10 +417,10 @@ ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ecparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -ecparam.o: ecparam.c +ecparam.o: ../include/openssl/stack.h ../include/openssl/store.h +ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ecparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -428,9 +435,10 @@ enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enc.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c +enc.o: ../include/openssl/stack.h ../include/openssl/store.h +enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +enc.o: ../include/openssl/ui.h ../include/openssl/x509.h +enc.o: ../include/openssl/x509_vfy.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h engine.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -448,10 +456,11 @@ engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -engine.o: ../include/openssl/ui.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h apps.h engine.c +engine.o: ../include/openssl/stack.h ../include/openssl/store.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +engine.o: engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -469,10 +478,11 @@ errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/ui.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c +errstr.o: ../include/openssl/stack.h ../include/openssl/store.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +errstr.o: errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -487,9 +497,10 @@ gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c +gendh.o: ../include/openssl/stack.h ../include/openssl/store.h +gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -504,10 +515,10 @@ gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -gendsa.o: gendsa.c +gendsa.o: ../include/openssl/stack.h ../include/openssl/store.h +gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -522,10 +533,10 @@ genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -genrsa.o: genrsa.c +genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h +genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -540,9 +551,10 @@ nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h -nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -nseq.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c +nseq.o: ../include/openssl/stack.h ../include/openssl/store.h +nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h +nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -561,10 +573,10 @@ ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ocsp.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -582,10 +594,11 @@ openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/ui.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/stack.h ../include/openssl/store.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -601,10 +614,10 @@ passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h -passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -passwd.o: passwd.c +passwd.o: ../include/openssl/store.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -620,9 +633,10 @@ pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs12.o: ../include/openssl/ui.h ../include/openssl/x509.h -pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c +pkcs12.o: ../include/openssl/store.h ../include/openssl/symhacks.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +pkcs12.o: pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -637,9 +651,10 @@ pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c +pkcs7.o: ../include/openssl/stack.h ../include/openssl/store.h +pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h +pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -655,9 +670,9 @@ pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs8.o: ../include/openssl/ui.h ../include/openssl/x509.h -pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c +pkcs8.o: ../include/openssl/store.h ../include/openssl/symhacks.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -671,9 +686,10 @@ rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c +rand.o: ../include/openssl/stack.h ../include/openssl/store.h +rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/ui.h ../include/openssl/x509.h +rand.o: ../include/openssl/x509_vfy.h apps.h rand.c req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h req.o: ../include/openssl/bio.h ../include/openssl/bn.h req.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -689,9 +705,10 @@ req.o: ../include/openssl/pem.h ../include/openssl/pem2.h req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h req.o: ../include/openssl/sha.h ../include/openssl/stack.h -req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -req.o: ../include/openssl/ui.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../include/openssl/store.h ../include/openssl/symhacks.h +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -706,9 +723,10 @@ rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c +rsa.o: ../include/openssl/stack.h ../include/openssl/store.h +rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -723,10 +741,10 @@ rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsautl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -rsautl.o: rsautl.c +rsautl.o: ../include/openssl/stack.h ../include/openssl/store.h +rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h +rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -744,10 +762,11 @@ s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/stack.h ../include/openssl/store.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h +s_cb.o: s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -765,10 +784,11 @@ s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c +s_client.o: ../include/openssl/stack.h ../include/openssl/store.h +s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: s_apps.h s_client.c s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -786,10 +806,11 @@ s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c +s_server.o: ../include/openssl/stack.h ../include/openssl/store.h +s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_server.o: s_apps.h s_server.c s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -807,10 +828,11 @@ s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/stack.h ../include/openssl/store.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_socket.o: s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -828,10 +850,11 @@ s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c +s_time.o: ../include/openssl/stack.h ../include/openssl/store.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_time.o: s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -849,10 +872,11 @@ sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/ui.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c +sess_id.o: ../include/openssl/stack.h ../include/openssl/store.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +sess_id.o: sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -867,9 +891,10 @@ smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h -smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -smime.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c +smime.o: ../include/openssl/stack.h ../include/openssl/store.h +smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +smime.o: ../include/openssl/ui.h ../include/openssl/x509.h +smime.o: ../include/openssl/x509_vfy.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -891,10 +916,10 @@ speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h speed.o: ../include/openssl/sha.h ../include/openssl/stack.h -speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c -speed.o: testdsa.h testrsa.h +speed.o: ../include/openssl/store.h ../include/openssl/symhacks.h +speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -909,9 +934,10 @@ spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h -spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -spkac.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c +spkac.o: ../include/openssl/stack.h ../include/openssl/store.h +spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h +spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -926,10 +952,11 @@ verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h -verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -verify.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -verify.o: ../include/openssl/x509v3.h apps.h verify.c +verify.o: ../include/openssl/stack.h ../include/openssl/store.h +verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +verify.o: ../include/openssl/ui.h ../include/openssl/x509.h +verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +verify.o: verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -946,10 +973,11 @@ version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h version.o: ../include/openssl/safestack.h ../include/openssl/sha.h -version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -version.o: ../include/openssl/x509_vfy.h apps.h version.c +version.o: ../include/openssl/stack.h ../include/openssl/store.h +version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +version.o: version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -964,7 +992,7 @@ x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h -x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -x509.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -x509.o: ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/stack.h ../include/openssl/store.h +x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +x509.o: ../include/openssl/ui.h ../include/openssl/x509.h +x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index e7bcaff74..09c68e682 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -127,9 +127,9 @@ conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_mall.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_mall.o: ../cryptlib.h conf_mall.c +conf_mall.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +conf_mall.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/bn.h conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -161,6 +161,6 @@ conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_sap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_sap.o: ../cryptlib.h conf_sap.c +conf_sap.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +conf_sap.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index 1f72d521e..41451917b 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -134,9 +134,13 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dh_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h dh_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -dh_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dh_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_lib.o: ../../include/openssl/ui.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 6a60976f4..c09938e95 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -139,11 +139,15 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index 8a0e43852..ff46ca041 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -89,29 +89,37 @@ ech_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ech_err.o: ../../include/openssl/symhacks.h ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ech_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ech_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h -ech_key.o: ech_key.c +ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ech_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ech_key.o: ../../include/openssl/x509_vfy.h ecdh.h ech_key.c ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ech_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ech_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h -ech_lib.o: ech_lib.c +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ech_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ech_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ecdh.h ech_lib.c ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/ecdsa/Makefile.ssl b/crypto/ecdsa/Makefile.ssl index 3bdc55efb..935ea7a44 100644 --- a/crypto/ecdsa/Makefile.ssl +++ b/crypto/ecdsa/Makefile.ssl @@ -97,17 +97,21 @@ ecs_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_err.o: ../../include/openssl/symhacks.h ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_lib.o: ecs_lib.c +ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_lib.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_lib.c ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -117,26 +121,34 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecdsa.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_sign.o: ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_sign.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_vrf.o: ecs_vrf.c +ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_vrf.c diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index 69ee692cf..77a87e16f 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -100,10 +100,10 @@ err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -err_all.o: err_all.c +err_all.o: ../../include/openssl/stack.h ../../include/openssl/store.h +err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +err_all.o: ../../include/openssl/x509v3.h err_all.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 2d51730d2..3151dc8dd 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -149,10 +149,12 @@ c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -c_all.o: ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_all.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -193,10 +195,12 @@ digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -digest.o: ../cryptlib.h digest.c +digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +digest.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -338,10 +342,13 @@ evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_enc.o: ../../include/openssl/ui.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/store.h +evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h evp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 0c5bde381..3065234e2 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -108,12 +108,16 @@ rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rand_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_lib.o: ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +rand_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rand_lib.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index cd7f94deb..da7c98cec 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -143,11 +143,15 @@ rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ce4bf3538..3110e50a8 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1065,6 +1065,27 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) + #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl index 2d8135504..3bfb2a619 100644 --- a/crypto/store/Makefile.ssl +++ b/crypto/store/Makefile.ssl @@ -116,15 +116,16 @@ str_mem.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h str_mem.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h str_mem.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h str_mem.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -str_mem.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -str_mem.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -str_mem.o: ../../include/openssl/stack.h ../../include/openssl/store.h -str_mem.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -str_mem.o: ../../include/openssl/x509_vfy.h str_locl.h str_mem.c +str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +str_mem.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +str_mem.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_mem.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_mem.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_mem.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_mem.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_mem.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_mem.o: str_locl.h str_mem.c str_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h str_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h str_meth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/crypto/store/store.h b/crypto/store/store.h index f99a26414..3a334b0de 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -421,15 +421,19 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_GET_PRIVATE_KEY 112 #define STORE_F_STORE_GET_PUBLIC_KEY 113 #define STORE_F_STORE_LIST_CERTIFICATE_END 114 +#define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 #define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 #define STORE_F_STORE_LIST_CERTIFICATE_START 116 #define STORE_F_STORE_LIST_CRL_END 117 +#define STORE_F_STORE_LIST_CRL_ENDP 154 #define STORE_F_STORE_LIST_CRL_NEXT 118 #define STORE_F_STORE_LIST_CRL_START 119 #define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 #define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 #define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 #define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 #define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 #define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 #define STORE_F_STORE_NEW_ENGINE 133 @@ -467,6 +471,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 #define STORE_R_NO_GET_OBJECT_FUNCTION 119 #define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 #define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 #define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 #define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index ac88dff0e..2ef7f9277 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -98,21 +98,25 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_GET_PRIVATE_KEY,0), "STORE_get_private_key"}, {ERR_PACK(0,STORE_F_STORE_GET_PUBLIC_KEY,0), "STORE_get_public_key"}, {ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_END,0), "STORE_list_certificate_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_ENDP,0), "STORE_list_certificate_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_NEXT,0), "STORE_list_certificate_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_START,0), "STORE_list_certificate_start"}, {ERR_PACK(0,STORE_F_STORE_LIST_CRL_END,0), "STORE_list_crl_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_ENDP,0), "STORE_list_crl_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_CRL_NEXT,0), "STORE_list_crl_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_CRL_START,0), "STORE_list_crl_start"}, {ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_END,0), "STORE_list_private_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,0), "STORE_list_private_key_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,0), "STORE_list_private_key_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_START,0), "STORE_list_private_key_start"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_END,0), "STORE_list_public_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,0), "STORE_list_public_key_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, {ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, {ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, {ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, -{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_PARSE_ATTRS_END"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_parse_attrs_end"}, {ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_NEXT,0), "STORE_parse_attrs_next"}, {ERR_PACK(0,STORE_F_STORE_PRIVATE_KEY,0), "STORE_PRIVATE_KEY"}, {ERR_PACK(0,STORE_F_STORE_PUBLIC_KEY,0), "STORE_PUBLIC_KEY"}, @@ -147,6 +151,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, {STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, {STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, +{STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION ,"no list object endp function"}, {STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, {STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, {STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 15247879c..b2cb08b47 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -830,55 +830,69 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ecdsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ecdsatest.o: ../include/openssl/engine.h ../include/openssl/err.h -ecdsatest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h +ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/ui.h ecdsatest.c +ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdsatest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ecdsatest.o: ../include/openssl/ui.h ../include/openssl/x509.h +ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ectest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ectest.o: ../include/openssl/engine.h ../include/openssl/err.h +ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ectest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ectest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ectest.o: ../include/openssl/err.h ../include/openssl/evp.h ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c +ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ectest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ectest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ectest.o: ../include/openssl/ui.h ../include/openssl/x509.h +ectest.o: ../include/openssl/x509_vfy.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h enginetest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h enginetest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +enginetest.o: ../include/openssl/err.h ../include/openssl/evp.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enginetest.o: ../include/openssl/ui.h enginetest.c +enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h +enginetest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/ui.h ../include/openssl/x509.h +enginetest.o: ../include/openssl/x509_vfy.h enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/bn.h ../include/openssl/conf.h -evp_test.o: ../include/openssl/crypto.h ../include/openssl/dh.h -evp_test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h -evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_test.o: ../include/openssl/bn.h ../include/openssl/buffer.h +evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h +evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h +evp_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_test.o: ../include/openssl/engine.h ../include/openssl/err.h +evp_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h +evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h evp_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h evp_test.c +evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_test.o: ../include/openssl/stack.h ../include/openssl/store.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -988,6 +1002,6 @@ ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/ui.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ssltest.c +ssltest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/ui.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.c diff --git a/util/libeay.num b/util/libeay.num index 32389b624..a95a12a46 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3026,3 +3026,116 @@ sk_find_ex 3455 EXIST::FUNCTION: OBJ_bsearch_ex 3456 EXIST::FUNCTION: BUF_memdup 3457 EXIST::FUNCTION: BUF_strndup 3458 EXIST::FUNCTION: +ENGINE_set_STORE 3459 EXIST::FUNCTION:ENGINE +STORE_method_set_list_start_function 3460 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3461 EXIST::FUNCTION: +STORE_parse_attrs_start 3462 EXIST::FUNCTION: +STORE_set_method 3463 EXIST::FUNCTION: +STORE_method_get_update_store_function 3464 EXIST::FUNCTION: +STORE_modify_certificate 3465 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3466 EXIST::FUNCTION: +STORE_list_public_key_endp 3467 EXIST::FUNCTION: +STORE_method_set_initialise_function 3468 EXIST::FUNCTION: +STORE_ATTR_INFO_set_dn 3469 EXIST::FUNCTION: +STORE_destroy_method 3470 EXIST::FUNCTION: +ENGINE_unregister_STORE 3471 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_get0_number 3472 EXIST::FUNCTION: +STORE_delete_public_key 3473 EXIST::FUNCTION: +STORE_get_public_key 3474 EXIST::FUNCTION: +STORE_get_method 3475 EXIST::FUNCTION: +STORE_parse_attrs_end 3476 EXIST::FUNCTION: +STORE_method_set_store_function 3477 EXIST::FUNCTION: +STORE_ATTR_INFO_in 3478 EXIST::FUNCTION: +STORE_get_number 3479 EXIST::FUNCTION: +STORE_method_set_list_next_function 3480 EXIST::FUNCTION: +STORE_method_get_generate_function 3481 EXIST::FUNCTION: +STORE_method_set_list_end_function 3482 EXIST::FUNCTION: +STORE_list_public_key_start 3483 EXIST::FUNCTION: +STORE_list_crl_endp 3484 EXIST::FUNCTION: +STORE_list_crl_end 3485 EXIST::FUNCTION: +STORE_method_set_ctrl_function 3486 EXIST::FUNCTION: +STORE_list_public_key_end 3487 EXIST::FUNCTION: +STORE_store_crl 3488 EXIST::FUNCTION: +STORE_ctrl 3489 EXIST::FUNCTION: +STORE_ATTR_INFO_compare 3490 EXIST::FUNCTION: +STORE_method_set_generate_function 3491 EXIST::FUNCTION: +STORE_ATTR_INFO_set_cstr 3492 EXIST::FUNCTION: +STORE_list_crl_next 3493 EXIST::FUNCTION: +STORE_method_set_delete_function 3494 EXIST::FUNCTION: +STORE_list_certificate_next 3495 EXIST::FUNCTION: +STORE_method_get_list_next_function 3496 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_dn 3497 EXIST::FUNCTION: +STORE_list_private_key_next 3498 EXIST::FUNCTION: +STORE_ATTR_INFO_free 3499 EXIST::FUNCTION: +STORE_get_private_key 3500 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3501 EXIST::FUNCTION: +STORE_method_set_revoke_function 3502 EXIST::FUNCTION: +STORE_store_number 3503 EXIST::FUNCTION: +STORE_revoke_public_key 3504 EXIST::FUNCTION: +STORE_list_certificate_start 3505 EXIST::FUNCTION: +ERR_load_STORE_strings 3506 EXIST::FUNCTION: +STORE_list_private_key_end 3507 EXIST::FUNCTION: +STORE_modify_private_key 3508 EXIST::FUNCTION: +STORE_method_set_modify_function 3509 EXIST::FUNCTION: +STORE_parse_attrs_next 3510 EXIST::FUNCTION: +STORE_method_get_revoke_function 3511 EXIST::FUNCTION: +STORE_method_set_get_function 3512 EXIST::FUNCTION: +STORE_modify_number 3513 EXIST::FUNCTION: +STORE_method_get_store_function 3514 EXIST::FUNCTION: +STORE_store_private_key 3515 EXIST::FUNCTION: +STORE_Memory 3516 EXIST::FUNCTION: +STORE_method_get_get_function 3517 EXIST::FUNCTION: +STORE_method_set_cleanup_function 3518 EXIST::FUNCTION: +STORE_method_get_lock_store_function 3519 EXIST::FUNCTION: +STORE_method_set_update_store_function 3520 EXIST::FUNCTION: +STORE_delete_private_key 3521 EXIST::FUNCTION: +ENGINE_register_all_STORE 3522 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_modify_cstr 3523 EXIST::FUNCTION: +STORE_generate_crl 3524 EXIST::FUNCTION: +STORE_store_public_key 3525 EXIST::FUNCTION: +STORE_Directory 3526 EXIST::FUNCTION: +STORE_revoke_private_key 3527 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_dn 3528 EXIST::FUNCTION: +STORE_method_get_initialise_function 3529 EXIST::FUNCTION: +STORE_delete_number 3530 EXIST::FUNCTION: +STORE_ATTR_INFO_in_ex 3531 EXIST::FUNCTION: +STORE_list_crl_start 3532 EXIST::FUNCTION: +STORE_method_get_modify_function 3533 EXIST::FUNCTION: +STORE_store_certificate 3534 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3535 EXIST::FUNCTION: +STORE_modify_public_key 3536 EXIST::FUNCTION: +STORE_method_get_list_start_function 3537 EXIST::FUNCTION: +STORE_method_set_unlock_store_function 3538 EXIST::FUNCTION: +STORE_create_method 3539 EXIST::FUNCTION: +STORE_generate_key 3540 EXIST::FUNCTION: +STORE_delete_crl 3541 EXIST::FUNCTION: +STORE_revoke_certificate 3542 EXIST::FUNCTION: +STORE_method_get_delete_function 3543 EXIST::FUNCTION: +STORE_parse_attrs_endp 3544 EXIST::FUNCTION: +STORE_list_public_key_next 3545 EXIST::FUNCTION: +STORE_OBJECT_free 3546 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_sha1str 3547 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_cstr 3548 EXIST::FUNCTION: +STORE_get_ex_new_index 3549 EXIST::FUNCTION: +STORE_File 3550 EXIST::FUNCTION: +ENGINE_get_STORE 3551 EXIST::FUNCTION:ENGINE +STORE_get_certificate 3552 EXIST::FUNCTION: +STORE_delete_certificate 3553 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3554 EXIST::FUNCTION: +STORE_free 3555 EXIST::FUNCTION: +STORE_method_get_unlock_store_function 3556 EXIST::FUNCTION: +STORE_get_ex_data 3557 EXIST::FUNCTION: +ENGINE_register_STORE 3558 EXIST::FUNCTION:ENGINE +STORE_modify_crl 3559 EXIST::FUNCTION: +STORE_list_private_key_start 3560 EXIST::FUNCTION: +STORE_list_private_key_endp 3561 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3562 EXIST::FUNCTION: +STORE_method_get_cleanup_function 3563 EXIST::FUNCTION: +STORE_set_ex_data 3564 EXIST::FUNCTION: +STORE_OBJECT_new 3565 EXIST::FUNCTION: +STORE_list_certificate_end 3566 EXIST::FUNCTION: +STORE_get_crl 3567 EXIST::FUNCTION: +STORE_method_set_lock_store_function 3568 EXIST::FUNCTION: +STORE_list_certificate_endp 3569 EXIST::FUNCTION: +STORE_method_get_list_end_function 3570 EXIST::FUNCTION: +STORE_new_method 3571 EXIST::FUNCTION: From 42b2b6a2d584635a5554042aee64583f5cfd169f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 04:31:12 +0000 Subject: [PATCH 275/550] Provide some extra comments about the STORE_Memory STORE method. --- crypto/store/str_mem.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index a6ca31d66..595f40397 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -60,6 +60,22 @@ #include #include "str_locl.h" +/* The memory store is currently highly experimental. It's meant to become + a base store used by other stores for internal caching (for full caching + support, aging needs to be added). + + The database use is meant to support as much attribute association as + possible, while providing for as small search ranges as possible. + This is currently provided for by sorting the entries by numbers that + are composed of bits set at the positions indicated by attribute type + codes. This provides for ranges determined by the highest attribute + type code value. A better idea might be to sort by values computed + from the range of attributes associated with the object (basically, + the difference between the highest and lowest attribute type code) + and it's distance from a base (basically, the lowest associated + attribute type code). +*/ + struct mem_object_data_st { STORE_OBJECT *object; @@ -70,8 +86,7 @@ struct mem_object_data_st struct mem_data_st { STACK *data; /* A stack of mem_object_data_st, - potentially sorted with a wrapper - around STORE_ATTR_INFO_cmp(). */ + sorted with STORE_ATTR_INFO_compare(). */ unsigned int compute_components : 1; /* Currently unused, but can be used to add attributes from parts of the data. */ @@ -184,6 +199,14 @@ static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); return 0; } + +/* The list functions may be the hardest to nuderstand. Basically, + mem_list_start compiles a stack of attribute info elements, and + puts that stack into the context to be returned. mem_list_next + will then find the first matching element in the store, and then + walk all the way to the end of the store (since any combination + of attribute bits above the starting point may match the searched + for bit pattern...). */ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]) { From 7f6af7d9db1a5e5f13dc0a0b03bea166ff24c3cb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 20:15:35 +0000 Subject: [PATCH 276/550] Get the year right... --- crypto/engine/tb_store.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c index ee89133e4..1466d85a4 100644 --- a/crypto/engine/tb_store.c +++ b/crypto/engine/tb_store.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From 5b194dfbd5bae8f3d034b712f50d824952f58ba8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 20:44:20 +0000 Subject: [PATCH 277/550] STORE was created 2003, darnit! --- crypto/store/store.h | 2 +- crypto/store/str_locl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 3a334b0de..164165e7b 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -1,6 +1,6 @@ /* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. + * project 2003. */ /* ==================================================================== * Copyright (c) 2003 The OpenSSL Project. All rights reserved. diff --git a/crypto/store/str_locl.h b/crypto/store/str_locl.h index fac0f44b0..c8decfa87 100644 --- a/crypto/store/str_locl.h +++ b/crypto/store/str_locl.h @@ -1,6 +1,6 @@ /* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. + * project 2003. */ /* ==================================================================== * Copyright (c) 2003 The OpenSSL Project. All rights reserved. From b9d7ca974892a9ee380e380f2956c747e100c614 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 2 May 2003 07:25:54 +0000 Subject: [PATCH 278/550] It's usually best if the function name matches everywhere... --- crypto/store/str_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 8383a30e1..cdba3dd11 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1425,7 +1425,7 @@ int STORE_parse_attrs_endp(void *handle) return 0; } -int STORE_ATTR_INFO_cmp(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { unsigned char *abits, *bbits; int i; From b9d2d20086c0ba7631412618974e5122af6fcb2d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 2 May 2003 11:41:40 +0000 Subject: [PATCH 279/550] Make DER option work again. Fix typo. --- crypto/x509v3/v3_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 7e813db0d..9a89e4333 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -238,12 +238,12 @@ static int v3_check_generic(char **value) { int gen_type = 0; char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:,", 4)) + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p+=4; gen_type = 1; } - if ((strlen(p) >= 5) && !strncmp(p, "ASN1:,", 5)) + else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { p+=5; gen_type = 2; From 9ee789e6c35ca51adbc44d2b7254f45d8ddaf4e2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 3 May 2003 06:58:08 +0000 Subject: [PATCH 280/550] Yeah, right, an object file ending with .c, that'll work! --- crypto/engine/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 153039932..5c1b0cf53 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -30,7 +30,7 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.c \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ tb_cipher.o tb_digest.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o From 3b30121bd989bc79b8cb4a5440f55acf7442b3d2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 5 May 2003 13:55:18 +0000 Subject: [PATCH 281/550] Constify RSA_sign() and RSA_verify(). PR: 602 --- crypto/rsa/rsa.h | 4 ++-- crypto/rsa/rsa_sign.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 12689fc22..84cc779d1 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -252,9 +252,9 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)( /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 02eb8136b..1d47a3139 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -67,7 +67,7 @@ #define SSL_SIG_LENGTH 36 int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { X509_SIG sig; ASN1_TYPE parameter; @@ -143,7 +143,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, } int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa) + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; From 742b139f543db9d469dca1b8679492a80c22021f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 6 May 2003 08:02:14 +0000 Subject: [PATCH 282/550] =?UTF-8?q?Add=20the=20possibility=20to=20store=20?= =?UTF-8?q?arbitrary=20data=20in=20a=20STORE.=20Suggested=20by=20G=C3=B6tz?= =?UTF-8?q?=20Babin-Ebell=20.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crypto/store/store.h | 33 +++++++++++++++----- crypto/store/str_err.c | 9 ++++++ crypto/store/str_lib.c | 70 +++++++++++++++++++++++++++++++++++++++++- 3 files changed, 103 insertions(+), 9 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 164165e7b..d1e386280 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -135,12 +135,13 @@ const STORE_METHOD *STORE_File(void); or fetch */ typedef enum STORE_object_types { - STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, - STORE_OBJECT_TYPE_X509_CRL= 0x02, - STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, - STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, - STORE_OBJECT_TYPE_NUMBER= 0x05, - STORE_OBJECT_TYPE_NUM= 0x05 /* The amount of known + STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, /* X509 * */ + STORE_OBJECT_TYPE_X509_CRL= 0x02, /* X509_CRL * */ + STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, /* EVP_PKEY * */ + STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, /* EVP_PKEY * */ + STORE_OBJECT_TYPE_NUMBER= 0x05, /* BIGNUM * */ + STORE_OBJECT_TYPE_ARBITRARY= 0x06, /* BUF_MEM * */ + STORE_OBJECT_TYPE_NUM= 0x06 /* The amount of known object types */ } STORE_OBJECT_TYPES; /* List of text strings corresponding to the object types. */ @@ -154,7 +155,7 @@ typedef enum STORE_params STORE_PARAM_EVP_TYPE= 0x01, /* int */ STORE_PARAM_BITS= 0x02, /* size_t */ STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ - STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ + STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known parameter types */ } STORE_PARAM_TYPES; @@ -214,6 +215,7 @@ typedef struct STORE_OBJECT_st X509_CRL *crl; EVP_PKEY *key; BIGNUM *number; + BUF_MEM *arbitrary; } data; } STORE_OBJECT; DECLARE_STACK_OF(STORE_OBJECT); @@ -275,7 +277,13 @@ int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[]); +int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); /* Create and manipulate methods */ @@ -394,6 +402,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_MEM_LIST_NEXT 136 #define STORE_F_MEM_LIST_START 137 #define STORE_F_MEM_STORE 138 +#define STORE_F_STORE_ARBITRARY 157 #define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 #define STORE_F_STORE_ATTR_INFO_GET0_DN 140 #define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 @@ -408,6 +417,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 #define STORE_F_STORE_CERTIFICATE 100 #define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_DELETE_ARBITRARY 158 #define STORE_F_STORE_DELETE_CERTIFICATE 102 #define STORE_F_STORE_DELETE_CRL 103 #define STORE_F_STORE_DELETE_NUMBER 104 @@ -415,6 +425,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_DELETE_PUBLIC_KEY 106 #define STORE_F_STORE_GENERATE_CRL 107 #define STORE_F_STORE_GENERATE_KEY 108 +#define STORE_F_STORE_GET_ARBITRARY 159 #define STORE_F_STORE_GET_CERTIFICATE 109 #define STORE_F_STORE_GET_CRL 110 #define STORE_F_STORE_GET_NUMBER 111 @@ -449,11 +460,13 @@ void ERR_load_STORE_strings(void); /* Reason codes. */ #define STORE_R_ALREADY_HAS_A_VALUE 127 +#define STORE_R_FAILED_DELETING_ARBITRARY 132 #define STORE_R_FAILED_DELETING_CERTIFICATE 100 #define STORE_R_FAILED_DELETING_KEY 101 #define STORE_R_FAILED_DELETING_NUMBER 102 #define STORE_R_FAILED_GENERATING_CRL 103 #define STORE_R_FAILED_GENERATING_KEY 104 +#define STORE_R_FAILED_GETTING_ARBITRARY 133 #define STORE_R_FAILED_GETTING_CERTIFICATE 105 #define STORE_R_FAILED_GETTING_KEY 106 #define STORE_R_FAILED_GETTING_NUMBER 107 @@ -461,14 +474,17 @@ void ERR_load_STORE_strings(void); #define STORE_R_FAILED_LISTING_KEYS 109 #define STORE_R_FAILED_REVOKING_CERTIFICATE 110 #define STORE_R_FAILED_REVOKING_KEY 111 +#define STORE_R_FAILED_STORING_ARBITRARY 134 #define STORE_R_FAILED_STORING_CERTIFICATE 112 #define STORE_R_FAILED_STORING_KEY 113 #define STORE_R_FAILED_STORING_NUMBER 114 #define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 #define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 #define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 #define STORE_R_NO_GENERATE_CRL_FUNCTION 117 #define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 #define STORE_R_NO_GET_OBJECT_FUNCTION 119 #define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 #define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 @@ -477,6 +493,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 #define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 #define STORE_R_NO_STORE 129 +#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 #define STORE_R_NO_STORE_OBJECT_FUNCTION 125 #define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 #define STORE_R_NO_VALUE 130 diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index 2ef7f9277..2c2779bd7 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -71,6 +71,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, {ERR_PACK(0,STORE_F_MEM_LIST_START,0), "MEM_LIST_START"}, {ERR_PACK(0,STORE_F_MEM_STORE,0), "MEM_STORE"}, +{ERR_PACK(0,STORE_F_STORE_ARBITRARY,0), "STORE_ARBITRARY"}, {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_CSTR,0), "STORE_ATTR_INFO_get0_cstr"}, {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_DN,0), "STORE_ATTR_INFO_get0_dn"}, {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_NUMBER,0), "STORE_ATTR_INFO_get0_number"}, @@ -85,6 +86,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, {ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, {ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_ARBITRARY,0), "STORE_delete_arbitrary"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, {ERR_PACK(0,STORE_F_STORE_DELETE_NUMBER,0), "STORE_delete_number"}, @@ -92,6 +94,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_DELETE_PUBLIC_KEY,0), "STORE_delete_public_key"}, {ERR_PACK(0,STORE_F_STORE_GENERATE_CRL,0), "STORE_generate_crl"}, {ERR_PACK(0,STORE_F_STORE_GENERATE_KEY,0), "STORE_generate_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_ARBITRARY,0), "STORE_get_arbitrary"}, {ERR_PACK(0,STORE_F_STORE_GET_CERTIFICATE,0), "STORE_get_certificate"}, {ERR_PACK(0,STORE_F_STORE_GET_CRL,0), "STORE_get_crl"}, {ERR_PACK(0,STORE_F_STORE_GET_NUMBER,0), "STORE_get_number"}, @@ -129,11 +132,13 @@ static ERR_STRING_DATA STORE_str_functs[]= static ERR_STRING_DATA STORE_str_reasons[]= { {STORE_R_ALREADY_HAS_A_VALUE ,"already has a value"}, +{STORE_R_FAILED_DELETING_ARBITRARY ,"failed deleting arbitrary"}, {STORE_R_FAILED_DELETING_CERTIFICATE ,"failed deleting certificate"}, {STORE_R_FAILED_DELETING_KEY ,"failed deleting key"}, {STORE_R_FAILED_DELETING_NUMBER ,"failed deleting number"}, {STORE_R_FAILED_GENERATING_CRL ,"failed generating crl"}, {STORE_R_FAILED_GENERATING_KEY ,"failed generating key"}, +{STORE_R_FAILED_GETTING_ARBITRARY ,"failed getting arbitrary"}, {STORE_R_FAILED_GETTING_CERTIFICATE ,"failed getting certificate"}, {STORE_R_FAILED_GETTING_KEY ,"failed getting key"}, {STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, @@ -141,14 +146,17 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, {STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, {STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, +{STORE_R_FAILED_STORING_ARBITRARY ,"failed storing arbitrary"}, {STORE_R_FAILED_STORING_CERTIFICATE ,"failed storing certificate"}, {STORE_R_FAILED_STORING_KEY ,"failed storing key"}, {STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, {STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_DELETE_ARBITRARY_FUNCTION ,"no delete arbitrary function"}, {STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, {STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, {STORE_R_NO_GENERATE_CRL_FUNCTION ,"no generate crl function"}, {STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, +{STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION,"no get object arbitrary function"}, {STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, {STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, {STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION ,"no list object endp function"}, @@ -157,6 +165,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, {STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, {STORE_R_NO_STORE ,"no store"}, +{STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION,"no store object arbitrary function"}, {STORE_R_NO_STORE_OBJECT_FUNCTION ,"no store object function"}, {STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION ,"no store object number function"}, {STORE_R_NO_VALUE ,"no value"}, diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index cdba3dd11..3528ebec9 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -970,7 +970,7 @@ BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) return n; } -int STORE_delete_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) +int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[]) { check_store(s,STORE_F_STORE_DELETE_NUMBER, delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); @@ -984,6 +984,71 @@ int STORE_delete_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) return 1; } +int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_ARBITRARY, + store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_ARBITRARY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + object->data.arbitrary = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_ARBITRARY, + STORE_R_FAILED_STORING_ARBITRARY); + return 0; + } + return 1; + } + +BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + BUF_MEM *b; + + check_store(s,STORE_F_STORE_GET_ARBITRARY, + get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes); + if (!object || !object->data.arbitrary) + { + STOREerr(STORE_F_STORE_GET_ARBITRARY, + STORE_R_FAILED_GETTING_ARBITRARY); + return 0; + } + b = object->data.arbitrary; + object->data.arbitrary = NULL; + STORE_OBJECT_free(object); + return b; + } + +int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_ARBITRARY, + delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_ARBITRARY, + STORE_R_FAILED_DELETING_ARBITRARY); + return 0; + } + return 1; + } + STORE_OBJECT *STORE_OBJECT_new(void) { STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); @@ -1008,6 +1073,9 @@ void STORE_OBJECT_free(STORE_OBJECT *data) case STORE_OBJECT_TYPE_NUMBER: BN_free(data->data.number); break; + case STORE_OBJECT_TYPE_ARBITRARY: + BUF_MEM_free(data->data.arbitrary); + break; } OPENSSL_free(data); } From 816d78572188d76dc9f08fa00a93d0c65f64e02a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 11:38:10 +0000 Subject: [PATCH 283/550] DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that *they* won't touch it. PR: 602 --- crypto/rsa/rsa.h | 4 ++-- crypto/rsa/rsa_sign.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 84cc779d1..12689fc22 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -252,9 +252,9 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)( /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 1d47a3139..02eb8136b 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -67,7 +67,7 @@ #define SSL_SIG_LENGTH 36 int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + unsigned char *sigret, unsigned int *siglen, RSA *rsa) { X509_SIG sig; ASN1_TYPE parameter; @@ -143,7 +143,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, } int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) + unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; From 9b2042fac37a217ac50c27dd3a56abd290dff103 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 12:02:31 +0000 Subject: [PATCH 284/550] /usr/lib/pkgconfig/openssl.pc was never installed in the RPM. Notified by Bennett Todd . --- openssl.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/openssl.spec b/openssl.spec index 27b74934a..3979cb85a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -83,18 +83,18 @@ documentation and POD files from which the man pages were produced. %build -%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr +%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir} perl util/perlpath.pl /usr/bin/perl %ifarch i386 i486 i586 i686 -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared +./Configure %{CONFIG_FLAGS} linux-elf shared %endif %ifarch ppc -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared +./Configure %{CONFIG_FLAGS} linux-ppc shared %endif %ifarch alpha -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared +./Configure %{CONFIG_FLAGS} linux-alpha shared %endif LD_LIBRARY_PATH=`pwd` make LD_LIBRARY_PATH=`pwd` make rehash @@ -130,6 +130,7 @@ rm -rf $RPM_BUILD_ROOT %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %attr(0644,root,root) /usr/lib/*.a +%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc %attr(0644,root,root) /usr/include/openssl/* %attr(0644,root,root) /usr/man/man[3]/* @@ -145,6 +146,8 @@ ldconfig ldconfig %changelog +* Wed May 7 2003 Richard Levitte +- Add /usr/lib/pkgconfig/openssl.pc to the development section. * Thu Mar 22 2001 Richard Levitte - Removed redundant subsection that re-installed libcrypto.a and libssl.a as well. Also remove RSAref stuff completely, since it's not needed From 48c36fdb2a0dc64de750369dd8bdf4dd9c54ef18 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 21:06:15 +0000 Subject: [PATCH 285/550] =?UTF-8?q?Add=20the=20possibility=20to=20hand=20e?= =?UTF-8?q?xecution=20parameters=20(for=20example=20authentication=20mater?= =?UTF-8?q?ial)=20to=20the=20STORE=20functions.=20Suggested=20by=20G=C3=B6?= =?UTF-8?q?tz=20Babin-Ebell=20.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crypto/store/store.h | 108 ++++++++++++++++---------- crypto/store/str_lib.c | 171 ++++++++++++++++++++++++++--------------- crypto/store/str_mem.c | 42 ++++++---- 3 files changed, 199 insertions(+), 122 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index d1e386280..64a3f3dae 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -226,64 +226,90 @@ void STORE_OBJECT_free(STORE_OBJECT *data); /* The following functions handle the storage. They return 0, a negative number or NULL on error, anything else on success. */ -X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[]); +X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); X509 *STORE_list_certificate_next(STORE *e, void *handle); int STORE_list_certificate_end(STORE *e, void *handle); int STORE_list_certificate_endp(STORE *e, void *handle); -EVP_PKEY *STORE_generate_key(STORE *e, - int evp_type, size_t bits, OPENSSL_ITEM attributes[]); -EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_private_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_private_key(STORE *e, EVP_PKEY *data, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); int STORE_list_private_key_end(STORE *e, void *handle); int STORE_list_private_key_endp(STORE *e, void *handle); -EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); int STORE_list_public_key_end(STORE *e, void *handle); int STORE_list_public_key_endp(STORE *e, void *handle); -X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[]); -X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); X509_CRL *STORE_list_crl_next(STORE *e, void *handle); int STORE_list_crl_end(STORE *e, void *handle); int STORE_list_crl_endp(STORE *e, void *handle); -int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); /* Create and manipulate methods */ @@ -293,15 +319,15 @@ void STORE_destroy_method(STORE_METHOD *store_method); /* These callback types are use for store handlers */ typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); -typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); -typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); -typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); -typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); -typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[]); -typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); -typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[]); +typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 3528ebec9..dbcf3a07b 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -232,7 +232,8 @@ const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) /* API functions */ -X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) +X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; X509 *x; @@ -240,7 +241,8 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_CERTIFICATE, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters); if (!object || !object->data.x509.certificate) { STOREerr(STORE_F_STORE_GET_CERTIFICATE, @@ -256,7 +258,8 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) return x; } -int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) +int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -277,7 +280,8 @@ int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) #endif object->data.x509.certificate = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + object, attributes, parameters); STORE_OBJECT_free(object); @@ -290,12 +294,14 @@ int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) return 1; } -int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); - if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters)) { STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, STORE_R_FAILED_REVOKING_CERTIFICATE); @@ -304,12 +310,14 @@ int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, STORE_R_FAILED_DELETING_CERTIFICATE); @@ -318,14 +326,16 @@ int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + handle = s->meth->list_object_start(s, + STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, @@ -387,26 +397,17 @@ int STORE_list_certificate_endp(STORE *s, void *handle) return 1; } -EVP_PKEY *STORE_generate_key(STORE *s, - int evp_type, size_t bits, OPENSSL_ITEM attributes[]) +EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; EVP_PKEY *pkey; - OPENSSL_ITEM params[3]; - - params[0].code = STORE_PARAM_EVP_TYPE; - params[0].value = &evp_type; - params[0].value_size = sizeof(evp_type); - params[1].code = STORE_PARAM_BITS; - params[1].value = &bits; - params[1].value_size = sizeof(bits); - params[2].code = 0; check_store(s,STORE_F_STORE_GENERATE_KEY, generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, - params, attributes); + attributes, parameters); if (!object || !object->data.key) { STOREerr(STORE_F_STORE_GENERATE_KEY, @@ -422,7 +423,8 @@ EVP_PKEY *STORE_generate_key(STORE *s, return pkey; } -EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) +EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; EVP_PKEY *pkey; @@ -430,7 +432,8 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); if (!object || !object->data.key || !object->data.key) { STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, @@ -446,7 +449,8 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) return pkey; } -int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) +int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -474,7 +478,8 @@ int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) #endif object->data.key = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -487,14 +492,16 @@ int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) return i; } -int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { int i; check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); - i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); if (!i) { @@ -505,12 +512,14 @@ int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) return i; } -int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, STORE_R_FAILED_DELETING_KEY); @@ -519,14 +528,16 @@ int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, @@ -588,7 +599,8 @@ int STORE_list_private_key_endp(STORE *s, void *handle) return 1; } -EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) +EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; EVP_PKEY *pkey; @@ -596,7 +608,8 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); if (!object || !object->data.key || !object->data.key) { STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, @@ -612,7 +625,8 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) return pkey; } -int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) +int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -640,7 +654,8 @@ int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) #endif object->data.key = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -653,14 +668,16 @@ int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) return i; } -int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { int i; check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); - i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); if (!i) { @@ -671,12 +688,14 @@ int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[]) return i; } -int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, STORE_R_FAILED_DELETING_KEY); @@ -685,14 +704,16 @@ int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, @@ -754,7 +775,8 @@ int STORE_list_public_key_endp(STORE *s, void *handle) return 1; } -X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) +X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; X509_CRL *crl; @@ -762,7 +784,8 @@ X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GENERATE_CRL, generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); - object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, 0, attributes); + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); if (!object || !object->data.crl) { STOREerr(STORE_F_STORE_GENERATE_CRL, @@ -778,7 +801,8 @@ X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) return crl; } -X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) +X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; X509_CRL *crl; @@ -786,7 +810,8 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_CRL, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); if (!object || !object->data.crl) { STOREerr(STORE_F_STORE_GET_CRL, @@ -802,7 +827,8 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) return crl; } -int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) +int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -823,7 +849,8 @@ int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) #endif object->data.crl = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -836,12 +863,14 @@ int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) return i; } -int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_CRL, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY); @@ -850,14 +879,16 @@ int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_CRL_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_CRL_START, @@ -919,7 +950,8 @@ int STORE_list_crl_endp(STORE *s, void *handle) return 1; } -int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) +int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -936,7 +968,8 @@ int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) object->data.number = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -949,7 +982,8 @@ int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) return 1; } -BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) +BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; BIGNUM *n; @@ -957,7 +991,8 @@ BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_NUMBER, get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, + parameters); if (!object || !object->data.number) { STOREerr(STORE_F_STORE_GET_NUMBER, @@ -970,12 +1005,14 @@ BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) return n; } -int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_NUMBER, delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, + parameters)) { STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER); @@ -984,7 +1021,8 @@ int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) +int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -1001,7 +1039,8 @@ int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) object->data.arbitrary = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -1014,7 +1053,8 @@ int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) return 1; } -BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) +BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; BUF_MEM *b; @@ -1022,7 +1062,8 @@ BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_ARBITRARY, get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, + attributes, parameters); if (!object || !object->data.arbitrary) { STOREerr(STORE_F_STORE_GET_ARBITRARY, @@ -1035,12 +1076,14 @@ BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) return b; } -int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_ARBITRARY, delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, + parameters)) { STOREerr(STORE_F_STORE_DELETE_ARBITRARY, STORE_R_FAILED_DELETING_ARBITRARY); diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 595f40397..7480de002 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -105,23 +105,27 @@ struct mem_ctx_st static int mem_init(STORE *s); static void mem_clean(STORE *s); static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static int mem_store(STORE *s, STORE_OBJECT_TYPES type, - STORE_OBJECT *data, OPENSSL_ITEM attributes[]); + STORE_OBJECT *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], - OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], + OPENSSL_ITEM parameters[]); static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static STORE_OBJECT *mem_list_next(STORE *s, void *handle); static int mem_list_end(STORE *s, void *handle); static int mem_list_endp(STORE *s, void *handle); -static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]); -static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]); +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()); static STORE_METHOD store_memory = @@ -161,15 +165,15 @@ static void mem_clean(STORE *s) } static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); return 0; } static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - void *context = mem_list_start(s, type, attributes); + void *context = mem_list_start(s, type, attributes, parameters); if (context) { @@ -181,20 +185,22 @@ static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, return NULL; } static int mem_store(STORE *s, STORE_OBJECT_TYPES type, - STORE_OBJECT *data, OPENSSL_ITEM attributes[]) + STORE_OBJECT *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); return 0; } static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], - OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]) + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], + OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); return 0; } static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); return 0; @@ -208,7 +214,7 @@ static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, of attribute bits above the starting point may match the searched for bit pattern...). */ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { struct mem_ctx_st *context = (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); @@ -333,11 +339,13 @@ static int mem_list_endp(STORE *s, void *handle) return 1; return 0; } -static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]) +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { return 1; } -static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]) +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { return 1; } From bca52f7d4e3a7883594b253d085ed9034234c43a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 21:17:30 +0000 Subject: [PATCH 286/550] Define the two authentication parameter types for passphrase and Kerberos 5 authentications. --- crypto/store/store.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 64a3f3dae..5dba567c5 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -156,7 +156,9 @@ typedef enum STORE_params STORE_PARAM_BITS= 0x02, /* size_t */ STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ - STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known + STORE_PARAM_AUTH_PASSPHRASE= 0x05, /* char * */ + STORE_PARAM_AUTH_KRB5_TICKET= 0x06, /* void * */ + STORE_PARAM_TYPE_NUM= 0x06 /* The amount of known parameter types */ } STORE_PARAM_TYPES; /* Parameter value sizes. -1 means unknown, anything else is the required size. */ From 727ef76ebde1283bbf18936e494b029f4fd59d48 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 7 May 2003 23:20:58 +0000 Subject: [PATCH 287/550] Add correct DN entry for serialNumber. --- crypto/asn1/a_strnid.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index aa49e9d7d..613bbc4a7 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, /* Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC2459 */ +/* size limits: this stuff is taken straight from RFC3280 */ #define ub_name 32768 #define ub_common_name 64 @@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_organization_unit_name 64 #define ub_title 64 #define ub_email_address 128 +#define ub_serial_number 64 + /* This table must be kept in NID order */ @@ -170,6 +172,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, From c2dac35a02e47010b3dc501f07e31287cc3e252e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 18 May 2003 23:10:46 +0000 Subject: [PATCH 288/550] Fix docs. --- doc/crypto/BIO_f_base64.pod | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod index fdb603b38..929557d22 100644 --- a/doc/crypto/BIO_f_base64.pod +++ b/doc/crypto/BIO_f_base64.pod @@ -55,16 +55,15 @@ to standard output: Read Base64 encoded data from standard input and write the decoded data to standard output: - BIO *bio, *b64, bio_out; + BIO *bio, *b64, *bio_out; char inbuf[512]; int inlen; - char message[] = "Hello World \n"; b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdin, BIO_NOCLOSE); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); bio = BIO_push(b64, bio); - while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) + while((inlen = BIO_read(bio, inbuf, 512) > 0) BIO_write(bio_out, inbuf, inlen); BIO_free_all(bio); From 93c929e411e40bc8224e1a97a1656694940b1d64 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 19 May 2003 21:28:49 +0000 Subject: [PATCH 289/550] The square brackets in BIO_s_bio.pod for some reason cause wml to bomb out with the error message: ** Slice:Error: Some slices were not closed: ** WML:Break: Error in Pass 9 (rc=1). ** WMK:Error: Error in WML (rc=256) As a workaround delete them for now. --- doc/crypto/BIO_s_bio.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod index 8d0a55a02..592cab4be 100644 --- a/doc/crypto/BIO_s_bio.pod +++ b/doc/crypto/BIO_s_bio.pod @@ -126,7 +126,7 @@ BIO_new_bio_pair() returns 1 on success, with the new BIOs available in B and B, or 0 on failure, with NULL pointers stored into the locations for B and B. Check the error stack for more information. -[XXXXX: More return values need to be added here] +XXXXX: More return values need to be added here =head1 EXAMPLE From 0239876511cccc827a1f662b5b4fdfc5d1864996 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 19 May 2003 23:03:43 +0000 Subject: [PATCH 290/550] Remove certain functions --- crypto/engine/tb_store.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c index 1466d85a4..6cc6d759d 100644 --- a/crypto/engine/tb_store.c +++ b/crypto/engine/tb_store.c @@ -90,6 +90,8 @@ void ENGINE_register_all_STORE() ENGINE_register_STORE(e); } +/* The following two functions are removed because they're useless. */ +#if 0 int ENGINE_set_default_STORE(ENGINE *e) { if(e->store_meth) @@ -97,7 +99,9 @@ int ENGINE_set_default_STORE(ENGINE *e) engine_unregister_all_STORE, e, &dummy_nid, 1, 1); return 1; } +#endif +#if 0 /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references). */ @@ -105,6 +109,7 @@ ENGINE *ENGINE_get_default_STORE(void) { return engine_table_select(&store_table, dummy_nid); } +#endif /* Obtains an STORE implementation from an ENGINE functional reference */ const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) From f59c9419502287b12a7ae00c5df4113959bd4acf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 19 May 2003 23:06:09 +0000 Subject: [PATCH 291/550] Make the function STORE_new_engine() public. --- crypto/store/store.h | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/store/store.h b/crypto/store/store.h index 5dba567c5..958252a63 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -84,6 +84,7 @@ typedef struct store_method_st STORE_METHOD; /* Creators and destructor. */ STORE *STORE_new_method(const STORE_METHOD *method); +STORE *STORE_new_engine(ENGINE *engine); void STORE_free(STORE *ui); From 164bc7dae8277221564a4f0161eb86e736541220 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 08:49:12 +0000 Subject: [PATCH 292/550] Some misspelled function names. --- crypto/store/str_lib.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index dbcf3a07b..9f59398a6 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -258,7 +258,7 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], return x; } -int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], +int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -445,11 +445,7 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], REF_PRINT("EVP_PKEY",data); #endif pkey = object->data.key; - STORE_OBJECT_free(object); - return pkey; - } - -int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + STORE_OBJECT_free(object);TORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -625,7 +621,7 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], return pkey; } -int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], +int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -827,7 +823,7 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], return crl; } -int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], +int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -950,7 +946,7 @@ int STORE_list_crl_endp(STORE *s, void *handle) return 1; } -int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], +int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -1021,7 +1017,7 @@ int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], return 1; } -int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], +int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); From 9acef3bbd73090731487ea0011db17f3982779d5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 08:50:18 +0000 Subject: [PATCH 293/550] Misspelled functions. --- crypto/store/str_meth.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index ad6708a12..e1c39bf06 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -129,19 +129,19 @@ int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_P return 1; } -int STORE_method_set_update_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) { sm->update_store = update_f; return 1; } -int STORE_method_set_lock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) { sm->lock_store = lock_f; return 1; } -int STORE_method_set_unlock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) { sm->unlock_store = unlock_f; return 1; @@ -193,17 +193,17 @@ STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) return sm->list_object_end; } -STORE_GENERIC_FUNC_PTR STORE_method_get_update_function(STORE_METHOD *sm) +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm) { return sm->update_store; } -STORE_GENERIC_FUNC_PTR STORE_method_get_lock_function(STORE_METHOD *sm) +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm) { return sm->lock_store; } -STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_function(STORE_METHOD *sm) +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm) { return sm->unlock_store; } From 11ce33a71d24841b5f9fd780dd4c30797c7166c3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 08:59:37 +0000 Subject: [PATCH 294/550] make update --- util/libeay.num | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/util/libeay.num b/util/libeay.num index a95a12a46..495b8bc6b 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3139,3 +3139,8 @@ STORE_method_set_lock_store_function 3568 EXIST::FUNCTION: STORE_list_certificate_endp 3569 EXIST::FUNCTION: STORE_method_get_list_end_function 3570 EXIST::FUNCTION: STORE_new_method 3571 EXIST::FUNCTION: +STORE_modify_arbitrary 3572 EXIST::FUNCTION: +STORE_get_arbitrary 3573 EXIST::FUNCTION: +STORE_delete_arbitrary 3574 EXIST::FUNCTION: +STORE_store_arbitrary 3575 EXIST::FUNCTION: +STORE_new_engine 3576 EXIST::FUNCTION: From 31939f154484b9dab8a2700b1f9ea0f1213d9db0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 09:00:59 +0000 Subject: [PATCH 295/550] I don't remember what my thinking was with str_compat.h. Maybe it'll come back to me... --- crypto/store/Makefile.ssl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl index 3bfb2a619..8c73403cc 100644 --- a/crypto/store/Makefile.ssl +++ b/crypto/store/Makefile.ssl @@ -29,7 +29,8 @@ LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o SRC= $(LIBSRC) -EXHEADER= store.h str_compat.h +#EXHEADER= store.h str_compat.h +EXHEADER= store.h HEADER= $(EXHEADER) str_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) From d9a2a89a17869cba4446b6d5437005871e325a10 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 06:50:51 +0000 Subject: [PATCH 296/550] I have no idea how I cut away that piece of text... --- crypto/store/str_lib.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 9f59398a6..a9f302b2c 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -445,7 +445,11 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], REF_PRINT("EVP_PKEY",data); #endif pkey = object->data.key; - STORE_OBJECT_free(object);TORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); From 513c01a591d2c55e61006c1e8f26c16e9dc55307 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 08:40:06 +0000 Subject: [PATCH 297/550] Make sure EC_window_bits_for_scalar_size() returns a size_t --- crypto/ec/ec_mult.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index c71a69ac0..236b66c18 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -307,12 +307,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) * (thus the boundaries should be increased) */ #define EC_window_bits_for_scalar_size(b) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1) + ((size_t) \ + ((b) >= 2000 ? 6 : \ + (b) >= 800 ? 5 : \ + (b) >= 300 ? 4 : \ + (b) >= 70 ? 3 : \ + (b) >= 20 ? 2 : \ + 1)) /* Compute * \sum scalars[i]*points[i], From 163f5b236ca1161ad08d9820bebb25290720613c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 14:21:26 +0000 Subject: [PATCH 298/550] Correct signedness --- crypto/ec/ec2_mult.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index a0effa95a..a0ee7c152 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -315,7 +315,8 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - int ret = 0, i; + int ret = 0; + size_t i; EC_POINT *p=NULL; if (ctx == NULL) From 83743ad039abfd599595aad161054b072b8609bd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 14:29:13 +0000 Subject: [PATCH 299/550] Fix sign bugs. PR: 621 --- crypto/asn1/a_strex.c | 2 +- crypto/bio/b_print.c | 2 +- crypto/bn/bn_mul.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 1def6c654..8abfdfe59 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING * otherwise it is the number of bytes per character */ -const static char tag2nbyte[] = { +const static signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index a9e552f24..2cfc689dd 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) * had the buffer been large enough.) */ return -1; else - return (retlen <= INT_MAX) ? retlen : -1; + return (retlen <= INT_MAX) ? (int)retlen : -1; } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index bfd7f680c..4c413b3a5 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -549,7 +549,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - unsigned int c1,c2,neg,zero; + int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT From edd55d08f5e018e04a24fba7723aec8619a3c581 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 23 May 2003 09:08:59 +0000 Subject: [PATCH 300/550] Brackets are now allowed, after a small hack in the processing of the docs-on-web. --- doc/crypto/BIO_s_bio.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod index 592cab4be..8d0a55a02 100644 --- a/doc/crypto/BIO_s_bio.pod +++ b/doc/crypto/BIO_s_bio.pod @@ -126,7 +126,7 @@ BIO_new_bio_pair() returns 1 on success, with the new BIOs available in B and B, or 0 on failure, with NULL pointers stored into the locations for B and B. Check the error stack for more information. -XXXXX: More return values need to be added here +[XXXXX: More return values need to be added here] =head1 EXAMPLE From f5f7dffdd11389a58aa18ff00ae9de0189d307de Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 28 May 2003 10:34:29 +0000 Subject: [PATCH 301/550] Make sure to compare unsigned against unsigned. --- crypto/bn/bn_mul.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 4c413b3a5..6b633b90b 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -706,7 +706,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < c1) + if (ln < (BN_ULONG)c1) { do { p++; From e19d0ef068ab6f7bb9ae36aba61f9384bec21b07 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 May 2003 16:57:08 +0000 Subject: [PATCH 302/550] PR: 631 Submitted by: Doug Sauder Fix bug in X509V3_get_d2i() when idx in not NULL. --- crypto/x509v3/v3_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 482ca8ccf..ca5a4a4a5 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) if(OBJ_obj2nid(ex->object) == nid) { if(idx) { *idx = i; + found_ex = ex; break; } else if(found_ex) { /* Found more than one */ From 60790aff6fc085b76e671ef63d31d6d6dd02355d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 May 2003 17:28:11 +0000 Subject: [PATCH 303/550] PR: 627 Allocate certificatePolicies correctly if CPS field is absent. Fix various memory leaks in certificatePolicies. --- crypto/x509v3/v3_cpols.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0d4ab1f68..0d554f3a2 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org); -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), @@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); if(!qual) goto err; + if(!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; } else { @@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i; + int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; @@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); - else nref->organization = M_ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization->type = V_ASN1_IA5STRING; + else nref->organization->type = V_ASN1_VISIBLESTRING; if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) { @@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, X509V3_conf_err(cnf); goto err; } - nref->noticenos = nref_nos(nos); + ret = nref_nos(nref->noticenos, nos); sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if(!nref->noticenos) goto err; + if (!ret) + goto err; } else { X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); - X509V3_conf_err(cnf); goto err; } @@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, return NULL; } -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { - STACK_OF(ASN1_INTEGER) *nnums; CONF_VALUE *cnf; ASN1_INTEGER *aint; int i; - if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { @@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) } if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; } - return nnums; + return 1; merr: X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); - return NULL; + return 0; } From 83b4f49c0a96ac43e8554b32fc1a6850041032f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 28 May 2003 19:56:46 +0000 Subject: [PATCH 304/550] Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes PR: #628 --- crypto/md2/md2test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 901d0a7d8..9c1e28b6c 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -59,7 +59,6 @@ #include #include #include -#include #include "../e_os.h" @@ -71,6 +70,7 @@ int main(int argc, char *argv[]) } #else #include +#include #ifdef CHARSET_EBCDIC #include From 4f17dfcd752221fc7515d55642cacd9aa6d1d0af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 28 May 2003 20:24:57 +0000 Subject: [PATCH 305/550] Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) Submitted by: dg@sunet.ru (Daniel Ginsburg) PR: #613 --- apps/s_client.c | 20 ++++++++++++++------ doc/apps/s_client.pod | 2 +- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 2e73f3467..74d578d6b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -221,7 +221,7 @@ static void sc_usage(void) BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\" is supported.\n"); + BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif @@ -251,7 +251,7 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; - int smtp_starttls = 0; + int starttls_proto = 0; int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; BIO *sbio; @@ -415,7 +415,9 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; ++argv; if (strcmp(*argv,"smtp") == 0) - smtp_starttls = 1; + starttls_proto = 1; + else if (strcmp(*argv,"pop3") == 0) + starttls_proto = 2; else goto bad; } @@ -587,12 +589,18 @@ re_start: sbuf_off=0; /* This is an ugly hack that does a lot of assumptions */ - if (smtp_starttls) + if (starttls_proto == 1) { BIO_read(sbio,mbuf,BUFSIZZ); BIO_printf(sbio,"STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } + if (starttls_proto == 2) + { + BIO_read(sbio,mbuf,BUFSIZZ); + BIO_printf(sbio,"STLS\r\n"); + BIO_read(sbio,sbuf,BUFSIZZ); + } for (;;) { @@ -613,11 +621,11 @@ re_start: print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; - if (smtp_starttls) + if (starttls_proto) { BIO_printf(bio_err,"%s",mbuf); /* We don't need to know any more */ - smtp_starttls = 0; + starttls_proto = 0; } if (reconnect) diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 47dc93cb3..d061326c1 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -168,7 +168,7 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only -supported keyword is "smtp". +supported keywords are "smtp" and "pop3". =item B<-engine id> From f7f8d82aaa4403d429064ab0bb1ae5ed4e0e617b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 29 May 2003 20:59:38 +0000 Subject: [PATCH 306/550] PR: 630 Avoid looking outside the key_data array. --- crypto/des/destest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 687c00c79..3983ac8e5 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -431,7 +431,7 @@ int main(int argc, char *argv[]) #ifndef LIBDES_LIT printf("Doing ede ecb\n"); - for (i=0; i<(NUM_TESTS-1); i++) + for (i=0; i<(NUM_TESTS-2); i++) { DES_set_key_unchecked(&key_data[i],&ks); DES_set_key_unchecked(&key_data[i+1],&ks2); From 01fc834bc953d4ca127af3accea02fc0bc26b86a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 29 May 2003 22:20:47 +0000 Subject: [PATCH 307/550] Have ASFLAGS be defined the same way as CFLAGS --- Makefile.org | 4 ++-- crypto/bn/Makefile.ssl | 1 + crypto/md5/Makefile.ssl | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Makefile.org b/Makefile.org index 02cad4dfa..141956adf 100644 --- a/Makefile.org +++ b/Makefile.org @@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend # gcc, then the driver will automatically translate it to -xarch=v8plus # and pass it down to assembler. AS=$(CC) -c -ASFLAGS=$(CFLAG) +ASFLAG=$(CFLAG) # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o @@ -219,7 +219,7 @@ all: Makefile.ssl build_all openssl.pc BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \ if [ -d "$$i" ]; then \ (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ else \ $(MAKE) $$i; \ fi; fi diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index c109411d4..d762ae7b4 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -22,6 +22,7 @@ BN_ASM= bn_asm.o #BN_ASM= bn86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bntest.c exptest.c diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl index 56cab5d88..2d4df972f 100644 --- a/crypto/md5/Makefile.ssl +++ b/crypto/md5/Makefile.ssl @@ -6,7 +6,7 @@ DIR= md5 TOP= ../.. CC= cc CPP= $(CC) -E -INCLUDES= +INCLUDES=-I.. -I$(TOP) -I../../include CFLAG=-g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl @@ -20,6 +20,7 @@ AR= ar r MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=md5test.c From c4d471552f6292ea783833c2340c7fe2eb858f9e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 29 May 2003 22:22:30 +0000 Subject: [PATCH 308/550] Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined. --- crypto/md5/asm/md5-sparcv9.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/md5/asm/md5-sparcv9.S b/crypto/md5/asm/md5-sparcv9.S index a599ed566..db45aa4c9 100644 --- a/crypto/md5/asm/md5-sparcv9.S +++ b/crypto/md5/asm/md5-sparcv9.S @@ -34,10 +34,12 @@ * * or if above fails (it does if you have gas): * - * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ + * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o */ +#include + #define A %o0 #define B %o1 #define C %o2 From 02b95b7499f29f1c0118afce26b25f15c6720318 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Fri, 30 May 2003 07:45:07 +0000 Subject: [PATCH 309/550] Clarify ordering of certificates when using certificate chains --- doc/ssl/SSL_CTX_use_certificate.pod | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index b8868f18b..ea2faba3e 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -68,7 +68,9 @@ should be preferred. SSL_CTX_use_certificate_chain_file() loads a certificate chain from B into B. The certificates must be in PEM format and must -be sorted starting with the certificate to the highest level (root CA). +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate CA certificates if applicable, and +ending at the highest level (root) CA. There is no corresponding function working on a single SSL object. SSL_CTX_use_PrivateKey() adds B as private key to B. From beab098d5385850baa600d5788b2b8549f962c5e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 1 Jun 2003 20:51:58 +0000 Subject: [PATCH 310/550] Various S/MIME bug and compatibility fixes. --- CHANGES | 14 +++++++++-- apps/smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 5 ++++ crypto/pkcs7/pk7_mime.c | 51 +++++++++++++++++++++++++++-------------- crypto/pkcs7/pkcs7.h | 4 +++- 5 files changed, 58 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index a84028462..1d279103d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] *) Add support for STORE in ENGINE. [Richard Levitte] @@ -533,7 +533,17 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + + *) Various S/MIME bugfixes and compatibility changes: + output correct application/pkcs7 MIME type if + PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. + Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening + of files as .eml work). Correctly handle very long lines in MIME + parser. + [Steve Henson] + + Changes between 0.9.7a and 0.9.7b [10 Apr 2003] *) Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat diff --git a/apps/smime.c b/apps/smime.c index 1d7d828e0..418e03cd6 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -168,6 +168,10 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-nooldmime")) + flags |= PKCS7_NOOLDMIMETYPE; + else if (!strcmp (*args, "-crlfeol")) + flags |= PKCS7_CRLFEOL; else if (!strcmp (*args, "-crl_check")) store_flags |= X509_V_FLAG_CRL_CHECK; else if (!strcmp (*args, "-crl_check_all")) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 123671b43..9382f4776 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if (EVP_MD_CTX_type(mdc) == md_type) break; + /* Workaround for some broken clients that put the signature + * OID instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; btmp=BIO_next(btmp); } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 431aff94f..16daf9ecd 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { char bound[33], c; int i; + char *mime_prefix, *mime_eol; + if (flags & PKCS7_NOOLDMIMETYPE) + mime_prefix = "application/pkcs7-"; + else + mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; if((flags & PKCS7_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ @@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) bound[i] = c; } bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); - BIO_printf(bio, "This is an S/MIME signed message\n\n"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); /* Now write out the first part */ - BIO_printf(bio, "------%s\r\n", bound); - + BIO_printf(bio, "------%s%s", bound, mime_eol); pkcs7_output_data(bio, data, p7, flags); - - BIO_printf(bio, "\n------%s\n", bound); + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ - BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio,"\n------%s--\n\n", bound); + BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); return 1; } /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio, "\n"); + BIO_printf(bio, "%s", mime_eol); return 1; } diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index e6f657266..ab04d352a 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_STREAM 0x400 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 /* Flags: for compatibility with older code */ From aff0542844173a9b7fc66b121bdf93316d9e801d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 2 Jun 2003 01:12:01 +0000 Subject: [PATCH 311/550] Stop checking for CRLF when start of buffer is reached. Add rest of long line fix which got missed before --- crypto/pkcs7/pk7_mime.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 16daf9ecd..4630e3180 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -376,11 +376,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = 0; - while(iscrlf(linebuf[len - 1])) { + while(len && iscrlf(linebuf[len - 1])) { len--; eol = 1; - } - BIO_write(out, linebuf, len); + } + if (len) + BIO_write(out, linebuf, len); if(eol) BIO_write(out, "\r\n", 2); } return 1; @@ -423,6 +424,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) { char linebuf[MAX_SMLEN]; int len, blen; + int eol = 0, next_eol = 0; BIO *bpart = NULL; STACK_OF(BIO) *parts; char state, part, first; @@ -442,15 +444,21 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) sk_BIO_push(parts, bpart); return 1; } else if(part) { + /* Strip CR+LF from linebuf */ + next_eol = 0; + while(len && iscrlf(linebuf[len - 1])) { + next_eol = 1; + len--; + } if(first) { first = 0; if(bpart) sk_BIO_push(parts, bpart); bpart = BIO_new(BIO_s_mem()); - - } else BIO_write(bpart, "\r\n", 2); - /* Strip CR+LF from linebuf */ - while(iscrlf(linebuf[len - 1])) len--; - BIO_write(bpart, linebuf, len); + } else if (eol) + BIO_write(bpart, "\r\n", 2); + eol = next_eol; + if (len) + BIO_write(bpart, linebuf, len); } } return 0; From ca82ac1feebc042662325b7879d39773183d85c6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 2 Jun 2003 17:53:42 +0000 Subject: [PATCH 312/550] Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer. --- crypto/pkcs7/pk7_mime.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 4630e3180..0480db219 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -102,7 +102,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a, static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, char *bound, int blen); static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int iscrlf(char c); +static int strip_eol(char *linebuf, int *plen); static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); static void mime_hdr_free(MIME_HEADER *hdr); @@ -375,11 +375,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = 0; - while(len && iscrlf(linebuf[len - 1])) { - len--; - eol = 1; - } + eol = strip_eol(linebuf, &len); if (len) BIO_write(out, linebuf, len); if(eol) BIO_write(out, "\r\n", 2); @@ -445,11 +441,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) return 1; } else if(part) { /* Strip CR+LF from linebuf */ - next_eol = 0; - while(len && iscrlf(linebuf[len - 1])) { - next_eol = 1; - len--; - } + next_eol = strip_eol(linebuf, &len); if(first) { first = 0; if(bpart) sk_BIO_push(parts, bpart); @@ -464,12 +456,6 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) return 0; } -static int iscrlf(char c) -{ - if(c == '\r' || c == '\n') return 1; - return 0; -} - /* This is the big one: parse MIME header lines up to message body */ #define MIME_INVALID 0 @@ -750,3 +736,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen) } return 0; } + +static int strip_eol(char *linebuf, int *plen) + { + int len = *plen; + char *p, c; + int is_eol = 0; + p = linebuf + len - 1; + for (p = linebuf + len - 1; len > 0; len--, p--) + { + c = *p; + if (c == '\n') + is_eol = 1; + else if (c != '\r') + break; + } + *plen = len; + return is_eol; + } From 63b815583b467b8ca49ded29776f50a2f7906f00 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 3 Jun 2003 00:16:47 +0000 Subject: [PATCH 313/550] Update CHANGES to reflect base64 fix added to 0.9.7 --- CHANGES | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 1d279103d..f74bc98da 100644 --- a/CHANGES +++ b/CHANGES @@ -100,11 +100,6 @@ Make that possible even when linking against static libraries! [Richard Levitte] - *) Various fixes to base64 BIO and non blocking I/O. On write - flushes were not handled properly if the BIO retried. On read - data was not being buffered properly and had various logic bugs. - [Steve Henson] - *) Support for single pass processing for S/MIME signing. This now means that S/MIME signing can be done from a pipe, in addition cleartext signing (multipart/signed type) is effectively streaming @@ -535,6 +530,13 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + This also affects blocking I/O when the data being decoded is a + certain size. + [Steve Henson] + *) Various S/MIME bugfixes and compatibility changes: output correct application/pkcs7 MIME type if PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. From db01746978cbc383a55b58e8f9441452a0cb5964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 3 Jun 2003 09:59:44 +0000 Subject: [PATCH 314/550] Clarify return value of SSL_connect() and SSL_accept() in case of the WANT_READ and WANT_WRITE conditions. --- doc/ssl/SSL_accept.pod | 3 ++- doc/ssl/SSL_connect.pod | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index a673edba8..cc724c0d5 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -28,7 +28,8 @@ should be called again. If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() -to continue the handshake. In this case a call to SSL_get_error() with the +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 8426310c0..cc56ebb75 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -25,7 +25,8 @@ handshake has been finished or an error occurred. If the underlying BIO is B, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() -to continue the handshake. In this case a call to SSL_get_error() with the +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). From 50078051bd1c63b04ff4842965081eb65db0421e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Jun 2003 00:40:05 +0000 Subject: [PATCH 315/550] Really get X509_CRL_CHECK_ALL right this time... --- crypto/x509/x509_vfy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 552d1e725..f60054bd3 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx) if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) return 1; if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) - last = 0; - else last = sk_X509_num(ctx->chain) - 1; + else + last = 0; for(i = 0; i <= last; i++) { ctx->error_depth = i; From f796dc5c06137b18ce2ebba5617d4777428005b7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:10:11 +0000 Subject: [PATCH 316/550] Make sure debug-solaris-sparcv9-gcc is consistent with solaris-sparcv9-gcc. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index b829d6632..77b57e290 100755 --- a/Configure +++ b/Configure @@ -178,7 +178,7 @@ my %table=( #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests From f6eba601b098a7a7762e53dafea55da7a176e36c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:10:43 +0000 Subject: [PATCH 317/550] Make sure that size_t matches size_t. --- crypto/ecdh/ech_ossl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b3cff5ad9..6a8ed8464 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -109,7 +109,8 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E BN_CTX *ctx; EC_POINT *tmp=NULL; BIGNUM *x=NULL, *y=NULL; - int ret= -1, buflen, len; + int ret= -1; + size_t buflen, len; unsigned char *buf=NULL; if (outlen > INT_MAX) From e31047744aa6dd583c3aec226d764990aebfcd64 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:11:15 +0000 Subject: [PATCH 318/550] Make sure the function definitions match their declaration. --- crypto/engine/eng_ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index ad3858395..d9104d3b0 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -177,7 +177,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) return -1; } -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ctrl_exists, ref_exists; if(e == NULL) @@ -247,7 +247,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd) } int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional) + long i, void *p, void (*f)(void), int cmd_optional) { int num; From 4af31846621aec07ab167dbec2d025deb00fcf75 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:11:44 +0000 Subject: [PATCH 319/550] Remove extra ; --- crypto/store/store.h | 2 +- crypto/store/str_lib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 958252a63..c1cbb399f 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -221,7 +221,7 @@ typedef struct STORE_OBJECT_st BUF_MEM *arbitrary; } data; } STORE_OBJECT; -DECLARE_STACK_OF(STORE_OBJECT); +DECLARE_STACK_OF(STORE_OBJECT) STORE_OBJECT *STORE_OBJECT_new(void); void STORE_OBJECT_free(STORE_OBJECT *data); diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index a9f302b2c..2d419bcd4 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1123,7 +1123,7 @@ void STORE_OBJECT_free(STORE_OBJECT *data) OPENSSL_free(data); } -IMPLEMENT_STACK_OF(STORE_OBJECT*); +IMPLEMENT_STACK_OF(STORE_OBJECT*) struct STORE_attr_info_st From 2ee67f1dad9b2c8e6a097ba1fdd2ea2b0eb69719 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:13:19 +0000 Subject: [PATCH 320/550] Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others). --- crypto/ui/ui_openssl.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 75318d48a..ce1cb1dfc 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -117,6 +117,13 @@ #include +#define _POSIX_C_SOURCE 1 +#include +#include +#undef _POSIX_C_SOURCE +#include +#include + #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) # ifdef OPENSSL_UNISTD # include OPENSSL_UNISTD @@ -145,10 +152,6 @@ /* 06-Apr-92 Luke Brennan Support for VMS */ #include "ui_locl.h" #include "cryptlib.h" -#include -#include -#include -#include #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ # include @@ -476,7 +479,7 @@ static int open_console(UI *ui) #endif #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in),&tty_orig) == -1) + if (TTY_get(fileno(tty_in),&tty_orig) == -1) { #ifdef ENOTTY if (errno == ENOTTY) From dcfb57c736c2591c80b40d40e5f3a664882fb738 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 6 Jun 2003 17:51:34 +0000 Subject: [PATCH 321/550] This memset() in the ubsec ENGINE is a bug. Zeroing out the result array should not be necessary in any case, but more importantly the result and input BIGNUMs could be the same, in which case this is clearly a problem. Submitted by: Jonathan Hersch Reviewed by: Joe Orton Approved by: Geoff Thorpe --- engines/e_ubsec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 02927d7b3..b019714a5 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -566,7 +566,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); return 0; } - memset(r->d, 0, BN_num_bytes(m)); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { fd = 0; From 40e5b9abeb5993e5411b35e2e473f9f8c36ebc3e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 9 Jun 2003 07:56:18 +0000 Subject: [PATCH 322/550] Typo --- doc/crypto/d2i_X509.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 5e3c3d098..e8e946e18 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -23,13 +23,13 @@ i2d_X509_fp - X509 encode and decode functions The X509 encode and decode routines encode and parse an B structure, which represents an X509 certificate. -d2i_X509() attempts to decode B bytes at B<*out>. If +d2i_X509() attempts to decode B bytes at B<*in>. If successful a pointer to the B structure is returned. If an error occurred then B is returned. If B is not B then the returned structure is written to B<*px>. If B<*px> is not B then it is assumed that B<*px> contains a valid B structure and an attempt is made to reuse it. If the call is -successful B<*out> is incremented to the byte following the +successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B into DER format. From 55b12f864137e11e5a5d6c79646d2d99f8eee8a4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 10 Jun 2003 04:11:42 +0000 Subject: [PATCH 323/550] The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting --- crypto/aes/aes_cbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 01e965a53..86b27b10d 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -86,7 +86,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, for(n=len; n < AES_BLOCK_SIZE; ++n) tmp[n] = ivec[n]; AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, len); + memcpy(out, tmp, AES_BLOCK_SIZE); memcpy(ivec, tmp, AES_BLOCK_SIZE); } } else { From a069460015e249c523c53dfc0b992d290bbcd3fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 10 Jun 2003 04:42:38 +0000 Subject: [PATCH 324/550] Document the AES_cbc_encrypt() change --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index f74bc98da..9c05ac611 100644 --- a/CHANGES +++ b/CHANGES @@ -530,6 +530,10 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) Change AES_cbc_encrypt() so it outputs exact multiple of + blocks during encryption. + [Richard Levitte] + *) Various fixes to base64 BIO and non blocking I/O. On write flushes were not handled properly if the BIO retried. On read data was not being buffered properly and had various logic bugs. From e66d863cd0f0b09a375c2fc9bff7bfd1e9c3a2a2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 04:46:08 +0000 Subject: [PATCH 325/550] Add crypto/store to the directories to look through. --- util/mkfiles.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 70d1348a3..a95d14cc6 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -53,6 +53,7 @@ my @dirs = ( "crypto/ocsp", "crypto/ui", "crypto/krb5", +"crypto/store", "ssl", "apps", "test", From 606c8048a08d424663ff69045ba3f657a3e38d72 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 18:43:45 +0000 Subject: [PATCH 326/550] Make sure to NUL-terminate the string on end-of-file (and error) PR: 643 --- crypto/bio/bf_buff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 1cecd7057..c1fd75aaa 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size) if (i <= 0) { BIO_copy_next_retry(b); + *buf='\0'; if (i < 0) return((num > 0)?num:i); if (i == 0) return(num); } From 490967195a57553c2a8f6606d2a34f86d80b0257 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 19:44:37 +0000 Subject: [PATCH 327/550] Handle des_modes.pod properly. PR: 634 --- Makefile.org | 4 ++-- util/extract-names.pl | 4 ++-- util/point.sh | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile.org b/Makefile.org index 141956adf..2b9e5f892 100644 --- a/Makefile.org +++ b/Makefile.org @@ -580,7 +580,7 @@ install_docs: grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ for i in doc/crypto/*.pod doc/ssl/*.pod; do \ @@ -596,7 +596,7 @@ install_docs: grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done diff --git a/util/extract-names.pl b/util/extract-names.pl index d413a045c..9f2ad5ef1 100644 --- a/util/extract-names.pl +++ b/util/extract-names.pl @@ -9,8 +9,8 @@ while() { } elsif ($name) { if (/ - /) { s/ - .*//; - s/[ \t,]+/ /g; - push @words, split ' '; + s/,[ \t]+/,/g; + push @words, split ','; } } if (/^=head1 *NAME *$/) { diff --git a/util/point.sh b/util/point.sh index ce7dcc56d..4790e08f8 100755 --- a/util/point.sh +++ b/util/point.sh @@ -1,10 +1,10 @@ #!/bin/sh -rm -f $2 +rm -f "$2" if test "$OSTYPE" = msdosdjgpp; then - cp $1 $2 + cp "$1" "$2" else - ln -s $1 $2 + ln -s "$1" "$2" fi echo "$2 => $1" From 54f64516703cb090758369351a84e3df76868799 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 20:49:58 +0000 Subject: [PATCH 328/550] Add functionality to set marks on the error stack and to pop all errors to the next mark. --- CHANGES | 6 +++++- crypto/err/err.c | 51 +++++++++++++++++++++++++++++++++++++++++++----- crypto/err/err.h | 6 ++++++ 3 files changed, 57 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 9c05ac611..7c9c59c5c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better + control of the error stack. + [Richard Levitte] + *) Add support for STORE in ENGINE. [Richard Levitte] @@ -662,7 +666,7 @@ yet to be integrated into this CVS branch: the config script, much like the NetBSD support. [Richard Levitte & Kris Kennaway ] - Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + Changes between 0.9.6j and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last diff --git a/crypto/err/err.c b/crypto/err/err.c index 1f943c82a..2da71c01b 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -548,13 +548,24 @@ static void build_SYS_str_reasons() #endif #define err_clear_data(p,i) \ + do { \ if (((p)->err_data[i] != NULL) && \ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ { \ OPENSSL_free((p)->err_data[i]); \ (p)->err_data[i]=NULL; \ } \ - (p)->err_data_flags[i]=0; + (p)->err_data_flags[i]=0; \ + } while(0) + +#define err_clear(p,i) \ + do { \ + es->err_flags[i]=0; \ + es->err_buffer[i]=0; \ + err_clear_data(p,i); \ + es->err_file[i]=NULL; \ + es->err_line[i]= -1; \ + } while(0) static void ERR_STATE_free(ERR_STATE *s) { @@ -645,6 +656,7 @@ void ERR_put_error(int lib, int func, int reason, const char *file, es->top=(es->top+1)%ERR_NUM_ERRORS; if (es->top == es->bottom) es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; + es->err_flags[es->top]=0; es->err_buffer[es->top]=ERR_PACK(lib,func,reason); es->err_file[es->top]=file; es->err_line[es->top]=line; @@ -660,10 +672,7 @@ void ERR_clear_error(void) for (i=0; ierr_buffer[i]=0; - err_clear_data(es,i); - es->err_file[i]=NULL; - es->err_line[i]= -1; + err_clear(es,i); } es->top=es->bottom=0; } @@ -1034,3 +1043,35 @@ void ERR_add_error_data(int num, ...) err: va_end(args); } + +int ERR_set_mark(void) + { + int i=0; + ERR_STATE *es; + + es=ERR_get_state(); + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]|=ERR_FLAG_MARK; + return 1; + } + +int ERR_pop_to_mark(void) + { + int i=0; + ERR_STATE *es; + + es=ERR_get_state(); + + while(es->bottom != es->top + && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) + { + err_clear(es,es->top); + es->top-=1; + if (es->top == -1) es->top=ERR_NUM_ERRORS; + } + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]&=~ERR_FLAG_MARK; + return 1; + } diff --git a/crypto/err/err.h b/crypto/err/err.h index 08838190f..1228acfe5 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -88,10 +88,13 @@ extern "C" { #define ERR_TXT_MALLOCED 0x01 #define ERR_TXT_STRING 0x02 +#define ERR_FLAG_MARK 0x01 + #define ERR_NUM_ERRORS 16 typedef struct err_state_st { unsigned long pid; + int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; int err_data_flags[ERR_NUM_ERRORS]; @@ -294,6 +297,9 @@ LHASH *ERR_get_err_state_table(void); int ERR_get_next_error_library(void); +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + /* This opaque type encapsulates the low-level error-state functions */ typedef struct st_ERR_FNS ERR_FNS; /* An application can use this function and provide the return value to loaded From 36bad5cdfd702c2d183c52527766c882f19ab471 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 20:51:49 +0000 Subject: [PATCH 329/550] Add documentation for ERR_set_mark() and ERR_pop_to_mark(). --- doc/crypto/ERR_set_mark.pod | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 doc/crypto/ERR_set_mark.pod diff --git a/doc/crypto/ERR_set_mark.pod b/doc/crypto/ERR_set_mark.pod new file mode 100644 index 000000000..d3ca4f2e7 --- /dev/null +++ b/doc/crypto/ERR_set_mark.pod @@ -0,0 +1,38 @@ +=pod + +=head1 NAME + +ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark + +=head1 SYNOPSIS + + #include + + int ERR_set_mark(void); + + int ERR_pop_to_mark(void); + +=head1 DESCRIPTION + +ERR_set_mark() sets a mark on the current topmost error record if there +is one. + +ERR_pop_to_mark() will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. + +=head1 RETURN VALUES + +ERR_set_mark() returns 0 if the error stack is empty, otherwise 1. + +ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +ERR_set_mark() and ERR_pop_to_mark() were added in OpenSSL 0.9.8. + +=cut From 33862b90bb97316806532c4e1b95514066d7d02d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 21:22:30 +0000 Subject: [PATCH 330/550] Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617 --- crypto/x509/x509_trs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 17d69ac00..881252608 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = { {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, +{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} }; From c78b4f1d3db20da258bb5504b22ad9ec871bb631 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 21:47:21 +0000 Subject: [PATCH 331/550] Remove unused variable --- crypto/err/err.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 2da71c01b..9b9bec685 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1046,7 +1046,6 @@ err: int ERR_set_mark(void) { - int i=0; ERR_STATE *es; es=ERR_get_state(); @@ -1058,7 +1057,6 @@ int ERR_set_mark(void) int ERR_pop_to_mark(void) { - int i=0; ERR_STATE *es; es=ERR_get_state(); From fadd2246a030154efc8f47c98606bcd30ecb64b5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:26:02 +0000 Subject: [PATCH 332/550] Avoid warnings saying that the format takes a void*. --- apps/s_cb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 1410178d6..28f8acc1e 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -240,14 +240,14 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", - bio,argp,argi,ret,ret); + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", - bio,argp,argi,ret,ret); + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); From 98cec7fc7b9058aa7a43c3b27591be9a841cead5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:27:19 +0000 Subject: [PATCH 333/550] make update --- TABLE | 8 ++-- engines/Makefile.ssl | 101 +++++++++++++++++++++++++++---------------- util/libeay.num | 2 + 3 files changed, 70 insertions(+), 41 deletions(-) diff --git a/TABLE b/TABLE index d8fd63c06..5d098118f 100644 --- a/TABLE +++ b/TABLE @@ -1952,16 +1952,16 @@ $arflags = *** debug-solaris-sparcv9-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT -$sys_id = +$sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = -$md5_obj = +$md5_obj = asm/md5-sparcv8plus.o $sha1_obj = $cast_obj = $rc4_obj = diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index 6a010e05d..24787ab75 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -141,10 +141,11 @@ e_4758_cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h e_4758_cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_4758_cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_4758_cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758_cca.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_4758_cca.o: ../include/openssl/x509_vfy.h e_4758_cca.c e_4758_cca_err.c -e_4758_cca.o: e_4758_cca_err.h vendor_defns/hw_4758_cca.h +e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/store.h +e_4758_cca.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_4758_cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_4758_cca.o: e_4758_cca.c e_4758_cca_err.c e_4758_cca_err.h +e_4758_cca.o: vendor_defns/hw_4758_cca.h e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -152,11 +153,15 @@ e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h -e_aep.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_aep.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_aep.c +e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_aep.o: ../include/openssl/stack.h ../include/openssl/store.h +e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -165,11 +170,15 @@ e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h -e_atalla.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_atalla.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_atalla.c +e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_atalla.o: ../include/openssl/stack.h ../include/openssl/store.h +e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -178,11 +187,15 @@ e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h -e_cswift.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_cswift.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_cswift.c +e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_cswift.o: ../include/openssl/stack.h ../include/openssl/store.h +e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -190,12 +203,16 @@ e_gmp.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_gmp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_gmp.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +e_gmp.o: ../include/openssl/err.h ../include/openssl/evp.h +e_gmp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_gmp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_gmp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_gmp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_gmp.o: ../include/openssl/ui.h e_gmp.c +e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_gmp.o: ../include/openssl/store.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/ui.h ../include/openssl/x509.h +e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c e_ncipher.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ncipher.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -210,10 +227,11 @@ e_ncipher.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h e_ncipher.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h e_ncipher.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_ncipher.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_ncipher.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_ncipher.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_ncipher.o: ../include/openssl/x509_vfy.h e_ncipher.c e_ncipher_err.c -e_ncipher.o: e_ncipher_err.h vendor_defns/hwcryptohook.h +e_ncipher.o: ../include/openssl/stack.h ../include/openssl/store.h +e_ncipher.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_ncipher.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_ncipher.o: e_ncipher.c e_ncipher_err.c e_ncipher_err.h +e_ncipher.o: vendor_defns/hwcryptohook.h e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -221,11 +239,15 @@ e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h -e_nuron.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_nuron.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_nuron.c +e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_nuron.o: ../include/openssl/stack.h ../include/openssl/store.h +e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c e_nuron.o: e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -241,10 +263,11 @@ e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_sureware.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c -e_sureware.o: e_sureware_err.h vendor_defns/sureware.h +e_sureware.o: ../include/openssl/stack.h ../include/openssl/store.h +e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h +e_sureware.o: vendor_defns/sureware.h e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -252,9 +275,13 @@ e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h -e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_ubsec.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_ubsec.c +e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_ubsec.o: ../include/openssl/stack.h ../include/openssl/store.h +e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h diff --git a/util/libeay.num b/util/libeay.num index 495b8bc6b..97082f053 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3144,3 +3144,5 @@ STORE_get_arbitrary 3573 EXIST::FUNCTION: STORE_delete_arbitrary 3574 EXIST::FUNCTION: STORE_store_arbitrary 3575 EXIST::FUNCTION: STORE_new_engine 3576 EXIST::FUNCTION: +ERR_set_mark 3577 EXIST::FUNCTION: +ERR_pop_to_mark 3578 EXIST::FUNCTION: From e666c4599f017c244873a0184807ee22058a70b3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:42:28 +0000 Subject: [PATCH 334/550] Add the possibility to have symbols loaded globally with DSO. --- CHANGES | 3 +++ crypto/dso/dso.h | 7 +++++++ crypto/dso/dso_dlfcn.c | 8 +++++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7c9c59c5c..84bba6b68 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Add the possibility to load symbols globally with DSO. + [Götz Babin-Ebell via Richard Levitte] + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. [Richard Levitte] diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index 9a1cdabf3..fccf54f96 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -95,6 +95,13 @@ extern "C" { */ #define DSO_FLAG_UPCASE_SYMBOL 0x10 +/* This flag loads the library with public symbols. + * Meaning: The exported symbols of this library are public + * to all libraries loaded after this library. + * At the moment only implemented in unix. + */ +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + typedef void (*DSO_FUNC_TYPE)(void); diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index de88b2fd1..259aee83e 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -140,13 +140,19 @@ static int dlfcn_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); + int flags = DLOPEN_FLAG; if(filename == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = dlopen(filename, DLOPEN_FLAG); + +#ifdef RTLD_GLOBAL + if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) + flags |= RTLD_GLOBAL; +#endif + ptr = dlopen(filename, flags); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); From c14b337570516d417736bfc1e694706a6f5679e5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:45:53 +0000 Subject: [PATCH 335/550] Typo. PR: 593 --- demos/engines/zencod/hw_zencod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/engines/zencod/hw_zencod.h b/demos/engines/zencod/hw_zencod.h index 195345d8c..415c9a6be 100644 --- a/demos/engines/zencod/hw_zencod.h +++ b/demos/engines/zencod/hw_zencod.h @@ -46,7 +46,7 @@ typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key); /* - * Key managment tools + * Key management tools */ typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data); typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data); From 54bbde3c3fb5ba9596245bbd8f7490136b6cc10d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 00:51:54 +0000 Subject: [PATCH 336/550] Make sure DSO-dlfcn works properly on SunOS4. PR: 585 --- crypto/dso/dso_dlfcn.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 259aee83e..2d7534afa 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -128,7 +128,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # endif # endif #else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# ifdef OPENSSL_SYS_SUNOS +# define DLOPEN_FLAG 1 +# else +# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# endif #endif /* For this DSO_METHOD, our meth_data STACK will contain; From 700d86ea18b5c4f3fc0402ca5b4e9bc35f11d85c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 00:56:27 +0000 Subject: [PATCH 337/550] Make sure ssize_t is defined on SunOS4. PR: 585 --- e_os.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/e_os.h b/e_os.h index f70958df8..9eb6c1ed5 100644 --- a/e_os.h +++ b/e_os.h @@ -331,6 +331,8 @@ extern "C" { # define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP * (unless when compiling with -D_POSIX_SOURCE, * which doesn't work for us) */ +# endif +# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) # define ssize_t int /* ditto */ # endif # ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ From 8645c415cf2cbb6ca1256cd3286c03f37aa88742 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 00:57:25 +0000 Subject: [PATCH 338/550] Do not try to use non-existent gmtime_r() on SunOS4. PR: 585 --- crypto/o_time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index 723eb1b5a..785468131 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) /* should return &data, but doesn't on some systems, so we don't even look at the return value */ gmtime_r(timer,result); From 5a1fd87ec1080a11ca120f8380b0eb59740a09f2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 01:04:05 +0000 Subject: [PATCH 339/550] Typo. PR: 584 --- bugs/SSLv3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bugs/SSLv3 b/bugs/SSLv3 index db53e1343..a75a1652d 100644 --- a/bugs/SSLv3 +++ b/bugs/SSLv3 @@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when doing a re-connect, always takes the first cipher in the cipher list. If we accept a netscape connection, demand a client cert, have a -non-self-sighed CA which does not have it's CA in netscape, and the +non-self-signed CA which does not have it's CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta Netscape browsers do not really notice the server sending a From a3a2ff4cd9ada10effaa514af90c7638ab0e9824 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 18:13:27 +0000 Subject: [PATCH 340/550] Beautify --- crypto/store/str_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 2d419bcd4..ab3fd423b 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -84,10 +84,10 @@ const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = { 0, - -1, /* FRIENDLYNAME: C string */ + -1, /* FRIENDLYNAME: C string */ SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ - SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ From b52d512dfa04ec44cb58ec1efa6a230a4693b0b0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 21:32:54 +0000 Subject: [PATCH 341/550] Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key. --- crypto/store/store.h | 3 ++ crypto/store/str_lib.c | 95 +++++++++++++++++++++++++++++++++++++----- crypto/store/str_mem.c | 4 +- 3 files changed, 90 insertions(+), 12 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index c1cbb399f..e82aa3edd 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -411,6 +411,9 @@ int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, /* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in each contained attribute. */ int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a is within the range of attributes + set in b. */ +int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); /* Check if the set of attributes in a are also set in b. */ int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); /* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index ab3fd423b..a8bd53132 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1536,21 +1536,94 @@ int STORE_parse_attrs_endp(void *handle) return 0; } +static int attr_info_compare_compute_range( + unsigned char *abits, unsigned char *bbits, + unsigned int *alowp, unsigned int *ahighp, + unsigned int *blowp, unsigned int *bhighp) + { + unsigned int alow = (unsigned int)-1, ahigh = 0; + unsigned int blow = (unsigned int)-1, bhigh = 0; + int i, res = 0; + + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (res == 0) + { + if (*abits < *bbits) res = -1; + if (*abits > *bbits) res = 1; + } + if (*abits) + { + if (alow == (unsigned int)-1) + { + alow = i * 8; + if (!(*abits & 0x01)) alow++; + if (!(*abits & 0x02)) alow++; + if (!(*abits & 0x04)) alow++; + if (!(*abits & 0x08)) alow++; + if (!(*abits & 0x10)) alow++; + if (!(*abits & 0x20)) alow++; + if (!(*abits & 0x40)) alow++; + } + ahigh = i * 8 + 7; + if (!(*abits & 0x80)) ahigh++; + if (!(*abits & 0x40)) ahigh++; + if (!(*abits & 0x20)) ahigh++; + if (!(*abits & 0x10)) ahigh++; + if (!(*abits & 0x08)) ahigh++; + if (!(*abits & 0x04)) ahigh++; + if (!(*abits & 0x02)) ahigh++; + } + if (*bbits) + { + if (blow == (unsigned int)-1) + { + blow = i * 8; + if (!(*bbits & 0x01)) blow++; + if (!(*bbits & 0x02)) blow++; + if (!(*bbits & 0x04)) blow++; + if (!(*bbits & 0x08)) blow++; + if (!(*bbits & 0x10)) blow++; + if (!(*bbits & 0x20)) blow++; + if (!(*bbits & 0x40)) blow++; + } + bhigh = i * 8 + 7; + if (!(*bbits & 0x80)) bhigh++; + if (!(*bbits & 0x40)) bhigh++; + if (!(*bbits & 0x20)) bhigh++; + if (!(*bbits & 0x10)) bhigh++; + if (!(*bbits & 0x08)) bhigh++; + if (!(*bbits & 0x04)) bhigh++; + if (!(*bbits & 0x02)) bhigh++; + } + } + if (ahigh + alow < bhigh + blow) res = -1; + if (ahigh + alow > bhigh + blow) res = 1; + if (alowp) *alowp = alow; + if (ahighp) *ahighp = ahigh; + if (blowp) *blowp = blow; + if (bhighp) *bhighp = bhigh; + return res; + } + int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { - unsigned char *abits, *bbits; - int i; - if (a == b) return 0; if (!a) return -1; if (!b) return 1; - abits = a->set; - bbits = b->set; - for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) - { - if (*abits < *bbits) return -1; - if (*abits > *bbits) return 1; - } + return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); + } +int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned int alow, ahigh, blow, bhigh; + + if (a == b) return 1; + if (!a) return 0; + if (!b) return 0; + attr_info_compare_compute_range(a->set, b->set, + &alow, &ahigh, &blow, &bhigh); + if (alow >= blow && ahigh <= bhigh) + return 1; return 0; } int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) @@ -1565,7 +1638,7 @@ int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) bbits = b->set; for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { - if (*abits && *bbits != *abits) + if (*abits && (*bbits & *abits) != *abits) return 0; } return 1; diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 7480de002..25d789a06 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -206,7 +206,7 @@ static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, return 0; } -/* The list functions may be the hardest to nuderstand. Basically, +/* The list functions may be the hardest to understand. Basically, mem_list_start compiles a stack of attribute info elements, and puts that stack into the context to be returned. mem_list_next will then find the first matching element in the store, and then @@ -305,6 +305,8 @@ static STORE_OBJECT *mem_list_next(STORE *s, void *handle) context->search_index); for(srch = context->search_index; srch < sk_num(store->data) + && STORE_ATTR_INFO_in_range(key.attr_info, + (STORE_ATTR_INFO *)sk_value(store->data, srch)) && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, (STORE_ATTR_INFO *)sk_value(store->data, srch))); srch++) From d97322f0e6583d72f18ccdef6ebb3d8942a63c19 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 18 Jun 2003 07:12:28 +0000 Subject: [PATCH 342/550] Missing string and potential memory leaks. Notified by Goetz Babin-Ebell --- crypto/store/str_lib.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index a8bd53132..5e6e424ba 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -69,7 +69,8 @@ const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = "X.509 CRL", "Private Key", "Public Key", - "Number" + "Number", + "Arbitrary Data" }; const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = @@ -101,19 +102,20 @@ STORE *STORE_new_method(const STORE_METHOD *method) { STORE *ret; + if (method == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); if (ret == NULL) { STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); return NULL; } - if (method == NULL) - { - STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - else - ret->meth=method; + + ret->meth=method; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); if (ret->meth->init && !ret->meth->init(ret)) @@ -261,12 +263,13 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_CERTIFICATE, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_CERTIFICATE, @@ -452,12 +455,13 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_PRIVATE_KEY, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_PRIVATE_KEY, @@ -628,12 +632,13 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_PUBLIC_KEY, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_PUBLIC_KEY, @@ -830,12 +835,13 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_CRL, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_CRL, @@ -953,12 +959,13 @@ int STORE_list_crl_endp(STORE *s, void *handle) int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_NUMBER, store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_NUMBER, @@ -1024,12 +1031,13 @@ int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_ARBITRARY, store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_ARBITRARY, From 0bd71d3b7ebcfe583b91b3939d807d4dd6758f05 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 18 Jun 2003 07:14:52 +0000 Subject: [PATCH 343/550] Add the application data type to the README. --- crypto/store/README | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/store/README b/crypto/store/README index a5a494899..966168f6a 100644 --- a/crypto/store/README +++ b/crypto/store/README @@ -18,6 +18,7 @@ X.509 CRL private key public key number +arbitrary (application) data The intention is that a STORE should be able to store everything needed by an application that wants a cert/key store, as well as From d3a28e8b8da8ecde549e842249ff12a53390d51c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 16:56:19 +0000 Subject: [PATCH 344/550] EXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will take care of returning if necessary. --- e_os.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e_os.h b/e_os.h index 9eb6c1ed5..3800bfd75 100644 --- a/e_os.h +++ b/e_os.h @@ -250,7 +250,7 @@ extern "C" { # define EXIT(n) _wsetexit(_WINEXITNOPERSIST) # define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) # else -# define EXIT(n) return(n) +# define EXIT(n) exit(n) # endif # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK From 4e9023f4d23a13387f490e83dae82e97d7d8a7a0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 16:56:48 +0000 Subject: [PATCH 345/550] Unsigned vs. signed fixed. --- crypto/ecdh/ech_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 6a8ed8464..c7633bac7 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -173,7 +173,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E } memset(buf, 0, buflen - len); - if (len != BN_bn2bin(x, buf + buflen - len)) + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; From 834ac33a3778bf5aa2c972d60e833bc6f83169df Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 16:57:38 +0000 Subject: [PATCH 346/550] dynamic_ctrl() didn't have exactly the same prototype as defined by ENGINE_CTRL_FUNC_PTR. --- crypto/engine/eng_dyn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 61ae23057..3a1c200ce 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -70,7 +70,7 @@ /* Our ENGINE handlers */ static int dynamic_init(ENGINE *e); static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Predeclare our context type */ typedef struct st_dynamic_data_ctx dynamic_data_ctx; /* The implementation for the important control command */ From fd4ef699133e445e8224f68d39cc155ea4a26c1a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 17:40:16 +0000 Subject: [PATCH 347/550] Implement CRL numbers. Contributed in whole by Laurent Genier PR: 644 --- apps/ca.c | 36 ++++++++++++++++++++++++++++++++---- apps/openssl.cnf | 3 +++ 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 618d88b2d..2c7e91aab 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -122,6 +122,7 @@ #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" +#define ENV_CRLNUMBER "crlnumber" #define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" #define ENV_RANDFILE "RANDFILE" @@ -277,6 +278,7 @@ int MAIN(int argc, char **argv) char *outfile=NULL; char *outdir=NULL; char *serialfile=NULL; + char *crlnumberfile=NULL; char *extensions=NULL; char *extfile=NULL; char *subj=NULL; @@ -285,6 +287,7 @@ int MAIN(int argc, char **argv) int rev_type = REV_NONE; char *rev_arg = NULL; BIGNUM *serial=NULL; + BIGNUM *crlnumber=NULL; char *startdate=NULL; char *enddate=NULL; long days=0; @@ -1337,6 +1340,14 @@ bad: } } + if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) + != NULL) + if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL) + { + BIO_printf(bio_err,"error while loading CRL number\n"); + goto err; + } + if (!crldays && !crlhours) { if (!NCONF_get_number(conf,section, @@ -1418,14 +1429,24 @@ bad: /* Add any extensions asked for */ - if (crl_ext) + if (crl_ext || crlnumberfile != NULL) { X509V3_CTX crlctx; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); X509V3_set_nconf(&crlctx, conf); - if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, - crl_ext, crl)) goto err; + if (crl_ext) + if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, + crl_ext, crl)) goto err; + if (crlnumberfile != NULL) + { + tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); + if (!tmpser) goto err; + X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0); + ASN1_INTEGER_free(tmpser); + crl_v2 = 1; + if (!BN_add_word(crlnumber,1)) goto err; + } } if (crl_ext || crl_v2) { @@ -1433,9 +1454,17 @@ bad: goto err; /* version 2 CRL */ } + + if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; PEM_write_bio_X509_CRL(Sout,crl); + + if (crlnumberfile != NULL) /* Rename the crlnumber file */ + if (!rotate_serial(crlnumberfile,"new","old")) goto err; + } /*****************************************************************/ if (dorevoke) @@ -3086,4 +3115,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G return ret; } - diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 2696044cf..8941f454f 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -44,6 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file @@ -60,6 +62,7 @@ cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for From c5aba56c5bb20872888c33288f51d9f92a25ef9d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 17:50:37 +0000 Subject: [PATCH 348/550] Typo. --- doc/apps/ca.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 6d010216e..7cc9c5c5f 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -384,7 +384,7 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B, especially if combined with the B<-selfsign> command line option. -=item B +=item B a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. From 8fbb2af3921fa1b0b12976055e29a93055caca78 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 17:52:57 +0000 Subject: [PATCH 349/550] Add documentation for the new crlnumber configuration option. --- doc/apps/ca.pod | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 7cc9c5c5f..e2a4591a1 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -389,6 +389,12 @@ the B<-selfsign> command line option. a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. +=item B + +a text file containing the next CRL number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid CRL number. + =item B the same as B<-extensions>. From f6b9cd7f8224f8f1b7191d36a9bf1f55abeb3555 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 18:55:50 +0000 Subject: [PATCH 350/550] We set the export flag for 512 *bit* keys, not 512 *byte* ones. PR: 587 --- crypto/x509/x509type.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 4af98214a..8fe1c5458 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -112,7 +112,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) break; } - if (EVP_PKEY_size(pk) <= 512) + if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look + for, not bytes */ ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); From ed7f1d0bc61d06cb4455401d530214e1c38291a3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 18:59:27 +0000 Subject: [PATCH 351/550] Prepare for changes in the 0.9.6 branch --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 84bba6b68..c6163a063 100644 --- a/CHANGES +++ b/CHANGES @@ -2489,6 +2489,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + + *) + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] *) Countermeasure against the Klima-Pokorny-Rosa extension of From 4f1cd8324ca63d72bfb90bc2cb5dd32538935ac4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 19:01:05 +0000 Subject: [PATCH 352/550] Prepare for changes in the 0.9.6 branch --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index c6163a063..78260c51e 100644 --- a/CHANGES +++ b/CHANGES @@ -669,7 +669,7 @@ yet to be integrated into this CVS branch: the config script, much like the NetBSD support. [Richard Levitte & Kris Kennaway ] - Changes between 0.9.6j and 0.9.7 [31 Dec 2002] + Changes between 0.9.6k and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last From cf9a88cad759a8b3c93b808cfb0dd368143a8027 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 19:04:13 +0000 Subject: [PATCH 353/550] Document the last change. PR: 587 --- CHANGES | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 78260c51e..f81d555a0 100644 --- a/CHANGES +++ b/CHANGES @@ -2491,7 +2491,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] - *) + *) Change X509_cretificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] Changes between 0.9.6i and 0.9.6j [10 Apr 2003] From 37fcd48f8634ff5ce356e84711c756e06adbcd41 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 23:00:50 +0000 Subject: [PATCH 354/550] make update --- TABLE | 58 ++++++++++++++++++++++++------------------------- util/libeay.num | 1 + 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/TABLE b/TABLE index 5d098118f..0ad0fcaf9 100644 --- a/TABLE +++ b/TABLE @@ -1652,7 +1652,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1677,7 +1677,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1702,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1727,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1752,7 +1752,7 @@ $arflags = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1777,7 +1777,7 @@ $arflags = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1802,7 +1802,7 @@ $arflags = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1827,7 +1827,7 @@ $arflags = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2927,7 +2927,7 @@ $arflags = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -2952,7 +2952,7 @@ $arflags = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2977,7 +2977,7 @@ $arflags = *** linux-elf-arm $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3002,7 +3002,7 @@ $arflags = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 +$cflags = -DL_ENDIAN -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3027,7 +3027,7 @@ $arflags = *** linux-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3052,7 +3052,7 @@ $arflags = *** linux-ia64-ecc $cc = ecc -$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3077,7 +3077,7 @@ $arflags = *** linux-k6 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=k6 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3102,7 +3102,7 @@ $arflags = *** linux-m68k $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O2 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3127,7 +3127,7 @@ $arflags = *** linux-mips $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3152,7 +3152,7 @@ $arflags = *** linux-mipsel $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3177,7 +3177,7 @@ $arflags = *** linux-parisc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3202,7 +3202,7 @@ $arflags = *** linux-pentium $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3227,7 +3227,7 @@ $arflags = *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3252,7 +3252,7 @@ $arflags = *** linux-ppro $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3277,7 +3277,7 @@ $arflags = *** linux-s390 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3302,7 +3302,7 @@ $arflags = *** linux-s390x $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3327,7 +3327,7 @@ $arflags = *** linux-sparcv7 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3352,7 +3352,7 @@ $arflags = *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3377,7 +3377,7 @@ $arflags = *** linux-sparcv9 $cc = gcc -$cflags = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -3402,7 +3402,7 @@ $arflags = *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int +$cflags = -m64 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3427,7 +3427,7 @@ $arflags = *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC diff --git a/util/libeay.num b/util/libeay.num index 97082f053..aee8b4215 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3146,3 +3146,4 @@ STORE_store_arbitrary 3575 EXIST::FUNCTION: STORE_new_engine 3576 EXIST::FUNCTION: ERR_set_mark 3577 EXIST::FUNCTION: ERR_pop_to_mark 3578 EXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3579 EXIST::FUNCTION: From cf82439de892cfd9e7fe722416f614bbb9a4a2ee Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 20 Jun 2003 00:57:18 +0000 Subject: [PATCH 355/550] Make sure the compiler knows we run with pedantic settings. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 77b57e290..a88c0cb6a 100755 --- a/Configure +++ b/Configure @@ -178,7 +178,7 @@ my %table=( #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests From 037f6e73f17c1b322d49fc23bd2934b969ffdf79 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 24 Jun 2003 17:11:44 +0000 Subject: [PATCH 356/550] Return EOF when an S/MIME part have been read. --- crypto/pkcs7/pk7_mime.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 0480db219..182341846 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -446,6 +446,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) first = 0; if(bpart) sk_BIO_push(parts, bpart); bpart = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bpart, 0); } else if (eol) BIO_write(bpart, "\r\n", 2); eol = next_eol; From 0fbffe7a7136950b3a83b619cbd21e7330fe3942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 25 Jun 2003 21:35:05 +0000 Subject: [PATCH 357/550] implement PKCS #8 / SEC1 private key format for ECC Submitted by: Nils Larsch --- apps/pkcs8.c | 17 +++++++ crypto/evp/evp_pkey.c | 108 ++++++++++++++++++++++++++---------------- 2 files changed, 84 insertions(+), 41 deletions(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index ee8cf0281..43a828484 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -232,11 +232,14 @@ int MAIN(int argc, char **argv) pkey = load_key(bio_err, infile, informat, 1, passin, e, "key"); if (!pkey) { + BIO_free_all(out); return (1); } if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } if(nocrypt) { @@ -246,6 +249,9 @@ int MAIN(int argc, char **argv) i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); else { BIO_printf(bio_err, "Bad format specified for key\n"); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } } else { @@ -253,7 +259,12 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) + { + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); + } } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, @@ -261,6 +272,9 @@ int MAIN(int argc, char **argv) NULL, 0, iter, p8inf))) { BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } app_RAND_write_file(NULL, bio_err); @@ -270,6 +284,9 @@ int MAIN(int argc, char **argv) i2d_PKCS8_bio(out, p8); else { BIO_printf(bio_err, "Bad format specified for key\n"); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } X509_SIG_free(p8); diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index a97b1f87d..6def5d44d 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -80,14 +80,15 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; ASN1_TYPE *t1, *t2; + ASN1_INTEGER *privkey; STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; + const unsigned char *p_tmp; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_TYPE *param = NULL; - ASN1_INTEGER *privkey; BN_CTX *ctx = NULL; int plen; #endif @@ -221,11 +222,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_EC case NID_X9_62_id_ecPublicKey: - if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto ecerr; - } + p_tmp = p; + /* extract the ec parameters */ param = p8->pkeyalg->parameter; if (!param || ((param->type != V_ASN1_SEQUENCE) && @@ -269,35 +267,40 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) } /* We have parameters now set private key */ - if (!(eckey->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } - /* Calculate public key */ - if ((eckey->pub_key = EC_POINT_new(eckey->group)) == NULL) + + /* calculate public key (if necessary) */ + if (!eckey->pub_key) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (!EC_POINT_copy(eckey->pub_key, - EC_GROUP_get0_generator(eckey->group))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (!EC_POINT_mul(eckey->group, eckey->pub_key, - eckey->priv_key, NULL, NULL, ctx)) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + eckey->pub_key = EC_POINT_new(eckey->group); + if (!eckey->pub_key) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_copy(eckey->pub_key, + EC_GROUP_get0_generator(eckey->group))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_mul(eckey->group, eckey->pub_key, + eckey->priv_key, NULL, NULL, ctx)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } } EVP_PKEY_assign_EC_KEY(pkey, eckey); if (ctx) BN_CTX_free(ctx); - if (privkey) - ASN1_INTEGER_free(privkey); break; ecerr: if (ctx) @@ -526,7 +529,8 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) EC_KEY *eckey; ASN1_INTEGER *prkey = NULL; unsigned char *p, *pp; - int nid; + int nid, i, ret = 0; + unsigned int tmp_flags; if (pkey->pkey.eckey == NULL || pkey->pkey.eckey->group == NULL) { @@ -564,7 +568,6 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) } else /* explicit parameters */ { - int i; if ((i = i2d_ECParameters(eckey, NULL)) == 0) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); @@ -595,35 +598,58 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) } /* set the private key */ - if ((prkey = BN_to_ASN1_INTEGER(pkey->pkey.eckey->priv_key, NULL)) - == NULL) + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + tmp_flags = pkey->pkey.eckey->enc_flag; + pkey->pkey.eckey->enc_flag |= EC_PKEY_NO_PARAMETERS; + i = i2d_ECPrivateKey(pkey->pkey.eckey, NULL); + if (!i) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); return 0; } + p = (unsigned char *) OPENSSL_malloc(i); + if (!p) + { + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECPrivateKey(pkey->pkey.eckey, &pp)) + { + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + /* restore old encoding flags */ + pkey->pkey.eckey->enc_flag = tmp_flags; switch(p8->broken) { case PKCS8_OK: - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!p8->pkey->value.octet_string || + !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, + (const void *)p, i)) + { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(prkey); - return 0; } - - ASN1_INTEGER_free(prkey); - + else + ret = 1; break; case PKCS8_NO_OCTET: /* RSA specific */ case PKCS8_NS_DB: /* DSA specific */ case PKCS8_EMBEDDED_PARAM: /* DSA specific */ default: EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; - } - return 1; + OPENSSL_cleanse(p, (size_t)i); + OPENSSL_free(p); + return ret; } #endif From dfc31519250a4b2fad51c19f0bb3a16f0d0947a9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 07:03:49 +0000 Subject: [PATCH 358/550] The definition of dynamic_ctrl() should change along with the declaration :-). --- crypto/engine/eng_dyn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 3a1c200ce..3cb46856c 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -316,7 +316,7 @@ static int dynamic_finish(ENGINE *e) return 0; } -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); int initialised; From c687a3d5d57d4b3e557a2f7a4a952c1ace749d4e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 07:05:19 +0000 Subject: [PATCH 359/550] Scan through the engines directory as well. --- util/mkfiles.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/util/mkfiles.pl b/util/mkfiles.pl index a95d14cc6..d8cac3a3b 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -56,6 +56,7 @@ my @dirs = ( "crypto/store", "ssl", "apps", +"engines", "test", "tools" ); From a99ce1a57481ff7de2971b9c5cc50c2613f4c420 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 07:10:10 +0000 Subject: [PATCH 360/550] Conform with the standard prototype for engine control functions. --- engines/e_4758_cca.c | 4 ++-- engines/e_aep.c | 4 ++-- engines/e_atalla.c | 4 ++-- engines/e_cswift.c | 4 ++-- engines/e_gmp.c | 4 ++-- engines/e_ncipher.c | 4 ++-- engines/e_nuron.c | 2 +- engines/e_sureware.c | 4 ++-- engines/e_ubsec.c | 4 ++-- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index 68a628229..ee52a3f66 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -76,7 +76,7 @@ static int ibm_4758_cca_destroy(ENGINE *e); static int ibm_4758_cca_init(ENGINE *e); static int ibm_4758_cca_finish(ENGINE *e); -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* rsa functions */ /*---------------*/ @@ -343,7 +343,7 @@ static int ibm_4758_cca_finish(ENGINE *e) return 1; } -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_aep.c b/engines/e_aep.c index 46ccac282..8e10bb776 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -88,7 +88,7 @@ typedef int pid_t; static int aep_init(ENGINE *e); static int aep_finish(ENGINE *e); -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int aep_destroy(ENGINE *e); static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection); @@ -554,7 +554,7 @@ static int aep_finish(ENGINE *e) return to_return; } -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((aep_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 64dcc046e..79abc7067 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -78,7 +78,7 @@ static int atalla_destroy(ENGINE *e); static int atalla_init(ENGINE *e); static int atalla_finish(ENGINE *e); -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* BIGNUM stuff */ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -406,7 +406,7 @@ static int atalla_finish(ENGINE *e) return 1; } -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((atalla_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 28a51d1bf..793aaccb1 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -92,7 +92,7 @@ static int cswift_destroy(ENGINE *e); static int cswift_init(ENGINE *e); static int cswift_finish(ENGINE *e); -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* BIGNUM stuff */ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -439,7 +439,7 @@ static int cswift_finish(ENGINE *e) return 1; } -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((cswift_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_gmp.c b/engines/e_gmp.c index 8d778fcbf..64cb039ed 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -97,7 +97,7 @@ static int e_gmp_destroy(ENGINE *e); static int e_gmp_init(ENGINE *e); static int e_gmp_finish(ENGINE *e); -static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); #ifndef OPENSSL_NO_RSA /* RSA stuff */ @@ -230,7 +230,7 @@ static int e_gmp_finish(ENGINE *e) return 1; } -static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index bf95ca861..e416cffed 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -88,7 +88,7 @@ static int hwcrhk_destroy(ENGINE *e); static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Functions to handle mutexes */ static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); @@ -648,7 +648,7 @@ static int hwcrhk_finish(ENGINE *e) return to_return; } -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_nuron.c b/engines/e_nuron.c index f9c379503..e3a9406c4 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -156,7 +156,7 @@ static int nuron_finish(ENGINE *e) return 1; } -static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((pvDSOHandle == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_sureware.c b/engines/e_sureware.c index cae8bf485..8e77e5c28 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -69,7 +69,7 @@ #define SUREWARE_LIB_NAME "sureware engine" #include "e_sureware_err.c" -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int surewarehk_destroy(ENGINE *e); static int surewarehk_init(ENGINE *e); static int surewarehk_finish(ENGINE *e); @@ -368,7 +368,7 @@ static BIO *logstream = NULL; * called, the checking and error handling is probably down there. */ static int threadsafe=1; -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index b019714a5..094458887 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -82,7 +82,7 @@ static int ubsec_destroy(ENGINE *e); static int ubsec_init(ENGINE *e); static int ubsec_finish(ENGINE *e); -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -518,7 +518,7 @@ static int ubsec_finish(ENGINE *e) return 1; } -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((ubsec_dso == NULL) ? 0 : 1); switch(cmd) From d55141ed7a844b4a0b8c75169267566695642840 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 10:23:00 +0000 Subject: [PATCH 361/550] "Remove" unused variable --- crypto/evp/evp_pkey.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 6def5d44d..ee7e3aaba 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -527,7 +527,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { EC_KEY *eckey; +#if 0 /* unused */ ASN1_INTEGER *prkey = NULL; +#endif unsigned char *p, *pp; int nid, i, ret = 0; unsigned int tmp_flags; From ed5fae580e88ce5612be3152ba739a208c61fcdd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 10:26:42 +0000 Subject: [PATCH 362/550] Implement missing functions. Have the f parameter to _ctrl functions have the prototype (*)(void) rather than (*)(), for the sake of C++ compilers. Disable unimplemented functionality. --- crypto/store/store.h | 29 ++++++++-- crypto/store/str_err.c | 18 +++++- crypto/store/str_lib.c | 121 ++++++++++++++++++++++++++++++++++++++++ crypto/store/str_mem.c | 4 +- crypto/store/str_meth.c | 33 +++++++++++ 5 files changed, 196 insertions(+), 9 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index e82aa3edd..314f21628 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -91,7 +91,7 @@ void STORE_free(STORE *ui); /* Give a user interface parametrised control commands. This can be used to send down an integer, a data pointer or a function pointer, as well as be used to get information from a STORE. */ -int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)()); +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)); /* A control to set the directory with keys and certificates. Used by the built-in directory level method. */ @@ -123,6 +123,7 @@ const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); and is of course volatile. It's used by other methods that have an in-memory cache. */ const STORE_METHOD *STORE_Memory(void); +#if 0 /* Not yet implemented */ /* This is the directory store. It does everything except revoking and updating, and uses STORE_Memory() to cache things in memory. */ const STORE_METHOD *STORE_Directory(void); @@ -130,7 +131,7 @@ const STORE_METHOD *STORE_Directory(void); and uses STORE_Memory() to cache things in memory. Certificates are added to it with the store operation, and it will only get cached certificates. */ const STORE_METHOD *STORE_File(void); - +#endif /* Store functions take a type code for the type of data they should store or fetch */ @@ -331,11 +332,11 @@ typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OP typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); +typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void)); -int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); -int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR gen_f); -int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR gen_f); +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f); +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f); +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f); int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); @@ -429,6 +430,7 @@ void ERR_load_STORE_strings(void); /* Error codes for the STORE functions. */ /* Function codes. */ +#define STORE_F_CTRL 160 #define STORE_F_MEM_DELETE 134 #define STORE_F_MEM_GENERATE 135 #define STORE_F_MEM_LIST_NEXT 136 @@ -449,6 +451,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 #define STORE_F_STORE_CERTIFICATE 100 #define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_CTRL 161 #define STORE_F_STORE_DELETE_ARBITRARY 158 #define STORE_F_STORE_DELETE_CERTIFICATE 102 #define STORE_F_STORE_DELETE_CRL 103 @@ -479,6 +482,12 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 #define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 #define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +#define STORE_F_STORE_MODIFY_ARBITRARY 162 +#define STORE_F_STORE_MODIFY_CERTIFICATE 163 +#define STORE_F_STORE_MODIFY_CRL 164 +#define STORE_F_STORE_MODIFY_NUMBER 165 +#define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 +#define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 #define STORE_F_STORE_NEW_ENGINE 133 #define STORE_F_STORE_NEW_METHOD 132 #define STORE_F_STORE_NUMBER 126 @@ -504,6 +513,12 @@ void ERR_load_STORE_strings(void); #define STORE_R_FAILED_GETTING_NUMBER 107 #define STORE_R_FAILED_LISTING_CERTIFICATES 108 #define STORE_R_FAILED_LISTING_KEYS 109 +#define STORE_R_FAILED_MODIFYING_ARBITRARY 138 +#define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 +#define STORE_R_FAILED_MODIFYING_CRL 140 +#define STORE_R_FAILED_MODIFYING_NUMBER 141 +#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 +#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 #define STORE_R_FAILED_REVOKING_CERTIFICATE 110 #define STORE_R_FAILED_REVOKING_KEY 111 #define STORE_R_FAILED_STORING_ARBITRARY 134 @@ -511,6 +526,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_FAILED_STORING_KEY 113 #define STORE_R_FAILED_STORING_NUMBER 114 #define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_CONTROL_FUNCTION 144 #define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 #define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 #define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 @@ -523,6 +539,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 #define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 #define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +#define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 #define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 #define STORE_R_NO_STORE 129 #define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index 2c2779bd7..d18acaccd 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -66,6 +66,7 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA STORE_str_functs[]= { +{ERR_PACK(0,STORE_F_CTRL,0), "CTRL"}, {ERR_PACK(0,STORE_F_MEM_DELETE,0), "MEM_DELETE"}, {ERR_PACK(0,STORE_F_MEM_GENERATE,0), "MEM_GENERATE"}, {ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, @@ -86,6 +87,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, {ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, {ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_CTRL,0), "STORE_ctrl"}, {ERR_PACK(0,STORE_F_STORE_DELETE_ARBITRARY,0), "STORE_delete_arbitrary"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, @@ -116,7 +118,13 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,0), "STORE_list_public_key_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, -{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_ARBITRARY,0), "STORE_modify_arbitrary"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_CERTIFICATE,0), "STORE_modify_certificate"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_CRL,0), "STORE_modify_crl"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_NUMBER,0), "STORE_modify_number"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_PRIVATE_KEY,0), "STORE_modify_private_key"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_PUBLIC_KEY,0), "STORE_modify_public_key"}, +{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_new_engine"}, {ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, {ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, {ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_parse_attrs_end"}, @@ -144,6 +152,12 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, {STORE_R_FAILED_LISTING_CERTIFICATES ,"failed listing certificates"}, {STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, +{STORE_R_FAILED_MODIFYING_ARBITRARY ,"failed modifying arbitrary"}, +{STORE_R_FAILED_MODIFYING_CERTIFICATE ,"failed modifying certificate"}, +{STORE_R_FAILED_MODIFYING_CRL ,"failed modifying crl"}, +{STORE_R_FAILED_MODIFYING_NUMBER ,"failed modifying number"}, +{STORE_R_FAILED_MODIFYING_PRIVATE_KEY ,"failed modifying private key"}, +{STORE_R_FAILED_MODIFYING_PUBLIC_KEY ,"failed modifying public key"}, {STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, {STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, {STORE_R_FAILED_STORING_ARBITRARY ,"failed storing arbitrary"}, @@ -151,6 +165,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_FAILED_STORING_KEY ,"failed storing key"}, {STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, {STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_CONTROL_FUNCTION ,"no control function"}, {STORE_R_NO_DELETE_ARBITRARY_FUNCTION ,"no delete arbitrary function"}, {STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, {STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, @@ -163,6 +178,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, {STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, {STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, +{STORE_R_NO_MODIFY_OBJECT_FUNCTION ,"no modify object function"}, {STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, {STORE_R_NO_STORE ,"no store"}, {STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION,"no store object arbitrary function"}, diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 5e6e424ba..eb9e6426b 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -184,6 +184,19 @@ void STORE_free(STORE *store) OPENSSL_free(store); } +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)) + { + if (store == NULL) + { + STOREerr(STORE_F_CTRL,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (store->meth->ctrl) + return store->meth->ctrl(store, cmd, i, p, f); + STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION); + return 0; + } + int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) @@ -297,6 +310,24 @@ int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], return 1; } +int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, + STORE_R_FAILED_MODIFYING_CERTIFICATE); + return 0; + } + return 1; + } + int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -496,6 +527,24 @@ int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], return i; } +int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, + STORE_R_FAILED_MODIFYING_PRIVATE_KEY); + return 0; + } + return 1; + } + int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -673,6 +722,24 @@ int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], return i; } +int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, + STORE_R_FAILED_MODIFYING_PUBLIC_KEY); + return 0; + } + return 1; + } + int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -869,6 +936,24 @@ int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], return i; } +int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_CRL, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_CRL, + STORE_R_FAILED_MODIFYING_CRL); + return 0; + } + return 1; + } + int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -989,6 +1074,24 @@ int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], return 1; } +int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_NUMBER, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_NUMBER, + STORE_R_FAILED_MODIFYING_NUMBER); + return 0; + } + return 1; + } + BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -1061,6 +1164,24 @@ int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], return 1; } +int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_ARBITRARY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, + STORE_R_FAILED_MODIFYING_ARBITRARY); + return 0; + } + return 1; + } + BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 25d789a06..77603e181 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -126,7 +126,7 @@ static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()); +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)); static STORE_METHOD store_memory = { @@ -351,7 +351,7 @@ static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], { return 1; } -static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()) +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)) { return 1; } diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index e1c39bf06..648c08d76 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -81,6 +81,18 @@ void STORE_destroy_method(STORE_METHOD *store_method) OPENSSL_free(store_method); } +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f) + { + sm->init = init_f; + return 1; + } + +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f) + { + sm->clean = clean_f; + return 1; + } + int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) { sm->generate_object = generate_f; @@ -99,6 +111,12 @@ int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PT return 1; } +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f) + { + sm->modify_object = modify_f; + return 1; + } + int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) { sm->revoke_object = revoke_f; @@ -153,6 +171,16 @@ int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) return 1; } +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm) + { + return sm->init; + } + +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm) + { + return sm->clean; + } + STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) { return sm->generate_object; @@ -168,6 +196,11 @@ STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) return sm->store_object; } +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm) + { + return sm->modify_object; + } + STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) { return sm->revoke_object; From c89f31def0c5ae23ae0d1ba429ec8ce7a9ffbb33 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 10:27:11 +0000 Subject: [PATCH 363/550] make update --- TABLE | 60 ++++++++++++++++++++-------------------- crypto/objects/obj_dat.h | 2 +- util/libeay.num | 4 +-- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/TABLE b/TABLE index 0ad0fcaf9..796a0094b 100644 --- a/TABLE +++ b/TABLE @@ -1652,7 +1652,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1677,7 +1677,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1702,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1727,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1752,7 +1752,7 @@ $arflags = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1777,7 +1777,7 @@ $arflags = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1802,7 +1802,7 @@ $arflags = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1827,7 +1827,7 @@ $arflags = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1952,7 +1952,7 @@ $arflags = *** debug-solaris-sparcv9-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -2927,7 +2927,7 @@ $arflags = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -2952,7 +2952,7 @@ $arflags = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2977,7 +2977,7 @@ $arflags = *** linux-elf-arm $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3002,7 +3002,7 @@ $arflags = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -O2 +$cflags = -DL_ENDIAN -DTERMIO -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3027,7 +3027,7 @@ $arflags = *** linux-ia64 $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3052,7 +3052,7 @@ $arflags = *** linux-ia64-ecc $cc = ecc -$cflags = -DL_ENDIAN -O2 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3077,7 +3077,7 @@ $arflags = *** linux-k6 $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=k6 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3102,7 +3102,7 @@ $arflags = *** linux-m68k $cc = gcc -$cflags = -DB_ENDIAN -O2 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3127,7 +3127,7 @@ $arflags = *** linux-mips $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3152,7 +3152,7 @@ $arflags = *** linux-mipsel $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3177,7 +3177,7 @@ $arflags = *** linux-parisc $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3202,7 +3202,7 @@ $arflags = *** linux-pentium $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentium -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3227,7 +3227,7 @@ $arflags = *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3252,7 +3252,7 @@ $arflags = *** linux-ppro $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3277,7 +3277,7 @@ $arflags = *** linux-s390 $cc = gcc -$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3302,7 +3302,7 @@ $arflags = *** linux-s390x $cc = gcc -$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3327,7 +3327,7 @@ $arflags = *** linux-sparcv7 $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3352,7 +3352,7 @@ $arflags = *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3377,7 +3377,7 @@ $arflags = *** linux-sparcv9 $cc = gcc -$cflags = -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -3402,7 +3402,7 @@ $arflags = *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int +$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3427,7 +3427,7 @@ $arflags = *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index c16ff8581..7a187aff6 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -3333,8 +3333,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[379]),/* OBJ_org 1 3 */ +&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ diff --git a/util/libeay.num b/util/libeay.num index aee8b4215..fa11a9fa6 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3093,7 +3093,7 @@ ENGINE_register_all_STORE 3522 EXIST::FUNCTION:ENGINE STORE_ATTR_INFO_modify_cstr 3523 EXIST::FUNCTION: STORE_generate_crl 3524 EXIST::FUNCTION: STORE_store_public_key 3525 EXIST::FUNCTION: -STORE_Directory 3526 EXIST::FUNCTION: +STORE_Directory 3526 NOEXIST::FUNCTION: STORE_revoke_private_key 3527 EXIST::FUNCTION: STORE_ATTR_INFO_modify_dn 3528 EXIST::FUNCTION: STORE_method_get_initialise_function 3529 EXIST::FUNCTION: @@ -3117,7 +3117,7 @@ STORE_OBJECT_free 3546 EXIST::FUNCTION: STORE_ATTR_INFO_get0_sha1str 3547 EXIST::FUNCTION: STORE_ATTR_INFO_get0_cstr 3548 EXIST::FUNCTION: STORE_get_ex_new_index 3549 EXIST::FUNCTION: -STORE_File 3550 EXIST::FUNCTION: +STORE_File 3550 NOEXIST::FUNCTION: ENGINE_get_STORE 3551 EXIST::FUNCTION:ENGINE STORE_get_certificate 3552 EXIST::FUNCTION: STORE_delete_certificate 3553 EXIST::FUNCTION: From eb3d68c454d1481009f44c6671f658edf115edfa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 11:52:23 +0000 Subject: [PATCH 364/550] Nils Larsch told me I could remove that variable entirely. --- crypto/evp/evp_pkey.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index ee7e3aaba..74c974e68 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -527,9 +527,6 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { EC_KEY *eckey; -#if 0 /* unused */ - ASN1_INTEGER *prkey = NULL; -#endif unsigned char *p, *pp; int nid, i, ret = 0; unsigned int tmp_flags; From aa5ae4841e74c0fb94c0b9513cd93e5f24d12d4b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 11:58:02 +0000 Subject: [PATCH 365/550] Only remove old files if they exist. [Maing32]. Notified by Michael Gerdau --- util/pl/Mingw32.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index d0472df27..b76b7afd2 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -85,7 +85,7 @@ sub do_lib_rule ($Name=$name) =~ tr/a-z/A-Z/; $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; + $ret.="\tif exist $target \$(RM) $target\n"; $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; $ret.="\t\$(RANLIB) $target\n\n"; } From 9d19fbc4fce71a7a5f40314e3d0e25db26f82043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 26 Jun 2003 14:03:03 +0000 Subject: [PATCH 366/550] Clarify wording of verify_callback() behaviour. --- doc/ssl/SSL_CTX_set_verify.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod index d15b2a3a1..ca8d81b82 100644 --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod @@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If B returns 1, the verification process is continued. If B always returns -1, the TLS/SSL handshake will never be terminated because of this application -experiencing a verification failure. The calling process can however -retrieve the error code of the last verification error using +1, the TLS/SSL handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using L or by maintaining its own error storage managed by B. From da0d33560f78b7c430a20981f2cf125d56926899 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 06:41:30 +0000 Subject: [PATCH 367/550] Change AES-CTR to increment the IV by 1 instead of 2^64. --- crypto/aes/aes_ctr.c | 50 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 59088499a..5a1ced67f 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -62,19 +62,49 @@ /* NOTE: CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ -/* increment counter (128-bit int) by 2^64 */ +/* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; - /* Grab 3rd dword of counter and increment */ + /* Grab bottom dword of counter and increment */ #ifdef L_ENDIAN - c = GETU32(counter + 8); + c = GETU32(counter + 0); c++; - PUTU32(counter + 8, c); + PUTU32(counter + 0, c); #else - c = GETU32(counter + 4); + c = GETU32(counter + 12); c++; - PUTU32(counter + 4, c); + PUTU32(counter + 12, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 1st dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); +#else + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 2nd dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#else + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); #endif /* if no overflow, we're done */ @@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) { * encrypted counter is kept in ecount_buf. Both *num and * ecount_buf must be initialised with zeros before the first * call to AES_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { From da6c44fc97c2913287e2b58fb09485ebf36d6b8b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 06:42:43 +0000 Subject: [PATCH 368/550] The 'counter' is really the IV. --- crypto/aes/aes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 7f4b0e806..6bc0cf00a 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -102,7 +102,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); From 6f2f534b5848ba9088462fc85b09ae0a7aa97502 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 07:46:52 +0000 Subject: [PATCH 369/550] The convenience argumetn for -nameopt and -certopt is ca_default, not default_ca. PR: 653 --- doc/apps/ca.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index e2a4591a1..d0a7703e6 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -431,7 +431,7 @@ here, except the B and B are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point). -For convenience the values B are accepted by both to produce +For convenience the values B are accepted by both to produce a reasonable output. If neither option is present the format used in earlier versions of @@ -544,8 +544,8 @@ A sample configuration file with the relevant sections for B: policy = policy_any # default policy email_in_dn = no # Don't add the email into cert DN - nameopt = default_ca # Subject name display option - certopt = default_ca # Certificate display option + nameopt = ca_default # Subject name display option + certopt = ca_default # Certificate display option copy_extensions = none # Don't copy extensions from request [ policy_any ] From 94805c84d104310305c29a0c25fb0c6f0330b378 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 20:45:09 +0000 Subject: [PATCH 370/550] Add -issuer_hash and make -subject_hash the default way to get the subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650 --- apps/x509.c | 21 +++++++++++++++------ doc/apps/x509.pod | 12 +++++++++++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index ed9e40574..f0ef5596f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -92,7 +92,9 @@ static char *x509_usage[]={ " -out arg - output file - default stdout\n", " -passin arg - private key password source\n", " -serial - print serial number value\n", -" -hash - print hash value\n", +" -subject_hash - print subject hash value\n", +" -issuer_hash - print issuer hash value\n", +" -hash - synonym for -subject_hash\n", " -subject - print subject DN\n", " -issuer - print issuer DN\n", " -email - print email address(es)\n", @@ -167,8 +169,8 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; - int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; - int ocspid=0; + int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; + int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; @@ -379,8 +381,11 @@ int MAIN(int argc, char **argv) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; - else if (strcmp(*argv,"-hash") == 0) - hash= ++num; + else if (strcmp(*argv,"-hash") == 0 + || strcmp(*argv,"-subject_hash") == 0) + subject_hash= ++num; + else if (strcmp(*argv,"-issuer_hash") == 0) + issuer_hash= ++num; else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -707,10 +712,14 @@ bad: if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"\n"); } - else if (hash == i) + else if (subject_hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } + else if (issuer_hash == i) + { + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); + } else if (pprint == i) { X509_PURPOSE *ptmp; diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 50343cd68..21bdfccb9 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -17,6 +17,8 @@ B B [B<-out filename>] [B<-serial>] [B<-hash>] +[B<-subject_hash>] +[B<-issuer_hash>] [B<-subject>] [B<-issuer>] [B<-nameopt option>] @@ -141,12 +143,20 @@ contained in the certificate. outputs the certificate serial number. -=item B<-hash> +=item B<-subject_hash> outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name. +=item B<-issuer_hash> + +outputs the "hash" of the certificate issuer name. + +=item B<-hash> + +synonym for "-hash" for backward compatibility reasons. + =item B<-subject> outputs the subject name. From 2ae0352b0f9ace97bd5b00f474d7b5ae8e7a501d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 20:50:44 +0000 Subject: [PATCH 371/550] Oops, I forgot to replace 'counter' with 'ivec' when used... --- crypto/aes/aes_ctr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 5a1ced67f..79e1c18f1 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -153,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, while (l--) { if (n == 0) { - AES_encrypt(counter, ecount_buf, key); - AES_ctr128_inc(counter); + AES_encrypt(ivec, ecount_buf, key); + AES_ctr128_inc(ivec); } *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; From 61f00386ab2866c386605248b26b1584d85520ce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Jul 2003 11:37:50 +0000 Subject: [PATCH 372/550] The counter is big-endian. Since it comes as an array of char, there's absolutely no need to special-case it on little-endian machines. Notified by Thierry Boivin --- crypto/aes/aes_ctr.c | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 79e1c18f1..2487d83fb 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -59,7 +59,7 @@ #include #include "aes_locl.h" -/* NOTE: CTR mode is big-endian. The rest of the AES code +/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ /* increment counter (128-bit int) by 1 */ @@ -67,61 +67,36 @@ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; /* Grab bottom dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 0); - c++; - PUTU32(counter + 0, c); -#else c = GETU32(counter + 12); c++; PUTU32(counter + 12, c); -#endif /* if no overflow, we're done */ if (c) return; /* Grab 1st dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 4); - c++; - PUTU32(counter + 4, c); -#else c = GETU32(counter + 8); c++; PUTU32(counter + 8, c); -#endif /* if no overflow, we're done */ if (c) return; /* Grab 2nd dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 8); - c++; - PUTU32(counter + 8, c); -#else c = GETU32(counter + 4); c++; PUTU32(counter + 4, c); -#endif /* if no overflow, we're done */ if (c) return; /* Grab top dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 12); - c++; - PUTU32(counter + 12, c); -#else c = GETU32(counter + 0); c++; PUTU32(counter + 0, c); -#endif - } /* The input encrypted as though 128bit counter mode is being From 182cd19deac4b91c922d761edaddd5ac73c5c0f6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Jul 2003 11:41:13 +0000 Subject: [PATCH 373/550] Make sure openssl.pc is readable by everyone. PR: 654 --- Makefile.org | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.org b/Makefile.org index 2b9e5f892..ae871aad8 100644 --- a/Makefile.org +++ b/Makefile.org @@ -554,6 +554,7 @@ install: all install_docs fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ From f9d183c20986602add9f956485e9b1ab2d385e9f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Jul 2003 15:45:04 +0000 Subject: [PATCH 374/550] Replace CCITT with ITU-T. Keep CCITT around as an alias. make update PR: 80 --- crypto/objects/obj_mac.h | 31 +++++++++++++++++++++---------- crypto/objects/obj_mac.num | 3 +++ crypto/objects/objects.txt | 19 ++++++++++++------- 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 9417e8c7c..2715cfdd7 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -67,20 +67,26 @@ #define NID_undef 0 #define OBJ_undef 0L -#define SN_ccitt "CCITT" -#define LN_ccitt "ccitt" +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 721 +#define OBJ_itu_t 0L + #define NID_ccitt 404 -#define OBJ_ccitt 0L +#define OBJ_ccitt OBJ_itu_t #define SN_iso "ISO" #define LN_iso "iso" #define NID_iso 181 #define OBJ_iso 1L -#define SN_joint_iso_ccitt "JOINT-ISO-CCITT" -#define LN_joint_iso_ccitt "joint-iso-ccitt" +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 722 +#define OBJ_joint_iso_itu_t 2L + #define NID_joint_iso_ccitt 393 -#define OBJ_joint_iso_ccitt 2L +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t #define SN_member_body "member-body" #define LN_member_body "ISO Member Body" @@ -95,9 +101,14 @@ #define NID_certicom_arc 528 #define OBJ_certicom_arc OBJ_identified_organization,132L +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 723 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + #define SN_wap "wap" #define NID_wap 562 -#define OBJ_wap OBJ_joint_iso_ccitt,23L,43L +#define OBJ_wap OBJ_international_organizations,43L #define SN_wap_wsg "wap-wsg" #define NID_wap_wsg 563 @@ -106,7 +117,7 @@ #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" #define NID_selected_attribute_types 394 -#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L #define SN_clearance "clearance" #define NID_clearance 395 @@ -2332,7 +2343,7 @@ #define SN_data "data" #define NID_data 434 -#define OBJ_data OBJ_ccitt,9L +#define OBJ_data OBJ_itu_t,9L #define SN_pss "pss" #define NID_pss 435 @@ -2621,7 +2632,7 @@ #define SN_id_set "id-set" #define LN_id_set "Secure Electronic Transactions" #define NID_id_set 576 -#define OBJ_id_set 2L,23L,42L +#define OBJ_id_set OBJ_international_organizations,42L #define SN_set_ctype "set-ctype" #define LN_set_ctype "content types" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e84922d45..0840bac30 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -718,3 +718,6 @@ ms_upn 717 any_policy 718 policy_mappings 719 name_constraints 720 +itu_t 721 +joint_iso_itu_t 722 +international_organizations 723 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index feeed99b5..b5209b6fd 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1,8 +1,11 @@ -0 : CCITT : ccitt +# CCITT was renamed to ITU-T quite some time ago +0 : ITU-T : itu-t +!Alias ccitt itu-t 1 : ISO : iso -2 : JOINT-ISO-CCITT : joint-iso-ccitt +2 : JOINT-ISO-ITU-T : joint-iso-itu-t +!Alias joint-iso-ccitt joint-iso-itu-t iso 2 : member-body : ISO Member Body @@ -10,10 +13,12 @@ iso 3 : identified-organization identified-organization 132 : certicom-arc -joint-iso-ccitt 23 43 : wap +joint-iso-itu-t 23 : international-organizations : International Organizations + +international-organizations 43 : wap wap 13 : wap-wsg -joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types +joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -781,9 +786,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer !Cname hold-instruction-reject holdInstruction 3 : holdInstructionReject : Hold Instruction Reject -# OID's from CCITT. Most of this is defined in RFC 1274. A couple of +# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of # them are also mentioned in RFC 2247 -ccitt 9 : data +itu-t 9 : data data 2342 : pss pss 19200300 : ucl ucl 100 : pilot @@ -857,7 +862,7 @@ pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher -2 23 42 : id-set : Secure Electronic Transactions +international-organizations 42 : id-set : Secure Electronic Transactions id-set 0 : set-ctype : content types id-set 1 : set-msgExt : message extensions From d143dce03c25462cdc202d7ed35ba833dd49e03e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Jul 2003 08:49:03 +0000 Subject: [PATCH 375/550] A document that has a very rough description of the X509 functionality. This is mostly so there's a way to get from the crypto.html page to the function descriptions. --- doc/crypto/x509.pod | 64 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 doc/crypto/x509.pod diff --git a/doc/crypto/x509.pod b/doc/crypto/x509.pod new file mode 100644 index 000000000..f9e58e0e4 --- /dev/null +++ b/doc/crypto/x509.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +x509 - X.509 certificate handling + +=head1 SYNOPSIS + + #include + +=head1 DESCRIPTION + +A X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 CRL +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in RFC3280 from PKIX. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a CRL. + +A related structure is a certificate request, defined in PKCS#10 from +RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type +X509_REQ is used to express such a certificate request. + +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. + +Finally, there's the supertype X509_INFO, which can contain a CRL, a +certificate and a corresponding private key. + +BI<...>, BI<...> and BI<...> handle X.509 +certificates, with some exceptions, shown below. + +BI<...>, BI<...> and BI<...> +handle X.509 CRLs. + +BI<...>, BI<...> and BI<...> +handle PKCS#10 certificate requests. + +BI<...> handle certificate names. + +BI<...> handle certificate attributes. + +BI<...> handle certificate extensions. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + +=cut From 2c789c82be736604ede5485519f070a1ae0d176d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 13:40:02 +0000 Subject: [PATCH 376/550] manpages for 'openssl ec' and 'openssl ecparam' Submitted by: Nils Larsch --- doc/apps/ec.pod | 190 +++++++++++++++++++++++++++++++++++++++++++ doc/apps/ecparam.pod | 179 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 369 insertions(+) create mode 100644 doc/apps/ec.pod create mode 100644 doc/apps/ecparam.pod diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod new file mode 100644 index 000000000..1d4a36dbf --- /dev/null +++ b/doc/apps/ec.pod @@ -0,0 +1,190 @@ +=pod + +=head1 NAME + +ec - EC key processing + +=head1 SYNOPSIS + +B B +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-text>] +[B<-noout>] +[B<-param_out>] +[B<-pubin>] +[B<-pubout>] +[B<-conv_form arg>] +[B<-param_enc arg>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B command processes EC keys. They can be converted between various +forms and their components printed out. B OpenSSL uses the +private key format specified in 'SEC 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert a OpenSSL EC private key into the +PKCS#8 private key format use the B command. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B option with a private key uses +an ASN.1 DER encoded SEC1 private key. When used with a public key it +uses the SubjectPublicKeyInfo structur as specified in RFC 3280. +The B form is the default format: it consists of the B format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. + +=item B<-passin arg> + +the input file password source. For more information about the format of B +see the B section in L. + +=item B<-out filename> + +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should B be the same as the input +filename. + +=item B<-passout arg> + +the output file password source. For more information about the format of B +see the B section in L. + +=item B<-des|-des3|-idea> + +These options encrypt the private key with the DES, triple DES, IDEA or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using the B utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with PEM format output files. + +=item B<-text> + +prints out the public, private key components and parameters. + +=item B<-noout> + +this option prevents output of the encoded version of the key. + +=item B<-modulus> + +this option prints out the value of the public key component of the key. + +=item B<-pubin> + +by default a private key is read from the input file: with this option a +public key is read instead. + +=item B<-pubout> + +by default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. + +=item B<-conv_form> + +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: B (the default +value), B and B. For more information regarding +the point conversion forms please read the X9.62 standard. +B Due to patent issues the B option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro B at compile time. + +=item B<-param_enc arg> + +This specifies how the elliptic curve parameters are encoded. +Possible value are: B, i.e. the ec parameters are +specified by a OID, or B where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is B. +B the B alternative ,as specified in RFC 3279, +is currently not implemented in OpenSSL. + +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 NOTES + +The PEM private key format uses the header and footer lines: + + -----BEGIN EC PRIVATE KEY----- + -----END EC PRIVATE KEY----- + +The PEM public key format uses the header and footer lines: + + -----BEGIN PUBLIC KEY----- + -----END PUBLIC KEY----- + +=head1 EXAMPLES + +To encrypt a private key using triple DES: + + openssl ec -in key.pem -des3 -out keyout.pem + +To convert a private key from PEM to DER format: + + openssl ec -in key.pem -outform DER -out keyout.der + +To print out the components of a private key to standard output: + + openssl ec -in key.pem -text -noout + +To just output the public part of a private key: + + openssl ec -in key.pem -pubout -out pubkey.pem + +To change the parameters encoding to B: + + openssl ec -in key.pem -param_enc explicit -out keyout.pem + +To change the point conversion form to B: + + openssl ec -in key.pem -conv_form compressed -out keyout.pem + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The ec command was first introduced in OpenSSL 0.9.8. + +=head1 AUTHOR + +Nils Larsch for the OpenSSL project (http://www.openssl.org). + +=cut diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod new file mode 100644 index 000000000..2523a9b10 --- /dev/null +++ b/doc/apps/ecparam.pod @@ -0,0 +1,179 @@ +=pod + +=head1 NAME + +ecparam - EC parameter manipulation and generation + +=head1 SYNOPSIS + +B +[B<-inform DER|PEM>] +[B<-outform DER|PEM>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-text>] +[B<-C>] +[B<-check>] +[B<-name arg>] +[B<-list_curve>] +[B<-conv_form arg>] +[B<-param_enc arg>] +[B<-no_seed>] +[B<-rand file(s)>] +[B<-genkey>] +[B<-engine id>] + +=head1 DESCRIPTION + +This command is used to manipulate or generate EC parameter files. + +=head1 OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B option uses an ASN.1 DER encoded +form compatible with RFC 3279 EcpkParameters. The PEM form is the default +format: it consists of the B format base64 encoded with additional +header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read parameters from or standard input if +this option is not specified. + +=item B<-out filename> + +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should B be the same +as the input filename. + +=item B<-noout> + +This option inhibits the output of the encoded version of the parameters. + +=item B<-text> + +This option prints out the EC parameters in human readable form. + +=item B<-C> + +This option converts the EC parameters into C code. The parameters can then +be loaded by calling the B function. + +=item B<-check> + +Validate the elliptic curve parameters. + +=item B<-name arg> + +Use the EC parameters with the specified 'short' name. Use B<-list_curves> +to get a list of all currently implemented EC parameters. + +=item B<-list_curves> + +If this options is specified B will print out a list of all +currently implemented EC parameters names and exit. + +=item B<-conv_form> + +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: B (the default +value), B and B. For more information regarding +the point conversion forms please read the X9.62 standard. +B Due to patent issues the B option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro B at compile time. + +=item B<-param_enc arg> + +This specifies how the elliptic curve parameters are encoded. +Possible value are: B, i.e. the ec parameters are +specified by a OID, or B where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is B. +B the B alternative ,as specified in RFC 3279, +is currently not implemented in OpenSSL. + +=item B<-no_seed> + +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see RFC 3279). + +=item B<-genkey> + +This option will generate a EC private key using the specified parameters. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 NOTES + +PEM format EC parameters use the header and footer lines: + + -----BEGIN EC PARAMETERS----- + -----END EC PARAMETERS----- + +OpenSSL is currently not able to generate new groups and therefore +B can only create EC parameters from known (named) curves. + +=head1 EXAMPLES + +To create EC parameters with the group 'prime192v1': + + openssl ec -out ec_param.pem -name prime192v1 + +To create EC parameters with explicit parameters: + + openssl ec -out ec_param.pem -name prime192v1 -param_enc explicit + +To validate given EC parameters: + + openssl ec -in ec_param.pem -check + +To create EC parameters and a private key: + + openssl ec -out ec_key.pem -name prime192v1 -genkey + +To change the point encoding to 'compressed': + + openssl ec -in ec_in.pem -out ec_out.pem -conv_form compressed + +To print out the EC parameters to standard output: + + openssl ec -in ec_param.pem -noout -text + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The ecparam command was first introduced in OpenSSL 0.9.8. + +=head1 AUTHOR + +Nils Larsch for the OpenSSL project (http://www.openssl.org) + +=cut From ada0e717fa36f4202298b797b9b663831a47548c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 13:43:28 +0000 Subject: [PATCH 377/550] new function EC_GROUP_cmp() (used by EVP_PKEY_cmp()) Submitted by: Nils Larsch --- crypto/ec/ec.h | 3 ++ crypto/ec/ec_lib.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++ crypto/evp/p_lib.c | 9 ++++++ 3 files changed, 87 insertions(+) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 431a28b38..dcffc8c04 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -166,6 +166,9 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); * elliptic curve is not zero, 0 otherwise */ int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); +/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ +int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); + /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() * after choosing an appropriate EC_METHOD */ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index c00875cd7..b3ef05659 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -470,6 +470,81 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) } +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) + { + int r = 0; + BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; + BN_CTX *ctx_new = NULL; + + /* compare the field types*/ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; + /* compare the curve name (if present) */ + if (EC_GROUP_get_nid(a) && EC_GROUP_get_nid(b) && + EC_GROUP_get_nid(a) == EC_GROUP_get_nid(b)) + return 0; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); + if (!ctx) + return -1; + + BN_CTX_start(ctx); + a1 = BN_CTX_get(ctx); + a2 = BN_CTX_get(ctx); + a3 = BN_CTX_get(ctx); + b1 = BN_CTX_get(ctx); + b2 = BN_CTX_get(ctx); + b3 = BN_CTX_get(ctx); + if (!b3) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + + /* XXX This approach assumes that the external representation + * of curves over the same field type is the same. + */ + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || + !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + r = 1; + + if (r || BN_cmp(a1, b2) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + r = 1; + + /* XXX EC_POINT_cmp() assumes that the methods are equal */ + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), + EC_GROUP_get0_generator(b), ctx)) + r = 1; + + if (!r) + { + /* compare the order and cofactor */ + if (!EC_GROUP_get_order(a, a1, ctx) || + !EC_GROUP_get_order(b, b1, ctx) || + !EC_GROUP_get_cofactor(a, a2, ctx) || + !EC_GROUP_get_cofactor(b, b2, ctx)) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + r = 1; + } + + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + + return r; + } + + /* this has 'package' visibility */ int EC_GROUP_set_extra_data(EC_GROUP *group, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 730ef4d0a..d6d7234cd 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -233,6 +233,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) else return(1); } +#endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) + { + if (EC_GROUP_cmp(a->pkey.eckey->group, b->pkey.eckey->group, NULL)) + return 0; + else + return 1; + } #endif return(-1); } From 02e0559477977f09279a7781817dc6f5c90f54c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 15:08:01 +0000 Subject: [PATCH 378/550] fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k typo in 0.9.6k section --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f81d555a0..116c85f1d 100644 --- a/CHANGES +++ b/CHANGES @@ -669,7 +669,7 @@ yet to be integrated into this CVS branch: the config script, much like the NetBSD support. [Richard Levitte & Kris Kennaway ] - Changes between 0.9.6k and 0.9.7 [31 Dec 2002] + Changes between 0.9.6h and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last @@ -2491,7 +2491,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] - *) Change X509_cretificate_type() to mark the key as exported/exportable + *) Change X509_certificate_type() to mark the key as exported/exportable when it's 512 *bits* long, not 512 bytes. [Richard Levitte] From ddc38679cedcd154eb18187b8c384b1a05f61fc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 15:17:46 +0000 Subject: [PATCH 379/550] tolerate extra data at end of client hello for SSL 3.0 PR: 659 --- CHANGES | 17 +++++++++++++++++ ssl/s3_srvr.c | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/CHANGES b/CHANGES index 116c85f1d..caa091c90 100644 --- a/CHANGES +++ b/CHANGES @@ -537,6 +537,15 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + *) Change AES_cbc_encrypt() so it outputs exact multiple of blocks during encryption. [Richard Levitte] @@ -671,6 +680,9 @@ yet to be integrated into this CVS branch: Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after + OpenSSL 0.9.7.] + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last octet was ignored consequently. As a result SSLv2 client side session @@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + *) Change X509_certificate_type() to mark the key as exported/exportable when it's 512 *bits* long, not 512 bytes. [Richard Levitte] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e94106841..c2ac8cb2f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s) } /* TLS does not mind if there is extra stuff */ +#if 0 /* SSL 3.0 does not mind either, so we should disable this test + * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, + * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ if (s->version == SSL3_VERSION) { if (p < (d+n)) @@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s) goto f_err; } } +#endif /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ From 652ae06badda3a8964f650ce1713e335257548d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 22 Jul 2003 10:39:10 +0000 Subject: [PATCH 380/550] add test for secp160r1 add code for kP+lQ timings Submitted by: Douglas Stebila Reviewed by: Bodo Moeller --- CHANGES | 4 ++ crypto/ec/ectest.c | 157 +++++++++++++++++++++++++++++++++------------ 2 files changed, 121 insertions(+), 40 deletions(-) diff --git a/CHANGES b/CHANGES index caa091c90..b7b6b9903 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 + curve secp160r1 to the tests. + [Douglas Stebila (Sun Microsystems Laboratories)] + *) Add the possibility to load symbols globally with DSO. [Götz Babin-Ebell via Richard Levitte] diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e91c8fffb..9b32f55be 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -104,8 +104,12 @@ void prime_field_tests(void); void char2_field_tests(void); void internal_curve_test(void); +#define TIMING_BASE_PT 0 +#define TIMING_RAND_PT 1 +#define TIMING_SIMUL 2 + #if 0 -static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) +static void timings(EC_GROUP *group, int type, BN_CTX *ctx) { clock_t clck; int i, j; @@ -129,7 +133,7 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { if ((r[i] = BN_new()) == NULL) ABORT; if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT; - if (multi) + if (type != TIMING_BASE_PT) { if ((r0[i] = BN_new()) == NULL) ABORT; if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT; @@ -141,13 +145,14 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { for (j = 0; j < 10; j++) { - if (!EC_POINT_mul(group, P, r[i], multi ? P : NULL, multi ? r0[i] : NULL, ctx)) ABORT; + if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, + (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT; } } - fprintf(stdout, "\n"); - clck = clock() - clck; + fprintf(stdout, "\n"); + #ifdef CLOCKS_PER_SEC /* "To determine the time in seconds, the value returned * by the clock function should be divided by the value @@ -161,9 +166,16 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) # define CLOCKS_PER_SEC 1 #endif - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, - multi ? "s*P+t*Q operations" : "point multiplications", - (double)clck/CLOCKS_PER_SEC); + if (type == TIMING_BASE_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "base point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_RAND_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "random point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_SIMUL) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC); + } fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); EC_POINT_free(P); @@ -171,7 +183,7 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) for (i = 0; i < 10; i++) { BN_free(r[i]); - if (multi) BN_free(r0[i]); + if (type != TIMING_BASE_PT) BN_free(r0[i]); } } #endif @@ -181,7 +193,7 @@ void prime_field_tests() BN_CTX *ctx = NULL; BIGNUM *p, *a, *b; EC_GROUP *group; - EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; BIGNUM *x, *y, *z; unsigned char buf[100]; @@ -332,6 +344,52 @@ void prime_field_tests() if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; + /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) + * -- not a NIST curve, but commonly used */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; + if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; + + if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; + if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; + if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (0 != BN_cmp(y, z)) ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 160) ABORT; + fprintf(stdout, " ok\n"); + + fprintf(stdout, "verify group order ..."); + fflush(stdout); + if (!EC_GROUP_get_order(group, z, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, "."); + fflush(stdout); + if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, " ok\n"); + + if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; + if (!EC_GROUP_copy(P_160, group)) ABORT; + + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; @@ -637,16 +695,24 @@ void prime_field_tests() #if 0 - timings(P_192, 0, ctx); - timings(P_192, 1, ctx); - timings(P_224, 0, ctx); - timings(P_224, 1, ctx); - timings(P_256, 0, ctx); - timings(P_256, 1, ctx); - timings(P_384, 0, ctx); - timings(P_384, 1, ctx); - timings(P_521, 0, ctx); - timings(P_521, 1, ctx); + timings(P_160, TIMING_BASE_PT, ctx); + timings(P_160, TIMING_RAND_PT, ctx); + timings(P_160, TIMING_SIMUL, ctx); + timings(P_192, TIMING_BASE_PT, ctx); + timings(P_192, TIMING_RAND_PT, ctx); + timings(P_192, TIMING_SIMUL, ctx); + timings(P_224, TIMING_BASE_PT, ctx); + timings(P_224, TIMING_RAND_PT, ctx); + timings(P_224, TIMING_SIMUL, ctx); + timings(P_256, TIMING_BASE_PT, ctx); + timings(P_256, TIMING_RAND_PT, ctx); + timings(P_256, TIMING_SIMUL, ctx); + timings(P_384, TIMING_BASE_PT, ctx); + timings(P_384, TIMING_RAND_PT, ctx); + timings(P_384, TIMING_SIMUL, ctx); + timings(P_521, TIMING_BASE_PT, ctx); + timings(P_521, TIMING_RAND_PT, ctx); + timings(P_521, TIMING_SIMUL, ctx); #endif @@ -659,6 +725,7 @@ void prime_field_tests() EC_POINT_free(R); BN_free(x); BN_free(y); BN_free(z); + if (P_160) EC_GROUP_free(P_160); if (P_192) EC_GROUP_free(P_192); if (P_224) EC_GROUP_free(P_224); if (P_256) EC_GROUP_free(P_256); @@ -1103,26 +1170,36 @@ void char2_field_tests() #if 0 - timings(C2_K163, 0, ctx); - timings(C2_K163, 1, ctx); - timings(C2_B163, 0, ctx); - timings(C2_B163, 1, ctx); - timings(C2_K233, 0, ctx); - timings(C2_K233, 1, ctx); - timings(C2_B233, 0, ctx); - timings(C2_B233, 1, ctx); - timings(C2_K283, 0, ctx); - timings(C2_K283, 1, ctx); - timings(C2_B283, 0, ctx); - timings(C2_B283, 1, ctx); - timings(C2_K409, 0, ctx); - timings(C2_K409, 1, ctx); - timings(C2_B409, 0, ctx); - timings(C2_B409, 1, ctx); - timings(C2_K571, 0, ctx); - timings(C2_K571, 1, ctx); - timings(C2_B571, 0, ctx); - timings(C2_B571, 1, ctx); + timings(C2_K163, TIMING_BASE_PT, ctx); + timings(C2_K163, TIMING_RAND_PT, ctx); + timings(C2_K163, TIMING_SIMUL, ctx); + timings(C2_B163, TIMING_BASE_PT, ctx); + timings(C2_B163, TIMING_RAND_PT, ctx); + timings(C2_B163, TIMING_SIMUL, ctx); + timings(C2_K233, TIMING_BASE_PT, ctx); + timings(C2_K233, TIMING_RAND_PT, ctx); + timings(C2_K233, TIMING_SIMUL, ctx); + timings(C2_B233, TIMING_BASE_PT, ctx); + timings(C2_B233, TIMING_RAND_PT, ctx); + timings(C2_B233, TIMING_SIMUL, ctx); + timings(C2_K283, TIMING_BASE_PT, ctx); + timings(C2_K283, TIMING_RAND_PT, ctx); + timings(C2_K283, TIMING_SIMUL, ctx); + timings(C2_B283, TIMING_BASE_PT, ctx); + timings(C2_B283, TIMING_RAND_PT, ctx); + timings(C2_B283, TIMING_SIMUL, ctx); + timings(C2_K409, TIMING_BASE_PT, ctx); + timings(C2_K409, TIMING_RAND_PT, ctx); + timings(C2_K409, TIMING_SIMUL, ctx); + timings(C2_B409, TIMING_BASE_PT, ctx); + timings(C2_B409, TIMING_RAND_PT, ctx); + timings(C2_B409, TIMING_SIMUL, ctx); + timings(C2_K571, TIMING_BASE_PT, ctx); + timings(C2_K571, TIMING_RAND_PT, ctx); + timings(C2_K571, TIMING_SIMUL, ctx); + timings(C2_B571, TIMING_BASE_PT, ctx); + timings(C2_B571, TIMING_RAND_PT, ctx); + timings(C2_B571, TIMING_SIMUL, ctx); #endif From 968766cad84d15d556d9b8f7ab3c927df700c378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 22 Jul 2003 12:34:21 +0000 Subject: [PATCH 381/550] updates for draft-ietf-tls-ecc-03.txt Submitted by: Douglas Stebila Reviewed by: Bodo Moeller --- CHANGES | 8 +++++++ apps/speed.c | 28 ++++++++++++++++++------ crypto/ec/ec.h | 1 + crypto/objects/obj_dat.h | 46 +++++++++++++++++++++++++++------------- demos/ssltest-ecc/README | 2 +- ssl/s3_clnt.c | 20 +++++++++++++++-- ssl/s3_srvr.c | 20 +++++++++++++++-- ssl/tls1.h | 4 ++++ 8 files changed, 103 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index b7b6b9903..0e7f96884 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with + SHA-1 now is only used for "small" curves (where the + representation of a field element takes up to 24 bytes); for + larger curves, the field element resulting from ECDH is directly + used as premaster secret. + [Douglas Stebila (Sun Microsystems Laboratories)] + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 curve secp160r1 to the tests. [Douglas Stebila (Sun Microsystems Laboratories)] diff --git a/apps/speed.c b/apps/speed.c index a634b1172..1c2b9cded 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2079,12 +2079,28 @@ int MAIN(int argc, char **argv) } else { - secret_size_a = ECDH_compute_key(secret_a, KDF1_SHA1_len, + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(void *in, size_t inlen, void *out, size_t outlen); + field_size = EC_GROUP_get_degree(ecdh_a[j]->group); + if (field_size <= 24 * 8) + { + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; + } + else + { + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j], KDF1_SHA1); - secret_size_b = ECDH_compute_key(secret_b, KDF1_SHA1_len, + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, ecdh_a[j]->pub_key, - ecdh_b[j], KDF1_SHA1); + ecdh_b[j], kdf); if (secret_size_a != secret_size_b) ecdh_checks = 0; else @@ -2113,9 +2129,9 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(ecdh_c[j][0]); count++) { - ECDH_compute_key(secret_a, KDF1_SHA1_len, + ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j], KDF1_SHA1); + ecdh_a[j], kdf); } d=Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index dcffc8c04..8f4d4e181 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -158,6 +158,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +/* returns the number of bits needed to represent a field element */ int EC_GROUP_get_degree(const EC_GROUP *); /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 7a187aff6..090719a6d 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 721 -#define NUM_SN 716 -#define NUM_LN 716 -#define NUM_OBJ 690 +#define NUM_NID 724 +#define NUM_SN 719 +#define NUM_LN 719 +#define NUM_OBJ 693 -static unsigned char lvalues[4879]={ +static unsigned char lvalues[4882]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -432,7 +432,7 @@ static unsigned char lvalues[4879]={ 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ -0x50, /* [2894] OBJ_joint_iso_ccitt */ +0x00, /* [2894] OBJ_joint_iso_ccitt */ 0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ 0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ @@ -758,6 +758,9 @@ static unsigned char lvalues[4879]={ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ 0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ 0x55,0x1D,0x1E, /* [4875] OBJ_name_constraints */ +0x00, /* [4878] OBJ_itu_t */ +0x50, /* [4879] OBJ_joint_iso_itu_t */ +0x67, /* [4880] OBJ_international_organizations */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1370,8 +1373,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, {"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, -{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, - &(lvalues[2894]),0}, +{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0}, {"selected-attribute-types","Selected Attribute Types", NID_selected_attribute_types,3,&(lvalues[2895]),0}, {"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, @@ -1389,7 +1391,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2941]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, &(lvalues[2944]),0}, -{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0}, +{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0}, {"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, {"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, {"characteristic-two-field","characteristic-two-field", @@ -1887,6 +1889,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[4872]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, &(lvalues[4875]),0}, +{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4878]),0}, +{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, + &(lvalues[4879]),0}, +{"international-organizations","International Organizations", + NID_international_organizations,1,&(lvalues[4880]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1912,7 +1919,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[110]),/* "CAST5-CFB" */ &(nid_objs[109]),/* "CAST5-ECB" */ &(nid_objs[111]),/* "CAST5-OFB" */ -&(nid_objs[404]),/* "CCITT" */ &(nid_objs[13]),/* "CN" */ &(nid_objs[141]),/* "CRLReason" */ &(nid_objs[417]),/* "CSPName" */ @@ -1947,7 +1953,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[46]),/* "IDEA-OFB" */ &(nid_objs[181]),/* "ISO" */ &(nid_objs[183]),/* "ISO-US" */ -&(nid_objs[393]),/* "JOINT-ISO-CCITT" */ +&(nid_objs[721]),/* "ITU-T" */ +&(nid_objs[722]),/* "JOINT-ISO-ITU-T" */ &(nid_objs[15]),/* "L" */ &(nid_objs[ 3]),/* "MD2" */ &(nid_objs[257]),/* "MD4" */ @@ -1955,6 +1962,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[114]),/* "MD5-SHA1" */ &(nid_objs[95]),/* "MDC2" */ &(nid_objs[388]),/* "Mail" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[57]),/* "Netscape" */ &(nid_objs[366]),/* "Nonce" */ &(nid_objs[17]),/* "O" */ @@ -2291,6 +2300,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[723]),/* "international-organizations" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ &(nid_objs[295]),/* "ipsecTunnel" */ @@ -2634,6 +2644,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[296]),/* "IPSec User" */ &(nid_objs[182]),/* "ISO Member Body" */ &(nid_objs[183]),/* "ISO US Member Body" */ +&(nid_objs[723]),/* "International Organizations" */ &(nid_objs[142]),/* "Invalidity Date" */ &(nid_objs[569]),/* "MIME MHS" */ &(nid_objs[388]),/* "Mail" */ @@ -2647,6 +2658,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[716]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ &(nid_objs[717]),/* "Microsoft Universal Principal Name" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ @@ -2765,7 +2778,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[110]),/* "cast5-cfb" */ &(nid_objs[109]),/* "cast5-ecb" */ &(nid_objs[111]),/* "cast5-ofb" */ -&(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ &(nid_objs[528]),/* "certicom-arc" */ &(nid_objs[581]),/* "certificate extensions" */ @@ -3015,8 +3027,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[101]),/* "initials" */ &(nid_objs[181]),/* "iso" */ &(nid_objs[687]),/* "issuer capabilities" */ +&(nid_objs[721]),/* "itu-t" */ &(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[393]),/* "joint-iso-ccitt" */ +&(nid_objs[722]),/* "joint-iso-itu-t" */ &(nid_objs[150]),/* "keyBag" */ &(nid_objs[477]),/* "lastModifiedBy" */ &(nid_objs[476]),/* "lastModifiedTime" */ @@ -3329,14 +3342,17 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[404]),/* OBJ_ccitt 0 */ +&(nid_objs[721]),/* OBJ_itu_t 0 */ +&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ &(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[527]),/* OBJ_identified_organization 1 3 */ -&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ +&(nid_objs[722]),/* OBJ_joint_iso_itu_t 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ +&(nid_objs[723]),/* OBJ_international_organizations 2 23 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ diff --git a/demos/ssltest-ecc/README b/demos/ssltest-ecc/README index b045c28fb..71c070af1 100644 --- a/demos/ssltest-ecc/README +++ b/demos/ssltest-ecc/README @@ -1,6 +1,6 @@ Scripts for using ECC ciphersuites with test/testssl (these ciphersuites are described in the Internet Draft available at -http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-02.txt). +http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt). Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate root, client and server certs of the following types: diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 211dd03b1..7eff4f1d5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1870,6 +1870,7 @@ static int ssl3_send_client_key_exchange(SSL *s) { EC_GROUP *srvr_group = NULL; int ecdh_clnt_cert = 0; + int field_size = 0; /* Did we send out the client's * ECDH share for use in premaster @@ -1962,7 +1963,21 @@ static int ssl3_send_client_key_exchange(SSL *s) * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(clnt_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + else + n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2375,7 +2390,8 @@ err: /* This is the complement of nid2curve_id in s3_srvr.c. */ static int curve_id2nid(int curve_id) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ static int nid_list[26] = { 0, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c2ac8cb2f..32ddc4809 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1962,6 +1962,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if ((l & SSL_kECDH) || (l & SSL_kECDHE)) { int ret = 1; + int field_size = 0; /* initialize structures for server's ECDH key pair */ if ((srvr_ecdh = EC_KEY_new()) == NULL) @@ -2062,7 +2063,21 @@ static int ssl3_get_client_key_exchange(SSL *s) } /* Compute the shared pre-master secret */ - i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(srvr_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + else + i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -2459,7 +2474,8 @@ int ssl3_send_server_certificate(SSL *s) /* This is the complement of curve_id2nid in s3_clnt.c. */ static int nid2curve_id(int nid) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ switch (nid) { case NID_sect163k1: /* sect163k1 (1) */ return 1; diff --git a/ssl/tls1.h b/ssl/tls1.h index 7f4a2f308..be1544538 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -131,6 +131,10 @@ extern "C" { * suites to use 5B and 5C instead (this may change with future * updates to the IETF draft). */ +/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of + * ciphersuites, but does not define numbers for all of them + * because of possible conflicts with other Internet Drafts; + * most numbers are still subject to change. */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 #define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 From f96d1af449bcbe01efa3c1eb42712e10544b8811 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 23 Jul 2003 00:10:43 +0000 Subject: [PATCH 382/550] Avoid clashes with Win32 names in WinCrypt.h --- crypto/ossl_typ.h | 1 + crypto/x509/x509.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index b50e9ae25..46200a80b 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -97,6 +97,7 @@ typedef int ASN1_NULL; #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME +#undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 049308ba8..e7706ce9f 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -112,8 +112,9 @@ extern "C" { #endif #ifdef OPENSSL_SYS_WIN32 -/* Under Win32 this is defined in wincrypt.h */ +/* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME +#undef X509_CERT_PAIR #endif #define X509_FILETYPE_PEM 1 From 5b6e7c8c65114e004023ec6627cd227d72ca0579 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 4 Aug 2003 10:12:36 +0000 Subject: [PATCH 383/550] Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined. --- crypto/evp/c_all.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 879d84ae7..fa60a73ea 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -59,7 +59,9 @@ #include #include "cryptlib.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #if 0 #undef OpenSSL_add_all_algorithms From 3aa8d3a7f11fdcef71240a1ae0c4f6000986cc45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 6 Aug 2003 10:36:25 +0000 Subject: [PATCH 384/550] add OpenSSL license fix typo --- crypto/bio/bss_bio.c | 55 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index aa58dab04..0f9f0955b 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -1,4 +1,57 @@ /* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Special method for a BIO where the other endpoint is also a BIO * of this kind, handled by the same thread (i.e. the "peer" is actually @@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) break; case BIO_C_DESTROY_BIO_PAIR: - /* Effects both BIOs in the pair -- call just once! + /* Affects both BIOs in the pair -- call just once! * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ bio_destroy_pair(bio); ret = 1; From 88401ed449a889f3aeba78ff1ac89045bda8e7b7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Aug 2003 11:57:42 +0000 Subject: [PATCH 385/550] Correct two problems, found by Martin Kochanski : 1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error. 2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot, not CloseHandle. --- crypto/rand/rand_win.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 113b58678..263068d25 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); @@ -431,7 +432,7 @@ int RAND_poll(void) * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html - * revised version at http://www.cryptoengines.com/~peter/06_random.pdf + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) @@ -440,6 +441,7 @@ int RAND_poll(void) if (kernel) { CREATETOOLHELP32SNAPSHOT snap; + CLOSETOOLHELP32SNAPSHOT close_snap; HANDLE handle; HEAP32FIRST heap_first; @@ -457,6 +459,8 @@ int RAND_poll(void) snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot")); heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); @@ -472,7 +476,7 @@ int RAND_poll(void) heaplist_next && process_first && process_next && thread_first && thread_next && module_first && module_next && (handle = snap(TH32CS_SNAPALL,0)) - != NULL) + != INVALID_HANDLE_VALUE) { /* heap list and heap walking */ /* HEAPLIST32 contains 3 fields that will change with @@ -534,8 +538,10 @@ int RAND_poll(void) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m)); - - CloseHandle(handle); + if (close_snap) + close_snap(handle); + else + CloseHandle(handle); } FreeLibrary(kernel); From 643ecd2ed6fa6f91d674429fc9fca6e2405946de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 11 Aug 2003 18:56:22 +0000 Subject: [PATCH 386/550] make sure no error is left in the queue that is intentionally ignored --- ssl/ssl_rsa.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 03828b663..330390519 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) ok=1; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { @@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return(0); } + ERR_clear_error(); /* make sure no error from X509_check_private_key() + * is left if we have chosen to ignore it */ if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); From 563c05e2dc77221c4aad740c3b89fc21c84652be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 14 Aug 2003 10:33:56 +0000 Subject: [PATCH 387/550] fix out-of-bounds check in lock_dbg_cb (was too lose to detect all invalid cases) PR: 674 --- apps/openssl.c | 2 +- ssl/ssltest.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 45af2ba7f..e0d89d4ab 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -163,7 +163,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } - if (type < 0 || type > CRYPTO_NUM_LOCKS) + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a304398b9..7bb415200 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -303,7 +303,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } - if (type < 0 || type > CRYPTO_NUM_LOCKS) + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; From 510dc1ecd00296a17a9b680288290942d82beddf Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 21 Aug 2003 12:32:12 +0000 Subject: [PATCH 388/550] outlen should be int * in out_utf8. --- crypto/asn1/a_mbstr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 5d981c655..e8a26af52 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { - long *outlen; + int *outlen; outlen = arg; *outlen += UTF8_putc(NULL, -1, value); return 1; From 14f3d7c5ccd38875d5f3ee2007baec5a7240adc0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 3 Sep 2003 23:47:34 +0000 Subject: [PATCH 389/550] Only accept a client certificate if the server requests one, as required by SSL/TLS specs. --- CHANGES | 5 +++++ ssl/s3_srvr.c | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 0e7f96884..421d41fd7 100644 --- a/CHANGES +++ b/CHANGES @@ -2515,6 +2515,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 32ddc4809..ca39d6b1c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -456,10 +456,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } From 560dfd2a02df2fd3d6f0a12519eb26c3c4f60fa8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 3 Sep 2003 23:56:01 +0000 Subject: [PATCH 390/550] New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. --- CHANGES | 4 ++++ apps/ocsp.c | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/CHANGES b/CHANGES index 421d41fd7..dd23a4ee2 100644 --- a/CHANGES +++ b/CHANGES @@ -549,6 +549,10 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) New -ignore_err option in ocsp application to stop the server + exiting on the first error in a request. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). diff --git a/apps/ocsp.c b/apps/ocsp.c index 0cf4aad3f..9c8e20d35 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -123,6 +123,7 @@ int MAIN(int argc, char **argv) int accept_count = -1; int badarg = 0; int i; + int ignore_err = 0; STACK *reqnames = NULL; STACK_OF(OCSP_CERTID) *ids = NULL; @@ -182,6 +183,8 @@ int MAIN(int argc, char **argv) } else badarg = 1; } + else if (!strcmp(*args, "-ignore_err")) + ignore_err = 1; else if (!strcmp(*args, "-noverify")) noverify = 1; else if (!strcmp(*args, "-nonce")) @@ -783,6 +786,8 @@ int MAIN(int argc, char **argv) { BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); + if (ignore_err) + goto redo_accept; ret = 0; goto end; } From a907751350f2bec14d413bccd517ab9c724dac3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 4 Sep 2003 12:52:56 +0000 Subject: [PATCH 391/550] certain changes have to be listed twice in this file because OpenSSL 0.9.6h forked into 0.9.6i and 0.9.7 ... --- CHANGES | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index dd23a4ee2..fc57065a6 100644 --- a/CHANGES +++ b/CHANGES @@ -553,6 +553,11 @@ exiting on the first error in a request. [Steve Henson] + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). From 9ea72d3705697b3d83023326f2d453530e5b4802 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 8 Sep 2003 15:47:55 +0000 Subject: [PATCH 392/550] These should be write-locks, not read-locks. --- ssl/ssl_sess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b4fb90448..5cf79d274 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -79,11 +79,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; if(sess) sess->references++; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); return(sess); } From e6fa67fa9337d498b4383b067da04c6b6e802cd0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 9 Sep 2003 14:48:36 +0000 Subject: [PATCH 393/550] Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately). --- apps/apps.c | 26 ------------ apps/apps.h | 6 --- apps/ca.c | 10 ----- crypto/Makefile.ssl | 6 +-- crypto/crypto-lib.com | 2 +- crypto/o_str.c | 95 +++++++++++++++++++++++++++++++++++++++++++ crypto/o_str.h | 67 ++++++++++++++++++++++++++++++ e_os.h | 21 +++++++++- 8 files changed, 186 insertions(+), 47 deletions(-) create mode 100644 crypto/o_str.c create mode 100644 crypto/o_str.h diff --git a/apps/apps.c b/apps/apps.c index ac9e3daa5..b1916bbc0 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -126,16 +126,6 @@ #include #endif -#ifdef OPENSSL_SYS_WINDOWS -#define strcasecmp _stricmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); -# else -# include -# endif /* NO_STRINGS_H */ -#endif - #define NON_MAIN #include "apps.h" #undef NON_MAIN @@ -378,22 +368,6 @@ int WIN32_rename(char *from, char *to) } #endif -#ifdef OPENSSL_SYS_VMS -int VMS_strcasecmp(const char *str1, const char *str2) - { - while (*str1 && *str2) - { - int res = toupper(*str1) - toupper(*str2); - if (res) return res < 0 ? -1 : 1; - } - if (*str1) - return 1; - if (*str2) - return -1; - return 0; - } -#endif - int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { int num,len,i; diff --git a/apps/apps.h b/apps/apps.h index 8a9c4ab0a..0d50a9477 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -141,12 +141,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, int WIN32_rename(char *oldname,char *newname); #endif -/* VMS below version 7.0 doesn't have strcasecmp() */ -#ifdef OPENSSL_SYS_VMS -#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2)) -int VMS_strcasecmp(const char *str1, const char *str2); -#endif - #ifndef MONOLITH #define MAIN(a,v) main(a,v) diff --git a/apps/ca.c b/apps/ca.c index 2c7e91aab..780868a9f 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -76,16 +76,6 @@ #include #include -#ifdef OPENSSL_SYS_WINDOWS -#define strcasecmp _stricmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); -# else -# include -# endif /* NO_STRINGS_H */ -#endif - #ifndef W_OK # ifdef OPENSSL_SYS_VMS # if defined(__DECC) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index b52157e4d..059d8a6d2 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -37,14 +37,14 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c -LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.c SRC= $(LIBSRC) EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index da1ee269b..410e44904 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -159,7 +159,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" diff --git a/crypto/o_str.c b/crypto/o_str.c new file mode 100644 index 000000000..8bcdc25e7 --- /dev/null +++ b/crypto/o_str.c @@ -0,0 +1,95 @@ +/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) + { +#if defined(OPENSSL_SYS_VMS) + while (*str1 && *str2 && n) + { + int res = toupper(*str1) - toupper(*str2); + if (res) return res < 0 ? -1 : 1; + str1++; + str2++; + n--; + } + if (n == 0) + return 0; + if (*str1) + return 1; + if (*str2) + return -1; + return 0; +#elif defined(OPENSSL_SYS_WINDOWS) + return _strnicmp(str1, str2, n); +#else + return strncasecmp(str1, str2, n); +#endif + } +int OPENSSL_strcasecmp(const char *str1, const char *str2) + { +#if defined(OPENSSL_SYS_VMS) + return OSSL_strncasecmp(str1, str2, (size_t)-1); +#elif defined(OPENSSL_SYS_WINDOWS) + return _stricmp(str1, str2, n); +#else + return strcasecmp(str1, str2); +#endif + } + diff --git a/crypto/o_str.h b/crypto/o_str.h new file mode 100644 index 000000000..5535123ab --- /dev/null +++ b/crypto/o_str.h @@ -0,0 +1,67 @@ +/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_O_STR_H +#define HEADER_O_STR_H + +#include + +int OPENSSL_strcasecmp(const char *str1, const char *str2); +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) + +#endif diff --git a/e_os.h b/e_os.h index 3800bfd75..3f7cdf4b5 100644 --- a/e_os.h +++ b/e_os.h @@ -503,11 +503,30 @@ extern char *sys_errlist[]; extern int sys_nerr; #define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ #endif +#if defined(OPENSSL_SYS_WINDOWS) +# define strcasecmp _stricmp +# define strncasecmp _strnicmp +#elif defined(OPENSSL_SYS_VMS) +/* VMS below version 7.0 doesn't have strcasecmp() */ +# include +# define strcasecmp OPENSSL_strcasecmp +# define strncasecmp OPENSSL_strncasecmp +#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) +# define strcasecmp stricmp +# define strncasecmp strnicmp +#else +# ifdef NO_STRINGS_H + int strcasecmp(); + int strncasecmp(); +# else +# include +# endif /* NO_STRINGS_H */ +#endif + #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) # include # include # define NO_SYSLOG -# define strcasecmp stricmp #endif /* vxworks */ From 82384690e2ac49d6604d66bf5ac04c93f3e64a71 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 9 Sep 2003 23:44:39 +0000 Subject: [PATCH 394/550] Typos. --- crypto/o_str.c | 3 ++- crypto/o_str.h | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/o_str.c b/crypto/o_str.c index 8bcdc25e7..174db3156 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -57,6 +57,7 @@ */ #include +#include int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) { @@ -87,7 +88,7 @@ int OPENSSL_strcasecmp(const char *str1, const char *str2) #if defined(OPENSSL_SYS_VMS) return OSSL_strncasecmp(str1, str2, (size_t)-1); #elif defined(OPENSSL_SYS_WINDOWS) - return _stricmp(str1, str2, n); + return _stricmp(str1, str2); #else return strcasecmp(str1, str2); #endif diff --git a/crypto/o_str.h b/crypto/o_str.h index 5535123ab..744a6e27d 100644 --- a/crypto/o_str.h +++ b/crypto/o_str.h @@ -62,6 +62,6 @@ #include int OPENSSL_strcasecmp(const char *str1, const char *str2); -int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); #endif From 7068c8b1a6b9f88fc96f9de78147a08c16b3639a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 21 Sep 2003 02:18:15 +0000 Subject: [PATCH 395/550] In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store. --- apps/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/x509.c b/apps/x509.c index f0ef5596f..036e25505 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1103,7 +1103,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, else if (!(bs = x509_load_serial(CAfile, serialfile, create))) goto end; - if (!X509_STORE_add_cert(ctx,x)) goto end; +/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ From dfe399e7d9773174c44fa3451b97cf1e3ca07a55 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 21 Sep 2003 02:20:02 +0000 Subject: [PATCH 396/550] Add -passin support to rsautl --- apps/rsautl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/apps/rsautl.c b/apps/rsautl.c index 5a6fd115f..5db6fe7cd 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -97,6 +97,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey = NULL; RSA *rsa = NULL; unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; + char *passargin = NULL, *passin = NULL; int rsa_inlen, rsa_outlen = 0; int keysize; @@ -124,6 +125,9 @@ int MAIN(int argc, char **argv) } else if(!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; keyfile = *(++argv); + } else if (!strcmp(*argv,"-passin")) { + if (--argc < 1) badarg = 1; + passargin= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); @@ -169,6 +173,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -176,7 +184,7 @@ int MAIN(int argc, char **argv) switch(key_type) { case KEY_PRIVKEY: pkey = load_key(bio_err, keyfile, keyform, 0, - NULL, e, "Private Key"); + passin, e, "Private Key"); break; case KEY_PUBKEY: @@ -290,6 +298,7 @@ int MAIN(int argc, char **argv) BIO_free_all(out); if(rsa_in) OPENSSL_free(rsa_in); if(rsa_out) OPENSSL_free(rsa_out); + if(passin) OPENSSL_free(passin); return ret; } @@ -313,6 +322,7 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf (bio_err, "-passin arg pass phrase source\n"); #endif } From 6bd27f8644e401301e3a843d92876e74ed6cb0ea Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Thu, 25 Sep 2003 13:57:58 +0000 Subject: [PATCH 397/550] Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime table crypto/bn/bn_prime.h was already correct, but it could not be re-generated on some platforms because of the "division by zero" situation in the script. --- CHANGES | 8 ++++++++ crypto/bn/bn_prime.pl | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index fc57065a6..5e68e6247 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making + sure the loop does correctly stop and breaking ("division by zero") + modulus operations are not performed. The (pre-generated) prime + table crypto/bn/bn_prime.h was already correct, but it could not be + re-generated on some platforms because of the "division by zero" + situation in the script. + [Ralf S. Engelschall] + *) Update support for ECC-based TLS ciphersuites according to draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with SHA-1 now is only used for "small" curves (where the diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index 9fc376548..e583d1d53 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -11,7 +11,7 @@ loop: while ($#primes < $num-1) $p+=2; $s=int(sqrt($p)); - for ($i=0; $primes[$i]<=$s; $i++) + for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) { next loop if (($p%$primes[$i]) == 0); } From f6b659cba4bab69cd36cdc492f2bdab2d848d819 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 07:34:49 +0000 Subject: [PATCH 398/550] Add necessary changes to be able to build on VxWorks for PPC860. Contributed by Bob Bradley --- Configure | 1 + e_os.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index a88c0cb6a..a41c43124 100755 --- a/Configure +++ b/Configure @@ -560,6 +560,7 @@ my %table=( "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", diff --git a/e_os.h b/e_os.h index 3f7cdf4b5..aad0a7eae 100644 --- a/e_os.h +++ b/e_os.h @@ -541,7 +541,7 @@ extern char *sys_errlist[]; extern int sys_nerr; #if defined(ioctlsocket) #undef ioctlsocket #endif -#define ioctlsocket(a,b,c) ioctl((a),(b),*(c)) +#define ioctlsocket(a,b,c) ioctl((a),(b),*(int*)(c)) #include #include From 0e6c20da462da07faebe8b685b294e72b018cc43 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 07:35:07 +0000 Subject: [PATCH 399/550] Free the Kerberos context upon freeing the SSL. Contributed by Andrew Mann --- ssl/ssl_lib.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ea76cf117..0c84e3ddd 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -477,6 +477,11 @@ void SSL_free(SSL *s) if (s->method != NULL) s->method->ssl_free(s); +#ifndef OPENSSL_NO_KRB5 + if (s->kssl_ctx != NULL) + kssl_ctx_free(s->kssl_ctx); +#endif /* OPENSSL_NO_KRB5 */ + OPENSSL_free(s); } From 0ad2c4f85ba4f10c9d2387f316d89a7e9a42fe82 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 10:39:16 +0000 Subject: [PATCH 400/550] Correct small documentation error. PR: 698 --- INSTALL.W32 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 78d289e16..0f6c302f0 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -225,7 +225,7 @@ $ md c:\openssl\lib $ md c:\openssl\include $ md c:\openssl\include\openssl - $ copy /b inc32\* c:\openssl\include\openssl + $ copy /b inc32\openssl\* c:\openssl\include\openssl $ copy /b out32dll\ssleay32.lib c:\openssl\lib $ copy /b out32dll\libeay32.lib c:\openssl\lib $ copy /b out32dll\ssleay32.dll c:\openssl\bin From 253e893c2b0e0d1bc2d4b64073a30cfc493e5bc6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 17:55:13 +0000 Subject: [PATCH 401/550] Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693 --- apps/s_server.c | 8 +++++++- ssl/kssl.c | 35 ++++++++++++++++++++++++++--------- ssl/kssl.h | 2 +- 3 files changed, 34 insertions(+), 11 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 7ce65a3e8..64d4c8286 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1347,7 +1347,13 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); - +#ifndef OPENSSL_NO_KRB5 + if (con->kssl_ctx->client_princ != NULL) + { + BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", + con->kssl_ctx->client_princ); + } +#endif /* OPENSSL_NO_KRB5 */ return(1); } diff --git a/ssl/kssl.c b/ssl/kssl.c index a80f5b2f7..7c45f8ff4 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, "bad ticket from krb5_rd_req.\n"); } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data)) + &krb5ticket->enc_part2->client->realm, + krb5ticket->enc_part2->client->data, + krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); @@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) } -/* Given a (krb5_data *) entity (and optional realm), +/* Given an array of (krb5_data *) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity) + krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; + int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; @@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } if (*princ) free(*princ); - length = entity->length + ((realm)? realm->length + 2: 1); + /* Add up all the entity->lengths */ + length = 0; + for (i=0; i < nentities; i++) + { + length += entity[i].length; + } + /* Add in space for the '/' character(s) (if any) */ + length += nentities-1; + /* Space for the ('@'+realm+NULL | NULL) */ + length += ((realm)? realm->length + 2: 1); + if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else - { - strncpy(*princ, entity->data, entity->length); - (*princ)[entity->length]='\0'; + { + for (i = 0; i < nentities; i++) + { + strncat(*princ, entity[i].data, entity[i].length); + if (i < nentities-1) + { + strcat (*princ, "/"); + } + } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); - (*princ)[entity->length+1+realm->length]='\0'; } } diff --git a/ssl/kssl.h b/ssl/kssl.h index cf7ebdd16..19a689b08 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity); + krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, From e59659dc4187d682d8a9166de3f4c2315d340cc5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 19:27:06 +0000 Subject: [PATCH 402/550] Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. PR: 680 --- ssl/s3_srvr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ca39d6b1c..bd0624be3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1574,6 +1574,7 @@ static int ssl3_send_certificate_request(SSL *s) s->init_num += 4; #endif + s->state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ From ba9f80c5d515c9e087b942f578954925290f4fb9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 19:32:06 +0000 Subject: [PATCH 403/550] Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. PR: 679 --- ssl/s3_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7eff4f1d5..b27a1deaa 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2161,6 +2161,7 @@ static int ssl3_send_client_verify(SSL *s) *(d++)=SSL3_MT_CERTIFICATE_VERIFY; l2n3(n,d); + s->state=SSL3_ST_CW_CERT_VRFY_B; s->init_num=(int)n+4; s->init_off=0; } From 11171f3c743f6b56f4bca523053cebf5c15ecccc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 20:29:05 +0000 Subject: [PATCH 404/550] Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678 --- crypto/err/err.c | 42 +++++++++++++++++++++++++++++++++++++++++- crypto/err/err.h | 1 + 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 9b9bec685..f2c322c1c 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -226,6 +226,7 @@ struct st_ERR_FNS ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); /* Works on the "thread_hash" error-state table */ LHASH *(*cb_thread_get)(int create); + void (*cb_thread_release)(LHASH **hash); ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); void (*cb_thread_del_item)(const ERR_STATE *); @@ -240,6 +241,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); static LHASH *int_thread_get(int create); +static void int_thread_release(LHASH **hash); static ERR_STATE *int_thread_get_item(const ERR_STATE *); static ERR_STATE *int_thread_set_item(ERR_STATE *); static void int_thread_del_item(const ERR_STATE *); @@ -253,6 +255,7 @@ static const ERR_FNS err_defaults = int_err_set_item, int_err_del_item, int_thread_get, + int_thread_release, int_thread_get_item, int_thread_set_item, int_thread_del_item, @@ -272,6 +275,7 @@ static const ERR_FNS *err_fns = NULL; * and state in the loading application. */ static LHASH *int_error_hash = NULL; static LHASH *int_thread_hash = NULL; +static int int_thread_hash_references = 0; static int int_err_library_number= ERR_LIB_USER; /* Internal function that checks whether "err_fns" is set and if not, sets it to @@ -418,11 +422,37 @@ static LHASH *int_thread_get(int create) CRYPTO_pop_info(); } if (int_thread_hash) + { + int_thread_hash_references++; ret = int_thread_hash; + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; } +static void int_thread_release(LHASH **hash) + { + int i; + + if (hash == NULL || *hash == NULL) + return; + + i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + +#ifdef REF_PRINT + fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"int_thread_release, bad reference count\n"); + abort(); /* ok */ + } +#endif + *hash = NULL; + } + static ERR_STATE *int_thread_get_item(const ERR_STATE *d) { ERR_STATE *p; @@ -437,6 +467,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d) p = (ERR_STATE *)lh_retrieve(hash, d); CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -454,6 +485,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d) p = (ERR_STATE *)lh_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -470,13 +502,15 @@ static void int_thread_del_item(const ERR_STATE *d) CRYPTO_w_lock(CRYPTO_LOCK_ERR); p = (ERR_STATE *)lh_delete(hash, d); /* make sure we don't leak memory */ - if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) + if (int_thread_hash_references == 1 + && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { lh_free(int_thread_hash); int_thread_hash = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); if (p) ERR_STATE_free(p); } @@ -855,6 +889,12 @@ LHASH *ERR_get_err_state_table(void) return ERRFN(thread_get)(0); } +void ERR_release_err_state_table(LHASH **hash) + { + err_fns_check(); + ERRFN(thread_release)(hash); + } + const char *ERR_lib_error_string(unsigned long e) { ERR_STRING_DATA d,*p; diff --git a/crypto/err/err.h b/crypto/err/err.h index 1228acfe5..d893f60bb 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -293,6 +293,7 @@ ERR_STATE *ERR_get_state(void); #ifndef OPENSSL_NO_LHASH LHASH *ERR_get_string_table(void); LHASH *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH **hash); #endif int ERR_get_next_error_library(void); From 3d7c4a5a6d0bb05194a26e598000d2b2666e1bec Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 21:56:08 +0000 Subject: [PATCH 405/550] Selected changes for MSDOS, contributed by Gisle Vanem . PR: 669 --- apps/s_apps.h | 8 ++++++++ apps/s_client.c | 18 +++++++----------- apps/s_server.c | 12 ++++-------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/apps/s_apps.h b/apps/s_apps.h index ff18a72fe..66b6edd44 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -112,6 +112,14 @@ #include #include +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#include +#endif + +#ifdef OPENSSL_SYS_MSDOS +#define _kbhit kbhit +#endif + #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) /* VAX C does not defined fd_set and friends, but it's actually quite simple */ /* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ diff --git a/apps/s_client.c b/apps/s_client.c index 74d578d6b..eb6fd7c1c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -136,10 +136,6 @@ typedef unsigned int u_int; #include #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS -#include -#endif - #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno @@ -260,7 +256,7 @@ int MAIN(int argc, char **argv) char *engine_id=NULL; ENGINE *e=NULL; #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) struct timeval tv; #endif @@ -644,7 +640,7 @@ re_start: if (!ssl_pending) { -#ifndef OPENSSL_SYS_WINDOWS +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -671,8 +667,8 @@ re_start: * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS - /* Under Windows we make the assumption that we can +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Under Windows/DOS we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise * we timeout the select every second and see if there @@ -686,7 +682,7 @@ re_start: tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); -#ifdef OPENSSL_SYS_WINCE +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) if(!i && (!_kbhit() || !read_tty) ) continue; #else if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; @@ -855,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 } } -#ifdef OPENSSL_SYS_WINDOWS -#ifdef OPENSSL_SYS_WINCE +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) else if (_kbhit()) #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) diff --git a/apps/s_server.c b/apps/s_server.c index 64d4c8286..dd58591d3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -151,10 +151,6 @@ typedef unsigned int u_int; #include #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS -#include -#endif - #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno @@ -1001,7 +997,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) struct timeval tv; #endif @@ -1075,7 +1071,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#ifndef OPENSSL_SYS_WINDOWS +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -1085,8 +1081,8 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS - /* Under Windows we can't select on stdin: only +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows * application we wouldn't do this because it is inefficient. From 1be02dd84277d15136ecb06fa253b83aaca9de49 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 22:14:39 +0000 Subject: [PATCH 406/550] Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664 --- crypto/md5/asm/md5-586.pl | 2 +- crypto/perlasm/x86ms.pl | 3 +++ crypto/perlasm/x86nasm.pl | 3 +++ crypto/perlasm/x86unix.pl | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl index 5fc6a205c..fa3fa3bed 100644 --- a/crypto/md5/asm/md5-586.pl +++ b/crypto/md5/asm/md5-586.pl @@ -293,7 +293,7 @@ sub md5_block &mov(&DWP(12,$tmp2,"",0),$D); &cmp($tmp1,$X) unless $normal; # check count - &jge(&label("start")) unless $normal; + &jae(&label("start")) unless $normal; &pop("eax"); # pop the temp variable off the stack &pop("ebx"); diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl index 35f1a4ddb..fbb4afb9b 100644 --- a/crypto/perlasm/x86ms.pl +++ b/crypto/perlasm/x86ms.pl @@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jnz { &out1("jnz",@_); } diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index f30b7466d..30346af4e 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); } sub main'jz { &out1("jz NEAR",@_); } sub main'jge { &out1("jge NEAR",@_); } sub main'jl { &out1("jl NEAR",@_); } +sub main'ja { &out1("ja NEAR",@_); } +sub main'jae { &out1("jae NEAR",@_); } sub main'jb { &out1("jb NEAR",@_); } +sub main'jbe { &out1("jbe NEAR",@_); } sub main'jc { &out1("jc NEAR",@_); } sub main'jnc { &out1("jnc NEAR",@_); } sub main'jnz { &out1("jnz NEAR",@_); } diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl index 72bde061c..10b669bf0 100644 --- a/crypto/perlasm/x86unix.pl +++ b/crypto/perlasm/x86unix.pl @@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jno { &out1("jno",@_); } From 3c02e24bb3bfe966549ca242c36d54b985abe1b5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Sep 2003 22:48:33 +0000 Subject: [PATCH 407/550] Change the indentation from 12 to indent+4. PR: 657 --- crypto/x509v3/v3_prn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 9be6c95a6..8e3b3d867 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts j=X509_EXTENSION_get_critical(ex); if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) return 0; - if(!X509V3_EXT_print(bp, ex, flag, 12)) + if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); M_ASN1_OCTET_STRING_print(bp,ex->value); From 7f3ba9428f29dd424267f75fa2de7d0fe513a6c9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 28 Sep 2003 07:11:33 +0000 Subject: [PATCH 408/550] Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669 --- crypto/bio/bss_file.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a66600c1a..1f9bd3312 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown=(int)num&BIO_CLOSE; b->ptr=(char *)ptr; b->init=1; -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) + if (num & BIO_FP_TEXT) + _setmode(fd,_O_TEXT); + else + _setmode(fd,_O_BINARY); +#elif defined(OPENSSL_SYS_MSDOS) + { + int fd = fileno((FILE*)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) - _setmode(fileno((FILE *)ptr),_O_TEXT); + _setmode(fd,_O_TEXT); + /* Dangerous to set stdin/stdout to raw (unless redirected) */ else - _setmode(fileno((FILE *)ptr),_O_BINARY); + { + if (fd == STDIN_FILENO || fd == STDOUT_FILENO) + { + if (isatty(fd) <= 0) + _setmode(fd,_O_BINARY); + } + else + _setmode(fd,_O_BINARY); + } + } #elif defined(OPENSSL_SYS_OS2) if (num & BIO_FP_TEXT) setmode(fileno((FILE *)ptr), O_TEXT); From 057a04398d5e7d4efd49fa649e20125017397935 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 28 Sep 2003 09:34:50 +0000 Subject: [PATCH 409/550] Synchronise util/libeay.num with the 0.9.7-stable one. make update --- TABLE | 25 ++ crypto/Makefile.ssl | 2 + util/libeay.num | 687 ++++++++++++++++++++++---------------------- 3 files changed, 370 insertions(+), 344 deletions(-) diff --git a/TABLE b/TABLE index 796a0094b..8fe97d684 100644 --- a/TABLE +++ b/TABLE @@ -4324,3 +4324,28 @@ $shared_ldflag = $shared_extension = $ranlib = $arflags = + +*** vxworks-ppc860 +$cc = ccppc +$cflags = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 059d8a6d2..b119ccbd9 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -204,6 +204,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c +o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c +o_str.o: o_str.h o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c o_time.o: o_time.h tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h diff --git a/util/libeay.num b/util/libeay.num index fa11a9fa6..6151f6274 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2802,348 +2802,347 @@ BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: BN_get0_nist_prime_384 3246 EXIST::FUNCTION: -ENGINE_register_ECDSA 3247 EXIST::FUNCTION:ENGINE -BN_nist_mod_192 3248 EXIST::FUNCTION: -EC_GROUP_get_trinomial_basis 3249 EXIST::FUNCTION:EC -ECDH_get_default_method 3250 EXIST::FUNCTION:ECDH -PKCS12_add_safe 3251 EXIST::FUNCTION: -ENGINE_register_ECDH 3252 EXIST::FUNCTION:ENGINE -i2d_ECPrivateKey 3253 EXIST::FUNCTION:EC -BN_get0_nist_prime_192 3254 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GF2m 3255 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GF2m 3255 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_exp_arr 3256 EXIST::FUNCTION: -X509_keyid_get0 3257 EXIST::FUNCTION: -EC_GROUP_new_by_nid 3258 EXIST::FUNCTION:EC -BN_GF2m_mod_mul_arr 3259 EXIST::FUNCTION: -EC_KEY_copy 3260 EXIST::FUNCTION:EC -EC_GROUP_check_discriminant 3261 EXIST::FUNCTION:EC -EC_POINT_point2bn 3262 EXIST::FUNCTION:EC -EC_GROUP_new_curve_GF2m 3263 EXIST::FUNCTION:EC -EVP_PKEY_get1_EC_KEY 3264 EXIST::FUNCTION:EC -ENGINE_get_default_ECDH 3265 EXIST::FUNCTION:ENGINE -ASN1_OCTET_STRING_NDEF_it 3266 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 3266 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_static_state 3267 EXIST::FUNCTION:ENGINE -ECDSA_SIG_new 3268 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_sqr 3269 EXIST::FUNCTION: -EC_POINT_bn2point 3270 EXIST::FUNCTION:EC -EC_GROUP_get_point_conversion_form 3271 EXIST:!VMS:FUNCTION:EC -EC_GROUP_get_point_conv_form 3271 EXIST:VMS:FUNCTION:EC -PEM_read_bio_ECPKParameters 3272 EXIST::FUNCTION:EC -EC_GROUP_get_pentanomial_basis 3273 EXIST::FUNCTION:EC -EC_GROUP_get_nid 3274 EXIST::FUNCTION:EC -ECDSA_sign_setup 3275 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_solve_quad_arr 3276 EXIST::FUNCTION: -EC_KEY_up_ref 3277 EXIST::FUNCTION:EC -BN_GF2m_mod_div 3278 EXIST::FUNCTION: -EC_KEY_free 3279 EXIST::FUNCTION:EC -PEM_write_bio_ECPrivateKey 3280 EXIST::FUNCTION:EC -d2i_EC_PUBKEY 3281 EXIST::FUNCTION:EC -EC_KEY_print_fp 3282 EXIST::FUNCTION:EC,FP_API -BN_GF2m_mod_arr 3283 EXIST::FUNCTION: -PEM_write_bio_X509_CERT_PAIR 3284 EXIST::FUNCTION: -ECDH_get_ex_data 3285 EXIST::FUNCTION:ECDH -ECDSA_do_sign 3286 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3287 EXIST::FUNCTION:ENGINE -ECDH_OpenSSL 3288 EXIST::FUNCTION:ECDH -EC_POINT_dup 3289 EXIST::FUNCTION:EC -EC_get_builtin_curves 3290 EXIST::FUNCTION:EC -EVP_PKEY_set1_EC_KEY 3291 EXIST::FUNCTION:EC -BN_GF2m_mod_sqrt_arr 3292 EXIST::FUNCTION: -i2d_ECPrivateKey_bio 3293 EXIST::FUNCTION:BIO,EC -ECPKParameters_print_fp 3294 EXIST::FUNCTION:EC,FP_API -ECDSA_SIG_free 3295 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECPKParameters 3296 EXIST::FUNCTION:EC -EC_GROUP_set_nid 3297 EXIST::FUNCTION:EC -PKCS12_add_safes 3298 EXIST::FUNCTION: -BN_GF2m_poly2arr 3299 EXIST::FUNCTION: -BN_get0_nist_prime_224 3300 EXIST::FUNCTION: -i2d_ECParameters 3301 EXIST::FUNCTION:EC -i2d_ECPKParameters 3302 EXIST::FUNCTION:EC -BN_ncopy 3303 EXIST::FUNCTION: -d2i_ECPKParameters 3304 EXIST::FUNCTION:EC -ENGINE_set_ECDH 3305 EXIST::FUNCTION:ENGINE -PEM_write_bio_EC_PUBKEY 3306 EXIST::FUNCTION:EC -ECParameters_print 3307 EXIST::FUNCTION:BIO,EC -ASN1_generate_nconf 3308 EXIST::FUNCTION: -BN_GF2m_mod_mul 3309 EXIST::FUNCTION: -EC_GROUP_set_seed 3310 EXIST::FUNCTION:EC -EC_GROUP_get_curve_GF2m 3311 EXIST::FUNCTION:EC -PEM_read_X509_CERT_PAIR 3312 EXIST:!WIN16:FUNCTION: -o2i_ECPublicKey 3313 EXIST::FUNCTION:EC -ECDSA_get_ex_data 3314 EXIST::FUNCTION:ECDSA -BN_GF2m_mod 3315 EXIST::FUNCTION: -EC_GROUP_get_seed_len 3316 EXIST::FUNCTION:EC -PEM_read_bio_EC_PUBKEY 3317 EXIST::FUNCTION:EC -i2d_EC_PUBKEY 3318 EXIST::FUNCTION:EC -ECDSA_get_default_method 3319 EXIST::FUNCTION:ECDSA -ASN1_put_eoc 3320 EXIST::FUNCTION: -ECDSA_DATA_free 3321 EXIST::FUNCTION:ECDSA -EC_METHOD_get_field_type 3322 EXIST::FUNCTION:EC -EC_GFp_nist_method 3323 EXIST::FUNCTION:EC -X509_CERT_PAIR_it 3324 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_PAIR_it 3324 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -BN_GF2m_mod_sqr_arr 3325 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 3326 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION:ENGINE -BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: -ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH -EC_KEY_generate_key 3330 EXIST::FUNCTION:EC -BN_GF2m_arr2poly 3331 EXIST::FUNCTION: -i2o_ECPublicKey 3332 EXIST::FUNCTION:EC -EC_GROUP_check 3333 EXIST::FUNCTION:EC -d2i_ECPrivateKey_bio 3334 EXIST::FUNCTION:BIO,EC -d2i_ECPrivateKey 3335 EXIST::FUNCTION:EC -ASN1_item_ndef_i2d 3336 EXIST::FUNCTION: -i2d_PKCS7_NDEF 3337 EXIST::FUNCTION: -EC_GROUP_get_degree 3338 EXIST::FUNCTION:EC -ASN1_generate_v3 3339 EXIST::FUNCTION: -BN_GF2m_add 3340 EXIST::FUNCTION: -X509_CERT_PAIR_free 3341 EXIST::FUNCTION: -BN_nist_mod_224 3342 EXIST::FUNCTION: -i2d_EC_PUBKEY_bio 3343 EXIST::FUNCTION:BIO,EC -EC_GROUP_get_asn1_flag 3344 EXIST::FUNCTION:EC -ECDH_get_ex_new_index 3345 EXIST::FUNCTION:ECDH -ECDH_size 3346 NOEXIST::FUNCTION: -BN_GF2m_mod_inv 3347 EXIST::FUNCTION: -BN_GF2m_mod_exp 3348 EXIST::FUNCTION: -EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC -ecdsa_check 3350 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_div_arr 3351 EXIST::FUNCTION: -ENGINE_set_ECDSA 3352 EXIST::FUNCTION:ENGINE -ECPKParameters_print 3353 EXIST::FUNCTION:BIO,EC -PEM_write_EC_PUBKEY 3354 EXIST:!WIN16:FUNCTION:EC -ECDH_set_method 3355 EXIST::FUNCTION:ECDH -ECDH_set_ex_data 3356 EXIST::FUNCTION:ECDH -BN_nist_mod_521 3357 EXIST::FUNCTION: -EC_GROUP_set_point_conversion_form 3358 EXIST:!VMS:FUNCTION:EC -EC_GROUP_set_point_conv_form 3358 EXIST:VMS:FUNCTION:EC -PEM_read_EC_PUBKEY 3359 EXIST:!WIN16:FUNCTION:EC -i2d_ECDSA_SIG 3360 EXIST::FUNCTION:ECDSA -ECDSA_OpenSSL 3361 EXIST::FUNCTION:ECDSA -ECDSA_set_default_method 3362 EXIST::FUNCTION:ECDSA -EC_POINT_set_compressed_coordinates_GF2m 3363 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GF2m 3363 EXIST:VMS:FUNCTION:EC -ECDH_DATA_new_method 3364 EXIST::FUNCTION:ECDH -BN_get0_nist_prime_256 3365 EXIST::FUNCTION: -PEM_read_ECPrivateKey 3366 EXIST:!WIN16:FUNCTION:EC -ERR_load_ECDSA_strings 3367 EXIST::FUNCTION:ECDSA -EC_GROUP_get_basis_type 3368 EXIST::FUNCTION:EC -ECDH_DATA_new 3369 EXIST::FUNCTION:ECDH -BN_nist_mod_384 3370 EXIST::FUNCTION: -i2d_X509_CERT_PAIR 3371 EXIST::FUNCTION: -PEM_write_ECPKParameters 3372 EXIST:!WIN16:FUNCTION:EC -ECDH_compute_key 3373 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3374 EXIST::FUNCTION:ENGINE -BN_GF2m_mod_solve_quad 3375 EXIST::FUNCTION: -i2d_ECPrivateKey_fp 3376 EXIST::FUNCTION:EC,FP_API -ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION:ENGINE -EC_POINT_get_affine_coordinates_GF2m 3378 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GF2m 3378 EXIST:VMS:FUNCTION:EC -EC_GROUP_dup 3379 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION:ENGINE -EC_KEY_new 3381 EXIST::FUNCTION:EC -ECDSA_verify 3382 EXIST::FUNCTION:ECDSA -EC_POINT_point2hex 3383 EXIST::FUNCTION:EC -ECDSA_do_verify 3384 EXIST::FUNCTION:ECDSA -d2i_ECPrivateKey_fp 3385 EXIST::FUNCTION:EC,FP_API -PEM_write_ECPrivateKey 3386 EXIST:!WIN16:FUNCTION:EC -PEM_read_ECPKParameters 3387 EXIST:!WIN16:FUNCTION:EC -X509_CERT_PAIR_new 3388 EXIST::FUNCTION: -ECParameters_print_fp 3389 EXIST::FUNCTION:EC,FP_API -ECDH_DATA_free 3390 EXIST::FUNCTION:ECDH -PEM_write_X509_CERT_PAIR 3391 EXIST:!WIN16:FUNCTION: -d2i_X509_CERT_PAIR 3392 EXIST::FUNCTION: -i2d_EC_PUBKEY_fp 3393 EXIST::FUNCTION:EC,FP_API -BN_nist_mod_256 3394 EXIST::FUNCTION: -ECDSA_DATA_new 3395 EXIST::FUNCTION:ECDSA -ECDSA_size 3396 EXIST::FUNCTION:ECDSA -d2i_EC_PUBKEY_bio 3397 EXIST::FUNCTION:BIO,EC -BN_get0_nist_prime_521 3398 EXIST::FUNCTION: -PEM_read_bio_ECPrivateKey 3399 EXIST::FUNCTION:EC -ENGINE_get_ECDH 3400 EXIST::FUNCTION:ENGINE -d2i_ECDSA_SIG 3401 EXIST::FUNCTION:ECDSA -ECDSA_sign 3402 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3403 EXIST::FUNCTION:ENGINE -EVP_ecdsa 3404 EXIST::FUNCTION:SHA -PKCS12_add_cert 3405 EXIST::FUNCTION: -ERR_load_ECDH_strings 3406 EXIST::FUNCTION:ECDH -EC_KEY_dup 3407 EXIST::FUNCTION:EC -ECDSA_set_method 3408 EXIST::FUNCTION:ECDSA -d2i_ECParameters 3409 EXIST::FUNCTION:EC -EC_GF2m_simple_method 3410 EXIST::FUNCTION:EC -ECDSA_set_ex_data 3411 EXIST::FUNCTION:ECDSA -EC_KEY_print 3412 EXIST::FUNCTION:BIO,EC -ECDSA_get_ex_new_index 3413 EXIST::FUNCTION:ECDSA -EC_GROUP_set_asn1_flag 3414 EXIST::FUNCTION:EC -EC_KEY_check_key 3415 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_fp 3416 EXIST::FUNCTION:EC,FP_API -ecdh_check 3417 EXIST::FUNCTION:ECDH -ECDSA_DATA_new_method 3418 EXIST::FUNCTION:ECDSA -PEM_read_bio_X509_CERT_PAIR 3419 EXIST::FUNCTION: -ENGINE_set_default_ECDH 3420 EXIST::FUNCTION:ENGINE -PKCS12_add_key 3421 EXIST::FUNCTION: -DSO_merge 3422 EXIST::FUNCTION: -EC_POINT_hex2point 3423 EXIST::FUNCTION:EC -BN_GF2m_mod_inv_arr 3424 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION:ENGINE -BN_GENCB_call 3426 EXIST::FUNCTION: -BN_is_prime_ex 3427 EXIST::FUNCTION: -RSA_generate_key_ex 3428 EXIST::FUNCTION:RSA -DSA_generate_parameters_ex 3429 EXIST::FUNCTION:DSA -BN_generate_prime_ex 3430 EXIST::FUNCTION: -DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH -BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: -ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE -a2i_IPADDRESS 3434 EXIST::FUNCTION: -ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE -EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC -X509V3_NAME_from_section 3437 EXIST::FUNCTION: -POLICY_MAPPING_it 3438 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPING_it 3438 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_MAPPING_new 3440 EXIST::FUNCTION: -POLICY_MAPPING_free 3441 EXIST::FUNCTION: -POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: -POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: -v2i_GENERAL_NAME_ex 3445 EXIST::FUNCTION: -NAME_CONSTRAINTS_free 3446 EXIST::FUNCTION: -a2i_IPADDRESS_NC 3447 EXIST::FUNCTION: -NAME_CONSTRAINTS_it 3448 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAME_CONSTRAINTS_it 3448 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -NAME_CONSTRAINTS_new 3449 EXIST::FUNCTION: -GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: -GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: -EVP_PKEY_cmp 3453 EXIST::FUNCTION: -X509_REQ_check_private_key 3454 EXIST::FUNCTION: -sk_find_ex 3455 EXIST::FUNCTION: -OBJ_bsearch_ex 3456 EXIST::FUNCTION: -BUF_memdup 3457 EXIST::FUNCTION: -BUF_strndup 3458 EXIST::FUNCTION: -ENGINE_set_STORE 3459 EXIST::FUNCTION:ENGINE -STORE_method_set_list_start_function 3460 EXIST::FUNCTION: -STORE_ATTR_INFO_set_number 3461 EXIST::FUNCTION: -STORE_parse_attrs_start 3462 EXIST::FUNCTION: -STORE_set_method 3463 EXIST::FUNCTION: -STORE_method_get_update_store_function 3464 EXIST::FUNCTION: -STORE_modify_certificate 3465 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_number 3466 EXIST::FUNCTION: -STORE_list_public_key_endp 3467 EXIST::FUNCTION: -STORE_method_set_initialise_function 3468 EXIST::FUNCTION: -STORE_ATTR_INFO_set_dn 3469 EXIST::FUNCTION: -STORE_destroy_method 3470 EXIST::FUNCTION: -ENGINE_unregister_STORE 3471 EXIST::FUNCTION:ENGINE -STORE_ATTR_INFO_get0_number 3472 EXIST::FUNCTION: -STORE_delete_public_key 3473 EXIST::FUNCTION: -STORE_get_public_key 3474 EXIST::FUNCTION: -STORE_get_method 3475 EXIST::FUNCTION: -STORE_parse_attrs_end 3476 EXIST::FUNCTION: -STORE_method_set_store_function 3477 EXIST::FUNCTION: -STORE_ATTR_INFO_in 3478 EXIST::FUNCTION: -STORE_get_number 3479 EXIST::FUNCTION: -STORE_method_set_list_next_function 3480 EXIST::FUNCTION: -STORE_method_get_generate_function 3481 EXIST::FUNCTION: -STORE_method_set_list_end_function 3482 EXIST::FUNCTION: -STORE_list_public_key_start 3483 EXIST::FUNCTION: -STORE_list_crl_endp 3484 EXIST::FUNCTION: -STORE_list_crl_end 3485 EXIST::FUNCTION: -STORE_method_set_ctrl_function 3486 EXIST::FUNCTION: -STORE_list_public_key_end 3487 EXIST::FUNCTION: -STORE_store_crl 3488 EXIST::FUNCTION: -STORE_ctrl 3489 EXIST::FUNCTION: -STORE_ATTR_INFO_compare 3490 EXIST::FUNCTION: -STORE_method_set_generate_function 3491 EXIST::FUNCTION: -STORE_ATTR_INFO_set_cstr 3492 EXIST::FUNCTION: -STORE_list_crl_next 3493 EXIST::FUNCTION: -STORE_method_set_delete_function 3494 EXIST::FUNCTION: -STORE_list_certificate_next 3495 EXIST::FUNCTION: -STORE_method_get_list_next_function 3496 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_dn 3497 EXIST::FUNCTION: -STORE_list_private_key_next 3498 EXIST::FUNCTION: -STORE_ATTR_INFO_free 3499 EXIST::FUNCTION: -STORE_get_private_key 3500 EXIST::FUNCTION: -STORE_ATTR_INFO_new 3501 EXIST::FUNCTION: -STORE_method_set_revoke_function 3502 EXIST::FUNCTION: -STORE_store_number 3503 EXIST::FUNCTION: -STORE_revoke_public_key 3504 EXIST::FUNCTION: -STORE_list_certificate_start 3505 EXIST::FUNCTION: -ERR_load_STORE_strings 3506 EXIST::FUNCTION: -STORE_list_private_key_end 3507 EXIST::FUNCTION: -STORE_modify_private_key 3508 EXIST::FUNCTION: -STORE_method_set_modify_function 3509 EXIST::FUNCTION: -STORE_parse_attrs_next 3510 EXIST::FUNCTION: -STORE_method_get_revoke_function 3511 EXIST::FUNCTION: -STORE_method_set_get_function 3512 EXIST::FUNCTION: -STORE_modify_number 3513 EXIST::FUNCTION: -STORE_method_get_store_function 3514 EXIST::FUNCTION: -STORE_store_private_key 3515 EXIST::FUNCTION: -STORE_Memory 3516 EXIST::FUNCTION: -STORE_method_get_get_function 3517 EXIST::FUNCTION: -STORE_method_set_cleanup_function 3518 EXIST::FUNCTION: -STORE_method_get_lock_store_function 3519 EXIST::FUNCTION: -STORE_method_set_update_store_function 3520 EXIST::FUNCTION: -STORE_delete_private_key 3521 EXIST::FUNCTION: -ENGINE_register_all_STORE 3522 EXIST::FUNCTION:ENGINE -STORE_ATTR_INFO_modify_cstr 3523 EXIST::FUNCTION: -STORE_generate_crl 3524 EXIST::FUNCTION: -STORE_store_public_key 3525 EXIST::FUNCTION: -STORE_Directory 3526 NOEXIST::FUNCTION: -STORE_revoke_private_key 3527 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_dn 3528 EXIST::FUNCTION: -STORE_method_get_initialise_function 3529 EXIST::FUNCTION: -STORE_delete_number 3530 EXIST::FUNCTION: -STORE_ATTR_INFO_in_ex 3531 EXIST::FUNCTION: -STORE_list_crl_start 3532 EXIST::FUNCTION: -STORE_method_get_modify_function 3533 EXIST::FUNCTION: -STORE_store_certificate 3534 EXIST::FUNCTION: -STORE_ATTR_INFO_set_sha1str 3535 EXIST::FUNCTION: -STORE_modify_public_key 3536 EXIST::FUNCTION: -STORE_method_get_list_start_function 3537 EXIST::FUNCTION: -STORE_method_set_unlock_store_function 3538 EXIST::FUNCTION: -STORE_create_method 3539 EXIST::FUNCTION: -STORE_generate_key 3540 EXIST::FUNCTION: -STORE_delete_crl 3541 EXIST::FUNCTION: -STORE_revoke_certificate 3542 EXIST::FUNCTION: -STORE_method_get_delete_function 3543 EXIST::FUNCTION: -STORE_parse_attrs_endp 3544 EXIST::FUNCTION: -STORE_list_public_key_next 3545 EXIST::FUNCTION: -STORE_OBJECT_free 3546 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_sha1str 3547 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_cstr 3548 EXIST::FUNCTION: -STORE_get_ex_new_index 3549 EXIST::FUNCTION: -STORE_File 3550 NOEXIST::FUNCTION: -ENGINE_get_STORE 3551 EXIST::FUNCTION:ENGINE -STORE_get_certificate 3552 EXIST::FUNCTION: -STORE_delete_certificate 3553 EXIST::FUNCTION: -STORE_method_get_ctrl_function 3554 EXIST::FUNCTION: -STORE_free 3555 EXIST::FUNCTION: -STORE_method_get_unlock_store_function 3556 EXIST::FUNCTION: -STORE_get_ex_data 3557 EXIST::FUNCTION: -ENGINE_register_STORE 3558 EXIST::FUNCTION:ENGINE -STORE_modify_crl 3559 EXIST::FUNCTION: -STORE_list_private_key_start 3560 EXIST::FUNCTION: -STORE_list_private_key_endp 3561 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_sha1str 3562 EXIST::FUNCTION: -STORE_method_get_cleanup_function 3563 EXIST::FUNCTION: -STORE_set_ex_data 3564 EXIST::FUNCTION: -STORE_OBJECT_new 3565 EXIST::FUNCTION: -STORE_list_certificate_end 3566 EXIST::FUNCTION: -STORE_get_crl 3567 EXIST::FUNCTION: -STORE_method_set_lock_store_function 3568 EXIST::FUNCTION: -STORE_list_certificate_endp 3569 EXIST::FUNCTION: +ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE +ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH +ERR_set_mark 3248 EXIST::FUNCTION: +ENGINE_set_STORE 3249 EXIST::FUNCTION:ENGINE +ENGINE_register_ECDSA 3250 EXIST::FUNCTION:ENGINE +STORE_method_set_list_start_function 3251 EXIST::FUNCTION: +NAME_CONSTRAINTS_free 3252 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3253 EXIST::FUNCTION: +POLICY_MAPPING_it 3254 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPING_it 3254 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_parse_attrs_start 3255 EXIST::FUNCTION: +POLICY_CONSTRAINTS_free 3256 EXIST::FUNCTION: +BN_nist_mod_192 3257 EXIST::FUNCTION: +EC_GROUP_get_trinomial_basis 3258 EXIST::FUNCTION:EC +STORE_set_method 3259 EXIST::FUNCTION: +GENERAL_SUBTREE_free 3260 EXIST::FUNCTION: +NAME_CONSTRAINTS_it 3261 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAME_CONSTRAINTS_it 3261 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_get_default_method 3262 EXIST::FUNCTION:ECDH +PKCS12_add_safe 3263 EXIST::FUNCTION: +STORE_method_get_update_store_function 3264 EXIST::FUNCTION: +ENGINE_register_ECDH 3265 EXIST::FUNCTION:ENGINE +i2d_ECPrivateKey 3266 EXIST::FUNCTION:EC +BN_get0_nist_prime_192 3267 EXIST::FUNCTION: +STORE_modify_certificate 3268 EXIST::FUNCTION: +EC_POINT_set_affine_coordinates_GF2m 3269 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_affine_coords_GF2m 3269 EXIST:VMS:FUNCTION:EC +BN_GF2m_mod_exp_arr 3270 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3271 EXIST::FUNCTION: +X509_keyid_get0 3272 EXIST::FUNCTION: +EC_GROUP_new_by_nid 3273 EXIST::FUNCTION:EC +ENGINE_load_gmp 3274 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +BN_GF2m_mod_mul_arr 3275 EXIST::FUNCTION: +STORE_list_public_key_endp 3276 EXIST::FUNCTION: +o2i_ECPublicKey 3277 EXIST::FUNCTION:EC +EC_KEY_copy 3278 EXIST::FUNCTION:EC +EC_GROUP_check_discriminant 3279 EXIST::FUNCTION:EC +i2o_ECPublicKey 3280 EXIST::FUNCTION:EC +a2i_IPADDRESS 3281 EXIST::FUNCTION: +STORE_method_set_initialise_function 3282 EXIST::FUNCTION: +EC_POINT_point2bn 3283 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_dn 3284 EXIST::FUNCTION: +EC_GROUP_new_curve_GF2m 3285 EXIST::FUNCTION:EC +STORE_destroy_method 3286 EXIST::FUNCTION: +ENGINE_unregister_STORE 3287 EXIST::FUNCTION:ENGINE +EVP_PKEY_get1_EC_KEY 3288 EXIST::FUNCTION:EC +STORE_ATTR_INFO_get0_number 3289 EXIST::FUNCTION: +ENGINE_get_default_ECDH 3290 EXIST::FUNCTION:ENGINE +ASN1_OCTET_STRING_NDEF_it 3291 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_OCTET_STRING_NDEF_it 3291 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_delete_public_key 3292 EXIST::FUNCTION: +STORE_get_public_key 3293 EXIST::FUNCTION: +STORE_modify_arbitrary 3294 EXIST::FUNCTION: +ENGINE_get_static_state 3295 EXIST::FUNCTION:ENGINE +ECDSA_SIG_new 3296 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_sqr 3297 EXIST::FUNCTION: +EC_POINT_bn2point 3298 EXIST::FUNCTION:EC +STORE_get_method 3299 EXIST::FUNCTION: +STORE_parse_attrs_end 3300 EXIST::FUNCTION: +EC_GROUP_get_point_conversion_form 3301 EXIST:!VMS:FUNCTION:EC +EC_GROUP_get_point_conv_form 3301 EXIST:VMS:FUNCTION:EC +STORE_method_set_store_function 3302 EXIST::FUNCTION: +STORE_ATTR_INFO_in 3303 EXIST::FUNCTION: +PEM_read_bio_ECPKParameters 3304 EXIST::FUNCTION:EC +EC_GROUP_get_pentanomial_basis 3305 EXIST::FUNCTION:EC +EC_GROUP_get_nid 3306 EXIST::FUNCTION:EC +STORE_get_number 3307 EXIST::FUNCTION: +ECDSA_sign_setup 3308 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_solve_quad_arr 3309 EXIST::FUNCTION: +EC_KEY_up_ref 3310 EXIST::FUNCTION:EC +POLICY_MAPPING_free 3311 EXIST::FUNCTION: +BN_GF2m_mod_div 3312 EXIST::FUNCTION: +EC_KEY_free 3313 EXIST::FUNCTION:EC +STORE_method_set_list_next_function 3314 EXIST::FUNCTION: +PEM_write_bio_ECPrivateKey 3315 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 3316 EXIST::FUNCTION:EC +STORE_method_get_generate_function 3317 EXIST::FUNCTION: +STORE_method_set_list_end_function 3318 EXIST::FUNCTION: +EC_GROUP_have_precompute_mult 3319 EXIST::FUNCTION:EC +EC_KEY_print_fp 3320 EXIST::FUNCTION:EC,FP_API +BN_GF2m_mod_arr 3321 EXIST::FUNCTION: +PEM_write_bio_X509_CERT_PAIR 3322 EXIST::FUNCTION: +EVP_PKEY_cmp 3323 EXIST::FUNCTION: +STORE_new_engine 3324 EXIST::FUNCTION: +STORE_list_public_key_start 3325 EXIST::FUNCTION: +ECDH_get_ex_data 3326 EXIST::FUNCTION:ECDH +ECDSA_do_sign 3327 EXIST::FUNCTION:ECDSA +ENGINE_unregister_ECDH 3328 EXIST::FUNCTION:ENGINE +ECDH_OpenSSL 3329 EXIST::FUNCTION:ECDH +EC_POINT_dup 3330 EXIST::FUNCTION:EC +GENERAL_SUBTREE_new 3331 EXIST::FUNCTION: +STORE_list_crl_endp 3332 EXIST::FUNCTION: +EC_get_builtin_curves 3333 EXIST::FUNCTION:EC +STORE_list_crl_end 3334 EXIST::FUNCTION: +EVP_PKEY_set1_EC_KEY 3335 EXIST::FUNCTION:EC +BN_GF2m_mod_sqrt_arr 3336 EXIST::FUNCTION: +i2d_ECPrivateKey_bio 3337 EXIST::FUNCTION:BIO,EC +ECPKParameters_print_fp 3338 EXIST::FUNCTION:EC,FP_API +ECDSA_SIG_free 3339 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECPKParameters 3340 EXIST::FUNCTION:EC +STORE_method_set_ctrl_function 3341 EXIST::FUNCTION: +STORE_list_public_key_end 3342 EXIST::FUNCTION: +EC_GROUP_set_nid 3343 EXIST::FUNCTION:EC +STORE_get_arbitrary 3344 EXIST::FUNCTION: +STORE_store_crl 3345 EXIST::FUNCTION: +PKCS12_add_safes 3346 EXIST::FUNCTION: +BN_GF2m_poly2arr 3347 EXIST::FUNCTION: +STORE_ctrl 3348 EXIST::FUNCTION: +STORE_ATTR_INFO_compare 3349 EXIST::FUNCTION: +BN_get0_nist_prime_224 3350 EXIST::FUNCTION: +i2d_ECParameters 3351 EXIST::FUNCTION:EC +i2d_ECPKParameters 3352 EXIST::FUNCTION:EC +BN_GENCB_call 3353 EXIST::FUNCTION: +BN_ncopy 3354 EXIST::FUNCTION: +d2i_ECPKParameters 3355 EXIST::FUNCTION:EC +STORE_method_set_generate_function 3356 EXIST::FUNCTION: +ENGINE_set_ECDH 3357 EXIST::FUNCTION:ENGINE +NAME_CONSTRAINTS_new 3358 EXIST::FUNCTION: +PEM_write_bio_EC_PUBKEY 3359 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_cstr 3360 EXIST::FUNCTION: +STORE_list_crl_next 3361 EXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3362 EXIST::FUNCTION: +ECParameters_print 3363 EXIST::FUNCTION:BIO,EC +STORE_method_set_delete_function 3364 EXIST::FUNCTION: +STORE_list_certificate_next 3365 EXIST::FUNCTION: +ASN1_generate_nconf 3366 EXIST::FUNCTION: +BUF_memdup 3367 EXIST::FUNCTION: +BN_GF2m_mod_mul 3368 EXIST::FUNCTION: +STORE_method_get_list_next_function 3369 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_dn 3370 EXIST::FUNCTION: +STORE_list_private_key_next 3371 EXIST::FUNCTION: +EC_GROUP_set_seed 3372 EXIST::FUNCTION:EC +STORE_ATTR_INFO_free 3373 EXIST::FUNCTION: +STORE_get_private_key 3374 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3375 EXIST::FUNCTION: +EC_GROUP_get_curve_GF2m 3376 EXIST::FUNCTION:EC +STORE_method_set_revoke_function 3377 EXIST::FUNCTION: +STORE_store_number 3378 EXIST::FUNCTION: +BN_is_prime_ex 3379 EXIST::FUNCTION: +STORE_revoke_public_key 3380 EXIST::FUNCTION: +STORE_delete_arbitrary 3381 EXIST::FUNCTION: +PEM_read_X509_CERT_PAIR 3382 EXIST:!WIN16:FUNCTION: +ECDSA_get_ex_data 3383 EXIST::FUNCTION:ECDSA +BUF_strndup 3384 EXIST::FUNCTION: +STORE_list_certificate_start 3385 EXIST::FUNCTION: +BN_GF2m_mod 3386 EXIST::FUNCTION: +X509_REQ_check_private_key 3387 EXIST::FUNCTION: +EC_GROUP_get_seed_len 3388 EXIST::FUNCTION:EC +ERR_load_STORE_strings 3389 EXIST::FUNCTION: +PEM_read_bio_EC_PUBKEY 3390 EXIST::FUNCTION:EC +STORE_list_private_key_end 3391 EXIST::FUNCTION: +i2d_EC_PUBKEY 3392 EXIST::FUNCTION:EC +ECDSA_get_default_method 3393 EXIST::FUNCTION:ECDSA +ASN1_put_eoc 3394 EXIST::FUNCTION: +ECDSA_DATA_free 3395 EXIST::FUNCTION:ECDSA +STORE_modify_private_key 3396 EXIST::FUNCTION: +EC_METHOD_get_field_type 3397 EXIST::FUNCTION:EC +EC_GFp_nist_method 3398 EXIST::FUNCTION:EC +STORE_method_set_modify_function 3399 EXIST::FUNCTION: +STORE_parse_attrs_next 3400 EXIST::FUNCTION: +X509_CERT_PAIR_it 3401 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_CERT_PAIR_it 3401 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_method_get_revoke_function 3402 EXIST::FUNCTION: +STORE_method_set_get_function 3403 EXIST::FUNCTION: +STORE_modify_number 3404 EXIST::FUNCTION: +STORE_method_get_store_function 3405 EXIST::FUNCTION: +STORE_store_private_key 3406 EXIST::FUNCTION: +BN_GF2m_mod_sqr_arr 3407 EXIST::FUNCTION: +STORE_Memory 3408 EXIST::FUNCTION: +sk_find_ex 3409 EXIST::FUNCTION: +EC_GROUP_set_curve_GF2m 3410 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3411 EXIST::FUNCTION:ENGINE +POLICY_CONSTRAINTS_new 3412 EXIST::FUNCTION: +BN_GF2m_mod_sqrt 3413 EXIST::FUNCTION: +ECDH_set_default_method 3414 EXIST::FUNCTION:ECDH +EC_KEY_generate_key 3415 EXIST::FUNCTION:EC +BN_GF2m_arr2poly 3416 EXIST::FUNCTION: +STORE_method_get_get_function 3417 EXIST::FUNCTION: +STORE_method_set_cleanup_function 3418 EXIST::FUNCTION: +EC_GROUP_check 3419 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3420 EXIST::FUNCTION:BIO,EC +STORE_method_get_lock_store_function 3421 EXIST::FUNCTION: +STORE_method_set_update_store_function 3422 EXIST::FUNCTION: +d2i_ECPrivateKey 3423 EXIST::FUNCTION:EC +ASN1_item_ndef_i2d 3424 EXIST::FUNCTION: +STORE_delete_private_key 3425 EXIST::FUNCTION: +ERR_pop_to_mark 3426 EXIST::FUNCTION: +ENGINE_register_all_STORE 3427 EXIST::FUNCTION:ENGINE +i2d_PKCS7_NDEF 3428 EXIST::FUNCTION: +EC_GROUP_get_degree 3429 EXIST::FUNCTION:EC +ASN1_generate_v3 3430 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_cstr 3431 EXIST::FUNCTION: +BN_GF2m_add 3432 EXIST::FUNCTION: +STORE_generate_crl 3433 EXIST::FUNCTION: +STORE_store_public_key 3434 EXIST::FUNCTION: +X509_CERT_PAIR_free 3435 EXIST::FUNCTION: +STORE_revoke_private_key 3436 EXIST::FUNCTION: +BN_nist_mod_224 3437 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_dn 3438 EXIST::FUNCTION: +STORE_method_get_initialise_function 3439 EXIST::FUNCTION: +STORE_delete_number 3440 EXIST::FUNCTION: +i2d_EC_PUBKEY_bio 3441 EXIST::FUNCTION:BIO,EC +EC_GROUP_get_asn1_flag 3442 EXIST::FUNCTION:EC +STORE_ATTR_INFO_in_ex 3443 EXIST::FUNCTION: +STORE_list_crl_start 3444 EXIST::FUNCTION: +ECDH_get_ex_new_index 3445 EXIST::FUNCTION:ECDH +STORE_method_get_modify_function 3446 EXIST::FUNCTION: +STORE_store_certificate 3447 EXIST::FUNCTION: +OBJ_bsearch_ex 3448 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3449 EXIST::FUNCTION: +BN_GF2m_mod_inv 3450 EXIST::FUNCTION: +BN_GF2m_mod_exp 3451 EXIST::FUNCTION: +STORE_modify_public_key 3452 EXIST::FUNCTION: +STORE_method_get_list_start_function 3453 EXIST::FUNCTION: +EC_GROUP_get0_seed 3454 EXIST::FUNCTION:EC +ecdsa_check 3455 EXIST::FUNCTION:ECDSA +STORE_store_arbitrary 3456 EXIST::FUNCTION: +STORE_method_set_unlock_store_function 3457 EXIST::FUNCTION: +BN_GF2m_mod_div_arr 3458 EXIST::FUNCTION: +ENGINE_set_ECDSA 3459 EXIST::FUNCTION:ENGINE +STORE_create_method 3460 EXIST::FUNCTION: +ECPKParameters_print 3461 EXIST::FUNCTION:BIO,EC +PEM_write_EC_PUBKEY 3462 EXIST:!WIN16:FUNCTION:EC +ECDH_set_method 3463 EXIST::FUNCTION:ECDH +v2i_GENERAL_NAME_ex 3464 EXIST::FUNCTION: +ECDH_set_ex_data 3465 EXIST::FUNCTION:ECDH +STORE_generate_key 3466 EXIST::FUNCTION: +BN_nist_mod_521 3467 EXIST::FUNCTION: +EC_GROUP_set_point_conversion_form 3468 EXIST:!VMS:FUNCTION:EC +EC_GROUP_set_point_conv_form 3468 EXIST:VMS:FUNCTION:EC +PEM_read_EC_PUBKEY 3469 EXIST:!WIN16:FUNCTION:EC +i2d_ECDSA_SIG 3470 EXIST::FUNCTION:ECDSA +ECDSA_OpenSSL 3471 EXIST::FUNCTION:ECDSA +STORE_delete_crl 3472 EXIST::FUNCTION: +ECDSA_set_default_method 3473 EXIST::FUNCTION:ECDSA +EC_POINT_set_compressed_coordinates_GF2m 3474 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_compr_coords_GF2m 3474 EXIST:VMS:FUNCTION:EC +EC_GROUP_cmp 3475 EXIST::FUNCTION:EC +STORE_revoke_certificate 3476 EXIST::FUNCTION: +ECDH_DATA_new_method 3477 EXIST::FUNCTION:ECDH +BN_get0_nist_prime_256 3478 EXIST::FUNCTION: +STORE_method_get_delete_function 3479 EXIST::FUNCTION: +PEM_read_ECPrivateKey 3480 EXIST:!WIN16:FUNCTION:EC +STORE_parse_attrs_endp 3481 EXIST::FUNCTION: +ERR_load_ECDSA_strings 3482 EXIST::FUNCTION:ECDSA +EC_GROUP_get_basis_type 3483 EXIST::FUNCTION:EC +ECDH_DATA_new 3484 EXIST::FUNCTION:ECDH +STORE_list_public_key_next 3485 EXIST::FUNCTION: +STORE_OBJECT_free 3486 EXIST::FUNCTION: +BN_nist_mod_384 3487 EXIST::FUNCTION: +i2d_X509_CERT_PAIR 3488 EXIST::FUNCTION: +PEM_write_ECPKParameters 3489 EXIST:!WIN16:FUNCTION:EC +ECDH_compute_key 3490 EXIST::FUNCTION:ECDH +STORE_ATTR_INFO_get0_sha1str 3491 EXIST::FUNCTION: +ENGINE_register_all_ECDH 3492 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_get0_cstr 3493 EXIST::FUNCTION: +POLICY_CONSTRAINTS_it 3494 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_CONSTRAINTS_it 3494 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_get_ex_new_index 3495 EXIST::FUNCTION: +BN_GF2m_mod_solve_quad 3496 EXIST::FUNCTION: +i2d_ECPrivateKey_fp 3497 EXIST::FUNCTION:EC,FP_API +ENGINE_register_all_ECDSA 3498 EXIST::FUNCTION:ENGINE +EC_POINT_get_affine_coordinates_GF2m 3499 EXIST:!VMS:FUNCTION:EC +EC_POINT_get_affine_coords_GF2m 3499 EXIST:VMS:FUNCTION:EC +EC_GROUP_dup 3500 EXIST::FUNCTION:EC +ENGINE_get_default_ECDSA 3501 EXIST::FUNCTION:ENGINE +EC_KEY_new 3502 EXIST::FUNCTION:EC +ECDSA_verify 3503 EXIST::FUNCTION:ECDSA +EC_POINT_point2hex 3504 EXIST::FUNCTION:EC +ENGINE_get_STORE 3505 EXIST::FUNCTION:ENGINE +STORE_get_certificate 3506 EXIST::FUNCTION: +ECDSA_do_verify 3507 EXIST::FUNCTION:ECDSA +d2i_ECPrivateKey_fp 3508 EXIST::FUNCTION:EC,FP_API +STORE_delete_certificate 3509 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3510 EXIST::FUNCTION: +STORE_free 3511 EXIST::FUNCTION: +PEM_write_ECPrivateKey 3512 EXIST:!WIN16:FUNCTION:EC +STORE_method_get_unlock_store_function 3513 EXIST::FUNCTION: +STORE_get_ex_data 3514 EXIST::FUNCTION: +PEM_read_ECPKParameters 3515 EXIST:!WIN16:FUNCTION:EC +X509_CERT_PAIR_new 3516 EXIST::FUNCTION: +ENGINE_register_STORE 3517 EXIST::FUNCTION:ENGINE +RSA_generate_key_ex 3518 EXIST::FUNCTION:RSA +DSA_generate_parameters_ex 3519 EXIST::FUNCTION:DSA +ECParameters_print_fp 3520 EXIST::FUNCTION:EC,FP_API +X509V3_NAME_from_section 3521 EXIST::FUNCTION: +STORE_modify_crl 3522 EXIST::FUNCTION: +STORE_list_private_key_start 3523 EXIST::FUNCTION: +POLICY_MAPPINGS_it 3524 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPINGS_it 3524 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_it 3525 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +GENERAL_SUBTREE_it 3525 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_DATA_free 3526 EXIST::FUNCTION:ECDH +PEM_write_X509_CERT_PAIR 3527 EXIST:!WIN16:FUNCTION: +d2i_X509_CERT_PAIR 3528 EXIST::FUNCTION: +STORE_list_private_key_endp 3529 EXIST::FUNCTION: +i2d_EC_PUBKEY_fp 3530 EXIST::FUNCTION:EC,FP_API +BN_nist_mod_256 3531 EXIST::FUNCTION: +ECDSA_DATA_new 3532 EXIST::FUNCTION:ECDSA +ECDSA_size 3533 EXIST::FUNCTION:ECDSA +d2i_EC_PUBKEY_bio 3534 EXIST::FUNCTION:BIO,EC +BN_get0_nist_prime_521 3535 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3536 EXIST::FUNCTION: +BN_generate_prime_ex 3537 EXIST::FUNCTION: +DH_generate_parameters_ex 3538 EXIST::FUNCTION:DH +PEM_read_bio_ECPrivateKey 3539 EXIST::FUNCTION:EC +STORE_method_get_cleanup_function 3540 EXIST::FUNCTION: +ENGINE_get_ECDH 3541 EXIST::FUNCTION:ENGINE +d2i_ECDSA_SIG 3542 EXIST::FUNCTION:ECDSA +BN_is_prime_fasttest_ex 3543 EXIST::FUNCTION: +ECDSA_sign 3544 EXIST::FUNCTION:ECDSA +STORE_set_ex_data 3545 EXIST::FUNCTION: +ENGINE_get_ECDSA 3546 EXIST::FUNCTION:ENGINE +EVP_ecdsa 3547 EXIST::FUNCTION:SHA +PKCS12_add_cert 3548 EXIST::FUNCTION: +STORE_OBJECT_new 3549 EXIST::FUNCTION: +ERR_load_ECDH_strings 3550 EXIST::FUNCTION:ECDH +EC_KEY_dup 3551 EXIST::FUNCTION:EC +ECDSA_set_method 3552 EXIST::FUNCTION:ECDSA +a2i_IPADDRESS_NC 3553 EXIST::FUNCTION: +d2i_ECParameters 3554 EXIST::FUNCTION:EC +STORE_list_certificate_end 3555 EXIST::FUNCTION: +STORE_get_crl 3556 EXIST::FUNCTION: +EC_GF2m_simple_method 3557 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3558 EXIST::FUNCTION:ECDSA +EC_KEY_print 3559 EXIST::FUNCTION:BIO,EC +STORE_method_set_lock_store_function 3560 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3561 EXIST::FUNCTION:ECDSA +POLICY_MAPPING_new 3562 EXIST::FUNCTION: +STORE_list_certificate_endp 3563 EXIST::FUNCTION: +EC_GROUP_set_asn1_flag 3564 EXIST::FUNCTION:EC +EC_KEY_check_key 3565 EXIST::FUNCTION:EC +d2i_EC_PUBKEY_fp 3566 EXIST::FUNCTION:EC,FP_API +ecdh_check 3567 EXIST::FUNCTION:ECDH +ECDSA_DATA_new_method 3568 EXIST::FUNCTION:ECDSA +PEM_read_bio_X509_CERT_PAIR 3569 EXIST::FUNCTION: STORE_method_get_list_end_function 3570 EXIST::FUNCTION: -STORE_new_method 3571 EXIST::FUNCTION: -STORE_modify_arbitrary 3572 EXIST::FUNCTION: -STORE_get_arbitrary 3573 EXIST::FUNCTION: -STORE_delete_arbitrary 3574 EXIST::FUNCTION: -STORE_store_arbitrary 3575 EXIST::FUNCTION: -STORE_new_engine 3576 EXIST::FUNCTION: -ERR_set_mark 3577 EXIST::FUNCTION: -ERR_pop_to_mark 3578 EXIST::FUNCTION: -STORE_ATTR_INFO_in_range 3579 EXIST::FUNCTION: +ENGINE_set_default_ECDH 3571 EXIST::FUNCTION:ENGINE +STORE_new_method 3572 EXIST::FUNCTION: +PKCS12_add_key 3573 EXIST::FUNCTION: +DSO_merge 3574 EXIST::FUNCTION: +EC_POINT_hex2point 3575 EXIST::FUNCTION:EC +BN_GF2m_mod_inv_arr 3576 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3577 EXIST::FUNCTION:ENGINE From c798868d9669d4de7906e76814701b503da663ce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 28 Sep 2003 14:06:57 +0000 Subject: [PATCH 410/550] Further VxWorks changes from Bob Bradley , this time involving VxWorks on MIPS --- Configure | 3 ++- e_os.h | 11 +++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/Configure b/Configure index a41c43124..b710e6eb5 100755 --- a/Configure +++ b/Configure @@ -560,7 +560,8 @@ my %table=( "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", -"vxworks-ppc860","ccppc:-g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", diff --git a/e_os.h b/e_os.h index aad0a7eae..6b75bbe15 100644 --- a/e_os.h +++ b/e_os.h @@ -174,6 +174,13 @@ extern "C" { #define closesocket(s) close(s) #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) +#elif defined(OPENSSL_SYS_VXWORKS) +#define get_last_socket_error() errno +#define clear_socket_error() errno=0 +#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +#define closesocket(s) close(s) +#define readsocket(s,b,n) read((s),(b),(n)) +#define writesocket(s,b,n) write((s),(char *)(b),(n)) #else #define get_last_socket_error() errno #define clear_socket_error() errno=0 @@ -538,10 +545,6 @@ extern char *sys_errlist[]; extern int sys_nerr; #define TTY_STRUCT int #define sleep(a) taskDelay((a) * sysClkRateGet()) -#if defined(ioctlsocket) -#undef ioctlsocket -#endif -#define ioctlsocket(a,b,c) ioctl((a),(b),*(int*)(c)) #include #include From 299024498004473a58e780cdf8ec83e85a04f807 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 30 Sep 2003 16:47:33 +0000 Subject: [PATCH 411/550] ASN1 parse fix and release file changes. --- CHANGES | 36 ++++++++++++++++++++++++++++++++++-- FAQ | 2 +- NEWS | 17 ++++++++++++++++- crypto/asn1/asn1_lib.c | 2 ++ crypto/asn1/tasn_dec.c | 9 ++++++++- crypto/x509/x509_vfy.c | 2 +- 6 files changed, 62 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 5e68e6247..1ecb0b440 100644 --- a/CHANGES +++ b/CHANGES @@ -555,7 +555,19 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. @@ -2530,7 +2542,27 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] - Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + Changes between 0.9.6j and 0.9.6k [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 diff --git a/FAQ b/FAQ index 1b129bc5a..ca5683def 100644 --- a/FAQ +++ b/FAQ @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.7a was released on February 19, 2003. +OpenSSL 0.9.7c was released on September 30, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 75bbafacd..e5774fef4 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -692,6 +692,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; @@ -706,6 +707,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { @@ -797,7 +799,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: - if(!ret) ASN1_TYPE_free(typ); + if(!ret) + { + ASN1_TYPE_free(typ); + if (opval) + *opval = NULL; + } return ret; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f60054bd3..2bb21b443 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } - if (X509_verify(xs,pkey) <= 0) + else if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be From d90e74c50c0c2266077fda57cf3d36c6927146eb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Sep 2003 17:22:19 +0000 Subject: [PATCH 412/550] Correct buggy PODs (missing commas and a prepended space). --- doc/crypto/EVP_BytesToKey.pod | 2 +- doc/crypto/EVP_DigestInit.pod | 2 +- doc/crypto/ui.pod | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index 5ce4add08..016381f3e 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -2,7 +2,7 @@ =head1 NAME - EVP_BytesToKey - password based encryption routine +EVP_BytesToKey - password based encryption routine =head1 SYNOPSIS diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 5901c3952..1cb315e73 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -4,7 +4,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod index 2b3535a74..6df68d604 100644 --- a/doc/crypto/ui.pod +++ b/doc/crypto/ui.pod @@ -5,7 +5,7 @@ UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, -UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface From eeff6bb6b34faa239e143bc2368a2c1f270172bb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Sep 2003 17:31:48 +0000 Subject: [PATCH 413/550] Correct incorrect mode bits change. --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index ae871aad8..8f278cd96 100644 --- a/Makefile.org +++ b/Makefile.org @@ -554,7 +554,7 @@ install: all install_docs fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ From 9ad82c123a4d9b6d90904e741c0aaa7130db335f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:02:45 +0000 Subject: [PATCH 414/550] Use correct case for manual page references --- doc/crypto/des.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 528c73aca..6f0cf1cc5 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -283,7 +283,7 @@ DES_cbc_encrypt is used. =head1 NOTES Single-key DES is insecure due to its short key size. ECB mode is -not suitable for most applications; see L. +not suitable for most applications; see L. The L library provides higher-level encryption functions. From aed29ce5eaaea7460c3c43c1006e4fdc3a4c6e51 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:03:15 +0000 Subject: [PATCH 415/550] Avoid 'file names' with spaces --- Makefile.org | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile.org b/Makefile.org index 8f278cd96..cc8233ac4 100644 --- a/Makefile.org +++ b/Makefile.org @@ -595,6 +595,8 @@ install_docs: > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ + grep -v "[ ]" | \ + grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ From 4d8148fa98145847aacd8feea593823c2386b1b0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:04:13 +0000 Subject: [PATCH 416/550] Remove leading and trailing spaces and tabs --- util/extract-names.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/extract-names.pl b/util/extract-names.pl index 9f2ad5ef1..744a8e232 100644 --- a/util/extract-names.pl +++ b/util/extract-names.pl @@ -10,6 +10,8 @@ while() { if (/ - /) { s/ - .*//; s/,[ \t]+/,/g; + s/^[ \t]+//g; + s/[ \t]+$//g; push @words, split ','; } } From c076599c1826407050d60db88a35d56d36658769 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 15:06:36 +0000 Subject: [PATCH 417/550] Corrected misplacement of one of the greps... --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index cc8233ac4..b7f15587e 100644 --- a/Makefile.org +++ b/Makefile.org @@ -579,6 +579,7 @@ install_docs: > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ + grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ @@ -596,7 +597,6 @@ install_docs: $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ grep -v "[ ]" | \ - grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ From cf89b40584aa882a963e8b5a86d8c3789fc4c8e2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Oct 2003 20:43:03 +0000 Subject: [PATCH 418/550] Include e_os.h to get a proper definition of memmove on the platforms that do not have it. --- crypto/des/cfb_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 17bf77ca9..136efba95 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include "e_os.h" #include "des_locl.h" /* The input and output are loaded in multiples of 8 bits. From f6e8c19ed12b9ac7ebd6971a94c9e4e0d5f48b49 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 2 Oct 2003 10:38:44 +0000 Subject: [PATCH 419/550] Correct a mixup of return values --- ssl/ssl_ciph.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index f175dc875..cfce88846 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1188,11 +1188,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) OPENSSL_free(comp); MemCheck_on(); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); - return(0); + return(1); } else { MemCheck_on(); - return(1); + return(0); } } From f82ab534c68e49b8014a2e220dd25d3ca177612a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 2 Oct 2003 10:41:48 +0000 Subject: [PATCH 420/550] Check for errors from SSL_COMP_add_compression_method(). Notified by Andrew Marlow --- ssl/ssltest.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 7bb415200..0c684604c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -594,7 +594,14 @@ bad: if (cm != NULL) { if (cm->type != NID_undef) - SSL_COMP_add_compression_method(comp, cm); + { + if (SSL_COMP_add_compression_method(comp, cm) != 0) + { + fprintf(stderr, + "Failed to add compression method\n"); + ERR_print_errors_fp(stderr); + } + } else { fprintf(stderr, From 6895cca89d47b30708e41da5a7f86277f526cbe6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 4 Oct 2003 09:09:19 +0000 Subject: [PATCH 421/550] Remove unused code, don't use zlib functions that are really macros and provide missing prototypes. --- crypto/comp/c_zlib.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 3bcb7c960..c3167fcea 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -30,6 +30,7 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, @@ -48,6 +49,7 @@ static COMP_METHOD zlib_stateless_method={ NULL, NULL, }; +#endif static COMP_METHOD zlib_stateful_method={ NID_zlib_compression, @@ -79,12 +81,18 @@ static COMP_METHOD zlib_stateful_method={ #include /* Prototypes for built in stubs */ +#if 0 static int stub_compress(Bytef *dest,uLongf *destLen, const Bytef *source, uLong sourceLen); +#endif static int stub_inflateEnd(z_streamp strm); static int stub_inflate(z_streamp strm, int flush); static int stub_inflateInit_(z_streamp strm, const char * version, int stream_size); +static int stub_deflateEnd(z_streamp strm); +static int stub_deflate(z_streamp strm, int flush); +static int stub_deflateInit_(z_streamp strm, int level, + const char * version, int stream_size); /* Function pointers */ typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, @@ -111,11 +119,9 @@ static DSO *zlib_dso = NULL; #define compress stub_compress #define inflateEnd stub_inflateEnd #define inflate stub_inflate -#define inflateInit stub_inflateInit #define inflateInit_ stub_inflateInit_ #define deflateEnd stub_deflateEnd #define deflate stub_deflate -#define deflateInit stub_deflateInit #define deflateInit_ stub_deflateInit_ #endif /* ZLIB_SHARED */ @@ -152,7 +158,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) state->istream.next_out = Z_NULL; state->istream.avail_in = 0; state->istream.avail_out = 0; - err = inflateInit(&state->istream); + err = inflateInit_(&state->istream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; @@ -163,7 +170,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) state->ostream.next_out = Z_NULL; state->ostream.avail_in = 0; state->ostream.avail_out = 0; - err = deflateInit(&state->ostream,Z_DEFAULT_COMPRESSION); + err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; @@ -243,6 +251,7 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, return olen - state->istream.avail_out; } +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen) { @@ -319,7 +328,8 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; - err = inflateInit(&stream); + err = inflateInit_(&stream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) return err; err = inflate(&stream, Z_FINISH); @@ -332,6 +342,7 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, err = inflateEnd(&stream); return err; } +#endif #endif @@ -383,6 +394,7 @@ COMP_METHOD *COMP_zlib(void) } #ifdef ZLIB_SHARED +#if 0 /* Stubs for each function to be dynamicly loaded */ static int stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) @@ -392,6 +404,7 @@ stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) else return(Z_MEM_ERROR); } +#endif static int stub_inflateEnd(z_streamp strm) @@ -443,7 +456,7 @@ stub_deflateInit_(z_streamp strm, int level, const char * version, int stream_size) { if ( p_deflateInit_ ) - return(p_deflateInit_(strm,version,stream_size)); + return(p_deflateInit_(strm,level,version,stream_size)); else return(Z_MEM_ERROR); } From c40b9bdefb59be7e640cd7a10bfd2fa26ea1fe7b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 09:09:44 +0000 Subject: [PATCH 422/550] Setting the ex_data index is unsafe in a threaded environment, so let's wrap it with a lock. --- crypto/comp/c_zlib.c | 9 ++++++--- crypto/cryptlib.c | 3 ++- crypto/crypto.h | 3 ++- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index c3167fcea..7553a2d10 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -178,9 +178,12 @@ static int zlib_stateful_init(COMP_CTX *ctx) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); if (zlib_stateful_ex_idx == -1) { - zlib_stateful_ex_idx = - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, - 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_lock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, + 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); if (zlib_stateful_ex_idx == -1) goto err; } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 9c38f15ab..009c3be4c 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -168,7 +168,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "bn", "ec_pre_comp", "store", -#if CRYPTO_NUM_LOCKS != 38 + "comp", +#if CRYPTO_NUM_LOCKS != 39 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto.h b/crypto/crypto.h index dd90cfa55..5238e5306 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -203,7 +203,8 @@ typedef struct openssl_item_st #define CRYPTO_LOCK_BN 35 #define CRYPTO_LOCK_EC_PRE_COMP 36 #define CRYPTO_LOCK_STORE 37 -#define CRYPTO_NUM_LOCKS 38 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_NUM_LOCKS 39 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 From 8242354952ead170335b98b33254ca9a0e836926 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 11:00:15 +0000 Subject: [PATCH 423/550] Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods(). --- crypto/comp/Makefile.ssl | 12 ++++++------ crypto/des/Makefile.ssl | 13 +++++++------ ssl/ssl.h | 3 +++ ssl/ssl_ciph.c | 10 +++++++++- ssl/ssl_err.c | 3 ++- ssl/ssltest.c | 20 +++++++++++++++++--- util/ssleay.num | 1 + 7 files changed, 45 insertions(+), 17 deletions(-) diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index f60c7a1af..5db2412f9 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_zlib.o: c_zlib.c +c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 34ca7acba..73ffab9c8 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -160,12 +160,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64enc.o: cfb64enc.c des_locl.h -cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h +cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h +cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cfb_enc.o: cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/ssl/ssl.h b/ssl/ssl.h index 7cd7ece4c..2d4035090 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, #endif #ifndef OPENSSL_NO_COMP +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else +void *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,char *cm); #endif @@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DUPLICATE_COMPRESSION_ID 1121 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index cfce88846..44b50feff 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) comp->id=id; comp->method=cm; load_builtin_compressions(); - if ((ssl_comp_methods == NULL) + if (ssl_comp_methods + && !sk_SSL_COMP_find(ssl_comp_methods,comp)) + { + OPENSSL_free(comp); + MemCheck_on(); + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); + return(1); + } + else if ((ssl_comp_methods == NULL) || !sk_SSL_COMP_push(ssl_comp_methods,comp)) { OPENSSL_free(comp); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index b9a50b8e6..359ea45b9 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, +{SSL_R_DUPLICATE_COMPRESSION_ID ,"duplicate compression id"}, {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER ,"ecgroup too large for cipher"}, {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, {SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0c684604c..6391cf207 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -164,8 +164,8 @@ /* There is really no standard for this, so let's assign some tentative numbers. In any case, these numbers are only for this test */ -#define COMP_RLE 1 -#define COMP_ZLIB 2 +#define COMP_RLE 255 +#define COMP_ZLIB 1 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA @@ -373,7 +373,7 @@ int main(int argc, char *argv[]) SSL_METHOD *meth=NULL; SSL *c_ssl,*s_ssl; int number=1,reuse=0; - long bytes=1L; + long bytes=256L; #ifndef OPENSSL_NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; @@ -387,6 +387,7 @@ int main(int argc, char *argv[]) clock_t s_time = 0, c_time = 0; int comp = 0; COMP_METHOD *cm = NULL; + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; verbose = 0; debug = 0; @@ -612,6 +613,19 @@ bad: ERR_print_errors_fp(stderr); } } + ssl_comp_methods = SSL_COMP_get_compression_methods(); + fprintf(stderr, "Available compression methods:\n"); + { + int i, n = sk_SSL_COMP_num(ssl_comp_methods); + if (n == 0) + fprintf(stderr, " NONE\n"); + else + for (i = 0; i < n; i++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i); + fprintf(stderr, " %d: %s\n", c->id, c->name); + } + } #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) diff --git a/util/ssleay.num b/util/ssleay.num index 865005ac6..6836484aa 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -218,3 +218,4 @@ SSL_set_msg_callback 267 EXIST::FUNCTION: SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH SSL_SESSION_get_id 270 EXIST::FUNCTION: +SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP From 377dcdba44742ce641521dd4745a37a7321b41bd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 12:18:39 +0000 Subject: [PATCH 424/550] Add functionality to get information on compression methods (not quite complete). --- ssl/ssl.h | 4 ++++ ssl/ssl_algs.c | 6 ++++++ ssl/ssl_ciph.c | 8 ++++++++ ssl/ssl_lib.c | 14 ++++++++++++++ 4 files changed, 32 insertions(+) diff --git a/ssl/ssl.h b/ssl/ssl.h index 2d4035090..e6879d907 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1198,6 +1198,10 @@ int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(SSL_CIPHER *c); const char * SSL_CIPHER_get_name(SSL_CIPHER *c); +const COMP_METHOD *SSL_get_current_compression(SSL *s); +const COMP_METHOD *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const COMP_METHOD *comp); + int SSL_get_fd(SSL *s); int SSL_get_rfd(SSL *s); int SSL_get_wfd(SSL *s); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 7c8a451fc..1a41b9967 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -108,6 +108,12 @@ int SSL_library_init(void) #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); +#endif +#ifndef OPENSSL_NO_COMP + /* This will initialise the built-in compression algorithms. + The value returned is a STACK_OF(SSL_COMP), but that can + be discarded safely */ + (void)SSL_COMP_get_compression_methods(); #endif return(1); } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 44b50feff..4f0f70079 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1204,3 +1204,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return(0); } } + +const char *SSL_COMP_get_name(const COMP_METHOD *comp) + { + if (comp) + return comp->name; + return NULL; + } + diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0c84e3ddd..bf7d7ba56 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2207,6 +2207,20 @@ SSL_CIPHER *SSL_get_current_cipher(SSL *s) return(NULL); } +const COMP_METHOD *SSL_get_current_compression(SSL *s) + { + if (s->compress != NULL) + return(s->compress->meth); + return(NULL); + } + +const COMP_METHOD *SSL_get_current_expansion(SSL *s) + { + if (s->expand != NULL) + return(s->expand->meth); + return(NULL); + } + int ssl_init_wbio_buffer(SSL *s,int push) { BIO *bbio; From f44e184ec61ba858e3048a288ec141903442be06 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 12:19:38 +0000 Subject: [PATCH 425/550] s_client should inform the user of any compression/expansion methods used. --- apps/s_client.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index eb6fd7c1c..0f7dd8861 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -944,6 +944,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; + const COMP_METHOD *comp, *exp; if (full) { @@ -1046,6 +1047,12 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } + comp=SSL_get_current_compression(s); + exp=SSL_get_current_expansion(s); + BIO_printf(bio,"Compression: %s\n", + comp ? SSL_COMP_get_name(comp) : "NONE"); + BIO_printf(bio,"Expansion: %s\n", + exp ? SSL_COMP_get_name(exp) : "NONE"); SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) From 4d1c443123acbbb8a4890605937c1aa199c7f01d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 12:22:42 +0000 Subject: [PATCH 426/550] make update --- util/ssleay.num | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/ssleay.num b/util/ssleay.num index 6836484aa..1cba37173 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -219,3 +219,6 @@ SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH SSL_SESSION_get_id 270 EXIST::FUNCTION: SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP +SSL_COMP_get_name 272 EXIST::FUNCTION: +SSL_get_current_expansion 273 EXIST::FUNCTION: +SSL_get_current_compression 274 EXIST::FUNCTION: From 83eb412da88a1e0b633511a7d07d7f40356dbe6a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 7 Oct 2003 12:09:39 +0000 Subject: [PATCH 427/550] In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq --- crypto/mem.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/mem.c b/crypto/mem.c index 57f295877..d01924c26 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -352,11 +352,15 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); if(ret) + { memcpy(ret,str,old_len); - OPENSSL_cleanse(str,old_len); - free_func(str); + OPENSSL_cleanse(str,old_len); + free_func(str); + } #ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); + fprintf(stderr, + "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", + str, ret, num); #endif if (realloc_debug_func != NULL) realloc_debug_func(str, ret, num, file, line, 1); From a08ced78c84509fe305d57d8257af4df8576585c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:07:24 +0000 Subject: [PATCH 428/550] Avoid warnings: add missing prototype, don't shadow. --- apps/speed.c | 2 +- ssl/ssl.h | 1 + ssl/ssltest.c | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 1c2b9cded..558760732 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2083,7 +2083,7 @@ int MAIN(int argc, char **argv) * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). */ int field_size, outlen; - void *(*kdf)(void *in, size_t inlen, void *out, size_t outlen); + void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); field_size = EC_GROUP_get_degree(ecdh_a[j]->group); if (field_size <= 24 * 8) { diff --git a/ssl/ssl.h b/ssl/ssl.h index e6879d907..0866fb6b2 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1201,6 +1201,7 @@ const char * SSL_CIPHER_get_name(SSL_CIPHER *c); const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); int SSL_get_fd(SSL *s); int SSL_get_rfd(SSL *s); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 6391cf207..82c3b8d89 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -616,13 +616,13 @@ bad: ssl_comp_methods = SSL_COMP_get_compression_methods(); fprintf(stderr, "Available compression methods:\n"); { - int i, n = sk_SSL_COMP_num(ssl_comp_methods); + int j, n = sk_SSL_COMP_num(ssl_comp_methods); if (n == 0) fprintf(stderr, " NONE\n"); else - for (i = 0; i < n; i++) + for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i); + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); fprintf(stderr, " %d: %s\n", c->id, c->name); } } From caf044cb3e42ed44703e3394509deb1fa988c303 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:25:43 +0000 Subject: [PATCH 429/550] Retrieve correct content to sign when the type is "other". --- CHANGES | 4 ++++ crypto/pkcs7/pk7_doit.c | 47 ++++++++++++++++++----------------------- 2 files changed, 25 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 1ecb0b440..da17895eb 100644 --- a/CHANGES +++ b/CHANGES @@ -555,6 +555,10 @@ differing sizes. [Richard Levitte] + Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + *) Use the correct content when signing type "other". + [Steve Henson] + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] *) Fix various bugs revealed by running the NISCC test suite: diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 9382f4776..e7bc3b2bf 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -91,12 +91,14 @@ static int PKCS7_type_is_other(PKCS7* p7) } -static int PKCS7_type_is_octet_string(PKCS7* p7) +static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) { - if ( 0==PKCS7_type_is_other(p7) ) - return 0; - - return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; + if ( PKCS7_type_is_data(p7)) + return p7->d.data; + if ( PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; } BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) @@ -250,29 +252,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) btmp=NULL; } - if (bio == NULL) { + if (bio == NULL) + { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else { - if (PKCS7_type_is_signed(p7) ) { - if ( PKCS7_type_is_data(p7->d.sign->contents)) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.data; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.other->value.octet_string; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - } - if(bio == NULL) { + else + { + ASN1_OCTET_STRING *os; + os = PKCS7_get_octet_string(p7->d.sign->contents); + if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) + { bio=BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bio,0); + } } - } } BIO_push(out,bio); bio=NULL; @@ -311,7 +306,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: - data_body=p7->d.sign->contents->d.data; + data_body=PKCS7_get_octet_string(p7->d.sign->contents); md_sk=p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: @@ -531,9 +526,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) break; case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; - os=p7->d.sign->contents->d.data; + os=PKCS7_get_octet_string(p7->d.sign->contents); /* If detached data then the content is excluded */ - if(p7->detached) { + if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); p7->d.sign->contents->d.data = NULL; } From 0602abf5bda0d78b01f5987bbe068af515a93bef Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:31:53 +0000 Subject: [PATCH 430/550] Initialize digested data type in PKCS7_set_type(). --- crypto/pkcs7/pk7_lib.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 9b647b212..381271061 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -197,6 +197,11 @@ int PKCS7_set_type(PKCS7 *p7, int type) break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + ASN1_INTEGER_set(p7->d.digest->version,0); + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; From 8d9086dfa2f8fa2853713a074f92d8cc0dba598a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2003 23:40:47 +0000 Subject: [PATCH 431/550] New function to initialize a PKCS7 structure of type other. --- CHANGES | 7 +++++++ crypto/pkcs7/pk7_lib.c | 7 +++++++ crypto/pkcs7/pkcs7.h | 1 + 3 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index da17895eb..51bfd320d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". + [Steve Henson] + + *) Correctly initialize digested data content type in PKCS7_set_type(). + [Steve Henson] + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 381271061..f71be082e 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -211,6 +211,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index ab04d352a..d9b3c189c 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -308,6 +308,7 @@ DECLARE_ASN1_NDEF_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); From 77fe058c10fee875780b553d4fccbff1180ac45f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 11 Oct 2003 16:46:40 +0000 Subject: [PATCH 432/550] Simplify cipher and digest lookup in PKCS#7 code. --- crypto/pkcs7/pk7_doit.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e7bc3b2bf..f0d117450 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -103,7 +103,7 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { - int i,j; + int i; BIO *out=NULL,*btmp=NULL; X509_ALGOR *xa; const EVP_MD *evp_md; @@ -161,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } - j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); + evp_md=EVP_get_digestbyobj(xa->algorithm); if (evp_md == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); @@ -314,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) md_sk=p7->d.signed_and_enveloped->md_algs; data_body=p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); + evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); @@ -326,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) rsk=p7->d.enveloped->recipientinfo; enc_alg=p7->d.enveloped->enc_data->algorithm; data_body=p7->d.enveloped->enc_data->enc_data; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); + evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); @@ -352,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); + evp_md=EVP_get_digestbynid(j); if (evp_md == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); From c5a55463892d689198e819ab92dd9521ea280337 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 11 Oct 2003 22:11:45 +0000 Subject: [PATCH 433/550] Add support for digested data PKCS#7 type. --- CHANGES | 11 ++- crypto/pkcs7/pk7_doit.c | 162 ++++++++++++++++++++++++++-------------- crypto/pkcs7/pk7_lib.c | 22 ++++++ crypto/pkcs7/pkcs7.h | 6 ++ crypto/pkcs7/pkcs7err.c | 5 +- 5 files changed, 144 insertions(+), 62 deletions(-) diff --git a/CHANGES b/CHANGES index 51bfd320d..c0f18ff1b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,11 +4,16 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] - *) New function PKCS7_set0_type_other() this initializes a PKCS7 - structure of type "other". + *) Reorganise PKCS#7 code to separate the digest location functionality + into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + New function PKCS7_set_digest() to set the digest type for PKCS#7 + digestedData type. Add additional code to correctly generate the + digestedData type and add support for this type in PKCS7 initialization + functions. [Steve Henson] - *) Correctly initialize digested data content type in PKCS7_set_type(). + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". [Steve Henson] *) Fix prime generation loop in crypto/bn/bn_prime.pl by making diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index f0d117450..0b262fa06 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -101,18 +101,54 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) return NULL; } +static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + { + BIO *btmp; + const EVP_MD *md; + if ((btmp=BIO_new(BIO_f_md())) == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + + md=EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp,md); + if (*pbio == NULL) + *pbio=btmp; + else if (!BIO_push(*pbio,btmp)) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + btmp=NULL; + + return 1; + + err: + if (btmp) + BIO_free(btmp); + return 0; + + } + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { int i; BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa; - const EVP_MD *evp_md; + X509_ALGOR *xa = NULL; const EVP_CIPHER *evp_cipher=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; EVP_PKEY *pkey; + ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -121,6 +157,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { case NID_pkcs7_signed: md_sk=p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; @@ -145,37 +182,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; default: PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - if (md_sk != NULL) - { - for (i=0; ialgorithm); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } - - BIO_set_md(btmp,evp_md); - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - } + if (xa && !PKCS7_bio_add_digest(&out, xa)) + goto err; if (evp_cipher != NULL) { @@ -255,19 +276,14 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) { - ASN1_OCTET_STRING *os; - os = PKCS7_get_octet_string(p7->d.sign->contents); - if (os && os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - if(bio == NULL) - { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); - } + bio=BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio,0); } - } + } BIO_push(out,bio); bio=NULL; if (0) @@ -493,6 +509,29 @@ err: return(out); } +static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) + { + for (;;) + { + bio=BIO_find_type(bio,BIO_TYPE_MD); + if (bio == NULL) + { + PKCS7err(PKCS7_F_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio,pmd); + if (*pmd == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio=BIO_next(bio); + } + return NULL; + } + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { int ret=0; @@ -532,6 +571,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) p7->d.sign->contents->d.data = NULL; } break; + + case NID_pkcs7_digest: + os=PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) + { + M_ASN1_OCTET_STRING_free(os); + p7->d.digest->contents->d.data = NULL; + } + break; + } if (si_sk != NULL) @@ -549,26 +599,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) j=OBJ_obj2nid(si->digest_alg->algorithm); btmp=bio; - for (;;) - { - if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) - == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == j) - break; - else - btmp=BIO_next(btmp); - } - + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); @@ -641,6 +677,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } } } + else if (i == NID_pkcs7_digest) + { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; + EVP_DigestFinal_ex(mdc,md_data,&md_len); + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } if (!PKCS7_is_detached(p7)) { diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index f71be082e..70ee44be8 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -410,6 +414,24 @@ err: return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index d9b3c189c..788cd5d6c 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) #define PKCS7_get_detached(p) \ @@ -329,6 +331,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); @@ -379,11 +382,13 @@ void ERR_load_PKCS7_strings(void); /* Function codes. */ #define PKCS7_F_B64_READ_PKCS7 120 #define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_FIND_DIGEST 127 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 #define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 #define PKCS7_F_PKCS7_DATAINIT 105 @@ -394,6 +399,7 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_F_PKCS7_GET0_SIGNERS 124 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index 5e51527a4..0d481e0b7 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,11 +68,13 @@ static ERR_STRING_DATA PKCS7_str_functs[]= { {ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, {ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, +{ERR_PACK(0,PKCS7_F_FIND_DIGEST,0), "FIND_DIGEST"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, +{ERR_PACK(0,PKCS7_F_PKCS7_BIO_ADD_DIGEST,0), "PKCS7_BIO_ADD_DIGEST"}, {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, @@ -83,6 +85,7 @@ static ERR_STRING_DATA PKCS7_str_functs[]= {ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SET_DIGEST,0), "PKCS7_set_digest"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, From 0bb6187e71658fd691fe9f3b48a79a6250567216 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 13 Oct 2003 11:34:40 +0000 Subject: [PATCH 434/550] The object file is o_str.o, not o_str.c. Thanks to Peter Sylvester for the notification. --- crypto/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index b119ccbd9..79dec73cf 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -38,7 +38,7 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c -LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o SRC= $(LIBSRC) From 0b6956b4747e6f42427863f8a78f8939a86fb175 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 15 Oct 2003 09:00:14 +0000 Subject: [PATCH 435/550] Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes . The unnecessary memcpy() was found as an effect of investigating that error. --- crypto/aes/aes_cbc.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 86b27b10d..0a28ab8d3 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -91,21 +91,20 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } else { while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); + memcpy(ivec, in, AES_BLOCK_SIZE); len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, tmp, key); + AES_decrypt(in, tmp, key); for(n=0; n < len; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); + out[n] = tmp[n] ^ ivec[n]; + memcpy(ivec, in, AES_BLOCK_SIZE); } } } From 8ad7e3ad2a1634a020facb2ca9022b2bccef58dd Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 24 Oct 2003 16:17:11 +0000 Subject: [PATCH 436/550] Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway. --- crypto/x509/x509.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index e7706ce9f..9b26b24ef 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -856,10 +856,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -#ifndef OPENSSL_NO_RSA -RSA *RSAPublicKey_dup(RSA *rsa); -RSA *RSAPrivateKey_dup(RSA *rsa); -#endif #endif /* !SSLEAY_MACROS */ From aea293e3bc301e7df9753a1b5eee3dceb341abd6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 17:24:29 +0000 Subject: [PATCH 437/550] crypto/evp/evptests.txt is copied to tests/ rather than symlinked because of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs noise for the copied version. --- test/.cvsignore | 1 + 1 file changed, 1 insertion(+) diff --git a/test/.cvsignore b/test/.cvsignore index 58236039d..fd1ddb002 100644 --- a/test/.cvsignore +++ b/test/.cvsignore @@ -13,3 +13,4 @@ reqU.ss certU.ss Makefile.save tmp.bntest +evptests.txt From 12bdceac8aee2041673f2e0c3d4f606bb01e848d Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 17:26:46 +0000 Subject: [PATCH 438/550] Ignore derived file. --- crypto/cast/asm/.cvsignore | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/cast/asm/.cvsignore b/crypto/cast/asm/.cvsignore index ed39ad9fc..d6bf08ba1 100644 --- a/crypto/cast/asm/.cvsignore +++ b/crypto/cast/asm/.cvsignore @@ -1 +1,2 @@ cx86unix.cpp +cx86-elf.s From 66b82f5aadd6aa9cb235ed33477c5891aaf05656 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 22:10:47 +0000 Subject: [PATCH 439/550] make update --- TABLE | 27 ++++++++++++++++++++++++++- crypto/comp/Makefile.ssl | 12 ++++++------ util/libeay.num | 2 ++ util/ssleay.num | 1 + 4 files changed, 35 insertions(+), 7 deletions(-) diff --git a/TABLE b/TABLE index 8fe97d684..e4492b897 100644 --- a/TABLE +++ b/TABLE @@ -4250,6 +4250,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** vxworks-mipsle +$cc = ccmips +$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = ranlibmips +$arflags = + *** vxworks-ppc405 $cc = ccppc $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h @@ -4327,7 +4352,7 @@ $arflags = *** vxworks-ppc860 $cc = ccppc -$cflags = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h $unistd = $thread_cflag = $sys_id = VXWORKS diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index 5db2412f9..f60c7a1af 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h -c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h -c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c +c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_zlib.o: c_zlib.c comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/util/libeay.num b/util/libeay.num index 6151f6274..dac56a70d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3146,3 +3146,5 @@ DSO_merge 3574 EXIST::FUNCTION: EC_POINT_hex2point 3575 EXIST::FUNCTION:EC BN_GF2m_mod_inv_arr 3576 EXIST::FUNCTION: ENGINE_unregister_ECDSA 3577 EXIST::FUNCTION:ENGINE +PKCS7_set_digest 3578 EXIST::FUNCTION: +PKCS7_set0_type_other 3579 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 1cba37173..c2a4909f1 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -222,3 +222,4 @@ SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP SSL_COMP_get_name 272 EXIST::FUNCTION: SSL_get_current_expansion 273 EXIST::FUNCTION: SSL_get_current_compression 274 EXIST::FUNCTION: +SSL_COMP_get_compression_methods 275 EXIST::FUNCTION: From 2a85f77146eff995afae6f81b8601a64bb1a41fc Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 28 Oct 2003 22:57:18 +0000 Subject: [PATCH 440/550] Add my own debug config target. --- Configure | 1 + TABLE | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/Configure b/Configure index b710e6eb5..044b220aa 100755 --- a/Configure +++ b/Configure @@ -149,6 +149,7 @@ my %table=( "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box diff --git a/TABLE b/TABLE index e4492b897..c74ded4f1 100644 --- a/TABLE +++ b/TABLE @@ -1650,6 +1650,31 @@ $shared_extension = $ranlib = $arflags = +*** debug-geoff +$cc = gcc +$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** debug-levitte-linux-elf $cc = gcc $cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe From 6145b0b1835f14167f8e9e4701251149f9c5373f Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:00:14 +0000 Subject: [PATCH 441/550] The "cryptodev" engine preprocessor logic used undefined symbols in comparisons. It's better not to allow this, because it gives false positives when using compiler warnings that detect mistyped symbols. --- crypto/engine/eng_cryptodev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index b32be08c8..e93b7fd1a 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -33,7 +33,8 @@ #include #include -#if (defined(__unix__) || defined(unix)) && !defined(USG) +#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ + (defined(OpenBSD) || defined(__FreeBSD_version)) #include # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV From 9d473aa2e4076beb959bc9701786a0860877ee12 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:06:50 +0000 Subject: [PATCH 442/550] When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either. --- CHANGES | 4 ++++ crypto/bn/bn_depr.c | 6 ++++++ crypto/dh/dh_depr.c | 4 ++++ crypto/dsa/dsa_depr.c | 4 ++++ crypto/rsa/rsa_depr.c | 5 ++++- 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index c0f18ff1b..666cf68d6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Ensure that deprecated functions do not get compiled when + OPENSSL_NO_DEPRECATED is defined. + [Geoff Thorpe] + *) Reorganise PKCS#7 code to separate the digest location functionality into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). New function PKCS7_set_digest() to set the digest type for PKCS#7 diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 35e912728..09ad52e7c 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -62,6 +62,9 @@ #include "bn_lcl.h" #include +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) @@ -78,6 +81,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, } else rnd=ret; + bn_verify(rnd); if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) goto err; @@ -85,6 +89,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, found = 1; err: if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); + if(found) bn_verify(rnd); return(found ? rnd : NULL); } @@ -106,3 +111,4 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, return BN_is_prime_fasttest_ex(a, checks, ctx_passed, do_trial_division, &cb); } +#endif diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index 3eb319e2a..acc05f252 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -61,6 +61,9 @@ #include #include +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED DH *DH_generate_parameters(int prime_len, int generator, void (*callback)(int,int,void *), void *cb_arg) { @@ -77,3 +80,4 @@ DH *DH_generate_parameters(int prime_len, int generator, DH_free(ret); return NULL; } +#endif diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index cb8045721..f2da680eb 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -69,6 +69,8 @@ #define HASH EVP_sha1() #endif +static void *dummy=&dummy; + #ifndef OPENSSL_NO_SHA #include @@ -80,6 +82,7 @@ #include #include +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -100,3 +103,4 @@ DSA *DSA_generate_parameters(int bits, return NULL; } #endif +#endif diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 3773d037c..2d87cd39f 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -62,6 +62,9 @@ #include #include +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) { @@ -78,4 +81,4 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, RSA_free(rsa); return 0; } - +#endif From 2aaec9cced89edfdc8375b38a130fa1c35a98025 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:14:08 +0000 Subject: [PATCH 443/550] Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined. --- CHANGES | 4 +++- apps/dhparam.c | 24 ++++++++++++++---------- apps/gendh.c | 17 ++++++++++------- apps/genrsa.c | 15 ++++++++++----- apps/req.c | 20 +++++++++++++------- apps/s_server.c | 7 ++++++- crypto/bn/bntest.c | 17 +++++++++++------ crypto/dh/dhtest.c | 16 ++++++++++------ crypto/dsa/dsatest.c | 23 +++++++++++------------ 9 files changed, 88 insertions(+), 55 deletions(-) diff --git a/CHANGES b/CHANGES index 666cf68d6..ea4793c2e 100644 --- a/CHANGES +++ b/CHANGES @@ -5,7 +5,9 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] *) Ensure that deprecated functions do not get compiled when - OPENSSL_NO_DEPRECATED is defined. + OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of + the self-tests were still using deprecated key-generation functions so + these have been updated also. [Geoff Thorpe] *) Reorganise PKCS#7 code to separate the digest location functionality diff --git a/apps/dhparam.c b/apps/dhparam.c index dc00355b9..e3cabcfcd 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -142,7 +142,7 @@ * -C */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -294,6 +294,8 @@ bad: if(num) { + BN_GENCB cb; + BN_GENCB_set(&cb, dh_cb, bio_err); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); @@ -305,12 +307,13 @@ bad: #ifndef OPENSSL_NO_DSA if (dsaparam) { - DSA *dsa; + DSA *dsa = DSA_new(); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); - dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err); - if (dsa == NULL) + if(!dsa || !DSA_generate_parameters_ex(dsa, num, + NULL, 0, NULL, NULL, &cb)) { + if(dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } @@ -326,12 +329,12 @@ bad: else #endif { + dh = DH_new(); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) + if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { + if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } @@ -534,7 +537,7 @@ end: } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -542,11 +545,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/gendh.c b/apps/gendh.c index b90087493..69baa50b0 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -81,12 +81,13 @@ #undef PROG #define PROG gendh_main -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -102,6 +103,7 @@ int MAIN(int argc, char **argv) apps_startup(); + BN_GENCB_set(&cb, dh_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -199,10 +201,10 @@ bad: BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) goto end; + if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) + goto end; + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) @@ -217,7 +219,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -225,10 +227,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/genrsa.c b/apps/genrsa.c index 0ce23946e..85da98d45 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -81,12 +81,13 @@ #undef PROG #define PROG genrsa_main -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -105,6 +106,7 @@ int MAIN(int argc, char **argv) BIO *out=NULL; apps_startup(); + BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -239,7 +241,9 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb)) + goto err; app_RAND_write_file(NULL, bio_err); @@ -277,7 +281,7 @@ err: OPENSSL_EXIT(ret); } -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -285,11 +289,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #else /* !OPENSSL_NO_RSA */ diff --git a/apps/req.c b/apps/req.c index 80b623c50..29076266f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -135,7 +135,7 @@ static int add_attribute_object(X509_REQ *req, char *text, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); #endif static int req_check_len(int len,int n_min,int n_max); static int check_end(char *str, char *end); @@ -712,6 +712,8 @@ bad: if (newreq && (pkey == NULL)) { + BN_GENCB cb; + BN_GENCB_set(&cb, req_cb, bio_err); char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -740,10 +742,13 @@ bad: #ifndef OPENSSL_NO_RSA if (pkey_type == TYPE_RSA) { - if (!EVP_PKEY_assign_RSA(pkey, - RSA_generate_key(newkey,0x10001, - req_cb,bio_err))) + RSA *rsa = RSA_new(); + if(!rsa || !RSA_generate_key_ex(rsa, newkey, 0x10001, &cb) || + !EVP_PKEY_assign_RSA(pkey, rsa)) + { + if(rsa) RSA_free(rsa); goto end; + } } else #endif @@ -1610,7 +1615,7 @@ err: } #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p, int n, void *arg) +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -1618,11 +1623,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/s_server.c b/apps/s_server.c index dd58591d3..9b8fe570c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1785,7 +1785,12 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); (void)BIO_flush(bio_err); } - rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if(((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex( + rsa_tmp, keylength,RSA_F4,NULL)) + { + if(rsa_tmp) RSA_free(rsa_tmp); + rsa_tmp = NULL; + } if (!s_quiet) { BIO_printf(bio_err,"\n"); diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index fe057dc22..0d37dcff4 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -1502,7 +1502,7 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx) return ret; } -static void genprime_cb(int p, int n, void *arg) +static int genprime_cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -1512,12 +1512,12 @@ static void genprime_cb(int p, int n, void *arg) if (p == 3) c='\n'; putc(c, stderr); fflush(stderr); - (void)n; - (void)arg; + return 1; } int test_kron(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*b,*r,*t; int i; int legendre, kronecker; @@ -1528,6 +1528,8 @@ int test_kron(BIO *bp, BN_CTX *ctx) r = BN_new(); t = BN_new(); if (a == NULL || b == NULL || r == NULL || t == NULL) goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). * In this case we know that if b is prime, then BN_kronecker(a, b, ctx) @@ -1538,7 +1540,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) * don't want to test whether b is prime but whether BN_kronecker * works.) */ - if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err; b->neg = rand_neg(); putc('\n', stderr); @@ -1606,6 +1608,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) int test_sqrt(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*p,*r; int i, j; int ret = 0; @@ -1614,7 +1617,9 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) p = BN_new(); r = BN_new(); if (a == NULL || p == NULL || r == NULL) goto err; - + + BN_GENCB_set(&cb, genprime_cb, NULL); + for (i = 0; i < 16; i++) { if (i < 8) @@ -1628,7 +1633,7 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) if (!BN_set_word(a, 32)) goto err; if (!BN_set_word(r, 2*i + 1)) goto err; - if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err; putc('\n', stderr); } p->neg = rand_neg(); diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index dc25283f7..492fbeefa 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -89,12 +89,13 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK cb(int p, int n, void *arg); +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) { + BN_GENCB _cb; DH *a; DH *b=NULL; char buf[12]; @@ -116,8 +117,10 @@ int main(int argc, char *argv[]) if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); - a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); - if (a == NULL) goto err; + BN_GENCB_set(&_cb, &cb, out); + if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, &_cb)) + goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) @@ -201,7 +204,7 @@ err: return(ret); } -static void MS_CALLBACK cb(int p, int n, void *arg) +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -209,10 +212,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 49c630b10..1dbda6801 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -90,7 +90,7 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -135,6 +135,7 @@ static BIO *bio_err=NULL; int main(int argc, char **argv) { + BN_GENCB cb; DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; @@ -154,7 +155,10 @@ int main(int argc, char **argv) BIO_printf(bio_err,"test generation of DSA parameters\n"); - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); + BN_GENCB_set(&cb, dsa_cb, bio_err); + if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, + seed, 20, &counter, &h, &cb)) + goto end; BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) @@ -221,13 +225,7 @@ end: return(0); } -static int cb_exit(int ec) - { - EXIT(ec); - return(0); /* To keep some compilers quiet */ - } - -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) { char c='*'; static int ok=0,num=0; @@ -236,13 +234,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) { c='*'; ok++; } if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - cb_exit(1); + return 0; } + return 1; } #endif From 0991f0703478fd0fc704b6c59ffbb675b92899c1 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:40:13 +0000 Subject: [PATCH 444/550] For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly. In addition - this highlights some cruft in openssl that needs sorting out. The tmdiff.h header is exported as part of the openssl API despite the fact that it is ugly as the driven sludge and not used anywhere in the library, applications, or utilities. More weird still, almost identical code exists in apps/speed.c though it looks to be slightly tweaked - so either tmdiff should be updated and used by speed.c, or it should be dumped because it's obviously not useful enough. Rather than removing it for now, I've changed the API for tmdiff to at least make sense. This involves taking the object type (MS_TM) from the implementation and using it in the header rather than using "char *" in the API and casting mercilessly in the code (ugh). If someone doesn't like "MS_TM" and the "ms_time_***" naming, by all means change it. This should be a harmless improvement, because the existing API is clearly not very useful (eg. we reimplement it rather than using it in our own utils). However, someone still needs to take a hack at consolidating speed.c and tmdiff.[ch] somehow. --- CHANGES | 9 +++++++++ apps/speed.c | 22 ++++++++++++++++++---- crypto/tmdiff.c | 29 ++++++++++++++--------------- crypto/tmdiff.h | 22 +++++++++++++++++----- 4 files changed, 58 insertions(+), 24 deletions(-) diff --git a/CHANGES b/CHANGES index ea4793c2e..a75374b3f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) The tmdiff.h API was so ugly and minimal that our own timing utility + (speed) prefers to use its own implementation. The two implementations + haven't been consolidated as yet (volunteers?) but the tmdiff API has had + its object type properly exposed (MS_TM) instead of casting to/from "char + *". This may still change yet if someone realises MS_TM and "ms_time_***" + aren't necessarily the greatest nomenclatures - but this is what was used + internally to the implementation so I've used that for now. + [Geoff Thorpe] + *) Ensure that deprecated functions do not get compiled when OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of the self-tests were still using deprecated key-generation functions so diff --git a/apps/speed.c b/apps/speed.c index 558760732..5576f23fe 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -208,11 +208,21 @@ #include #endif +/* + * The following "HZ" timing stuff should be sync'd up with the code in + * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think + * this code is more up to date than libcrypto's so there may be features to + * migrate over first. This is used in two places further down AFAICS. + * The point is that nothing in openssl actually *uses* that tmdiff stuff, so + * either speed.c should be using it or it should go because it's obviously not + * useful enough. Anyone want to do a janitorial job on this? + */ + /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -294,7 +304,7 @@ static double Time_F(int s) #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; getrusage_used = 1; @@ -349,7 +359,8 @@ static double Time_F(int s) else { times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + ret = HZ; + ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; return((ret < 1e-3)?1e-3:ret); } } @@ -2191,7 +2202,10 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", (double)HZ); + { + double dbl = HZ; + printf("HZ=%g", dbl); + } # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c index 307523ebb..cbec38e17 100644 --- a/crypto/tmdiff.c +++ b/crypto/tmdiff.c @@ -106,7 +106,8 @@ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +/* # define HZ ((double)sysconf(_SC_CLK_TCK)) */ +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -120,7 +121,7 @@ # endif #endif -typedef struct ms_tm +struct ms_tm { #ifdef TIMES struct tms ms_tms; @@ -136,9 +137,9 @@ typedef struct ms_tm # endif # endif #endif - } MS_TM; + }; -char *ms_time_new(void) +MS_TM *ms_time_new(void) { MS_TM *ret; @@ -149,18 +150,17 @@ char *ms_time_new(void) #ifdef OPENSSL_SYS_WIN32 ret->thread_id=GetCurrentThread(); #endif - return((char *)ret); + return ret; } -void ms_time_free(char *a) +void ms_time_free(MS_TM *a) { if (a != NULL) OPENSSL_free(a); } -void ms_time_get(char *a) +void ms_time_get(MS_TM *tm) { - MS_TM *tm=(MS_TM *)a; #ifdef OPENSSL_SYS_WIN32 FILETIME tmpa,tmpb,tmpc; #endif @@ -180,14 +180,13 @@ void ms_time_get(char *a) #endif } -double ms_time_diff(char *ap, char *bp) +double ms_time_diff(MS_TM *a, MS_TM *b) { - MS_TM *a=(MS_TM *)ap; - MS_TM *b=(MS_TM *)bp; double ret; #ifdef TIMES - ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + ret = HZ; + ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret; #else # ifdef OPENSSL_SYS_WIN32 { @@ -217,14 +216,14 @@ double ms_time_diff(char *ap, char *bp) return((ret < 0.0000001)?0.0000001:ret); } -int ms_time_cmp(char *ap, char *bp) +int ms_time_cmp(const MS_TM *a, const MS_TM *b) { - MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp; double d; int ret; #ifdef TIMES - d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + d = HZ; + d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d; #else # ifdef OPENSSL_SYS_WIN32 d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; diff --git a/crypto/tmdiff.h b/crypto/tmdiff.h index 41a8a1e0e..af5c41c64 100644 --- a/crypto/tmdiff.h +++ b/crypto/tmdiff.h @@ -59,6 +59,16 @@ /* Header for dynamic hash table routines * Author - Eric Young */ +/* ... erm yeah, "dynamic hash tables" you say? + * + * And what would dynamic hash tables have to do with any of this code *now*? + * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused + * file that I doubt compiles any more. speed.c is the only thing that could + * use this (and it has nothing to do with hash tables), yet it instead has its + * own duplication of all this stuff and looks, if anything, more complete. See + * the corresponding note in apps/speed.c. + * The Bemused - Geoff + */ #ifndef HEADER_TMDIFF_H #define HEADER_TMDIFF_H @@ -67,11 +77,13 @@ extern "C" { #endif -char *ms_time_new(void ); -void ms_time_free(char *a); -void ms_time_get(char *a); -double ms_time_diff(char *start,char *end); -int ms_time_cmp(char *ap,char *bp); +typedef struct ms_tm MS_TM; + +MS_TM *ms_time_new(void ); +void ms_time_free(MS_TM *a); +void ms_time_get(MS_TM *a); +double ms_time_diff(MS_TM *start, MS_TM *end); +int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); #ifdef __cplusplus } From 40f935f5b45bc08492177ce5856d2c3e8fe764e5 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:41:19 +0000 Subject: [PATCH 445/550] Avoid "empty source file" warnings. --- crypto/ebcdic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index d1bece87f..6ac5b3944 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -1,5 +1,7 @@ /* crypto/ebcdic.c */ +static void *dummy=&dummy; + #ifdef CHARSET_EBCDIC #include "ebcdic.h" /* Initial Port for Apache-1.3 by From 6bcd3f903a5c163ae8994533d90e8571347ed30a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:42:29 +0000 Subject: [PATCH 446/550] Comments out some unimplemented functions instead of redeclaring them. --- crypto/ec/ecp_recp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index e0b28c1cf..d454c12fd 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -119,7 +119,8 @@ int ec_GFp_recp_group_init(EC_GROUP *group) return ok; } - +/* Avoid "redundant redeclaration" warnings */ +#if 0 int ec_GFp_recp_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* TODO */ @@ -142,3 +143,4 @@ int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, con int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); /* TODO */ +#endif From 8dc344ccbf41c427634a5f8a0f17ee62eb121551 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:57:05 +0000 Subject: [PATCH 447/550] Relax some over-zealous constification that gave some lhash-based code no choice but to have to cast away "const" qualifiers from their prototypes. This does not remove constification restrictions from hash/compare callbacks, but allows destructor commands to be run over a tables' elements without bad casts. --- CHANGES | 11 +++++++++++ crypto/ex_data.c | 2 +- crypto/lhash/lhash.c | 2 +- crypto/lhash/lhash.h | 16 ++++++++-------- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index a75374b3f..c206df30f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,17 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Because of the callback-based approach for implementing LHASH as a + template type, lh_insert() adds opaque objects to hash-tables and + lh_doall() or lh_doall_arg() are typically used with a destructor callback + to clean up those corresponding objects before destroying the hash table + (and losing the object pointers). So some over-zealous constifications in + LHASH have been relaxed so that lh_insert() does not take (nor store) the + objects as "const" and the lh_doall[_arg] callback wrappers are not + prototyped to have "const" restrictions on the object pointers they are + given (and so aren't required to cast them away any more). + [Geoff Thorpe] + *) The tmdiff.h API was so ugly and minimal that our own timing utility (speed) prefers to use its own implementation. The two implementations haven't been consolidated as yet (volunteers?) but the tmdiff API has had diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5b2e345c2..f68cf8452 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -287,7 +287,7 @@ static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do * any locking. */ -static void def_cleanup_cb(const void *a_void) +static void def_cleanup_cb(void *a_void) { EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 0a16fcf27..9856c26d4 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -176,7 +176,7 @@ void lh_free(LHASH *lh) OPENSSL_free(lh); } -void *lh_insert(LHASH *lh, const void *data) +void *lh_insert(LHASH *lh, void *data) { unsigned long hash; LHASH_NODE *nn,**rn; diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index 7c1d48642..d392d0cd8 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -78,7 +78,7 @@ extern "C" { typedef struct lhash_node_st { - const void *data; + void *data; struct lhash_node_st *next; #ifndef OPENSSL_NO_HASH_COMP unsigned long hash; @@ -87,8 +87,8 @@ typedef struct lhash_node_st typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. * This way, callbacks can be provided to LHASH structures without function @@ -118,18 +118,18 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); /* Third: "doall" functions */ #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *); + void f_name##_LHASH_DOALL(void *); #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *arg) { \ + void f_name##_LHASH_DOALL(void *arg) { \ o_type a = (o_type)arg; \ f_name(a); } #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *, void *); + void f_name##_LHASH_DOALL_ARG(void *, void *); #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ + void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ o_type a = (o_type)arg1; \ a_type b = (a_type)arg2; \ f_name(a,b); } @@ -173,7 +173,7 @@ typedef struct lhash_st LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, const void *data); +void *lh_insert(LHASH *lh, void *data); void *lh_delete(LHASH *lh, const void *data); void *lh_retrieve(LHASH *lh, const void *data); void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); From 2eeaa0261ef53307008b9725bc001b397c96e22e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 04:58:23 +0000 Subject: [PATCH 448/550] Remove redundant declaration. --- crypto/des/fcrypt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index 2758c3265..ccbdff250 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -58,9 +58,6 @@ static unsigned const char cov_2char[64]={ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A }; -void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - char *DES_crypt(const char *buf, const char *salt) { static char buff[14]; From 8a66d17899e6ed3ccdb2feb878e5d77d35753494 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 05:00:57 +0000 Subject: [PATCH 449/550] Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings. --- crypto/bio/b_print.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 2cfc689dd..f80335e26 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -513,8 +513,8 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < sizeof convert)); - if (place == sizeof convert) + } while (uvalue && (place < (int)sizeof(convert))); + if (place == sizeof(convert)) place--; convert[place] = 0; @@ -643,7 +643,7 @@ fmtfp( if (fracpart >= pow10(max)) { intpart++; - fracpart -= (long)pow10(max); + fracpart -= pow10(max); } /* convert integer part */ @@ -652,7 +652,7 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < sizeof iplace)); + } while (intpart && (iplace < (int)sizeof(iplace))); if (iplace == sizeof iplace) iplace--; iconvert[iplace] = 0; From db59141467aa424c3fb5656ffa4355e3740dad1a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 05:35:31 +0000 Subject: [PATCH 450/550] remove accidentally committed debugging cruft. --- crypto/bn/bn_depr.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 09ad52e7c..27535e4fc 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -81,7 +81,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, } else rnd=ret; - bn_verify(rnd); if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) goto err; @@ -89,7 +88,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, found = 1; err: if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); - if(found) bn_verify(rnd); return(found ? rnd : NULL); } From 4e952ae4fc33a1c3a39e082dcb139c5560128ce8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 29 Oct 2003 06:21:22 +0000 Subject: [PATCH 451/550] Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored. --- crypto/aes/aes_cbc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 0a28ab8d3..1222a2100 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -91,20 +91,21 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } else { while (len >= AES_BLOCK_SIZE) { + memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, in, AES_BLOCK_SIZE); + memcpy(ivec, tmp, AES_BLOCK_SIZE); len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, tmp, key); + AES_decrypt(tmp, tmp, key); for(n=0; n < len; ++n) out[n] = tmp[n] ^ ivec[n]; - memcpy(ivec, in, AES_BLOCK_SIZE); + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } } From 2ce90b9b7481381dff584726d84345a0260ca4d1 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 18:04:37 +0000 Subject: [PATCH 452/550] BN_CTX is opaque and the static initialiser BN_CTX_init() is not used except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself. NDEBUG should probably only be "forced" in the top-level configuration, but until it is I will avoid removing it from bn_ctx.c which might surprise people with massive slow-downs in their keygens. So I've left it in bn_ctx.c but tidied up the preprocessor logic a touch and made it more tolerant of debugging efforts. --- CHANGES | 6 ++++++ crypto/bn/bn.h | 2 ++ crypto/bn/bn_ctx.c | 53 ++++++++++++++++++++++++++++++---------------- crypto/bn/bn_lcl.h | 14 ------------ 4 files changed, 43 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index c206df30f..d15740876 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure + that can only be obtained through BN_CTX_new() (which implicitly + initialises it). The presence of this function only made it possible + to overwrite an existing structure (and cause memory leaks). + [Geoff Thorpe] + *) Because of the callback-based approach for implementing LHASH as a template type, lh_insert() adds opaque objects to hash-tables and lh_doall() or lh_doall_arg() are typically used with a destructor callback diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d7a5fce6e..686b3b307 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -363,7 +363,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); const BIGNUM *BN_value_one(void); char * BN_options(void); BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED void BN_CTX_init(BN_CTX *c); +#endif void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 7daf19eb8..34cc75cfa 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -54,9 +54,10 @@ * */ -#ifndef BN_CTX_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +#ifndef NDEBUG +#define NDEBUG +#endif #endif #include @@ -65,6 +66,37 @@ #include "cryptlib.h" #include "bn_lcl.h" +/* BN_CTX structure details */ +#define BN_CTX_NUM 32 +#define BN_CTX_NUM_POS 12 +struct bignum_ctx + { + int tos; + BIGNUM bn[BN_CTX_NUM]; + int flags; + int depth; + int pos[BN_CTX_NUM_POS]; + int too_many; + }; + +#ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *ctx) +#else +static void BN_CTX_init(BN_CTX *ctx) +#endif + { +#if 0 /* explicit version */ + int i; + ctx->tos = 0; + ctx->flags = 0; + ctx->depth = 0; + ctx->too_many = 0; + for (i = 0; i < BN_CTX_NUM; i++) + BN_init(&(ctx->bn[i])); +#else + memset(ctx, 0, sizeof *ctx); +#endif + } BN_CTX *BN_CTX_new(void) { @@ -82,21 +114,6 @@ BN_CTX *BN_CTX_new(void) return(ret); } -void BN_CTX_init(BN_CTX *ctx) - { -#if 0 /* explicit version */ - int i; - ctx->tos = 0; - ctx->flags = 0; - ctx->depth = 0; - ctx->too_many = 0; - for (i = 0; i < BN_CTX_NUM; i++) - BN_init(&(ctx->bn[i])); -#else - memset(ctx, 0, sizeof *ctx); -#endif - } - void BN_CTX_free(BN_CTX *ctx) { int i; diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 01cb6e928..0c448724d 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -119,20 +119,6 @@ extern "C" { #endif -/* Used for temp variables */ -#define BN_CTX_NUM 32 -#define BN_CTX_NUM_POS 12 -struct bignum_ctx - { - int tos; - BIGNUM bn[BN_CTX_NUM]; - int flags; - int depth; - int pos[BN_CTX_NUM_POS]; - int too_many; - } /* BN_CTX */; - - /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * From 27545970134d703ed96027aac9b67eced124eec3 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 20:24:15 +0000 Subject: [PATCH 453/550] A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate. --- apps/ca.c | 3 ++- apps/enc.c | 2 +- apps/passwd.c | 3 ++- apps/rand.c | 2 +- crypto/asn1/a_enum.c | 7 ++++--- crypto/asn1/a_int.c | 7 ++++--- crypto/asn1/a_object.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/x_long.c | 2 +- crypto/bn/bn_lib.c | 12 ++++++------ crypto/des/destest.c | 9 +++++---- crypto/des/set_key.c | 4 ++-- crypto/evp/bio_b64.c | 2 +- crypto/evp/e_rc2.c | 7 ++++--- crypto/evp/encode.c | 4 ++-- crypto/evp/evp_enc.c | 17 ++++++++++------- crypto/evp/evp_lib.c | 12 +++++++----- crypto/evp/p5_crpt.c | 2 +- crypto/evp/p5_crpt2.c | 5 +++-- crypto/hmac/hmac.c | 4 ++-- crypto/pem/pem_lib.c | 2 +- crypto/rand/md_rand.c | 2 +- crypto/rsa/rsa_gen.c | 3 ++- crypto/x509/x509_trs.c | 4 ++-- crypto/x509v3/v3_purp.c | 4 ++-- engines/e_4758_cca.c | 6 +++--- ssl/s2_clnt.c | 6 +++--- ssl/s2_enc.c | 2 +- ssl/s2_lib.c | 12 +++++++----- ssl/s3_clnt.c | 2 +- ssl/s3_enc.c | 6 +++--- ssl/s3_lib.c | 2 +- ssl/s3_srvr.c | 2 +- ssl/ssl_asn1.c | 6 +++--- ssl/ssl_cert.c | 2 +- ssl/ssltest.c | 8 ++++---- 37 files changed, 97 insertions(+), 82 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 780868a9f..15211b844 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -3005,7 +3005,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; int reason_code = -1; - int i, ret = 0; + int ret = 0; + unsigned int i; ASN1_OBJECT *hold = NULL; ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); diff --git a/apps/enc.c b/apps/enc.c index 0a9f7310b..ae18452e8 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -534,7 +534,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i sizeof buf) + if (chunk > (int)sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 68a525fb1..d9db53f01 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -67,12 +67,13 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_ENUMERATED; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -116,7 +117,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) else if (i != V_ASN1_ENUMERATED) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 78402cd98..4bb300c20 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -313,12 +313,13 @@ err: int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_INTEGER; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -362,7 +363,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) else if (i != V_ASN1_INTEGER) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 0a8e6c287..124451d7a 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -184,7 +184,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); i=i2t_ASN1_OBJECT(buf,sizeof buf,a); - if (i > sizeof buf) i=sizeof buf; + if (i > (int)sizeof(buf)) i=sizeof buf; BIO_write(bp,buf,i); return(i); } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index c035cc0f5..277726cd5 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -544,7 +544,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons static int asn1_str2tag(const char *tagstr, int len) { - int i; + unsigned int i; static struct tag_name_st *tntmp, tnst [] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index e100e93be..1905b090e 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -145,7 +145,7 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; unsigned long ret=0; - int i; + unsigned int i; if (max-- < 1) return(0); if (*p == 0x80) diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index c04b19279..954d18397 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -136,7 +136,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, int neg, i; long ltmp; unsigned long utmp = 0; - if(len > sizeof(long)) { + if(len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index bbcc62d83..8207bce23 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -91,28 +91,28 @@ void BN_set_params(int mult, int high, int low, int mont) { if (mult >= 0) { - if (mult > (sizeof(int)*8)-1) + if (mult > (int)(sizeof(int)*8)-1) mult=sizeof(int)*8-1; bn_limit_bits=mult; bn_limit_num=1<= 0) { - if (high > (sizeof(int)*8)-1) + if (high > (int)(sizeof(int)*8)-1) high=sizeof(int)*8-1; bn_limit_bits_high=high; bn_limit_num_high=1<= 0) { - if (low > (sizeof(int)*8)-1) + if (low > (int)(sizeof(int)*8)-1) low=sizeof(int)*8-1; bn_limit_bits_low=low; bn_limit_num_low=1<= 0) { - if (mont > (sizeof(int)*8)-1) + if (mont > (int)(sizeof(int)*8)-1) mont=sizeof(int)*8-1; bn_limit_bits_mont=mont; bn_limit_num_mont=1< sizeof(BN_ULONG)) + if (n > (int)sizeof(BN_ULONG)) return(BN_MASK2); for (i=a->top-1; i>=0; i--) { @@ -628,7 +628,7 @@ BN_ULONG BN_get_word(const BIGNUM *a) int BN_set_word(BIGNUM *a, BN_ULONG w) { int i,n; - if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); + if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); n=sizeof(BN_ULONG)/BN_BYTES; a->neg=0; diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 3983ac8e5..788f552c8 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -333,7 +333,8 @@ static int cfb64_test(unsigned char *cfb_cipher); static int ede_cfb64_test(unsigned char *cfb_cipher); int main(int argc, char *argv[]) { - int i,j,err=0; + int j,err=0; + unsigned int i; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; @@ -391,7 +392,7 @@ int main(int argc, char *argv[]) DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) @@ -540,7 +541,7 @@ int main(int argc, char *argv[]) if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) @@ -556,7 +557,7 @@ int main(int argc, char *argv[]) des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 143008ed9..55efe03f4 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -87,7 +87,7 @@ static const unsigned char odd_parity[256]={ void DES_set_odd_parity(DES_cblock *key) { - int i; + unsigned int i; for (i=0; ibuf_len-ctx->buf_off; if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 3932f60e5..d37726ffa 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -168,16 +168,17 @@ static int rc2_magic_to_meth(int i) static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { long num=0; - int i=0,l; + int i=0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof iv); + OPENSSL_assert(l <= sizeof(iv)); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) + if (i != (int)l) return(-1); key_bits =rc2_magic_to_meth((int)num); if (!key_bits) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 08209357c..32744ca68 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -136,7 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; - OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < sizeof ctx->enc_data); + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); d[n++]=tmp; ln++; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index be0758a87..db621bfc8 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -187,7 +187,8 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -274,7 +275,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; - OPENSSL_assert(bl <= sizeof ctx->buf); + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (i+inl < bl) @@ -320,7 +321,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl,ret; + int n,ret; + unsigned int i, b, bl; b=ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->buf); @@ -356,7 +358,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int b, fix_len; + int fix_len; + unsigned int b; if (inl == 0) { @@ -409,8 +412,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,b; - int n; + int i,n; + unsigned int b; *outl=0; b=ctx->cipher->block_size; @@ -433,7 +436,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > b) + if (n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 52a3b287b..c97cb9cea 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -85,14 +85,15 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,l; + int i=0; + unsigned int l; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof c->iv); + OPENSSL_assert(l <= sizeof(c->iv)); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) + if (i != (int)l) return(-1); else if (i > 0) memcpy(c->iv,c->oiv,l); @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,j; + int i=0; + unsigned int j; if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof c->iv); + OPENSSL_assert(j <= sizeof(c->iv)); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index a1874e83b..39306f456 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -140,7 +140,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index b161d7664..dca051486 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -149,7 +149,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, int en_de) { unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; @@ -208,7 +209,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 4c91f919d..f7392a0da 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); - OPENSSL_assert(j <= sizeof ctx->key); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -89,7 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { - OPENSSL_assert(len <= sizeof ctx->key); + OPENSSL_assert(len <= (int)sizeof(ctx->key)); memcpy(ctx->key,key,len); ctx->key_length=len; } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 900af737e..d536b523d 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -336,7 +336,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - OPENSSL_assert(enc->iv_len <= sizeof iv); + OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index eeffc0df4..66b229c9b 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -300,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) + for (k = 0; k < (int)sizeof(md); k++) { md[k] ^= local_md[k]; } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 3714b248c..024e11b8e 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -85,7 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) { BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0,i; + int bitsp,bitsq,ok= -1,n=0; + unsigned int i; BN_CTX *ctx=NULL,*ctx2=NULL; ctx=BN_CTX_new(); diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 881252608..9c84a59d5 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -128,7 +128,7 @@ int X509_TRUST_get_count(void) X509_TRUST * X509_TRUST_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_TRUST_COUNT) return trstandard + idx; + if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } @@ -219,7 +219,7 @@ static void trtable_free(X509_TRUST *p) void X509_TRUST_cleanup(void) { - int i; + unsigned int i; for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 4d145f71f..b1a6d2632 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -140,7 +140,7 @@ int X509_PURPOSE_get_count(void) X509_PURPOSE * X509_PURPOSE_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } @@ -240,7 +240,7 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { - int i; + unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); xptable = NULL; diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index ee52a3f66..b006ed876 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -390,7 +390,7 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); + unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[256]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; @@ -482,7 +482,7 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); + unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[512]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; @@ -922,7 +922,7 @@ static int cca_get_random_bytes(unsigned char* buf, int num) unsigned char form[] = "RANDOM "; unsigned char rand_buf[8]; - while(num >= sizeof(rand_buf)) + while(num >= (int)sizeof(rand_buf)) { randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, exit_data, form, rand_buf); diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 1d24dedc9..62e83afb3 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -668,7 +668,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { - if (i > sizeof sess->master_key) + if (i > (int)sizeof(sess->master_key)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); @@ -688,7 +688,7 @@ static int client_master_key(SSL *s) else enc=i; - if (i < enc) + if ((int)i < enc) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); @@ -717,7 +717,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ - if (karg > sizeof sess->key_arg) + if (karg > (int)sizeof(sess->key_arg)) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index d3b144f1c..12e17bf66 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -101,7 +101,7 @@ int ssl2_enc_init(SSL *s, int client) if (ssl2_generate_key_material(s) <= 0) return 0; - OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 910b9fe09..a0edfb896 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -371,7 +371,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; SSL_CIPHER c,*cp= &c,**cpp; unsigned long id; - int i; + unsigned int i; if (init) { @@ -437,7 +437,8 @@ int ssl2_generate_key_material(SSL *s) EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + if (s->session->master_key_length < 0 || + s->session->master_key_length > (int)sizeof(s->session->master_key)) { SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; @@ -445,7 +446,8 @@ int ssl2_generate_key_material(SSL *s) for (i=0; is2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > + (int)sizeof(s->s2->key_material)) { /* EVP_DigestFinal_ex() below would write beyond buffer */ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); @@ -456,7 +458,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < sizeof s->session->master_key); + < (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -495,7 +497,7 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - OPENSSL_assert(error >= 0 && error <= sizeof buf); + OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index b27a1deaa..6b29f0470 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -582,7 +582,7 @@ static int ssl3_client_hello(SSL *s) *(p++)=i; if (i != 0) { - if (i > sizeof s->session->session_id) + if (i > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 559924d36..56e274fe2 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -139,7 +139,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; - int i,j,k; + unsigned int i,j,k; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /*'A' in ASCII */ @@ -147,7 +147,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) k=0; EVP_MD_CTX_init(&m5); EVP_MD_CTX_init(&s1); - for (i=0; i sizeof buf) @@ -172,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); - if ((i+MD5_DIGEST_LENGTH) > num) + if ((int)(i+MD5_DIGEST_LENGTH) > num) { EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2145385cc..6c208ccfc 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1914,7 +1914,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; SSL_CIPHER c,*cp= &c,**cpp; unsigned long id; - int i; + unsigned int i; if (init) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bd0624be3..abb03ca58 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1016,7 +1016,7 @@ static int ssl3_send_server_hello(SSL *s) s->session->session_id_length=0; sl=s->session->session_id_length; - if (sl > sizeof s->session->session_id) + if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return -1; diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 16bc11b55..f5d3c135b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -295,11 +295,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, if (os.length > i) os.length = i; - if (os.length > sizeof ret->session_id) /* can't happen */ - os.length = sizeof ret->session_id; + if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ + os.length = sizeof(ret->session_id); ret->session_id_length=os.length; - OPENSSL_assert(os.length <= sizeof ret->session_id); + OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 144b90dd1..ad56b7bf7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -794,7 +794,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); - if (r <= 0 || r >= sizeof buf) + if (r <= 0 || r >= (int)sizeof(buf)) goto err; if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) goto err; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 82c3b8d89..5aadfa51d 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1350,8 +1350,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) { if (c_write) { - j=(cw_num > (long)sizeof(cbuf)) - ?sizeof(cbuf):(int)cw_num; + j = (cw_num > (long)sizeof(cbuf)) ? + (int)sizeof(cbuf) : (int)cw_num; i=BIO_write(c_bio,cbuf,j); if (i < 0) { @@ -1481,8 +1481,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) } else { - j=(sw_num > (long)sizeof(sbuf))? - sizeof(sbuf):(int)sw_num; + j = (sw_num > (long)sizeof(sbuf)) ? + (int)sizeof(sbuf) : (int)sw_num; i=BIO_write(s_bio,sbuf,j); if (i < 0) { From 31166ec8f33f1d1af25901be4411d47ef15ff340 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 20:47:49 +0000 Subject: [PATCH 454/550] Some provisional bignum debugging has begun to detect inconsistent BIGNUM structures being passed in to or out of API functions, and this corrects a couple of cases found so far. Also, lop off a couple of bytes of white-space. --- crypto/bn/bn_lib.c | 1 - crypto/bn/bn_nist.c | 3 ++- crypto/bn/bn_recp.c | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 8207bce23..783881d3a 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -462,7 +462,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) A[0]=0; assert(A == &(b->d[b->dmax])); } - return b; } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 19bd54072..2ababfbed 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -823,6 +823,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (tmp->top == BN_NIST_521_TOP) tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + bn_fix_top(tmp); if (!BN_uadd(r, tmp, r)) return 0; top = r->top; @@ -838,6 +839,6 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, ret = 1; err: BN_CTX_end(ctx); - + return ret; } diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index ef5fdd470..22cbcfc49 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -203,6 +203,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ret=1; err: BN_CTX_end(ctx); + if(dv) bn_fix_top(dv); + if(rem) bn_fix_top(rem); return(ret); } From 8087d8f7ea077445ffce6dc7ac0cbbe4dcdcb2ee Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 20:55:03 +0000 Subject: [PATCH 455/550] Make md32_common.h friendlier to compiler warnings. Obtained from: Andy Polyakov --- crypto/md32_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 573850b12..511e5b2aa 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -484,7 +484,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) if ((((unsigned long)data)%4) == 0) { /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); sw*=HASH_CBLOCK; data+=sw; len-=sw; @@ -532,7 +532,7 @@ void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) if ((((unsigned long)data)%4) == 0) /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); else #if !defined(HASH_BLOCK_DATA_ORDER) { From 06e4024d98a8e142e354619a844c51429ed94bb6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 22:25:04 +0000 Subject: [PATCH 456/550] Oops, this file already had the "empty source file" workaround but it requires -DPEDANTIC and was hidden at the bottom of the file. This moves it to the top and removes the redundant declaration. --- crypto/ebcdic.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index 6ac5b3944..43e53bcaf 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -1,8 +1,14 @@ /* crypto/ebcdic.c */ -static void *dummy=&dummy; +#ifndef CHARSET_EBCDIC + +#include +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#else /*CHARSET_EBCDIC*/ -#ifdef CHARSET_EBCDIC #include "ebcdic.h" /* Initial Port for Apache-1.3 by * Adapted for OpenSSL-0.9.4 by @@ -212,9 +218,4 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) return dest; } -#else /*CHARSET_EBCDIC*/ -#include -#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy=&dummy; -#endif #endif From bc3c578208ce5da13f4cc3e0b04f46522accc7f8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 22:30:45 +0000 Subject: [PATCH 457/550] Copy-n-paste bug (don't mix variable declarations and code). This sets the callback structure just before it is needed. --- apps/req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/req.c b/apps/req.c index 29076266f..bbef94286 100644 --- a/apps/req.c +++ b/apps/req.c @@ -713,7 +713,6 @@ bad: if (newreq && (pkey == NULL)) { BN_GENCB cb; - BN_GENCB_set(&cb, req_cb, bio_err); char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -740,6 +739,7 @@ bad: if ((pkey=EVP_PKEY_new()) == NULL) goto end; #ifndef OPENSSL_NO_RSA + BN_GENCB_set(&cb, req_cb, bio_err); if (pkey_type == TYPE_RSA) { RSA *rsa = RSA_new(); From aca95e0b2fa50308ea55302672c51937bf0fe2cc Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 22:55:19 +0000 Subject: [PATCH 458/550] Remove a line that was causing redundant declarations. Obtained from: Stephen Henson --- crypto/asn1/asn1t.h | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index c1a4bea8f..6cfa2dd50 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -839,7 +839,6 @@ typedef struct ASN1_AUX_st { DECLARE_ASN1_ITEM(ASN1_BOOLEAN) DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) -DECLARE_ASN1_ITEM(ASN1_ANY) DECLARE_ASN1_ITEM(ASN1_SEQUENCE) DECLARE_ASN1_ITEM(CBIGNUM) DECLARE_ASN1_ITEM(BIGNUM) From d531c9014d2a66b58dbff385add487788adb3da8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 23:25:34 +0000 Subject: [PATCH 459/550] Tighten up my compiler settings. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 044b220aa..9239248b8 100755 --- a/Configure +++ b/Configure @@ -149,7 +149,7 @@ my %table=( "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box From f7939fcd9a851f8c78510d9055bf5abb8b8e71a8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 29 Oct 2003 23:25:52 +0000 Subject: [PATCH 460/550] make update --- TABLE | 20 ++++++++++---------- util/libeay.num | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/TABLE b/TABLE index c74ded4f1..bad7f495c 100644 --- a/TABLE +++ b/TABLE @@ -1652,21 +1652,21 @@ $arflags = *** debug-geoff $cc = gcc -$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DL_ENDIAN -DTERMIO -g -ggdb3 -Wall +$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-elf.o asm/co86-elf.o -$des_obj = asm/dx86-elf.o asm/yx86-elf.o -$bf_obj = asm/bx86-elf.o -$md5_obj = asm/mx86-elf.o -$sha1_obj = asm/sx86-elf.o -$cast_obj = asm/cx86-elf.o -$rc4_obj = asm/rx86-elf.o -$rmd160_obj = asm/rm86-elf.o -$rc5_obj = asm/r586-elf.o +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC diff --git a/util/libeay.num b/util/libeay.num index dac56a70d..cc60c323a 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1104,7 +1104,7 @@ BN_RECP_CTX_set 1131 EXIST::FUNCTION: BN_mod_mul_reciprocal 1132 EXIST::FUNCTION: BN_mod_exp_recp 1133 EXIST::FUNCTION: BN_div_recp 1134 EXIST::FUNCTION: -BN_CTX_init 1135 EXIST::FUNCTION: +BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED BN_MONT_CTX_init 1136 EXIST::FUNCTION: RAND_get_rand_method 1137 EXIST::FUNCTION: PKCS7_add_attribute 1138 EXIST::FUNCTION: From c4db1a8b5c2d72b765614b2115f36ae5ac8d22bd Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Oct 2003 01:03:31 +0000 Subject: [PATCH 461/550] This fixes a couple of cases where an inconsistent BIGNUM could be passed as input to a function. --- crypto/bn/bn_div.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 580d1201b..b2efe5bb5 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -348,11 +348,16 @@ X) -> 0x%08X\n", l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); wnum.d--; wnum.top++; tmp->d[div_n]=l0; + /* XXX: Couldn't we replace this with; + * tmp->top = div_n; + * bn_fix_top(tmp); + */ for (j=div_n+1; j>0; j--) if (tmp->d[j-1]) break; tmp->top=j; j=wnum.top; + bn_fix_top(&wnum); if (!BN_sub(&wnum,&wnum,tmp)) goto err; snum->top=snum->top+wnum.top-j; @@ -373,6 +378,7 @@ X) -> 0x%08X\n", * BN_rshift() will overwrite it. */ int neg = num->neg; + bn_fix_top(snum); BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; From 5f747c7f4bfb7dc97179a1bbe746e083ca38d1e3 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Oct 2003 01:07:56 +0000 Subject: [PATCH 462/550] When a BN_CTX is used for temporary workspace, the variables are sometimes left in an inconsistent state when they are released for later reuse. This change resets the BIGNUMs when they are released back to the context. --- crypto/bn/bn_ctx.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 34cc75cfa..a0e7915fb 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -167,6 +167,19 @@ void BN_CTX_end(BN_CTX *ctx) ctx->too_many = 0; ctx->depth--; + /* It appears some "scrapbook" uses of BN_CTX result in BIGNUMs being + * left in an inconsistent state when they are released (eg. BN_div). + * These can trip us up when they get reused, so the safest fix is to + * make sure the BIGNUMs are made sane when the context usage is + * releasing them. */ if (ctx->depth < BN_CTX_NUM_POS) +#if 0 ctx->tos = ctx->pos[ctx->depth]; +#else + { + while(ctx->tos > ctx->pos[ctx->depth]) + /* This ensures the BIGNUM is sane(r) for reuse. */ + ctx->bn[--(ctx->tos)].top = 0; + } +#endif } From a9fd78f9da17215914dfca865e85698c2a584909 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 31 Oct 2003 01:35:16 +0000 Subject: [PATCH 463/550] bn_div() does some pretty nasty things with temporary variables, constructing BIGNUM structures with pointers offset into other bignums (among other things). This corrects some of it that is too plainly insane, and tries to ensure that bignums are normalised when passed to other functions. --- crypto/bn/bn_div.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index b2efe5bb5..0fe58dbf6 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -227,9 +227,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * This is the part that corresponds to the current * 'area' being divided */ BN_init(&wnum); + wnum.flags = BN_FLG_STATIC_DATA; /* prevent accidental "expands" */ wnum.d= &(snum->d[loop]); wnum.top= div_n; - wnum.dmax= snum->dmax+1; /* a bit of a lie */ + wnum.dmax= snum->dmax - loop; /* so we don't step out of bounds */ /* Get the top 2 words of sdiv */ /* i=sdiv->top; */ @@ -248,6 +249,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; + bn_fix_top(&wnum); if (BN_ucmp(&wnum,sdiv) >= 0) { if (!BN_usub(&wnum,&wnum,sdiv)) goto err; @@ -346,7 +348,7 @@ X) -> 0x%08X\n", #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); - wnum.d--; wnum.top++; + wnum.d--; wnum.top++; wnum.dmax++; tmp->d[div_n]=l0; /* XXX: Couldn't we replace this with; * tmp->top = div_n; From cfd06a6223ca11244cff17b9b1bdd094b8b2d6db Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 31 Oct 2003 06:58:24 +0000 Subject: [PATCH 464/550] Let exit codes propagate from within for loops. --- Makefile.org | 34 +++++++++++++++++----------------- apps/Makefile.ssl | 4 ++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Makefile.org b/Makefile.org index b7f15587e..eb731bef9 100644 --- a/Makefile.org +++ b/Makefile.org @@ -257,7 +257,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a fi clean-shared: - @for i in $(SHLIBDIRS); do \ + @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ tmp="$(SHARED_LIBS_LINK_EXTS)"; \ for j in $${tmp:-x}; do \ @@ -271,7 +271,7 @@ clean-shared: done link-shared: - @ for i in ${SHLIBDIRS}; do \ + @ set -e; for i in ${SHLIBDIRS}; do \ $(NEWMAKE) -f $(HERE)/Makefile.shared \ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ @@ -282,7 +282,7 @@ link-shared: build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): - @ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ @@ -320,7 +320,7 @@ libclean: clean: libclean rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making clean in $$i..." && \ @@ -331,7 +331,7 @@ clean: libclean rm -f openssl.pc rm -f speed.* .pure rm -f $(TARFILE) - @for i in $(ONEDIRS) ;\ + @set -e; for i in $(ONEDIRS) ;\ do \ rm -fr $$i/*; \ done @@ -342,7 +342,7 @@ makefile.one: files files: $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making 'files' in $$i..." && \ @@ -354,7 +354,7 @@ links: @$(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @for i in $(DIRS); do \ + @set -e; for i in $(DIRS); do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making links in $$i..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ @@ -367,7 +367,7 @@ gentests: dclean: rm -f *.bak - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dclean in $$i..." && \ @@ -405,7 +405,7 @@ report: @$(PERL) util/selftest.pl depend: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dependencies $$i..." && \ @@ -414,7 +414,7 @@ depend: done; lint: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making lint $$i..." && \ @@ -423,7 +423,7 @@ lint: done; tags: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making tags $$i..." && \ @@ -500,19 +500,19 @@ install: all install_docs $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ $(INSTALL_PREFIX)$(OPENSSLDIR)/lib - @for i in $(EXHEADER) ;\ + @set -e; for i in $(EXHEADER) ;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i; echo "installing $$i..."; \ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \ fi; \ done - @for i in $(LIBS) ;\ + @set -e; for i in $(LIBS) ;\ do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ @@ -522,7 +522,7 @@ install: all install_docs mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done; - @if [ -n "$(SHARED_LIBS)" ]; then \ + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ tmp="$(SHARED_LIBS)"; \ for i in $${tmp:-x}; \ do \ @@ -568,7 +568,7 @@ install_docs: if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \ filecase=-i; \ fi; \ - for i in doc/apps/*.pod; do \ + set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ @@ -585,7 +585,7 @@ install_docs: $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ - for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index a8a8eb0bd..dab34dc6c 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -105,14 +105,14 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO install: - @for i in $(EXE); \ + @set -e; for i in $(EXE); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; - @for i in $(SCRIPTS); \ + @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ From 933398f1102ba99d64f901987c5e8fe340a2c331 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 31 Oct 2003 10:48:48 +0000 Subject: [PATCH 465/550] Engines are usually binary, and should therefore be in INSTALLTOP rather than OPENSSLDIR. --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index eb731bef9..ab3a96ada 100644 --- a/Makefile.org +++ b/Makefile.org @@ -495,7 +495,7 @@ install: all install_docs $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/engines \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ From c465e7941ec785f2ce53638b351a21d6a49fe1a0 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 4 Nov 2003 00:29:09 +0000 Subject: [PATCH 466/550] This is the least unacceptable way I've found for declaring the bignum data and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives. --- crypto/bn/bn.h | 21 +++++++++++++++++++++ crypto/bn/bn_lib.c | 8 ++++++++ crypto/bn/bn_nist.c | 31 ++++++++++++++++--------------- 3 files changed, 45 insertions(+), 15 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 686b3b307..44ba17524 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -252,6 +252,27 @@ typedef struct bignum_st int flags; } BIGNUM; +/* Declaring static BIGNUMs as constant is tricky in C; the 'd' data can't be + * pre-declared const without having to cast away the const when declaring the + * BIGNUM. We use this alternative type for declaring const BIGNUMs. See + * bn_nist.c for examples. */ +typedef struct bignum_c_st + { + const BN_ULONG *d; + int top; + int dmax; + int neg; + int flags; + } BIGNUM_C; +#ifdef BN_DEBUG +/* Use a function to do this so that we can type-check the pointer we're + * casting */ +const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn); +#else +/* Use a macro instead */ +#define BIGNUM_CONST(bn) ((const BIGNUM *)bn) +#endif + /* Used for temp variables (declaration hidden in bn_lcl.h) */ typedef struct bignum_ctx BN_CTX; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 783881d3a..f63232b9f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -874,3 +874,11 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } + +/* See the comments surrounding BIGNUM_C in bn.h */ +#ifdef BN_DEBUG +const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn) + { + return (const BIGNUM *)bn; + } +#endif diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 2ababfbed..ed148d845 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -127,39 +127,40 @@ const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0x01}; #endif +static const BIGNUM_C bn_nist_p_192 = + { _nist_p_192, BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_224 = + { _nist_p_224, BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_256 = + { _nist_p_256, BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_384 = + { _nist_p_384, BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; +static const BIGNUM_C bn_nist_p_521 = + { _nist_p_521, BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; + const BIGNUM *BN_get0_nist_prime_192(void) { - static BIGNUM const_nist_192={(BN_ULONG *)_nist_p_192,BN_NIST_192_TOP, - BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_192; + return BIGNUM_CONST(&bn_nist_p_192); } const BIGNUM *BN_get0_nist_prime_224(void) { - static BIGNUM const_nist_224={(BN_ULONG *)_nist_p_224,BN_NIST_224_TOP, - BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_224; + return BIGNUM_CONST(&bn_nist_p_224); } const BIGNUM *BN_get0_nist_prime_256(void) { - static BIGNUM const_nist_256={(BN_ULONG *)_nist_p_256,BN_NIST_256_TOP, - BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_256; + return BIGNUM_CONST(&bn_nist_p_256); } const BIGNUM *BN_get0_nist_prime_384(void) { - static BIGNUM const_nist_384={(BN_ULONG *)_nist_p_384,BN_NIST_384_TOP, - BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_384; + return BIGNUM_CONST(&bn_nist_p_384); } const BIGNUM *BN_get0_nist_prime_521(void) { - static BIGNUM const_nist_521={(BN_ULONG *)_nist_p_521,BN_NIST_521_TOP, - BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA}; - return &const_nist_521; + return BIGNUM_CONST(&bn_nist_p_521); } /* some misc internal functions */ From d8ec0dcf457f4dec39f137657b702fcbeaf5cc04 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 4 Nov 2003 00:51:32 +0000 Subject: [PATCH 467/550] Avoid some shadowed variable names. Submitted by: Nils Larsch --- apps/s_client.c | 6 +++--- crypto/bio/b_dump.c | 10 +++++----- crypto/bio/b_print.c | 6 +++--- engines/vendor_defns/sureware.h | 2 +- ssl/s3_enc.c | 10 +++++----- ssl/ssl_ciph.c | 8 ++++---- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 0f7dd8861..294aad8b5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -944,7 +944,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; - const COMP_METHOD *comp, *exp; + const COMP_METHOD *comp, *expansion; if (full) { @@ -1048,11 +1048,11 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_free(pktmp); } comp=SSL_get_current_compression(s); - exp=SSL_get_current_expansion(s); + expansion=SSL_get_current_expansion(s); BIO_printf(bio,"Compression: %s\n", comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio,"Expansion: %s\n", - exp ? SSL_COMP_get_name(exp) : "NONE"); + expansion ? SSL_COMP_get_name(expansion) : "NONE"); SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 8397cfab6..0f6176836 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -77,15 +77,15 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) { int ret=0; char buf[288+1],tmp[20],str[128+1]; - int i,j,rows,trunc; + int i,j,rows,trc; unsigned char ch; int dump_width; - trunc=0; + trc=0; #ifdef TRUNCATE for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) - trunc++; + trc++; #endif if (indent < 0) @@ -142,9 +142,9 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #ifdef TRUNCATE - if (trunc > 0) + if (trc > 0) { - sprintf(buf,"%s%04x - \n",str,len+trunc); + sprintf(buf,"%s%04x - \n",str,len+trc); ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #endif diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index f80335e26..de74ec6df 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -576,12 +576,12 @@ abs_val(LDOUBLE value) } static LDOUBLE -pow10(int exp) +pow10(int in_exp) { LDOUBLE result = 1; - while (exp) { + while (in_exp) { result *= 10; - exp--; + in_exp--; } return result; } diff --git a/engines/vendor_defns/sureware.h b/engines/vendor_defns/sureware.h index 1d3789219..4bc22027f 100644 --- a/engines/vendor_defns/sureware.h +++ b/engines/vendor_defns/sureware.h @@ -232,7 +232,7 @@ extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign; * mlen,elen and dlen are all multiple of sizeof(unsigned long) */ typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod, - int elen,const unsigned long *exp, + int elen,const unsigned long *exponent, int dlen,unsigned long *data, unsigned long *res); extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 56e274fe2..5d133eef1 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which) COMP_METHOD *comp; const EVP_MD *m; EVP_MD_CTX md; - int exp,n,i,j,k,cl; + int is_exp,n,i,j,k,cl; int reuse_dd = 0; - exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); + is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; if (s->s3->tmp.new_compression == NULL) @@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which) p=s->s3->tmp.key_block; i=EVP_MD_size(m); cl=EVP_CIPHER_key_length(c); - j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? + j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ + /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) @@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_MD_CTX_init(&md); memcpy(mac_secret,ms,i); - if (exp) + if (is_exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4f0f70079..545999ac6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -952,7 +952,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) { int is_export,pkl,kl; - char *ver,*exp; + char *ver,*exp_str; char *kx,*au,*enc,*mac; unsigned long alg,alg2,alg_s; #ifdef KSSL_DEBUG @@ -968,7 +968,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) is_export=SSL_C_IS_EXPORT(cipher); pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); kl=SSL_C_EXPORT_KEYLENGTH(cipher); - exp=is_export?" export":""; + exp_str=is_export?" export":""; if (alg & SSL_SSLV2) ver="SSLv2"; @@ -1094,9 +1094,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); #else - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); #endif /* KSSL_DEBUG */ return(buf); } From d870740cd75dd4f0cb66fb8c32653a7d47369706 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 4 Nov 2003 22:54:49 +0000 Subject: [PATCH 468/550] Put the first stage of my bignum debugging adventures into CVS. This code is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible. --- CHANGES | 16 +++++++++ crypto/bn/bn.h | 78 +++++++++++++++++++++++++++++++++++++++++++- crypto/bn/bn_add.c | 5 ++- crypto/bn/bn_blind.c | 1 + crypto/bn/bn_ctx.c | 5 ++- crypto/bn/bn_div.c | 8 +++-- crypto/bn/bn_exp.c | 6 ++++ crypto/bn/bn_exp2.c | 1 + crypto/bn/bn_gcd.c | 3 ++ crypto/bn/bn_gf2m.c | 25 +++++++++++--- crypto/bn/bn_lcl.h | 8 ----- crypto/bn/bn_lib.c | 21 +++++++++--- crypto/bn/bn_mod.c | 5 +++ crypto/bn/bn_mont.c | 4 ++- crypto/bn/bn_mpi.c | 1 + crypto/bn/bn_mul.c | 3 +- crypto/bn/bn_nist.c | 25 ++++++++------ crypto/bn/bn_prime.c | 5 +++ crypto/bn/bn_print.c | 6 ++-- crypto/bn/bn_rand.c | 2 ++ crypto/bn/bn_recp.c | 2 ++ crypto/bn/bn_shift.c | 10 ++++-- crypto/bn/bn_sqr.c | 1 + crypto/bn/bn_sqrt.c | 3 ++ crypto/bn/bn_word.c | 4 +++ 25 files changed, 209 insertions(+), 39 deletions(-) diff --git a/CHANGES b/CHANGES index d15740876..e3b0623c0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,22 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) An audit of the BIGNUM code is underway, for which debugging code is + enabled when BN_DEBUG is defined. This makes stricter enforcements on what + is considered valid when processing BIGNUMs, and causes execution to + assert() when a problem is discovered. If BN_DEBUG_RAND is defined, + further steps are taken to deliberately pollute unused data in BIGNUM + structures to try and expose faulty code further on. For now, openssl will + (in its default mode of operation) continue to tolerate the inconsistent + forms that it has tolerated in the past, but authors and packagers should + consider trying openssl and their own applications when compiled with + these debugging symbols defined. It will help highlight potential bugs in + their own code, and will improve the test coverage for OpenSSL itself. At + some point, these tighter rules will become openssl's default to improve + maintainability, though the assert()s and other overheads will remain only + in debugging configurations. See bn.h for more details. + [Geoff Thorpe] + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly initialises it). The presence of this function only made it possible diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 44ba17524..d51c94f92 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -611,7 +611,34 @@ const BIGNUM *BN_get0_nist_prime_521(void); BIGNUM *bn_expand2(BIGNUM *a, int words); BIGNUM *bn_dup_expand(const BIGNUM *a, int words); -#define bn_fix_top(a) \ +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ +#define bn_correct_top(a) \ { \ BN_ULONG *ftl; \ if ((a)->top > 0) \ @@ -621,6 +648,55 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); } \ } +/* #define BN_DEBUG_RAND */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include + +#ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +#ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf,int num); +#define BN_DEBUG_TRIX +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_tbignum = (a); \ + assert((_tbignum->top == 0) || \ + (_tbignum->d[_tbignum->top - 1] != 0)); \ + if(_tbignum->top < _tbignum->dmax) { \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_tbignum->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes((unsigned char *)(_not_const + _tbignum->top), \ + (_tbignum->dmax - _tbignum->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#ifdef BN_DEBUG_TRIX +#undef RAND_pseudo_bytes +#endif +#else /* !BN_DEBUG_RAND */ +#define bn_check_top(a) \ + do { \ + const BIGNUM *_tbignum = (a); \ + assert((_tbignum->top == 0) || \ + (_tbignum->d[_tbignum->top - 1] != 0)); \ + } while(0) +#endif + +#define bn_fix_top(a) bn_check_top(a) + +#else /* !BN_DEBUG */ + +#define bn_check_top(a) do { ; } while(0) +#define bn_fix_top(a) bn_correct_top(a) + +#endif + BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index 6cba07e9f..a13b8a11c 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -100,6 +100,7 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) r->neg=1; else r->neg=0; + bn_check_top(r); return(1); } @@ -161,6 +162,7 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) } /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ r->neg = 0; + bn_check_top(r); return(1); } @@ -253,7 +255,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) r->top=max; r->neg=0; - bn_fix_top(r); + bn_correct_top(r); return(1); } @@ -304,6 +306,7 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (!BN_usub(r,a,b)) return(0); r->neg=0; } + bn_check_top(r); return(1); } diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 2d287e6d1..011d37f1f 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -139,6 +139,7 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_update(b,ctx)) return(0); } + bn_check_top(n); return(ret); } diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index a0e7915fb..7b5be7c43 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -121,8 +121,10 @@ void BN_CTX_free(BN_CTX *ctx) if (ctx == NULL) return; assert(ctx->depth == 0); - for (i=0; i < BN_CTX_NUM; i++) + for (i=0; i < BN_CTX_NUM; i++) { + bn_check_top(&(ctx->bn[i])); BN_clear_free(&(ctx->bn[i])); + } if (ctx->flags & BN_FLG_MALLOCED) OPENSSL_free(ctx); } @@ -152,6 +154,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) } return NULL; } + bn_check_top(&(ctx->bn[ctx->tos])); return (&(ctx->bn[ctx->tos++])); } diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 0fe58dbf6..ff218957b 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -249,7 +249,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; - bn_fix_top(&wnum); + bn_correct_top(&wnum); if (BN_ucmp(&wnum,sdiv) >= 0) { if (!BN_usub(&wnum,&wnum,sdiv)) goto err; @@ -359,7 +359,7 @@ X) -> 0x%08X\n", tmp->top=j; j=wnum.top; - bn_fix_top(&wnum); + bn_correct_top(&wnum); if (!BN_sub(&wnum,&wnum,tmp)) goto err; snum->top=snum->top+wnum.top-j; @@ -380,14 +380,16 @@ X) -> 0x%08X\n", * BN_rshift() will overwrite it. */ int neg = num->neg; - bn_fix_top(snum); + bn_correct_top(snum); BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; + bn_check_top(rm); } BN_CTX_end(ctx); return(1); err: + bn_check_top(rm); BN_CTX_end(ctx); return(0); } diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index afdfd580f..462d4dbc4 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -147,6 +147,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) err: if (r != rr) BN_copy(r,rr); BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -221,6 +222,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, { ret=BN_mod_exp_simple(r,a,p,m,ctx); } #endif + bn_check_top(r); return(ret); } @@ -347,6 +349,7 @@ err: for (i=0; itop = at->top; - bn_fix_top(r); + bn_correct_top(r); return 1; } @@ -392,7 +392,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) } - bn_fix_top(r); + bn_correct_top(r); return 1; } @@ -414,6 +414,7 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) goto err; } ret = BN_GF2m_mod_arr(r, a, arr); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -457,8 +458,9 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } } - bn_fix_top(s); + bn_correct_top(s); BN_GF2m_mod_arr(r, s, p); + bn_check_top(r); ret = 1; err: @@ -485,6 +487,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p goto err; } ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -508,8 +511,9 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C } s->top = 2 * a->top; - bn_fix_top(s); + bn_correct_top(s); if (!BN_GF2m_mod_arr(r, s, p)) goto err; + bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -533,6 +537,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -594,6 +599,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_copy(r, b)) goto err; + bn_check_top(r); ret = 1; err: @@ -617,6 +623,7 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_ if (!BN_GF2m_arr2poly(p, field)) goto err; ret = BN_GF2m_mod_inv(r, xx, field, ctx); + bn_check_top(r); err: BN_CTX_end(ctx); @@ -639,6 +646,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; + bn_check_top(r); ret = 1; err: @@ -711,6 +719,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p } while (1); if (!BN_copy(r, u)) goto err; + bn_check_top(r); ret = 1; err: @@ -736,6 +745,7 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const uns if (!BN_GF2m_arr2poly(p, field)) goto err; ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); + bn_check_top(r); err: BN_CTX_end(ctx); @@ -773,6 +783,7 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } } if (!BN_copy(r, u)) goto err; + bn_check_top(r); ret = 1; @@ -799,6 +810,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p goto err; } ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -819,6 +831,7 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ if (!BN_zero(u)) goto err; if (!BN_set_bit(u, p[0] - 1)) goto err; ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); + bn_check_top(r); err: BN_CTX_end(ctx); @@ -843,6 +856,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -917,6 +931,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p if (BN_GF2m_cmp(w, a)) goto err; if (!BN_copy(r, z)) goto err; + bn_check_top(r); ret = 1; @@ -942,6 +957,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * goto err; } ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); + bn_check_top(r); err: if (arr) OPENSSL_free(arr); return ret; @@ -990,6 +1006,7 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) BN_set_bit(a, p[i]); } BN_set_bit(a, 0); + bn_check_top(a); return 1; } diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 0c448724d..4603b4f9f 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -250,14 +250,6 @@ extern "C" { } -/* This is used for internal error checking and is not normally used */ -#ifdef BN_DEBUG -# include -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); -#else -# define bn_check_top(a) -#endif - /* This macro is to add extra stuff for development checking */ #ifdef BN_DEBUG #define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index f63232b9f..85b72e0ee 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -286,6 +286,7 @@ void BN_free(BIGNUM *a) void BN_init(BIGNUM *a) { memset(a,0,sizeof(BIGNUM)); + bn_check_top(a); } BIGNUM *BN_new(void) @@ -302,6 +303,7 @@ BIGNUM *BN_new(void) ret->neg=0; ret->dmax=0; ret->d=NULL; + bn_check_top(ret); return(ret); } @@ -420,6 +422,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) r = BN_dup(b); } + bn_check_top(r); return r; } @@ -462,6 +465,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) A[0]=0; assert(A == &(b->d[b->dmax])); } + else if(b) bn_check_top(b); return b; } @@ -479,6 +483,7 @@ BIGNUM *BN_dup(const BIGNUM *a) /* now r == t || r == NULL */ if (r == NULL) BN_free(t); + bn_check_top(r); return r; } @@ -518,6 +523,7 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if ((a->top == 0) && (a->d != NULL)) a->d[0]=0; a->neg=b->neg; + bn_check_top(a); return(a); } @@ -561,8 +567,9 @@ BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) a->top = min; a->neg = b->neg; - bn_fix_top(a); + bn_correct_top(a); + bn_check_top(a); return(a); } @@ -592,6 +599,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + bn_check_top(a); + bn_check_top(b); } @@ -601,6 +610,7 @@ void BN_clear(BIGNUM *a) memset(a->d,0,a->dmax*sizeof(a->d[0])); a->top=0; a->neg=0; + bn_check_top(a); } BN_ULONG BN_get_word(const BIGNUM *a) @@ -648,6 +658,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->d[i]=(BN_ULONG)w&BN_MASK2; if (a->d[i] != 0) a->top=i+1; } + bn_check_top(a); return(1); } @@ -684,7 +695,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* need to call this due to clear byte at top if avoiding * having the top bit set (-ve number) */ - bn_fix_top(ret); + bn_correct_top(ret); return(ret); } @@ -700,6 +711,7 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to) l=a->d[i/BN_BYTES]; *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; } + bn_check_top(a); return(n); } @@ -781,6 +793,7 @@ int BN_set_bit(BIGNUM *a, int n) } a->d[i]|=(((BN_ULONG)1)<top <= i) return(0); a->d[i]&=(~(((BN_ULONG)1)<top=w+1; a->d[w]&= ~(BN_MASK2<= 0) return BN_sub(r, r, m); return 1; @@ -240,6 +243,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ct } ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + bn_check_top(r); if (abs_m) BN_free(abs_m); @@ -291,6 +295,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) if (!BN_sub(r, r, m)) return 0; } } + bn_check_top(r); return 1; } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c9ebdbaab..22d23cc3d 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -90,6 +90,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; + bn_check_top(r); ret=1; err: BN_CTX_end(ctx); @@ -172,7 +173,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; } } - bn_fix_top(r); + bn_correct_top(r); /* mont->ri will be a multiple of the word size */ #if 0 @@ -229,6 +230,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, if (!BN_usub(ret,ret,&(mont->N))) goto err; } retn=1; + bn_check_top(ret); err: BN_CTX_end(ctx); return(retn); diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 05fa9d1e9..a054d21ae 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -124,6 +124,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) { BN_clear_bit(a,BN_num_bits(a)-1); } + bn_check_top(a); return(a); } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 6b633b90b..5a92f9a33 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -1090,11 +1090,12 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_fix_top(rr); + bn_correct_top(rr); if (r != rr) BN_copy(r,rr); ret=1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index ed148d845..2e03d0709 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -358,14 +358,15 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; } @@ -450,13 +451,14 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -608,13 +610,14 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -776,13 +779,14 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -824,7 +828,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (tmp->top == BN_NIST_521_TOP) tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; - bn_fix_top(tmp); + bn_correct_top(tmp); if (!BN_uadd(r, tmp, r)) return 0; top = r->top; @@ -835,11 +839,12 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_NIST_ADD_ONE(r_d) r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; } - bn_fix_top(r); + bn_correct_top(r); ret = 1; err: BN_CTX_end(ctx); + bn_check_top(r); return ret; } diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index fd863933e..4430e90df 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -226,6 +226,7 @@ loop: err: BN_free(&t); if (ctx != NULL) BN_CTX_free(ctx); + bn_check_top(ret); return found; } @@ -363,6 +364,7 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, } /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', * and it is neither -1 nor +1 -- so 'a' cannot be prime */ + bn_check_top(w); return 1; } @@ -394,6 +396,7 @@ again: } } if (!BN_add_word(rnd,delta)) return(0); + bn_check_top(rnd); return(1); } @@ -431,6 +434,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, ret=1; err: BN_CTX_end(ctx); + bn_check_top(rnd); return(ret); } @@ -482,5 +486,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, ret=1; err: BN_CTX_end(ctx); + bn_check_top(p); return(ret); } diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 5f46b1826..5b5eb8fc9 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -210,10 +210,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a) j-=(BN_BYTES*2); } ret->top=h; - bn_fix_top(ret); + bn_correct_top(ret); ret->neg=neg; *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); @@ -269,8 +270,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) } ret->neg=neg; - bn_fix_top(ret); + bn_correct_top(ret); *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 480817a4b..de5a1f0c6 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -204,6 +204,7 @@ err: OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } + bn_check_top(rnd); return(ret); } @@ -290,6 +291,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) while (BN_cmp(r, range) >= 0); } + bn_check_top(r); return 1; } diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 22cbcfc49..ea39677bc 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -123,6 +123,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ret = BN_div_recp(NULL,r,ca,recp,ctx); err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -228,5 +229,6 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) ret=len; err: BN_free(&t); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 70f785ea1..513e686f8 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -89,6 +89,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) *rp=1; r->top++; } + bn_check_top(r); return(1); } @@ -117,7 +118,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) rp[i]=((t>>1)&BN_MASK2)|c; c=(t&1)?BN_TBIT:0; } - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -149,7 +151,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) /* for (i=0; itop=a->top+nw+1; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -200,6 +203,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) *(t++) =(l>>rb)&BN_MASK2; } *t=0; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index c1d0cca43..ab678d1f3 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -145,6 +145,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) ret = 1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 463d4a813..51902703e 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -86,6 +86,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -104,6 +105,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -384,5 +386,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = NULL; } BN_CTX_end(ctx); + bn_check_top(ret); return ret; } diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 988e0ca7b..560a49969 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -102,6 +102,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) } if ((a->top > 0) && (a->d[a->top-1] == 0)) a->top--; + bn_check_top(a); return(ret); } @@ -136,6 +137,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) } if (i >= a->top) a->top++; + bn_check_top(a); return(1); } @@ -175,6 +177,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) } if ((a->d[i] == 0) && (i == (a->top-1))) a->top--; + bn_check_top(a); return(1); } @@ -197,6 +200,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) } } } + bn_check_top(a); return(1); } From c5f1c7b4d89956066ed0c6e6d1fc9d8a1496dc9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 5 Nov 2003 17:27:13 +0000 Subject: [PATCH 469/550] Cygwin debugging --- Configure | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 9239248b8..009c06c61 100755 --- a/Configure +++ b/Configure @@ -142,7 +142,7 @@ my %table=( "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -517,6 +517,7 @@ my %table=( # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32::::win32:cygwin-shared:::.dll", # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", From 2b96c95197dc1e85e5afa3da09ad280a6166f778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 5 Nov 2003 17:28:25 +0000 Subject: [PATCH 470/550] cleanup as discussed with Geoff --- crypto/bn/bn.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d51c94f92..5c648ea01 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -692,7 +692,7 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #else /* !BN_DEBUG */ -#define bn_check_top(a) do { ; } while(0) +#define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) #endif From 078dd1a0f94394632614123af3155866749ff79c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 5 Nov 2003 17:28:59 +0000 Subject: [PATCH 471/550] typo in comment --- crypto/bn/bn_nist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 2e03d0709..79f7c2ef2 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_nist.p */ +/* crypto/bn/bn_nist.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * From 0ef85c7f4512570a02c4ff5d95a275ecf225702a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 5 Nov 2003 19:30:29 +0000 Subject: [PATCH 472/550] This is a revert of my previous commit to "improve" the declaration of constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.) --- crypto/bn/bn.h | 21 --------------------- crypto/bn/bn_lib.c | 8 -------- crypto/bn/bn_nist.c | 31 +++++++++++++++---------------- 3 files changed, 15 insertions(+), 45 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 5c648ea01..a46fe842c 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -252,27 +252,6 @@ typedef struct bignum_st int flags; } BIGNUM; -/* Declaring static BIGNUMs as constant is tricky in C; the 'd' data can't be - * pre-declared const without having to cast away the const when declaring the - * BIGNUM. We use this alternative type for declaring const BIGNUMs. See - * bn_nist.c for examples. */ -typedef struct bignum_c_st - { - const BN_ULONG *d; - int top; - int dmax; - int neg; - int flags; - } BIGNUM_C; -#ifdef BN_DEBUG -/* Use a function to do this so that we can type-check the pointer we're - * casting */ -const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn); -#else -/* Use a macro instead */ -#define BIGNUM_CONST(bn) ((const BIGNUM *)bn) -#endif - /* Used for temp variables (declaration hidden in bn_lcl.h) */ typedef struct bignum_ctx BN_CTX; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 85b72e0ee..1f45b09d0 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -887,11 +887,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } - -/* See the comments surrounding BIGNUM_C in bn.h */ -#ifdef BN_DEBUG -const BIGNUM *BIGNUM_CONST(const BIGNUM_C *bn) - { - return (const BIGNUM *)bn; - } -#endif diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 79f7c2ef2..6aa196f6f 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -127,40 +127,39 @@ const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0x01}; #endif -static const BIGNUM_C bn_nist_p_192 = - { _nist_p_192, BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_224 = - { _nist_p_224, BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_256 = - { _nist_p_256, BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_384 = - { _nist_p_384, BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; -static const BIGNUM_C bn_nist_p_521 = - { _nist_p_521, BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; - const BIGNUM *BN_get0_nist_prime_192(void) { - return BIGNUM_CONST(&bn_nist_p_192); + static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, + BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_192; } const BIGNUM *BN_get0_nist_prime_224(void) { - return BIGNUM_CONST(&bn_nist_p_224); + static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, + BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_224; } const BIGNUM *BN_get0_nist_prime_256(void) { - return BIGNUM_CONST(&bn_nist_p_256); + static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, + BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_256; } const BIGNUM *BN_get0_nist_prime_384(void) { - return BIGNUM_CONST(&bn_nist_p_384); + static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, + BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_384; } const BIGNUM *BN_get0_nist_prime_521(void) { - return BIGNUM_CONST(&bn_nist_p_521); + static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; + return &const_nist_521; } /* some misc internal functions */ From 5c0c22803e7bf96f96507d875f782eb283b718e7 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 6 Nov 2003 23:11:07 +0000 Subject: [PATCH 473/550] Put more debug screening in BN_div() and correct a comment. --- crypto/bn/bn_div.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index ff218957b..0fef7ced2 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -185,6 +185,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG d0,d1; int num_n,div_n; + bn_check_top(dv); + bn_check_top(rm); bn_check_top(num); bn_check_top(divisor); @@ -233,7 +235,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.dmax= snum->dmax - loop; /* so we don't step out of bounds */ /* Get the top 2 words of sdiv */ - /* i=sdiv->top; */ + /* div_n=sdiv->top; */ d0=sdiv->d[div_n-1]; d1=(div_n == 1)?0:sdiv->d[div_n-2]; From 18f62d4b82cc3101f3e1ae026c5e077193cfca5b Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 6 Nov 2003 23:13:04 +0000 Subject: [PATCH 474/550] Add debug-screening of input parameters to some functions I'd missed before. --- crypto/bn/bn_shift.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 513e686f8..69c03570b 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -65,6 +65,9 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) register BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (r != a) { r->neg=a->neg; @@ -98,6 +101,9 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (BN_is_zero(a)) { BN_zero(r); @@ -129,6 +135,9 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l; + bn_check_top(r); + bn_check_top(a); + r->neg=a->neg; nw=n/BN_BITS2; if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); @@ -162,6 +171,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l,tmp; + bn_check_top(r); + bn_check_top(a); + nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; From f75abcefed900d2b729223d87229da09924efd2a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 6 Nov 2003 23:24:44 +0000 Subject: [PATCH 475/550] This extends the debugging macros to use "pollution" during bn_correct_top(), previously only bn_check_top() did this. --- crypto/bn/bn.h | 47 +++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index a46fe842c..326aeca9f 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -617,15 +617,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); * defined. This not only improves external code, it provides more test * coverage for openssl's own code. */ -#define bn_correct_top(a) \ - { \ - BN_ULONG *ftl; \ - if ((a)->top > 0) \ - { \ - for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ - if (*(ftl--)) break; \ - } \ - } /* #define BN_DEBUG_RAND */ @@ -640,42 +631,54 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); int RAND_pseudo_bytes(unsigned char *buf,int num); #define BN_DEBUG_TRIX #endif -#define bn_check_top(a) \ +#define bn_pollute(a) \ do { \ - const BIGNUM *_tbignum = (a); \ - assert((_tbignum->top == 0) || \ - (_tbignum->d[_tbignum->top - 1] != 0)); \ - if(_tbignum->top < _tbignum->dmax) { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ /* We cast away const without the compiler knowing, any \ * *genuinely* constant variables that aren't mutable \ * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ - memcpy(&_not_const, &_tbignum->d, sizeof(BN_ULONG*)); \ - RAND_pseudo_bytes((unsigned char *)(_not_const + _tbignum->top), \ - (_tbignum->dmax - _tbignum->top) * sizeof(BN_ULONG)); \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes((unsigned char *)(_not_const + _bnum1->top), \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ } \ } while(0) #ifdef BN_DEBUG_TRIX #undef RAND_pseudo_bytes #endif -#else /* !BN_DEBUG_RAND */ +#else +#define bn_pollute(a) +#endif #define bn_check_top(a) \ do { \ - const BIGNUM *_tbignum = (a); \ - assert((_tbignum->top == 0) || \ - (_tbignum->d[_tbignum->top - 1] != 0)); \ + const BIGNUM *_bnum2 = (a); \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ } while(0) -#endif #define bn_fix_top(a) bn_check_top(a) #else /* !BN_DEBUG */ +#define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) #endif +#define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + if ((a)->top > 0) \ + { \ + for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ + if (*(ftl--)) break; \ + } \ + bn_pollute(a); \ + } + BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); From e6e81c589487cadab8882e4a81609d9c95bba62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 7 Nov 2003 00:07:28 +0000 Subject: [PATCH 476/550] oops... the description of ->top was inaccurate (the example is correct though) --- doc/crypto/bn_internal.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 9805a7c9f..46abb0547 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -72,7 +72,7 @@ applications. typedef struct bignum_st { - int top; /* index of last used d (most significant word) */ + int top; /* index of last used d (most significant word) + 1 */ BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ int max; /* size of the d array */ int neg; /* sign */ @@ -84,7 +84,7 @@ in size (B), depending on the 'number of bits' specified in C. B is the size of the B array that has been allocated. B -is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and +is the 'last' entry being used plus one, so for a value of 4, bn.d[0]=4 and bn.top=1. B is 1 if the number is negative. When a B is B<0>, the B field can be B and B == B<0>. @@ -202,7 +202,7 @@ call bn_expand2(), which allocates a new B array and copies the data. They return B on error, B otherwise. The bn_fix_top() macro reduces Btop> to point to the most -significant non-zero word when B has shrunk. +significant non-zero word plus one when B has shrunk. =head2 Debugging From d18b993c435d3f095cf485f48859065ce6052e35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 7 Nov 2003 01:33:00 +0000 Subject: [PATCH 477/550] Geoff suggested a more succinct description for "top". --- doc/crypto/bn_internal.pod | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 46abb0547..891914678 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -72,19 +72,19 @@ applications. typedef struct bignum_st { - int top; /* index of last used d (most significant word) + 1 */ - BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ + int top; /* number of words used in d */ + BN_ULONG *d; /* pointer to an array containing the integer value */ int max; /* size of the d array */ int neg; /* sign */ } BIGNUM; -The big number is stored in B, a malloc()ed array of Bs, -least significant first. A B can be either 16, 32 or 64 bits -in size (B), depending on the 'number of bits' specified in +The integer value is stored in B, a malloc()ed array of words (B), +least significant word first. A B can be either 16, 32 or 64 bits +in size, depending on the 'number of bits' (B) specified in C. B is the size of the B array that has been allocated. B -is the 'last' entry being used plus one, so for a value of 4, bn.d[0]=4 and +is the number of words being used, so for a value of 4, bn.d[0]=4 and bn.top=1. B is 1 if the number is negative. When a B is B<0>, the B field can be B and B == B<0>. From cd2e8a6f2da1d5a8e842f71511c68d1088629912 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 10 Nov 2003 01:37:23 +0000 Subject: [PATCH 478/550] Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). --- CHANGES | 4 ++++ crypto/asn1/a_strex.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e3b0623c0..f3c304af7 100644 --- a/CHANGES +++ b/CHANGES @@ -616,6 +616,10 @@ [Richard Levitte] Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + + *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). + [Peter Sylvester ] + *) Use the correct content when signing type "other". [Steve Henson] diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 8abfdfe59..bde666a6f 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = { -1, -1, 0, -1, /* 10-13 */ -1, -1, -1, -1, /* 15-17 */ -1, 1, 1, /* 18-20 */ - -1, 1, -1,-1, /* 21-24 */ + -1, 1, 1, 1, /* 21-24 */ -1, 1, -1, /* 25-27 */ 4, -1, 2 /* 28-30 */ }; From f7a397cc8d0cf336907a7e05f7a9a94c3cd12877 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 10 Nov 2003 18:05:22 +0000 Subject: [PATCH 479/550] Avoid possible memory leaks in error-handling. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/asn1/d2i_pu.c | 8 ++++---- crypto/asn1/x_pubkey.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 4c2bd4e5c..d0fd73209 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -103,8 +103,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa), - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), + (const unsigned char **)pp,length)) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); goto err; @@ -113,8 +113,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if ((ret->pkey.eckey = o2i_ECPublicKey(&(ret->pkey.eckey), - (const unsigned char **)pp, length)) == NULL) + if (!o2i_ECPublicKey(&(ret->pkey.eckey), + (const unsigned char **)pp, length)) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index c32a6eaa4..01698dd21 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -323,7 +323,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) p=key->public_key->data; j=key->public_key->length; - if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL) + if (!d2i_PublicKey(type, &ret, &p, (long)j)) { X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); goto err; From 37af03d3117cc1db061594019f351fcec5b08a8a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 10 Nov 2003 18:09:18 +0000 Subject: [PATCH 480/550] General improvements to the ec_asn1.c code. This squashes at least one bug (where it was impossible to create an EC certificate with a compressed public key), and has some style improvements based on some comments from Steve Henson about use of the ASN1 macros. Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/ec/ec_asn1.c | 429 +++++++++++++++++--------------------------- 1 file changed, 165 insertions(+), 264 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index f31ac45d9..6e3a02ab8 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -128,23 +128,41 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, /* some structures needed for the asn1 encoding */ -typedef struct x9_62_fieldid_st { - ASN1_OBJECT *fieldType; - ASN1_TYPE *parameters; - } X9_62_FIELDID; - -typedef struct x9_62_characteristic_two_st { - long m; - ASN1_OBJECT *basis; - ASN1_TYPE *parameters; - } X9_62_CHARACTERISTIC_TWO; - typedef struct x9_62_pentanomial_st { long k1; long k2; long k3; } X9_62_PENTANOMIAL; +typedef struct x9_62_characteristic_two_st { + long m; + ASN1_OBJECT *type; + union { + char *ptr; + /* NID_X9_62_onBasis */ + ASN1_NULL *onBasis; + /* NID_X9_62_tpBasis */ + ASN1_INTEGER *tpBasis; + /* NID_X9_62_ppBasis */ + X9_62_PENTANOMIAL *ppBasis; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_CHARACTERISTIC_TWO; + +typedef struct x9_62_fieldid_st { + ASN1_OBJECT *fieldType; + union { + char *ptr; + /* NID_X9_62_prime_field */ + ASN1_INTEGER *prime; + /* NID_X9_62_characteristic_two_field */ + X9_62_CHARACTERISTIC_TWO *char_two; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_FIELDID; + typedef struct x9_62_curve_st { ASN1_OCTET_STRING *a; ASN1_OCTET_STRING *b; @@ -177,36 +195,44 @@ typedef struct ec_privatekey_st { ASN1_BIT_STRING *publicKey; } EC_PRIVATEKEY; -/* the OpenSSL asn1 definitions */ - -ASN1_SEQUENCE(X9_62_FIELDID) = { - ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), - ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY) -} ASN1_SEQUENCE_END(X9_62_FIELDID) - -DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID) - -ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, basis, ASN1_OBJECT), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, parameters, ASN1_ANY) -} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) - -DECLARE_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO, X9_62_CHARACTERISTIC_TWO) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO) - +/* the OpenSSL ASN.1 definitions */ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) -DECLARE_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_PENTANOMIAL, X9_62_PENTANOMIAL) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL) +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) + +ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { + ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), + ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) +} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); + +ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) +} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) + +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) + +ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_FIELDID) = { + ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) +} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); + +ASN1_SEQUENCE(X9_62_FIELDID) = { + ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_FIELDID) +} ASN1_SEQUENCE_END(X9_62_FIELDID) ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), @@ -214,10 +240,6 @@ ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(X9_62_CURVE) -DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE) - ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_SIMPLE(ECPARAMETERS, version, LONG), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), @@ -227,9 +249,8 @@ ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) -DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPARAMETERS, ECPARAMETERS) -IMPLEMENT_ASN1_FUNCTIONS_const(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) ASN1_CHOICE(ECPKPARAMETERS) = { ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), @@ -254,12 +275,10 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) /* some declarations of internal function */ -/* ec_asn1_group2field() creates a X9_62_FIELDID object from a - * EC_GROUP object */ -static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *, X9_62_FIELDID *); -/* ec_asn1_group2curve() creates a X9_62_CURVE object from a - * EC_GROUP object */ -static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ +static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ +static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); /* ec_asn1_parameters2group() creates a EC_GROUP object from a * ECPARAMETERS object */ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); @@ -277,50 +296,28 @@ static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, /* the function definitions */ -static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, - X9_62_FIELDID *field) +static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) { int ok=0, nid; - X9_62_FIELDID *ret = NULL; - X9_62_CHARACTERISTIC_TWO *char_two = NULL; - X9_62_PENTANOMIAL *penta = NULL; BIGNUM *tmp = NULL; - unsigned char *buffer = NULL; - unsigned char *pp; - size_t buf_len = 0; - if (field == NULL) - { - if ((ret = X9_62_FIELDID_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - else - { - ret = field; - /* clear the old values */ - if (ret->fieldType != NULL) - ASN1_OBJECT_free(ret->fieldType); - if (ret->parameters != NULL) - ASN1_TYPE_free(ret->parameters); - } + if (group == NULL || field == NULL) + return 0; + + /* clear the old values (if necessary) */ + if (field->fieldType != NULL) + ASN1_OBJECT_free(field->fieldType); + if (field->p.other != NULL) + ASN1_TYPE_free(field->p.other); nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* set OID for the field */ - if ((ret->fieldType = OBJ_nid2obj(nid)) == NULL) + if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); goto err; } - if ((ret->parameters = ASN1_TYPE_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - goto err; - } - if (nid == NID_X9_62_prime_field) { if ((tmp = BN_new()) == NULL) @@ -329,15 +326,14 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, goto err; } /* the parameters are specified by the prime number p */ - ret->parameters->type = V_ASN1_INTEGER; if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); goto err; } /* set the prime number */ - ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL); - if (ret->parameters->value.integer == NULL) + field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); + if (field->p.prime == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); goto err; @@ -346,8 +342,11 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, else /* nid == NID_X9_62_characteristic_two_field */ { int field_type; + X9_62_CHARACTERISTIC_TWO *char_two; + + field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); + char_two = field->p.char_two; - char_two = X9_62_CHARACTERISTIC_TWO_new(); if (char_two == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); @@ -364,7 +363,7 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, goto err; } /* set base type OID */ - if ((char_two->basis = OBJ_nid2obj(field_type)) == NULL) + if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); goto err; @@ -377,16 +376,13 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, if (!EC_GROUP_get_trinomial_basis(group, &k)) goto err; - char_two->parameters->type = V_ASN1_INTEGER; - char_two->parameters->value.integer = - ASN1_INTEGER_new(); - if (char_two->parameters->value.integer == NULL) + char_two->p.tpBasis = ASN1_INTEGER_new(); + if (!char_two->p.tpBasis) { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, - ERR_R_ASN1_LIB); + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } - if (!ASN1_INTEGER_set(char_two->parameters->value.integer, (long)k)) + if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); @@ -400,110 +396,55 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) goto err; - penta = X9_62_PENTANOMIAL_new(); - /* set k? values */ - penta->k1 = (long)k1; - penta->k2 = (long)k2; - penta->k3 = (long)k3; - /* get the length of the encoded structure */ - buf_len = i2d_X9_62_PENTANOMIAL(penta, NULL); - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); + if (!char_two->p.ppBasis) { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } - pp = buffer; - i2d_X9_62_PENTANOMIAL(penta, &pp); - /* set the encoded pentanomial */ - char_two->parameters->type=V_ASN1_SEQUENCE; - char_two->parameters->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(char_two->parameters->value.sequence, - buffer, buf_len); - OPENSSL_free(buffer); - buffer = NULL; + /* set k? values */ + char_two->p.ppBasis->k1 = (long)k1; + char_two->p.ppBasis->k2 = (long)k2; + char_two->p.ppBasis->k3 = (long)k3; } else /* field_type == NID_X9_62_onBasis */ { /* for ONB the parameters are (asn1) NULL */ - char_two->parameters->type = V_ASN1_NULL; + char_two->p.onBasis = ASN1_NULL_new(); + if (!char_two->p.onBasis) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } } - /* encoded the X9_62_CHARACTERISTIC_TWO structure */ - buf_len = i2d_X9_62_CHARACTERISTIC_TWO(char_two, NULL); - - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - goto err; - } - pp = buffer; - i2d_X9_62_CHARACTERISTIC_TWO(char_two, &pp); - /* set the encoded parameters */ - ret->parameters->type = V_ASN1_SEQUENCE; - ret->parameters->value.sequence = ASN1_STRING_new(); - ASN1_STRING_set(ret->parameters->value.sequence, - buffer, buf_len); } ok = 1; -err : if (!ok) - { - if (ret && !field) - X9_62_FIELDID_free(ret); - ret = NULL; - } - if (tmp) +err : if (tmp) BN_free(tmp); - if (char_two) - X9_62_CHARACTERISTIC_TWO_free(char_two); - if (penta) - X9_62_PENTANOMIAL_free(penta); - if (buffer) - OPENSSL_free(buffer); - return(ret); + return(ok); } -static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, - X9_62_CURVE *curve) +static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) { int ok=0, nid; - X9_62_CURVE *ret=NULL; - BIGNUM *tmp_1=NULL, - *tmp_2=NULL; - unsigned char *buffer_1=NULL, - *buffer_2=NULL, - *a_buf=NULL, - *b_buf=NULL; + BIGNUM *tmp_1=NULL, *tmp_2=NULL; + unsigned char *buffer_1=NULL, *buffer_2=NULL, + *a_buf=NULL, *b_buf=NULL; size_t len_1, len_2; unsigned char char_zero = 0; + if (!group || !curve || !curve->a || !curve->b) + return 0; + if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); goto err; } - if (curve == NULL) - { - if ((ret = X9_62_CURVE_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - } - else - { - ret = curve; - if (ret->a) - ASN1_OCTET_STRING_free(ret->a); - if (ret->b) - ASN1_OCTET_STRING_free(ret->b); - if (ret->seed) - ASN1_BIT_STRING_free(ret->seed); - } - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* get a and b */ @@ -572,14 +513,8 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, } /* set a and b */ - if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || - (ret->b = M_ASN1_OCTET_STRING_new()) == NULL ) - { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!M_ASN1_OCTET_STRING_set(ret->a, a_buf, len_1) || - !M_ASN1_OCTET_STRING_set(ret->b, b_buf, len_2)) + if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || + !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); goto err; @@ -588,8 +523,13 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, /* set the seed (optional) */ if (group->seed) { - if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err; - if (!ASN1_BIT_STRING_set(ret->seed, group->seed, + if (!curve->seed) + if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_BIT_STRING_set(curve->seed, group->seed, (int)group->seed_len)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); @@ -597,17 +537,17 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, } } else - ret->seed = NULL; + { + if (curve->seed) + { + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; + } + } ok = 1; -err : if (!ok) - { - if (ret && !curve) - X9_62_CURVE_free(ret); - ret = NULL; - } - if (buffer_1) +err: if (buffer_1) OPENSSL_free(buffer_1); if (buffer_2) OPENSSL_free(buffer_2); @@ -615,7 +555,7 @@ err : if (!ok) BN_free(tmp_1); if (tmp_2) BN_free(tmp_2); - return(ret); + return(ok); } static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, @@ -651,16 +591,14 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, ret->version = (long)0x1; /* set the fieldID */ - ret->fieldID = ec_asn1_group2field(group, ret->fieldID); - if (ret->fieldID == NULL) + if (!ec_asn1_group2fieldid(group, ret->fieldID)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); goto err; } /* set the curve */ - ret->curve = ec_asn1_group2curve(group, ret->curve); - if (ret->curve == NULL) + if (!ec_asn1_group2curve(group, ret->curve)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); goto err; @@ -803,12 +741,9 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) EC_GROUP *ret = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point=NULL; - X9_62_CHARACTERISTIC_TWO *char_two = NULL; - X9_62_PENTANOMIAL *penta = NULL; - unsigned char *pp; if (!params->fieldID || !params->fieldID->fieldType || - !params->fieldID->parameters) + !params->fieldID->p.ptr) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; @@ -840,72 +775,46 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) if (tmp == NID_X9_62_characteristic_two_field) { - ASN1_TYPE *parameters = params->fieldID->parameters; + X9_62_CHARACTERISTIC_TWO *char_two; - if (parameters->type != V_ASN1_SEQUENCE) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); - goto err; - } + char_two = params->fieldID->p.char_two; if ((p = BN_new()) == NULL) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); goto err; } - /* extract the X9_62_CHARACTERISTIC_TWO object */ - pp = M_ASN1_STRING_data(parameters->value.sequence); - char_two = d2i_X9_62_CHARACTERISTIC_TWO(NULL, - (const unsigned char **) &pp, - M_ASN1_STRING_length(parameters->value.sequence)); - if (char_two == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); - goto err; - } /* get the base type */ - tmp = OBJ_obj2nid(char_two->basis); + tmp = OBJ_obj2nid(char_two->type); if (tmp == NID_X9_62_tpBasis) { long tmp_long; - if (char_two->parameters->type != V_ASN1_INTEGER || - char_two->parameters->value.integer == NULL) + if (!char_two->p.tpBasis) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_ASN1_ERROR); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } - tmp_long = ASN1_INTEGER_get(char_two->parameters->value.integer); + tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); /* create the polynomial */ - if (!BN_set_bit(p, (int)char_two->m)) goto err; - if (!BN_set_bit(p, (int)tmp_long)) goto err; - if (!BN_set_bit(p, 0)) goto err; + if (!BN_set_bit(p, (int)char_two->m)) + goto err; + if (!BN_set_bit(p, (int)tmp_long)) + goto err; + if (!BN_set_bit(p, 0)) + goto err; } else if (tmp == NID_X9_62_ppBasis) { - if (char_two->parameters->type != V_ASN1_SEQUENCE || - char_two->parameters->value.sequence == NULL) + X9_62_PENTANOMIAL *penta; + + penta = char_two->p.ppBasis; + if (!penta) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_ASN1_ERROR); - goto err; - } - /* extract the pentanomial data */ - pp = M_ASN1_STRING_data( - char_two->parameters->value.sequence); - penta = d2i_X9_62_PENTANOMIAL(NULL, - (const unsigned char **) &pp, - M_ASN1_STRING_length( - char_two->parameters->value.sequence)); - if (penta == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - ERR_R_ASN1_LIB); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } /* create the polynomial */ @@ -917,8 +826,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) } else if (tmp == NID_X9_62_onBasis) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_NOT_IMPLEMENTED); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); goto err; } else /* error */ @@ -939,13 +847,12 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) { /* we have a curve over a prime field */ /* extract the prime number */ - if (params->fieldID->parameters->type != V_ASN1_INTEGER || - !params->fieldID->parameters->value.integer) + if (!params->fieldID->p.prime) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } - p = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL); + p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); if (p == NULL) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); @@ -1042,10 +949,6 @@ err: if (!ok) BN_free(b); if (point) EC_POINT_free(point); - if (char_two) - X9_62_CHARACTERISTIC_TWO_free(char_two); - if (penta) - X9_62_PENTANOMIAL_free(penta); return(ret); } @@ -1217,6 +1120,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->publicKey) { + const unsigned char *pub_oct; + size_t pub_oct_len; + if (ret->pub_key) EC_POINT_clear_free(ret->pub_key); ret->pub_key = EC_POINT_new(ret->group); @@ -1225,9 +1131,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; } + pub_oct = M_ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); if (!EC_POINT_oct2point(ret->group, ret->pub_key, - M_ASN1_STRING_data(priv_key->publicKey), - M_ASN1_STRING_length(priv_key->publicKey), NULL)) + pub_oct, pub_oct_len, NULL)) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; @@ -1368,7 +1277,6 @@ int i2d_ECParameters(EC_KEY *a, unsigned char **out) EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) { - EC_GROUP *group; EC_KEY *ret; if (in == NULL || *in == NULL) @@ -1377,14 +1285,6 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) return NULL; } - group = d2i_ECPKParameters(NULL, in, len); - - if (group == NULL) - { - ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); - return NULL; - } - if (a == NULL || *a == NULL) { if ((ret = EC_KEY_new()) == NULL) @@ -1398,11 +1298,12 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) else ret = *a; - if (ret->group) - EC_GROUP_clear_free(ret->group); + if (!d2i_ECPKParameters(&ret->group, in, len)) + { + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + return NULL; + } - ret->group = group; - return ret; } From 9dde17e8b43980d193dd7c117edeca9c602c41ab Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 13 Nov 2003 15:03:14 +0000 Subject: [PATCH 481/550] This rewrites two "for" loops in BN_rshift() - equality with zero is generally a more efficient comparison than comparing two integers, and the first of these two loops was off-by-one (copying one too many values). This change also removes a superfluous assignment that would set an unused word to zero (and potentially allow an overrun in some cases). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/bn/bn_shift.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 69c03570b..de9312dce 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -200,13 +200,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if (rb == 0) { - for (i=j+1; i > 0; i--) + for (i=j; i != 0; i--) *(t++)= *(f++); } else { l= *(f++); - for (i=1; i>rb)&BN_MASK2; l= *(f++); @@ -214,7 +214,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) } *(t++) =(l>>rb)&BN_MASK2; } - *t=0; bn_correct_top(r); bn_check_top(r); return(1); From d2cd46127c746191b5fdcec6b04719feac4735c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Nov 2003 14:06:40 +0000 Subject: [PATCH 482/550] Less restrictive debugging build. --- Configure | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configure b/Configure index 009c06c61..a08810fe3 100755 --- a/Configure +++ b/Configure @@ -145,10 +145,10 @@ my %table=( "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", From 1a0173304755bd44662a201734f80eca3afe8a9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 15 Nov 2003 08:37:50 +0000 Subject: [PATCH 483/550] BN_set_bit() etc should use "unsigned int". Keep it as is to avoid an API change, but check for negativ values. Submitted by: Nils Larsch --- crypto/bn/bn_lib.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 1f45b09d0..43c336f52 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -782,6 +782,9 @@ int BN_set_bit(BIGNUM *a, int n) { int i,j,k; + if (n < 0) + return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) @@ -801,6 +804,9 @@ int BN_clear_bit(BIGNUM *a, int n) { int i,j; + if (n < 0) + return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) return(0); @@ -825,6 +831,9 @@ int BN_mask_bits(BIGNUM *a, int n) { int b,w; + if (n < 0) + return 0; + w=n/BN_BITS2; b=n%BN_BITS2; if (w >= a->top) return(0); From ac9c6e10a42ae993f5d23db35743d699e4b801a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sun, 16 Nov 2003 12:24:45 +0000 Subject: [PATCH 484/550] The x9.62 tests replace the PRNG with specific numbers, so don't run them if BN_DEBUG_RAND is defined. Also, fix another small bug. Submitted by: Nils Larsch --- crypto/ecdsa/ecdsatest.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 7beae6f73..65f487047 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -328,6 +328,8 @@ int test_builtin(BIO *out) /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { + unsigned char dirt, offset; + nid = curves[n].nid; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) @@ -406,9 +408,10 @@ int test_builtin(BIO *out) } BIO_printf(out, "."); BIO_flush(out); - /* modify signature */ - signature[((int)signature[0])%sig_len] ^= - signature[((int)signature[1])%sig_len]; + /* modify a single byte of the signature */ + offset = signature[10] % sig_len; + dirt = signature[11]; + signature[offset] ^= dirt ? dirt : 1; if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); @@ -468,7 +471,9 @@ int main(void) RAND_seed(rnd_seed, sizeof(rnd_seed)); /* the tests */ +#ifndef BN_DEBUG_RAND if (!x9_62_tests(out)) goto err; +#endif if (!test_builtin(out)) goto err; ret = 1; From fda5e385518b017411fce9bd5c6c76ad311c391d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 16 Nov 2003 14:38:34 +0000 Subject: [PATCH 485/550] Provide ASFLAGS in the subdirectories handling assembler code. Submitted by: Tim Rice PR: #735, #765 --- crypto/bf/Makefile.ssl | 1 + crypto/des/Makefile.ssl | 1 + crypto/rc4/Makefile.ssl | 1 + crypto/ripemd/Makefile.ssl | 1 + crypto/sha/Makefile.ssl | 1 + 5 files changed, 5 insertions(+) diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl index bb14a0ee8..b6124cf10 100644 --- a/crypto/bf/Makefile.ssl +++ b/crypto/bf/Makefile.ssl @@ -22,6 +22,7 @@ BF_ENC= bf_enc.o #DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bftest.c diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 73ffab9c8..ba450e018 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o #DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=destest.c diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl index b210b42f8..59c87f166 100644 --- a/crypto/rc4/Makefile.ssl +++ b/crypto/rc4/Makefile.ssl @@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o #RC4_ENC=asm/rx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rc4test.c diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl index 3583dfdca..19f0c1c80 100644 --- a/crypto/ripemd/Makefile.ssl +++ b/crypto/ripemd/Makefile.ssl @@ -20,6 +20,7 @@ AR= ar r RIP_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rmdtest.c diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl index 864645c8b..9cfef67e3 100644 --- a/crypto/sha/Makefile.ssl +++ b/crypto/sha/Makefile.ssl @@ -20,6 +20,7 @@ AR= ar r SHA1_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=shatest.c sha1test.c From f35232e6f3dee19e8d54a9247d2af39144cb0da1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 16 Nov 2003 16:30:39 +0000 Subject: [PATCH 486/550] Catch error condition to prevent NULL pointer dereference. Submitted by: Goetz Babin-Ebell PR: #766 --- apps/apps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index b1916bbc0..62fa21d5d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -475,7 +475,7 @@ static int ui_read(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password[0] != '\0') + if (password && password[0] != '\0') { UI_set_result(ui, uis, password); return 1; @@ -499,7 +499,7 @@ static int ui_write(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password[0] != '\0') + if (password && password[0] != '\0') return 1; } default: From 31182ad39b569b2b34c396d5dbba282031c1517d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sun, 16 Nov 2003 19:33:31 +0000 Subject: [PATCH 487/550] re-enable the test, keeping the original method for RAND_pseudo_bytes which is used by BN_DEBUG_RAND Submitted by: Nils Larsch --- crypto/ecdsa/ecdsatest.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 65f487047..59f664f50 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -124,7 +124,7 @@ int change_rand(void) fake_rand.status = old_rand->status; /* use own random function */ fake_rand.bytes = fbytes; - fake_rand.pseudorand = fbytes; + fake_rand.pseudorand = old_rand->bytes; /* set new RAND_METHOD */ if (!RAND_set_rand_method(&fake_rand)) return 0; @@ -471,9 +471,7 @@ int main(void) RAND_seed(rnd_seed, sizeof(rnd_seed)); /* the tests */ -#ifndef BN_DEBUG_RAND if (!x9_62_tests(out)) goto err; -#endif if (!test_builtin(out)) goto err; ret = 1; From 95de3d204f7b28c88172c58fa4905583b05da4bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 18 Nov 2003 18:27:12 +0000 Subject: [PATCH 488/550] Make sure to initialize AES counters to obtain proper results. Submitted by: Kirill Kochetkov PR: #748 --- apps/speed.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/speed.c b/apps/speed.c index 5576f23fe..d9dd1b65d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1230,6 +1230,9 @@ int MAIN(int argc, char **argv) c[D_CBC_RC5][0]=count; c[D_CBC_BF][0]=count; c[D_CBC_CAST][0]=count; + c[D_CBC_128_AES][0]=count; + c[D_CBC_192_AES][0]=count; + c[D_CBC_256_AES][0]=count; for (i=1; i Date: Thu, 20 Nov 2003 18:33:20 +0000 Subject: [PATCH 489/550] ./config failed to correctly detect if gcc uses 64-bit ABI on HP-UX. PR: 772 --- config | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/config b/config index 79ce83aac..1722b8e76 100755 --- a/config +++ b/config @@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "$HPUXVER" in 1[0-9].*) # HPUX 10 and 11 targets are unified - echo "${MACHINE}-hp-hpux10"; exit 0 + echo "${MACHINE}-hp-hpux1x"; exit 0 ;; *) echo "${MACHINE}-hp-hpux"; exit 0 @@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then GCC_BITS="32" if [ $GCCVER -ge 30 ]; then # PA64 support only came in with gcc 3.0.x. - # We look for the preprocessor symbol __LP64__ indicating - # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64. - if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then + # We check if the preprocessor symbol __LP64__ is defined... + if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then + : # __LP64__ has slipped through, it therefore is not defined + else GCC_BITS="64" fi fi From ad5f0ed509932281a1e2c32a70fbf8354b02da33 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 20 Nov 2003 19:10:36 +0000 Subject: [PATCH 490/550] hpux64-parisc2-gcc target added. Once it is verified, ./config should be modified to choose it instead of hpux64-parisc-gcc, which should then be removed. hpux64-parisc-cc is removed already now as redundant [in case you wonder, 64-bit HP-UX ABI *implies* PA-RISC2.0]. --- Configure | 4 +- TABLE | 110 +++++++++++++++++++++++++++++++++--------------------- 2 files changed, 69 insertions(+), 45 deletions(-) diff --git a/Configure b/Configure index a08810fe3..ad8d83e58 100755 --- a/Configure +++ b/Configure @@ -241,7 +241,7 @@ my %table=( # suitable for execution on the host you're currently compiling at. # If the toolkit is ment to be used on various PA-RISC processors # consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's ment to be +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be # compatible with *future* releases. # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to # pass -D_REENTRANT on HP-UX 10 and later. @@ -256,10 +256,10 @@ my %table=( # Since there is mention of this in shlib/hpux10-cc.sh "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # 64bit PARISC for GCC without optimization, which seems to make problems. # Submitted by "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HP/UX IA-64 targets "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/TABLE b/TABLE index bad7f495c..333db5c34 100644 --- a/TABLE +++ b/TABLE @@ -1,4 +1,3 @@ -Output of `Configure TABLE': *** BC-16 $cc = bcc @@ -1500,6 +1499,31 @@ $shared_extension = $ranlib = $arflags = +*** debug-Cygwin +$cc = gcc +$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror +$unistd = +$thread_cflag = +$sys_id = CYGWIN32 +$lflags = +$bn_ops = +$bn_obj = +$des_obj = win32 +$bf_obj = cygwin-shared +$md5_obj = +$sha1_obj = +$cast_obj = .dll +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + *** debug-ben $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe @@ -1677,7 +1701,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1726,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1751,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1752,7 +1776,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2052,21 +2076,21 @@ $arflags = *** debug-ulf $cc = gcc -$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe +$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations $unistd = -$thread_cflag = -D_REENTRANT -$sys_id = +$thread_cflag = +$sys_id = CYGWIN32 $lflags = -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-elf.o asm/co86-elf.o -$des_obj = asm/dx86-elf.o asm/yx86-elf.o -$bf_obj = asm/bx86-elf.o -$md5_obj = asm/mx86-elf.o -$sha1_obj = asm/sx86-elf.o -$cast_obj = asm/cx86-elf.o -$rc4_obj = asm/rx86-elf.o -$rmd160_obj = asm/rm86-elf.o -$rc5_obj = asm/r586-elf.o +$bn_ops = +$bn_obj = +$des_obj = win32 +$bf_obj = cygwin-shared +$md5_obj = +$sha1_obj = +$cast_obj = .dll +$rc4_obj = +$rmd160_obj = +$rc5_obj = $dso_scheme = $shared_target= $shared_cflag = @@ -2600,31 +2624,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** hpux64-parisc-cc -$cc = cc -$cflags = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= hpux64-shared -$shared_cflag = +Z -$shared_ldflag = -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - *** hpux64-parisc-gcc $cc = gcc $cflags = -DB_ENDIAN -DMD32_XARRAY @@ -2675,6 +2674,31 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** hpux64-parisc2-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT +$bn_obj = asm/pa-risc2W.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= hpux64-shared +$shared_cflag = -fpic +$shared_ldflag = +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** hurd-x86 $cc = gcc $cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall From a8287a90ead0b3d266f2555885790edc7cbd7cbd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Nov 2003 22:45:06 +0000 Subject: [PATCH 491/550] Give CRLDP its standard name. Max req -x509 use V1 if extensions section absent. --- apps/req.c | 2 +- crypto/x509v3/v3_crld.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index bbef94286..79217c908 100644 --- a/apps/req.c +++ b/apps/req.c @@ -907,7 +907,7 @@ loop: if ((x509ss=X509_new()) == NULL) goto end; /* Set version to V3 */ - if(!X509_set_version(x509ss, 2)) goto end; + if(extensions && !X509_set_version(x509ss, 2)) goto end; if (serial) { if (!X509_set_serialNumber(x509ss, serial)) goto end; diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 894a8b94d..f90829c57 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) From ec2179cf81687380eaef3c745e2dbbc15bbbe2cb Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 21 Nov 2003 21:42:35 +0000 Subject: [PATCH 492/550] Fix a small bug in str_copy: if more than one variable is replaced, make sure the current length is used to calculate the new buffer length instead of using the old length (prior to any variable substitution). Submitted by: Nils Larsch --- crypto/conf/conf_def.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 57d2739ae..52a87aa76 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -629,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); while (*p) buf->data[to++]= *(p++); from=e; From 9e989810bade356f3edd599d5b62d159795f2d53 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 22 Nov 2003 20:23:41 +0000 Subject: [PATCH 493/550] BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words and bn_add_words to avoid using fake bignums to window other bignums that can lead to corruption. This change allows all bignum tests to pass with BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be tested on a few different architectures and configuration targets, as the bignum code this deals with is quite preprocessor (and assembly) sensitive. Submitted by: Nils Narsch Reviewed by: Geoff Thorpe, Ulf Moeller --- crypto/bn/bn_div.c | 81 +++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 36 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 0fef7ced2..2f464b31d 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -179,14 +179,16 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift,i,j,loop; + int norm_shift,i,loop; BIGNUM *tmp,wnum,*snum,*sdiv,*res; BN_ULONG *resp,*wnump; BN_ULONG d0,d1; int num_n,div_n; - bn_check_top(dv); - bn_check_top(rm); + if (dv) + bn_check_top(dv); + if (rm) + bn_check_top(rm); bn_check_top(num); bn_check_top(divisor); @@ -224,15 +226,16 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, div_n=sdiv->top; num_n=snum->top; loop=num_n-div_n; - /* Lets setup a 'window' into snum * This is the part that corresponds to the current * 'area' being divided */ - BN_init(&wnum); - wnum.flags = BN_FLG_STATIC_DATA; /* prevent accidental "expands" */ - wnum.d= &(snum->d[loop]); - wnum.top= div_n; - wnum.dmax= snum->dmax - loop; /* so we don't step out of bounds */ + wnum.neg = 0; + wnum.d = &(snum->d[loop]); + wnum.top = div_n; +#ifdef BN_DEBUG_RAND + /* only needed when BN_ucmp messes up the values between top and max */ + wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ +#endif /* Get the top 2 words of sdiv */ /* div_n=sdiv->top; */ @@ -251,22 +254,32 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; - bn_correct_top(&wnum); if (BN_ucmp(&wnum,sdiv) >= 0) { - if (!BN_usub(&wnum,&wnum,sdiv)) goto err; +#ifdef BN_DEBUG_RAND + /* If BN_DEBUG_RAND is defined BN_ucmp changes (via + * bn_pollute) the const bignum arguments => + * clean the values between top and max again */ + bn_clear_top2max(&wnum); +#endif + bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); *resp=1; - res->d[res->top-1]=1; } else res->top--; + /* if res->top == 0 then clear the neg value otherwise decrease + * the resp pointer */ if (res->top == 0) res->neg = 0; - resp--; + else + resp--; - for (i=0; i 0x%08X\n", #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); - wnum.d--; wnum.top++; wnum.dmax++; tmp->d[div_n]=l0; - /* XXX: Couldn't we replace this with; - * tmp->top = div_n; - * bn_fix_top(tmp); - */ - for (j=div_n+1; j>0; j--) - if (tmp->d[j-1]) break; - tmp->top=j; - - j=wnum.top; - bn_correct_top(&wnum); - if (!BN_sub(&wnum,&wnum,tmp)) goto err; - - snum->top=snum->top+wnum.top-j; - - if (wnum.neg) + wnum.d--; + /* ingore top values of the bignums just sub the two + * BN_ULONG arrays with bn_sub_words */ + if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) { + /* Note: As we have considered only the leading + * two BN_ULONGs in the calculation of q, sdiv * q + * might be greater than wnum (but then (q-1) * sdiv + * is less or equal than wnum) + */ q--; - j=wnum.top; - if (!BN_add(&wnum,&wnum,sdiv)) goto err; - snum->top+=wnum.top-j; + if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) + /* we can't have an overflow here (assuming + * that q != 0, but if q == 0 then tmp is + * zero anyway) */ + (*wnump)++; } - *(resp--)=q; - wnump--; + /* store part of the result */ + *resp = q; } if (rm != NULL) { @@ -391,7 +399,8 @@ X) -> 0x%08X\n", BN_CTX_end(ctx); return(1); err: - bn_check_top(rm); + if (rm) + bn_check_top(rm); BN_CTX_end(ctx); return(0); } From d7559f16cdded5c655f9228c1daf9f244f484a89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 24 Nov 2003 16:48:52 +0000 Subject: [PATCH 494/550] Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell --- crypto/engine/eng_cryptodev.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index e93b7fd1a..f8a4a292b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1055,14 +1055,17 @@ ENGINE_load_cryptodev(void) if (engine == NULL) return; - if ((fd = get_dev_crypto()) < 0) + if ((fd = get_dev_crypto()) < 0) { + ENGINE_free(engine); return; + } /* * find out what asymmetric crypto algorithms we support */ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { close(fd); + ENGINE_free(engine); return; } close(fd); From e1064adfd3b4d014c7de36e4390eaa5b129f4bfc Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Nov 2003 03:41:20 +0000 Subject: [PATCH 495/550] Some changes for bn_gf2m.c: better error checking plus some minor optimizations. Submitted by: Nils Larsch --- crypto/bn/bn_gf2m.c | 78 ++++++++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 30 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 0bb4f9b25..1cdad7473 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -323,8 +323,12 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) int n, dN, d0, d1; BN_ULONG zz, *z; - /* Since the algorithm does reduction in the r value, if a != r, copy the - * contents of a into r so we can do reduction in r. + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + + /* Since the algorithm does reduction in the r value, if a != r, copy + * the contents of a into r so we can do reduction in r. */ if (a != r) { @@ -345,7 +349,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (z[j] == 0) { j--; continue; } z[j] = 0; - for (k = 1; p[k] > 0; k++) + for (k = 1; p[k] != 0; k++) { /* reducing component t^p[k] */ n = p[0] - p[k]; @@ -375,7 +379,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ z[0] ^= zz; /* reduction t^0 component */ - for (k = 1; p[k] > 0; k++) + for (k = 1; p[k] != 0; k++) { BN_ULONG tmp_ulong; @@ -408,7 +412,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH); goto err; @@ -459,9 +464,9 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } bn_correct_top(s); - BN_GF2m_mod_arr(r, s, p); + if (BN_GF2m_mod_arr(r, s, p)) + ret = 1; bn_check_top(r); - ret = 1; err: BN_CTX_end(ctx); @@ -481,7 +486,8 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH); goto err; @@ -531,7 +537,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH); goto err; @@ -567,10 +574,6 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_GF2m_mod(u, a, p)) goto err; if (!BN_copy(v, p)) goto err; - u->neg = 0; /* Need to set u->neg = 0 because BN_is_one(u) checks - * the neg flag of the bignum. - */ - if (BN_is_zero(u)) goto err; while (1) @@ -585,7 +588,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_rshift1(b, b)) goto err; } - if (BN_is_one(u)) break; + if (BN_abs_is_word(u, 1)) break; if (BN_num_bits(u) < BN_num_bits(v)) { @@ -679,10 +682,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_copy(b, p)) goto err; if (!BN_zero(v)) goto err; - a->neg = 0; /* Need to set a->neg = 0 because BN_is_one(a) checks - * the neg flag of the bignum. - */ - while (!BN_is_odd(a)) { if (!BN_rshift1(a, a)) goto err; @@ -703,7 +702,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_rshift1(v, v)) goto err; } while (!BN_is_odd(b)); } - else if (BN_is_one(a)) + else if (BN_abs_is_word(a, 1)) break; else { @@ -763,9 +762,10 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig BIGNUM *u; if (BN_is_zero(b)) - { return(BN_one(r)); - } + + if (BN_abs_is_word(b, 1)) + return (BN_copy(r, a) != NULL); BN_CTX_start(ctx); @@ -804,7 +804,8 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); goto err; @@ -824,6 +825,10 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ { int ret = 0; BIGNUM *u; + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; @@ -850,7 +855,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); goto err; @@ -870,7 +876,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p int ret = 0, count = 0; unsigned int j; BIGNUM *a, *z, *rho, *w, *w2, *tmp; - + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + BN_CTX_start(ctx); a = BN_CTX_get(ctx); z = BN_CTX_get(ctx); @@ -951,7 +961,8 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * const int max = BN_num_bits(p); unsigned int *arr=NULL, ret = 0; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH); goto err; @@ -963,21 +974,28 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * return ret; } -/* Convert the bit-string representation of a polynomial a into an array +/* Convert the bit-string representation of a polynomial + * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array * of integers corresponding to the bits with non-zero coefficient. * Up to max elements of the array will be filled. Return value is total * number of coefficients that would be extracted if array was large enough. */ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) { - int i, j, k; + int i, j, k = 0; BN_ULONG mask; - for (k = 0; k < max; k++) p[k] = 0; - k = 0; + if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) + /* a_0 == 0 => return error (the unsigned int array + * must be terminated by 0) + */ + return 0; for (i = a->top - 1; i >= 0; i--) { + if (!a->d[i]) + /* skip word if a->d[i] == 0 */ + continue; mask = BN_TBIT; for (j = BN_BITS2 - 1; j >= 0; j--) { @@ -1001,7 +1019,7 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) int i; BN_zero(a); - for (i = 0; p[i] > 0; i++) + for (i = 0; p[i] != 0; i++) { BN_set_bit(a, p[i]); } From 6defae04f3c44087d9129994fa88b4f9271b153f Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Nov 2003 20:39:19 +0000 Subject: [PATCH 496/550] Fix some handling in bn_word. This also resolves the issues observed in ticket 697 (though uses a different solution than the proposed one). This problem was initially raised by Otto Moerbeek. PR: 697 Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/bn/bn_word.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 560a49969..a24115015 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -85,12 +85,17 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) { - BN_ULONG ret; + BN_ULONG ret = 0; int i; - if (a->top == 0) return(0); - ret=0; - w&=BN_MASK2; + w &= BN_MASK2; + + if (!w) + /* actually this an error (division by zero) */ + return 0; + if (a->top == 0) + return 0; + for (i=a->top-1; i>=0; i--) { BN_ULONG l,d; @@ -111,6 +116,11 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) BN_ULONG l; int i; + w &= BN_MASK2; + + if (!w) + return 1; + if (a->neg) { a->neg=0; @@ -119,7 +129,6 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - w&=BN_MASK2; if (bn_wexpand(a,a->top+1) == NULL) return(0); i=0; for (;;) @@ -145,6 +154,11 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) { int i; + w &= BN_MASK2; + + if (!w) + return 1; + if (BN_is_zero(a) || a->neg) { a->neg=0; @@ -153,7 +167,6 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) return(i); } - w&=BN_MASK2; if ((a->top == 1) && (a->d[0] < w)) { a->d[0]=w-a->d[0]; From 81ba5f6713798374c3327e649b96db3decd7a8b8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Nov 2003 21:07:59 +0000 Subject: [PATCH 497/550] Due to recent debugging bursts, openssl should be more or less solid against inconsistent BIGNUMs coming out of any of its API functions. So this change no longer "fixes" the bn_print.c functions, but it makes for cleaner code. This patch was a part of ticket 697. PR: 697 Submitted by: Otto Moerbeek Reviewed by: Geoff Thorpe --- crypto/bn/bn_print.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 5b5eb8fc9..4bc51d303 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -79,7 +79,7 @@ char *BN_bn2hex(const BIGNUM *a) } p=buf; if (a->neg) *(p++)='-'; - if (a->top == 0) *(p++)='0'; + if (BN_is_zero(a)) *(p++)='0'; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-8; j >= 0; j-=8) @@ -122,7 +122,7 @@ char *BN_bn2dec(const BIGNUM *a) p=buf; lp=bn_data; if (t->neg) *(p++)='-'; - if (t->top == 0) + if (BN_is_zero(t)) { *(p++)='0'; *(p++)='\0'; @@ -301,7 +301,7 @@ int BN_print(BIO *bp, const BIGNUM *a) int ret=0; if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; - if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end; + if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-4; j >= 0; j-=4) From 4c8b4f9d03fb5db99fa22b235369b96039f60706 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 12:54:11 +0000 Subject: [PATCH 498/550] Change my debugging entries to do fierce BIGNUM debugging. --- Configure | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configure b/Configure index ad8d83e58..bc7d5d489 100755 --- a/Configure +++ b/Configure @@ -145,10 +145,10 @@ my %table=( "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", From 4d8743f490a5f96fa26d41985ee12cb6b9815a4c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 13:10:58 +0000 Subject: [PATCH 499/550] Netware-specific changes, PR: 780 Submitted by: Verdon Walker Reviewed by: Richard Levitte --- Configure | 18 +- INSTALL | 6 +- INSTALL.NW | 437 +++++++++++++++++++++++++ Netware/build.bat | 204 ++++++++++++ Netware/cpy_tests.bat | 112 +++++++ Netware/do_tests.pl | 585 ++++++++++++++++++++++++++++++++++ Netware/globals.txt | 254 +++++++++++++++ Netware/readme.txt | 19 ++ Netware/set_env.bat | 90 ++++++ apps/apps.c | 13 +- apps/apps.h | 2 + apps/ca.c | 2 +- apps/s_apps.h | 3 +- apps/s_client.c | 8 +- apps/s_server.c | 16 +- apps/s_socket.c | 38 ++- apps/s_time.c | 18 +- apps/speed.c | 43 ++- crypto/bf/bf_opts.c | 3 + crypto/bf/bfspeed.c | 3 + crypto/bf/bftest.c | 3 + crypto/bio/b_sock.c | 33 +- crypto/bio/bss_file.c | 15 +- crypto/bio/bss_log.c | 2 + crypto/bio/bss_sock.c | 2 +- crypto/bn/exptest.c | 3 + crypto/buffer/buffer.h | 3 + crypto/cast/cast_spd.c | 3 + crypto/cast/castopts.c | 3 + crypto/des/des_opts.c | 4 + crypto/des/destest.c | 3 + crypto/des/speed.c | 4 + crypto/dh/dhtest.c | 6 +- crypto/dsa/dsatest.c | 3 + crypto/idea/idea_spd.c | 3 + crypto/idea/ideatest.c | 3 + crypto/md2/md2test.c | 3 + crypto/md32_common.h | 2 + crypto/md5/md5test.c | 4 + crypto/mdc2/mdc2test.c | 3 + crypto/perlasm/x86asm.pl | 8 +- crypto/perlasm/x86mwasm_nw.pl | 363 +++++++++++++++++++++ crypto/perlasm/x86nasm_nw.pl | 364 +++++++++++++++++++++ crypto/rand/Makefile.ssl | 4 +- crypto/rand/rand_egd.c | 2 +- crypto/rand/rand_nw.c | 171 ++++++++++ crypto/rand/rand_unix.c | 3 +- crypto/rand/randtest.c | 3 + crypto/rc2/rc2speed.c | 3 + crypto/rc2/rc2test.c | 3 + crypto/rc4/rc4speed.c | 3 + crypto/rc4/rc4test.c | 3 + crypto/rc5/rc5speed.c | 3 + crypto/rsa/rsa_test.c | 3 + crypto/sha/sha1test.c | 4 + crypto/sha/shatest.c | 5 +- crypto/threads/mttest.c | 115 +++++++ crypto/threads/netware.bat | 79 +++++ crypto/tmdiff.c | 16 +- crypto/ui/ui_openssl.c | 10 +- crypto/uid.c | 2 +- e_os.h | 36 +++ e_os2.h | 6 + engines/e_aep.c | 4 + ssl/ssltest.c | 3 + util/mk1mf.pl | 11 + util/pl/netware.pl | 327 +++++++++++++++++++ 67 files changed, 3490 insertions(+), 43 deletions(-) create mode 100644 INSTALL.NW create mode 100644 Netware/build.bat create mode 100644 Netware/cpy_tests.bat create mode 100644 Netware/do_tests.pl create mode 100644 Netware/globals.txt create mode 100644 Netware/readme.txt create mode 100644 Netware/set_env.bat create mode 100644 crypto/perlasm/x86mwasm_nw.pl create mode 100644 crypto/perlasm/x86nasm_nw.pl create mode 100644 crypto/rand/rand_nw.c create mode 100644 crypto/threads/netware.bat create mode 100644 util/pl/netware.pl diff --git a/Configure b/Configure index bc7d5d489..fa96c762f 100755 --- a/Configure +++ b/Configure @@ -519,6 +519,12 @@ my %table=( "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32::::win32:cygwin-shared:::.dll", +# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm:::::${x86_gcc_opts}:::", +# netware-libc => LibC/NKS support +"netware-libc", "mwccnlm:::::BN_LLONG ${x86_gcc_opts}:::", + # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", @@ -570,8 +576,8 @@ my %table=( ); -my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS - BC-32 BC-16 Mingw32 OS2-EMX); +my @MK1MF_Builds=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS + BC-32 BC-16 Mingw32 OS2-EMX netware-clib netware-libc); my $idx = 0; my $idx_cc = $idx++; @@ -940,7 +946,7 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); -my $IsWindows=scalar grep /^$target$/,@WinTargets; +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $exe_ext=".exe" if ($target eq "Cygwin"); $exe_ext=".exe" if ($target eq "DJGPP"); @@ -954,7 +960,7 @@ $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -print "IsWindows=$IsWindows\n"; +print "IsMK1MF=$IsMK1MF\n"; my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); my $cc = $fields[$idx_cc]; @@ -1502,7 +1508,7 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; -if($IsWindows) { +if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <MINFO + generates a listing of source files (used by mk1mf) + + perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak + generates the makefile for NetWare + + gmake -f netware\nlm.mak + build with the make tool (nmake.exe also works) + +NOTE: If you are building using the assembly option, you must also run the +various Perl scripts to generate the assembly files. See build.bat +for an example of running the various assembly scripts. You must use the +"no-asm" option to build without assembly. The configure and mk1mf scripts +also have various other options. See the scripts for more information. + + +The output from the build is placed in the following directories: + + CLIB Debug build: + out_nw_clib.dbg - static libs & test nlm(s) + tmp_nw_clib.dbg - temporary build files + outinc_nw_clib - necessary include files + + CLIB Non-debug build: + out_nw_clib - static libs & test nlm(s) + tmp_nw_clib - temporary build files + outinc_nw_clib - necesary include files + + LibC Debug build: + out_nw_libc.dbg - static libs & test nlm(s) + tmp_nw_libc.dbg - temporary build files + outinc_nw_libc - necessary include files + + LibC Non-debug build: + out_nw_libc - static libs & test nlm(s) + tmp_nw_libc - temporary build files + outinc_nw_libc - necesary include files + + +TESTING: +-------- +The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib, +rsaglue.lib ) and several test programs. You should copy the test programs +to your NetWare server and run the tests. + +The batch file "netware\cpy_tests.bat" will copy all the necessary files +to your server for testing. In order to run the batch file, you need a +drive mapped to your target server. It will create an "OpenSSL" directory +on the drive and copy the test files to it. CAUTION: If a directory with the +name of "OpenSSL" already exists, it will be deleted. + +To run cpy_tests.bat: + + netware\cpy_tests [output directory] [NetWare drive] + + output directory - "out_nw_clib.dbg", "out_nw_libc", etc. + NetWare drive - drive letter of mapped drive + + CLIB ex: netware\cpy_tests out_nw_clib m: + LibC ex: netware\cpy_tests out_nw_libc m: + + +The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server +should be used to execute the tests. Before running the script, make sure +your SEARCH PATH includes the "OpenSSL" directory. For example, if you +copied the files to the "sys:" volume you use the command: + + SEARCH ADD SYS:\OPENSSL + + +To run do_tests.pl type (at the console prompt): + + perl \openssl\do_tests.pl [options] + + options: + -p - pause after executing each test + +The do_tests.pl script generates a log file "\openssl\test_out\tests.log" +which should be reviewed for errors. Any errors will be denoted by the word +"ERROR" in the log. + +NOTE: Currently (11/2002), the LibC test nlms report an error while loading + when launched from the perl script (do_tests.pl). The problems are + being addressed by the LibC development team and should be fixed in the + next release. Until the problems are corrected, the LibC test nlms + will have to be executed manually. + + +DEVELOPING WITH THE OPENSSL SDK: +-------------------------------- +Now that everything is built and tested, you are ready to use the OpenSSL +libraries in your development. + +There is no real installation procedure, just copy the static libs and +headers to your build location. The libs (crypto.lib & ssl.lib) are +located in the appropriate "out_nw_XXXX" directory +(out_nw_clib, out_nw_libc, etc). + +The headers are located in the appropriate "outinc_nw_XXX" directory +(outinc_nw_clib, outinc_nw_libc). + +One suggestion is to create the following directory +structure for the OpenSSL SDK: + + \openssl + |- bin + | |- openssl.nlm + | |- (other tests you want) + | + |- lib + | | - crypto.lib + | | - ssl.lib + | + |- include + | | - openssl + | | | - (all the headers in "outinc_nw\openssl") + + +The program "openssl.nlm" can be very useful. It has dozens of +options and you may want to keep it handy for debugging, testing, etc. + +When building your apps using OpenSSL, define "NETWARE". It is needed by +some of the OpenSSL headers. One way to do this is with a compile option, +for example "-DNETWARE". + + + +NOTES: +------ + +Resource leaks in Tests +------------------------ +Some OpenSSL tests do not clean up resources and NetWare reports +the resource leaks when the tests unload. If this really bugs you, +you can stop the messages by setting the developer option off at the console +prompt (set developer option = off). Or better yet, fix the tests to +clean up the resources! + + +Multi-threaded Development +--------------------------- +The NetWare version of OpenSSL is thread-safe however, multi-threaded +applications must provide the necessary locking function callbacks. This +is described in doc\threads.doc. The file "openssl\crypto\threads\mttest.c" +is a multi-threaded test program and demonstrates the locking functions. + + +What is openssl2.nlm? +--------------------- +The openssl program has numerous options and can be used for many different +things. Many of the options operate in an interactive mode requiring the +user to enter data. Because of this, a default screen is created for the +program. However, when running the test script it is not desirable to +have a seperate screen. Therefore, the build also creates openssl2.nlm. +Openssl2.nlm is functionally identical but uses the console screen. +Openssl2 can be used when a non-interactive mode is desired. + +NOTE: There are may other possibilities (command line options, etc) +which could have been used to address the screen issue. The openssl2.nlm +option was chosen because it impacted only the build not the code. + + +Why only static libraries? +-------------------------- +Globals, globals, and more globals. The OpenSSL code uses many global +variables that are allocated and initialized when used for the first time. + +On NetWare, most applications (at least historically) run in the kernel. +When running in the kernel, there is one instance of global variables. +For regular application type NLM(s) this isn't a problem because they are +the only ones using the globals. However, for a library NLM (an NLM which +exposes functions and has no threads of execution), the globals cause +problems. Applications could inadvertently step on each other if they +change some globals. Even worse, the first application that triggers a +global to be allocated and initialized has the allocated memory charged to +itself. Now when that application unloads, NetWare will clean up all the +applicaton's memory. The global pointer variables inside OpenSSL now +point to freed memory. An abend waiting to happen! + +To work correctly in the kernel, library NLM(s) that use globals need to +provide a set of globals (instance data) for each application. Another +option is to require the library only be loaded in a protected address +space along with the application using it. + +Modifying the OpenSSL code to provide a set of globals (instance data) for +each application isn't technically difficult, but due to the large number +globals it would require substantial code changes and it wasn't done. Hence, +the build currently only builds static libraries which are then linked +into each application. + +NOTE: If you are building a library NLM that uses the OpenSSL static +libraries, you will still have to deal with the global variable issue. +This is because when you link in the OpenSSL code you bring in all the +globals. One possible solution for the global pointer variables is to +register memory functions with OpenSSL which allocate memory and charge it +to your library NLM (see the function CRYPTO_set_mem_functions). However, +be aware that now all memory allocated by OpenSSL is charged to your NLM. + + +CodeWarrior Tools and W2K +--------------------------- +There have been problems reported with the CodeWarrior Linker +(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The +problems cause the link step to fail. The only work around is to obtain an +updated linker from Metrowerks. It is expected Metrowerks will release +PDK 3.0 (in beta testing at this time - May, 2001) in the near future which +will fix these problems. + + +Makefile "vclean" +------------------ +The generated makefile has a "vclean" target which cleans up the build +directories. If you have been building successfully and suddenly +experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry. + + +"Undefined Symbol" Linker errors +-------------------------------- +There have been linker errors reported when doing a CLIB build. The problems +occur because some versions of the CLIB SDK import files inadvertently +left out some symbols. One symbol in particular is "_lrotl". The missing +functions are actually delivered in the binaries, but they were left out of +the import files. The issues should be fixed in the September 2001 release +of the NDK. If you experience the problems you can temporarily +work around it by manually adding the missing symbols to your version of +"clib.imp". diff --git a/Netware/build.bat b/Netware/build.bat new file mode 100644 index 000000000..ee73da4df --- /dev/null +++ b/Netware/build.bat @@ -0,0 +1,204 @@ +@echo off + +rem ======================================================================== +rem Batch file to automate building OpenSSL for NetWare. +rem +rem usage: +rem build [target] [debug opts] [assembly opts] [configure opts] +rem +rem target - "netware-clib" - CLib NetWare build +rem - "netware-libc" - LibC NKS NetWare build +rem +rem debug opts - "debug" - build debug +rem +rem assembly opts - "nw-mwasm" - use Metrowerks assembler +rem "nw-nasm" - use NASM assembler +rem "no-asm" - don't use assembly +rem +rem configure opts- all unrecognized arguments are passed to the +rem perl configure script +rem +rem If no arguments are specified the default is to build non-debug with +rem no assembly. NOTE: there is no default BLD_TARGET. +rem + + + +rem No assembly is the default - Uncomment section below to change +rem the assembler default +set ASM_MODE= +set ASSEMBLER= +set NO_ASM=no-asm + +rem Uncomment to default to the Metrowerks assembler +rem set ASM_MODE=nw-mwasm +rem set ASSEMBLER=Metrowerks +rem set NO_ASM= + +rem Uncomment to default to the NASM assembler +rem set ASM_MODE=nw-nasm +rem set ASSEMBLER=NASM +rem set NO_ASM= + +rem No default Bld target +set BLD_TARGET=no_target +rem set BLD_TARGET=netware-clib +rem set BLD_TARGET=netware-libc + + +rem Default to build non-debug +set DEBUG= + +rem Uncomment to default to debug build +rem set DEBUG=debug + + +set CONFIG_OPTS= +set ARG_PROCESSED=NO + + +rem Process command line args +:opts +if "a%1" == "a" goto endopt +if "%1" == "no-asm" set NO_ASM=no-asm +if "%1" == "no-asm" set ARG_PROCESSED=YES +if "%1" == "debug" set DEBUG=debug +if "%1" == "debug" set ARG_PROCESSED=YES +if "%1" == "nw-nasm" set ASM_MODE=nw-nasm +if "%1" == "nw-nasm" set ASSEMBLER=NASM +if "%1" == "nw-nasm" set NO_ASM= +if "%1" == "nw-nasm" set ARG_PROCESSED=YES +if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm +if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks +if "%1" == "nw-mwasm" set NO_ASM= +if "%1" == "nw-mwasm" set ARG_PROCESSED=YES +if "%1" == "netware-clib" set BLD_TARGET=netware-clib +if "%1" == "netware-clib" set ARG_PROCESSED=YES +if "%1" == "netware-libc" set BLD_TARGET=netware-libc +if "%1" == "netware-libc" set ARG_PROCESSED=YES + +rem If we didn't recognize the argument, consider it an option for config +if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1 +if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO + +shift +goto opts +:endopt + +rem make sure a valid BLD_TARGET was specified +if "%BLD_TARGET%" == "no_target" goto no_target + +rem build the nlm make file name which includes target and debug info +set NLM_MAKE= +if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib +if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc +if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak +if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak + +if "%NO_ASM%" == "no-asm" set ASM_MODE= +if "%NO_ASM%" == "no-asm" set ASSEMBLER= +if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm +if "%NO_ASM%" == "no-asm" goto do_config + + +rem ================================================== +echo Generating x86 for %ASSEMBLER% assembler + +echo Bignum +cd crypto\bn\asm +perl x86.pl %ASM_MODE% > bn-nw.asm +cd ..\..\.. + +echo DES +cd crypto\des\asm +perl des-586.pl %ASM_MODE% > d-nw.asm +cd ..\..\.. + +echo "crypt(3)" + +cd crypto\des\asm +perl crypt586.pl %ASM_MODE% > y-nw.asm +cd ..\..\.. + +echo Blowfish + +cd crypto\bf\asm +perl bf-586.pl %ASM_MODE% > b-nw.asm +cd ..\..\.. + +echo CAST5 +cd crypto\cast\asm +perl cast-586.pl %ASM_MODE% > c-nw.asm +cd ..\..\.. + +echo RC4 +cd crypto\rc4\asm +perl rc4-586.pl %ASM_MODE% > r4-nw.asm +cd ..\..\.. + +echo MD5 +cd crypto\md5\asm +perl md5-586.pl %ASM_MODE% > m5-nw.asm +cd ..\..\.. + +echo SHA1 +cd crypto\sha\asm +perl sha1-586.pl %ASM_MODE% > s1-nw.asm +cd ..\..\.. + +echo RIPEMD160 +cd crypto\ripemd\asm +perl rmd-586.pl %ASM_MODE% > rm-nw.asm +cd ..\..\.. + +echo RC5\32 +cd crypto\rc5\asm +perl rc5-586.pl %ASM_MODE% > r5-nw.asm +cd ..\..\.. + +rem =============================================================== +rem +:do_config + +echo . +echo configure options: %CONFIG_OPTS% %BLD_TARGET% +echo . +perl configure %CONFIG_OPTS% %BLD_TARGET% + +perl util\mkfiles.pl >MINFO + +echo . +echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% +echo . +perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE% + +echo The makefile "%NLM_MAKE%" has been created use your maketool to +echo build (ex: gmake -f %NLM_MAKE%) +goto end + +rem =============================================================== +rem +:no_target +echo . +echo . No build target specified!!! +echo . +echo . usage: build [target] [debug opts] [assembly opts] [configure opts] +echo . +echo . target - "netware-clib" - CLib NetWare build +echo . - "netware-libc" - LibC NKS NetWare build +echo . +echo . debug opts - "debug" - build debug +echo . +echo . assembly opts - "nw-mwasm" - use Metrowerks assembler +echo . "nw-nasm" - use NASM assembler +echo . "no-asm" - don't use assembly +echo . +echo . configure opts- all unrecognized arguments are passed to the +echo . perl configure script +echo . +echo . If no debug or assembly opts are specified the default is to build +echo . non-debug without assembly +echo . + + +:end diff --git a/Netware/cpy_tests.bat b/Netware/cpy_tests.bat new file mode 100644 index 000000000..c2f07c00c --- /dev/null +++ b/Netware/cpy_tests.bat @@ -0,0 +1,112 @@ +@echo off + +rem Batch file to copy OpenSSL stuff to a NetWare server for testing + +rem This batch file will create an "opensssl" directory at the root of the +rem specified NetWare drive and copy the required files to run the tests. +rem It should be run from inside the "openssl\netware" subdirectory. + +rem Usage: +rem cpy_tests.bat +rem - out_nw.dbg | out_nw +rem - any mapped drive letter +rem +rem example ( copy from debug build to m: dirve ): +rem cpy_tests.bat out_nw.dbg m: +rem +rem CAUTION: If a directory named OpenSSL exists on the target drive +rem it will be deleted first. + + +if "%1" == "" goto usage +if "%2" == "" goto usage + +rem Assume running in \openssl directory unless cpy_tests.bat exists then +rem it must be the \openssl\netware directory +set loc=. +if exist cpy_tests.bat set loc=.. + +rem make sure the local build subdirectory specified is valid +if not exist %loc%\%1\NUL goto invalid_dir + +rem make sure target drive is valid +if not exist %2\NUL goto invalid_drive + +rem If an OpenSSL directory exists on the target drive, remove it +if exist %2\openssl\NUL goto remove_openssl +goto do_copy + +:remove_openssl +echo . +echo OpenSSL directory exists on %2 - it will be removed! +pause +rmdir %2\openssl /s /q + +:do_copy +rem make an "openssl" directory and others at the root of the NetWare drive +mkdir %2\openssl +mkdir %2\openssl\test_out +mkdir %2\openssl\apps +mkdir %2\openssl\certs +mkdir %2\openssl\test + + +rem copy the test nlms +copy %loc%\%1\*.nlm %2\openssl\ + +rem copy the test perl script +copy %loc%\netware\do_tests.pl %2\openssl\ + +rem copy the certs directory stuff +xcopy %loc%\certs\*.* %2\openssl\certs\ /s + +rem copy the test directory stuff +copy %loc%\test\CAss.cnf %2\openssl\test\ +copy %loc%\test\Uss.cnf %2\openssl\test\ +copy %loc%\test\pkcs7.pem %2\openssl\test\ +copy %loc%\test\pkcs7-1.pem %2\openssl\test\ +copy %loc%\test\testcrl.pem %2\openssl\test\ +copy %loc%\test\testp7.pem %2\openssl\test\ +copy %loc%\test\testreq2.pem %2\openssl\test\ +copy %loc%\test\testrsa.pem %2\openssl\test\ +copy %loc%\test\testsid.pem %2\openssl\test\ +copy %loc%\test\testx509.pem %2\openssl\test\ +copy %loc%\test\v3-cert1.pem %2\openssl\test\ +copy %loc%\test\v3-cert2.pem %2\openssl\test\ + +rem copy the apps directory stuff +copy %loc%\apps\client.pem %2\openssl\apps\ +copy %loc%\apps\server.pem %2\openssl\apps\ +copy %loc%\apps\openssl.cnf %2\openssl\apps\ + +echo . +echo Tests copied +echo Run the test script at the console by typing: +echo "Perl \openssl\do_tests.pl" +echo . +echo Make sure the Search path includes the OpenSSL subdirectory + +goto end + +:invalid_dir +echo. +echo Invalid build directory specified: %1 +echo. +goto usage + +:invalid_drive +echo. +echo Invalid drive: %2 +echo. +goto usage + +:usage +echo. +echo usage: cpy_tests.bat [test subdirectory] [NetWare drive] +echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. +echo [NetWare drive] - any mapped drive letter +echo. +echo example: cpy_test out_nw_clib.dbg M: +echo (copy from clib debug build area to M: drive) + +:end diff --git a/Netware/do_tests.pl b/Netware/do_tests.pl new file mode 100644 index 000000000..f4e11272d --- /dev/null +++ b/Netware/do_tests.pl @@ -0,0 +1,585 @@ +# perl script to run OpenSSL tests + + +my $base_path = "\\openssl"; + +my $output_path = "$base_path\\test_out"; +my $cert_path = "$base_path\\certs"; +my $test_path = "$base_path\\test"; +my $app_path = "$base_path\\apps"; + +my $tmp_cert = "$output_path\\cert.tmp"; +my $OpenSSL_config = "$app_path\\openssl.cnf"; +my $log_file = "$output_path\\tests.log"; + +my $pause = 0; + + +# process the command line args to see if they wanted us to pause +# between executing each command +foreach $i (@ARGV) +{ + if ($i =~ /^-p$/) + { $pause=1; } +} + + + +main(); + + +############################################################################ +sub main() +{ + # delete all the output files in the output directory + unlink <$output_path\\*.*>; + + # open the main log file + open(OUT, ">$log_file") || die "unable to open $log_file\n"; + + + algorithm_tests(); + encryption_tests(); + pem_tests(); + verify_tests(); + ssl_tests(); + ca_tests(); + + close(OUT); + + print("\nCompleted running tests.\n\n"); + print("Check log file for errors: $log_file\n"); +} + +############################################################################ +sub algorithm_tests +{ + my $i; + my $outFile; + my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test, + md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest, + dhtest, exptest ); + + print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); + + foreach $i (@tests) + { + $outFile = "$output_path\\$i.out"; + system("$i > $outFile"); + log_desc("Test: $i\.nlm:"); + log_output("", $outFile ); + } +} + +############################################################################ +sub encryption_tests +{ + my $i; + my $outFile; + my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", + "des-ofb", "des-ede-ofb", "des-ede3-ofb", + "des-ecb", "des-ede", "des-ede3", "des-cbc", + "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", + "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", + "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", + "bf-ofb", "bf-cbc" ); + + my $input = "$base_path\\do_tests.pl"; + my $cipher = "$output_path\\cipher.out"; + my $clear = "$output_path\\clear.out"; + + print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); + + foreach $i (@enc_tests) + { + log_desc("Testing: $i"); + + # do encryption + $outFile = "$output_path\\enc.out"; + system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" ); + log_output("Encrypting: $input --> $cipher", $outFile); + + # do decryption + $outFile = "$output_path\\dec.out"; + system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); + log_output("Decrypting: $cipher --> $clear", $outFile); + + # compare files + $x = compare_files( $input, $clear, 1); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $clear\n"); + print( OUT "SUCCESS - files match: $input, $clear\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + + do_wait(); + + # Now do the same encryption but use Base64 + + # do encryption B64 + $outFile = "$output_path\\B64enc.out"; + system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile"); + log_output("Encrypting(B64): $cipher --> $clear", $outFile); + + # do decryption B64 + $outFile = "$output_path\\B64dec.out"; + system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); + log_output("Decrypting(B64): $cipher --> $clear", $outFile); + + # compare files + $x = compare_files( $input, $clear, 1); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $clear\n"); + print( OUT "SUCCESS - files match: $input, $clear\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + + do_wait(); + + } # end foreach + + # delete the temporary files + unlink($cipher); + unlink($clear); +} + + +############################################################################ +sub pem_tests +{ + my $i; + my $tmp_out; + my $outFile = "$output_path\\pem.out"; + + my %pem_tests = ( + "crl" => "testcrl.pem", + "pkcs7" => "testp7.pem", + "req" => "testreq2.pem", + "rsa" => "testrsa.pem", + "x509" => "testx509.pem", + "x509" => "v3-cert1.pem", + "sess_id" => "testsid.pem" ); + + + print( "\nRUNNING PEM TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "PEM TESTS:\n\n"); + + foreach $i (keys(%pem_tests)) + { + log_desc( "Testing: $i"); + + my $input = "$test_path\\$pem_tests{$i}"; + + $tmp_out = "$output_path\\$pem_tests{$i}"; + + if ($i ne "req" ) + { + system("openssl2 $i -in $input -out $tmp_out > $outFile"); + log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); + } + else + { + system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile"); + log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); + } + + $x = compare_files( $input, $tmp_out); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $tmp_out\n"); + print( OUT "SUCCESS - files match: $input, $tmp_out\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + do_wait(); + + } # end foreach +} + + +############################################################################ +sub verify_tests +{ + my $i; + my $outFile = "$output_path\\verify.out"; + + my @cert_files = <$cert_path\\*.pem>; + + print( "\nRUNNING VERIFY TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "VERIFY TESTS:\n\n"); + + make_tmp_cert_file(); + + foreach $i (@cert_files) + { + system("openssl2 verify -CAfile $tmp_cert $i >$outFile"); + log_desc("Verifying cert: $i"); + log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); + } +} + + +############################################################################ +sub ssl_tests +{ + my $outFile = "$output_path\\ssl_tst.out"; + + print( "\nRUNNING SSL TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "SSL TESTS:\n\n"); + + make_tmp_cert_file(); + + system("ssltest -ssl2 >$outFile"); + log_desc("Testing sslv2:"); + log_output("ssltest -ssl2", $outFile); + + system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with server authentication:"); + log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with client authentication:"); + log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with both client and server authentication:"); + log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 >$outFile"); + log_desc("Testing sslv3:"); + log_output("ssltest -ssl3", $outFile); + + system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with server authentication:"); + log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with client authentication:"); + log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with both client and server authentication:"); + log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest >$outFile"); + log_desc("Testing sslv2/sslv3:"); + log_output("ssltest", $outFile); + + system("ssltest -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with server authentication:"); + log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with client authentication:"); + log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with both client and server authentication:"); + log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 >$outFile"); + log_desc("Testing sslv2 via BIO pair:"); + log_output("ssltest -bio_pair -ssl2", $outFile); + + system("ssltest -bio_pair -dhe1024dsa -v >$outFile"); + log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); + log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); + + system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 >$outFile"); + log_desc("Testing sslv3 via BIO pair:"); + log_output("ssltest -bio_pair -ssl3", $outFile); + + system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair >$outFile"); + log_desc("Testing sslv2/sslv3 via BIO pair:"); + log_output("ssltest -bio_pair", $outFile); + + system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile); +} + + +############################################################################ +sub ca_tests +{ + my $outFile = "$output_path\\ca_tst.out"; + + my($CAkey) = "$output_path\\keyCA.ss"; + my($CAcert) = "$output_path\\certCA.ss"; + my($CAserial) = "$output_path\\certCA.srl"; + my($CAreq) = "$output_path\\reqCA.ss"; + my($CAreq2) = "$output_path\\req2CA.ss"; + + my($CAconf) = "$test_path\\CAss.cnf"; + + my($Uconf) = "$test_path\\Uss.cnf"; + + my($Ukey) = "$output_path\\keyU.ss"; + my($Ureq) = "$output_path\\reqU.ss"; + my($Ucert) = "$output_path\\certU.ss"; + + print( "\nRUNNING CA TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "CA TESTS:\n"); + + system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile"); + log_desc("Make a certificate request using req:"); + log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); + + system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile"); + log_desc("Convert the certificate request into a self signed certificate using x509:"); + log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); + + system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile"); + log_desc("Convert a certificate into a certificate request using 'x509':"); + log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); + + system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile"); + log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); + + system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile"); + log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); + + system("openssl2 verify -CAfile $CAcert $CAcert >$outFile"); + log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); + + system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile"); + log_desc("Make another certificate request using req:"); + log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); + + system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile"); + log_desc("Sign certificate request with the just created CA via x509:"); + log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); + + system("openssl2 verify -CAfile $CAcert $Ucert >$outFile"); + log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); + + system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile"); + log_desc("Certificate details"); + log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); + + print(OUT "-- \n"); + print(OUT "The generated CA certificate is $CAcert\n"); + print(OUT "The generated CA private key is $CAkey\n"); + print(OUT "The current CA signing serial number is in $CAserial\n"); + + print(OUT "The generated user certificate is $Ucert\n"); + print(OUT "The generated user private key is $Ukey\n"); + print(OUT "--\n"); +} + +############################################################################ +sub log_output( $ $ ) +{ + my( $desc, $file ) = @_; + my($error) = 0; + my($key); + my($msg); + + if ($desc) + { + print("$desc\n"); + print(OUT "$desc\n"); + } + + # loop waiting for test program to complete + while ( stat($file) == 0) + { print(". "); sleep(1); } + + + # copy test output to log file + open(IN, "<$file"); + while () + { + print(OUT $_); + if ( $_ =~ /ERROR/ ) + { + $error = 1; + } + } + # close and delete the temporary test output file + close(IN); + unlink($file); + + if ( $error == 0 ) + { + $msg = "Test Succeeded"; + } + else + { + $msg = "Test Failed"; + } + + print(OUT "$msg\n"); + + if ($pause) + { + print("$msg - press ENTER to continue..."); + $key = getc; + print("\n"); + } + + # Several of the testing scripts run a loop loading the + # same NLM with different options. + # On slow NetWare machines there appears to be some delay in the + # OS actually unloading the test nlms and the OS complains about. + # the NLM already being loaded. This additional pause is to + # to help provide a little more time for unloading before trying to + # load again. + sleep(1); +} + + +############################################################################ +sub log_desc( $ ) +{ + my( $desc ) = @_; + + print("\n"); + print("$desc\n"); + + print(OUT "\n"); + print(OUT "$desc\n"); + print(OUT "======================================\n"); +} + +############################################################################ +sub compare_files( $ $ $ ) +{ + my( $file1, $file2, $binary ) = @_; + my( $n1, $n2, $b1, $b2 ); + my($ret) = 1; + + open(IN0, $file1) || die "\nunable to open $file1\n"; + open(IN1, $file2) || die "\nunable to open $file2\n"; + + if ($binary) + { + binmode IN0; + binmode IN1; + } + + for (;;) + { + $n1 = read(IN0, $b1, 512); + $n2 = read(IN1, $b2, 512); + + if ($n1 != $n2) {last;} + if ($b1 != $b2) {last;} + + if ($n1 == 0) + { + $ret = 0; + last; + } + } + close(IN0); + close(IN1); + return($ret); +} + +############################################################################ +sub do_wait() +{ + my($key); + + if ($pause) + { + print("Press ENTER to continue..."); + $key = getc; + print("\n"); + } +} + + +############################################################################ +sub make_tmp_cert_file() +{ + my @cert_files = <$cert_path\\*.pem>; + + # delete the file if it already exists + unlink($tmp_cert); + + open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; + + print("building temporary cert file\n"); + + # create a temporary cert file that contains all the certs + foreach $i (@cert_files) + { + open( IN_CERT, $i ) || die "\nunable to open $i\n"; + + for(;;) + { + $n = sysread(IN_CERT, $data, 1024); + + if ($n == 0) + { + close(IN_CERT); + last; + }; + + syswrite(TMP_CERT, $data, $n); + } + } + + close( TMP_CERT ); +} diff --git a/Netware/globals.txt b/Netware/globals.txt new file mode 100644 index 000000000..fe05d390c --- /dev/null +++ b/Netware/globals.txt @@ -0,0 +1,254 @@ +An initial review of the OpenSSL code was done to determine how many +global variables where present. The idea was to determine the amount of +work required to pull the globals into an instance data structure in +order to build a Library NLM for NetWare. This file contains the results +of the review. Each file is listed along with the globals in the file. +The initial review was done very quickly so this list is probably +not a comprehensive list. + + +cryptlib.c +=========================================== + +static STACK *app_locks=NULL; + +static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; + +static void (MS_FAR *locking_callback)(int mode,int type, + const char *file,int line)=NULL; +static int (MS_FAR *add_lock_callback)(int *pointer,int amount, + int type,const char *file,int line)=NULL; +static unsigned long (MS_FAR *id_callback)(void)=NULL; +static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) + (const char *file,int line)=NULL; +static void (MS_FAR *dynlock_lock_callback)(int mode, + struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; +static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, + const char *file,int line)=NULL; + + +mem.c +=========================================== +static int allow_customize = 1; /* we provide flexible functions for */ +static int allow_customize_debug = 1;/* exchanging memory-related functions at + +/* may be changed as long as `allow_customize' is set */ +static void *(*malloc_locked_func)(size_t) = malloc; +static void (*free_locked_func)(void *) = free; +static void *(*malloc_func)(size_t) = malloc; +static void *(*realloc_func)(void *, size_t)= realloc; +static void (*free_func)(void *) = free; + +/* use default functions from mem_dbg.c */ +static void (*malloc_debug_func)(void *,int,const char *,int,int) + = CRYPTO_dbg_malloc; +static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) + = CRYPTO_dbg_realloc; +static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; +static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; +static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; + + +mem_dbg.c +=========================================== +static int mh_mode=CRYPTO_MEM_CHECK_OFF; +static unsigned long order = 0; /* number of memory requests */ +static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ + +static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */ +static long options = /* extra information to be recorded */ +static unsigned long disabling_thread = 0; + + +err.c +=========================================== +static LHASH *error_hash=NULL; +static LHASH *thread_hash=NULL; + +several files have routines with static "init" to track if error strings + have been loaded ( may not want seperate error strings for each process ) + The "init" variable can't be left "global" because the error has is a ptr + that is malloc'ed. The malloc'ed error has is dependant on the "init" + vars. + + files: + pem_err.c + cpt_err.c + pk12err.c + asn1_err.c + bio_err.c + bn_err.c + buf_err.c + comp_err.c + conf_err.c + cpt_err.c + dh_err.c + dsa_err.c + dso_err.c + evp_err.c + obj_err.c + pkcs7err.c + rand_err.c + rsa_err.c + rsar_err.c + ssl_err.c + x509_err.c + v3err.c + err.c + +These file have similar "init" globals but they are for other stuff not +error strings: + + bn_lib.c + ecc_enc.c + s23_clnt.c + s23_meth.c + s23_srvr.c + s2_clnt.c + s2_lib.c + s2_meth.c + s2_srvr.c + s3_clnt.c + s3_lib.c + s3_srvr.c + t1_clnt.c + t1_meth.c + t1_srvr.c + +rand_lib.c +=========================================== +static RAND_METHOD *rand_meth= &rand_ssleay_meth; + +md_rand.c +=========================================== +static int state_num=0,state_index=0; +static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; +static unsigned char md[MD_DIGEST_LENGTH]; +static long md_count[2]={0,0}; +static double entropy=0; +static int initialized=0; + +/* This should be set to 1 only when ssleay_rand_add() is called inside + an already locked state, so it doesn't try to lock and thereby cause + a hang. And it should always be reset back to 0 before unlocking. */ +static int add_do_not_lock=0; + +obj_dat.c +============================================ +static int new_nid=NUM_NID; +static LHASH *added=NULL; + +b_sock.c +=========================================== +static unsigned long BIO_ghbn_hits=0L; +static unsigned long BIO_ghbn_miss=0L; +static struct ghbn_cache_st + { + char name[129]; + struct hostent *ent; + unsigned long order; + } ghbn_cache[GHBN_NUM]; + +static int wsa_init_done=0; + + +bio_lib.c +=========================================== +static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL; +static int bio_meth_num=0; + + +bn_lib.c +======================================== +static int bn_limit_bits=0; +static int bn_limit_num=8; /* (1< 4) && (p[n-4] == '.') && + ((p[n-3] == 'n') || (p[n-3] == 'N')) && + ((p[n-2] == 'l') || (p[n-2] == 'L')) && + ((p[n-1] == 'm') || (p[n-1] == 'M'))) + n-=4; +#else /* strip off trailing .exe if present. */ if ((n > 4) && (p[n-4] == '.') && ((p[n-3] == 'e') || (p[n-3] == 'E')) && ((p[n-2] == 'x') || (p[n-2] == 'X')) && ((p[n-1] == 'e') || (p[n-1] == 'E'))) n-=4; +#endif + if (n > size-1) n=size-1; diff --git a/apps/apps.h b/apps/apps.h index 0d50a9477..107001057 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -162,7 +162,9 @@ extern BIO *bio_err; #endif +#ifndef OPENSSL_SYS_NETWARE #include +#endif #ifdef SIGPIPE #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) diff --git a/apps/ca.c b/apps/ca.c index 15211b844..19d51477a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -83,7 +83,7 @@ # else # include # endif -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) # include # endif #endif diff --git a/apps/s_apps.h b/apps/s_apps.h index 66b6edd44..f4c85aa81 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,8 +108,9 @@ * Hudson (tjh@cryptsoft.com). * */ - +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ #include +#endif #include #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) diff --git a/apps/s_client.c b/apps/s_client.c index 294aad8b5..43934d87b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -256,7 +256,7 @@ int MAIN(int argc, char **argv) char *engine_id=NULL; ENGINE *e=NULL; #endif -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -640,7 +640,7 @@ re_start: if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -770,7 +770,7 @@ re_start: goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else @@ -857,6 +857,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif +#elif defined (OPENSSL_SYS_NETWARE) + else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif diff --git a/apps/s_server.c b/apps/s_server.c index 9b8fe570c..c342a2ba6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -124,13 +124,17 @@ #include #include #include -#include + #include #include #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +#include +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -997,7 +1001,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -1071,7 +1075,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -1081,7 +1085,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1501,7 +1505,9 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) +#if defined(OPENSSL_SYS_NETWARE) + delay(1000); +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; diff --git a/apps/s_socket.c b/apps/s_socket.c index 9a696d5f9..ff8c282a1 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -88,7 +88,7 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_SOCK static struct hostent *GetHostByName(char *name); -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); @@ -104,6 +104,10 @@ static int host_ip(char *str, unsigned char ip[4]); #define SOCKET_PROTOCOL IPPROTO_TCP #endif +#ifdef OPENSSL_SYS_NETWARE +static int wsa_init_done=0; +#endif + #ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; static int wsa_init_done=0; @@ -152,6 +156,15 @@ static void ssl_sock_cleanup(void) WSACleanup(); } } +#elif defined(OPENSSL_SYS_NETWARE) +static void sock_cleanup(void) + { + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } + } #endif static int ssl_sock_init(void) @@ -187,6 +200,27 @@ static int ssl_sock_init(void) SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); #endif /* OPENSSL_SYS_WIN16 */ } +#elif defined(OPENSSL_SYS_NETWARE) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); + return(0); + } + } #endif /* OPENSSL_SYS_WINDOWS */ return(1); } @@ -348,7 +382,7 @@ redoit: ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); if (ret == INVALID_SOCKET) { -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else diff --git a/apps/s_time.c b/apps/s_time.c index 1ad16cd60..1134020d2 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -85,7 +85,7 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) +#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -105,7 +105,7 @@ #undef TIMES #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include #endif @@ -384,6 +384,20 @@ static double tm_Time_F(int s) ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } +#elif defined(OPENSSL_SYS_NETWARE) + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } #elif defined(OPENSSL_SYS_VXWORKS) { static unsigned long tick_start, tick_end; diff --git a/apps/speed.c b/apps/speed.c index d9dd1b65d..d15b06e24 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -88,7 +88,7 @@ #include #include -#include + #include #include #include "apps.h" @@ -104,6 +104,10 @@ #include OPENSSL_UNISTD #endif +#ifndef OPENSSL_SYS_NETWARE +#include +#endif + #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) @@ -113,6 +117,12 @@ # define TIMEB #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TIMES +#undef TIMEB +#include +#endif + #ifndef _IRIX # include #endif @@ -137,7 +147,7 @@ #include #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -236,7 +246,7 @@ # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) # define HAVE_FORK 1 #endif @@ -298,6 +308,32 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 +#if defined(OPENSSL_SYS_NETWARE) + + /* for NetWare the best we can do is use clock() which returns the + * time, in hundredths of a second, since the NLM began executing + */ +static double Time_F(int s) + { + double ret; + + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } + } + +#else + static double Time_F(int s) { double ret; @@ -406,6 +442,7 @@ static double Time_F(int s) # endif #endif } +#endif /* if defined(OPENSSL_SYS_NETWARE) */ static const int KDF1_SHA1_len = 20; diff --git a/crypto/bf/bf_opts.c b/crypto/bf/bf_opts.c index 171dada2c..1721bb99b 100644 --- a/crypto/bf/bf_opts.c +++ b/crypto/bf/bf_opts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c index f346af64f..c41ef3b40 100644 --- a/crypto/bf/bfspeed.c +++ b/crypto/bf/bfspeed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 14bc4d7c8..97e6634d3 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -278,6 +278,9 @@ int main(int argc, char *argv[]) else ret=test(); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(0); } diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index c50100802..d619bcf99 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -79,7 +79,7 @@ #define MAX_LISTEN 32 #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) static int wsa_init_done=0; #endif @@ -473,6 +473,31 @@ int BIO_sock_init(void) if (sock_init()) return (-1); #endif + +#if defined(OPENSSL_SYS_NETWARE) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))BIO_sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + SYSerr(SYS_F_WSASTARTUP,err); + BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP); + return(-1); + } + } +#endif + return(1); } @@ -487,6 +512,12 @@ void BIO_sock_cleanup(void) #endif WSACleanup(); } +#elif defined(OPENSSL_SYS_NETWARE) + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } #endif } diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 1f9bd3312..774bc5a7e 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -218,6 +218,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) _setmode(fd,_O_TEXT); else _setmode(fd,_O_BINARY); +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) + /* Under CLib there are differences in file modes + */ + if (num & BIO_FP_TEXT) + _setmode(fileno((FILE *)ptr),O_TEXT); + else + _setmode(fileno((FILE *)ptr),O_BINARY); #elif defined(OPENSSL_SYS_MSDOS) { int fd = fileno((FILE*)ptr); @@ -270,7 +277,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) else strcat(p,"t"); #endif - fp=fopen(ptr,p); +#if defined(OPENSSL_SYS_NETWARE) + if (!(num & BIO_FP_TEXT)) + strcat(p,"b"); + else + strcat(p,"t"); +#endif +fp=fopen(ptr,p); if (fp == NULL) { SYSerr(SYS_F_FOPEN,get_last_sys_error()); diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 1eb678cac..6360dbc82 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -78,6 +78,8 @@ # include #elif defined(__ultrix) # include +#elif defined(OPENSSL_SYS_NETWARE) +# define NO_SYSLOG #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include #endif diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 7207a1fb8..472dd7582 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -246,7 +246,7 @@ int BIO_sock_non_fatal_error(int err) { switch (err) { -#if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) # if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: # endif diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index b09cf8870..37aec55b8 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -181,6 +181,9 @@ int main(int argc, char *argv[]) err: ERR_load_crypto_strings(); ERR_print_errors(out); +#ifdef OPENSSL_SYS_NETWARE + printf("ERROR\n"); +#endif EXIT(1); return(1); } diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 164f8aa6e..7f557c21c 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -64,7 +64,10 @@ extern "C" { #endif #include + +#if !defined(NO_SYS_TYPES_H) #include +#endif typedef struct buf_mem_st { diff --git a/crypto/cast/cast_spd.c b/crypto/cast/cast_spd.c index 76abf50d9..d650af475 100644 --- a/crypto/cast/cast_spd.c +++ b/crypto/cast/cast_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/cast/castopts.c b/crypto/cast/castopts.c index 1b858d153..33b2c7b06 100644 --- a/crypto/cast/castopts.c +++ b/crypto/cast/castopts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c index 79278b920..2df82962c 100644 --- a/crypto/des/des_opts.c +++ b/crypto/des/des_opts.c @@ -71,7 +71,11 @@ #include extern void exit(); #endif + +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 788f552c8..4584cf300 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -821,6 +821,9 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]); printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif printf("\n"); return(err); } diff --git a/crypto/des/speed.c b/crypto/des/speed.c index 48fc1d49f..1616f4b7c 100644 --- a/crypto/des/speed.c +++ b/crypto/des/speed.c @@ -69,7 +69,11 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#define crypt(c,s) (des_crypt((c),(s))) +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 492fbeefa..1b193649d 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -197,9 +197,9 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 1dbda6801..ccc456eab 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -221,6 +221,9 @@ end: BIO_free(bio_err); bio_err = NULL; } +#ifdef OPENSSL_SYS_NETWARE + if (!ret) printf("ERROR\n"); +#endif EXIT(!ret); return(0); } diff --git a/crypto/idea/idea_spd.c b/crypto/idea/idea_spd.c index 48ffaff52..699353e87 100644 --- a/crypto/idea/idea_spd.c +++ b/crypto/idea/idea_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index 98f805d72..e6ffc7025 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -169,6 +169,9 @@ int main(int argc, char *argv[]) else printf("ok\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 9c1e28b6c..13cbec4ab 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -124,6 +124,9 @@ int main(int argc, char *argv[]) R++; P++; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); } diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 511e5b2aa..0cdc06e31 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -184,6 +184,8 @@ # elif defined(__MWERKS__) # if defined(__POWERPC__) # define ROTATE(a,n) __rlwinm(a,n,0,31) +# elif defined(OPENSSL_SYSNAME_NETWARE) +# define ROTATE(a,n) _lrotl(a,n) # elif defined(__MC68K__) /* Motorola specific tweak. */ # define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index bfd62629e..667b6be34 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -120,6 +120,10 @@ int main(int argc, char *argv[]) R++; P++; } + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index c9abe99d9..017b31add 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -140,6 +140,9 @@ int main(int argc, char *argv[]) printf("pad2 - ok\n"); EVP_MD_CTX_cleanup(&c); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl index 1cb96e914..f9c7c37ac 100644 --- a/crypto/perlasm/x86asm.pl +++ b/crypto/perlasm/x86asm.pl @@ -18,7 +18,7 @@ sub main'asm_init ($type,$fn,$i386)=@_; $filename=$fn; - $elf=$cpp=$sol=$aout=$win32=$gaswin=0; + $elf=$cpp=$sol=$aout=$win32=$gaswin=$netware=0; if ( ($type eq "elf")) { $elf=1; require "x86unix.pl"; } elsif ( ($type eq "a.out")) @@ -33,6 +33,10 @@ sub main'asm_init { $win32=1; require "x86ms.pl"; } elsif ( ($type eq "win32n")) { $win32=1; require "x86nasm.pl"; } + elsif ( ($type eq "nw-nasm")) + { $netware=1; require "x86nasm_nw.pl"; } + elsif ( ($type eq "nw-mwasm")) + { $netware=1; require "x86mwasm_nw.pl"; } else { print STDERR <<"EOF"; @@ -43,6 +47,8 @@ Pick one target type from cpp - format so x86unix.cpp can be used win32 - Windows 95/Windows NT win32n - Windows 95/Windows NT NASM format + nw-nasm - NetWare NASM format + nw-mwasm- NetWare Metrowerks Assembler EOF exit(1); } diff --git a/crypto/perlasm/x86mwasm_nw.pl b/crypto/perlasm/x86mwasm_nw.pl new file mode 100644 index 000000000..7a691851c --- /dev/null +++ b/crypto/perlasm/x86mwasm_nw.pl @@ -0,0 +1,363 @@ +#!/usr/local/bin/perl + +# x86 CodeWarrior assembler for NetWare + +# This file is a slightly modified version of x86nasm.pl. The Metrowerks +# compiler for NetWare doesn't prefix symbols with an underscore. +# + +$label="L000"; + +%lb=( 'eax', 'al', + 'ebx', 'bl', + 'ecx', 'cl', + 'edx', 'dl', + 'ax', 'al', + 'bx', 'bl', + 'cx', 'cl', + 'dx', 'dl', + ); + +%hb=( 'eax', 'ah', + 'ebx', 'bh', + 'ecx', 'ch', + 'edx', 'dh', + 'ax', 'ah', + 'bx', 'bh', + 'cx', 'ch', + 'dx', 'dh', + ); + +sub main'asm_init_output +{ + @out=(); + &comment("NetWare: assembly for CodeWarrior assembler (mwasmnlm)"); +} +sub main'asm_get_output { return(@out); } +sub main'get_labels { return(@labels); } + +sub main'external_label +{ + push(@labels,@_); + foreach (@_) { + push(@out, ".extern\t$_\n"); + } +} + +sub main'LB + { + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; + return($lb{$_[0]}); + } + +sub main'HB + { + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; + return($hb{$_[0]}); + } + +sub main'BP + { + &get_mem("BYTE",@_); + } + +sub main'DWP + { + &get_mem("DWORD",@_); + } + +sub main'BC + { + return "@_"; + } + +sub main'DWC + { + return "@_"; + } + +sub main'stack_push + { + my($num)=@_; + $stack+=$num*4; + &main'sub("esp",$num*4); + } + +sub main'stack_pop + { + my($num)=@_; + $stack-=$num*4; + &main'add("esp",$num*4); + } + +sub get_mem + { + my($size,$addr,$reg1,$reg2,$idx)=@_; + my($t,$post); + my($ret)="$size PTR ["; + $addr =~ s/^\s+//; + if ($addr =~ /^(.+)\+(.+)$/) + { + $reg2=&conv($1); + $addr="$2"; + } + elsif ($addr =~ /^[_a-zA-Z]/) + { + $addr="$addr"; + } + + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + if (($addr ne "") && ($addr ne 0)) + { + if ($addr !~ /^-/) + { $ret.="${addr}+"; } + else { $post=$addr; } + } + if ($reg2 ne "") + { + $t=""; + $t="*$idx" if ($idx != 0); + $reg1="+".$reg1 if ("$reg1$post" ne ""); + $ret.="$reg2$t$reg1$post]"; + } + else + { + $ret.="$reg1$post]" + } + $ret =~ s/\+\]/]/; # in case $addr was the only argument + return($ret); + } + +sub main'mov { &out2("mov",@_); } +sub main'movb { &out2("mov",@_); } +sub main'and { &out2("and",@_); } +sub main'or { &out2("or",@_); } +sub main'shl { &out2("shl",@_); } +sub main'shr { &out2("shr",@_); } +sub main'xor { &out2("xor",@_); } +sub main'xorb { &out2("xor",@_); } +sub main'add { &out2("add",@_); } +sub main'adc { &out2("adc",@_); } +sub main'sub { &out2("sub",@_); } +sub main'rotl { &out2("rol",@_); } +sub main'rotr { &out2("ror",@_); } +sub main'exch { &out2("xchg",@_); } +sub main'cmp { &out2("cmp",@_); } +sub main'lea { &out2("lea",@_); } +sub main'mul { &out1("mul",@_); } +sub main'div { &out1("div",@_); } +sub main'dec { &out1("dec",@_); } +sub main'inc { &out1("inc",@_); } +sub main'jmp { &out1("jmp",@_); } +sub main'jmp_ptr { &out1p("jmp",@_); } + +sub main'je { &out1("je ",@_); } +sub main'jle { &out1("jle ",@_); } +sub main'jz { &out1("jz ",@_); } +sub main'jge { &out1("jge ",@_); } +sub main'jl { &out1("jl ",@_); } +sub main'ja { &out1("ja ",@_); } +sub main'jae { &out1("jae ",@_); } +sub main'jb { &out1("jb ",@_); } +sub main'jbe { &out1("jbe ",@_); } +sub main'jc { &out1("jc ",@_); } +sub main'jnc { &out1("jnc ",@_); } +sub main'jnz { &out1("jnz ",@_); } +sub main'jne { &out1("jne ",@_); } +sub main'jno { &out1("jno ",@_); } + +sub main'push { &out1("push",@_); $stack+=4; } +sub main'pop { &out1("pop",@_); $stack-=4; } +sub main'bswap { &out1("bswap",@_); &using486(); } +sub main'not { &out1("not",@_); } +sub main'call { &out1("call",$_[0]); } +sub main'ret { &out0("ret"); } +sub main'nop { &out0("nop"); } + +sub out2 + { + my($name,$p1,$p2)=@_; + my($l,$t); + + push(@out,"\t$name\t"); + $t=&conv($p1).","; + $l=length($t); + push(@out,$t); + $l=4-($l+9)/8; + push(@out,"\t" x $l); + push(@out,&conv($p2)); + push(@out,"\n"); + } + +sub out0 + { + my($name)=@_; + + push(@out,"\t$name\n"); + } + +sub out1 + { + my($name,$p1)=@_; + my($l,$t); + push(@out,"\t$name\t".&conv($p1)."\n"); + } + +sub conv + { + my($p)=@_; + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; + return $p; + } + +sub using486 + { + return if $using486; + $using486++; + grep(s/\.386/\.486/,@out); + } + +sub main'file + { + push(@out, ".section .text\n"); + } + +sub main'function_begin + { + my($func,$extra)=@_; + + push(@labels,$func); + my($tmp)=<<"EOF"; +.global $func +$func: + push ebp + push ebx + push esi + push edi +EOF + push(@out,$tmp); + $stack=20; + } + +sub main'function_begin_B + { + my($func,$extra)=@_; + my($tmp)=<<"EOF"; +.global $func +$func: +EOF + push(@out,$tmp); + $stack=4; + } + +sub main'function_end + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + $stack=0; + %label=(); + } + +sub main'function_end_B + { + $stack=0; + %label=(); + } + +sub main'function_end_A + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + } + +sub main'file_end + { + } + +sub main'wparam + { + my($num)=@_; + + return(&main'DWP($stack+$num*4,"esp","",0)); + } + +sub main'swtmp + { + return(&main'DWP($_[0]*4,"esp","",0)); + } + +# Should use swtmp, which is above esp. Linix can trash the stack above esp +#sub main'wtmp +# { +# my($num)=@_; +# +# return(&main'DWP(-(($num+1)*4),"esp","",0)); +# } + +sub main'comment + { + foreach (@_) + { + push(@out,"\t; $_\n"); + } + } + +sub main'label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + return($label{$_[0]}); + } + +sub main'set_label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + push(@out,"$label{$_[0]}:\n"); + } + +sub main'data_word + { + push(@out,"\t.long\t$_[0]\n"); + } + +sub out1p + { + my($name,$p1)=@_; + my($l,$t); + + push(@out,"\t$name\t ".&conv($p1)."\n"); + } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/perlasm/x86nasm_nw.pl b/crypto/perlasm/x86nasm_nw.pl new file mode 100644 index 000000000..e64766cf0 --- /dev/null +++ b/crypto/perlasm/x86nasm_nw.pl @@ -0,0 +1,364 @@ +#!/usr/local/bin/perl + +# x86 nasm assembler for NetWare + +# This file is a slightly modified version of x86nasm.pl. The Metrowerks +# compiler for NetWare doesn't prefix symbols with an underscore. +# + +$label="L000"; + +%lb=( 'eax', 'al', + 'ebx', 'bl', + 'ecx', 'cl', + 'edx', 'dl', + 'ax', 'al', + 'bx', 'bl', + 'cx', 'cl', + 'dx', 'dl', + ); + +%hb=( 'eax', 'ah', + 'ebx', 'bh', + 'ecx', 'ch', + 'edx', 'dh', + 'ax', 'ah', + 'bx', 'bh', + 'cx', 'ch', + 'dx', 'dh', + ); + +sub main'asm_init_output +{ + @out=(); + &comment("NetWare: assembly for NASM assembler (nasmw)"); +} +sub main'asm_get_output { return(@out); } +sub main'get_labels { return(@labels); } + +sub main'external_label +{ + push(@labels,@_); + foreach (@_) { + push(@out, "extern\t$_\n"); + } +} + +sub main'LB + { + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; + return($lb{$_[0]}); + } + +sub main'HB + { + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; + return($hb{$_[0]}); + } + +sub main'BP + { + &get_mem("BYTE",@_); + } + +sub main'DWP + { + &get_mem("DWORD",@_); + } + +sub main'BC + { + return "BYTE @_"; + } + +sub main'DWC + { + return "DWORD @_"; + } + +sub main'stack_push + { + my($num)=@_; + $stack+=$num*4; + &main'sub("esp",$num*4); + } + +sub main'stack_pop + { + my($num)=@_; + $stack-=$num*4; + &main'add("esp",$num*4); + } + +sub get_mem + { + my($size,$addr,$reg1,$reg2,$idx)=@_; + my($t,$post); + my($ret)="["; + $addr =~ s/^\s+//; + if ($addr =~ /^(.+)\+(.+)$/) + { + $reg2=&conv($1); + $addr="$2"; + } + elsif ($addr =~ /^[_a-zA-Z]/) + { + $addr="$addr"; + } + + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + if (($addr ne "") && ($addr ne 0)) + { + if ($addr !~ /^-/) + { $ret.="${addr}+"; } + else { $post=$addr; } + } + if ($reg2 ne "") + { + $t=""; + $t="*$idx" if ($idx != 0); + $reg1="+".$reg1 if ("$reg1$post" ne ""); + $ret.="$reg2$t$reg1$post]"; + } + else + { + $ret.="$reg1$post]" + } + $ret =~ s/\+\]/]/; # in case $addr was the only argument + return($ret); + } + +sub main'mov { &out2("mov",@_); } +sub main'movb { &out2("mov",@_); } +sub main'and { &out2("and",@_); } +sub main'or { &out2("or",@_); } +sub main'shl { &out2("shl",@_); } +sub main'shr { &out2("shr",@_); } +sub main'xor { &out2("xor",@_); } +sub main'xorb { &out2("xor",@_); } +sub main'add { &out2("add",@_); } +sub main'adc { &out2("adc",@_); } +sub main'sub { &out2("sub",@_); } +sub main'rotl { &out2("rol",@_); } +sub main'rotr { &out2("ror",@_); } +sub main'exch { &out2("xchg",@_); } +sub main'cmp { &out2("cmp",@_); } +sub main'lea { &out2("lea",@_); } +sub main'mul { &out1("mul",@_); } +sub main'div { &out1("div",@_); } +sub main'dec { &out1("dec",@_); } +sub main'inc { &out1("inc",@_); } +sub main'jmp { &out1("jmp",@_); } +sub main'jmp_ptr { &out1p("jmp",@_); } + +# This is a bit of a kludge: declare all branches as NEAR. +sub main'je { &out1("je NEAR",@_); } +sub main'jle { &out1("jle NEAR",@_); } +sub main'jz { &out1("jz NEAR",@_); } +sub main'jge { &out1("jge NEAR",@_); } +sub main'jl { &out1("jl NEAR",@_); } +sub main'ja { &out1("ja NEAR",@_); } +sub main'jae { &out1("jae NEAR",@_); } +sub main'jb { &out1("jb NEAR",@_); } +sub main'jbe { &out1("jbe NEAR",@_); } +sub main'jc { &out1("jc NEAR",@_); } +sub main'jnc { &out1("jnc NEAR",@_); } +sub main'jnz { &out1("jnz NEAR",@_); } +sub main'jne { &out1("jne NEAR",@_); } +sub main'jno { &out1("jno NEAR",@_); } + +sub main'push { &out1("push",@_); $stack+=4; } +sub main'pop { &out1("pop",@_); $stack-=4; } +sub main'bswap { &out1("bswap",@_); &using486(); } +sub main'not { &out1("not",@_); } +sub main'call { &out1("call",$_[0]); } +sub main'ret { &out0("ret"); } +sub main'nop { &out0("nop"); } + +sub out2 + { + my($name,$p1,$p2)=@_; + my($l,$t); + + push(@out,"\t$name\t"); + $t=&conv($p1).","; + $l=length($t); + push(@out,$t); + $l=4-($l+9)/8; + push(@out,"\t" x $l); + push(@out,&conv($p2)); + push(@out,"\n"); + } + +sub out0 + { + my($name)=@_; + + push(@out,"\t$name\n"); + } + +sub out1 + { + my($name,$p1)=@_; + my($l,$t); + push(@out,"\t$name\t".&conv($p1)."\n"); + } + +sub conv + { + my($p)=@_; + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; + return $p; + } + +sub using486 + { + return if $using486; + $using486++; + grep(s/\.386/\.486/,@out); + } + +sub main'file + { + push(@out, "segment .text\n"); + } + +sub main'function_begin + { + my($func,$extra)=@_; + + push(@labels,$func); + my($tmp)=<<"EOF"; +global $func +$func: + push ebp + push ebx + push esi + push edi +EOF + push(@out,$tmp); + $stack=20; + } + +sub main'function_begin_B + { + my($func,$extra)=@_; + my($tmp)=<<"EOF"; +global $func +$func: +EOF + push(@out,$tmp); + $stack=4; + } + +sub main'function_end + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + $stack=0; + %label=(); + } + +sub main'function_end_B + { + $stack=0; + %label=(); + } + +sub main'function_end_A + { + my($func)=@_; + + my($tmp)=<<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + push(@out,$tmp); + } + +sub main'file_end + { + } + +sub main'wparam + { + my($num)=@_; + + return(&main'DWP($stack+$num*4,"esp","",0)); + } + +sub main'swtmp + { + return(&main'DWP($_[0]*4,"esp","",0)); + } + +# Should use swtmp, which is above esp. Linix can trash the stack above esp +#sub main'wtmp +# { +# my($num)=@_; +# +# return(&main'DWP(-(($num+1)*4),"esp","",0)); +# } + +sub main'comment + { + foreach (@_) + { + push(@out,"\t; $_\n"); + } + } + +sub main'label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="\$${label}${_[0]}"; + $label++; + } + return($label{$_[0]}); + } + +sub main'set_label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + push(@out,"$label{$_[0]}:\n"); + } + +sub main'data_word + { + push(@out,"\tDD\t$_[0]\n"); + } + +sub out1p + { + my($name,$p1)=@_; + my($l,$t); + + push(@out,"\t$name\t ".&conv($p1)."\n"); + } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 3065234e2..0f7899c26 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -24,9 +24,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_os2.c + rand_win.c rand_unix.c rand_os2.c rand_nw.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ - rand_win.o rand_unix.o rand_os2.o + rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 1f168221e..8e1efc15a 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c new file mode 100644 index 000000000..0ff884783 --- /dev/null +++ b/crypto/rand/rand_nw.c @@ -0,0 +1,171 @@ +/* crypto/rand/rand_win.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include "rand_lcl.h" + +#if defined (OPENSSL_SYS_NETWARE) + +#if defined(NETWARE_LIBC) +#include +#endif + +extern long RunningProcess; + + /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed + */ +int RAND_poll(void) +{ + unsigned long l; + unsigned long tsc; + int i; + + /* There are several options to gather miscellaneous data + * but for now we will loop checking the time stamp counter (rdtsc) and + * the SuperHighResolutionTimer. Each iteration will collect 8 bytes + * of data but it is treated as only 1 byte of entropy. The call to + * ThreadSwitchWithDelay() will introduce additional variability into + * the data returned by rdtsc. + * + * Applications can agument the seed material by adding additional + * stuff with RAND_add() and should probably do so. + */ + l = GetProcessSwitchCount(); + RAND_add(&l,sizeof(l),1); + + l=RunningProcess; + RAND_add(&l,sizeof(l),1); + + for( i=2; i #define USE_SOCKETS #include "e_os.h" @@ -115,7 +116,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) #include #include diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c index 701932e6e..ef057c2c3 100644 --- a/crypto/rand/randtest.c +++ b/crypto/rand/randtest.c @@ -211,6 +211,9 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/rc2/rc2speed.c b/crypto/rc2/rc2speed.c index 47d34b444..b16e6e2ed 100644 --- a/crypto/rc2/rc2speed.c +++ b/crypto/rc2/rc2speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index b67bafb49..0e117436b 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -205,6 +205,9 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/rc4/rc4speed.c b/crypto/rc4/rc4speed.c index ced98c52d..0ebd38123 100644 --- a/crypto/rc4/rc4speed.c +++ b/crypto/rc4/rc4speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c index b9d8f2097..18154025e 100644 --- a/crypto/rc4/rc4test.c +++ b/crypto/rc4/rc4test.c @@ -197,6 +197,9 @@ int main(int argc, char *argv[]) } } printf("done\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/rc5/rc5speed.c b/crypto/rc5/rc5speed.c index 7d490d5b7..8e363be53 100644 --- a/crypto/rc5/rc5speed.c +++ b/crypto/rc5/rc5speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include +#endif + #ifndef _IRIX #include #endif diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 924e9ad1f..236842a63 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -312,6 +312,9 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif return err; } #endif diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 4f2e4ada2..cddd598f2 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); EVP_MD_CTX_cleanup(&c); return(0); diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index 5d2b1d3b1..0e026c124 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -157,7 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - EVP_MD_CTX_cleanup(&c); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 54d598565..d0e088218 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -77,6 +77,12 @@ #ifdef PTHREADS #include #endif +#ifdef OPENSSL_SYS_NETWARE +#if !defined __int64 +# define __int64 long long +#endif +#include +#endif #include #include #include @@ -86,8 +92,18 @@ #include #include +#ifdef OPENSSL_NO_FP_API +#define APPS_WIN16 +#include "../buffer/bss_file.c" +#endif + +#ifdef OPENSSL_SYS_NETWARE +#define TEST_SERVER_CERT "/openssl/apps/server.pem" +#define TEST_CLIENT_CERT "/openssl/apps/client.pem" +#else #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" +#endif #define MAX_THREAD_NUMBER 100 @@ -100,10 +116,18 @@ void irix_locking_callback(int mode,int type,char *file,int line); void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); +void netware_locking_callback(int mode,int type,char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); +unsigned long netware_thread_id(void ); + +#if defined(OPENSSL_SYS_NETWARE) +static MPKMutex *lock_cs; +static MPKSema ThreadSem; +static long *lock_count; +#endif BIO *bio_err=NULL; BIO *bio_stdout=NULL; @@ -383,6 +407,9 @@ int ndoit(SSL_CTX *ssl_ctx[2]) SSL_free((SSL *)ctx[2]); SSL_free((SSL *)ctx[3]); } +# ifdef OPENSSL_SYS_NETWARE + MPKSemaphoreSignal(ThreadSem); +# endif return(0); } @@ -626,6 +653,9 @@ int doit(char *ctx[4]) } if ((done & S_DONE) && (done & C_DONE)) break; +# if defined(OPENSSL_SYS_NETWARE) + ThreadSwitchWithDelay(); +# endif } SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); @@ -1093,3 +1123,88 @@ unsigned long pthreads_thread_id(void) +#ifdef OPENSSL_SYS_NETWARE + +void thread_setup(void) +{ + int i; + + lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex)); + lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; ireferences,c_ctx->references); +} + +unsigned long netware_thread_id(void) +{ + unsigned long ret; + + ret=(unsigned long)GetThreadID(); + return(ret); +} +#endif /* NETWARE */ diff --git a/crypto/threads/netware.bat b/crypto/threads/netware.bat new file mode 100644 index 000000000..0b3eca3ca --- /dev/null +++ b/crypto/threads/netware.bat @@ -0,0 +1,79 @@ +@echo off +rem batch file to build multi-thread test ( mttest.nlm ) + +rem command line arguments: +rem debug => build using debug settings + +rem +rem After building, copy mttest.nlm to the server and run it, you'll probably +rem want to redirect stdout and stderr. An example command line would be +rem "mttest.nlm -thread 20 -loops 10 -CAfile \openssl\apps\server.pem >mttest.out 2>mttest.err" +rem + +del mttest.nlm + +set BLD_DEBUG= +set CFLAGS= +set LFLAGS= +set LIBS= + +if "%1" == "DEBUG" set BLD_DEBUG=YES +if "%1" == "debug" set BLD_DEBUG=YES + +if "%MWCIncludes%" == "" goto inc_error +if "%PRELUDE%" == "" goto prelude_error +if "%IMPORTS%" == "" goto imports_error + +set CFLAGS=-c -I..\..\outinc_nw -nosyspath -DOPENSSL_SYS_NETWARE -opt off -g -sym internal -maxerrors 20 + +if "%BLD_DEBUG%" == "YES" set LIBS=..\..\out_nw.dbg\ssl.lib ..\..\out_nw.dbg\crypto.lib +if "%BLD_DEBUG%" == "" set LIBS=..\..\out_nw\ssl.lib ..\..\out_nw\crypto.lib + +set LFLAGS=-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal + +rem generate command file for metrowerks +echo. +echo Generating Metrowerks command file: mttest.def +echo # dynamically generated command file for metrowerks build > mttest.def +echo IMPORT @%IMPORTS%\clib.imp >> mttest.def +echo IMPORT @%IMPORTS%\threads.imp >> mttest.def +echo IMPORT @%IMPORTS%\ws2nlm.imp >> mttest.def +echo IMPORT GetProcessSwitchCount >> mttest.def +echo MODULE clib >> mttest.def + +rem compile +echo. +echo Compiling mttest.c +mwccnlm.exe mttest.c %CFLAGS% +if errorlevel 1 goto end + +rem link +echo. +echo Linking mttest.nlm +mwldnlm.exe %LFLAGS% -screenname mttest -commandfile mttest.def mttest.o "%PRELUDE%" %LIBS% -o mttest.nlm +if errorlevel 1 goto end + +goto end + +:inc_error +echo. +echo Environment variable MWCIncludes is not set - see install.nw +goto end + +:prelude_error +echo. +echo Environment variable PRELUDE is not set - see install.nw +goto end + +:imports_error +echo. +echo Environment variable IMPORTS is not set - see install.nw +goto end + + +:end +set BLD_DEBUG= +set CFLAGS= +set LFLAGS= +set LIBS= + diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c index cbec38e17..1c6e052ac 100644 --- a/crypto/tmdiff.c +++ b/crypto/tmdiff.c @@ -72,7 +72,11 @@ # define TIMES #endif -#ifndef _IRIX +#ifdef OPENSSL_SYS_NETWARE +#undef TIMES +#endif + +#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE) # include #endif #ifdef TIMES @@ -94,7 +98,7 @@ #include #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include #endif @@ -129,6 +133,8 @@ struct ms_tm # ifdef OPENSSL_SYS_WIN32 HANDLE thread_id; FILETIME ms_win32; +# elif defined (OPENSSL_SYS_NETWARE) + clock_t ms_clock; # else # ifdef OPENSSL_SYS_VXWORKS unsigned long ticks; @@ -170,6 +176,8 @@ void ms_time_get(MS_TM *tm) #else # ifdef OPENSSL_SYS_WIN32 GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); +# elif defined (OPENSSL_SYS_NETWARE) + tm->ms_clock = clock(); # else # ifdef OPENSSL_SYS_VXWORKS tm->ticks = tickGet(); @@ -203,6 +211,8 @@ double ms_time_diff(MS_TM *a, MS_TM *b) lb+=b->ms_win32.dwLowDateTime; ret=((double)(lb-la))/1e7; } +# elif defined (OPENSSL_SYS_NETWARE) + ret= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); @@ -228,6 +238,8 @@ int ms_time_cmp(const MS_TM *a, const MS_TM *b) # ifdef OPENSSL_SYS_WIN32 d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; +# elif defined (OPENSSL_SYS_NETWARE) + d= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS d = (b->ticks - a->ticks); diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index ce1cb1dfc..fad17024a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -202,6 +202,12 @@ #undef SGTTY #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TERMIOS +#undef TERMIO +#undef SGTTY +#endif + #ifdef TERMIOS # include # define TTY_STRUCT struct termios @@ -250,7 +256,7 @@ struct IOSB { typedef int sig_atomic_t; #endif -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE) /* * This one needs work. As a matter of fact the code is unoperational * and this is only a trick to get it compiled. @@ -463,7 +469,7 @@ static int open_console(UI *ui) CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) tty_in=stdin; tty_out=stderr; #else diff --git a/crypto/uid.c b/crypto/uid.c index 73205a4ba..b1fd52bad 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int OPENSSL_issetugid(void) { diff --git a/e_os.h b/e_os.h index 6b75bbe15..aae3c79b8 100644 --- a/e_os.h +++ b/e_os.h @@ -321,6 +321,26 @@ extern "C" { __VMS_EXIT |= 0x10000000; \ exit(__VMS_EXIT); } while(0) # define NO_SYS_PARAM_H + +# elif defined(OPENSSL_SYS_NETWARE) +# include +# include +# define NO_SYS_TYPES_H +# undef DEVRANDOM +# ifdef NETWARE_CLIB +# define getpid GetThreadID +# endif +# define NO_SYSLOG +# define _setmode setmode +# define _kbhit kbhit +# define _O_TEXT O_TEXT +# define _O_BINARY O_BINARY +# define OPENSSL_CONF "openssl.cnf" +# define SSLEAY_CONF OPENSSL_CONF +# define RFILE ".rnd" +# define LIST_SEPARATOR_CHAR ';' +# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } + # else /* !defined VMS */ # ifdef OPENSSL_SYS_MPE @@ -393,6 +413,19 @@ extern HINSTANCE _hInstance; # define SHUTDOWN(fd) MacSocket_close(fd) # define SHUTDOWN2(fd) MacSocket_close(fd) +# elif defined(OPENSSL_SYS_NETWARE) + /* NetWare uses the WinSock2 interfaces + */ +# if defined(NETWARE_CLIB) +# include +# elif defined(NETWARE_LIBC) +# include +# endif +# define SSLeay_Write(a,b,c) send((a),(b),(c),0) +# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) +# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } +# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } + # else # ifndef NO_SYS_PARAM_H @@ -521,6 +554,9 @@ extern char *sys_errlist[]; extern int sys_nerr; #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) # define strcasecmp stricmp # define strncasecmp strnicmp +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +# define strcasecmp stricmp +# define strncasecmp strnicmp #else # ifdef NO_STRINGS_H int strcasecmp(); diff --git a/e_os2.h b/e_os2.h index 4fd6c62ac..ecfc6c5d4 100644 --- a/e_os2.h +++ b/e_os2.h @@ -76,6 +76,12 @@ extern "C" { # define OPENSSL_SYS_MACINTOSH_CLASSIC #endif +/* ----------------------- NetWare ----------------------------------------- */ +#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_NETWARE +#endif + /* ---------------------- Microsoft operating systems ---------------------- */ /* The 16 bit environments are pretty straightforward */ diff --git a/engines/e_aep.c b/engines/e_aep.c index 8e10bb776..5083c80ef 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -852,7 +852,11 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +#ifndef NETWARE_CLIB curr_pid = getpid(); +#else + curr_pid = GetThreadID(); +#endif /*Check if this is the first time this is being called from the current process*/ diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 5aadfa51d..68eb65457 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -157,6 +157,9 @@ #elif defined(OPENSSL_SYS_WINCE) # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" +#elif defined(OPENSSL_SYS_NETWARE) +# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" +# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" #else # define TEST_SERVER_CERT "../apps/server.pem" # define TEST_CLIENT_CERT "../apps/client.pem" diff --git a/util/mk1mf.pl b/util/mk1mf.pl index d85a20a60..4d370720a 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -39,6 +39,8 @@ $infile="MINFO"; "ultrix-mips","DEC mips ultrix", "FreeBSD","FreeBSD distribution", "OS2-EMX", "EMX GCC OS/2", + "netware-clib", "CodeWarrior for NetWare - CLib", + "netware-libc", "CodeWarrior for NetWare - LibC", "default","cc under unix", ); @@ -69,6 +71,8 @@ and [options] can be one of no-engine - No engine no-hw - No hw nasm - Use NASM for x86 asm + nw-nasm - Use NASM x86 asm for NetWare + nw-mwasm - Use Metrowerks x86 asm for NetWare gaswin - Use GNU as with Mingw32 no-socks - No socket code no-err - No error strings @@ -198,6 +202,11 @@ elsif ($platform eq "OS2-EMX") $wc=1; require 'OS2-EMX.pl'; } +elsif (($platform eq "netware-clib") || ($platform eq "netware-libc")) + { + $LIBC=1 if $platform eq "netware-libc"; + require 'netware.pl'; + } else { require "unix.pl"; @@ -928,6 +937,8 @@ sub read_options elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-asm$/) { $no_asm=1; } elsif (/^nasm$/) { $nasm=1; } + elsif (/^nw-nasm$/) { $nw_nasm=1; } + elsif (/^nw-mwasm$/) { $nw_mwasm=1; } elsif (/^gaswin$/) { $gaswin=1; } elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-ssl3$/) { $no_ssl3=1; } diff --git a/util/pl/netware.pl b/util/pl/netware.pl new file mode 100644 index 000000000..233612a91 --- /dev/null +++ b/util/pl/netware.pl @@ -0,0 +1,327 @@ +# Metrowerks Codewarrior for NetWare +# + +# The import files and other misc imports needed to link +if ($LIBC) +{ + @import_files = ("libc.imp", "ws2nlm.imp"); + @module_files = ("libc"); +} +else +{ + # clib build + @import_files = ("clib.imp", "ws2nlm.imp"); + @module_files = ("clib"); +} +@misc_imports = ("GetProcessSwitchCount", "RunningProcess", + "GetSuperHighResolutionTimer" ); + +# The "IMPORTS" environment variable must be set and point to the location +# where import files (*.imp) can be found. +# Example: set IMPORTS=c:\ndk\nwsdk\imports +$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n"); + + +# The "PRELUDE" environment variable must be set and point to the location +# and name of the prelude source to link with ( nwpre.obj is recommended ). +# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj +$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n"); + +#$ssl= "ssleay32"; +#$crypto="libeay32"; + +$o='\\\\'; +$cp='copy >nul:'; +$rm='del'; + +# C compiler +$cc="mwccnlm"; + +# Linker +$link="mwldnlm"; + +# librarian +$mklib="mwldnlm"; + +# assembler +if ($nw_nasm) +{ + $asm="nasmw -s -f coff"; + $afile="-o "; + $asm.=" -g" if $debug; +} +elsif ($nw_mwasm) +{ + $asm="mwasmnlm -maxerrors 20"; + $afile="-o "; + $asm.=" -g" if $debug; +} +elsif ($nw_masm) +{ +# masm assembly settings - it should be possible to use masm but haven't +# got it working. +# $asm='ml /Cp /coff /c /Cx'; +# $asm.=" /Zi" if $debug; +# $afile='/Fo'; + die("Support for masm assembler not yet functional\n"); +} +else +{ + $asm=""; + $afile=""; +} + + + +# compile flags +# +# NOTES: Several c files in the crypto subdirectory include headers from +# their local directories. Metrowerks wouldn't find these h files +# without adding individual include directives as compile flags +# or modifying the c files. Instead of adding individual include +# paths for each subdirectory a recursive include directive +# is used ( -ir crypto ). +# +# Turned off the "possible" warnings ( -w nopossible ). Metrowerks +# complained a lot about various stuff. May want to turn back +# on for further development. +$cflags="-ir crypto -msgstyle gcc -align 4 -processor pentium \\ + -char unsigned -w on -w nolargeargs -w nopossible -w nounusedarg \\ + -w noimplicitconv -relax_pointers -nosyspath -DL_ENDIAN \\ + -DOPENSSL_SYSNAME_NETWARE -U_WIN32 -maxerrors 20 "; + +# link flags +$lflags="-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal "; + + +# additional flags based upon debug | non-debug +if ($debug) +{ + $cflags.=" -opt off -g -sym internal -DDEBUG"; +} +else +{ +# CodeWarrior compiler has a problem with optimizations for floating +# points - no optimizations until further investigation +# $cflags.=" -opt all"; +} + +# If LibC build add in NKS_LIBC define and set the entry/exit +# routines - The default entry/exit routines are for CLib and don't exist +# in LibC +if ($LIBC) +{ + $cflags.=" -DNETWARE_LIBC"; + $lflags.=" -entry _LibCPrelude -exit _LibCPostlude -flags pseudopreemption"; +} +else +{ + $cflags.=" -DNETWARE_CLIB"; + $lflags.=" -entry _Prelude -exit _Stop"; +} + + +# linking stuff +# for the output directories use the mk1mf.pl values with "_nw" appended +if ($shlib) +{ + if ($LIBC) + { + $out_def.="_nw_libc_nlm"; + $tmp_def.="_nw_libc_nlm"; + $inc_def.="_nw_libc_nlm"; + } + else # NETWARE_CLIB + { + $out_def.="_nw_clib_nlm"; + $tmp_def.="_nw_clib_nlm"; + $inc_def.="_nw_clib_nlm"; + } +} +else +{ + $libp=".lib"; + $shlibp=".lib"; + $lib_flags="-nodefaults -type library"; + if ($LIBC) + { + $out_def.="_nw_libc"; + $tmp_def.="_nw_libc"; + $inc_def.="_nw_libc"; + } + else # NETWARE_CLIB + { + $out_def.="_nw_clib"; + $tmp_def.="_nw_clib"; + $inc_def.="_nw_clib"; + } +} + +# used by mk1mf.pl +$obj='.obj'; +$ofile='-o '; +$efile=''; +$exep='.nlm'; +$ex_libs=''; + +if (!$no_asm) +{ + $bn_asm_obj="crypto${o}bn${o}asm${o}bn-nw.obj"; + $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm"; + $des_enc_obj="crypto${o}des${o}asm${o}d-nw.obj crypto${o}des${o}asm${o}y-nw.obj"; + $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm"; + $bf_enc_obj="crypto${o}bf${o}asm${o}b-nw.obj"; + $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm"; + $cast_enc_obj="crypto${o}cast${o}asm${o}c-nw.obj"; + $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm"; + $rc4_enc_obj="crypto${o}rc4${o}asm${o}r4-nw.obj"; + $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm"; + $rc5_enc_obj="crypto${o}rc5${o}asm${o}r5-nw.obj"; + $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm"; + $md5_asm_obj="crypto${o}md5${o}asm${o}m5-nw.obj"; + $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm"; + $sha1_asm_obj="crypto${o}sha${o}asm${o}s1-nw.obj"; + $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm"; + $rmd160_asm_obj="crypto${o}ripemd${o}asm${o}rm-nw.obj"; + $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; +} +else +{ + $bn_asm_obj=''; + $bn_asm_src=''; + $des_enc_obj=''; + $des_enc_src=''; + $bf_enc_obj=''; + $bf_enc_src=''; + $cast_enc_obj=''; + $cast_enc_src=''; + $rc4_enc_obj=''; + $rc4_enc_src=''; + $rc5_enc_obj=''; + $rc5_enc_src=''; + $md5_asm_obj=''; + $md5_asm_src=''; + $sha1_asm_obj=''; + $sha1_asm_src=''; + $rmd160_asm_obj=''; + $rmd160_asm_src=''; +} + +# create the *.def linker command files in \openssl\netware\ directory +sub do_def_file +{ + # strip off the leading path + my($target) = bname(@_); + my($def_file); + my($mod_file); + my($i); + + if ($target =~ /(.*).nlm/) + { + $target = $1; + } + + # special case for openssl - the mk1mf.pl defines E_EXE = openssl + if ($target =~ /E_EXE/) + { + $target = "openssl"; + } + + # Note: originally tried to use full path ( \openssl\netware\$target.def ) + # Metrowerks linker choked on this with an assertion failure. bug??? + # + $def_file = "netware\\$target.def"; + + open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n"); + + print( DEF_OUT "# command file generated by netware.pl for Metrowerks build\n" ); + print( DEF_OUT "#\n"); + print( DEF_OUT "DESCRIPTION \"$target\"\n"); + + foreach $i (@misc_imports) + { + print( DEF_OUT "IMPORT $i\n"); + } + + foreach $i (@import_files) + { + print( DEF_OUT "IMPORT \@$import_path\\$i\n"); + } + + foreach $i (@module_files) + { + print( DEF_OUT "MODULE $i\n"); + } + + close(DEF_OUT); + return($def_file); +} + +sub do_lib_rule +{ + my($objs,$target,$name,$shlib)=@_; + my($ret); + + $ret.="$target: $objs\n"; + if (!$shlib) + { + $ret.="\t\@echo Building Lib: $name\n"; + $ret.="\t\$(MKLIB) $lib_flags -o $target $objs\n"; + $ret.="\t\@echo .\n" + } + else + { + die( "Building as NLM not currently supported!" ); + } + + $ret.="\n"; + return($ret); +} + +sub do_link_rule +{ + my($target,$files,$dep_libs,$libs)=@_; + my($ret); + my($def_file); + + $def_file = do_def_file($target); + + # special case for openssl - the mk1mf.pl defines E_EXE = openssl + + # NOTE: When building the test nlms no screen name is given + # which causes the console screen to be used. By using the console + # screen there is no "" message which + # requires user interaction. The test script ( tests.pl ) needs to be + # able to run the tests without requiring user interaction. + # + # However, the sample program "openssl.nlm" is used by the tests and is + # a interactive sample so a screen is desired when not be run by the + # tests. To solve the problem, two versions of the program are built: + # openssl2 - no screen used by tests + # openssl - default screen - use for normal interactive modes + # + if ($target =~ /E_EXE/) + { + my($target2) = $target; + + $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/; + + $ret.="$target: $files $dep_libs\n"; + + # openssl + $ret.="\t\$(LINK) \$(LFLAGS) -screenname openssl -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; + # openssl2 + $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target2\n"; + } + else + { + $ret.="$target: $files $dep_libs\n"; + $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; + } + + $ret.="\n"; + return($ret); +} + +1; From 7ce9e425bcf51c8a83e66afe3249381ed9391560 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:04:09 +0000 Subject: [PATCH 500/550] Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell Reviewed by: Richard Levitte (there will be some follow-up changes) --- apps/apps.h | 2 +- apps/ca.c | 52 +++++++++++++++++++++++++++++++++++----------------- apps/req.c | 25 +++++++++++++++---------- 3 files changed, 51 insertions(+), 28 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 107001057..257324ea3 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -316,7 +316,7 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); -X509_NAME *do_subject(char *str, long chtype); +X509_NAME *do_subject(char *str, long chtype, int multirdn); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/apps/ca.c b/apps/ca.c index 19d51477a..bd228afef 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -173,6 +173,7 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -subj arg - Use arg instead of request's subject\n", +" -multivalue-rdn - enable support for multivalued RDNs\n", " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", @@ -193,27 +194,27 @@ extern int EF_ALIGNMENT; static void lookup_fail(char *name,char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -272,6 +273,7 @@ int MAIN(int argc, char **argv) char *extensions=NULL; char *extfile=NULL; char *subj=NULL; + int multirdn = 0; char *tmp_email_dn=NULL; char *crl_ext=NULL; int rev_type = REV_NONE; @@ -351,6 +353,8 @@ EF_ALIGNMENT=0; subj= *(++argv); /* preserve=1; */ } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-startdate") == 0) { if (--argc < 1) goto bad; @@ -1134,7 +1138,7 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,extensions, + serial,subj,multirdn,email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) @@ -1158,7 +1162,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,subj,email_dn,startdate,enddate,days,batch, + db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); if (j < 0) goto err; @@ -1178,7 +1182,7 @@ bad: { total++; j=certify(&x,infile,pkey,x509p,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1198,7 +1202,7 @@ bad: { total++; j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1517,7 +1521,7 @@ static void lookup_fail(char *name, char *tag) static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) @@ -1573,7 +1577,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); @@ -1585,7 +1589,7 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) @@ -1627,7 +1631,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); @@ -1639,6 +1643,7 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1671,7 +1676,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC); + X509_NAME *n = do_subject(subj, MBSTRING_ASC, multirdn); if (!n) { @@ -2208,7 +2213,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2349,7 +2354,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: @@ -2842,13 +2847,14 @@ int make_revoked(X509_REVOKED *rev, char *str) * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -X509_NAME *do_subject(char *subject, long chtype) +X509_NAME *do_subject(char *subject, long chtype, int multirdn) { size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ char *buf = OPENSSL_malloc(buflen); size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); char *sp = subject, *bp = buf; int i, ne_num = 0; @@ -2869,6 +2875,9 @@ X509_NAME *do_subject(char *subject, long chtype) } sp++; /* skip leading / */ + /* no multivalued RDN by default */ + mval[ne_num] = 0; + while (*sp) { /* collect type */ @@ -2915,6 +2924,15 @@ X509_NAME *do_subject(char *subject, long chtype) else if (*sp == '/') { sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; break; } else @@ -2941,7 +2959,7 @@ X509_NAME *do_subject(char *subject, long chtype) continue; } - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) goto error; } diff --git a/apps/req.c b/apps/req.c index 79217c908..ecc46556b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -119,9 +119,10 @@ * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, - unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, + int attribs,unsigned long chtype); +static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, + int multirdn); static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, @@ -185,6 +186,7 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *p; char *subj = NULL; + int multirdn = 0; const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH @@ -440,6 +442,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; subj= *(++argv); } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -511,6 +515,7 @@ bad: BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -subj arg set or modify request subject\n"); + BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -batch do not ask anything during request generation\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); @@ -887,7 +892,7 @@ loop: goto end; } - i=make_REQ(req,pkey,subj,!x509, chtype); + i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); subj=NULL; /* done processing '-subj' option */ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { @@ -980,7 +985,7 @@ loop: print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); } - if (build_subject(req, subj, chtype) == 0) + if (build_subject(req, subj, chtype, multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); ex=1; @@ -1171,8 +1176,8 @@ end: OPENSSL_EXIT(ex); } -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, - unsigned long chtype) +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, + int attribs, unsigned long chtype) { int ret=0,i; char no_prompt = 0; @@ -1222,7 +1227,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, else { if (subj) - i = build_subject(req, subj, chtype); + i = build_subject(req, subj, chtype, multirdn); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); } @@ -1239,11 +1244,11 @@ err: * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) +static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) { X509_NAME *n; - if (!(n = do_subject(subject, chtype))) + if (!(n = do_subject(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) From 6d5ffb591ba0baa98be27df8acabf2018473dd3d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:07:14 +0000 Subject: [PATCH 501/550] Move do_subject() to apps.c and rename it to parse_name(). The rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better. --- apps/apps.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++ apps/ca.c | 138 +--------------------------------------------------- apps/req.c | 2 +- 3 files changed, 139 insertions(+), 138 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 0014cb536..8e3f5cdac 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1961,3 +1961,140 @@ void free_index(CA_DB *db) OPENSSL_free(db); } } + +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +X509_NAME *parse_name(char *subject, long chtype, int multirdn) + { + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); + + char *sp = subject, *bp = buf; + int i, ne_num = 0; + + X509_NAME *n = NULL; + int nid; + + if (!buf || !ne_types || !ne_values) + { + BIO_printf(bio_err, "malloc error\n"); + goto error; + } + + if (*subject != '/') + { + BIO_printf(bio_err, "Subject does not start with '/'.\n"); + goto error; + } + sp++; /* skip leading / */ + + /* no multivalued RDN by default */ + mval[ne_num] = 0; + + while (*sp) + { + /* collect type */ + ne_types[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') /* is there anything to escape in the type...? */ + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '=') + { + sp++; + *bp++ = '\0'; + break; + } + else + *bp++ = *sp++; + } + if (!*sp) + { + BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); + goto error; + } + ne_values[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '/') + { + sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; + break; + } + else + *bp++ = *sp++; + } + *bp++ = '\0'; + ne_num++; + } + + if (!(n = X509_NAME_new())) + goto error; + + for (i = 0; i < ne_num; i++) + { + if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) + { + BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); + continue; + } + + if (!*ne_values[i]) + { + BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); + continue; + } + + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) + goto error; + } + + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); + return n; + +error: + X509_NAME_free(n); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); + return NULL; +} + diff --git a/apps/ca.c b/apps/ca.c index bd228afef..7d10d825b 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1676,7 +1676,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC, multirdn); + X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn); if (!n) { @@ -2843,142 +2843,6 @@ int make_revoked(X509_REVOKED *rev, char *str) return ret; } -/* - * subject is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ - */ -X509_NAME *do_subject(char *subject, long chtype, int multirdn) - { - size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = OPENSSL_malloc(buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); - char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); - int *mval = OPENSSL_malloc (max_ne * sizeof (int)); - - char *sp = subject, *bp = buf; - int i, ne_num = 0; - - X509_NAME *n = NULL; - int nid; - - if (!buf || !ne_types || !ne_values) - { - BIO_printf(bio_err, "malloc error\n"); - goto error; - } - - if (*subject != '/') - { - BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error; - } - sp++; /* skip leading / */ - - /* no multivalued RDN by default */ - mval[ne_num] = 0; - - while (*sp) - { - /* collect type */ - ne_types[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') /* is there anything to escape in the type...? */ - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '=') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - if (!*sp) - { - BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error; - } - ne_values[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '/') - { - sp++; - /* no multivalued RDN by default */ - mval[ne_num+1] = 0; - break; - } - else if (*sp == '+' && multirdn) - { - /* a not escaped + signals a mutlivalued RDN */ - sp++; - mval[ne_num+1] = -1; - break; - } - else - *bp++ = *sp++; - } - *bp++ = '\0'; - ne_num++; - } - - if (!(n = X509_NAME_new())) - goto error; - - for (i = 0; i < ne_num; i++) - { - if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) - { - BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); - continue; - } - - if (!*ne_values[i]) - { - BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) - goto error; - } - - OPENSSL_free(ne_values); - OPENSSL_free(ne_types); - OPENSSL_free(buf); - return n; - -error: - X509_NAME_free(n); - if (ne_values) - OPENSSL_free(ne_values); - if (ne_types) - OPENSSL_free(ne_types); - if (buf) - OPENSSL_free(buf); - return NULL; -} - int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25],*pbuf, *p; diff --git a/apps/req.c b/apps/req.c index ecc46556b..c5becc9d4 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1248,7 +1248,7 @@ static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int { X509_NAME *n; - if (!(n = do_subject(subject, chtype, multirdn))) + if (!(n = parse_name(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) From d45a09847239c15f77c9b8b3398c802434b59b4e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:18:05 +0000 Subject: [PATCH 502/550] Forgot to change the declaration of do_subject() to one of parse_name()... --- apps/apps.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.h b/apps/apps.h index 257324ea3..2b49770df 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -316,7 +316,7 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); -X509_NAME *do_subject(char *str, long chtype, int multirdn); +X509_NAME *parse_name(char *str, long chtype, int multirdn); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 From 5ebdb390849f832428e00c0b811beec907a56c10 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:32:31 +0000 Subject: [PATCH 503/550] Let's use text/plain in the example instead of crapy HTML. PR: 777 Submitted by: Michael Shields --- doc/crypto/BIO_f_ssl.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index a56ee2b92..f0b731731 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -287,8 +287,8 @@ a client and also echoes the request to standard output. return 0; } - BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"); - BIO_puts(sbio, "
\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "
\r\n"); + BIO_puts(sbio, "\r\n"); /* Since there is a buffering BIO present we had better flush it */ BIO_flush(sbio); From 03ddbdd9b99ea60d0967b831ffc1fe93ae7f9792 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:45:09 +0000 Subject: [PATCH 504/550] Move another common functionality (reproduced so far with cut'n'paste) to apps.c, and give it the hopefully descriptive name parse_yesno(). --- apps/apps.c | 46 ++++++++++++++++++++++++++++++---------------- apps/apps.h | 1 + apps/ca.c | 20 +++----------------- 3 files changed, 34 insertions(+), 33 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 8e3f5cdac..6e72f1183 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1707,22 +1707,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - retdb->attributes.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - retdb->attributes.unique_subject = 1; - break; - } + retdb->attributes.unique_subject = parse_yesno(p,1); } } @@ -1962,6 +1947,35 @@ void free_index(CA_DB *db) } } +int parse_yesno(char *str, int def) + { + int ret = def; + if (str) + { + switch (*str) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ + ret = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ + ret = 0; + break; + default: + ret = def; + break; + } + } + return ret; + } + /* * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ diff --git a/apps/apps.h b/apps/apps.h index 2b49770df..7edafa424 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -315,6 +315,7 @@ int save_index(char *dbfile, char *suffix, CA_DB *db); int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); +int parse_yesno(char *str, int def); X509_NAME *parse_name(char *str, long chtype, int multirdn); diff --git a/apps/ca.c b/apps/ca.c index 7d10d825b..0b3381117 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -131,6 +131,7 @@ #define ENV_NAMEOPT "name_opt" #define ENV_CERTOPT "cert_opt" #define ENV_EXTCOPY "copy_extensions" +#define ENV_UNIQUE_SUBJECT "unique_subject" #define ENV_DATABASE "database" @@ -638,28 +639,13 @@ bad: app_RAND_load_file(randfile, bio_err, 0); db_attr.unique_subject = 1; - p = NCONF_get_string(conf, section, "unique_subject"); + p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) { #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - db_attr.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - db_attr.unique_subject = 1; - break; - } + db_attr.unique_subject = parse_yesno(p,1); } #ifdef RL_DEBUG else From 0b352c58db9f8d081c3abff6112e3b0c63a2b7b9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 14:51:30 +0000 Subject: [PATCH 505/550] Make a number of changes to the OS/2 build. Submitter's comment below. PR: 732 Submitted by: Ilya Zakharevich Submitter's comment: This patch: a) Introduces a new file os2/backwardify.pl. b) Introduces a new mk1mf.pl variable $preamble. As you can see, it may be used also to move some OS-specific code to VC-CE too (the the first chunk of the patch); c) The DESCRIPTION specifier of the .def file is made more informative: now it contains the version number too. On OS/2 it is made conformant to OS/2 conventions; in particular, when one runs the standard command BLDLEVEL this.DLL one can see: Vendor: www.openssl.org/ Revision: 0.9.7c Description: OpenSSL: implementation of Secure Socket Layer; DLL for library crypto. Build for EMX -Zmtd [I did not make Win32 descriptions as informative as this - I'm afraid to break something. Be welcome to fix this.] d) On OS/2 the generated DLL was hardly usable (it had a shared initialized data segment). e) On OS/2 the generated DLLs had names like ssl.dll. However, DLL names on OS/2 are "global data". It is hard to have several DLLs with the same name on the system. Thus this precluded coexistence of OpenSSL with DLLs for other SLL implementations - or other name clashes. I transparently changed the names of the DLLs to open_ssl.dll and cryptssl.dll. f) The file added in (a) is used to create "forwarder" DLLs, so the applications expecting the "old" DLL names may use the new DLLs transparently. (A presence of these DLLs on the system nullifies (e), but makes old applications work. This is a stopgap measure until the old applications are relinked. Systems with no old applications do not need these DLLs, so may enjoy all the benefits of (e).) The new DLLs are placed in os2/ and os2/noname subdirectories. g) The makefiles created with os2/OS2-EMX.cmd did not work (some mysterious meaningless failures). The change to util/pl/OS2-EMX.pl uses the variable introduced in (b) to switch the Makefiles to SHELL=sh syntax. All these backslashes are removed, and the generated Makefiles started to work. h) Running os2/OS2-EMX.cmd now prints out what to do next. --- os2/OS2-EMX.cmd | 36 ++++++++++++++++++++++++++++++++++++ os2/backwardify.pl | 32 ++++++++++++++++++++++++++++++++ util/mk1mf.pl | 2 ++ util/mkdef.pl | 38 +++++++++++++++++++++++++++++++++----- util/pl/OS2-EMX.pl | 42 ++++++++++++++++++++++-------------------- 5 files changed, 125 insertions(+), 25 deletions(-) create mode 100644 os2/backwardify.pl diff --git a/os2/OS2-EMX.cmd b/os2/OS2-EMX.cmd index acab99ac3..5924b50b6 100644 --- a/os2/OS2-EMX.cmd +++ b/os2/OS2-EMX.cmd @@ -64,3 +64,39 @@ echo RC5\32 cd crypto\rc5\asm perl rc5-586.pl a.out > r5-os2.asm cd ..\..\.. + +cd os2 + +if exist noname\backward_ssl.def goto nomkdir +mkdir noname +:nomkdir + +perl backwardify.pl crypto.def >backward_crypto.def +perl backwardify.pl ssl.def >backward_ssl.def +perl backwardify.pl -noname crypto.def >noname\backward_crypto.def +perl backwardify.pl -noname ssl.def >noname\backward_ssl.def + +echo Creating backward compatibility forwarder dlls: +echo crypto.dll +gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085 +echo ssl.dll +gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085 + +echo Creating smaller backward compatibility forwarder dlls: +echo These DLLs are not good for runtime resolution of symbols. +echo noname\crypto.dll +gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085 +echo noname\ssl.dll +gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085 + +echo Compressing forwarders (it is ok if lxlite is not found): +lxlite *.dll noname/*.dll + +cd .. + +echo Now run: +echo For static build: +echo make -f OS2-EMX.mak +echo For dynamic build: +echo make -f OS2-EMX-DLL.mak +echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll diff --git a/os2/backwardify.pl b/os2/backwardify.pl new file mode 100644 index 000000000..272423c8f --- /dev/null +++ b/os2/backwardify.pl @@ -0,0 +1,32 @@ +#!/usr/bin/perl -w +use strict; + +# Use as $0 +# Use as $0 -noname + +my $did_library; +my $did_description; +my $do_exports; +my @imports; +my $noname = (@ARGV and $ARGV[0] eq '-noname' and shift); +while (<>) { + unless ($did_library) { + s/\b(cryptssl)\b/crypto/ and $did_library = $1 if /^LIBRARY\s+cryptssl\b/; + s/\b(open_ssl)\b/ssl/ and $did_library = $1 if /^LIBRARY\s+open_ssl\b/; + } + unless ($did_description) { + s&^(DESCRIPTION\s+(['"])).*&${1}\@#www.openssl.org/:#\@forwarder DLL for pre-0.9.7c+ OpenSSL to the new dll naming scheme$2& and $did_description++; + } + if ($do_exports) {{ + last unless /\S/; + warn, last unless /^ \s* ( \w+ ) \s+ \@(\d+)\s*$/x; + push @imports, [$1, $2]; + s/$/ NONAME/ if $noname; + }} + $do_exports++ if not $do_exports and /^EXPORTS/; + print $_; +} +print "IMPORTS\n"; +for my $imp (@imports) { + print "\t$imp->[0]=$did_library.$imp->[1]\n"; +} diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 4d370720a..15813461f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -290,6 +290,8 @@ $defs= <<"EOF"; EOF +$defs .= $preamble if defined $preamble; + if ($platform eq "VC-CE") { $defs.= <<"EOF"; diff --git a/util/mkdef.pl b/util/mkdef.pl index 64e0430a1..ddc33c152 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -1135,27 +1135,55 @@ sub print_test_file } } +sub get_version { + local *MF; + my $v = '?'; + open MF, 'Makefile.ssl' or return $v; + while () { + $v = $1, last if /^VERSION=(.*?)\s*$/; + } + close MF; + return $v; +} + sub print_def_file { (*OUT,my $name,*nums,my @symbols)=@_; my $n = 1; my @e; my @r; my @v; my $prev=""; my $liboptions=""; + my $libname = $name; + my $http_vendor = 'www.openssl.org/'; + my $version = get_version(); + my $what = "OpenSSL: implementation of Secure Socket Layer"; + my $description = "$what $version, $name - http://$http_vendor"; if ($W32) - { $name.="32"; } + { $libname.="32"; } elsif ($W16) - { $name.="16"; } + { $libname.="16"; } elsif ($OS2) - { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } + { # DLL names should not clash on the whole system. + # However, they should not have any particular relationship + # to the name of the static library. Chose descriptive names + # (must be at most 8 chars). + my %translate = (ssl => 'open_ssl', crypto => 'cryptssl'); + $libname = $translate{$name} || $name; + $liboptions = < Date: Fri, 28 Nov 2003 16:39:16 +0000 Subject: [PATCH 506/550] Get rid of some signed/unsigned comparison warnings. --- crypto/bn/bn_gf2m.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 1cdad7473..334a31428 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -409,8 +409,9 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) */ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -483,8 +484,9 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig */ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -534,8 +536,9 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C */ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -801,8 +804,9 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig */ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -852,8 +856,9 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ */ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -958,9 +963,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p */ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; - if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; + unsigned int *arr=NULL; + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * + max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { From b727907ae86dbf46bf95af1166a04e67be853df2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 22:39:19 +0000 Subject: [PATCH 507/550] 1024 is the export key bits limit according to current regulations, not 512. PR: 771 Submitted by: c zhang --- crypto/x509/x509type.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 8fe1c5458..2cd994c5b 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -112,7 +112,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) break; } - if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look + if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look for, not bytes */ ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); From 70ef9c5a3ddf317b204c7f77aa3fc01b5ebeb0fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Nov 2003 23:03:14 +0000 Subject: [PATCH 508/550] RSA_size() and DH_size() return the amount of bytes in a key, and we compared it to the amount of bits required... PR: 770 Submitted by: c zhang --- ssl/s3_clnt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6b29f0470..96631db23 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2354,7 +2354,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) if (algs & SSL_kRSA) { if (rsa == NULL - || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) + || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -2366,7 +2366,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { if (dh == NULL - || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) + || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; From d87b79bf31ccbc2da5e80e9e43f6558d3803b65e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 29 Nov 2003 09:19:12 +0000 Subject: [PATCH 509/550] Damnit, I'm sick of having to do something special every time a module that gets built before objects barfs all over the place because it uses a new NID that hasn't had a chance of getting defined yet (in this case, it was about a couple of new EC curves, and therefore a couple of new corresponding NIDs). I'm placing objects first in SDIRS! There. --- Makefile.org | 3 ++- crypto/Makefile.ssl | 5 +++-- crypto/crypto-lib.com | 6 ++++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/Makefile.org b/Makefile.org index ab3a96ada..5c3e60ff0 100644 --- a/Makefile.org +++ b/Makefile.org @@ -174,10 +174,11 @@ SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ + objects \ md2 md4 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa dh ecdh dso engine aes \ - buffer bio stack lhash rand err objects \ + buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ store diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 79dec73cf..a81b367cc 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -26,10 +26,11 @@ CFLAGS= $(INCLUDE) $(CFLAG) LIBS= -SDIRS= md2 md5 sha mdc2 hmac ripemd \ +SDIRS= objects \ + md2 md4 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa ecdh dh dso engine aes \ - buffer bio stack lhash rand err objects \ + buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ store diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 410e44904..5f7c83fe5 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -75,10 +75,12 @@ $ ENDIF $! $! Define The Different Encryption Types. $! -$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - +$ ENCRYPT_TYPES = "Basic,"+ - + "OBJECTS,"+ - + "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - + "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - "STORE" From 0d78bc3356823b8145d5fb99c33db68a141f80dd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 29 Nov 2003 09:25:59 +0000 Subject: [PATCH 510/550] Add IPSec/IKE/Oakley curves. PR: 768 Submitted by: Vadim Fedukovich --- crypto/ec/ec_curve.c | 28 ++++++++++++++++++++++++++++ crypto/objects/obj_dat.h | 14 ++++++++++---- crypto/objects/obj_mac.h | 8 ++++++++ crypto/objects/obj_mac.num | 2 ++ crypto/objects/objects.txt | 3 +++ 5 files changed, 51 insertions(+), 4 deletions(-) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 0b9b7ca7c..9bd743c10 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -981,6 +981,31 @@ static const EC_CURVE_DATA _EC_WTLS_1 = { "113 bit binary curve from the WTLS standard" }; +/* IPSec curves */ +static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { + NID_X9_62_characteristic_two_field, + "0800000000000000000000004000000000000001", + "0", + "07338f", + "7b", + "1c8", + "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, + NULL, 0, + "IPSec/IKE/Oakley curve #3 over a 155 bit binary field" + }; + +static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000200000000000000001", + "0", + "1ee9", + "18", + "0d", + "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, + NULL, 0, + "IPSec/IKE/Oakley curve #4 over a 185 bit binary field" + }; + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -1061,6 +1086,9 @@ static const ec_list_element curve_list[] = { { NID_wap_wsg_idm_ecid_wtls10, &_EC_SECG_CHAR2_233K1}, { NID_wap_wsg_idm_ecid_wtls11, &_EC_SECG_CHAR2_233R1}, { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, + /* IPSec curves */ + { NID_ipsec3, &_EC_IPSEC_155_ID3}, + { NID_ipsec4, &_EC_IPSEC_185_ID4}, }; static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 090719a6d..beb48b846 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,9 +62,9 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 724 -#define NUM_SN 719 -#define NUM_LN 719 +#define NUM_NID 726 +#define NUM_SN 721 +#define NUM_LN 721 #define NUM_OBJ 693 static unsigned char lvalues[4882]={ @@ -1894,6 +1894,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[4879]),0}, {"international-organizations","International Organizations", NID_international_organizations,1,&(lvalues[4880]),0}, +{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL}, +{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1971,6 +1973,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[180]),/* "OCSPSigning" */ &(nid_objs[379]),/* "ORG" */ &(nid_objs[18]),/* "OU" */ +&(nid_objs[724]),/* "Oakley-EC2N-3" */ +&(nid_objs[725]),/* "Oakley-EC2N-4" */ &(nid_objs[ 9]),/* "PBE-MD2-DES" */ &(nid_objs[168]),/* "PBE-MD2-RC2-64" */ &(nid_objs[10]),/* "PBE-MD5-DES" */ @@ -3025,6 +3029,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[724]),/* "ipsec3" */ +&(nid_objs[725]),/* "ipsec4" */ &(nid_objs[181]),/* "iso" */ &(nid_objs[687]),/* "issuer capabilities" */ &(nid_objs[721]),/* "itu-t" */ @@ -3342,9 +3348,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[721]),/* OBJ_itu_t 0 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ &(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ +&(nid_objs[721]),/* OBJ_itu_t 0 */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 2715cfdd7..ba871f478 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -3176,3 +3176,11 @@ #define NID_rsaOAEPEncryptionSET 708 #define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 724 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 725 + diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 0840bac30..b4ff8f026 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -721,3 +721,5 @@ name_constraints 720 itu_t 721 joint_iso_itu_t 722 international_organizations 723 +ipsec3 724 +ipsec4 725 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index b5209b6fd..0160b3e5f 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1008,3 +1008,6 @@ set-brand 6011 : set-brand-Novus rsadsi 3 10 : DES-CDMF : des-cdmf rsadsi 1 1 6 : rsaOAEPEncryptionSET + + : Oakley-EC2N-3 : ipsec3 + : Oakley-EC2N-4 : ipsec4 From 3822740ce361f6efb31f782596ad1510ea501895 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 29 Nov 2003 10:25:37 +0000 Subject: [PATCH 511/550] We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR: 758 Submitted by: Frédéric Giudicelli --- crypto/conf/conf_mod.c | 4 +-- crypto/engine/eng_fat.c | 6 ++-- crypto/engine/engine.h | 2 +- ssl/ssl.h | 4 +-- ssl/ssl_cert.c | 12 ++++---- ssl/ssl_ciph.c | 67 +++++++++++++++++++++-------------------- 6 files changed, 48 insertions(+), 47 deletions(-) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index edcc08921..8ceab6a21 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void) * be used to parse comma separated lists for example. */ -int CONF_parse_list(const char *list, int sep, int nospc, +int CONF_parse_list(const char *list_, int sep, int nospc, int (*list_cb)(const char *elem, int len, void *usr), void *arg) { int ret; const char *lstart, *tmpend, *p; - lstart = list; + lstart = list_; for(;;) { diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index a5ffbec94..1539ea039 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -124,14 +124,14 @@ static int int_def_cb(const char *alg, int len, void *arg) } -int ENGINE_set_default_string(ENGINE *e, const char *list) +int ENGINE_set_default_string(ENGINE *e, const char *def_list) { unsigned int flags = 0; - if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) + if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, ENGINE_R_INVALID_STRING); - ERR_add_error_data(2, "str=",list); + ERR_add_error_data(2, "str=",def_list); return 0; } return ENGINE_set_default(e, flags); diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 3a8753d50..bcbec5162 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -563,7 +563,7 @@ ENGINE *ENGINE_get_digest_engine(int nid); * structure will have had its reference count up'd so the caller * should still free their own reference 'e'. */ int ENGINE_set_default_RSA(ENGINE *e); -int ENGINE_set_default_string(ENGINE *e, const char *list); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); /* Same for the other "methods" */ int ENGINE_set_default_DSA(ENGINE *e); int ENGINE_set_default_ECDH(ENGINE *e); diff --git a/ssl/ssl.h b/ssl/ssl.h index 0866fb6b2..1ceb10ab7 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1377,8 +1377,8 @@ const char *SSL_alert_type_string(int value); const char *SSL_alert_desc_string_long(int value); const char *SSL_alert_desc_string(int value); -void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index ad56b7bf7..9fa4e6163 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -534,12 +534,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) return(i); } -static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) +static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) { if (*ca_list != NULL) sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); - *ca_list=list; + *ca_list=name_list; } STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) @@ -561,14 +561,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) return(ret); } -void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) +void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) { - set_client_CA_list(&(s->client_CA),list); + set_client_CA_list(&(s->client_CA),name_list); } -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) { - set_client_CA_list(&(ctx->client_CA),list); + set_client_CA_list(&(ctx->client_CA),name_list); } STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 545999ac6..4d0a64661 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -381,10 +381,10 @@ static unsigned long ssl_cipher_get_disabled(void) } static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, + int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - int i, list_num; + int i, co_list_num; SSL_CIPHER *c; /* @@ -395,18 +395,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, */ /* Get the initial list of ciphers */ - list_num = 0; /* actual count of ciphers */ + co_list_num = 0; /* actual count of ciphers */ for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && !(c->algorithms & mask)) { - list[list_num].cipher = c; - list[list_num].next = NULL; - list[list_num].prev = NULL; - list[list_num].active = 0; - list_num++; + co_list[co_list_num].cipher = c; + co_list[co_list_num].next = NULL; + co_list[co_list_num].prev = NULL; + co_list[co_list_num].active = 0; + co_list_num++; #ifdef KSSL_DEBUG printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); #endif /* KSSL_DEBUG */ @@ -419,18 +419,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* * Prepare linked list from list entries */ - for (i = 1; i < list_num - 1; i++) + for (i = 1; i < co_list_num - 1; i++) { - list[i].prev = &(list[i-1]); - list[i].next = &(list[i+1]); + co_list[i].prev = &(co_list[i-1]); + co_list[i].next = &(co_list[i+1]); } - if (list_num > 0) + if (co_list_num > 0) { - (*head_p) = &(list[0]); + (*head_p) = &(co_list[0]); (*head_p)->prev = NULL; - (*head_p)->next = &(list[1]); - (*tail_p) = &(list[list_num - 1]); - (*tail_p)->prev = &(list[list_num - 2]); + (*head_p)->next = &(co_list[1]); + (*tail_p) = &(co_list[co_list_num - 1]); + (*tail_p)->prev = &(co_list[co_list_num - 2]); (*tail_p)->next = NULL; } } @@ -476,7 +476,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, unsigned long algo_strength, unsigned long mask_strength, - int rule, int strength_bits, CIPHER_ORDER *list, + int rule, int strength_bits, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; @@ -571,8 +571,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, *tail_p = tail; } -static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) +static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { int max_strength_bits, i, *number_uses; CIPHER_ORDER *curr; @@ -617,14 +618,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, - list, head_p, tail_p); + co_list, head_p, tail_p); OPENSSL_free(number_uses); return(1); } static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER *list, CIPHER_ORDER **head_p, + CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) { unsigned long algorithms, mask, algo_strength, mask_strength; @@ -749,7 +750,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, ok = 0; if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(list, + ok = ssl_cipher_strength_sort(co_list, head_p, tail_p); else SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, @@ -769,7 +770,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, { ssl_cipher_apply_rule(algorithms, mask, algo_strength, mask_strength, rule, -1, - list, head_p, tail_p); + co_list, head_p, tail_p); } else { @@ -791,7 +792,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, unsigned long disabled_mask; STACK_OF(SSL_CIPHER) *cipherstack; const char *rule_p; - CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; SSL_CIPHER **ca_list = NULL; /* @@ -821,15 +822,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, #ifdef KSSL_DEBUG printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); #endif /* KSSL_DEBUG */ - list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (list == NULL) + co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, - list, &head, &tail); + co_list, &head, &tail); /* * We also need cipher aliases for selecting based on the rule_str. @@ -845,7 +846,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { - OPENSSL_free(list); + OPENSSL_free(co_list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } @@ -861,21 +862,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, if (strncmp(rule_str,"DEFAULT",7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - list, &head, &tail, ca_list); + co_list, &head, &tail, ca_list); rule_p += 7; if (*rule_p == ':') rule_p++; } if (ok && (strlen(rule_p) > 0)) - ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, + ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, ca_list); OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ - OPENSSL_free(list); + OPENSSL_free(co_list); return(NULL); } /* @@ -884,7 +885,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { - OPENSSL_free(list); + OPENSSL_free(co_list); return(NULL); } @@ -902,7 +903,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, #endif } } - OPENSSL_free(list); /* Not needed any longer */ + OPENSSL_free(co_list); /* Not needed any longer */ /* * The following passage is a little bit odd. If pointer variables From 6859bb1a222d638b27e2b738022106640b07e779 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 29 Nov 2003 10:33:25 +0000 Subject: [PATCH 512/550] Make sure the documentation matches reality. PR: 755 Notified by: Jakub Bogusz --- doc/ssl/SSL_COMP_add_compression_method.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index 2a9873911..42fa66b19 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values: =over 4 -=item 1 +=item 0 The operation succeeded. -=item 0 +=item 1 The operation failed. Check the error queue to find out the reason. From 657a9195983badf9f0a45d32bd8199bab27f0e01 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 29 Nov 2003 20:34:07 +0000 Subject: [PATCH 513/550] This improves the placement of check_top() macros in a couple of bn_lib functions. --- crypto/bn/bn_lib.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 43c336f52..b49929288 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -579,6 +579,9 @@ void BN_swap(BIGNUM *a, BIGNUM *b) BN_ULONG *tmp_d; int tmp_top, tmp_dmax, tmp_neg; + bn_check_top(a); + bn_check_top(b); + flags_old_a = a->flags; flags_old_b = b->flags; @@ -606,11 +609,11 @@ void BN_swap(BIGNUM *a, BIGNUM *b) void BN_clear(BIGNUM *a) { + bn_check_top(a); if (a->d != NULL) memset(a->d,0,a->dmax*sizeof(a->d[0])); a->top=0; a->neg=0; - bn_check_top(a); } BN_ULONG BN_get_word(const BIGNUM *a) @@ -637,6 +640,7 @@ BN_ULONG BN_get_word(const BIGNUM *a) int BN_set_word(BIGNUM *a, BN_ULONG w) { int i,n; + bn_check_top(a); if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); n=sizeof(BN_ULONG)/BN_BYTES; @@ -670,6 +674,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) if (ret == NULL) ret=BN_new(); if (ret == NULL) return(NULL); + bn_check_top(ret); l=0; n=len; if (n == 0) @@ -705,13 +710,13 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to) int n,i; BN_ULONG l; + bn_check_top(a); n=i=BN_num_bytes(a); while (i-- > 0) { l=a->d[i/BN_BYTES]; *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; } - bn_check_top(a); return(n); } From 5734bebe05949bf1e7b94dcf225d297389347bb2 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 30 Nov 2003 21:21:30 +0000 Subject: [PATCH 514/550] Make BN_DEBUG_RAND less painfully slow by only consuming one byte of pseudo-random data for each bn_pollute(). --- crypto/bn/bn.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 326aeca9f..5f16fbad0 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -635,12 +635,14 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); do { \ const BIGNUM *_bnum1 = (a); \ if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ /* We cast away const without the compiler knowing, any \ * *genuinely* constant variables that aren't mutable \ * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ - RAND_pseudo_bytes((unsigned char *)(_not_const + _bnum1->top), \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ } \ } while(0) From 23fc5ac64685cd972e40475297858f6e68081f5e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 30 Nov 2003 22:02:10 +0000 Subject: [PATCH 515/550] Improve a couple of the bignum macros. Note, this doesn't eliminate tolerance of ambiguous zero-representation, it just improves BN_abs_is_word() and simplifies other macros that depend on it. --- crypto/bn/bn.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 5f16fbad0..edf9c3ee7 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -341,12 +341,12 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word does not work reliably for w == 0 */ -#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) -#define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +#define BN_is_zero(a) BN_abs_is_word(a,0) #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -#define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ - BN_is_zero((a))) +#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) #define BN_one(a) (BN_set_word((a),1)) From 46cb8d368965c07f760662a755b4248afc0087b8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 30 Nov 2003 22:23:12 +0000 Subject: [PATCH 516/550] If BN_STRICT is defined, don't accept an ambiguous representation of zero (ie. where top may be zero, or it may be one if the corresponding word is set to zero). Note, this only affects the macros in bn.h, there are probably similar corrections required in some c files. Also, clarify the audit-related macros at the top of the header. Mental note: I must not forget to clean all this out before 0.9.8 is released ... --- crypto/bn/bn.h | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index edf9c3ee7..5346a353a 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -81,6 +81,22 @@ extern "C" { #endif +/* These preprocessor symbols control various aspects of the bignum headers and + * library code. They're not defined by any "normal" configuration, as they are + * intended for development and testing purposes. NB: defining all three can be + * useful for debugging application code as well as openssl itself. + * + * BN_DEBUG - turn on various debugging alterations to the bignum code + * BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + * BN_STRICT - disables anything (not already caught by BN_DEBUG) that uses the + * old ambiguity over zero representation. At some point, this behaviour should + * become standard. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ +/* #define BN_STRICT */ + #ifdef OPENSSL_SYS_VMS #undef BN_LLONG /* experimental, so far... */ #endif @@ -344,7 +360,11 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ #define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ (((w) == 0) && ((a)->top == 0))) +#ifdef BN_STRICT +#define BN_is_zero(a) ((a)->top == 0) +#else #define BN_is_zero(a) BN_abs_is_word(a,0) +#endif #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) #define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) @@ -618,8 +638,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); * coverage for openssl's own code. */ -/* #define BN_DEBUG_RAND */ - #ifdef BN_DEBUG /* We only need assert() when debugging */ From 6ed474ca66ccabdf2f0a9228693ac15701de0734 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 30 Nov 2003 23:29:27 +0000 Subject: [PATCH 517/550] Add more debugging to my Configure target, and "make update" to incorporate this and a few other changes. --- Configure | 2 +- TABLE | 61 ++++++++++++++++++++++++++++++++++++---- crypto/rand/Makefile.ssl | 11 ++++++++ 3 files changed, 68 insertions(+), 6 deletions(-) diff --git a/Configure b/Configure index fa96c762f..340fa1f23 100755 --- a/Configure +++ b/Configure @@ -149,7 +149,7 @@ my %table=( "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff","gcc:-DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DBN_CTX_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box diff --git a/TABLE b/TABLE index 333db5c34..35e0b6941 100644 --- a/TABLE +++ b/TABLE @@ -1,3 +1,4 @@ +Output of `Configure TABLE': *** BC-16 $cc = bcc @@ -1676,7 +1677,7 @@ $arflags = *** debug-geoff $cc = gcc -$cflags = -DBN_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long +$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DBN_CTX_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1701,7 +1702,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1726,7 +1727,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1751,7 +1752,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1776,7 +1777,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3549,6 +3550,56 @@ $shared_extension = $ranlib = $arflags = +*** netware-clib +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = RC4_INDEX MD2_INT +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + +*** netware-libc +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = BN_LLONG RC4_INDEX MD2_INT +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + *** newsos4-gcc $cc = gcc $cflags = -O -DB_ENDIAN diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 0f7899c26..e1fe7aa47 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -118,6 +118,17 @@ rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h rand_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h rand_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rand_lib.c +rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h +rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rand_nw.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rand_nw.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rand_nw.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h From 0bf1c1d80d37ba2358aa38e27d2262c5bd9b6201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 1 Dec 2003 08:12:47 +0000 Subject: [PATCH 518/550] Some more ASFLAGS settings required PR: #735 Submitted by: Tim Rice --- crypto/cast/Makefile.ssl | 1 + crypto/rc5/Makefile.ssl | 1 + 2 files changed, 2 insertions(+) diff --git a/crypto/cast/Makefile.ssl b/crypto/cast/Makefile.ssl index 70c47bf8e..d1b2bafd3 100644 --- a/crypto/cast/Makefile.ssl +++ b/crypto/cast/Makefile.ssl @@ -25,6 +25,7 @@ CAST_ENC=c_enc.o #CAST_ENC=asm/cx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=casttest.c diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl index fcdeb1e81..915916b7f 100644 --- a/crypto/rc5/Makefile.ssl +++ b/crypto/rc5/Makefile.ssl @@ -22,6 +22,7 @@ RC5_ENC= rc5_enc.o #DES_ENC= r586-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rc5test.c From 6781efb92fff31917474ecc97ca9ec8e10c7aa63 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 1 Dec 2003 12:06:15 +0000 Subject: [PATCH 519/550] CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL if the give size is 0. This is a thought that came up in PR 751. --- crypto/mem.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/mem.c b/crypto/mem.c index d01924c26..663516722 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; - if (num < 0) return NULL; + if (num <= 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) @@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; - if (num < 0) return NULL; + if (num <= 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) @@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); - if (num < 0) return NULL; + if (num <= 0) return NULL; if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); @@ -346,7 +346,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (str == NULL) return CRYPTO_malloc(num, file, line); - if (num < 0) return NULL; + if (num <= 0) return NULL; if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); From 1145e03870dd82eae00bb45e0b2162494b9b2f38 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 1 Dec 2003 12:11:55 +0000 Subject: [PATCH 520/550] Check that OPENSSL_malloc() really returned some memory. PR: 751 Notified by: meder@mcs.anl.gov Reviewed by: Lutz Jaenicke, Richard Levitte --- crypto/evp/evp_enc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index db621bfc8..658391105 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -149,6 +149,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + if (!ctx->cipher_data) + { + EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); + return 0; + } ctx->key_len = cipher->key_len; ctx->flags = 0; if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) From 2fe9ab8e20e1480825cd5962ca516924f4f03f5e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 1 Dec 2003 13:25:37 +0000 Subject: [PATCH 521/550] It was pointed out to me that if the requested size is 0, we shouldn't ty to allocate anything at all. This will allow eNULL to still work. PR: 751 Notified by: Lutz Jaenicke --- crypto/evp/evp_enc.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 658391105..cecb09cbe 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -148,11 +148,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp #endif ctx->cipher=cipher; - ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); - if (!ctx->cipher_data) + if (ctx->cipher->ctx_size) { - EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); - return 0; + ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + if (!ctx->cipher_data) + { + EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + { + ctx->cipher_data = NULL; } ctx->key_len = cipher->key_len; ctx->flags = 0; From e65c2b9872d52e130e848ac0e9007878f1fb6c78 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 1 Dec 2003 21:59:40 +0000 Subject: [PATCH 522/550] bn_fix_top() exists for compatibility's sake and is mapped to bn_correct_top() or bn_check_top() depending on debug settings. For internal source, all bn_fix_top()s should be converted one way or the other depending on whether the use of bn_correct_top() is justified. For BN_div_recp(), these cases should not require correction if the other bignum functions are doing their jobs properly, so convert to bn_check_top(). --- crypto/bn/bn_recp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index ea39677bc..411dd6089 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -204,8 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ret=1; err: BN_CTX_end(ctx); - if(dv) bn_fix_top(dv); - if(rem) bn_fix_top(rem); + if(dv) bn_check_top(dv); + if(rem) bn_check_top(rem); return(ret); } From 998ae048e74bb7a58eccae30e548b8acfe092925 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 1 Dec 2003 22:11:08 +0000 Subject: [PATCH 523/550] The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros which, in turn, are used nowhere at all. This is a good thing because bn_set_max() would currently generate code that wouldn't compile (BIGNUM has no 'max' element). The only apparent use for bn_set_[low|high] would be for implementing windowing algorithms, and all of openssl's seem to use bn_***_words() helpers instead (including the BN_div() that Nils fixed recently, which had been using independently-coded versions of what these unused macros are intended for). I'm therefore consigning these macros to cvs oblivion in the name of readability. --- crypto/bn/bn_lcl.h | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 4603b4f9f..18960f191 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -249,38 +249,6 @@ extern "C" { *(++ftl) = 0x0; \ } - -/* This macro is to add extra stuff for development checking */ -#ifdef BN_DEBUG -#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) -#else -#define bn_set_max(r) -#endif - -/* These macros are used to 'take' a section of a bignum for read only use */ -#define bn_set_low(r,a,n) \ - { \ - (r)->top=((a)->top > (n))?(n):(a)->top; \ - (r)->d=(a)->d; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - -#define bn_set_high(r,a,n) \ - { \ - if ((a)->top > (n)) \ - { \ - (r)->top=(a)->top-n; \ - (r)->d= &((a)->d[n]); \ - } \ - else \ - (r)->top=0; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - #ifdef BN_LLONG #define mul_add(r,a,w,c) { \ BN_ULLONG t; \ From e7e5fe4705233fb0e59dbf8ba19b8e0da004acd6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 1 Dec 2003 23:10:21 +0000 Subject: [PATCH 524/550] Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous white-space. --- crypto/bn/bn_gf2m.c | 99 ++++++++++++++++++++++++++++++++------------- 1 file changed, 70 insertions(+), 29 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 334a31428..fb3a8a9c7 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -288,6 +288,9 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) int i; const BIGNUM *at, *bt; + bn_check_top(a); + bn_check_top(b); + if (a->top < b->top) { at = b; bt = a; } else { at = a; bt = b; } @@ -322,7 +325,9 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) int j, k; int n, dN, d0, d1; BN_ULONG zz, *z; - + + bn_check_top(a); + if (!p[0]) /* reduction mod 1 => return 0 */ return BN_zero(r); @@ -397,7 +402,6 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) } bn_correct_top(r); - return 1; } @@ -412,6 +416,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) int ret = 0; const int max = BN_num_bits(p); unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -421,7 +427,7 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) } ret = BN_GF2m_mod_arr(r, a, arr); bn_check_top(r); - err: +err: if (arr) OPENSSL_free(arr); return ret; } @@ -435,12 +441,14 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig int zlen, i, j, k, ret = 0; BIGNUM *s; BN_ULONG x1, x0, y1, y0, zz[4]; - + + bn_check_top(a); + bn_check_top(b); + if (a == b) { return BN_GF2m_mod_sqr_arr(r, a, p, ctx); } - BN_CTX_start(ctx); if ((s = BN_CTX_get(ctx)) == NULL) goto err; @@ -469,10 +477,9 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig ret = 1; bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; - } /* Compute the product of two polynomials a and b, reduce modulo p, and store @@ -487,6 +494,9 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p int ret = 0; const int max = BN_num_bits(p); unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -496,7 +506,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p } ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); bn_check_top(r); - err: +err: if (arr) OPENSSL_free(arr); return ret; } @@ -507,7 +517,8 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C { int i, ret = 0; BIGNUM *s; - + + bn_check_top(a); BN_CTX_start(ctx); if ((s = BN_CTX_get(ctx)) == NULL) return 0; if (!bn_wexpand(s, 2 * a->top)) goto err; @@ -523,7 +534,7 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C if (!BN_GF2m_mod_arr(r, s, p)) goto err; bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -539,6 +550,9 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int ret = 0; const int max = BN_num_bits(p); unsigned int *arr=NULL; + + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -548,7 +562,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); bn_check_top(r); - err: +err: if (arr) OPENSSL_free(arr); return ret; } @@ -564,6 +578,9 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BIGNUM *b, *c, *u, *v, *tmp; int ret = 0; + bn_check_top(a); + bn_check_top(p); + BN_CTX_start(ctx); b = BN_CTX_get(ctx); @@ -608,7 +625,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -624,6 +641,7 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_ BIGNUM *field; int ret = 0; + bn_check_top(xx); BN_CTX_start(ctx); if ((field = BN_CTX_get(ctx)) == NULL) goto err; if (!BN_GF2m_arr2poly(p, field)) goto err; @@ -631,7 +649,7 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_ ret = BN_GF2m_mod_inv(r, xx, field, ctx); bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -645,7 +663,11 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p { BIGNUM *xinv = NULL; int ret = 0; - + + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + BN_CTX_start(ctx); xinv = BN_CTX_get(ctx); if (xinv == NULL) goto err; @@ -655,7 +677,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -671,6 +693,10 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p BIGNUM *a, *b, *u, *v; int ret = 0; + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + BN_CTX_start(ctx); a = BN_CTX_get(ctx); @@ -724,7 +750,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -742,6 +768,9 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const uns BIGNUM *field; int ret = 0; + bn_check_top(yy); + bn_check_top(xx); + BN_CTX_start(ctx); if ((field = BN_CTX_get(ctx)) == NULL) goto err; if (!BN_GF2m_arr2poly(p, field)) goto err; @@ -749,7 +778,7 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const uns ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -763,13 +792,15 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig { int ret = 0, i, n; BIGNUM *u; - + + bn_check_top(a); + bn_check_top(b); + if (BN_is_zero(b)) return(BN_one(r)); if (BN_abs_is_word(b, 1)) return (BN_copy(r, a) != NULL); - BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; @@ -787,10 +818,8 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } if (!BN_copy(r, u)) goto err; bn_check_top(r); - ret = 1; - - err: +err: BN_CTX_end(ctx); return ret; } @@ -807,6 +836,9 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p int ret = 0; const int max = BN_num_bits(p); unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -816,7 +848,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p } ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); bn_check_top(r); - err: +err: if (arr) OPENSSL_free(arr); return ret; } @@ -830,10 +862,12 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ int ret = 0; BIGNUM *u; + bn_check_top(a); + if (!p[0]) /* reduction mod 1 => return 0 */ return BN_zero(r); - + BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; @@ -842,7 +876,7 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -859,6 +893,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int ret = 0; const int max = BN_num_bits(p); unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) @@ -868,7 +904,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); bn_check_top(r); - err: +err: if (arr) OPENSSL_free(arr); return ret; } @@ -882,6 +918,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p unsigned int j; BIGNUM *a, *z, *rho, *w, *w2, *tmp; + bn_check_top(a_); + if (!p[0]) /* reduction mod 1 => return 0 */ return BN_zero(r); @@ -950,7 +988,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -966,6 +1004,8 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * int ret = 0; const int max = BN_num_bits(p); unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); @@ -976,7 +1016,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX * } ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); bn_check_top(r); - err: +err: if (arr) OPENSSL_free(arr); return ret; } @@ -1025,6 +1065,7 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) { int i; + bn_check_top(a); BN_zero(a); for (i = 0; p[i] != 0; i++) { @@ -1032,7 +1073,7 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) } BN_set_bit(a, 0); bn_check_top(a); - + return 1; } From b74cc0776b97a55f9a17c67d43d694211f734c75 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 1 Dec 2003 23:11:45 +0000 Subject: [PATCH 525/550] Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous white-space, and include extra headers to satisfy debugging builds. --- crypto/bn/bn_kron.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index 49f75594a..740359b75 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -53,9 +53,9 @@ * */ +#include "cryptlib.h" #include "bn_lcl.h" - /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) @@ -74,6 +74,9 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) */ static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; + bn_check_top(a); + bn_check_top(b); + BN_CTX_start(ctx); A = BN_CTX_get(ctx); B = BN_CTX_get(ctx); @@ -172,8 +175,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) tmp = A; A = B; B = tmp; tmp->neg = 0; } - - end: +end: BN_CTX_end(ctx); if (err) return -2; From 34066d741a7d24bb73931197d72a7264827325f4 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 1 Dec 2003 23:13:17 +0000 Subject: [PATCH 526/550] Declare the static BIGNUM "BN_value_one()" more carefully. --- crypto/bn/bn_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b49929288..3ecf83ddf 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -131,7 +131,7 @@ int BN_get_params(int which) const BIGNUM *BN_value_one(void) { static BN_ULONG data_one=1L; - static BIGNUM const_one={&data_one,1,1,0}; + static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; return(&const_one); } From 2ae1ea3788206c8f79bc9f4d29eac56352bf3ff6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 2 Dec 2003 03:16:56 +0000 Subject: [PATCH 527/550] BN_FLG_FREE is of extremely dubious usefulness, and is only referred to once in the source (where it is set for the benefit of no other code whatsoever). I've deprecated the declaration in the header and likewise made the use of the flag conditional in bn_lib.c. Note, this change also NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated. --- crypto/bn/bn.h | 2 ++ crypto/bn/bn_lib.c | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 5346a353a..f58d5f55a 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -254,7 +254,9 @@ extern "C" { #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 +#ifndef OPENSSL_NO_DEPRECATED #define BN_FLG_FREE 0x8000 /* used for debuging */ +#endif #define BN_set_flags(b,n) ((b)->flags|=(n)) #define BN_get_flags(b,n) ((b)->flags&(n)) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 3ecf83ddf..3bc67f9de 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -278,9 +278,15 @@ void BN_free(BIGNUM *a) if (a == NULL) return; if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); - a->flags|=BN_FLG_FREE; /* REMOVE? */ if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); + else + { +#ifndef OPENSSL_NO_DEPRECATED + a->flags|=BN_FLG_FREE; +#endif + a->d = NULL; + } } void BN_init(BIGNUM *a) From 82b2f57e30e1348edc620855ed0999cbb50f1d52 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 2 Dec 2003 03:28:24 +0000 Subject: [PATCH 528/550] Use the BN_is_odd() macro in place of code that (inconsistently) does much the same thing. Also, I have some stuff on the back-burner related to some BN_CTX notes from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX comments are there to remind me of some relevant points in the code. --- crypto/bn/bn_exp.c | 11 ++++++----- crypto/bn/bn_exp2.c | 1 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 462d4dbc4..aef77cb79 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -361,6 +361,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, int start=1,ts=0; BIGNUM *d,*r; const BIGNUM *aa; + /* TODO: BN_CTX??? */ BIGNUM val[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; @@ -368,7 +369,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - if (!(m->d[0] & 1)) + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); @@ -524,7 +525,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - if (m->top == 0 || !(m->d[0] & 1)) + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); @@ -640,13 +641,13 @@ err: /* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx) { int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; int start=1; BIGNUM *d; + /* TODO: BN_CTX?? */ BIGNUM val[TABLE_SIZE]; bits=BN_num_bits(p); diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 3bf7dafee..979ceeffc 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -123,6 +123,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, int r_is_one=1,ts1=0,ts2=0; BIGNUM *d,*r; const BIGNUM *a_mod_m; + /* TODO: BN_CTX??? */ BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; From 2bfd2c74d256483cab8775a94204839d25020577 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 2 Dec 2003 20:01:30 +0000 Subject: [PATCH 529/550] Incremental cleanups to bn_lib.c. - Add missing bn_check_top() calls and relocate some others - Use BN_is_zero() where appropriate - Remove assert()s that bn_check_top() is already covering - Simplify the code in places (esp. bn_expand2()) - Only keep ambiguous zero handling if BN_STRICT isn't defined - Remove some white-space and make some other aesthetic tweaks --- crypto/bn/bn_lib.c | 86 ++++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 48 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 3bc67f9de..d29a7cc8d 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -244,16 +244,11 @@ int BN_num_bits_word(BN_ULONG l) int BN_num_bits(const BIGNUM *a) { - BN_ULONG l; - int i; - + int i = a->top - 1; bn_check_top(a); - if (a->top == 0) return(0); - l=a->d[a->top-1]; - assert(l != 0); - i=(a->top-1)*BN_BITS2; - return(i+BN_num_bits_word(l)); + if (BN_is_zero(a)) return 0; + return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); } void BN_clear_free(BIGNUM *a) @@ -261,6 +256,7 @@ void BN_clear_free(BIGNUM *a) int i; if (a == NULL) return; + bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); @@ -276,6 +272,7 @@ void BN_clear_free(BIGNUM *a) void BN_free(BIGNUM *a) { if (a == NULL) return; + bn_check_top(a); if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); if (a->flags & BN_FLG_MALLOCED) @@ -321,13 +318,13 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; + bn_check_top(b); + if (words > (INT_MAX/(4*BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); return NULL; } - - bn_check_top(b); if (BN_get_flags(b,BN_FLG_STATIC_DATA)) { BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); @@ -394,12 +391,14 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) { BIGNUM *r = NULL; + bn_check_top(b); + /* This function does not work if * words <= b->dmax && top < words * because BN_dup() does not preserve 'dmax'! * (But bn_dup_expand() is not used anywhere yet.) */ - + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); @@ -443,23 +442,19 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *A; int i; + bn_check_top(b); + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); - - if (a) - { - if (b->d) - OPENSSL_free(b->d); - b->d=a; - b->dmax=words; - } - else - b = NULL; + if(!a) return NULL; + if(b->d) OPENSSL_free(b->d); + b->d=a; + b->dmax=words; } - + /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ - if ((b != NULL) && (b->top < b->dmax)) + if (b->top < b->dmax) { A = &(b->d[b->top]); for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) @@ -471,26 +466,26 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) A[0]=0; assert(A == &(b->d[b->dmax])); } - else if(b) bn_check_top(b); + bn_check_top(b); return b; } BIGNUM *BN_dup(const BIGNUM *a) { - BIGNUM *r, *t; + BIGNUM *t; if (a == NULL) return NULL; - bn_check_top(a); t = BN_new(); - if (t == NULL) return(NULL); - r = BN_copy(t, a); - /* now r == t || r == NULL */ - if (r == NULL) + if (t == NULL) return NULL; + if(!BN_copy(t, a)) + { BN_free(t); - bn_check_top(r); - return r; + return NULL; + } + bn_check_top(t); + return t; } BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) @@ -524,10 +519,11 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d,b->d,sizeof(b->d[0])*b->top); #endif -/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ a->top=b->top; +#ifndef BN_STRICT if ((a->top == 0) && (a->d != NULL)) a->d[0]=0; +#endif a->neg=b->neg; bn_check_top(a); return(a); @@ -540,18 +536,15 @@ BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) const BN_ULONG *B; bn_check_top(b); - if (a == b) return a; min = (b->top < (int)n)? b->top: (int)n; - if (!min) { BN_zero(a); return a; } - if (bn_wexpand(a, min) == NULL) return NULL; @@ -571,11 +564,8 @@ BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) case 0: ; } a->top = min; - a->neg = b->neg; bn_correct_top(a); - - bn_check_top(a); return(a); } @@ -612,7 +602,6 @@ void BN_swap(BIGNUM *a, BIGNUM *b) bn_check_top(b); } - void BN_clear(BIGNUM *a) { bn_check_top(a); @@ -743,7 +732,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) t1= ap[i]; t2= bp[i]; if (t1 != t2) - return(t1 > t2?1:-1); + return((t1 > t2) ? 1 : -1); } return(0); } @@ -815,8 +804,8 @@ int BN_clear_bit(BIGNUM *a, int n) { int i,j; - if (n < 0) - return 0; + bn_check_top(a); + if (n < 0) return 0; i=n/BN_BITS2; j=n%BN_BITS2; @@ -831,10 +820,11 @@ int BN_is_bit_set(const BIGNUM *a, int n) { int i,j; - if (n < 0) return(0); + bn_check_top(a); + if (n < 0) return 0; i=n/BN_BITS2; j=n%BN_BITS2; - if (a->top <= i) return(0); + if (a->top <= i) return 0; return((a->d[i]&(((BN_ULONG)1)<= a->top) return(0); + if (w >= a->top) return 0; if (b == 0) a->top=w; else From 919f8bcd21c1d69a734f56b5ac2e2a576a0ed5f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 3 Dec 2003 16:29:41 +0000 Subject: [PATCH 530/550] Restructure make targets to allow parallel make. Submitted by: Witold Filipczyk PR: #513 --- crypto/Makefile.ssl | 4 ++-- ssl/Makefile.ssl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index a81b367cc..037e72d09 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -52,7 +52,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: @(cd ..; $(MAKE) DIRS=$(DIR) all) -all: buildinf.h lib subdirs shared +all: shared buildinf.h: ../Makefile.ssl ( echo "#ifndef MK1MF_BUILD"; \ @@ -98,7 +98,7 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -shared: +shared: buildinf.h lib subdirs if [ -n "$(SHARED_LIBS)" ]; then \ (cd ..; $(MAKE) $(SHARED_LIB)); \ fi diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index c1e34b241..39b958f55 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -55,14 +55,14 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ..; $(MAKE) DIRS=$(DIR) all) -all: lib shared +all: shared lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -shared: +shared: lib if [ -n "$(SHARED_LIBS)" ]; then \ (cd ..; $(MAKE) $(SHARED_LIB)); \ fi From ce38bb1a8c68db205069dc4595afcd02594c9d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 6 Dec 2003 11:39:37 +0000 Subject: [PATCH 531/550] Avoid segfault if ret==0. Submitted by: Nils Larsch --- crypto/bn/bn_gcd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index f02e6fcdb..0248753f6 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -488,6 +488,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, err: if ((ret == NULL) && (in == NULL)) BN_free(R); BN_CTX_end(ctx); - bn_check_top(ret); + if (ret) + bn_check_top(ret); return(ret); } From a9f2330f432809cafcfa65e4265f5219436f08e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 6 Dec 2003 11:41:22 +0000 Subject: [PATCH 532/550] Skip a curve with generator of non-prime order. Submitted by: Nils Larsch --- crypto/ecdsa/ecdsatest.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 59f664f50..d58e9a63f 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -331,6 +331,8 @@ int test_builtin(BIO *out) unsigned char dirt, offset; nid = curves[n].nid; + if (nid == NID_ipsec4) + continue; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) goto builtin_err; From 380e145daf6afff135856afeb33b84aaed19cd4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 6 Dec 2003 11:55:46 +0000 Subject: [PATCH 533/550] Add "dif" variable to clean up the loop implementations. Submitted by: Nils Larsch --- crypto/bn/bn_add.c | 91 +++++++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 45 deletions(-) diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index a13b8a11c..940516370 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -64,7 +64,7 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { const BIGNUM *tmp; - int a_neg = a->neg; + int a_neg = a->neg, ret; bn_check_top(a); bn_check_top(b); @@ -95,21 +95,17 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) return(1); } - if (!BN_uadd(r,a,b)) return(0); - if (a_neg) /* both are neg */ - r->neg=1; - else - r->neg=0; + ret = BN_uadd(r,a,b); + r->neg = a_neg; bn_check_top(r); - return(1); + return ret; } -/* unsigned add of b to a, r must be large enough */ +/* unsigned add of b to a */ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - register int i; - int max,min; - BN_ULONG *ap,*bp,*rp,carry,t1; + int max,min,dif; + BN_ULONG *ap,*bp,*rp,carry,t1,t2; const BIGNUM *tmp; bn_check_top(a); @@ -117,11 +113,12 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a->top < b->top) { tmp=a; a=b; b=tmp; } - max=a->top; - min=b->top; + max = a->top; + min = b->top; + dif = max - min; if (bn_wexpand(r,max+1) == NULL) - return(0); + return 0; r->top=max; @@ -129,47 +126,46 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) ap=a->d; bp=b->d; rp=r->d; - carry=0; carry=bn_add_words(rp,ap,bp,min); rp+=min; ap+=min; bp+=min; - i=min; if (carry) { - while (i < max) + while (dif) { - i++; - t1= *(ap++); - if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) + dif--; + t1 = *(ap++); + t2 = (t1+1) & BN_MASK2; + *(rp++) = t2; + if (t2) { carry=0; break; } } - if ((i >= max) && carry) + if (carry) { - *(rp++)=1; + /* carry != 0 => dif == 0 */ + *rp = 1; r->top++; } } - if (rp != ap) - { - for (; ineg = 0; bn_check_top(r); - return(1); + return 1; } /* unsigned subtraction of b from a, a must be larger than b. */ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - int max,min; + int max,min,dif; register BN_ULONG t1,t2,*ap,*bp,*rp; int i,carry; #if defined(IRIX_CC_BUG) && !defined(LINT) @@ -179,14 +175,16 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - if (a->top < b->top) /* hmm... should not be happening */ + max = a->top; + min = b->top; + dif = max - min; + + if (dif < 0) /* hmm... should not be happening */ { BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); return(0); } - max=a->top; - min=b->top; if (bn_wexpand(r,max) == NULL) return(0); ap=a->d; @@ -195,7 +193,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) #if 1 carry=0; - for (i=0; i t2) break; + dif--; + t1 = *(ap++); + t2 = (t1-1)&BN_MASK2; + *(rp++) = t2; + if (t1) + break; } } #if 0 @@ -239,13 +240,13 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { for (;;) { - if (i++ >= max) break; + if (!dif--) break; rp[0]=ap[0]; - if (i++ >= max) break; + if (!dif--) break; rp[1]=ap[1]; - if (i++ >= max) break; + if (!dif--) break; rp[2]=ap[2]; - if (i++ >= max) break; + if (!dif--) break; rp[3]=ap[3]; rp+=4; ap+=4; From 2abd5b7aa033b9941c0019e4d627116d90d91a9e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 10 Dec 2003 13:57:51 +0000 Subject: [PATCH 534/550] Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()). Correct the typo PUKEY... --- doc/crypto/d2i_DSAPublicKey.pod | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod index 6ebd30427..22c1b50f2 100644 --- a/doc/crypto/d2i_DSAPublicKey.pod +++ b/doc/crypto/d2i_DSAPublicKey.pod @@ -9,6 +9,7 @@ and parsing functions. =head1 SYNOPSIS #include + #include DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); @@ -35,8 +36,8 @@ and parsing functions. d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key components structure. -d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a -SubjectPublicKeyInfo (certificate public key) structure. +d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using +a SubjectPublicKeyInfo (certificate public key) structure. d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key components. From 4775944f8138a52660f4511fcd5e75b0dbd0a409 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 10 Dec 2003 14:31:55 +0000 Subject: [PATCH 535/550] Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()). Correct the typo PUKEY... --- doc/crypto/d2i_RSAPublicKey.pod | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod index 7c71bcbf3..279b29c87 100644 --- a/doc/crypto/d2i_RSAPublicKey.pod +++ b/doc/crypto/d2i_RSAPublicKey.pod @@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. =head1 SYNOPSIS #include + #include RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); @@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey structure. -d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a -SubjectPublicKeyInfo (certificate public key) structure. +d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using +a SubjectPublicKeyInfo (certificate public key) structure. d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey structure. From a2b0de98af8ca4de5fd27484f4925cdc351a9020 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 11 Dec 2003 18:01:03 +0000 Subject: [PATCH 536/550] To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer. PR: 794 Notified by: Rhett Garber --- crypto/bio/b_print.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index de74ec6df..960a049bc 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -652,8 +652,8 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < (int)sizeof(iplace))); - if (iplace == sizeof iplace) + } while (intpart && (iplace < (int)sizeof(iconvert))); + if (iplace == sizeof iconvert) iplace--; iconvert[iplace] = 0; @@ -664,7 +664,7 @@ fmtfp( : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == sizeof fplace) + if (fplace == sizeof fconvert) fplace--; fconvert[fplace] = 0; From e88c57773873240edd96732112fcbf5a407e4a90 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 20 Dec 2003 22:48:21 +0000 Subject: [PATCH 537/550] Typos. --- doc/crypto/pem.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index a4f8cc333..861311445 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -330,7 +330,7 @@ most of them are set to 0 or NULL. Read a certificate in PEM format from a BIO: X509 *x; - x = PEM_read_bio(bp, NULL, 0, NULL); + x = PEM_read_bio_X509(bp, NULL, 0, NULL); if (x == NULL) { /* Error */ @@ -459,12 +459,12 @@ returned by EVP_bytestokey(). The PEM read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore the following: - PEM_read_bio(bp, &x, 0, NULL); + PEM_read_bio_X509(bp, &x, 0, NULL); where B already contains a valid certificate, may not work, whereas: X509_free(x); - x = PEM_read_bio(bp, NULL, 0, NULL); + x = PEM_read_bio_X509(bp, NULL, 0, NULL); is guaranteed to work. From b79aa47a0c8478bea62fc2bb55f99e0be172da3d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 14:26:14 +0000 Subject: [PATCH 538/550] Add a newline at the end of the last line. This is part of a large change submitted by Markus Friedl --- MacOS/GetHTTPS.src/CPStringUtils.cpp | 2 +- MacOS/GetHTTPS.src/ErrorHandling.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MacOS/GetHTTPS.src/CPStringUtils.cpp b/MacOS/GetHTTPS.src/CPStringUtils.cpp index 5f64afe96..617aae2c7 100644 --- a/MacOS/GetHTTPS.src/CPStringUtils.cpp +++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp @@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL) } } } -} \ No newline at end of file +} diff --git a/MacOS/GetHTTPS.src/ErrorHandling.cpp b/MacOS/GetHTTPS.src/ErrorHandling.cpp index 07a32de59..80b6a675f 100644 --- a/MacOS/GetHTTPS.src/ErrorHandling.cpp +++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp @@ -167,4 +167,4 @@ void ThrowErrorMessageException(void) ThrowDescriptiveException(gErrorMessage); } -#endif \ No newline at end of file +#endif From d420ac2c7d4ba9d99ff2c257a3ad71ecc6d876e2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 14:40:17 +0000 Subject: [PATCH 539/550] Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl --- apps/apps.c | 10 ++++++---- apps/ca.c | 39 +++++++++++++++++++++++---------------- apps/dgst.c | 5 +++-- apps/enc.c | 6 +++--- apps/engine.c | 4 ++-- apps/pkcs12.c | 4 ++-- apps/req.c | 40 +++++++++++++++++++--------------------- apps/s_socket.c | 2 +- apps/s_time.c | 6 +++--- apps/x509.c | 14 ++++++++------ crypto/asn1/a_gentm.c | 9 +++++---- crypto/asn1/a_mbstr.c | 4 ++-- crypto/asn1/a_time.c | 9 ++++++--- crypto/asn1/a_utctm.c | 9 +++++---- crypto/asn1/asn1_lib.c | 4 ++-- crypto/asn1/asn1_par.c | 6 +++--- crypto/asn1/t_pkey.c | 4 ++-- crypto/asn1/x_long.c | 10 ++++++++-- crypto/bio/b_dump.c | 32 ++++++++++++++++++-------------- crypto/bio/b_sock.c | 12 ++++++------ crypto/bio/bio_cb.c | 36 +++++++++++++++++++++--------------- crypto/bio/bss_conn.c | 6 +++--- crypto/bio/bss_file.c | 10 +++++----- crypto/bn/bn_lib.c | 8 ++++---- crypto/bn/bn_print.c | 5 +++-- crypto/conf/conf_def.c | 6 +++--- crypto/conf/conf_mod.c | 8 ++++---- crypto/cversion.c | 8 +++++--- crypto/des/ecb_enc.c | 4 +++- crypto/dso/dso_lib.c | 4 ++-- crypto/engine/eng_ctrl.c | 10 +++++++--- crypto/err/err.c | 2 +- crypto/evp/evp_pbe.c | 2 +- crypto/evp/evp_pkey.c | 2 +- crypto/mem_dbg.c | 17 ++++++++++------- crypto/objects/obj_dat.c | 4 ++-- crypto/pem/pem_lib.c | 14 ++++++++------ crypto/rand/rand_egd.c | 3 ++- crypto/ui/ui_lib.c | 13 +++++++------ crypto/x509/by_dir.c | 5 +++-- crypto/x509/x509_txt.c | 2 +- crypto/x509v3/v3_alt.c | 6 ++++-- crypto/x509v3/v3_info.c | 11 ++++++----- 43 files changed, 233 insertions(+), 182 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 6e72f1183..47b59b454 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1396,14 +1396,16 @@ int load_config(BIO *err, CONF *cnf) char *make_config_name() { const char *t=X509_get_default_cert_area(); + size_t len; char *p; - p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); - strcpy(p,t); + len=strlen(t)+strlen(OPENSSL_CONF)+2; + p=OPENSSL_malloc(len); + BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS - strcat(p,"/"); + BUF_strlcat(p,"/",len); #endif - strcat(p,OPENSSL_CONF); + BUF_strlcat(p,OPENSSL_CONF,len); return p; } diff --git a/apps/ca.c b/apps/ca.c index 0b3381117..afcbfcd8b 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -557,16 +557,19 @@ bad: if (configfile == NULL) { const char *s=X509_get_default_cert_area(); + size_t len; #ifdef OPENSSL_SYS_VMS - tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + len = strlen(s)+sizeof(CONFIG_FILE); + tofree=OPENSSL_malloc(len); strcpy(tofree,s); #else - tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); - strcpy(tofree,s); - strcat(tofree,"/"); + len = strlen(s)+sizeof(CONFIG_FILE)+1; + tofree=OPENSSL_malloc(len); + BUF_strlcpy(tofree,s,len); + BUF_strlcat(tofree,"/",len); #endif - strcat(tofree,CONFIG_FILE); + BUF_strlcat(tofree,CONFIG_FILE,len); configfile=tofree; } @@ -1236,7 +1239,7 @@ bad: for (i=0; i 0) { for (k=0; k= &(buf[2][sizeof(buf[2])])) + break; + BIO_snprintf(n, + &buf[2][0] + sizeof(buf[2]) - n, + "%02X",(unsigned char)*(p++)); n+=2; } } @@ -2127,7 +2134,7 @@ again2: BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } - strcpy(row[DB_file],"unknown"); + BUF_strlcpy(row[DB_file],"unknown",8); row[DB_type][0]='V'; row[DB_type][1]='\0'; @@ -2428,7 +2435,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } - strcpy(row[DB_file],"unknown"); + BUF_strlcpy(row[DB_file],"unknown",8); row[DB_type][0]='V'; row[DB_type][1]='\0'; @@ -2752,16 +2759,16 @@ char *make_revocation_str(int rev_type, char *rev_arg) if (!str) return NULL; - strcpy(str, (char *)revtm->data); + BUF_strlcpy(str, (char *)revtm->data, i); if (reason) { - strcat(str, ","); - strcat(str, reason); + BUF_strlcat(str, ",", i); + BUF_strlcat(str, reason, i); } if (other) { - strcat(str, ","); - strcat(str, other); + BUF_strlcat(str, ",", i); + BUF_strlcat(str, other, i); } ASN1_UTCTIME_free(revtm); return str; diff --git a/apps/dgst.c b/apps/dgst.c index 47d1309b1..be25dafef 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -347,8 +347,9 @@ int MAIN(int argc, char **argv) } if(!out_bin) { - tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5); - sprintf(tmp,"%s(%s)= ",name,argv[i]); + size_t len = strlen(name)+strlen(argv[i])+5; + tmp=tofree=OPENSSL_malloc(len); + BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]); } else tmp=""; diff --git a/apps/enc.c b/apps/enc.c index ae18452e8..69f4bebcb 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -373,9 +373,9 @@ bad: { char buf[200]; - sprintf(buf,"enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc)?"encryption":"decryption"); + BIO_snprintf(buf,sizeof buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); strbuf[0]='\0'; i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); if (i == 0) diff --git a/apps/engine.c b/apps/engine.c index feee96532..b95125461 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -123,8 +123,8 @@ static int append_buf(char **buf, const char *s, int *size, int step) return 0; if (**buf != '\0') - strcat(*buf, ", "); - strcat(*buf, s); + BUF_strlcat(*buf, ", ", *size); + BUF_strlcat(*buf, s, *size); return 1; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 385011b45..cbd933667 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -551,7 +551,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "Can't read Password\n"); goto export_end; } - if (!twopass) strcpy(macpass, pass); + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -613,7 +613,7 @@ int MAIN(int argc, char **argv) CRYPTO_pop_info(); #endif - if (!twopass) strcpy(macpass, pass); + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); if(macver) { diff --git a/apps/req.c b/apps/req.c index c5becc9d4..c4594c490 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1321,34 +1321,34 @@ start: for (;;) mval = 0; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; - - if(strlen(v->name) > sizeof buf-9) + if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) + >= sizeof buf) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; } - sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); + + BIO_snprintf(buf,sizeof buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); value=NULL; } - sprintf(buf,"%s_min",v->name); + BIO_snprintf(buf,sizeof buf,"%s_min",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) { ERR_clear_error(); n_min = -1; } - sprintf(buf,"%s_max",v->name); + BIO_snprintf(buf,sizeof buf,"%s_max",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) { ERR_clear_error(); @@ -1386,13 +1386,13 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; - if(strlen(v->name) > sizeof buf-9) + if (BIO_snprintf(buf,sizeof buf,"%s_default",type) + >= sizeof buf) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; } - sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { @@ -1401,7 +1401,7 @@ start2: for (;;) } - sprintf(buf,"%s_value",type); + BIO_snprintf(buf,sizeof buf,"%s_value",type); if ((value=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { @@ -1409,11 +1409,11 @@ start2: for (;;) value=NULL; } - sprintf(buf,"%s_min",type); + BIO_snprintf(buf,sizeof buf,"%s_min",type); if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) n_min = -1; - sprintf(buf,"%s_max",type); + BIO_snprintf(buf,sizeof buf,"%s_max",type); if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) n_max = -1; @@ -1507,9 +1507,8 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { - OPENSSL_assert(strlen(value) < sizeof buf-2); - strcpy(buf,value); - strcat(buf,"\n"); + BUF_strlcpy(buf,value,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); BIO_printf(bio_err,"%s\n",value); } else @@ -1531,8 +1530,8 @@ start: { if ((def == NULL) || (def[0] == '\0')) return(1); - strcpy(buf,def); - strcat(buf,"\n"); + BUF_strlcpy(buf,def,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); } else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); @@ -1566,9 +1565,8 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { - OPENSSL_assert(strlen(value) < sizeof buf-2); - strcpy(buf,value); - strcat(buf,"\n"); + BUF_strlcpy(buf,value,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); BIO_printf(bio_err,"%s\n",value); } else @@ -1590,8 +1588,8 @@ start: { if ((def == NULL) || (def[0] == '\0')) return(1); - strcpy(buf,def); - strcat(buf,"\n"); + BUF_strlcpy(buf,def,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); } else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); diff --git a/apps/s_socket.c b/apps/s_socket.c index ff8c282a1..28c6b1e27 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -429,7 +429,7 @@ redoit: perror("OPENSSL_malloc"); return(0); } - strcpy(*host,h1->h_name); + BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); h2=GetHostByName(*host); if (h2 == NULL) diff --git a/apps/s_time.c b/apps/s_time.c index 1134020d2..904945e1a 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -516,7 +516,7 @@ int MAIN(int argc, char **argv) if (s_www_path != NULL) { - sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon,buf,strlen(buf)); while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) bytes_read+=i; @@ -571,7 +571,7 @@ next: if (s_www_path != NULL) { - sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon,buf,strlen(buf)); while (SSL_read(scon,buf,sizeof(buf)) > 0) ; @@ -609,7 +609,7 @@ next: if (s_www_path) { - sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon,buf,strlen(buf)); while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) bytes_read+=i; diff --git a/apps/x509.c b/apps/x509.c index 036e25505..d30fbbe1e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1048,24 +1048,26 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create char *buf = NULL, *p; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; + size_t len; - buf=OPENSSL_malloc( ((serialfile == NULL) - ?(strlen(CAfile)+strlen(POSTFIX)+1) - :(strlen(serialfile)))+1); + len = ((serialfile == NULL) + ?(strlen(CAfile)+strlen(POSTFIX)+1) + :(strlen(serialfile)))+1; + buf=OPENSSL_malloc(len); if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } if (serialfile == NULL) { - strcpy(buf,CAfile); + BUF_strlcpy(buf,CAfile,len); for (p=buf; *p; p++) if (*p == '.') { *p='\0'; break; } - strcat(buf,POSTFIX); + BUF_strlcat(buf,POSTFIX,len); } else - strcpy(buf,serialfile); + BUF_strlcpy(buf,serialfile,len); serial = load_serial(buf, create, NULL); if (serial == NULL) goto end; diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index cd09f68b3..1aba86d0d 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, char *p; struct tm *ts; struct tm data; + size_t len = 20; if (s == NULL) s=M_ASN1_GENERALIZEDTIME_new(); @@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, return(NULL); p=(char *)s->data; - if ((p == NULL) || (s->length < 16)) + if ((p == NULL) || (s->length < len)) { - p=OPENSSL_malloc(20); + p=OPENSSL_malloc(len); if (p == NULL) return(NULL); if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; } - sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); + BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, + ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); s->length=strlen(p); s->type=V_ASN1_GENERALIZEDTIME; #ifdef CHARSET_EBCDIC_not diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index e8a26af52..208b3ec39 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); - sprintf(strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); - sprintf(strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 7348da945..159681fbc 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -128,6 +128,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE { ASN1_GENERALIZEDTIME *ret; char *str; + int newlen; if (!ASN1_TIME_check(t)) return NULL; @@ -150,12 +151,14 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) return NULL; + /* ASN1_STRING_set() allocated 'len + 1' bytes. */ + newlen = t->length + 2 + 1; str = (char *)ret->data; /* Work out the century and prepend */ - if (t->data[0] >= '5') strcpy(str, "19"); - else strcpy(str, "20"); + if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); + else BUF_strlcpy(str, "20", newlen); - BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */ + BUF_strlcat(str, (char *)t->data, newlen); return ret; } diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index dbb4a42c9..6bc609a90 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) char *p; struct tm *ts; struct tm data; + size_t len = 20; if (s == NULL) s=M_ASN1_UTCTIME_new(); @@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) return(NULL); p=(char *)s->data; - if ((p == NULL) || (s->length < 14)) + if ((p == NULL) || (s->length < len)) { - p=OPENSSL_malloc(20); + p=OPENSSL_malloc(len); if (p == NULL) return(NULL); if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; } - sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); + BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, + ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); s->length=strlen(p); s->type=V_ASN1_UTCTIME; #ifdef CHARSET_EBCDIC_not diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 1905b090e..b720bccac 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -423,8 +423,8 @@ void asn1_add_error(unsigned char *address, int offset) { char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; - sprintf(buf1,"%lu",(unsigned long)address); - sprintf(buf2,"%d",offset); + BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); + BIO_snprintf(buf2,sizeof buf2,"%d",offset); ERR_add_error_data(4,"address=",buf1," offset=",buf2); } diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index d64edbd79..bd8de1e8d 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p=str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - sprintf(str,"priv [ %d ] ",tag); + BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - sprintf(str,"cont [ %d ]",tag); + BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - sprintf(str,"appl [ %d ]",tag); + BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); else p = ASN1_tag2str(tag); if (p2 != NULL) diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 06e85f3b4..86bd2e04e 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -150,9 +150,9 @@ int RSA_print(BIO *bp, const RSA *x, int off) } if (x->d == NULL) - sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n)); + BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); else - strcpy(str,"modulus:"); + BUF_strlcpy(str,"modulus:",sizeof str); if (!print(bp,str,x->n,m,off)) goto err; s=(x->d == NULL)?"Exponent:":"publicExponent:"; if (!print(bp,s,x->e,m,off)) goto err; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 954d18397..4b5953c0f 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -104,7 +104,12 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A long ltmp; unsigned long utmp; int clen, pad, i; - ltmp = *(long *)pval; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; + + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); + if(ltmp == it->size) return -1; /* Convert the long to positive: we subtract one if negative so * we can cleanly handle the padding if only the MSB of the leading @@ -136,6 +141,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, int neg, i; long ltmp; unsigned long utmp = 0; + char *cp = (char *)pval; if(len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; @@ -158,6 +164,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - *(long *)pval = ltmp; + memcpy(cp, <mp, sizeof(long)); return 1; } diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 0f6176836..76fee2db4 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) for(i=0;i=len) { - strcat(buf," "); + BUF_strlcat(buf," ",sizeof buf); } else { ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; - sprintf(tmp,"%02x%c",ch,j==7?'-':' '); - strcat(buf,tmp); + BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, + j==7?'-':' '); + BUF_strlcat(buf,tmp,sizeof buf); } } - strcat(buf," "); + BUF_strlcat(buf," ",sizeof buf); for(j=0;j=len) break; ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; #ifndef CHARSET_EBCDIC - sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); + BIO_snprintf(tmp,sizeof tmp,"%c", + ((ch>=' ')&&(ch<='~'))?ch:'.'); #else - sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) - ? os_toebcdic[ch] - : '.'); + BIO_snprintf(tmp,sizeof tmp,"%c", + ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) + ? os_toebcdic[ch] + : '.'); #endif - strcat(buf,tmp); + BUF_strlcat(buf,tmp,sizeof buf); } - strcat(buf,"\n"); + BUF_strlcat(buf,"\n",sizeof buf); /* if this is the last call then update the ddt_dump thing so that * we will move the selection point in the debug window */ @@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) #ifdef TRUNCATE if (trc > 0) { - sprintf(buf,"%s%04x - \n",str,len+trc); + BIO_snprintf(buf,sizeof buf,"%s%04x - \n",str, + len+trc); ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #endif diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index d619bcf99..268517fdc 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -740,12 +740,12 @@ int BIO_accept(int sock, char **addr) } *addr=p; } - sprintf(*addr,"%d.%d.%d.%d:%d", - (unsigned char)(l>>24L)&0xff, - (unsigned char)(l>>16L)&0xff, - (unsigned char)(l>> 8L)&0xff, - (unsigned char)(l )&0xff, - port); + BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d", + (unsigned char)(l>>24L)&0xff, + (unsigned char)(l>>16L)&0xff, + (unsigned char)(l>> 8L)&0xff, + (unsigned char)(l )&0xff, + port); end: return(ret); } diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 0ffa4d213..6f4254a11 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -70,55 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, MS_STATIC char buf[256]; char *p; long r=1; + size_t p_maxlen; if (BIO_CB_RETURN & cmd) r=ret; - sprintf(buf,"BIO[%08lX]:",(unsigned long)bio); + BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); p= &(buf[14]); + p_maxlen = sizeof buf - 14; switch (cmd) { case BIO_CB_FREE: - sprintf(p,"Free - %s\n",bio->method->name); + BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); break; case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); + BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", + bio->num,argi,bio->method->name,bio->num); else - sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n", + bio->num,argi,bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); + BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", + bio->num,argi,bio->method->name,bio->num); else - sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n", + bio->num,argi,bio->method->name); break; case BIO_CB_PUTS: - sprintf(p,"puts() - %s\n",bio->method->name); + BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); break; case BIO_CB_GETS: - sprintf(p,"gets(%d) - %s\n",argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); break; case BIO_CB_CTRL: - sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); break; case BIO_CB_RETURN|BIO_CB_READ: - sprintf(p,"read return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"read return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_WRITE: - sprintf(p,"write return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"write return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_GETS: - sprintf(p,"gets return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_PUTS: - sprintf(p,"puts return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_CTRL: - sprintf(p,"ctrl return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret); break; default: - sprintf(p,"bio callback - unknown type (%d)\n",cmd); + BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); break; } diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 33702eb99..f1016e51d 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) char buf[16]; unsigned char *p = ptr; - sprintf(buf,"%d.%d.%d.%d", - p[0],p[1],p[2],p[3]); + BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d", + p[0],p[1],p[2],p[3]); if (data->param_hostname != NULL) OPENSSL_free(data->param_hostname); data->param_hostname=BUF_strdup(buf); @@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) { char buf[DECIMAL_SIZE(int)+1]; - sprintf(buf,"%d",*(int *)ptr); + BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr); if (data->param_port != NULL) OPENSSL_free(data->param_port); data->param_port=BUF_strdup(buf); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 774bc5a7e..f36bec286 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -256,15 +256,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - strcpy(p,"a+"); - else strcpy(p,"a"); + BUF_strlcpy(p,"a+",sizeof p); + else BUF_strlcpy(p,"a",sizeof p); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - strcpy(p,"r+"); + BUF_strlcpy(p,"r+",sizeof p); else if (num & BIO_FP_WRITE) - strcpy(p,"w"); + BUF_strlcpy(p,"w",sizeof p); else if (num & BIO_FP_READ) - strcpy(p,"r"); + BUF_strlcpy(p,"r",sizeof p); else { BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index d29a7cc8d..3f607cd53 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -145,11 +145,11 @@ char *BN_options(void) { init++; #ifdef BN_LLONG - sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, - (int)sizeof(BN_ULONG)*8); + BIO_snprintf(data,sizeof data,"bn(%d,%d)", + (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); #else - sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, - (int)sizeof(BN_ULONG)*8); + BIO_snprintf(data,sizeof data,"bn(%d,%d)", + (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); #endif } return(data); diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 4bc51d303..7f7b36a12 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -119,6 +119,7 @@ char *BN_bn2dec(const BIGNUM *a) } if ((t=BN_dup(a)) == NULL) goto err; +#define BUF_REMAIN (num+3 - (size_t)(p - buf)) p=buf; lp=bn_data; if (t->neg) *(p++)='-'; @@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a) /* We now have a series of blocks, BN_DEC_NUM chars * in length, where the last one needs truncation. * The blocks need to be reversed in order. */ - sprintf(p,BN_DEC_FMT1,*lp); + BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); while (*p) p++; while (lp != bn_data) { lp--; - sprintf(p,BN_DEC_FMT2,*lp); + BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); while (*p) p++; } } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 52a87aa76..0451be015 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); goto err; } - strcpy(section,"default"); + BUF_strlcpy(section,"default",10); if (_CONF_new_data(conf) == 0) { @@ -392,7 +392,7 @@ again: ERR_R_MALLOC_FAILURE); goto err; } - strcpy(v->name,pname); + BUF_strlcpy(v->name,pname,strlen(pname)+1); if (!str_copy(conf,psection,&(v->value),start)) goto err; if (strcmp(psection,section) != 0) @@ -447,7 +447,7 @@ err: if (buff != NULL) BUF_MEM_free(buff); if (section != NULL) OPENSSL_free(section); if (line != NULL) *line=eline; - sprintf(btmp,"%ld",eline); + BIO_snprintf(btmp,sizeof btmp,"%ld",eline); ERR_add_error_data(2,"line ",btmp); if ((h != conf->data) && (conf->data != NULL)) { diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 8ceab6a21..d45adea85 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value, { char rcode[DECIMAL_SIZE(ret)+1]; CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); - sprintf(rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } } @@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void) if (!file) return NULL; - strcpy(file,X509_get_default_cert_area()); + BUF_strlcpy(file,X509_get_default_cert_area(),len + 1); #ifndef OPENSSL_SYS_VMS - strcat(file,"/"); + BUF_strlcat(file,"/",len + 1); #endif - strcat(file,OPENSSL_CONF); + BUF_strlcat(file,OPENSSL_CONF,len + 1); return file; } diff --git a/crypto/cversion.c b/crypto/cversion.c index 8ecfba7b1..beeeb1401 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -61,7 +61,9 @@ #include "cryptlib.h" #include +#ifndef NO_WINDOWS_BRAINDEATH #include "buildinf.h" +#endif const char *SSLeay_version(int t) { @@ -72,7 +74,7 @@ const char *SSLeay_version(int t) #ifdef DATE static char buf[sizeof(DATE)+11]; - sprintf(buf,"built on: %s",DATE); + BIO_snprintf(buf,sizeof buf,"built on: %s",DATE); return(buf); #else return("built on: date not available"); @@ -83,7 +85,7 @@ const char *SSLeay_version(int t) #ifdef CFLAGS static char buf[sizeof(CFLAGS)+11]; - sprintf(buf,"compiler: %s",CFLAGS); + BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); return(buf); #else return("compiler: information not available"); @@ -94,7 +96,7 @@ const char *SSLeay_version(int t) #ifdef PLATFORM static char buf[sizeof(PLATFORM)+11]; - sprintf(buf,"platform: %s", PLATFORM); + BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM); return(buf); #else return("platform: information not available"); diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c index 1b70f6880..784aa5ba2 100644 --- a/crypto/des/ecb_enc.c +++ b/crypto/des/ecb_enc.c @@ -60,6 +60,7 @@ #include "des_ver.h" #include "spr.h" #include +#include OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; @@ -97,7 +98,8 @@ const char *DES_options(void) size="int"; else size="long"; - sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); + BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, + size); init=0; } return(buf); diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 1045d1dd1..49bdd7130 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename) DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); return(0); } - strcpy(copied, filename); + BUF_strlcpy(copied, filename, strlen(filename) + 1); if(dso->filename) OPENSSL_free(dso->filename); dso->filename = copied; @@ -449,7 +449,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename) ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(result, filename); + BUF_strlcpy(result, filename, strlen(filename) + 1); } return(result); } diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index d9104d3b0..1a808bec4 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -160,15 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: return strlen(e->cmd_defns[idx].cmd_name); case ENGINE_CTRL_GET_NAME_FROM_CMD: - return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); + return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, + "%s", e->cmd_defns[idx].cmd_name); case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: if(e->cmd_defns[idx].cmd_desc) return strlen(e->cmd_defns[idx].cmd_desc); return strlen(int_no_description); case ENGINE_CTRL_GET_DESC_FROM_CMD: if(e->cmd_defns[idx].cmd_desc) - return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); - return sprintf(s, "%s", int_no_description); + return BIO_snprintf(s, + strlen(e->cmd_defns[idx].cmd_desc) + 1, + "%s", e->cmd_defns[idx].cmd_desc); + return BIO_snprintf(s, strlen(int_no_description) + 1,"%s", + int_no_description); case ENGINE_CTRL_GET_CMD_FLAGS: return e->cmd_defns[idx].cmd_flags; } diff --git a/crypto/err/err.c b/crypto/err/err.c index f2c322c1c..04cea41d0 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1075,7 +1075,7 @@ void ERR_add_error_data(int num, ...) else str=p; } - strcat(str,a); + BUF_strlcat(str,a,s+1); } } ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 0da88fdcf..91e545a14 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, if (i == -1) { char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) strcpy (obj_tmp, "NULL"); + if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 74c974e68..a08eb43a6 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -313,7 +313,7 @@ ecerr: #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - if (!a->algorithm) strcpy (obj_tmp, "NULL"); + if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 57bd08f65..e212de27e 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) struct tm *lcl = NULL; unsigned long ti; +#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) + if(m->addr == (char *)l->bio) return; @@ -604,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l) { lcl = localtime(&m->time); - sprintf(bufp, "[%02d:%02d:%02d] ", + BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour,lcl->tm_min,lcl->tm_sec); bufp += strlen(bufp); } - sprintf(bufp, "%5lu file=%s, line=%d, ", + BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", m->order,m->file,m->line); bufp += strlen(bufp); if (options & V_CRYPTO_MDEBUG_THREAD) { - sprintf(bufp, "thread=%lu, ", m->thread); + BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); bufp += strlen(bufp); } - sprintf(bufp, "number=%d, address=%08lX\n", + BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", m->num,(unsigned long)m->addr); bufp += strlen(bufp); @@ -641,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) ami_cnt++; memset(buf,'>',ami_cnt); - sprintf(buf + ami_cnt, + BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", amip->thread, amip->file, amip->line); buf_len=strlen(buf); @@ -653,10 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l) } else { - strcpy(buf + buf_len, amip->info); + BUF_strlcpy(buf + buf_len, amip->info, + sizeof buf - buf_len); buf_len = strlen(buf); } - sprintf(buf + buf_len, "\"\n"); + BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); BIO_puts(l->bio,buf); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index d463c11f5..b1108568f 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) if (i > 2) i=2; l-=(long)(i*40); - sprintf(tbuf,"%d.%lu",i,l); + BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); i=strlen(tbuf); BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; @@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) for (; idx 0) BUF_strlcpy(buf,tbuf,buf_len); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index d536b523d..e921cc4c1 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type) else str="BAD-TYPE"; - strcat(buf,"Proc-Type: 4,"); - strcat(buf,str); - strcat(buf,"\n"); + BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); + BUF_strlcat(buf,str,PEM_BUFSIZE); + BUF_strlcat(buf,"\n",PEM_BUFSIZE); } void PEM_dek_info(char *buf, const char *type, int len, char *str) @@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) long i; int j; - strcat(buf,"DEK-Info: "); - strcat(buf,type); - strcat(buf,","); + BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); + BUF_strlcat(buf,type,PEM_BUFSIZE); + BUF_strlcat(buf,",",PEM_BUFSIZE); j=strlen(buf); + if (j + (len * 2) + 1 > PEM_BUFSIZE) + return; for (i=0; i>4)&0x0f]; diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 8e1efc15a..3eb36c7e5 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -56,6 +56,7 @@ #include #include +#include /* * Query the EGD . @@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) return (-1); - strcpy(addr.sun_path,path); + BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) return (-1); diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 13e5f20dc..dbc9711a2 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc, len += sizeof(prompt3) - 1; prompt = (char *)OPENSSL_malloc(len + 1); - strcpy(prompt, prompt1); - strcat(prompt, object_desc); + BUF_strlcpy(prompt, prompt1, len + 1); + BUF_strlcat(prompt, object_desc, len + 1); if (object_name) { - strcat(prompt, prompt2); - strcat(prompt, object_name); + BUF_strlcat(prompt, prompt2, len + 1); + BUF_strlcat(prompt, object_name, len + 1); } - strcat(prompt, prompt3); + BUF_strlcat(prompt, prompt3, len + 1); } return prompt; } @@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) return -1; } - strcpy(uis->result_buf, result); + BUF_strlcpy(uis->result_buf, result, + uis->_.string_data.result_maxsize + 1); break; case UIT_BOOLEAN: { diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 448bd7e69..a9752d6a0 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -302,8 +302,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, k=0; for (;;) { - sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h, - postfix,k); + BIO_snprintf(b->data,b->max, + "%s/%08lx.%s%d",ctx->dirs[i],h, + postfix,k); k++; if (stat(b->data,&st) < 0) break; diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 4f83db8ba..5a945a70f 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -148,7 +148,7 @@ const char *X509_verify_cert_error_string(long n) return("unhandled critical extension"); default: - sprintf(buf,"error number %ld",n); + BIO_snprintf(buf,sizeof buf,"error number %ld",n); return(buf); } } diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index ad6cb08e2..c29eff8a9 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -137,13 +137,15 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; if(gen->d.ip->length == 4) - sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + BIO_snprintf(oline, sizeof oline, + "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); else if(gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { - sprintf(htmp, "%X", p[0] << 8 | p[1]); + BIO_snprintf(htmp, sizeof htmp, + "%X", p[0] << 8 | p[1]); p += 2; strcat(oline, htmp); if (i != 7) diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 4e1a1f3a4..b46ff1361 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method STACK_OF(CONF_VALUE) *ret) { ACCESS_DESCRIPTION *desc; - int i; + int i,nlen; char objtmp[80], *ntmp; CONF_VALUE *vtmp; for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { @@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method if(!ret) break; vtmp = sk_CONF_VALUE_value(ret, i); i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); - ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); + nlen = strlen(objtmp) + strlen(vtmp->name) + 5; + ntmp = OPENSSL_malloc(nlen); if(!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } - strcpy(ntmp, objtmp); - strcat(ntmp, " - "); - strcat(ntmp, vtmp->name); + BUF_strlcpy(ntmp, objtmp, nlen); + BUF_strlcat(ntmp, " - ", nlen); + BUF_strlcat(ntmp, vtmp->name, nlen); OPENSSL_free(vtmp->name); vtmp->name = ntmp; From f0c5db92f76d5be7639f78215a2190db56111602 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 14:54:48 +0000 Subject: [PATCH 540/550] Include strings.h so strcasecmp() and strncasecmp() get properly declared. --- crypto/o_str.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/o_str.c b/crypto/o_str.c index 174db3156..efe20b77a 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -56,7 +56,8 @@ * */ -#include +#include +#include "o_str.h" #include int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) From 79b42e76548f232a4736df0a3322fa7676868537 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 14:59:07 +0000 Subject: [PATCH 541/550] Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl --- apps/Makefile.ssl | 2 +- crypto/Makefile.ssl | 4 ++-- crypto/aes/Makefile.ssl | 2 +- crypto/asn1/Makefile.ssl | 2 +- crypto/bf/Makefile.ssl | 2 +- crypto/bio/Makefile.ssl | 2 +- crypto/bn/Makefile.ssl | 2 +- crypto/buffer/Makefile.ssl | 2 +- crypto/cast/Makefile.ssl | 2 +- crypto/comp/Makefile.ssl | 2 +- crypto/conf/Makefile.ssl | 2 +- crypto/des/Makefile.ssl | 2 +- crypto/dh/Makefile.ssl | 2 +- crypto/dsa/Makefile.ssl | 2 +- crypto/dso/Makefile.ssl | 2 +- crypto/ec/Makefile.ssl | 2 +- crypto/engine/Makefile.ssl | 2 +- crypto/err/Makefile.ssl | 2 +- crypto/evp/Makefile.ssl | 2 +- crypto/hmac/Makefile.ssl | 2 +- crypto/idea/Makefile.ssl | 2 +- crypto/krb5/Makefile.ssl | 2 +- crypto/lhash/Makefile.ssl | 2 +- crypto/md2/Makefile.ssl | 2 +- crypto/md4/Makefile.ssl | 2 +- crypto/md5/Makefile.ssl | 2 +- crypto/mdc2/Makefile.ssl | 2 +- crypto/objects/Makefile.ssl | 2 +- crypto/ocsp/Makefile.ssl | 2 +- crypto/pem/Makefile.ssl | 2 +- crypto/pkcs12/Makefile.ssl | 2 +- crypto/pkcs7/Makefile.ssl | 2 +- crypto/rand/Makefile.ssl | 2 +- crypto/rc2/Makefile.ssl | 2 +- crypto/rc4/Makefile.ssl | 2 +- crypto/rc5/Makefile.ssl | 2 +- crypto/ripemd/Makefile.ssl | 2 +- crypto/rsa/Makefile.ssl | 2 +- crypto/sha/Makefile.ssl | 2 +- crypto/stack/Makefile.ssl | 2 +- crypto/txt_db/Makefile.ssl | 2 +- crypto/ui/Makefile.ssl | 2 +- crypto/x509/Makefile.ssl | 2 +- crypto/x509v3/Makefile.ssl | 2 +- ssl/Makefile.ssl | 2 +- test/Makefile.ssl | 4 ++-- tools/Makefile.ssl | 2 +- 47 files changed, 49 insertions(+), 49 deletions(-) diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index dab34dc6c..45ea6e08c 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -129,7 +129,7 @@ tags: tests: links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile lint: lint -DLINT $(INCLUDES) $(SRC)>fluff diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 037e72d09..ed7d17618 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -83,11 +83,11 @@ files: done; links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @for i in $(SDIRS); do \ (cd $$i && echo "making links in crypto/$$i..." && \ $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \ diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl index 364d05bbf..f353aeb69 100644 --- a/crypto/aes/Makefile.ssl +++ b/crypto/aes/Makefile.ssl @@ -52,7 +52,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index cd4a7e133..74a90b2fa 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -77,7 +77,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl index b6124cf10..be3ad77a0 100644 --- a/crypto/bf/Makefile.ssl +++ b/crypto/bf/Makefile.ssl @@ -68,7 +68,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl index 141a03ae1..d0b9e297b 100644 --- a/crypto/bio/Makefile.ssl +++ b/crypto/bio/Makefile.ssl @@ -57,7 +57,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index d762ae7b4..450f8ad58 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -126,7 +126,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl index e8b6c9693..b131ca307 100644 --- a/crypto/buffer/Makefile.ssl +++ b/crypto/buffer/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/cast/Makefile.ssl b/crypto/cast/Makefile.ssl index d1b2bafd3..98393a37b 100644 --- a/crypto/cast/Makefile.ssl +++ b/crypto/cast/Makefile.ssl @@ -71,7 +71,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index f60c7a1af..f70ba1b28 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index 09c68e682..bbe11d303 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index ba450e018..02a62402a 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -100,7 +100,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index 41451917b..226518522 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index c09938e95..3ee5a2f28 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -49,7 +49,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/dso/Makefile.ssl b/crypto/dso/Makefile.ssl index 3d00363bb..c0449d184 100644 --- a/crypto/dso/Makefile.ssl +++ b/crypto/dso/Makefile.ssl @@ -49,7 +49,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ec/Makefile.ssl b/crypto/ec/Makefile.ssl index 16997c612..02d95396d 100644 --- a/crypto/ec/Makefile.ssl +++ b/crypto/ec/Makefile.ssl @@ -52,7 +52,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 5c1b0cf53..86f5d55c5 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -55,7 +55,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index 77a87e16f..a95f54f7f 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 3151dc8dd..0f9fd4b3d 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -67,7 +67,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) cp $(TESTDATA) ../../test diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl index f86d5678a..1bb70bd05 100644 --- a/crypto/hmac/Makefile.ssl +++ b/crypto/hmac/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/idea/Makefile.ssl b/crypto/idea/Makefile.ssl index ca4b76fc2..fa016ea39 100644 --- a/crypto/idea/Makefile.ssl +++ b/crypto/idea/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/krb5/Makefile.ssl b/crypto/krb5/Makefile.ssl index 7136d7a40..d9224c0f0 100644 --- a/crypto/krb5/Makefile.ssl +++ b/crypto/krb5/Makefile.ssl @@ -48,7 +48,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile ; + @sh $(TOP)/util/point.sh Makefile.ssl Makefile ; @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/lhash/Makefile.ssl b/crypto/lhash/Makefile.ssl index 1902e4a89..60e7ee339 100644 --- a/crypto/lhash/Makefile.ssl +++ b/crypto/lhash/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/md2/Makefile.ssl b/crypto/md2/Makefile.ssl index e5b3265a4..3206924c9 100644 --- a/crypto/md2/Makefile.ssl +++ b/crypto/md2/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/md4/Makefile.ssl b/crypto/md4/Makefile.ssl index 4d2d7369e..7d2e8d8d3 100644 --- a/crypto/md4/Makefile.ssl +++ b/crypto/md4/Makefile.ssl @@ -48,7 +48,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl index 2d4df972f..2361775a2 100644 --- a/crypto/md5/Makefile.ssl +++ b/crypto/md5/Makefile.ssl @@ -84,7 +84,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/mdc2/Makefile.ssl b/crypto/mdc2/Makefile.ssl index 387d7f8cd..33f366fb0 100644 --- a/crypto/mdc2/Makefile.ssl +++ b/crypto/mdc2/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl index 1f5d21349..3e7a194cf 100644 --- a/crypto/objects/Makefile.ssl +++ b/crypto/objects/Makefile.ssl @@ -55,7 +55,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl index 8f2681953..8d29f1728 100644 --- a/crypto/ocsp/Makefile.ssl +++ b/crypto/ocsp/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile ; + @sh $(TOP)/util/point.sh Makefile.ssl Makefile ; @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl index 56f829a21..5437a9e4a 100644 --- a/crypto/pem/Makefile.ssl +++ b/crypto/pem/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: $(EXHEADER) - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/pkcs12/Makefile.ssl b/crypto/pkcs12/Makefile.ssl index 57c2b430c..80555e11a 100644 --- a/crypto/pkcs12/Makefile.ssl +++ b/crypto/pkcs12/Makefile.ssl @@ -53,7 +53,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl index 6a7f3b99f..f4ec4e4c8 100644 --- a/crypto/pkcs7/Makefile.ssl +++ b/crypto/pkcs7/Makefile.ssl @@ -68,7 +68,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index e1fe7aa47..03d789632 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -49,7 +49,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rc2/Makefile.ssl b/crypto/rc2/Makefile.ssl index aa73dea5b..98d5960d5 100644 --- a/crypto/rc2/Makefile.ssl +++ b/crypto/rc2/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl index 59c87f166..3e602662b 100644 --- a/crypto/rc4/Makefile.ssl +++ b/crypto/rc4/Makefile.ssl @@ -71,7 +71,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl index 915916b7f..70d01f376 100644 --- a/crypto/rc5/Makefile.ssl +++ b/crypto/rc5/Makefile.ssl @@ -68,7 +68,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl index 19f0c1c80..f22ac790a 100644 --- a/crypto/ripemd/Makefile.ssl +++ b/crypto/ripemd/Makefile.ssl @@ -66,7 +66,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index da7c98cec..e8567f3cd 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -51,7 +51,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl index 9cfef67e3..4ba201c78 100644 --- a/crypto/sha/Makefile.ssl +++ b/crypto/sha/Makefile.ssl @@ -66,7 +66,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/stack/Makefile.ssl b/crypto/stack/Makefile.ssl index 5e32ad90e..af53511e0 100644 --- a/crypto/stack/Makefile.ssl +++ b/crypto/stack/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/txt_db/Makefile.ssl b/crypto/txt_db/Makefile.ssl index 313f75313..6221dfae4 100644 --- a/crypto/txt_db/Makefile.ssl +++ b/crypto/txt_db/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ui/Makefile.ssl b/crypto/ui/Makefile.ssl index 90ae7d4a4..ba46951d1 100644 --- a/crypto/ui/Makefile.ssl +++ b/crypto/ui/Makefile.ssl @@ -51,7 +51,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl index 42261970f..9491f8ee9 100644 --- a/crypto/x509/Makefile.ssl +++ b/crypto/x509/Makefile.ssl @@ -57,7 +57,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index be8a6ca72..e29f366cb 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -53,7 +53,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index 39b958f55..fad68f3af 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -71,7 +71,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) diff --git a/test/Makefile.ssl b/test/Makefile.ssl index b2cb08b47..64fc8d779 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -109,11 +109,11 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @@$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile generate: $(SRC) $(SRC): - @$(TOP)/util/point.sh dummytest.c $@ + @sh $(TOP)/util/point.sh dummytest.c $@ errors: diff --git a/tools/Makefile.ssl b/tools/Makefile.ssl index bf0cd29c7..cb33d4a41 100644 --- a/tools/Makefile.ssl +++ b/tools/Makefile.ssl @@ -42,7 +42,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile lint: From 7cf803230ba4b2531e5ec55dcad80c1dac011628 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 15:02:56 +0000 Subject: [PATCH 542/550] OpenBSD-internal changes. This is part of a large change submitted by Markus Friedl --- crypto/engine/eng_cryptodev.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index f8a4a292b..65f20726b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -12,9 +12,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED @@ -875,7 +872,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } - printf("bar\n"); memset(&kop, 0, sizeof kop); kop.crk_op = CRK_DSA_SIGN; From 112341031bb60c4e75c105bc879493e42a9f406a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 15:04:54 +0000 Subject: [PATCH 543/550] Correct documentation typos. This is part of a large change submitted by Markus Friedl --- crypto/evp/bio_ok.c | 2 +- doc/crypto/OpenSSL_add_all_algorithms.pod | 2 +- doc/crypto/RSA_print.pod | 2 +- doc/ssleay.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 530ab937c..4e3f10141 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -102,7 +102,7 @@ *) digest is initialized with random seed instead of standardized one. - *) same seed is written to ouput + *) same seed is written to output *) well-known text is then hashed and the output of the digest is also written to output. diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod index 486c90343..e63411b5b 100644 --- a/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -36,7 +36,7 @@ None of the functions return a value. =head1 NOTES -A typical application will will call OpenSSL_add_all_algorithms() initially and +A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting. An application does not need to add algorithms to use them explicitly, for example diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod index e28d107d1..c971e91f4 100644 --- a/doc/crypto/RSA_print.pod +++ b/doc/crypto/RSA_print.pod @@ -44,6 +44,6 @@ L, L, L, L RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), DH_print_fp() are available in all versions of SSLeay and OpenSSL. -DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8. +DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8. =cut diff --git a/doc/ssleay.txt b/doc/ssleay.txt index c6049d5e5..d44d2f04a 100644 --- a/doc/ssleay.txt +++ b/doc/ssleay.txt @@ -6245,7 +6245,7 @@ SSL_get_app_data void SSL_CTX_set_default_verify /* This callback, if set, totaly overrides the normal SSLeay verification - * functions and should return 1 on sucesss and 0 on failure */ + * functions and should return 1 on success and 0 on failure */ void SSL_CTX_set_cert_verify_callback /* The following are the same as the equivilent SSL_xxx functions. From de02ec27673108e4b1e92883171ee8c3092a6e54 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 16:02:22 +0000 Subject: [PATCH 544/550] Check if a random "file" is really a device file, and treat it specially if it is. Add a few OpenBSD-specific cases. This is part of a large change submitted by Markus Friedl --- crypto/rand/rand_unix.c | 19 ++++++++++++ crypto/rand/randfile.c | 67 ++++++++++++++++++++++++++++++++++------- 2 files changed, 75 insertions(+), 11 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 8b4c48331..ef8020121 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -125,6 +125,24 @@ #include #include +#ifdef __OpenBSD__ +int RAND_poll(void) +{ + u_int32_t rnd = 0, i; + unsigned char buf[ENTROPY_NEEDED]; + + for (i = 0; i < sizeof(buf); i++) { + if (i % 4 == 0) + rnd = arc4random(); + buf[i] = rnd; + rnd >>= 8; + } + RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); + memset(buf, 0, sizeof(buf)); + + return 1; +} +#else int RAND_poll(void) { unsigned long l; @@ -236,6 +254,7 @@ int RAND_poll(void) #endif } +#endif #endif #if defined(OPENSSL_SYS_VXWORKS) diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 41574768a..f1f250c5b 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +/* We need to define this to get macros like S_IFBLK and S_IFCHR */ +#define _XOPEN_SOURCE 1 + #include #include #include @@ -64,6 +67,7 @@ #include "e_os.h" #include #include +#include #ifdef OPENSSL_SYS_VMS #include @@ -106,6 +110,14 @@ int RAND_load_file(const char *file, long bytes) in=fopen(file,"rb"); if (in == NULL) goto err; + if (sb.st_mode & (S_IFBLK | S_IFCHR)) { + /* this file is a device. we don't want read an infinite number + * of bytes from a random device, nor do we want to use buffered + * I/O because we will waste system entropy. + */ + bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ + setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ + } for (;;) { if (bytes > 0) @@ -135,7 +147,20 @@ int RAND_write_file(const char *file) int i,ret=0,rand_err=0; FILE *out = NULL; int n; + struct stat sb; + i=stat(file,&sb); + if (i != -1) { + if (sb.st_mode & (S_IFBLK | S_IFCHR)) { + /* this file is a device. we don't write back to it. + * we "succeed" on the assumption this is some sort + * of random device. Otherwise attempting to write to + * and chmod the device causes problems. + */ + return(1); + } + } + #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) /* For some reason Win32 can't write to files created this way */ @@ -197,16 +222,17 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - char *ret=NULL; + int ok = 0; +#ifdef __OpenBSD__ + struct stat sb; +#endif if (OPENSSL_issetugid() == 0) s=getenv("RANDFILE"); - if (s != NULL) + if (s != NULL && *s && strlen(s) + 1 < size) { - if(strlen(s) >= size) + if (BUF_strlcpy(buf,s,size) >= size) return NULL; - strcpy(buf,s); - ret=buf; } else { @@ -218,17 +244,36 @@ const char *RAND_file_name(char *buf, size_t size) s = DEFAULT_HOME; } #endif - if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size)) + if (s && *s && strlen(s)+strlen(RFILE)+2 < size) { - strcpy(buf,s); + BUF_strlcpy(buf,s,size); #ifndef OPENSSL_SYS_VMS - strcat(buf,"/"); + BUF_strlcat(buf,"/",size); #endif - strcat(buf,RFILE); - ret=buf; + BUF_strlcat(buf,RFILE,size); + ok = 1; } else buf[0] = '\0'; /* no file name */ } - return(ret); + +#ifdef __OpenBSD__ + /* given that all random loads just fail if the file can't be + * seen on a stat, we stat the file we're returning, if it + * fails, use /dev/arandom instead. this allows the user to + * use their own source for good random data, but defaults + * to something hopefully decent if that isn't available. + */ + + if (!ok) + if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { + return(NULL); + } + if (stat(buf,&sb) == -1) + if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { + return(NULL); + } + +#endif + return(buf); } From f28e8bd300b32710c829316b4f620960154cf3e2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 16:07:20 +0000 Subject: [PATCH 545/550] Only use environment variables if uid and gid are the same as euid and egid. This is part of a large change submitted by Markus Friedl --- crypto/threads/mttest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index d0e088218..f6f3df4b6 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -267,7 +267,8 @@ bad: goto end; } - if (cipher == NULL) cipher=getenv("SSL_CIPHER"); + if (cipher == NULL && OPENSSL_issetugid() == 0) + cipher=getenv("SSL_CIPHER"); SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); From 5fdf06666c863cd62d53173d1d2011cdec71200c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 16:10:30 +0000 Subject: [PATCH 546/550] Avoid including cryptlib.h, it's not really needed. Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl --- ssl/s2_clnt.c | 1 - ssl/s2_enc.c | 1 - ssl/s2_lib.c | 3 ++- ssl/s2_pkt.c | 1 - ssl/s2_srvr.c | 1 - ssl/s3_clnt.c | 1 - ssl/s3_lib.c | 2 ++ ssl/s3_srvr.c | 3 ++- ssl/ssl_asn1.c | 1 - ssl/ssl_ciph.c | 6 ++++++ ssl/ssl_lib.c | 1 - ssl/ssl_sess.c | 1 - ssl/ssltest.c | 3 ++- 13 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 62e83afb3..da8846025 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -116,7 +116,6 @@ #include #include #include -#include "cryptlib.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 12e17bf66..18882bf70 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -59,7 +59,6 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 #include -#include "cryptlib.h" int ssl2_enc_init(SSL *s, int client) { diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index a0edfb896..4a86ac2dd 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -63,7 +63,6 @@ #include #include #include -#include "cryptlib.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -139,6 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* IDEA_128_CBC_WITH_MD5 */ +#ifndef OPENSSL_NO_IDEA { 1, SSL2_TXT_IDEA_128_CBC_WITH_MD5, @@ -151,6 +151,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* DES_64_CBC_WITH_MD5 */ { 1, diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index d82f13761..a10929a75 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -113,7 +113,6 @@ #ifndef OPENSSL_NO_SSL2 #include #include -#include "cryptlib.h" #define USE_SOCKETS static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 62859a2d9..5da2a54af 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -116,7 +116,6 @@ #include #include #include -#include "cryptlib.h" static SSL_METHOD *ssl2_get_server_method(int ver); static int get_client_master_key(SSL *s); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 96631db23..cd70bb1fb 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -130,7 +130,6 @@ #include #include #include -#include "cryptlib.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6c208ccfc..1ff9e3093 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -284,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 07 */ +#ifndef OPENSSL_NO_IDEA { 1, SSL3_TXT_RSA_IDEA_128_SHA, @@ -296,6 +297,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* Cipher 08 */ { 1, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index abb03ca58..c426cd444 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -133,9 +133,10 @@ #include #include #include +#ifndef OPENSSL_NO_KRB5 #include +#endif #include -#include "cryptlib.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index f5d3c135b..9edc447b2 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -62,7 +62,6 @@ #include #include #include -#include "cryptlib.h" typedef struct ssl_session_asn1_st { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4d0a64661..c31927706 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -135,7 +135,9 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, +#ifndef OPENSSL_NO_IDEA {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, +#endif {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, @@ -176,8 +178,12 @@ static void load_ciphers(void) EVP_get_cipherbyname(SN_rc4); ssl_cipher_methods[SSL_ENC_RC2_IDX]= EVP_get_cipherbyname(SN_rc2_cbc); +#ifndef OPENSSL_NO_IDEA ssl_cipher_methods[SSL_ENC_IDEA_IDX]= EVP_get_cipherbyname(SN_idea_cbc); +#else + ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; +#endif ssl_cipher_methods[SSL_ENC_AES128_IDX]= EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bf7d7ba56..b7b2e4086 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,7 +125,6 @@ #include #include #include -#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 5cf79d274..85581d43c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -60,7 +60,6 @@ #include #include #include "ssl_locl.h" -#include "cryptlib.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 68eb65457..63641df6c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -124,6 +124,7 @@ #include #include #include +#include #define USE_SOCKETS #include "e_os.h" @@ -1593,7 +1594,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) fprintf(stderr, "In app_verify_callback, allowing cert. "); fprintf(stderr, "Arg is: %s\n", (char *)arg); fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n", - (unsigned int)ctx, (unsigned int)ctx->cert); + (uintptr_t)ctx, (uintptr_t)ctx->cert); if (ctx->cert) s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); if (s != NULL) From 075521725d4fcca638ba0720fbf76af7b154145f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 27 Dec 2003 16:13:18 +0000 Subject: [PATCH 547/550] Fix Perl problems on sparc64. This is part of a large change submitted by Markus Friedl --- crypto/objects/obj_dat.pl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl index 5dfb84ea0..d0371661f 100644 --- a/crypto/objects/obj_dat.pl +++ b/crypto/objects/obj_dat.pl @@ -1,5 +1,9 @@ #!/usr/local/bin/perl +# fixes bug in floating point emulation on sparc64 when +# this script produces off-by-one output on sparc64 +use integer; + sub obj_cmp { local(@a,@b,$_,$r); From 344e86645d99f8e912567a8e76ce88e9e897e58c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 4 Jan 2004 17:53:21 +0000 Subject: [PATCH 548/550] unintptr_t and are not strictly portable with respect to ANSI C 89. Undo change to maintain compatibility. --- ssl/ssltest.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 63641df6c..68eb65457 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -124,7 +124,6 @@ #include #include #include -#include #define USE_SOCKETS #include "e_os.h" @@ -1594,7 +1593,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) fprintf(stderr, "In app_verify_callback, allowing cert. "); fprintf(stderr, "Arg is: %s\n", (char *)arg); fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n", - (uintptr_t)ctx, (uintptr_t)ctx->cert); + (unsigned int)ctx, (unsigned int)ctx->cert); if (ctx->cert) s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); if (s != NULL) From c0017a5a65c573dad22d4d0612846a3086e246c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 4 Jan 2004 18:05:50 +0000 Subject: [PATCH 549/550] Update URI Submitted by: Gertjan van Oosten PR: #804 --- crypto/rand/rand_win.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 263068d25..358484222 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -646,7 +646,7 @@ static void readtimer(void) * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. * * Code adapted from - * ; + * ; * the original copyright message is: * * (C) Copyright Microsoft Corp. 1993. All rights reserved. From a32fc687dedf6d4368dc0fc18320654191c16bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 4 Jan 2004 18:59:14 +0000 Subject: [PATCH 550/550] Add s_time manual page Submitted by: "Martin Witzel" PR: #570 --- doc/apps/openssl.pod | 3 +- doc/apps/s_client.pod | 6 +- doc/apps/s_time.pod | 167 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 172 insertions(+), 4 deletions(-) create mode 100644 doc/apps/s_time.pod diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index 07dd80eab..dc0f49ddc 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -329,7 +329,8 @@ L, L, L, L, L, L, L, L, L, -L, L, L, +L, L, +L, L, L, L, L, L, L diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index d061326c1..8d1907997 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -8,7 +8,7 @@ s_client - SSL/TLS client program =head1 SYNOPSIS B B -[B<-connect> host:port>] +[B<-connect host:port>] [B<-verify depth>] [B<-cert filename>] [B<-key filename>] @@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page. If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, -B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried +B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. @@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it -is necessary to use the B<-prexit> command and send an HTTP request +is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod new file mode 100644 index 000000000..a7e3c3e5b --- /dev/null +++ b/doc/apps/s_time.pod @@ -0,0 +1,167 @@ + +=pod + +=head1 NAME + +s_time - SSL/TLS performance timing program + +=head1 SYNOPSIS + +B B +[B<-connect host:port>] +[B<-www page>] +[B<-cert filename>] +[B<-key filename>] +[B<-CApath directory>] +[B<-CAfile filename>] +[B<-reuse>] +[B<-new>] +[B<-verify depth>] +[B<-nbio>] +[B<-time seconds>] +[B<-ssl2>] +[B<-ssl3>] +[B<-bugs>] +[B<-cipher cipherlist>] + +=head1 DESCRIPTION + +The B command implements a generic SSL/TLS client which connects to a +remote host using SSL/TLS. It can request a page from the server and includes +the time to transfer the payload data in its timing measurements. It measures +the number of connections within a given timeframe, the amount of data +transferred (if any), and calculates the average time spent for one connection. + +=head1 OPTIONS + +=over 4 + +=item B<-connect host:port> + +This specifies the host and optional port to connect to. + +=item B<-www page> + +This specifies the page to GET from the server. A value of '/' gets the +index.htm[l] page. If this parameter is not specified, then B will only +perform the handshake to establish SSL connections but not transfer any +payload data. + +=item B<-cert certname> + +The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in PEM format. + +=item B<-key keyfile> + +The private key to use. If not specified then the certificate file will +be used. The file is in PEM format. + +=item B<-verify depth> + +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. + +=item B<-CApath directory> + +The directory to use for server certificate verification. This directory +must be in "hash format", see B for more information. These are +also used when building the client certificate chain. + +=item B<-CAfile file> + +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. + +=item B<-new> + +performs the timing test using a new session ID for each connection. +If neither B<-new> nor B<-reuse> are specified, they are both on by default +and executed in sequence. + +=item B<-reuse> + +performs the timing test using the same session ID; this can be used as a test +that session caching is working. If neither B<-new> nor B<-reuse> are +specified, they are both on by default and executed in sequence. + +=item B<-nbio> + +turns on non-blocking I/O. + +=item B<-ssl2>, B<-ssl3> + +these options disable the use of certain SSL or TLS protocols. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. +The timing program is not as rich in options to turn protocols on and off as +the L program and may not connect to all servers. + +Unfortunately there are a lot of ancient and broken servers in use which +cannot handle this technique and will fail to connect. Some servers only +work if TLS is turned off with the B<-ssl3> option; others +will only support SSL v2 and may need the B<-ssl2> option. + +=item B<-bugs> + +there are several known bug in SSL and TLS implementations. Adding this +option enables various workarounds. + +=item B<-cipher cipherlist> + +this allows the cipher list sent by the client to be modified. Although +the server determines which cipher suite is used it should take the first +supported cipher in the list sent by the client. +See the L command for more information. + +=back + +=head1 NOTES + +B can be used to measure the performance of an SSL connection. +To connect to an SSL HTTP server and get the default page the command + + openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3] + +would typically be used (https uses port 443). 'commoncipher' is a cipher to +which both client and server can agree, see the L command +for details. + +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, +B<-ssl3> options can be tried +in case it is a buggy server. In particular you should play with these +options B submitting a bug report to an OpenSSL mailing list. + +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using L the CA list can be +viewed and checked. However some servers only request client authentication +after a specific URL is requested. To obtain the list in this case it +is necessary to use the B<-prexit> option of L and +send an HTTP request for an appropriate page. + +If a certificate is specified on the command line using the B<-cert> +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. + +=head1 BUGS + +Because this program does not have all the options of the +L program to turn protocols on and off, you may not be +able to measure the performance of all protocols with all servers. + +The B<-verify> option should really exit if the server verification +fails. + +=head1 SEE ALSO + +L, L, L + +=cut