generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:OpenSSL-engine-0_9_6a
Branches Tags
generic-library:main generic-library:OpenSSL_1_0_1-stable generic-library:OpenSSL_1_0_2-stable generic-library:OpenSSL-fips-2_0-stable generic-library:OpenSSL_1_0_0-stable generic-library:OpenSSL_0_9_8-stable generic-library:OpenSSL-fips-2_0-dev generic-library:OpenSSL-fips-1_2-stable generic-library:OpenSSL-fips-0_9_8-stable generic-library:OpenSSL_0_9_7-stable generic-library:OpenSSL_0_9_8fg-stable generic-library:OpenSSL-fips2-0_9_7-stable generic-library:OpenSSL_0_9_6-stable generic-library:OpenSSL-engine-0_9_6-stable generic-library:OpenSSL-fips-0_9_7-stable generic-library:SSLeay
generic-library:OpenSSL_1_1_0-pre5 generic-library:OpenSSL_1_1_0-pre4 generic-library:OpenSSL_1_0_1s generic-library:OpenSSL_1_0_2g generic-library:OpenSSL_1_1_0-pre3 generic-library:OpenSSL-fips-2_0_12 generic-library:OpenSSL-fips-2_0_11 generic-library:OpenSSL-fips-2_0_10 generic-library:OpenSSL_1_0_1r generic-library:OpenSSL_1_0_2f generic-library:OpenSSL_1_1_0-pre2 generic-library:OpenSSL_1_1_0-pre1 generic-library:OpenSSL_0_9_8zh generic-library:OpenSSL_1_0_0t generic-library:OpenSSL_1_0_1q generic-library:OpenSSL_1_0_2e generic-library:OpenSSL_1_0_1p generic-library:OpenSSL_1_0_2d generic-library:OpenSSL_1_0_1o generic-library:OpenSSL_1_0_2c generic-library:OpenSSL_0_9_8zg generic-library:OpenSSL_1_0_0s generic-library:OpenSSL_1_0_1n generic-library:OpenSSL_1_0_2b generic-library:OpenSSL-fips-2_0_9 generic-library:OpenSSL_0_9_8zf generic-library:OpenSSL_1_0_0r generic-library:OpenSSL_1_0_1m generic-library:OpenSSL_1_0_2a generic-library:OpenSSL_0_9_8-pre-reformat generic-library:OpenSSL_0_9_8-pre-auto-reformat generic-library:OpenSSL_0_9_8-post-auto-reformat generic-library:OpenSSL_0_9_8-post-reformat generic-library:OpenSSL_1_0_0-pre-reformat generic-library:OpenSSL_1_0_0-pre-auto-reformat generic-library:OpenSSL_1_0_0-post-auto-reformat generic-library:OpenSSL_1_0_0-post-reformat generic-library:OpenSSL_1_0_1-pre-reformat generic-library:OpenSSL_1_0_1-pre-auto-reformat generic-library:OpenSSL_1_0_1-post-auto-reformat generic-library:OpenSSL_1_0_1-post-reformat generic-library:OpenSSL_1_0_2-pre-reformat generic-library:OpenSSL_1_0_2-pre-auto-reformat generic-library:OpenSSL_1_0_2-post-auto-reformat generic-library:OpenSSL_1_0_2-post-reformat generic-library:master-pre-reformat generic-library:master-pre-auto-reformat generic-library:master-post-auto-reformat generic-library:master-post-reformat generic-library:OpenSSL_1_0_2 generic-library:OpenSSL_0_9_8ze generic-library:OpenSSL_1_0_0q generic-library:OpenSSL_1_0_1l generic-library:OpenSSL_0_9_8zd generic-library:OpenSSL_1_0_0p generic-library:OpenSSL_1_0_1k generic-library:OpenSSL-fips-2_0_8 generic-library:OpenSSL_1_0_1j generic-library:OpenSSL_1_0_0o generic-library:OpenSSL_0_9_8zc generic-library:OpenSSL_1_0_2-beta3 generic-library:OpenSSL_0_9_8zb generic-library:OpenSSL_1_0_0n generic-library:OpenSSL_1_0_1i generic-library:OpenSSL_1_0_2-beta2 generic-library:OpenSSL-fips-2_0_7 generic-library:OpenSSL_1_0_1h generic-library:OpenSSL_1_0_0m generic-library:OpenSSL_0_9_8za generic-library:OpenSSL-fips-2_0_6 generic-library:OpenSSL_1_0_1g generic-library:OpenSSL_1_0_2-beta1 generic-library:OpenSSL_1_0_0l generic-library:OpenSSL_1_0_1f generic-library:OpenSSL-fips-2_0_4 generic-library:OpenSSL-fips-2_0_5 generic-library:OpenSSL-fips-2_0_3 generic-library:OpenSSL-fips-2_0_2 generic-library:OpenSSL_1_0_1e generic-library:OpenSSL_1_0_0k generic-library:OpenSSL_1_0_1d generic-library:OpenSSL_0_9_8y generic-library:OpenSSL-fips-2_0-pl1 generic-library:OpenSSL-fips-2_0_1 generic-library:OpenSSL_1_0_1c generic-library:OpenSSL_1_0_0j generic-library:OpenSSL_0_9_8x generic-library:OpenSSL_1_0_1b generic-library:OpenSSL_0_9_8w generic-library:OpenSSL_1_0_1a generic-library:OpenSSL_0_9_8v generic-library:OpenSSL_1_0_0i generic-library:OpenSSL_1_0_1 generic-library:OpenSSL_1_0_0h generic-library:OpenSSL_0_9_8u generic-library:OpenSSL_1_0_1-beta3 generic-library:OpenSSL_1_0_1-beta2 generic-library:OpenSSL-fips-2_0-rc9 generic-library:OpenSSL-fips-2_0 generic-library:OpenSSL_1_0_0g generic-library:OpenSSL_0_9_8t generic-library:OpenSSL_0_9_8s generic-library:OpenSSL_1_0_0f generic-library:OpenSSL-fips-2_0-rc8 generic-library:OpenSSL_1_0_1-beta1 generic-library:OpenSSL-fips-2_0-rc7 generic-library:OpenSSL-fips-2_0-rc6 generic-library:OpenSSL-fips-2_0-rc5 generic-library:OpenSSL-fips-2_0-rc4 generic-library:OpenSSL-fips-2_0-rc3 generic-library:OpenSSL-fips-2_0-rc2 generic-library:OpenSSL-fips-2_0-rc1 generic-library:OpenSSL-fips-1_2_3 generic-library:OpenSSL-fips-1_2_2 generic-library:OpenSSL-fips-1_2_1 generic-library:OpenSSL_1_0_0e generic-library:OpenSSL_1_0_0d generic-library:OpenSSL_0_9_8r generic-library:OpenSSL_0_9_8q generic-library:OpenSSL_1_0_0c generic-library:OpenSSL_0_9_8p generic-library:OpenSSL_1_0_0b generic-library:OpenSSL_0_9_8o generic-library:OpenSSL_1_0_0a generic-library:OpenSSL_1_0_0 generic-library:OpenSSL_0_9_8n generic-library:OpenSSL_0_9_8m generic-library:OpenSSL_0_9_8m-beta1 generic-library:OpenSSL_1_0_0-beta5 generic-library:OpenSSL_1_0_0-beta4 generic-library:OpenSSL_0_9_8l generic-library:OpenSSL_1_0_0-beta3 generic-library:OpenSSL_1_0_0-beta2 generic-library:OpenSSL_1_0_0-beta1 generic-library:OpenSSL_0_9_8k generic-library:OpenSSL_0_9_8j generic-library:OpenSSL_0_9_8i generic-library:OpenSSL_0_9_8h generic-library:OpenSSL_0_9_8g generic-library:OpenSSL_0_9_8f generic-library:OpenSSL-fips-1_2_0 generic-library:FIPS_098_TEST_8 generic-library:FIPS_098_TEST_7 generic-library:FIPS_098_TEST_6 generic-library:FIPS_098_TEST_5 generic-library:FIPS_098_TEST_4 generic-library:FIPS_098_TEST_3 generic-library:FIPS_098_TEST_2 generic-library:FIPS_098_TEST_1 generic-library:OpenSSL_0_9_7m generic-library:OpenSSL_0_9_8e generic-library:OpenSSL_0_9_7l generic-library:OpenSSL_0_9_8d generic-library:OpenSSL_0_9_8c generic-library:OpenSSL_0_9_7k generic-library:OpenSSL_0_9_7j generic-library:OpenSSL_0_9_8b generic-library:OpenSSL_FIPS_1_0 generic-library:OpenSSL_0_9_7i generic-library:OpenSSL_0_9_8a generic-library:OpenSSL_0_9_7h generic-library:OpenSSL_0_9_8 generic-library:FIPS_TEST_10 generic-library:OpenSSL_0_9_8-beta6 generic-library:OpenSSL_0_9_8-beta5 generic-library:FIPS_TEST_9 generic-library:OpenSSL_0_9_8-beta4 generic-library:OpenSSL_0_9_8-beta3 generic-library:BEN_FIPS_TEST_8 generic-library:OpenSSL_0_9_8-beta2 generic-library:OpenSSL_0_9_8-beta1 generic-library:OpenSSL_0_9_7g generic-library:OpenSSL_0_9_7f generic-library:BEN_FIPS_TEST_7 generic-library:BEN_FIPS_TEST_6 generic-library:OpenSSL_0_9_7e generic-library:OpenSSL_0_9_7d generic-library:OpenSSL-engine-0_9_6m generic-library:OpenSSL_0_9_6m generic-library:LEVITTE_after_const generic-library:LEVITTE_before_const generic-library:BEN_FIPS_TEST_5 generic-library:BEN_FIPS_TEST_4 generic-library:OpenSSL-engine-0_9_6l generic-library:OpenSSL_0_9_6l generic-library:BEN_FIPS_TEST_3 generic-library:BEN_FIPS_TEST_2 generic-library:BEN_FIPS_TEST_1 generic-library:OpenSSL-engine-0_9_6k generic-library:OpenSSL_0_9_6k generic-library:OpenSSL_0_9_7c generic-library:OpenSSL-engine-0_9_6j generic-library:OpenSSL_0_9_7b generic-library:OpenSSL_0_9_6j generic-library:OpenSSL-engine-0_9_6i generic-library:OpenSSL_0_9_6i generic-library:OpenSSL_0_9_7a generic-library:OpenSSL_0_9_7 generic-library:OpenSSL_0_9_7-beta6 generic-library:STATE_after_zlib generic-library:STATE_before_zlib generic-library:OpenSSL_0_9_7-beta5 generic-library:OpenSSL-engine-0_9_6h generic-library:OpenSSL_0_9_6h generic-library:OpenSSL_0_9_7-beta4 generic-library:OpenSSL-engine-0_9_6g generic-library:OpenSSL_0_9_6g generic-library:OpenSSL-engine-0_9_6f generic-library:OpenSSL_0_9_6f generic-library:OpenSSL_0_9_7-beta3 generic-library:OpenSSL-engine-0_9_6e generic-library:OpenSSL_0_9_6e generic-library:OpenSSL_0_9_7-beta2 generic-library:OpenSSL_0_9_7-beta1 generic-library:AFTER_COMPAQ_PATCH generic-library:BEFORE_COMPAQ_PATCH generic-library:OpenSSL-engine-0_9_6d generic-library:OpenSSL_0_9_6d generic-library:OpenSSL-engine-0_9_6d-beta1 generic-library:OpenSSL_0_9_6d-beta1 generic-library:OpenSSL-engine-0_9_6c generic-library:OpenSSL_0_9_6c generic-library:OpenSSL-engine-0_9_6b generic-library:OpenSSL_0_9_6b generic-library:OpenSSL_0_9_6a generic-library:OpenSSL-engine-0_9_6a generic-library:OpenSSL-engine-0_9_6a-beta3 generic-library:OpenSSL_0_9_6a-beta3 generic-library:OpenSSL-engine-0_9_6a-beta2 generic-library:OpenSSL_0_9_6a-beta2 generic-library:OpenSSL-engine-0_9_6a-beta1 generic-library:OpenSSL_0_9_6a-beta1 generic-library:rsaref generic-library:BEFORE_engine generic-library:OpenSSL_0_9_6-beta2 generic-library:OpenSSL_0_9_6-beta1 generic-library:OpenSSL_0_9_6 generic-library:OpenSSL-engine-0_9_6 generic-library:OpenSSL-engine-0_9_6-beta3 generic-library:OpenSSL_0_9_6-beta3 generic-library:OpenSSL-engine-0_9_6-beta2 generic-library:OpenSSL-engine-0_9_6-beta1 generic-library:OpenSSL_0_9_5 generic-library:OpenSSL_0_9_5a generic-library:OpenSSL_0_9_5a-beta2 generic-library:OpenSSL_0_9_5a-beta1 generic-library:OpenSSL_0_9_5beta2 generic-library:OpenSSL_0_9_5beta1 generic-library:OpenSSL_0_9_4 generic-library:OpenSSL_0_9_3a generic-library:OpenSSL_0_9_3 generic-library:OpenSSL_0_9_3beta2 generic-library:OpenSSL_0_9_3beta1 generic-library:OpenSSL_0_9_2b generic-library:OpenSSL_0_9_1c generic-library:SSLeay_0_9_1b generic-library:SSLeay_0_9_0b generic-library:SSLeay_0_8_1b
..
compare: generic-library:OpenSSL_0_9_6b
Branches Tags
generic-library:OpenSSL_1_0_1-stable generic-library:main generic-library:OpenSSL_1_0_2-stable generic-library:OpenSSL-fips-2_0-stable generic-library:OpenSSL_1_0_0-stable generic-library:OpenSSL_0_9_8-stable generic-library:OpenSSL-fips-2_0-dev generic-library:OpenSSL-fips-1_2-stable generic-library:OpenSSL-fips-0_9_8-stable generic-library:OpenSSL_0_9_7-stable generic-library:OpenSSL_0_9_8fg-stable generic-library:OpenSSL-fips2-0_9_7-stable generic-library:OpenSSL_0_9_6-stable generic-library:OpenSSL-engine-0_9_6-stable generic-library:OpenSSL-fips-0_9_7-stable generic-library:SSLeay
generic-library:OpenSSL_1_1_0-pre5 generic-library:OpenSSL_1_1_0-pre4 generic-library:OpenSSL_1_0_1s generic-library:OpenSSL_1_0_2g generic-library:OpenSSL_1_1_0-pre3 generic-library:OpenSSL-fips-2_0_12 generic-library:OpenSSL-fips-2_0_11 generic-library:OpenSSL-fips-2_0_10 generic-library:OpenSSL_1_0_1r generic-library:OpenSSL_1_0_2f generic-library:OpenSSL_1_1_0-pre2 generic-library:OpenSSL_1_1_0-pre1 generic-library:OpenSSL_0_9_8zh generic-library:OpenSSL_1_0_0t generic-library:OpenSSL_1_0_1q generic-library:OpenSSL_1_0_2e generic-library:OpenSSL_1_0_1p generic-library:OpenSSL_1_0_2d generic-library:OpenSSL_1_0_1o generic-library:OpenSSL_1_0_2c generic-library:OpenSSL_0_9_8zg generic-library:OpenSSL_1_0_0s generic-library:OpenSSL_1_0_1n generic-library:OpenSSL_1_0_2b generic-library:OpenSSL-fips-2_0_9 generic-library:OpenSSL_0_9_8zf generic-library:OpenSSL_1_0_0r generic-library:OpenSSL_1_0_1m generic-library:OpenSSL_1_0_2a generic-library:OpenSSL_0_9_8-pre-reformat generic-library:OpenSSL_0_9_8-pre-auto-reformat generic-library:OpenSSL_0_9_8-post-auto-reformat generic-library:OpenSSL_0_9_8-post-reformat generic-library:OpenSSL_1_0_0-pre-reformat generic-library:OpenSSL_1_0_0-pre-auto-reformat generic-library:OpenSSL_1_0_0-post-auto-reformat generic-library:OpenSSL_1_0_0-post-reformat generic-library:OpenSSL_1_0_1-pre-reformat generic-library:OpenSSL_1_0_1-pre-auto-reformat generic-library:OpenSSL_1_0_1-post-auto-reformat generic-library:OpenSSL_1_0_1-post-reformat generic-library:OpenSSL_1_0_2-pre-reformat generic-library:OpenSSL_1_0_2-pre-auto-reformat generic-library:OpenSSL_1_0_2-post-auto-reformat generic-library:OpenSSL_1_0_2-post-reformat generic-library:master-pre-reformat generic-library:master-pre-auto-reformat generic-library:master-post-auto-reformat generic-library:master-post-reformat generic-library:OpenSSL_1_0_2 generic-library:OpenSSL_0_9_8ze generic-library:OpenSSL_1_0_0q generic-library:OpenSSL_1_0_1l generic-library:OpenSSL_0_9_8zd generic-library:OpenSSL_1_0_0p generic-library:OpenSSL_1_0_1k generic-library:OpenSSL-fips-2_0_8 generic-library:OpenSSL_1_0_1j generic-library:OpenSSL_1_0_0o generic-library:OpenSSL_0_9_8zc generic-library:OpenSSL_1_0_2-beta3 generic-library:OpenSSL_0_9_8zb generic-library:OpenSSL_1_0_0n generic-library:OpenSSL_1_0_1i generic-library:OpenSSL_1_0_2-beta2 generic-library:OpenSSL-fips-2_0_7 generic-library:OpenSSL_1_0_1h generic-library:OpenSSL_1_0_0m generic-library:OpenSSL_0_9_8za generic-library:OpenSSL-fips-2_0_6 generic-library:OpenSSL_1_0_1g generic-library:OpenSSL_1_0_2-beta1 generic-library:OpenSSL_1_0_0l generic-library:OpenSSL_1_0_1f generic-library:OpenSSL-fips-2_0_4 generic-library:OpenSSL-fips-2_0_5 generic-library:OpenSSL-fips-2_0_3 generic-library:OpenSSL-fips-2_0_2 generic-library:OpenSSL_1_0_1e generic-library:OpenSSL_1_0_0k generic-library:OpenSSL_1_0_1d generic-library:OpenSSL_0_9_8y generic-library:OpenSSL-fips-2_0-pl1 generic-library:OpenSSL-fips-2_0_1 generic-library:OpenSSL_1_0_1c generic-library:OpenSSL_1_0_0j generic-library:OpenSSL_0_9_8x generic-library:OpenSSL_1_0_1b generic-library:OpenSSL_0_9_8w generic-library:OpenSSL_1_0_1a generic-library:OpenSSL_0_9_8v generic-library:OpenSSL_1_0_0i generic-library:OpenSSL_1_0_1 generic-library:OpenSSL_1_0_0h generic-library:OpenSSL_0_9_8u generic-library:OpenSSL_1_0_1-beta3 generic-library:OpenSSL_1_0_1-beta2 generic-library:OpenSSL-fips-2_0-rc9 generic-library:OpenSSL-fips-2_0 generic-library:OpenSSL_1_0_0g generic-library:OpenSSL_0_9_8t generic-library:OpenSSL_0_9_8s generic-library:OpenSSL_1_0_0f generic-library:OpenSSL-fips-2_0-rc8 generic-library:OpenSSL_1_0_1-beta1 generic-library:OpenSSL-fips-2_0-rc7 generic-library:OpenSSL-fips-2_0-rc6 generic-library:OpenSSL-fips-2_0-rc5 generic-library:OpenSSL-fips-2_0-rc4 generic-library:OpenSSL-fips-2_0-rc3 generic-library:OpenSSL-fips-2_0-rc2 generic-library:OpenSSL-fips-2_0-rc1 generic-library:OpenSSL-fips-1_2_3 generic-library:OpenSSL-fips-1_2_2 generic-library:OpenSSL-fips-1_2_1 generic-library:OpenSSL_1_0_0e generic-library:OpenSSL_1_0_0d generic-library:OpenSSL_0_9_8r generic-library:OpenSSL_0_9_8q generic-library:OpenSSL_1_0_0c generic-library:OpenSSL_0_9_8p generic-library:OpenSSL_1_0_0b generic-library:OpenSSL_0_9_8o generic-library:OpenSSL_1_0_0a generic-library:OpenSSL_1_0_0 generic-library:OpenSSL_0_9_8n generic-library:OpenSSL_0_9_8m generic-library:OpenSSL_0_9_8m-beta1 generic-library:OpenSSL_1_0_0-beta5 generic-library:OpenSSL_1_0_0-beta4 generic-library:OpenSSL_0_9_8l generic-library:OpenSSL_1_0_0-beta3 generic-library:OpenSSL_1_0_0-beta2 generic-library:OpenSSL_1_0_0-beta1 generic-library:OpenSSL_0_9_8k generic-library:OpenSSL_0_9_8j generic-library:OpenSSL_0_9_8i generic-library:OpenSSL_0_9_8h generic-library:OpenSSL_0_9_8g generic-library:OpenSSL_0_9_8f generic-library:OpenSSL-fips-1_2_0 generic-library:FIPS_098_TEST_8 generic-library:FIPS_098_TEST_7 generic-library:FIPS_098_TEST_6 generic-library:FIPS_098_TEST_5 generic-library:FIPS_098_TEST_4 generic-library:FIPS_098_TEST_3 generic-library:FIPS_098_TEST_2 generic-library:FIPS_098_TEST_1 generic-library:OpenSSL_0_9_7m generic-library:OpenSSL_0_9_8e generic-library:OpenSSL_0_9_7l generic-library:OpenSSL_0_9_8d generic-library:OpenSSL_0_9_8c generic-library:OpenSSL_0_9_7k generic-library:OpenSSL_0_9_7j generic-library:OpenSSL_0_9_8b generic-library:OpenSSL_FIPS_1_0 generic-library:OpenSSL_0_9_7i generic-library:OpenSSL_0_9_8a generic-library:OpenSSL_0_9_7h generic-library:OpenSSL_0_9_8 generic-library:FIPS_TEST_10 generic-library:OpenSSL_0_9_8-beta6 generic-library:OpenSSL_0_9_8-beta5 generic-library:FIPS_TEST_9 generic-library:OpenSSL_0_9_8-beta4 generic-library:OpenSSL_0_9_8-beta3 generic-library:BEN_FIPS_TEST_8 generic-library:OpenSSL_0_9_8-beta2 generic-library:OpenSSL_0_9_8-beta1 generic-library:OpenSSL_0_9_7g generic-library:OpenSSL_0_9_7f generic-library:BEN_FIPS_TEST_7 generic-library:BEN_FIPS_TEST_6 generic-library:OpenSSL_0_9_7e generic-library:OpenSSL_0_9_7d generic-library:OpenSSL-engine-0_9_6m generic-library:OpenSSL_0_9_6m generic-library:LEVITTE_after_const generic-library:LEVITTE_before_const generic-library:BEN_FIPS_TEST_5 generic-library:BEN_FIPS_TEST_4 generic-library:OpenSSL-engine-0_9_6l generic-library:OpenSSL_0_9_6l generic-library:BEN_FIPS_TEST_3 generic-library:BEN_FIPS_TEST_2 generic-library:BEN_FIPS_TEST_1 generic-library:OpenSSL-engine-0_9_6k generic-library:OpenSSL_0_9_6k generic-library:OpenSSL_0_9_7c generic-library:OpenSSL-engine-0_9_6j generic-library:OpenSSL_0_9_7b generic-library:OpenSSL_0_9_6j generic-library:OpenSSL-engine-0_9_6i generic-library:OpenSSL_0_9_6i generic-library:OpenSSL_0_9_7a generic-library:OpenSSL_0_9_7 generic-library:OpenSSL_0_9_7-beta6 generic-library:STATE_after_zlib generic-library:STATE_before_zlib generic-library:OpenSSL_0_9_7-beta5 generic-library:OpenSSL-engine-0_9_6h generic-library:OpenSSL_0_9_6h generic-library:OpenSSL_0_9_7-beta4 generic-library:OpenSSL-engine-0_9_6g generic-library:OpenSSL_0_9_6g generic-library:OpenSSL-engine-0_9_6f generic-library:OpenSSL_0_9_6f generic-library:OpenSSL_0_9_7-beta3 generic-library:OpenSSL-engine-0_9_6e generic-library:OpenSSL_0_9_6e generic-library:OpenSSL_0_9_7-beta2 generic-library:OpenSSL_0_9_7-beta1 generic-library:AFTER_COMPAQ_PATCH generic-library:BEFORE_COMPAQ_PATCH generic-library:OpenSSL-engine-0_9_6d generic-library:OpenSSL_0_9_6d generic-library:OpenSSL-engine-0_9_6d-beta1 generic-library:OpenSSL_0_9_6d-beta1 generic-library:OpenSSL-engine-0_9_6c generic-library:OpenSSL_0_9_6c generic-library:OpenSSL-engine-0_9_6b generic-library:OpenSSL_0_9_6b generic-library:OpenSSL_0_9_6a generic-library:OpenSSL-engine-0_9_6a generic-library:OpenSSL-engine-0_9_6a-beta3 generic-library:OpenSSL_0_9_6a-beta3 generic-library:OpenSSL-engine-0_9_6a-beta2 generic-library:OpenSSL_0_9_6a-beta2 generic-library:OpenSSL-engine-0_9_6a-beta1 generic-library:OpenSSL_0_9_6a-beta1 generic-library:rsaref generic-library:BEFORE_engine generic-library:OpenSSL_0_9_6-beta2 generic-library:OpenSSL_0_9_6-beta1 generic-library:OpenSSL_0_9_6 generic-library:OpenSSL-engine-0_9_6 generic-library:OpenSSL-engine-0_9_6-beta3 generic-library:OpenSSL_0_9_6-beta3 generic-library:OpenSSL-engine-0_9_6-beta2 generic-library:OpenSSL-engine-0_9_6-beta1 generic-library:OpenSSL_0_9_5 generic-library:OpenSSL_0_9_5a generic-library:OpenSSL_0_9_5a-beta2 generic-library:OpenSSL_0_9_5a-beta1 generic-library:OpenSSL_0_9_5beta2 generic-library:OpenSSL_0_9_5beta1 generic-library:OpenSSL_0_9_4 generic-library:OpenSSL_0_9_3a generic-library:OpenSSL_0_9_3 generic-library:OpenSSL_0_9_3beta2 generic-library:OpenSSL_0_9_3beta1 generic-library:OpenSSL_0_9_2b generic-library:OpenSSL_0_9_1c generic-library:SSLeay_0_9_1b generic-library:SSLeay_0_9_0b generic-library:SSLeay_0_8_1b

292 Commits
OpenSSL-en ... OpenSSL_0_

Author SHA1 Message Date
Richard Levitte
483c4e0682 Add security patch and create release. 
Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
 2001-07-09 14:36:30 +00:00
Richard Levitte
de61328615 make update 2001-07-05 12:28:13 +00:00
Bodo Möller
731e14031c Andy's mips3.s fix (as in main branch). 2001-07-04 20:17:52 +00:00
Lutz Jänicke
93074b2509 When only the key is given to "enc", the IV is undefined 
(found by Andy Brown <logic@warthog.com>).
 2001-07-03 10:32:30 +00:00
Dr. Stephen Henson
1498ad74bb Another empty X509_NAME fix. 2001-06-26 12:38:33 +00:00
Dr. Stephen Henson
e319a89f84 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:12 +00:00
Bodo Möller
9fa5786340 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:56 +00:00
Dr. Stephen Henson
1b822decb8 Don't set *pointer if add_lock_callback used. 2001-06-19 00:09:20 +00:00
Bodo Möller
dab4c2824f pay attention to blocksize before attempting decryption 2001-06-15 18:06:06 +00:00
Ulf Möller
19352b794d as in head 2001-06-08 14:17:12 +00:00
Lutz Jänicke
8746ee311e ERR_peek_error() returns "unsigned long". 2001-06-07 17:22:01 +00:00
Richard Levitte
e90323844f Use memmove() instead of memcpy() on areas that may overlap. 
Spotted by Nalin Dahyabhai <nalin@redhat.com>
 2001-06-07 04:45:55 +00:00
Bodo Möller
630c1aedd2 OAEP fix 2001-06-06 21:44:48 +00:00
Bodo Möller
a650df440b when checking OAEP, signal just a single kind of 'decoding error' 2001-06-06 18:48:57 +00:00
Ulf Möller
afd7b5affe as in head 2001-06-06 17:24:03 +00:00
Ulf Möller
38c3436577 make sure we don't write to seed[-1] 2001-06-06 17:15:47 +00:00
Richard Levitte
7e9547e126 Accept digits in symbol names. Spotted by Brian Havard <brianh@kheldar.apana.org.au> 2001-06-04 16:34:39 +00:00
Bodo Möller
83583e9479 Fix Bleichenbacher PKCS #1 1.5 countermeasure. 
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
 2001-06-01 09:43:23 +00:00
Bodo Möller
41d208db79 increase DEFAULT_BUFFER_SIZE (4K instead of just 1K) 2001-06-01 08:39:02 +00:00
Richard Levitte
9a1c40049e From revision 1.25, 2001/05/31 22:25:30 by levitte 
Don't decrement the reference counter twice when destroying dynamic
links.
 2001-06-01 05:36:44 +00:00
Dr. Stephen Henson
39bed15e53 Add missing variable length cipher flag for Blowfish. 
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
 2001-05-24 23:00:46 +00:00
Dr. Stephen Henson
4b04466f14 Fix for missing DSA parameters. 2001-05-24 22:33:16 +00:00
Richard Levitte
2474b596ad VMS doesn't support more than on period in a file name 2001-05-22 12:48:14 +00:00
Richard Levitte
a890c4e9bb Add development tools to the requirements 2001-05-17 05:03:47 +00:00
Lutz Jänicke
c62ddfbb6e Add missing item SSL_ERROR_WANT_CONNECT. 2001-05-16 09:46:47 +00:00
Lutz Jänicke
8b9351cf61 Typos. 2001-05-14 09:57:03 +00:00
Lutz Jänicke
b23f1df65f One more point to clarify, pointed out by "Greg Stark" <ghstark@pobox.com> 2001-05-14 09:03:35 +00:00
Lutz Jänicke
f05735c8c9 Clarify behaviour with respect to SSL/TLS records. 2001-05-12 09:49:46 +00:00
Lutz Jänicke
42f310f596 Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE 
flag as discussed on the mailing list.
 2001-05-11 09:54:20 +00:00
Bodo Möller
77c6edc1d1 fix an old entry 2001-05-08 12:46:33 +00:00
Bodo Möller
99bd4baa54 .rnd issues 2001-05-03 09:28:19 +00:00
Bodo Möller
c8913d8e8a bctest changes for Ultrix (don't return 1 from bctest, otherwise make aborts) 2001-05-03 08:50:32 +00:00
Richard Levitte
3c836ff0f8 Some platforms (most notably Windows) do not have a $HOME by default. 
For those, unless the environment variables RANDFILE or HOME are
defined (the default case!), RAND_file_name() will return NULL.
This change adds a default HOME for those platforms.

To add a default HOME for any platform, just define DEFAULT_HOME in
the proper place, wrapped in appropriate #ifdef..#endif, in e_os.h.
 2001-05-03 07:50:39 +00:00
Richard Levitte
a956392145 Add support for Sun C on Solaris x86. Contributed by Ben <mouring@etoh.eviladmin.org> 2001-05-03 06:15:05 +00:00
Richard Levitte
4760dc31c9 Merge in the following changes (from the main trunk log): 
>----------------------------
>revision 1.24
>date: 2001/04/29 16:30:59;  author: steve;  state: Exp;  lines: +5 -1
>Win32 fixes:
>
>define LLONG properly for VC++.
>
>stop compiler complaining about signed/unsigned mismatch in apps/engine.c
>----------------------------
>revision 1.22
>date: 2001/02/27 23:59:18;  author: ulf;  state: Exp;  lines: +1 -1
>%f conversion bug fix
>Submitted by: Henrik Eriksson <henrik.eriksson@axis.com>
>----------------------------
>revision 1.21
>date: 2000/10/22 12:44:12;  author: levitte;  state: Exp;  lines: +3 -3
>On some operating systems, MAX is defined.  Call ours OSSL_MAX instead
 2001-05-02 07:10:42 +00:00
Lutz Jänicke
5fde80cd56 Typo (Petr Lancaric <Petr.Lancaric@ips-ag.cz>). 2001-04-25 15:25:39 +00:00
Bodo Möller
ecacb136c5 typo 2001-04-18 15:12:26 +00:00
Bodo Möller
db17ecdae3 fix md_rand.c locking bugs 2001-04-18 15:08:19 +00:00
Lutz Jänicke
ee718b2c22 Clarify request of client certificates. This is a FAQ. 2001-04-17 13:20:05 +00:00
Lutz Jänicke
514481f686 -1 cannot work on platforms with unsigned char 
(Jun-ichiro itojun Hagino <itojun@iijlab.net>).
 2001-04-15 10:30:01 +00:00
Lutz Jänicke
b089e64654 Don't make half work when constifying... 2001-04-14 14:48:44 +00:00
Lutz Jänicke
3c1f0ccbf4 Constify "salt" (Jason Molenda <jason@molenda.com>) 2001-04-14 14:42:28 +00:00
Lutz Jänicke
c5e00a3ee2 Missing link ("Greg Stark" <gstark@ethentica.com>) 2001-04-12 21:12:30 +00:00
Lutz Jänicke
26c329cd84 Fix wrong information with respect to CAs listed to the client 
(follows from technical discussion with Amit Chopra <amitc@pspl.co.in>).
 2001-04-12 16:03:28 +00:00
Bodo Möller
d349c5f8fd some updates from 0.9.7-dev 2001-04-12 12:09:07 +00:00
Lutz Jänicke
3a11466381 Typo (Jun-ichiro itojun Hagino <itojun@iijlab.net>) 2001-04-12 11:46:23 +00:00
Richard Levitte
5c4c4c2b90 The changes that I just commited on this file is a mistake. Go back. This never happened :-) 2001-04-11 10:12:13 +00:00
Richard Levitte
ec11fa2159 NetBSD and OpenBSD use TOD as well 2001-04-11 10:06:44 +00:00
Lutz Jänicke
c4365acc48 Typo (was already fixed in 0.9.7-dev). 2001-04-09 15:00:31 +00:00
Lutz Jänicke
c29dbb9562 Add forgotten "-passin" option to smime.c usage help. 2001-04-08 10:53:27 +00:00
Richard Levitte
cb1c1555fa A small change that only went to the engine-0.9.6 branch... 
This change will be part of 0.9.6a.
 2001-04-05 21:08:33 +00:00
Richard Levitte
fa528639e3 Tagging has been done, move on to development of 0.9.6b. 
(Hopefully, it will never be needed)
 2001-04-05 17:59:14 +00:00
Richard Levitte
092ab05aef Forgot to update the STATUS file. This will be part of 0.9.6a 2001-04-05 17:42:00 +00:00
Richard Levitte
4f647957c5 Release OpenSSL 0.9.6a. 
The tag will be OpenSSL_0_9_6a
 2001-04-05 16:43:07 +00:00
Richard Levitte
4424a12c43 make update 2001-04-05 16:36:00 +00:00
Dr. Stephen Henson
592f5c5797 Fix couple of memory leaks in PKCS7_dataDecode(). 2001-04-04 22:30:26 +00:00
Ulf Möller
14ba311676 Unixware config. 
Submitted by: Tim Rice <tim@multitalents.net>
 2001-04-04 19:20:33 +00:00
Bodo Möller
b9a96c0134 don't use shell functions 2001-04-04 16:27:44 +00:00
Richard Levitte
75c3c831db Incorporate some changes that make OpenSSL compilable in CygWin. 2001-04-04 15:51:36 +00:00
Richard Levitte
385af2e9ec We're still just developping beta4 (or final release) 2001-04-04 04:30:39 +00:00
Richard Levitte
3c43aa1b82 Make do_bsd-gcc-shared depend on do_gnu-shared instead of the non-existent linux-shared 2001-04-04 04:24:35 +00:00
Bodo Möller
dea0f7dd0d As in the main branch, ignore the bctest exit value. 
(I thought I had done this change before ...)
 2001-04-03 15:20:22 +00:00
Bodo Möller
9a22ce66c9 This change should be suitable as a workaround for the Solaris x86 
compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).
 2001-04-03 13:46:36 +00:00
Richard Levitte
72cd659df6 Plug a memory leak. Spotted by "Shijin" <shijin@comex.com> 2001-04-03 09:42:49 +00:00
Richard Levitte
58eef36b4d libfisdef.h and LIB do not exist on older VMS versions 2001-04-03 08:31:45 +00:00
Richard Levitte
79311176b2 Remove a typo in dgux-R4-gcc. 2001-04-03 08:27:53 +00:00
Richard Levitte
88f59f6152 Compaq C on OpenVMS is a little picky around producing empty object 
files...
 2001-04-02 09:10:59 +00:00
Bodo Möller
e32578847c avoid buffer overflow 2001-03-31 07:47:32 +00:00
Ulf Möller
323fd27435 Note that alpha.s is no longer used. 2001-03-31 01:19:42 +00:00
Richard Levitte
fcc88e4915 Tagging has been done, move on to develop beta 4 (hopefully not :-)). 2001-03-30 16:22:44 +00:00
Richard Levitte
86cb01870c make update 2001-03-30 15:59:57 +00:00
Bodo Möller
19086ef67b this time *really* fix the /../ check ... 2001-03-30 14:55:19 +00:00
Dr. Stephen Henson
ce3fc3956d Fix asn1_GetSequence() for indefinite length sequences. 2001-03-30 13:42:32 +00:00
Richard Levitte
787f25ab42 Release beta 3 of OpenSSL 0.9.6a. 
The tag will be OpenSSL_0_9_6a-beta3.
 2001-03-30 12:21:28 +00:00
Bodo Möller
85794e5556 Remove unused variable 'prev_slash' that I accidentily added. 2001-03-30 10:50:27 +00:00
Bodo Möller
7f950bd8a2 For -WWW, fix test for ".." directory references (and avoid warning for 
index -1).
 2001-03-30 10:47:56 +00:00
Bodo Möller
bf7b0d2d2b News for 0.9.6a. 2001-03-30 10:46:49 +00:00
Bodo Möller
83c4e75be9 Use enhanced bctest (as in main trunk), and add a workaround that 
should solve the problems with FreeBSD's /bin/sh.
 2001-03-30 09:23:14 +00:00
Richard Levitte
e5f3be2bbb Additionally, rename des_encrypt to des_encrypt1 in files that are 
seldom used or read, but may still be...
 2001-03-30 07:26:04 +00:00
Dr. Stephen Henson
fbca4281c8 Change des_encrypt to des_encrypt1 in assembly language perl 
scripts and des_opts #defines.
 2001-03-30 02:14:29 +00:00
Dr. Stephen Henson
a858b8036c Fix a bug caused by the 'fix' for empty X509_NAME encoding. 2001-03-30 00:58:49 +00:00
Richard Levitte
d2be2fb241 Merge in the latest news 2001-03-29 20:58:18 +00:00
Richard Levitte
4855eb75a7 One des_encrypt to des_encrypt1 I forgot to commit... 2001-03-29 20:37:32 +00:00
Richard Levitte
b1f88ec4e2 I forgot to rename des_encrypt to des_encrypt1 in libeay.num. 2001-03-29 10:49:01 +00:00
Richard Levitte
44924fb2b4 Since there has been reports of clashes between OpenSSL's 
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
 2001-03-29 07:45:01 +00:00
Richard Levitte
0e810cf6b0 Add news section for OpenSSL 0.9.6a. Please add what's missing 2001-03-28 13:35:48 +00:00
Ulf Möller
1777e3fd5e check the CRT result. 2001-03-28 04:49:39 +00:00
Ulf Möller
509ca689b0 Note the MIPS assembler bug fix. 2001-03-28 02:39:22 +00:00
Richard Levitte
3a1dbce19d Merge in the IRIX fix from the main development line. 2001-03-27 23:48:35 +00:00
Richard Levitte
10f2bf6d81 Reports seem to show that asm/mips3.s has faults. To be investigated, but let's avoid using it in the mean time 2001-03-27 09:12:51 +00:00
Richard Levitte
1714c07164 For mips3 and alpha, put the assembler file directives in separate 
variables and disable the Alpha assembler for now, since it has been
shown to fail.

The Alpha failure can be shown by adding the following numbers:

FFFFFFFFFFFFFF0000FF2E00000000EBFFFFFF0000D1
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF46FFE0FFFF0000

The result is:

1FFFFFFFFFFFEFF0000FF2E0000000032FFE0FEFF00D1

The result should really be:

1FFFFFFFFFFFFFF0000FF2E0000000032FFE0FEFF00D1
 2001-03-26 16:26:41 +00:00
Richard Levitte
4cc3d1728f make update 2001-03-24 12:45:11 +00:00
Richard Levitte
3ae82255a9 Bring in the following changes: 
ln on Solaris expects -f to come before -s.
The linux-shared method is actually gcc-specific, so call it
gnu-shared as well.

When using the native tools on Solaris, make damn sure the native ld
is used, even if the user has GNU ld earlier in his $PATH.
 2001-03-24 12:37:32 +00:00
Richard Levitte
9bcab53f49 Bring in the following change: 
gcc uses collect2, not ld, to link things.  Therefore, when using gcc
there's no need fooling ourselves, it's the gnu-shared method that we
should use.  Do it for Solaris to begin with.
 2001-03-24 12:35:41 +00:00
Richard Levitte
ae17135ab5 Bring in the rest of the corrections for shared libraries from the 
main trunk.
 2001-03-24 12:26:03 +00:00
Richard Levitte
1f6b757ae9 For AIX 4.3 or above, allow the use of dlfcn. 2001-03-22 22:06:27 +00:00
Richard Levitte
a496f45f22 We really have no need for PEX_LIBS, so empty it. 2001-03-22 21:21:09 +00:00
Dr. Stephen Henson
3485cdb98e Oops... fix PKCS#7 bug properly this time. 2001-03-22 18:03:22 +00:00
Lutz Jänicke
3e3f04d4b7 Fix error caused by typo (len->strlen) and warning caused by long<->int 
for HP-UX shl_* (32bit dynamic loading) interface.
 2001-03-22 15:52:26 +00:00
Bodo Möller
879d230da3 solaris64-sparcv9-cc still works 2001-03-22 15:15:58 +00:00
Bodo Möller
2006dd12d6 Add missing '#ifndef NO_DSA'. 
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
 2001-03-22 15:13:43 +00:00
Bodo Möller
744b9066e2 Add missing '#ifndef NO_DSA'. 
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
 2001-03-22 15:05:23 +00:00
Bodo Möller
1e01dbfbb2 backport the comment (here it's NO_DH, not OPENSSL_NO_DH ...) 2001-03-22 15:00:45 +00:00
Bodo Möller
6ebcd441d6 Avoid compiler warning for NO_DH as in the main trunk. 2001-03-22 14:59:18 +00:00
Bodo Möller
ea09a504ef Add another "[This change does not apply to 0.9.7.]" line so 
that we can combine the CHANGES files later on.
 2001-03-22 14:56:55 +00:00
Richard Levitte
2e3b3c7be5 Got one positive report. 2001-03-22 14:56:04 +00:00
Richard Levitte
93389c86ca Remove redundant operations and update version info. 2001-03-22 14:42:24 +00:00
Dr. Stephen Henson
8d82218269 Fix bug in PKCS#7 decode routines when indefinite length 
encoding is used inside definite length encoding.
 2001-03-22 13:49:15 +00:00
Bodo Möller
a8e738f9ad Harmonize CHANGES and STATUS files between the 0.9.6a branch and 
the trunk to keep diffs small.
 2001-03-22 10:59:18 +00:00
Bodo Möller
bdcb9321ca The latest beta release is "2", not another "1" ... 2001-03-22 09:02:38 +00:00
Bodo Möller
d239b734e1 Avoid warning 2001-03-22 08:39:03 +00:00
Richard Levitte
d91722f8e0 Update the status. 2001-03-21 23:14:03 +00:00
Richard Levitte
b6282a2004 Tagging has been done (OpenSSL_0_9_6a-beta2), time to move on. 2001-03-21 20:54:52 +00:00
Richard Levitte
f14aa30118 Release OpenSSL 0.9.6a beta2. 2001-03-21 20:37:47 +00:00
Richard Levitte
a4c1a7e317 make update 2001-03-21 19:30:39 +00:00
Richard Levitte
b222cf0624 Since site_t is used, there's no more need to cast to int. 2001-03-21 18:39:43 +00:00
Bodo Möller
68b08abb14 Make sure the size_t declaration is available. 2001-03-21 15:30:28 +00:00
Bodo Möller
cee3fffab5 Turn 'num' argument to RAND_file_name into a size_t (rather than an int). 2001-03-21 15:26:47 +00:00
Richard Levitte
d1d8608464 Change from main development line, 2001-03-20 16:36 levitte 
avoid linking problems when OpenSSL is built with no-dsa.
Spotted by Hellan,Kim KHE <khe@kmd.dk>
 2001-03-21 14:18:06 +00:00
Richard Levitte
19d2a20a7f Change from main development line, 2001-03-18 15:24 levitte 
New cofiguration for Unixwre and SCO,with slightly better granularity.
Contributed by Tim Rice <tim@multitalents.net>
 2001-03-21 14:10:50 +00:00
Dr. Stephen Henson
0bf5d40787 Fix PKCS#12 key generation bug. 2001-03-18 02:10:25 +00:00
Richard Levitte
757d479536 make update 2001-03-16 12:26:29 +00:00
Richard Levitte
74c9ace6f0 From revision 1.54, 2001-03-16 10:30 levitte: 
Correct a typo which might have lead to a dump.
Noted by Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
 2001-03-16 10:39:38 +00:00
Richard Levitte
cfb8afc558 From revision 1.6, 2001-03-08 13:27 bodo: 
Throw out *all* absolute pathnames, not matter what they look like.
The filenames we are interested in for Makefile dependencies are
always relative.
 2001-03-16 09:46:09 +00:00
Richard Levitte
e8acf5c6f8 Success with Mingw32. 2001-03-15 22:11:54 +00:00
Richard Levitte
d5864a1dcb Minimise the amount of -L. when linking the shared libraries. It 
seems like some Unixen (SCO) have opinions about too many -L.
 2001-03-15 22:11:03 +00:00
Richard Levitte
9f56705f96 The change on handling shared libraries was never applied in 
0.9.6a-dev...
 2001-03-15 21:44:17 +00:00
Richard Levitte
7b5b22af5a Add status on a few fixes. 2001-03-15 20:53:03 +00:00
Richard Levitte
00ecca84a8 BSDI ELF knows dlfcn. 2001-03-15 20:36:19 +00:00
Lutz Jänicke
38c3b405c8 Forgot cvs commands, so only the surrounding changes made it... sigh. 2001-03-15 12:42:56 +00:00
cvs2svn
e486ec5e0e This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-03-15 12:42:06 +00:00
Bodo Möller
9f06ce19dd Error codes are longs, not ints 2001-03-15 11:33:16 +00:00
Bodo Möller
ba61b14f1d More err_data memory leaks 2001-03-15 11:33:00 +00:00
Richard Levitte
5114966e00 It is a good thing to prepare the .def files. 2001-03-15 06:51:49 +00:00
Richard Levitte
eed7dd8d75 A number of things have now been corrected. 
HP MPE/iX passes.
 2001-03-15 06:15:26 +00:00
Bodo Möller
70bddeda24 0.9.6a-beta1 works for solaris64-sparcv9-cc. 2001-03-14 13:44:59 +00:00
Richard Levitte
f66efab8f7 The VMS build script was missing a couple of modules. 
Reported by Mark Daniel <Mark.Daniel@wasd.vsm.com.au>
 2001-03-14 13:39:30 +00:00
Richard Levitte
0caa1c11f8 Include openssl/rand.h so RAND_status() gets properly declared. 
Reported by Rob Neff <neff.ra@home.com>
 2001-03-14 13:36:50 +00:00
Richard Levitte
c68f050647 Signed vs. unsigned problem fix. 
Reported by Rob Neff <neff.ra@home.com>
 2001-03-14 13:32:16 +00:00
Richard Levitte
d58eb72f25 On HP-UX 10, shareable libraries end with '.sl', not '.so'. 
In part reported by Lynn Gazis <lgazis@IVEA.com>.  The rest of the
report is about SHLIB_PATH being ignored.  It was decided that using
it would break security.
 2001-03-14 13:30:07 +00:00
Richard Levitte
11bfaf6cff Irix fails. 2001-03-14 07:00:57 +00:00
Richard Levitte
68a54ab591 A few more reports. 2001-03-14 06:57:16 +00:00
Bodo Möller
9693045170 Fix: return 0 if no error occured. 2001-03-13 22:17:45 +00:00
Richard Levitte
311e4e9253 Update beta 1 status. 2001-03-13 21:39:34 +00:00
Richard Levitte
1874366208 We need to build MINFO. 2001-03-13 21:28:44 +00:00
Richard Levitte
18c497dffb Tagging has now been done, switch over to development of beta 2. 
The tag for beta 1 is OpenSSL_0_9_6a-beta1.
 2001-03-13 16:29:03 +00:00
Richard Levitte
15922ccdf6 Release Beta 1 of 0.9.6a. 2001-03-13 16:08:32 +00:00
Richard Levitte
5098bc92f8 A correction from the main trunk that was forgotten. 2001-03-13 14:39:51 +00:00
Richard Levitte
a411eaa858 make update 
Since there was some functions added in libeay.num, it means things
are going to move in libeay.num in the OpenSSL-engine-0_9_6-stable
branch and in the main trunk.
 2001-03-13 12:12:05 +00:00
Ulf Möller
42b848bcf1 that was useless - still fails with GCC 2001-03-13 07:12:02 +00:00
Bodo Möller
b670b1e3da Use err_clear_data macro 2001-03-13 07:03:39 +00:00
Ulf Möller
a1c769a5f6 Alpha workaround. This is a lot slower! 2001-03-13 06:31:36 +00:00
Bodo Möller
2c89d56a1d fix memory leak in err.c 2001-03-12 18:39:47 +00:00
Ulf Möller
142e22641e doh 2001-03-10 04:29:05 +00:00
Bodo Möller
b9cc6148f4 Workaround for solaris64 linking problem (explicit "ar rs" is needed 
to create a symbol table).

Sun patches such as 109147-06 probably fix this problem,
but we can easily avoid it.
 2001-03-09 13:00:52 +00:00
Bodo Möller
c6a15854ee Consistently use 'void *' for SSL read, peek and write functions. 2001-03-09 10:08:06 +00:00
Bodo Möller
ba41d8a556 ssl23_peek 2001-03-08 21:56:34 +00:00
Bodo Möller
f46a878e3f add ssl23_peek 2001-03-08 21:53:29 +00:00
Bodo Möller
fac683684b Avoid problems with multi-line NAME sections. 2001-03-08 21:53:01 +00:00
Lutz Jänicke
f51fee66ad Add newly learned knowledge from yesterday's discussion. 2001-03-08 17:25:49 +00:00
Ulf Möller
5fb0aa6487 Note the rand_win.c change 2001-03-08 16:58:07 +00:00
Ulf Möller
9c3cbe5d7f replace rdtsc as in HEAD 2001-03-08 16:49:03 +00:00
Richard Levitte
3e0d891828 SSLv2 session reuse bugfix from main development branch. 2001-03-05 14:52:30 +00:00
Lutz Jänicke
1c85e93c7c Typo, spotted by "Greg Stark" <gstark@ethentica.com>. 2001-03-01 16:48:12 +00:00
Dr. Stephen Henson
95d334f2db Fix bug in copy_email() which would not 
find emailAddress at start of subject name.
 2001-03-01 13:33:53 +00:00
Ulf Möller
98486a9310 improved bignum test as in 0.9.7. 
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
 2001-02-27 23:00:42 +00:00
Geoff Thorpe
4910cbf6db Backfit a bugfix from 0.9.7-dev to 0.9.6-stable. init() and finish() 
handlers were previously getting called before (and after, respectively)
the "ex_data" structures - this meant init() had very little that it
could initialise, and finish() had very little it could cleanup.
 2001-02-24 17:32:34 +00:00
Dr. Stephen Henson
75090e0365 Stop PKCS7_verify() core dumping with unknown public 
key algorithms and leaking if the signature verify
fails.
 2001-02-24 01:46:46 +00:00
Lutz Jänicke
6676457bba SSL_get_version() was an easy one :-) 2001-02-23 21:07:53 +00:00
cvs2svn
ad45ed9f5c This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-23 21:05:58 +00:00
Bodo Möller
32828e6ffd include e_os.h as "openssl/e_os.h" (as elsewhere) 2001-02-22 14:59:11 +00:00
Ulf Möller
a39ded513a BN_rand_range() as in main branch. 2001-02-21 15:54:31 +00:00
Bodo Möller
0069dbc4a5 honour -no_tmp_rsa 2001-02-20 12:58:57 +00:00
Bodo Möller
ac90362581 update 2001-02-20 11:31:20 +00:00
Bodo Möller
6d82a20624 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. 
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
 2001-02-20 08:22:25 +00:00
Ulf Möller
6c66fcba5f as in main branch 2001-02-20 00:38:02 +00:00
Ulf Möller
faa624f9f9 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:17:46 +00:00
Ulf Möller
15ed15d3e4 OPENSSL_issetugid() as in the main branch. 2001-02-19 23:57:18 +00:00
cvs2svn
54f7c8571f This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-19 22:04:03 +00:00
Bodo Möller
b6fefec364 Memory leak checking bugfixes for multi-threading. 2001-02-19 10:30:13 +00:00
Ulf Möller
2bf1c86d05 ispell 2001-02-16 02:11:12 +00:00
Ulf Möller
2147cd3540 pod format error 2001-02-16 01:46:47 +00:00
Lutz Jänicke
6a0fb6083c Move entry to match chronologic ordering. 2001-02-15 14:19:43 +00:00
Lutz Jänicke
0dbfc1da4a Add '-rand' option to s_server and s_client. 2001-02-15 10:35:29 +00:00
Ulf Möller
f945040633 IRIX bugfix 2001-02-14 00:23:27 +00:00
Lutz Jänicke
8b8e03dc66 Finish first round of session cache documentation. 2001-02-13 14:02:59 +00:00
cvs2svn
56ec43a0dd This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-13 14:00:10 +00:00
Lutz Jänicke
74ac7455c5 New manual page: SSL_CTX_set_mode. 2001-02-13 11:46:42 +00:00
cvs2svn
166850e315 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-13 11:43:12 +00:00
Dr. Stephen Henson
e15abbc69f Make X509_NAME produce correct encoding when empty. 2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
c6b523d3dd Workaround for libsafe "error". 2001-02-12 03:04:59 +00:00
Lutz Jänicke
1e376e41a2 More about session caching. 2001-02-11 17:03:50 +00:00
cvs2svn
dc931b1fca This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-11 17:01:37 +00:00
Lutz Jänicke
7fcb1de839 Manual page for SSL_CTX_set_options(). Unfortunately for some of the 
options someone much longer working with OpenSSL/SSLeay is needed.
 2001-02-10 16:20:41 +00:00
cvs2svn
49b02a2d77 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-10 16:18:36 +00:00
Bodo Möller
418a0d151e Simplify BN_rand_range 2001-02-10 00:34:20 +00:00
Lutz Jänicke
7b0cb7f08d Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>. 2001-02-09 19:05:11 +00:00
Bodo Möller
1c08c320c5 add linux-s390 configuration (based on information submitted by 
Denis Beauchemin <Denis.Beauchemin@Courrier.USherb.ca>)
 2001-02-09 08:35:03 +00:00
Ulf Möller
452b34a770 add comment and RAND_load_file() change as in main branch. 2001-02-08 17:50:55 +00:00
Ulf Möller
6bdb723259 cleanup 2001-02-08 17:14:47 +00:00
Bodo Möller
31a74acfd3 Another comment change. (Previous comment does not apply 
for range = 11000000... or range = 100000...)
 2001-02-08 12:33:55 +00:00
Bodo Möller
d82242169b Change comments. (The expected number of iterations in BN_rand_range 
never exceeds 1.333...).
 2001-02-08 12:27:00 +00:00
Bodo Möller
a0707e6170 oops -- remove observation code 2001-02-08 12:25:03 +00:00
Bodo Möller
07fc72fea1 Integrate my implementation of a countermeasure against 
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
 2001-02-08 12:20:25 +00:00
Lutz Jänicke
813c7c415b Update documentation to match the state of OpenSSL 0.9.6. 2001-02-08 10:36:37 +00:00
Ulf Möller
38b3a46ffa DSA fix from main branch. 2001-02-07 22:35:11 +00:00
Ulf Möller
60b3b2c9d0 EBCDIC bug fix from main branch. 2001-02-07 22:13:10 +00:00
Bodo Möller
c7410f2693 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:14:57 +00:00
Bodo Möller
43a5e1409e don't dump core 2001-02-06 09:47:25 +00:00
Richard Levitte
cd4fad5488 Merge in memory leak correction from main trunk. 2001-02-05 13:33:28 +00:00
Richard Levitte
28b1bceb2f 0.9.6a will not be release in Y2K. :-) 2001-02-05 13:32:33 +00:00
Lutz Jänicke
d4d76b9e83 Documenting session caching, 2nd step. 2001-02-04 18:10:54 +00:00
cvs2svn
e1fee47759 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-04 18:05:28 +00:00
Lutz Jänicke
88e9984da5 Clarify why SSL_CTX_use_certificate_chain_file() should be preferred. 2001-02-03 15:15:44 +00:00
Lutz Jänicke
dac1169e82 Typo: on my screen it nicely wrapped around at 80 :-) 2001-02-03 11:02:35 +00:00
Lutz Jänicke
53ab745f7a If the source has already been succesfully queried, do not try to open it 
again as file.
 2001-02-03 10:59:16 +00:00
Lutz Jänicke
2bbe747045 Backport... 2001-02-02 14:44:02 +00:00
cvs2svn
55cd47ffb4 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-02-02 14:40:53 +00:00
Dr. Stephen Henson
2e1d669cba Tolerate some "variations" used in some 
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
 2001-02-01 02:03:58 +00:00
Lutz Jänicke
819d5cef08 Backport extended documentation. 2001-01-31 14:18:43 +00:00
cvs2svn
e9cba65a99 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-01-31 14:14:21 +00:00
Richard Levitte
3b1f393ae7 Transport from development branch. 2001-01-30 13:54:44 +00:00
Lutz Jänicke
61433519af Backported manual pages from 0.9.7. 2001-01-28 18:35:10 +00:00
Lutz Jänicke
c032563a0a Backport documentation added for 0.9.7. 2001-01-28 18:31:35 +00:00
Dr. Stephen Henson
943f8a46a4 For CRLs. 
Shouldn't use the "encode empty" macros with the
revoked field since that is initialised.

Extensions should now be set to NULL so they
encode as absent if none are added.
 2001-01-28 14:48:13 +00:00
Dr. Stephen Henson
7a60df7dd3 New ASN1 macros which will encode an empty SEQUENCE OF. 
Fix CRL encoders to encode empty SEQUENCE OF.

The old code was breaking CRL signatures.

Note: it is best to add new macros because changing the
old ones could break other code which expects that behaviour.
None of this is needed with the new ASN1 code anyway...
 2001-01-28 14:18:20 +00:00
Dr. Stephen Henson
de0b3ab7fb Zero the premaster secret after deriving the master secret in DH 
ciphersuites.
 2001-01-25 13:20:39 +00:00
cvs2svn
2b8d087ba1 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-01-25 02:26:59 +00:00
Richard Levitte
eec6e53851 Eh, this branch is not version 0.9.6, it's the development of 0.9.6a. 2001-01-24 16:21:21 +00:00
Ulf Möller
9cd9ae3e3e new year 2001-01-24 02:56:13 +00:00
Bodo Möller
c4fd88f519 EVP_add_digest_alias additions to SSL_library_init 2001-01-23 16:38:15 +00:00
Ulf Möller
0a0a261d64 Irix fix as in main branch 2001-01-23 16:29:06 +00:00
Bodo Möller
6610d4f3b9 For improved compatibility with 'strange' certificates, add some 
digest aliases (as found in OpenSSL_add_all_digests).
 2001-01-23 13:55:01 +00:00
Ulf Möller
70f74dd946 remove newline 2001-01-21 18:51:01 +00:00
Ulf Möller
92fdeb37a0 config bug fixes from the main branch. 2001-01-21 18:48:11 +00:00
Bodo Möller
ffac355834 Fix openssl passwd -1 2001-01-19 07:38:55 +00:00
Bodo Möller
2e72fde15f As in the main branch, there's no longer a need to guess the bc 
version at compile time.
 2001-01-18 12:41:25 +00:00
Bodo Möller
aa9be09088 Use 'bctest' script to test if bc works (as in the main branch). 2001-01-17 10:26:25 +00:00
Dr. Stephen Henson
8bcceacf34 Fix PKCS#12 PBE routines to cope with passwords 
from PEM callbacks which are not null terminated.
 2001-01-14 14:14:45 +00:00
Bodo Möller
a5a4b34a5a When we are waiting for user action, we should say this explicitly. 2001-01-12 10:35:32 +00:00
Bodo Möller
f99267cffc Fix C code generate by 'openssl dsaparam -C'. 2001-01-10 14:27:04 +00:00
Dr. Stephen Henson
5860ecb8ec Fix uni2asc() so it can properly convert zero length 
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
 2001-01-10 01:14:23 +00:00
Bodo Möller
799751bcff Get rid of unused error code. 2000-12-27 23:41:50 +00:00
Bodo Möller
beaea31a96 Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:06:48 +00:00
Bodo Möller
a9c3dc60b9 Fix SSL_peek and SSL_pending. 2000-12-25 18:41:37 +00:00
Bodo Möller
2fb0c899c6 Include CRYPTO_mem_leaks deadlock fix. 2000-12-20 10:07:31 +00:00
Bodo Möller
73bc0cfd93 fix indentation 2000-12-19 12:39:12 +00:00
Bodo Möller
cbfa030de7 Don't hold CRYPTO_LOCK_RSA during time-consuming operations. 2000-12-19 12:19:16 +00:00
Bodo Möller
bb617a9646 Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX 
structures and setting rsa->_method_mod_{n,p,q}.

Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
 2000-12-18 16:36:07 +00:00
Bodo Möller
7947f98b9b Fix another buffer overrun bug (which is not really a bug because 
s->s2->escape is never set when sending data because the escape
bit is just reserved for future use in SSL 2.0)
 2000-12-18 11:32:09 +00:00
Bodo Möller
fc4868cb47 Increase wbuf by one byte to fix the bug reported by 
Eric Day <eday@concentric.net> to openssl-dev@openssl.org,
Message-ID: <20001218013437.A5526@concentric.net>
 2000-12-18 11:23:23 +00:00
Bodo Möller
555a8493cd typo 2000-12-14 17:45:36 +00:00
Bodo Möller
2452e013aa The first step towards a SSL_peek fix. 
The main thing to verify about these changes is that nothing at all
has changed, as far as behaviour is concerned (except that some
SSLerr() invocations now have a different function code): SSL_read
(ssl2_read, ssl3_read) behaves exactly as before, and SSL_peek refuses
to do any work exactly as before.  But now the functions actually
doing the work have a 'peek' flag, so it should be easy to change them
to behave accordingly.
 2000-12-14 17:34:42 +00:00
cvs2svn
a29b1a3f0f This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2000-12-11 17:28:08 +00:00
Bodo Möller
79370621ea Change error message to "bignum too long" 2000-12-04 09:32:26 +00:00
Bodo Möller
4c4f1ee4de include <limits.h> 2000-12-03 09:55:01 +00:00
Bodo Möller
fe772376ec Don't allow BIGNUMs to become so large that computations with dmax 
might overflow.
 2000-12-03 09:37:15 +00:00
Ulf Möller
99cf5acd5c fix for Borland C 2000-12-01 03:06:55 +00:00
Bodo Möller
d2c38b1c73 Fix BN_rshift. 2000-11-30 22:35:52 +00:00
Lutz Jänicke
673d7ac121 Store verify_result with sessions to avoid potential security hole. 
For the server side this was already done one year ago :-(
 2000-11-29 18:12:32 +00:00
Bodo Möller
666d437538 Disable SSL_peek. 2000-11-28 11:14:39 +00:00
Bodo Möller
ddf72ed59f SSL_CTX-related fixes. 2000-11-08 10:09:10 +00:00
Dr. Stephen Henson
6502735b9c Fix from main trunk, 2000-10-04 03:16:34 steve: 
Fix for bug in DirectoryString mask setting.

Fix from main trunk, 2000-10-20 01:16:49 steve:

Move expired CA certificate.

Fix from main trunk, 2000-10-20 02:36:47 steve:

Stop MASM debug warning.
 2000-10-27 23:52:35 +00:00
Richard Levitte
31a266cb93 make update 2000-10-27 21:49:59 +00:00
Richard Levitte
b703bce788 Corrected missing colons. This was part of a larger change in the 
main development line.
 2000-10-27 21:49:40 +00:00
Richard Levitte
0188a53d19 Fix from main trunk, 2000-10-22 14:47 levitte: 
Pointer error corrected
 2000-10-27 20:29:10 +00:00
Richard Levitte
e7ce15846d Fix from main trunk, 2000-10-17 00:56 steve: 
Update test server certificate in apps/server.pem (it was expired).
 2000-10-27 20:23:21 +00:00
Richard Levitte
1433ae4790 Fix from main trunk, 2000-10-13 10:30 levitte: 
Make the new conf implementatoin bug-compatible with the old one.
Actually, it's a feature that it goes looking at environment
variables.  It's just a pity that it's at the cost of the error
checking...  I'll see if I can come up with a better interface for
this.

Fix from main trunk, 2000-10-16 15:08  ben:

Always return a value.
 2000-10-27 20:18:00 +00:00
Richard Levitte
a506153219 Fix from main trunk, 2000-10-16 08:01 levitte: 
CRYPTO_get_ex_new_index would never return an error.
 2000-10-27 20:12:05 +00:00
Richard Levitte
bee4756251 Fix from main trunk, 2000-10-15 01:51 steve: 
Fix for typo in certificate directory lookup code.
 2000-10-27 20:09:13 +00:00
Bodo Möller
b3f4fb1f72 rsautl.c requires RSA. 2000-10-26 12:05:22 +00:00
cvs2svn
38654b070d This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2000-10-19 23:16:49 +00:00
Richard Levitte
82c31e1496 Fix from main trunk, 2000-10-04 00:02 levitte: 
More SSL functions documented.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

Fix from main trunk, 2000-10-10 11:15  levitte:

A few small corrections to the SSL documentation.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 2000-10-11 12:12:06 +00:00
Richard Levitte
4c3853abea Fix from main trunk, 2000-10-09 18:40 bodo: 
BIO_sock_init() returns 1 for success and -1 for failure, not 0; thus
the condition '!BIO_sock_init()' doesn't make sense.
 2000-10-11 10:24:06 +00:00
Richard Levitte
5b88fe121d Fix from main trunk, 2000-10-09 02:50 levitte: 
Make sure ranlib is only used on .a libraries.
 2000-10-11 10:11:22 +00:00
Richard Levitte
a46db6ecce Fix from main trunk, 2000-10-08 21:38 levitte: 
Linux on Alpha has the configuration name linux-alpha-gcc, not
linux-alpha.
 2000-10-11 10:05:37 +00:00
Richard Levitte
f4d52a896e Fix from main trunk, 2000-10-08 21:40 levitte: 
Linux on Alpha with gcc knows about shared libraries.

Fix from main trunk, 2000-10-09 02:48  levitte:

Make sure that shareable libraries are turned off if we don't know how
to make them...
 2000-10-11 10:04:16 +00:00
Richard Levitte
57b6a64eed Fix from main trunk, 2000-09-26 14:15 bodo: 
Add BUGS section.
 2000-10-11 09:53:10 +00:00
Richard Levitte
c0a86cd5dd Fix from main trunk, 2000-09-27 23:45 ulf: 
The des_modes manpage is in section 7.
 2000-10-11 09:47:44 +00:00
Richard Levitte
43cbb1e3dd Fix from main trunk, 2000-09-27 15:54 levitte: 
A compiler warning removed.  Thanks to the folks at HP!
 2000-10-11 09:46:34 +00:00
Richard Levitte
2cb3c3b2bf Fix from main trunk, 2000-09-29 22:14 levitte: 
Include arpa/inet.h, since that's where htons() and friends are
supposed to be defined according to XPG4.2.  Found by Evan
<n2xjk@ulster.net> for the MVS platform.
 2000-10-11 09:45:30 +00:00
Richard Levitte
24802a6d91 Fix from main trunk, 2000-09-26 13:39 bodo: 
Note read_ahead-flag related fixes.
 2000-10-11 09:16:47 +00:00
Richard Levitte
c125ea2767 Fix from main trunk, 2000-09-26 13:30 bodo: 
Don't modify s->read_ahead in SSL_clear, which is called from
accept/connect functions; those should not change the read_ahead
setting of the SSL structure.

Fix from main trunk, 2000-09-26 13:38  bodo:

Set s->read_ahead in SSL_new because SSL_clear no longer modifies it.
 2000-10-11 09:15:53 +00:00
Richard Levitte
df4fd356df Fix from main trunk, 2000-09-26 13:25 bodo: 
Fix SSL_CTX_set_read_ahead macro.

Submitted by: Anders Gertz <gertz@epact.se>
 2000-10-11 09:14:17 +00:00
Richard Levitte
1f1f23a882 Fix from main trunk, 2000-09-25 13:12 levitte: 
Document the change.
 2000-10-11 02:28:39 +00:00
Richard Levitte
ee4462d2b1 Fix from main trunk, 2000-09-25 12:22 levitte: 
Update
 2000-10-11 02:27:07 +00:00
Richard Levitte
41faea737a Fix from main trunk, 2000-09-25 12:21 levitte: 
When creating a .def file, be a bit more selective so disabled
algorithms do not get in...
 2000-10-11 02:24:38 +00:00
Richard Levitte
7c69ce8bc0 Fix from main trunk, 2000-09-25 11:30 levitte: 
echo=off works on NT, but not on W2K.
 2000-10-11 02:22:59 +00:00
Richard Levitte
eb3633164e Fix from main trunk, 2000-09-25 10:52 levitte: 
'ranlib' doesn't always run on some systems.  That's actually
acceptable, since all that happens if it fails is a library with an
index, which makes linking slower, but still working correctly.
 2000-10-11 02:04:16 +00:00
Richard Levitte
a08d14fef4 Fix from main trunk, 2000-09-25 10:49 levitte: 
Make the algorithm implementations depend on the corresponding
selection macros.
 2000-10-11 01:57:07 +00:00
Richard Levitte
b73ff18078 Fix from main trunk, 2000-09-25 07:55 ulf: 
typo
 2000-10-11 01:56:00 +00:00
cvs2svn
9beaae61ec This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2000-10-10 09:15:48 +00:00
142 changed files with 2062 additions and 7927 deletions
Expand all files Collapse all files

114
CHANGES
View File

@@ -2,6 +2,118 @@
OpenSSL CHANGES
_______________
Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
*) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
PRNG state recovery was possible based on the output of
one PRNG request appropriately sized to gain knowledge on
'md' followed by enough consecutive 1-byte PRNG requests
to traverse all of 'state'.
1. When updating 'md_local' (the current thread's copy of 'md')
during PRNG output generation, hash all of the previous
'md_local' value, not just the half used for PRNG output.
2. Make the number of bytes from 'state' included into the hash
independent from the number of PRNG bytes requested.
The first measure alone would be sufficient to avoid
Markku-Juhani's attack. (Actually it had never occurred
to me that the half of 'md_local' used for chaining was the
half from which PRNG output bytes were taken -- I had always
assumed that the secret half would be used.) The second
measure makes sure that additional data from 'state' is never
mixed into 'md_local' in small portions; this heuristically
further strengthens the PRNG.
[Bodo Moeller]
*) Fix crypto/bn/asm/mips3.s.
[Andy Polyakov]
*) When only the key is given to "enc", the IV is undefined. Print out
an error message in this case.
[Lutz Jaenicke]
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]
*) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
positive and less than q.
[Bodo Moeller]
*) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
used: it isn't thread safe and the add_lock_callback should handle
that itself.
[Paul Rose <Paul.Rose@bridge.com>]
*) Verify that incoming data obeys the block size in
ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
[Bodo Moeller]
*) Fix OAEP check.
[Ulf M<>ller, Bodo M<>ller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5
when fixing the server behaviour for backwards-compatible 'client
hello' messages. (Note that the attack is impractical against
SSL 3.0 and TLS 1.0 anyway because length and version checking
means that the probability of guessing a valid ciphertext is
around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
paper.)
Before 0.9.5, the countermeasure (hide the error by generating a
random 'decryption result') did not work properly because
ERR_clear_error() was missing, meaning that SSL_get_error() would
detect the supposedly ignored error.
Both problems are now fixed.
[Bodo Moeller]
*) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
(previously it was 1024).
[Bodo Moeller]
*) Fix for compatibility mode trust settings: ignore trust settings
unless some valid trust or reject settings are present.
[Steve Henson]
*) Fix for blowfish EVP: its a variable length cipher.
[Steve Henson]
*) Fix various bugs related to DSA S/MIME verification. Handle missing
parameters in DSA public key structures and return an error in the
DSA routines if parameters are absent.
[Steve Henson]
*) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
in the current directory if neither $RANDFILE nor $HOME was set.
RAND_file_name() in 0.9.6a returned NULL in this case. This has
caused some confusion to Windows users who haven't defined $HOME.
Thus RAND_file_name() is changed again: e_os.h can define a
DEFAULT_HOME, which will be used if $HOME is not set.
For Windows, we use "C:"; on other platforms, we still require
environment variables.
*) Move 'if (!initialized) RAND_poll()' into regions protected by
CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
having multiple threads call RAND_poll() concurrently.
[Bodo Moeller]
*) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
combination of a flag and a thread ID variable.
Otherwise while one thread is in ssleay_rand_bytes (which sets the
flag), *other* threads can enter ssleay_add_bytes without obeying
the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
that they do not hold after the first thread unsets add_do_not_lock).
[Bodo Moeller]
*) Change bctest again: '-x' expressions are not available in all
versions of 'test'.
[Bodo Moeller]
Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
*) Fix a couple of memory leaks in PKCS7_dataDecode()
@@ -2363,7 +2475,7 @@
copied!)
[Bodo Moeller]
*) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
*) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
worked.
*) Fix problems with no-hmac etc.

26
Configure
View File

@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#
@@ -23,20 +23,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# support isn't compiled.
# no-hw do not compile support for any crypto hardware.
# rsaref use RSAref
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
# [no-]shared [don't] try to create shared libraries when supported.
# IT IS NOT RECOMMENDED TO USE "shared"! Since this is a
# development branch, the positions of the ENGINE symbols
# in the transfer vector are constantly moving, so binary
# backward compatibility can't be guaranteed in any way.
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
@@ -143,6 +134,9 @@ my %table=(
# error message.
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -519,18 +513,6 @@ PROCESS_ARGS:
$flags .= "-DNO_ASM ";
$openssl_other_defines .= "#define NO_ASM\n";
}
elsif (/^no-hw-(.+)$/)
{
my $hw=$1;
$hw =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_HW_$hw ";
$openssl_other_defines .= "#define NO_HW_$hw\n";
}
elsif (/^no-hw$/)
{
$flags .= "-DNO_HW ";
$openssl_other_defines .= "#define NO_HW\n";
}
elsif (/^no-dso$/)
{ $no_dso=1; }
elsif (/^no-threads$/)

62
FAQ
View File

@@ -17,6 +17,7 @@ OpenSSL - Frequently Asked Questions
[USER] Questions on using the OpenSSL applications
* Why do I get a "PRNG not seeded" error message?
* Why do I get an "unable to write 'random state'" error message?
* How do I create certificates or certificate requests?
* Why can't I create certificate requests?
* Why does <SSL program> fail with a certificate verify error?
@@ -47,6 +48,7 @@ OpenSSL - Frequently Asked Questions
* Why do I get errors about unknown algorithms?
* Why can't the OpenSSH configure script detect OpenSSL?
* Can I use OpenSSL's SSL library with non-blocking I/O?
* Why doesn't my server application receive a client certificate?
===============================================================================
@@ -55,7 +57,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.6a was released on April 5th, 2001.
OpenSSL 0.9.6b was released on July 9th, 2001.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -160,6 +162,7 @@ correctly. Many open source operating systems provide a "randomness
device" that serves this purpose. On other systems, applications have
to call the RAND_add() or RAND_seed() function with appropriate data
before generating keys or performing public key encryption.
(These functions initialize the pseudo-random number generator, PRNG.)
Some broken applications do not do this. As of version 0.9.5, the
OpenSSL functions that need randomness report an error if the random
@@ -169,18 +172,36 @@ application you are using. It is likely that it never worked
correctly. OpenSSL 0.9.5 and later make the error visible by refusing
to perform potentially insecure encryption.
On systems without /dev/urandom, it is a good idea to use the Entropy
Gathering Demon; see the RAND_egd() manpage for details.
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
details. Starting with version 0.9.7, OpenSSL will automatically look
for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
/etc/entropy.
Most components of the openssl command line tool try to use the
file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
for seeding the PRNG. If this file does not exist or is too short,
the "PRNG not seeded" error message may occur.
Most components of the openssl command line utility automatically try
to seed the random number generator from a file. The name of the
default seeding file is determined as follows: If environment variable
RANDFILE is set, then it names the seeding file. Otherwise if
environment variable HOME is set, then the seeding file is $HOME/.rnd.
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
use file .rnd in the current directory while OpenSSL 0.9.6a uses no
default seeding file at all. OpenSSL 0.9.6b and later will behave
similarly to 0.9.6a, but will use a default of "C:" for HOME on
Windows systems if the environment variable has not been set.
[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
0.9.5 does not do this and will fail on systems without /dev/urandom
when trying to password-encrypt an RSA key! This is a bug in the
library; try a later version instead.]
If the default seeding file does not exist or is too short, the "PRNG
not seeded" error message may occur.
The openssl command line utility will write back a new state to the
default seeding file (and create this file if necessary) unless
there was no sufficient seeding.
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
Use the "-rand" option of the OpenSSL command line tools instead.
The $RANDFILE environment variable and $HOME/.rnd are only used by the
OpenSSL command line tools. Applications using the OpenSSL library
provide their own configuration options to specify the entropy source,
please check out the documentation coming the with application.
For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
installing the SUNski package from Sun patch 105710-01 (Sparc) which
@@ -190,6 +211,18 @@ versions. However, be warned that /dev/random is usually a blocking
device, which may have some effects on OpenSSL.
* Why do I get an "unable to write 'random state'" error message?
Sometimes the openssl command line utility does not abort with
a "PRNG not seeded" error message, but complains that it is
"unable to write 'random state'". This message refers to the
default seeding file (see previous answer). A possible reason
is that no default filename is known because neither RANDFILE
nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
current directory in this case, but this has changed with 0.9.6a.)
* How do I create certificates or certificate requests?
Check out the CA.pl(1) manual page. This provides a simple wrapper round
@@ -543,5 +576,12 @@ requiring a bi-directional message exchange; both SSL_read() and
SSL_write() will try to continue any pending handshake.
* Why doesn't my server application receive a client certificate?
Due to the TLS protocol definition, a client will only send a certificate,
if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
SSL_CTX_set_verify() function to enable the use of client certificates.
===============================================================================

13
INSTALL
View File

@@ -7,8 +7,11 @@
To install OpenSSL, you will need:
* make
* Perl 5
* an ANSI C compiler
* a development environment in form of development libraries and C
header files
* a supported Unix operating system
Quick Start
@@ -43,9 +46,6 @@
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
rsaref Build with RSADSI's RSAREF toolkit (this assumes that
librsaref.a is in the library search path).
no-threads Don't try to build with support for multi-threaded
applications.
@@ -57,10 +57,7 @@
shared In addition to the usual static libraries, create shared
libraries on platforms where it's supported. See "Note on
shared libraries" below. THIS IS NOT RECOMMENDED! Since
this is a development branch, the positions of the ENGINE
symbols in the transfer vector are constantly moving, so
binary backward compatibility can't be guaranteed in any way.
shared libraries" below.
no-asm Do not use assembler code.
@@ -128,7 +125,7 @@
directory, and the binary will be in the "apps" directory.
If "make" fails, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like missing
the failure that aren't problems in OpenSSL itself (like missing
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be forwarded to a public mailing list). Include the

10
INSTALL.VMS
View File

@@ -8,6 +8,7 @@ Intro:
This file is divided in the following parts:
Requirements - Mandatory reading.
Checking the distribution - Mandatory reading.
Compilation - Mandatory reading.
Logical names - Mandatory reading.
@@ -19,6 +20,15 @@ This file is divided in the following parts:
TODO - Things that are to come.
Requirements:
=============
To build and install OpenSSL, you will need:
* DEC C or some other ANSI C compiler. VAX C is *not* supported.
[Note: OpenSSL has only been tested with DEC C. Compiling with
a different ANSI C compiler may require some work]
Checking the distribution:
==========================

10
Makefile.org
View File

@@ -162,7 +162,7 @@ SHLIBDIRS= crypto ssl
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso engine \
bn rsa dsa dh dso \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -474,19 +474,19 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@echo installing man 1 and man 5
@for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `dirname $$i`; \
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`) \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
done
@echo installing man 3 and man 7
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `dirname $$i`; \
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`) \

17
NEWS
View File

@@ -5,6 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
o Security fix: PRNG improvements.
o Security fix: RSA OAEP check.
o Security fix: Reinsert and fix countermeasure to Bleichbacher's
attack.
o MIPS bug fix in BIGNUM.
o Bug fix in "openssl enc".
o Bug fix in X.509 printing routine.
o Bug fix in DSA verification routine and DSA S/MIME verification.
o Bug fix to make PRNG thread-safe.
o Bug fix in RAND_file_name().
o Bug fix in compatibility mode trust settings.
o Bug fix in blowfish EVP.
o Increase default size for BIO buffering filter.
o Compatibility fixes in some scripts.
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
o Security fix: change behavior of OpenSSL to avoid using

4
README
View File

@@ -1,7 +1,7 @@
OpenSSL 0.9.6a [engine] 5 Apr 2001
OpenSSL 0.9.6b 9 Jul 2001
Copyright (c) 1998-2000 The OpenSSL Project
Copyright (c) 1998-2001 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

2
STATUS
View File

@@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at
______________ $Date: 2001/04/05 17:48:02 $
______________ $Date: 2001/04/05 17:42:00 $
DEVELOPMENT STATE

22
TABLE
View File

@@ -2464,6 +2464,28 @@ $shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
*** solaris-x86-cc
$cc = cc
$cflags = -fast -O -Xa
$unistd =
$thread_cflag = -D_REENTRANT
$lflags = -lsocket -lnsl -ldl
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
*** solaris-x86-gcc
$cc = gcc
$cflags = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM

469
apps/Makefile.ssl
View File

@@ -210,15 +210,14 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
ca.o: ../include/openssl/err.h ../include/openssl/evp.h
ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -297,15 +296,14 @@ dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -317,15 +315,14 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
dh.o: ../include/openssl/err.h ../include/openssl/evp.h
dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -339,15 +336,14 @@ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -360,15 +356,14 @@ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -381,20 +376,20 @@ enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
enc.o: ../include/openssl/des.h ../include/openssl/dh.h
enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
enc.o: ../include/openssl/engine.h ../include/openssl/err.h
enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
enc.o: ../include/openssl/err.h ../include/openssl/evp.h
enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
enc.o: ../include/openssl/x509_vfy.h apps.h
errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -425,20 +420,20 @@ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
gendh.o: ../include/openssl/x509_vfy.h apps.h
gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -446,15 +441,14 @@ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -467,15 +461,14 @@ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -552,15 +545,14 @@ pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -574,15 +566,14 @@ pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -595,15 +586,14 @@ pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -617,19 +607,19 @@ rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
rand.o: ../include/openssl/des.h ../include/openssl/dh.h
rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
rand.o: ../include/openssl/engine.h ../include/openssl/err.h
rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
rand.o: ../include/openssl/err.h ../include/openssl/evp.h
rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
rand.o: ../include/openssl/x509_vfy.h apps.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -637,15 +627,14 @@ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
req.o: ../include/openssl/des.h ../include/openssl/dh.h
req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
req.o: ../include/openssl/engine.h ../include/openssl/err.h
req.o: ../include/openssl/evp.h ../include/openssl/idea.h
req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
req.o: ../include/openssl/md4.h ../include/openssl/md5.h
req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
req.o: ../include/openssl/err.h ../include/openssl/evp.h
req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
req.o: ../include/openssl/md2.h ../include/openssl/md4.h
req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -659,15 +648,14 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -680,15 +668,14 @@ rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -724,24 +711,23 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
s_client.o: s_apps.h
s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h
s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_client.o: ../include/openssl/tls1.h ../include/openssl/x509.h
s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -749,24 +735,23 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
s_server.o: s_apps.h
s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h
s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_server.o: ../include/openssl/tls1.h ../include/openssl/x509.h
s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -844,15 +829,14 @@ smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
smime.o: ../include/openssl/des.h ../include/openssl/dh.h
smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
smime.o: ../include/openssl/engine.h ../include/openssl/err.h
smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
smime.o: ../include/openssl/err.h ../include/openssl/evp.h
smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -865,20 +849,20 @@ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
speed.o: ../include/openssl/des.h ../include/openssl/dh.h
speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
speed.o: ../include/openssl/engine.h ../include/openssl/err.h
speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
speed.o: ../include/openssl/err.h ../include/openssl/evp.h
speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
speed.o: ./testrsa.h apps.h
spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -886,15 +870,14 @@ spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -907,15 +890,14 @@ verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
verify.o: ../include/openssl/des.h ../include/openssl/dh.h
verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
verify.o: ../include/openssl/engine.h ../include/openssl/err.h
verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
verify.o: ../include/openssl/err.h ../include/openssl/evp.h
verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -948,15 +930,14 @@ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
x509.o: ../include/openssl/des.h ../include/openssl/dh.h
x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
x509.o: ../include/openssl/engine.h ../include/openssl/err.h
x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
x509.o: ../include/openssl/err.h ../include/openssl/evp.h
x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h

2
apps/apps.c
View File

@@ -170,8 +170,6 @@ int str2fmt(char *s)
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}

2
apps/apps.h
View File

@@ -162,8 +162,6 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
/* Since this is currently inofficial, let's give it a high number */
#define FORMAT_ENGINE 127
#define NETSCAPE_CERT_HDR "certificate"

35
apps/ca.c
View File

@@ -74,7 +74,6 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#ifndef W_OK
# ifdef VMS
@@ -168,7 +167,6 @@ static char *ca_usage[]={
" -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
@@ -218,7 +216,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
@@ -271,7 +268,6 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
char *engine = NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -423,11 +419,6 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else
{
bad:
@@ -448,24 +439,6 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -1247,7 +1220,11 @@ bad:
X509_free(revcert);
strncpy(buf[0],dbfile,BSIZE-4);
#ifndef VMS
strcat(buf[0],".new");
#else
strcat(buf[0],"-new");
#endif
if (BIO_write_filename(out,buf[0]) <= 0)
{
perror(dbfile);
@@ -1257,7 +1234,11 @@ bad:
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
strncpy(buf[1],dbfile,BSIZE-4);
#ifndef VMS
strcat(buf[1],".old");
#else
strcat(buf[1],"-old");
#endif
if (rename(dbfile,buf[1]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);

33
apps/dgst.c
View File

@@ -66,7 +66,6 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
@@ -74,14 +73,13 @@
#undef PROG
#define PROG dgst_main
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=0;
const EVP_MD *md=NULL,*m;
@@ -95,11 +93,10 @@ int MAIN(int argc, char **argv)
int debug=0;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
char out_bin = -1, want_pub = 0, do_verify = 0;
int out_bin = -1, want_pub = 0, do_verify = 0;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
char *engine=NULL;
apps_startup();
@@ -157,11 +154,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break;
sigfile=*(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
}
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
@@ -198,7 +190,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
@@ -218,24 +209,6 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
@@ -365,7 +338,7 @@ end:
EXIT(err);
}
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen)
{
int len;

29
apps/dh.c
View File

@@ -69,7 +69,6 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dh_main
@@ -88,12 +87,11 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog,*engine;
char *infile,*outfile,*prog;
apps_startup();
@@ -101,7 +99,6 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -132,11 +129,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -168,30 +160,11 @@ bad:
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))

28
apps/dhparam.c
View File

@@ -121,7 +121,6 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#ifndef NO_DSA
#include <openssl/dsa.h>
@@ -149,7 +148,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef NO_DSA
@@ -158,7 +156,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *inrand=NULL,*engine=NULL;
char *inrand=NULL;
int num = 0, g = 0;
apps_startup();
@@ -197,11 +195,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -247,7 +240,6 @@ bad:
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -257,24 +249,6 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (g && !num)
num = DEFBITS;

29
apps/dsa.c
View File

@@ -68,7 +68,6 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dsa_main
@@ -88,7 +87,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
@@ -96,7 +94,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog,*engine;
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -107,7 +105,6 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -148,11 +145,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
@@ -184,7 +176,6 @@ bad:
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
@@ -198,24 +189,6 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;

4
apps/dsaparam.c
View File

@@ -69,7 +69,6 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dsaparam_main
@@ -91,12 +90,11 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,noout=0,C=0,ret=1;
char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;

35
apps/enc.c
View File

@@ -70,7 +70,6 @@
#include <openssl/md5.h>
#endif
#include <openssl/pem.h>
#include <openssl/engine.h>
int set_hex(char *in,unsigned char *out,int size);
#undef SIZE
@@ -85,7 +84,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
static const char magic[]="Salted__";
char mbuf[8]; /* should be 1 smaller than magic */
char *strbuf=NULL;
@@ -103,7 +101,6 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
char *engine = NULL;
apps_startup();
@@ -144,11 +141,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
@@ -249,7 +241,6 @@ bad:
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
BIO_printf(bio_err,"Cipher Types\n");
BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
@@ -323,24 +314,6 @@ bad:
argv++;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (bufsize != NULL)
{
unsigned long n;
@@ -542,6 +515,14 @@ bad:
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
if ((hiv == NULL) && (str == NULL))
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible. */
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey,key,24))
{
BIO_printf(bio_err,"invalid hex key value\n");

33
apps/gendh.c
View File

@@ -70,7 +70,6 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -82,13 +81,11 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
char *engine=NULL;
BIO *out=NULL;
apps_startup();
@@ -113,11 +110,6 @@ int MAIN(int argc, char **argv)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -133,34 +125,15 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -2 use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 use 5 as the generator value\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{

27
apps/gendsa.c
View File

@@ -68,7 +68,6 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -78,7 +77,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
@@ -86,7 +84,6 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
char *engine=NULL;
apps_startup();
@@ -109,11 +106,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -153,7 +145,6 @@ bad:
#ifndef NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -162,24 +153,6 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;

30
apps/genrsa.c
View File

@@ -69,7 +69,6 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -81,7 +80,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
@@ -90,7 +88,6 @@ int MAIN(int argc, char **argv)
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
char *engine=NULL;
char *inrand=NULL;
BIO *out=NULL;
@@ -119,11 +116,6 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -162,7 +154,6 @@ bad:
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -176,24 +167,6 @@ bad:
goto err;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -213,8 +186,7 @@ bad:
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}

23
apps/pkcs12.c
View File

@@ -66,7 +66,6 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/engine.h>
#define PROG pkcs12_main
@@ -93,7 +92,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -120,7 +118,6 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
char *engine=NULL;
apps_startup();
@@ -239,11 +236,6 @@ int MAIN(int argc, char **argv)
args++;
CAfile = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
} else badarg = 1;
} else badarg = 1;
@@ -287,27 +279,12 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
if (engine != NULL) {
if((e = ENGINE_by_id(engine)) == NULL) {
BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(passarg) {
if(export_cert) passargout = passarg;
else passargin = passarg;

27
apps/pkcs7.c
View File

@@ -67,7 +67,6 @@
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG pkcs7_main
@@ -83,7 +82,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
@@ -91,7 +89,6 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=0;
char *engine=NULL;
apps_startup();
@@ -135,11 +132,6 @@ int MAIN(int argc, char **argv)
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,30 +154,11 @@ bad:
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
EXIT(1);
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))

30
apps/pkcs8.c
View File

@@ -62,7 +62,6 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/engine.h>
#include "apps.h"
#define PROG pkcs8_main
@@ -71,7 +70,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
@@ -87,13 +85,9 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
char *engine=NULL;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
@@ -144,11 +138,6 @@ int MAIN(int argc, char **argv)
if (!args[1]) goto bad;
passargout= *(++args);
}
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
@@ -181,28 +170,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
return (1);
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
return (1);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
return (1);
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
return (1);

35
apps/rand.c
View File

@@ -9,7 +9,6 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#undef PROG
#define PROG rand_main
@@ -24,7 +23,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
@@ -32,7 +30,6 @@ int MAIN(int argc, char **argv)
int base64 = 0;
BIO *out = NULL;
int num = -1;
char *engine=NULL;
apps_startup();
@@ -51,13 +48,6 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
}
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -94,31 +84,12 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

64
apps/req.c
View File

@@ -73,7 +73,6 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define SECTION "req"
@@ -141,7 +140,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
#ifndef NO_DSA
DSA *dsa_params=NULL;
#endif
@@ -154,7 +152,6 @@ int MAIN(int argc, char **argv)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *engine=NULL;
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
@@ -198,11 +195,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@@ -383,7 +375,6 @@ bad:
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
@@ -531,55 +522,24 @@ bad:
if ((in == NULL) || (out == NULL))
goto end;
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (keyfile != NULL)
{
if (keyform == FORMAT_ENGINE)
if (BIO_read_filename(in,keyfile) <= 0)
{
if (!e)
{
BIO_printf(bio_err,"no engine specified\n");
goto end;
}
pkey = ENGINE_load_private_key(e, keyfile, NULL);
perror(keyfile);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
}
else
{
if (BIO_read_filename(in,keyfile) <= 0)
{
perror(keyfile);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
passin);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
}
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
}
if (pkey == NULL)

27
apps/rsa.c
View File

@@ -68,7 +68,6 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG rsa_main
@@ -91,7 +90,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
@@ -102,7 +100,6 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *engine=NULL;
int modulus=0;
apps_startup();
@@ -151,11 +148,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
@@ -203,30 +195,11 @@ bad:
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;

25
apps/rsautl.c
View File

@@ -62,7 +62,6 @@
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
@@ -83,7 +82,6 @@ int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
char *keyfile = NULL;
@@ -97,7 +95,6 @@ int MAIN(int argc, char **argv)
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
int rsa_inlen, rsa_outlen = 0;
int keysize;
char *engine=NULL;
int ret = 1;
@@ -120,9 +117,6 @@ int MAIN(int argc, char **argv)
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
} else if(!strcmp(*argv, "-engine")) {
if (--argc < 1) badarg = 1;
engine = *(++argv);
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
@@ -157,24 +151,6 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
@@ -304,7 +280,6 @@ static void usage()
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");

34
apps/s_client.c
View File

@@ -80,7 +80,6 @@ typedef unsigned int u_int;
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
@@ -155,7 +154,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
int MAIN(int, char **);
@@ -183,8 +182,6 @@ int MAIN(int argc, char **argv)
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
char *engine_id=NULL;
ENGINE *e=NULL;
#ifdef WINDOWS
struct timeval tv;
#endif
@@ -327,11 +324,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -372,30 +364,6 @@ bad:
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
if (engine_id != NULL)
{
if((e = ENGINE_by_id(engine_id)) == NULL)
{
BIO_printf(bio_err,"invalid engine\n");
ERR_print_errors(bio_err);
goto end;
}
if (c_debug)
{
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
0, bio_err, 0);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
ENGINE_free(e);
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{

34
apps/s_server.c
View File

@@ -84,7 +84,6 @@ typedef unsigned int u_int;
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
@@ -178,7 +177,6 @@ static int s_debug=0;
static int s_quiet=0;
static int hack=0;
static char *engine_id=NULL;
#ifdef MONOLITH
static void s_server_init(void)
@@ -201,7 +199,6 @@ static void s_server_init(void)
s_debug=0;
s_quiet=0;
hack=0;
engine_id=NULL;
}
#endif
@@ -247,7 +244,6 @@ static void sv_usage(void)
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
static int local_argc=0;
@@ -418,8 +414,6 @@ int MAIN(int argc, char *argv[])
int state=0;
SSL_METHOD *meth=NULL;
char *inrand=NULL;
char *engine_id=NULL;
ENGINE *e=NULL;
#ifndef NO_DH
DH *dh=NULL;
#endif
@@ -579,11 +573,6 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -635,29 +624,6 @@ bad:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
if (engine_id != NULL)
{
if((e = ENGINE_by_id(engine_id)) == NULL)
{
BIO_printf(bio_err,"invalid engine\n");
ERR_print_errors(bio_err);
goto end;
}
if (s_debug)
{
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
0, bio_err, 0);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
ENGINE_free(e);
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{

30
apps/smime.c
View File

@@ -64,7 +64,6 @@
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#undef PROG
#define PROG smime_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
@@ -105,9 +103,8 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
char *engine=NULL;
args = argv + 1;
ret = 1;
while (!badarg && *args && *args[0] == '-') {
@@ -156,11 +153,6 @@ int MAIN(int argc, char **argv)
inrand = *args;
} else badarg = 1;
need_rand = 1;
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
@@ -298,7 +290,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
@@ -306,24 +298,6 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;

45
apps/speed.c
View File

@@ -81,14 +81,13 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#if defined(__FreeBSD__)
#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
# define USE_TOD
#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
# define TIMES
#endif
#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
# define TIMEB
#endif
@@ -311,7 +310,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e;
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
#define ALGOR_NUM 15
@@ -472,37 +470,6 @@ int MAIN(int argc, char **argv)
{
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
usertime = 0;
else
if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
{
argc--;
argv++;
if(argc == 0)
{
BIO_printf(bio_err,"no engine given\n");
goto end;
}
if((e = ENGINE_by_id(*argv)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
*argv);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
/* Free our "structural" reference. */
ENGINE_free(e);
/* It will be increased again further down. We just
don't want speed to confuse an engine with an
algorithm, especially when none is given (which
means all of them should be run) */
j--;
}
else
#ifndef NO_MD2
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
else
@@ -550,7 +517,7 @@ int MAIN(int argc, char **argv)
#ifdef RSAref
if (strcmp(*argv,"rsaref") == 0)
{
RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
RSA_set_default_method(RSA_PKCS1_RSAref());
j--;
}
else
@@ -558,7 +525,7 @@ int MAIN(int argc, char **argv)
#ifndef RSA_NULL
if (strcmp(*argv,"openssl") == 0)
{
RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
RSA_set_default_method(RSA_PKCS1_SSLeay());
j--;
}
else
@@ -703,12 +670,11 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"\n");
#endif
#ifdef TIMES
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
#ifdef TIMES
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
goto end;
}
argc--;
@@ -1415,7 +1381,6 @@ int MAIN(int argc, char **argv)
#endif
mret=0;
end:
ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf);
if (buf2 != NULL) OPENSSL_free(buf2);
#ifndef NO_RSA

27
apps/spkac.c
View File

@@ -69,7 +69,6 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG spkac_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
@@ -93,7 +91,6 @@ int MAIN(int argc, char **argv)
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
apps_startup();
@@ -139,11 +136,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
spksect= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
@@ -169,7 +161,6 @@ bad:
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
@@ -179,24 +170,6 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
else key = BIO_new_fp(stdin, BIO_NOCLOSE);

28
apps/verify.c
View File

@@ -65,7 +65,6 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG verify_main
@@ -79,7 +78,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
@@ -87,7 +85,6 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
char *engine=NULL;
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
@@ -140,11 +137,6 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto end;
engine= *(++argv);
}
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -162,24 +154,6 @@ int MAIN(int argc, char **argv)
break;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
@@ -227,7 +201,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;

27
apps/x509.c
View File

@@ -73,7 +73,6 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG x509_main
@@ -130,7 +129,6 @@ static char *x509_usage[]={
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
@@ -147,7 +145,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
@@ -178,7 +175,6 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0;
char *engine=NULL;
reqfile=0;
@@ -341,11 +337,6 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
@@ -429,24 +420,6 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);

24
config
View File

@@ -508,27 +508,11 @@ case "$GUESSOS" in
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
# NB: This atalla support has been superceded by the ENGINE support
# That contains its own header and definitions anyway. Support can
# be enabled or disabled on any supported platform without external
# headers, eg. by adding the "hw-atalla" switch to ./config or
# perl Configure
#
# See whether we can compile Atalla support
#if [ -f /usr/include/atasi.h ]
#then
# options="$options -DATALLA"
#fi
#get some basic shared lib support (behnke@trustcenter.de)
case "$OUT" in
solaris-*-gcc)
if [ "$SHARED" = "true" ]
then
options="$options -DPIC -fPIC"
fi
;;
esac
if [ -f /usr/include/atasi.h ]
then
options="$options -DATALLA"
fi
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]

2
crypto/Makefile.ssl
View File

@@ -27,7 +27,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso engine \
bn rsa dsa dh dso \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

2
crypto/asn1/t_x509.c
View File

@@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
ll=80-2-obase;
s=X509_NAME_oneline(name,buf,256);
if (!*s)
return 1;
s++; /* skip the first slash */
l=ll;

2
crypto/asn1/x_pubkey.c
View File

@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
a=key->algor;
if (ret->type == EVP_PKEY_DSA)
{
if (a->parameter->type == V_ASN1_SEQUENCE)
if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
{
ret->pkey.dsa->write_params=0;
p=a->parameter->value.sequence->data;

14
crypto/bio/b_print.c
View File

@@ -109,7 +109,11 @@
#endif
#if HAVE_LONG_LONG
#define LLONG long long
# if defined(WIN32) && !defined(__GNUC__)
# define LLONG _int64
# else
# define LLONG long long
# endif
#else
#define LLONG long
#endif
@@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer,
/* some handy macros */
#define char_to_int(p) (p - '0')
#define MAX(p,q) ((p >= q) ? p : q)
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
static void
_dopr(
@@ -503,13 +507,13 @@ fmtint(
convert[place] = 0;
zpadlen = max - place;
spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
spadlen = 0;
if (flags & DP_F_ZERO) {
zpadlen = MAX(zpadlen, spadlen);
zpadlen = OSSL_MAX(zpadlen, spadlen);
spadlen = 0;
}
if (flags & DP_F_MINUS)
@@ -641,7 +645,7 @@ fmtfp(
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
} while (fracpart && (fplace < 20));
} while (fplace < max);
if (fplace == 20)
fplace--;
fconvert[fplace] = 0;

2
crypto/bio/bf_buff.c
View File

@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int buffer_new(BIO *h);
static int buffer_free(BIO *data);
static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
#define DEFAULT_BUFFER_SIZE 1024
#define DEFAULT_BUFFER_SIZE 4096
static BIO_METHOD methods_buffer=
{

430
crypto/bn/asm/mips3.s
View File

@@ -1,5 +1,5 @@
.rdata
.asciiz "mips3.s, Version 1.0"
.asciiz "mips3.s, Version 1.1"
.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
/*
@@ -849,6 +849,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -856,7 +857,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -884,6 +886,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -891,7 +894,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -928,6 +932,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -935,7 +940,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -981,6 +987,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -988,7 +995,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
sd c_2,104(a0) /* r[13]=c2; */
dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
sd c_3,40(a0)
dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
@@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu c_3,t_2,AT
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sd c_2,8(a0)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
slt c_2,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
slt c_3,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
sltu AT,c_2,a2
slt AT,t_2,zero
daddu c_3,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
sltu AT,c_3,a2
slt AT,t_2,zero
daddu c_1,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
slt c_2,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
sltu AT,c_1,a2
slt AT,t_2,zero
daddu c_2,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
sltu AT,c_1,a2
slt AT,t_2,zero
daddu c_2,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8)
dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
slt c_3,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
sltu AT,c_2,a2
slt AT,t_2,zero
daddu c_3,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
sltu AT,c_2,a2
slt AT,t_2,zero
daddu c_3,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
sltu AT,c_3,a2
slt AT,t_2,zero
daddu c_1,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
sltu AT,c_3,a2
slt AT,t_2,zero
daddu c_1,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8)
dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
sltu AT,c_3,a2
slt AT,t_2,zero
daddu c_1,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8)
dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
slt c_2,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
sltu AT,c_1,a2
slt AT,t_2,zero
daddu c_2,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8)
dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
sltu AT,c_1,a2
slt AT,t_2,zero
daddu c_2,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
slt c_3,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
sltu AT,c_2,a2
slt AT,t_2,zero
daddu c_3,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
sltu AT,c_2,a2
slt AT,t_2,zero
daddu c_3,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8)
dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
sltu AT,c_3,a2
slt AT,t_2,zero
daddu c_1,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
slt c_2,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
sltu AT,c_1,a2
slt AT,t_2,zero
daddu c_2,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8)
dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
slt c_3,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8)
dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
sd c_2,104(a0)
dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4)
dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu c_3,t_2,AT
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sd c_2,8(a0)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
slt c_2,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
slt c_3,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
sltu c_3,c_2,t_2
sltu AT,c_2,t_2
daddu c_3,AT
dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
daddu c_1,t_1
sltu AT,c_1,t_1
daddu a2,t_2,AT
daddu c_2,a2
sltu AT,c_2,a2
slt AT,t_2,zero
daddu c_3,AT
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4)
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
daddu c_2,t_1
sltu AT,c_2,t_1
daddu a2,t_2,AT
daddu c_3,a2
slt c_1,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
sltu c_1,c_3,t_2
sltu AT,c_3,t_2
daddu c_1,AT
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4)
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
daddu c_3,t_1
sltu AT,c_3,t_1
daddu a2,t_2,AT
daddu c_1,a2
slt c_2,t_2,zero
dsll t_2,1
slt a2,t_1,zero
daddu t_2,a2
dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
sltu c_2,c_1,t_2
sltu AT,c_1,t_2
daddu c_2,AT
sd c_3,40(a0)
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */

205
crypto/bn/bn_exp.c
View File

@@ -113,6 +113,13 @@
#include <stdio.h>
#include "cryptlib.h"
#include "bn_lcl.h"
#ifdef ATALLA
# include <alloca.h>
# include <atasi.h>
# include <assert.h>
# include <dlfcn.h>
#endif
#define TABLE_SIZE 32
@@ -176,6 +183,174 @@ err:
}
#ifdef ATALLA
/*
* This routine will dynamically check for the existance of an Atalla AXL-200
* SSL accelerator module. If one is found, the variable
* asi_accelerator_present is set to 1 and the function pointers
* ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
unsigned char *output,
unsigned char *input,
unsigned int modulus_len);
static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
static int asi_accelerator_present;
static int tried_atalla;
void atalla_initialize_accelerator_handle(void)
{
void *dl_handle;
int status;
unsigned int config_buf[1024];
static int tested;
if(tested)
return;
tested=1;
bzero((void *)config_buf, 1024);
/*
* Check to see if the library is present on the system
*/
dl_handle = dlopen("atasi.so", RTLD_NOW);
if (dl_handle == (void *) NULL)
{
/* printf("atasi.so library is not present on the system\n");
printf("No HW acceleration available\n");*/
return;
}
/*
* The library is present. Now we'll check to insure that the
* LDM is up and running. First we'll get the address of the
* function in the atasi library that we need to see if the
* LDM is operating.
*/
ptr_ASI_GetHardwareConfig =
(tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
if (ptr_ASI_GetHardwareConfig)
{
/*
* We found the call, now we'll get our config
* status. If we get a non 0 result, the LDM is not
* running and we cannot use the Atalla ASI *
* library.
*/
status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
if (status != 0)
{
printf("atasi.so library is present but not initialized\n");
printf("No HW acceleration available\n");
return;
}
}
else
{
/* printf("We found the library, but not the function. Very Strange!\n");*/
return ;
}
/*
* It looks like we have acceleration capabilities. Load up the
* pointers to our ASI API calls.
*/
ptr_ASI_RSAPrivateKeyOpFn=
(tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
{
/* printf("We found the library, but no RSA function. Very Strange!\n");*/
return;
}
ptr_ASI_GetPerformanceStatistics =
(tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
if (ptr_ASI_GetPerformanceStatistics == NULL)
{
/* printf("We found the library, but no stat function. Very Strange!\n");*/
return;
}
/*
* Indicate that acceleration is available
*/
asi_accelerator_present = 1;
/* printf("This system has acceleration!\n");*/
return;
}
/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
{
unsigned char *abin;
unsigned char *pbin;
unsigned char *mbin;
unsigned char *rbin;
int an,pn,mn,ret;
RSAPrivateKey keydata;
atalla_initialize_accelerator_handle();
if(!asi_accelerator_present)
return 0;
/* We should be able to run without size testing */
# define ASIZE 128
an=BN_num_bytes(a);
pn=BN_num_bytes(p);
mn=BN_num_bytes(m);
if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
{
int size=mn;
assert(an <= mn);
abin=alloca(size);
memset(abin,'\0',mn);
BN_bn2bin(a,abin+size-an);
pbin=alloca(pn);
BN_bn2bin(p,pbin);
mbin=alloca(size);
memset(mbin,'\0',mn);
BN_bn2bin(m,mbin+size-mn);
rbin=alloca(size);
memset(&keydata,'\0',sizeof keydata);
keydata.privateExponent.data=pbin;
keydata.privateExponent.len=pn;
keydata.modulus.data=mbin;
keydata.modulus.len=size;
ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
if(!ret)
{
BN_bin2bn(rbin,keydata.modulus.len,r);
/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
return 1;
}
}
return 0;
}
#endif /* def ATALLA */
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx)
{
@@ -185,6 +360,13 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
bn_check_top(p);
bn_check_top(m);
#ifdef ATALLA
if(BN_mod_exp_atalla(r,a,p,m))
return 1;
/* If it fails, try the other methods (but don't try atalla again) */
tried_atalla=1;
#endif
#ifdef MONT_MUL_MOD
/* I have finally been able to take out this pre-condition of
* the top bit being set. It was caused by an error in BN_div
@@ -210,6 +392,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
#endif
#ifdef ATALLA
tried_atalla=0;
#endif
return(ret);
}
@@ -339,6 +525,12 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
bn_check_top(p);
bn_check_top(m);
#ifdef ATALLA
if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
return 1;
/* If it fails, try the other methods */
#endif
if (!(m->d[0] & 1))
{
BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -501,6 +693,19 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
t = BN_CTX_get(ctx);
if (d == NULL || r == NULL || t == NULL) goto err;
#ifdef ATALLA
if (!tried_atalla)
{
BN_set_word(t, a);
if (BN_mod_exp_atalla(rr, t, p, m))
{
BN_CTX_end(ctx);
return 1;
}
}
/* If it fails, try the other methods */
#endif
if (in_mont != NULL)
mont=in_mont;
else

8
crypto/cryptlib.c
View File

@@ -100,8 +100,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"debug_malloc2",
"dso",
"dynlock",
"engine",
#if CRYPTO_NUM_LOCKS != 29
#if CRYPTO_NUM_LOCKS != 28
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};
@@ -241,7 +240,7 @@ void CRYPTO_destroy_dynlockid(int i)
}
else
#endif
if (--(pointer->references) <= 0)
if (pointer->references <= 0)
{
sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
}
@@ -400,7 +399,7 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
struct CRYPTO_dynlock_value *pointer
= CRYPTO_get_dynlock_value(i);
if (pointer)
if (pointer && dynlock_lock_callback)
{
dynlock_lock_callback(mode, pointer, file, line);
}
@@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
CRYPTO_get_lock_name(type),
file,line);
#endif
*pointer=ret;
}
else
{

14
crypto/crypto-lib.com
View File

@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
$!
$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
"DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
"BN,RSA,DSA,DH,DSO,ENGINE,"+ -
"BN,RSA,DSA,DH,DSO,"+ -
"BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
"EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
"CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -206,8 +206,6 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
$ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
"dso_openssl,dso_win32,dso_vms"
$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
"hw_atalla,hw_cswift,hw_ncipher"
$ LIB_BUFFER = "buffer,buf_err"
$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"bss_mem,bss_null,bss_fd,"+ -
@@ -1196,9 +1194,7 @@ $ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
"/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
@@ -1230,8 +1226,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
@@ -1263,8 +1258,7 @@ $!
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
"/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!

3
crypto/crypto.h
View File

@@ -122,8 +122,7 @@ extern "C" {
#define CRYPTO_LOCK_MALLOC2 25
#define CRYPTO_LOCK_DSO 26
#define CRYPTO_LOCK_DYNLOCK 27
#define CRYPTO_LOCK_ENGINE 28
#define CRYPTO_NUM_LOCKS 29
#define CRYPTO_NUM_LOCKS 28
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2

48
crypto/dh/Makefile.ssl
View File

@@ -101,39 +101,19 @@ dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h
dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_lib.o: ../cryptlib.h

13
crypto/dh/dh.h
View File

@@ -115,11 +115,7 @@ struct dh_st
int references;
CRYPTO_EX_DATA ex_data;
#if 0
DH_METHOD *meth;
#else
struct engine_st *engine;
#endif
};
#define DH_GENERATOR_2 2
@@ -154,15 +150,10 @@ struct dh_st
DH_METHOD *DH_OpenSSL(void);
void DH_set_default_openssl_method(DH_METHOD *meth);
DH_METHOD *DH_get_default_openssl_method(void);
#if 0
void DH_set_default_method(DH_METHOD *meth);
DH_METHOD *DH_get_default_method(void);
DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
DH *DH_new_method(DH_METHOD *meth);
#else
int DH_set_method(DH *dh, struct engine_st *engine);
DH *DH_new_method(struct engine_st *engine);
#endif
DH * DH_new(void);
void DH_free(DH *dh);

13
crypto/dh/dh_key.c
View File

@@ -61,7 +61,6 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
#include <openssl/engine.h>
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -73,12 +72,12 @@ static int dh_finish(DH *dh);
int DH_generate_key(DH *dh)
{
return ENGINE_get_DH(dh->engine)->generate_key(dh);
return dh->meth->generate_key(dh);
}
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
{
return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
return dh->meth->compute_key(key, pub_key, dh);
}
static DH_METHOD dh_ossl = {
@@ -133,9 +132,8 @@ static int generate_key(DH *dh)
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
priv_key,dh->p,&ctx,mont))
goto err;
if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
goto err;
dh->pub_key=pub_key;
dh->priv_key=priv_key;
@@ -174,8 +172,7 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
dh->priv_key,dh->p,&ctx,mont))
if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
{
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;

67
crypto/dh/dh_lib.c
View File

@@ -60,7 +60,6 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/engine.h>
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
@@ -68,32 +67,17 @@ static DH_METHOD *default_DH_method;
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
void DH_set_default_openssl_method(DH_METHOD *meth)
void DH_set_default_method(DH_METHOD *meth)
{
ENGINE *e;
/* We'll need to notify the "openssl" ENGINE of this
* change too. We won't bother locking things down at
* our end as there was never any locking in these
* functions! */
if(default_DH_method != meth)
{
default_DH_method = meth;
e = ENGINE_by_id("openssl");
if(e)
{
ENGINE_set_DH(e, meth);
ENGINE_free(e);
}
}
default_DH_method = meth;
}
DH_METHOD *DH_get_default_openssl_method(void)
DH_METHOD *DH_get_default_method(void)
{
if(!default_DH_method) default_DH_method = DH_OpenSSL();
return default_DH_method;
}
#if 0
DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
{
DH_METHOD *mtmp;
@@ -103,37 +87,14 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
if (meth->init) meth->init(dh);
return mtmp;
}
#else
int DH_set_method(DH *dh, ENGINE *engine)
{
ENGINE *mtmp;
DH_METHOD *meth;
mtmp = dh->engine;
meth = ENGINE_get_DH(mtmp);
if (!ENGINE_init(engine))
return 0;
if (meth->finish) meth->finish(dh);
dh->engine= engine;
meth = ENGINE_get_DH(engine);
if (meth->init) meth->init(dh);
/* SHOULD ERROR CHECK THIS!!! */
ENGINE_finish(mtmp);
return 1;
}
#endif
DH *DH_new(void)
{
return DH_new_method(NULL);
}
#if 0
DH *DH_new_method(DH_METHOD *meth)
#else
DH *DH_new_method(ENGINE *engine)
#endif
{
DH_METHOD *meth;
DH *ret;
ret=(DH *)OPENSSL_malloc(sizeof(DH));
@@ -142,17 +103,8 @@ DH *DH_new_method(ENGINE *engine)
DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if(engine)
ret->engine = engine;
else
{
if((ret->engine=ENGINE_get_default_DH()) == NULL)
{
OPENSSL_free(ret);
return NULL;
}
}
meth = ENGINE_get_DH(ret->engine);
if(meth) ret->meth = meth;
else ret->meth = DH_get_default_method();
ret->pad=0;
ret->version=0;
ret->p=NULL;
@@ -167,9 +119,9 @@ DH *DH_new_method(ENGINE *engine)
ret->counter = NULL;
ret->method_mont_p=NULL;
ret->references = 1;
ret->flags=meth->flags;
ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
OPENSSL_free(ret);
@@ -180,7 +132,6 @@ DH *DH_new_method(ENGINE *engine)
void DH_free(DH *r)
{
DH_METHOD *meth;
int i;
if(r == NULL) return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -196,9 +147,7 @@ void DH_free(DH *r)
}
#endif
meth = ENGINE_get_DH(r->engine);
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
if(r->meth->finish) r->meth->finish(r);
CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);

88
crypto/dsa/Makefile.ssl
View File

@@ -116,75 +116,39 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_lib.o: ../cryptlib.h
dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_vrf.o: ../cryptlib.h

17
crypto/dsa/dsa.h
View File

@@ -133,11 +133,7 @@ struct dsa_st
char *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
#if 0
DSA_METHOD *meth;
#else
struct engine_st *engine;
#endif
};
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -163,20 +159,12 @@ int DSA_do_verify(const unsigned char *dgst,int dgst_len,
DSA_METHOD *DSA_OpenSSL(void);
void DSA_set_default_openssl_method(DSA_METHOD *);
DSA_METHOD *DSA_get_default_openssl_method(void);
#if 0
void DSA_set_default_method(DSA_METHOD *);
DSA_METHOD *DSA_get_default_method(void);
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
#else
int DSA_set_method(DSA *dsa, struct engine_st *engine);
#endif
DSA * DSA_new(void);
#if 0
DSA * DSA_new_method(DSA_METHOD *meth);
#else
DSA * DSA_new_method(struct engine_st *engine);
#endif
int DSA_size(DSA *);
/* next 4 return -1 on error */
int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
@@ -248,6 +236,7 @@ DH *DSA_dup_DH(DSA *r);
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_MISSING_PARAMETERS 101
#ifdef __cplusplus
}

1
crypto/dsa/dsa_err.c
View File

@@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
static ERR_STRING_DATA DSA_str_reasons[]=
{
{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
{0,NULL}
};

67
crypto/dsa/dsa_lib.c
View File

@@ -63,7 +63,6 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
@@ -71,26 +70,12 @@ static DSA_METHOD *default_DSA_method;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
void DSA_set_default_openssl_method(DSA_METHOD *meth)
void DSA_set_default_method(DSA_METHOD *meth)
{
ENGINE *e;
/* We'll need to notify the "openssl" ENGINE of this
* change too. We won't bother locking things down at
* our end as there was never any locking in these
* functions! */
if(default_DSA_method != meth)
{
default_DSA_method = meth;
e = ENGINE_by_id("openssl");
if(e)
{
ENGINE_set_DSA(e, meth);
ENGINE_free(e);
}
}
default_DSA_method = meth;
}
DSA_METHOD *DSA_get_default_openssl_method(void)
DSA_METHOD *DSA_get_default_method(void)
{
if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
return default_DSA_method;
@@ -101,7 +86,6 @@ DSA *DSA_new(void)
return DSA_new_method(NULL);
}
#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
{
DSA_METHOD *mtmp;
@@ -111,33 +95,10 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
if (meth->init) meth->init(dsa);
return mtmp;
}
#else
int DSA_set_method(DSA *dsa, ENGINE *engine)
{
ENGINE *mtmp;
DSA_METHOD *meth;
mtmp = dsa->engine;
meth = ENGINE_get_DSA(mtmp);
if (!ENGINE_init(engine))
return 0;
if (meth->finish) meth->finish(dsa);
dsa->engine = engine;
meth = ENGINE_get_DSA(engine);
if (meth->init) meth->init(dsa);
/* SHOULD ERROR CHECK THIS!!! */
ENGINE_finish(mtmp);
return 1;
}
#endif
#if 0
DSA *DSA_new_method(DSA_METHOD *meth)
#else
DSA *DSA_new_method(ENGINE *engine)
#endif
{
DSA_METHOD *meth;
DSA *ret;
ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -146,17 +107,8 @@ DSA *DSA_new_method(ENGINE *engine)
DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if(engine)
ret->engine = engine;
else
{
if((ret->engine=ENGINE_get_default_DSA()) == NULL)
{
OPENSSL_free(ret);
return NULL;
}
}
meth = ENGINE_get_DSA(ret->engine);
if(meth) ret->meth = meth;
else ret->meth = DSA_get_default_method();
ret->pad=0;
ret->version=0;
ret->write_params=1;
@@ -172,9 +124,9 @@ DSA *DSA_new_method(ENGINE *engine)
ret->method_mont_p=NULL;
ret->references=1;
ret->flags=meth->flags;
ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
OPENSSL_free(ret);
@@ -186,7 +138,6 @@ DSA *DSA_new_method(ENGINE *engine)
void DSA_free(DSA *r)
{
DSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -204,9 +155,7 @@ void DSA_free(DSA *r)
}
#endif
meth = ENGINE_get_DSA(r->engine);
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
if(r->meth->finish) r->meth->finish(r);
CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);

26
crypto/dsa/dsa_ossl.c
View File

@@ -64,7 +64,6 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -106,6 +105,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
int i,reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
if (!dsa->p || !dsa->q || !dsa->g)
{
reason=DSA_R_MISSING_PARAMETERS;
goto err;
}
BN_init(&m);
BN_init(&xr);
s=BN_new();
@@ -168,6 +172,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
BIGNUM k,*kinv=NULL,*r=NULL;
int ret=0;
if (!dsa->p || !dsa->q || !dsa->g)
{
DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
return 0;
}
if (ctx_in == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -192,7 +201,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
}
/* Compute r = (g^k mod p) mod q */
if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -231,6 +240,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
BN_init(&u2);
BN_init(&t1);
if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
{
ret = 0;
goto err;
}
if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
{
ret = 0;
goto err;
}
/* Calculate W = inv(S) mod Q
* save W in u2 */
if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
@@ -270,7 +290,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
#else
{
if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
dsa->p,ctx,mont)) goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */

5
crypto/dsa/dsa_sign.c
View File

@@ -64,11 +64,10 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -88,6 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}

3
crypto/dsa/dsa_vrf.c
View File

@@ -65,12 +65,11 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
#include <openssl/engine.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
/* data has already been hashed (probably with SHA or SHA-1). */

2
crypto/engine/.cvsignore
View File

@@ -1,2 +0,0 @@
lib
Makefile.save

220
crypto/engine/Makefile.ssl
View File

@@ -1,220 +0,0 @@
#
# OpenSSL/crypto/engine/Makefile
#
DIR= engine
TOP= ../..
CC= cc
INCLUDES= -I.. -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEFILE= Makefile.ssl
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= enginetest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
hw_atalla.c hw_cswift.c hw_ncipher.c
LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
hw_atalla.o hw_cswift.o hw_ncipher.o
SRC= $(LIBSRC)
EXHEADER= engine.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
engine_err.o: ../../include/openssl/objects.h
engine_err.o: ../../include/openssl/opensslconf.h
engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_err.o: ../../include/openssl/symhacks.h
engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
engine_lib.o: ../../include/openssl/objects.h
engine_lib.o: ../../include/openssl/opensslconf.h
engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
engine_list.o: ../../include/openssl/objects.h
engine_list.o: ../../include/openssl/opensslconf.h
engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
engine_openssl.o: ../../include/openssl/obj_mac.h
engine_openssl.o: ../../include/openssl/objects.h
engine_openssl.o: ../../include/openssl/opensslconf.h
engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_atalla.o: ../../include/openssl/opensslconf.h
hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
hw_atalla.o: vendor_defns/atalla.h
hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_cswift.o: ../../include/openssl/opensslconf.h
hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
hw_cswift.o: vendor_defns/cswift.h
hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_ncipher.o: ../../include/openssl/opensslconf.h
hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
hw_ncipher.o: ../cryptlib.h engine_int.h vendor_defns/hwcryptohook.h

278
crypto/engine/README
View File

@@ -1,278 +0,0 @@
NOTES, THOUGHTS, and EVERYTHING
-------------------------------
(1) Concurrency and locking ... I made a change to the ENGINE_free code
because I spotted a potential hold-up in proceedings (doing too
much inside a lock including calling a callback), there may be
other bits like this. What do the speed/optimisation freaks think
of this aspect of the code and design? There's lots of locking for
manipulation functions and I need that to keep things nice and
solid, but this manipulation is mostly (de)initialisation, I would
think that most run-time locking is purely in the ENGINE_init and
ENGINE_finish calls that might be made when getting handles for
RSA (and friends') structures. These would be mostly reference
count operations as the functional references should always be 1
or greater at run-time to prevent init/deinit thrashing.
(2) nCipher support, via the HWCryptoHook API, is now in the code.
Apparently this hasn't been tested too much yet, but it looks
good. :-) Atalla support has been added too, but shares a lot in
common with Ben's original hooks in bn_exp.c (although it has been
ENGINE-ified, and error handling wrapped around it) and it's also
had some low-volume testing, so it should be usable.
(3) Of more concern, we need to work out (a) how to put together usable
RAND_METHODs for units that just have one "get n or less random
bytes" function, (b) we also need to determine how to hook the code
in crypto/rand/ to use the ENGINE defaults in a way similar to what
has been done in crypto/rsa/, crypto/dsa/, etc.
(4) ENGINE should really grow to encompass more than 3 public key
algorithms and randomness gathering. The structure/data level of
the engine code is hidden from code outside the crypto/engine/
directory so change shouldn't be too viral. More important though
is how things should evolve ... this needs thought and discussion.
-----------------------------------==*==-----------------------------------
More notes 2000-08-01
---------------------
Geoff Thorpe, who designed the engine part, wrote a pretty good description
of the thoughts he had when he built it, good enough to include verbatim here
(with his permission) -- Richard Levitte
Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
From: Geoff Thorpe
Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
emerging
Hi there,
I'm going to try and do some justice to this, but I'm a little short on
time and the there is an endless amount that could be discussed on this
subject. sigh ... please bear with me :-)
> The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
> into the RSA and RAND routines, adding a level of indirection which is needed
> to keep the abstraction, as far as I understand. It would be a good thing if
> those who do play with those things took a look at the changes that have been
> done in the branch and say out loud how much (or hopefully little) we've made
> fools of ourselves.
The point here is that the code that has emerged in the BRANCH_engine
branch was based on some initial requirements of mine that I went in and
addressed, and Richard has picked up the ball and run with it too. It
would be really useful to get some review of the approach we've taken, but
first I think I need to describe as best I can the reasons behind what has
been done so far, in particular what issues we have tried to address when
doing this, and what issues we have intentionally (or necessarily) tried
to avoid.
methods, engines, and evps
--------------------------
There has been some dicussion, particularly with Steve, about where this
ENGINE stuff might fit into the conceptual picture as/when we start to
abstract algorithms a little bit to make the library more extensible. In
particular, it would desirable to have algorithms (symmetric, hash, pkc,
etc) abstracted in some way that allows them to be just objects sitting in
a list (or database) ... it'll just happen that the "DSA" object doesn't
support encryption whereas the "RSA" object does. This requires a lot of
consideration to begin to know how to tackle it; in particular how
encapsulated should these things be? If the objects also understand their
own ASN1 encodings and what-not, then it would for example be possible to
add support for elliptic-curve DSA in as a new algorithm and automatically
have ECC-DSA certificates supported in SSL applications. Possible, but not
easy. :-)
Whatever, it seems that the way to go (if I've grok'd Steve's comments on
this in the past) is to amalgamate these things in EVP as is already done
(I think) for ciphers or hashes (Steve, please correct/elaborate). I
certainly think something should be done in this direction because right
now we have different source directories, types, functions, and methods
for each algorithm - even when conceptually they are very much different
feathers of the same bird. (This is certainly all true for the public-key
stuff, and may be partially true for the other parts.)
ENGINE was *not* conceived as a way of solving this, far from it. Nor was
it conceived as a way of replacing the various "***_METHOD"s. It was
conceived as an abstraction of a sort of "virtual crypto device". If we
lived in a world where "EVP_ALGO"s (or something like them) encapsulated
particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
encapsulated interfaces to algorithms (eg. some algo's might support a
PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
think that ENGINE would encapsulate an implementation of arbitrarily many
of those algorithms - perhaps as alternatives to existing algorithms
and/or perhaps as new previously unimplemented algorithms. An ENGINE could
be used to contain an alternative software implementation, a wrapper for a
hardware acceleration and/or key-management unit, a comms-wrapper for
distributing cryptographic operations to remote machines, or any other
"devices" your imagination can dream up.
However, what has been done in the ENGINE branch so far is nothing more
than starting to get our toes wet. I had a couple of self-imposed
requirements when putting the initial abstraction together, and I may have
already posed these in one form or another on the list, but briefly;
(i) only bother with public key algorithms for now, and maybe RAND too
(motivated by the need to get hardware support going and the fact
this was a comparitively easy subset to address to begin with).
(ii) don't change (if at all possible) the existing crypto code, ie. the
implementations, the way the ***_METHODs work, etc.
(iii) ensure that if no function from the ENGINE code is ever called then
things work the way they always did, and there is no memory
allocation (otherwise the failure to cleanup would be a problem -
this is part of the reason no STACKs were used, the other part of
the reason being I found them inappropriate).
(iv) ensure that all the built-in crypto was encapsulated by one of
these "ENGINE"s and that this engine was automatically selected as
the default.
(v) provide the minimum hooking possible in the existing crypto code
so that global functions (eg. RSA_public_encrypt) do not need any
extra parameter, yet will use whatever the current default ENGINE
for that RSA key is, and that the default can be set "per-key"
and globally (new keys will assume the global default, and keys
without their own default will be operated on using the global
default). NB: Try and make (v) conflict as little as possible with
(ii). :-)
(vi) wrap the ENGINE code up in duct tape so you can't even see the
corners. Ie. expose no structures at all, just black-box pointers.
(v) maintain internally a list of ENGINEs on which a calling
application can iterate, interrogate, etc. Allow a calling
application to hook in new ENGINEs, remove ENGINEs from the list,
and enforce uniqueness within the global list of each ENGINE's
"unique id".
(vi) keep reference counts for everything - eg. this includes storing a
reference inside each RSA structure to the ENGINE that it uses.
This is freed when the RSA structure is destroyed, or has its
ENGINE explicitly changed. The net effect needs to be that at any
time, it is deterministic to know whether an ENGINE is in use or
can be safely removed (or unloaded in the case of the other type
of reference) without invalidating function pointers that may or
may not be used indavertently in the future. This was actually
one of the biggest problems to overcome in the existing OpenSSL
code - implementations had always been assumed to be ever-present,
so there was no trivial way to get round this.
(vii) distinguish between structural references and functional
references.
A *little* detail
-----------------
While my mind is on it; I'll illustrate the bit in item (vii). This idea
turned out to be very handy - the ENGINEs themselves need to be operated
on and manipulated simply as objects without necessarily trying to
"enable" them for use. Eg. most host machines will not have the necessary
hardware or software to support all the engines one might compile into
OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
querying their names, properties, etc - all happening in a thread-safe
manner that uses reference counts (if you imagine two threads iterating
through a list and one thread removing the ENGINE the other is currently
looking at - you can see the gotcha waiting to happen). For all of this,
*structural references* are used and operate much like the other reference
counts in OpenSSL.
The other kind of reference count is for *functional* references - these
indicate a reference on which the caller can actually assume the
particular ENGINE to be initialised and usable to perform the operations
it implements. Any increment or decrement of the functional reference
count automatically invokes a corresponding change in the structural
reference count, as it is fairly obvious that a functional reference is a
restricted case of a structural reference. So struct_ref >= funct_ref at
all times. NB: functional references are usually obtained by a call to
ENGINE_init(), but can also be created implicitly by calls that require a
new functional reference to be created, eg. ENGINE_set_default(). Either
way the only time the underlying ENGINE's "init" function is really called
is when the (functional) reference count increases to 1, similarly the
underlying "finish" handler is only called as the count goes down to 0.
The effect of this, for example, is that if you set the default ENGINE for
RSA operations to be "cswift", then its functional reference count will
already be at least 1 so the CryptoSwift shared-library and the card will
stay loaded and initialised until such time as all RSA keys using the
cswift ENGINE are changed or destroyed and the default ENGINE for RSA
operations has been changed. This prevents repeated thrashing of init and
finish handling if the count keeps getting down as far as zero.
Otherwise, the way the ENGINE code has been put together I think pretty
much reflects the above points. The reason for the ENGINE structure having
individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
easiest way to go about things for now, to hook it all into the raw
RSA,DSA,etc code, and I was trying to the keep the structure invisible
anyway so that the way this is internally managed could be easily changed
later on when we start to work out what's to be done about these other
abstractions.
Down the line, if some EVP-based technique emerges for adequately
encapsulating algorithms and all their various bits and pieces, then I can
imagine that "ENGINE" would turn into a reference-counting database of
these EVP things, of which the default "openssl" ENGINE would be the
library's own object database of pre-built software implemented algorithms
(and such). It would also be cool to see the idea of "METHOD"s detached
from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
expose essentially the same METHOD (aka interface), which would include
any querying/flagging stuff to identify what the algorithm can/can't do,
its name, and other stuff like max/min block sizes, key sizes, etc. This
would result in ENGINE similarly detaching its internal database of
algorithm implementations from the function definitions that return
interfaces to them. I think ...
As for DSOs etc. Well the DSO code is pretty handy (but could be made much
more so) for loading vendor's driver-libraries and talking to them in some
generic way, but right now there's still big problems associated with
actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
matter) in dynamically loadable libraries. These problems won't go away in
a hurry so I don't think we should expect to have any kind of
shared-library extensions any time soon - but solving the problems is a
good thing to aim for, and would as a side-effect probably help make
OpenSSL more usable as a shared-library itself (looking at the things
needed to do this will show you why).
One of the problems is that if you look at any of the ENGINE
implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
a variety of functionality and definitions from various areas of OpenSSL,
including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
were to be suctioned off into shared libraries, the shared libraries would
either have to duplicate all the definitions and code and avoid loader
conflicts, or OpenSSL would have to somehow expose all that functionality
to the shared-library. If this isn't a big enough problem, the issue of
binary compatibility will be - anyone writing Apache modules can tell you
that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
quite so forgiving as Apache should be, so OpenSSL could simply tell its
version to the DSO and leave the DSO with the problem of deciding whether
to proceed or bail out for fear of binary incompatibilities.
Certainly one thing that would go a long way to addressing this is to
embark on a bit of an opaqueness mission. I've set the ENGINE code up with
this in mind - it's so draconian that even to declare your own ENGINE, you
have to get the engine code to create the underlying ENGINE structure, and
then feed in the new ENGINE's function/method pointers through various
"set" functions. The more of the code that takes on such a black-box
approach, the more of the code that will be (a) easy to expose to shared
libraries that need it, and (b) easy to expose to applications wanting to
use OpenSSL itself as a shared-library. From my own explorations in
OpenSSL, the biggest leviathan I've seen that is a problem in this respect
is the BIGNUM code. Trying to "expose" the bignum code through any kind of
organised "METHODs", let alone do all the necessary bignum operations
solely through functions rather than direct access to the structures and
macros, will be a massive pain in the "r"s.
Anyway, I'm done for now - hope it was readable. Thoughts?
Cheers,
Geoff
-----------------------------------==*==-----------------------------------

398
crypto/engine/engine.h
View File

@@ -1,398 +0,0 @@
/* openssl/engine.h */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ENGINE_H
#define HEADER_ENGINE_H
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/symhacks.h>
#ifdef __cplusplus
extern "C" {
#endif
/* These flags are used to control combinations of algorithm (methods)
* by bitwise "OR"ing. */
#define ENGINE_METHOD_RSA (unsigned int)0x0001
#define ENGINE_METHOD_DSA (unsigned int)0x0002
#define ENGINE_METHOD_DH (unsigned int)0x0004
#define ENGINE_METHOD_RAND (unsigned int)0x0008
#define ENGINE_METHOD_BN_MOD_EXP (unsigned int)0x0010
#define ENGINE_METHOD_BN_MOD_EXP_CRT (unsigned int)0x0020
/* Obvious all-or-nothing cases. */
#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
#define ENGINE_METHOD_NONE (unsigned int)0x0000
/* These flags are used to tell the ctrl function what should be done.
* All command numbers are shared between all engines, even if some don't
* make sense to some engines. In such a case, they do nothing but return
* the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
#define ENGINE_CTRL_SET_LOGSTREAM 1
#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
/* Flags specific to the nCipher "chil" engine */
#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
/* Depending on the value of the (long)i argument, this sets or
* unsets the SimpleForkCheck flag in the CHIL API to enable or
* disable checking and workarounds for applications that fork().
*/
#define ENGINE_CTRL_CHIL_NO_LOCKING 101
/* This prevents the initialisation function from providing mutex
* callbacks to the nCipher library. */
/* As we're missing a BIGNUM_METHOD, we need a couple of locally
* defined function types that engines can implement. */
#ifndef HEADER_ENGINE_INT_H
/* mod_exp operation, calculates; r = a ^ p mod m
* NB: ctx can be NULL, but if supplied, the implementation may use
* it if it wishes. */
typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
/* private key operation for RSA, provided seperately in case other
* RSA implementations wish to use it. */
typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
/* Generic function pointer */
typedef void (*ENGINE_GEN_FUNC_PTR)();
/* Generic function pointer taking no arguments */
typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
/* Specific control function pointer */
typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
/* The list of "engine" types is a static array of (const ENGINE*)
* pointers (not dynamic because static is fine for now and we otherwise
* have to hook an appropriate load/unload function in to initialise and
* cleanup). */
typedef struct engine_st ENGINE;
#endif
/* STRUCTURE functions ... all of these functions deal with pointers to
* ENGINE structures where the pointers have a "structural reference".
* This means that their reference is to allow access to the structure
* but it does not imply that the structure is functional. To simply
* increment or decrement the structural reference count, use ENGINE_new
* and ENGINE_free. NB: This is not required when iterating using
* ENGINE_get_next as it will automatically decrement the structural
* reference count of the "current" ENGINE and increment the structural
* reference count of the ENGINE it returns (unless it is NULL). */
/* Get the first/last "ENGINE" type available. */
ENGINE *ENGINE_get_first(void);
ENGINE *ENGINE_get_last(void);
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *ENGINE_get_next(ENGINE *e);
ENGINE *ENGINE_get_prev(ENGINE *e);
/* Add another "ENGINE" type into the array. */
int ENGINE_add(ENGINE *e);
/* Remove an existing "ENGINE" type from the array. */
int ENGINE_remove(ENGINE *e);
/* Retrieve an engine from the list by its unique "id" value. */
ENGINE *ENGINE_by_id(const char *id);
/* These functions are useful for manufacturing new ENGINE
* structures. They don't address reference counting at all -
* one uses them to populate an ENGINE structure with personalised
* implementations of things prior to using it directly or adding
* it to the builtin ENGINE list in OpenSSL. These are also here
* so that the ENGINE structure doesn't have to be exposed and
* break binary compatibility!
*
* NB: I'm changing ENGINE_new to force the ENGINE structure to
* be allocated from within OpenSSL. See the comment for
* ENGINE_get_struct_size().
*/
#if 0
ENGINE *ENGINE_new(ENGINE *e);
#else
ENGINE *ENGINE_new(void);
#endif
int ENGINE_free(ENGINE *e);
int ENGINE_set_id(ENGINE *e, const char *id);
int ENGINE_set_name(ENGINE *e, const char *name);
int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
/* These return values from within the ENGINE structure. These can
* be useful with functional references as well as structural
* references - it depends which you obtained. Using the result
* for functional purposes if you only obtained a structural
* reference may be problematic! */
const char *ENGINE_get_id(ENGINE *e);
const char *ENGINE_get_name(ENGINE *e);
RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
DH_METHOD *ENGINE_get_DH(ENGINE *e);
RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
/* ENGINE_new is normally passed a NULL in the first parameter because
* the calling code doesn't have access to the definition of the ENGINE
* structure (for good reason). However, if the caller wishes to use
* its own memory allocation or use a static array, the following call
* should be used to check the amount of memory the ENGINE structure
* will occupy. This will make the code more future-proof.
*
* NB: I'm "#if 0"-ing this out because it's better to force the use of
* internally allocated memory. See similar change in ENGINE_new().
*/
#if 0
int ENGINE_get_struct_size(void);
#endif
/* FUNCTIONAL functions. These functions deal with ENGINE structures
* that have (or will) be initialised for use. Broadly speaking, the
* structural functions are useful for iterating the list of available
* engine types, creating new engine types, and other "list" operations.
* These functions actually deal with ENGINEs that are to be used. As
* such these functions can fail (if applicable) when particular
* engines are unavailable - eg. if a hardware accelerator is not
* attached or not functioning correctly. Each ENGINE has 2 reference
* counts; structural and functional. Every time a functional reference
* is obtained or released, a corresponding structural reference is
* automatically obtained or released too. */
/* Initialise a engine type for use (or up its reference count if it's
* already in use). This will fail if the engine is not currently
* operational and cannot initialise. */
int ENGINE_init(ENGINE *e);
/* Free a functional reference to a engine type. This does not require
* a corresponding call to ENGINE_free as it also releases a structural
* reference. */
int ENGINE_finish(ENGINE *e);
/* Send control parametrised commands to the engine. The possibilities
* to send down an integer, a pointer to data or a function pointer are
* provided. Any of the parameters may or may not be NULL, depending
* on the command number */
/* WARNING: This is currently experimental and may change radically! */
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
/* The following functions handle keys that are stored in some secondary
* location, handled by the engine. The storage may be on a card or
* whatever. */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
const char *passphrase);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
const char *passphrase);
/* This returns a pointer for the current ENGINE structure that
* is (by default) performing any RSA operations. The value returned
* is an incremented reference, so it should be free'd (ENGINE_finish)
* before it is discarded. */
ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
ENGINE *ENGINE_get_default_BN_mod_exp(void);
ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
/* This sets a new default ENGINE structure for performing RSA
* operations. If the result is non-zero (success) then the ENGINE
* structure will have had its reference count up'd so the caller
* should still free their own reference 'e'. */
int ENGINE_set_default_RSA(ENGINE *e);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);
int ENGINE_set_default_BN_mod_exp(ENGINE *e);
int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
/* The combination "set" - the flags are bitwise "OR"d from the
* ENGINE_METHOD_*** defines above. */
int ENGINE_set_default(ENGINE *e, unsigned int flags);
/* Obligatory error function. */
void ERR_load_ENGINE_strings(void);
/*
* Error codes for all engine functions. NB: We use "generic"
* function names instead of per-implementation ones because this
* levels the playing field for externally implemented bootstrapped
* support code. As the filename and line number is included, it's
* more important to indicate the type of function, so that
* bootstrapped code (that can't easily add its own errors in) can
* use the same error codes too.
*/
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
/* Error codes for the ENGINE functions. */
/* Function codes. */
#define ENGINE_F_ATALLA_FINISH 135
#define ENGINE_F_ATALLA_INIT 136
#define ENGINE_F_ATALLA_MOD_EXP 137
#define ENGINE_F_ATALLA_RSA_MOD_EXP 138
#define ENGINE_F_CSWIFT_DSA_SIGN 133
#define ENGINE_F_CSWIFT_DSA_VERIFY 134
#define ENGINE_F_CSWIFT_FINISH 100
#define ENGINE_F_CSWIFT_INIT 101
#define ENGINE_F_CSWIFT_MOD_EXP 102
#define ENGINE_F_CSWIFT_MOD_EXP_CRT 103
#define ENGINE_F_CSWIFT_RSA_MOD_EXP 104
#define ENGINE_F_ENGINE_ADD 105
#define ENGINE_F_ENGINE_BY_ID 106
#define ENGINE_F_ENGINE_CTRL 142
#define ENGINE_F_ENGINE_FINISH 107
#define ENGINE_F_ENGINE_FREE 108
#define ENGINE_F_ENGINE_GET_BN_MOD_EXP 109
#define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT 110
#define ENGINE_F_ENGINE_GET_CTRL_FUNCTION 144
#define ENGINE_F_ENGINE_GET_DH 111
#define ENGINE_F_ENGINE_GET_DSA 112
#define ENGINE_F_ENGINE_GET_FINISH_FUNCTION 145
#define ENGINE_F_ENGINE_GET_ID 113
#define ENGINE_F_ENGINE_GET_INIT_FUNCTION 146
#define ENGINE_F_ENGINE_GET_NAME 114
#define ENGINE_F_ENGINE_GET_NEXT 115
#define ENGINE_F_ENGINE_GET_PREV 116
#define ENGINE_F_ENGINE_GET_RAND 117
#define ENGINE_F_ENGINE_GET_RSA 118
#define ENGINE_F_ENGINE_INIT 119
#define ENGINE_F_ENGINE_LIST_ADD 120
#define ENGINE_F_ENGINE_LIST_REMOVE 121
#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
#define ENGINE_F_ENGINE_NEW 122
#define ENGINE_F_ENGINE_REMOVE 123
#define ENGINE_F_ENGINE_SET_BN_MOD_EXP 124
#define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT 125
#define ENGINE_F_ENGINE_SET_CTRL_FUNCTION 147
#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
#define ENGINE_F_ENGINE_SET_DH 127
#define ENGINE_F_ENGINE_SET_DSA 128
#define ENGINE_F_ENGINE_SET_FINISH_FUNCTION 148
#define ENGINE_F_ENGINE_SET_ID 129
#define ENGINE_F_ENGINE_SET_INIT_FUNCTION 149
#define ENGINE_F_ENGINE_SET_NAME 130
#define ENGINE_F_ENGINE_SET_RAND 131
#define ENGINE_F_ENGINE_SET_RSA 132
#define ENGINE_F_ENGINE_UNLOAD_KEY 152
#define ENGINE_F_HWCRHK_CTRL 143
#define ENGINE_F_HWCRHK_FINISH 135
#define ENGINE_F_HWCRHK_GET_PASS 155
#define ENGINE_F_HWCRHK_INIT 136
#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153
#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154
#define ENGINE_F_HWCRHK_MOD_EXP 137
#define ENGINE_F_HWCRHK_MOD_EXP_CRT 138
#define ENGINE_F_HWCRHK_RAND_BYTES 139
#define ENGINE_F_HWCRHK_RSA_MOD_EXP 140
#define ENGINE_F_LOG_MESSAGE 141
/* Reason codes. */
#define ENGINE_R_ALREADY_LOADED 100
#define ENGINE_R_BIO_WAS_FREED 121
#define ENGINE_R_BN_CTX_FULL 101
#define ENGINE_R_BN_EXPAND_FAIL 102
#define ENGINE_R_CHIL_ERROR 123
#define ENGINE_R_CONFLICTING_ENGINE_ID 103
#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
#define ENGINE_R_DSO_FAILURE 104
#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
#define ENGINE_R_FINISH_FAILED 106
#define ENGINE_R_GET_HANDLE_FAILED 107
#define ENGINE_R_ID_OR_NAME_MISSING 108
#define ENGINE_R_INIT_FAILED 109
#define ENGINE_R_INTERNAL_LIST_ERROR 110
#define ENGINE_R_MISSING_KEY_COMPONENTS 111
#define ENGINE_R_NOT_INITIALISED 117
#define ENGINE_R_NOT_LOADED 112
#define ENGINE_R_NO_CALLBACK 127
#define ENGINE_R_NO_CONTROL_FUNCTION 120
#define ENGINE_R_NO_KEY 124
#define ENGINE_R_NO_LOAD_FUNCTION 125
#define ENGINE_R_NO_REFERENCE 130
#define ENGINE_R_NO_SUCH_ENGINE 116
#define ENGINE_R_NO_UNLOAD_FUNCTION 126
#define ENGINE_R_PROVIDE_PARAMETERS 113
#define ENGINE_R_REQUEST_FAILED 114
#define ENGINE_R_REQUEST_FALLBACK 118
#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122
#define ENGINE_R_UNIT_FAILURE 115
#ifdef __cplusplus
}
#endif
#endif

183
crypto/engine/engine_err.c
View File

@@ -1,183 +0,0 @@
/* crypto/engine/engine_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/engine.h>
/* BEGIN ERROR CODES */
#ifndef NO_ERR
static ERR_STRING_DATA ENGINE_str_functs[]=
{
{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0), "ATALLA_INIT"},
{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"},
{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"},
{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "CSWIFT_INIT"},
{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"},
{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"},
{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"},
{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0), "ENGINE_get_BN_mod_exp"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0), "ENGINE_get_BN_mod_exp_crt"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0), "ENGINE_get_ctrl_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0), "ENGINE_get_DH"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0), "ENGINE_get_DSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0), "ENGINE_get_finish_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0), "ENGINE_get_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0), "ENGINE_get_init_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0), "ENGINE_get_name"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0), "ENGINE_get_RAND"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0), "ENGINE_get_RSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"},
{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0), "ENGINE_set_BN_mod_exp_crt"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0), "ENGINE_set_ctrl_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0), "ENGINE_set_DH"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0), "ENGINE_set_DSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0), "ENGINE_set_finish_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0), "ENGINE_set_init_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0), "ENGINE_set_RAND"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0), "ENGINE_set_RSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"},
{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"},
{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0), "HWCRHK_INIT"},
{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0), "HWCRHK_MOD_EXP_CRT"},
{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"},
{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"},
{0,NULL}
};
static ERR_STRING_DATA ENGINE_str_reasons[]=
{
{ENGINE_R_ALREADY_LOADED ,"already loaded"},
{ENGINE_R_BIO_WAS_FREED ,"bio was freed"},
{ENGINE_R_BN_CTX_FULL ,"BN_CTX full"},
{ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"},
{ENGINE_R_CHIL_ERROR ,"chil error"},
{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{ENGINE_R_DSO_FAILURE ,"DSO failure"},
{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"},
{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
{ENGINE_R_FINISH_FAILED ,"finish failed"},
{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"},
{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"},
{ENGINE_R_INIT_FAILED ,"init failed"},
{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"},
{ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"},
{ENGINE_R_NOT_INITIALISED ,"not initialised"},
{ENGINE_R_NOT_LOADED ,"not loaded"},
{ENGINE_R_NO_CALLBACK ,"no callback"},
{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"},
{ENGINE_R_NO_KEY ,"no key"},
{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"},
{ENGINE_R_NO_REFERENCE ,"no reference"},
{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
{ENGINE_R_REQUEST_FAILED ,"request failed"},
{ENGINE_R_REQUEST_FALLBACK ,"request fallback"},
{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
{ENGINE_R_UNIT_FAILURE ,"unit failure"},
{0,NULL}
};
#endif
void ERR_load_ENGINE_strings(void)
{
static int init=1;
if (init)
{
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
#endif
}
}

160
crypto/engine/engine_int.h
View File

@@ -1,160 +0,0 @@
/* crypto/engine/engine_int.h */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Bitwise OR-able values for the "flags" variable in ENGINE. */
#define ENGINE_FLAGS_MALLOCED 0x0001
#ifndef HEADER_ENGINE_H
/* Regrettably, we need to reproduce the "BN" function types here
* because there is no such "BIGNUM_METHOD" as there is with RSA,
* DSA, etc. We do this so that we don't have a case where engine.h
* and engine_int.h conflict with each other. */
typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
/* private key operation for RSA, provided seperately in case other
* RSA implementations wish to use it. */
typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
/* Generic function pointer */
typedef int (*ENGINE_GEN_FUNC_PTR)();
/* Generic function pointer taking no arguments */
typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
/* Specific control function pointer */
typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
#endif
/* This is a structure for storing implementations of various crypto
* algorithms and functions. */
typedef struct engine_st
{
const char *id;
const char *name;
RSA_METHOD *rsa_meth;
DSA_METHOD *dsa_meth;
DH_METHOD *dh_meth;
RAND_METHOD *rand_meth;
BN_MOD_EXP bn_mod_exp;
BN_MOD_EXP_CRT bn_mod_exp_crt;
int (*init)(void);
int (*finish)(void);
int (*ctrl)(int cmd, long i, void *p, void (*f)());
EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
int flags;
/* reference count on the structure itself */
int struct_ref;
/* reference count on usability of the engine type. NB: This
* controls the loading and initialisation of any functionlity
* required by this engine, whereas the previous count is
* simply to cope with (de)allocation of this structure. Hence,
* running_ref <= struct_ref at all times. */
int funct_ref;
/* Used to maintain the linked-list of engines. */
struct engine_st *prev;
struct engine_st *next;
} ENGINE;
/* BUILT-IN ENGINES. (these functions are only ever called once and
* do not return references - they are purely for bootstrapping). */
/* Returns a structure of software only methods (the default). */
ENGINE *ENGINE_openssl();
#ifndef NO_HW
#ifndef NO_HW_CSWIFT
/* Returns a structure of cswift methods ... NB: This can exist and be
* "used" even on non-cswift systems because the "init" will fail if the
* card/library are not found. */
ENGINE *ENGINE_cswift();
#endif /* !NO_HW_CSWIFT */
#ifndef NO_HW_NCIPHER
ENGINE *ENGINE_ncipher();
#endif /* !NO_HW_NCIPHER */
#ifndef NO_HW_ATALLA
/* Returns a structure of atalla methods. */
ENGINE *ENGINE_atalla();
#endif /* !NO_HW_ATALLA */
#endif /* !NO_HW */
#ifdef __cplusplus
}
#endif
#endif /* HEADER_ENGINE_INT_H */

489
crypto/engine/engine_lib.c
View File

@@ -1,489 +0,0 @@
/* crypto/engine/engine_lib.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/crypto.h>
#include "cryptlib.h"
#include "engine_int.h"
#include <openssl/engine.h>
/* These pointers each have their own "functional reference" when they
* are non-NULL. Similarly, when they are retrieved by a call to
* ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
* reference and the caller is responsible for freeing that when they
* are finished with it (with a call to ENGINE_finish() *NOT* just
* ENGINE_free()!!!!!!). */
static ENGINE *engine_def_rsa = NULL;
static ENGINE *engine_def_dsa = NULL;
static ENGINE *engine_def_dh = NULL;
static ENGINE *engine_def_rand = NULL;
static ENGINE *engine_def_bn_mod_exp = NULL;
static ENGINE *engine_def_bn_mod_exp_crt = NULL;
/* A static "once-only" flag used to control if/when the above were
* initialised to suitable start-up defaults. */
static int engine_def_flag = 0;
/* This is used in certain static utility functions to save code
* repetition for per-algorithm functions. */
typedef enum {
ENGINE_TYPE_RSA,
ENGINE_TYPE_DSA,
ENGINE_TYPE_DH,
ENGINE_TYPE_RAND,
ENGINE_TYPE_BN_MOD_EXP,
ENGINE_TYPE_BN_MOD_EXP_CRT
} ENGINE_TYPE;
static void engine_def_check_util(ENGINE **def, ENGINE *val)
{
*def = val;
val->struct_ref++;
val->funct_ref++;
}
/* In a slight break with convention - this static function must be
* called *outside* any locking of CRYPTO_LOCK_ENGINE. */
static void engine_def_check(void)
{
ENGINE *e;
if(engine_def_flag)
return;
e = ENGINE_get_first();
if(e == NULL)
/* The list is empty ... not much we can do! */
return;
/* We have a structural reference, see if getting a functional
* reference is possible. This is done to cope with init errors
* in the engine - the following locked code does a bunch of
* manual "ENGINE_init"s which do *not* allow such an init
* error so this is worth doing. */
if(ENGINE_init(e))
{
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/* Doing another check here prevents an obvious race
* condition because the whole function itself cannot
* be locked. */
if(engine_def_flag)
goto skip_set_defaults;
/* OK, we got a functional reference, so we get one each
* for the defaults too. */
engine_def_check_util(&engine_def_rsa, e);
engine_def_check_util(&engine_def_dsa, e);
engine_def_check_util(&engine_def_dh, e);
engine_def_check_util(&engine_def_rand, e);
engine_def_check_util(&engine_def_bn_mod_exp, e);
engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
engine_def_flag = 1;
skip_set_defaults:
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* The "if" needs to be balanced out. */
ENGINE_finish(e);
}
/* We need to balance out the fact we obtained a structural
* reference to begin with from ENGINE_get_first(). */
ENGINE_free(e);
}
/* Initialise a engine type for use (or up its functional reference count
* if it's already in use). */
int ENGINE_init(ENGINE *e)
{
int to_return = 1;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if((e->funct_ref == 0) && e->init)
/* This is the first functional reference and the engine
* requires initialisation so we do it now. */
to_return = e->init();
if(to_return)
{
/* OK, we return a functional reference which is also a
* structural reference. */
e->struct_ref++;
e->funct_ref++;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return to_return;
}
/* Free a functional reference to a engine type */
int ENGINE_finish(ENGINE *e)
{
int to_return = 1;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if((e->funct_ref == 1) && e->finish)
#if 0
/* This is the last functional reference and the engine
* requires cleanup so we do it now. */
to_return = e->finish();
if(to_return)
{
/* Cleanup the functional reference which is also a
* structural reference. */
e->struct_ref--;
e->funct_ref--;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
#else
/* I'm going to deliberately do a convoluted version of this
* piece of code because we don't want "finish" functions
* being called inside a locked block of code, if at all
* possible. I'd rather have this call take an extra couple
* of ticks than have throughput serialised on a externally-
* provided callback function that may conceivably never come
* back. :-( */
{
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
if((to_return = e->finish()))
{
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/* Cleanup the functional reference which is also a
* structural reference. */
e->struct_ref--;
e->funct_ref--;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
}
}
else
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
#endif
return to_return;
}
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
const char *passphrase)
{
EVP_PKEY *pkey;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_NOT_INITIALISED);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
if (!e->load_privkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
pkey = e->load_privkey(key_id, passphrase);
if (!pkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
return 0;
}
return pkey;
}
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
const char *passphrase)
{
EVP_PKEY *pkey;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_NOT_INITIALISED);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
if (!e->load_pubkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
pkey = e->load_pubkey(key_id, passphrase);
if (!pkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
return 0;
}
return pkey;
}
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->struct_ref == 0)
{
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
if (!e->ctrl)
{
ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
return 0;
}
return e->ctrl(cmd, i, p, f);
}
static ENGINE *engine_get_default_type(ENGINE_TYPE t)
{
ENGINE *ret = NULL;
/* engine_def_check is lean and mean and won't replace any
* prior default engines ... so we must ensure that it is always
* the first function to get to touch the default values. */
engine_def_check();
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
case ENGINE_TYPE_RSA:
ret = engine_def_rsa; break;
case ENGINE_TYPE_DSA:
ret = engine_def_dsa; break;
case ENGINE_TYPE_DH:
ret = engine_def_dh; break;
case ENGINE_TYPE_RAND:
ret = engine_def_rand; break;
case ENGINE_TYPE_BN_MOD_EXP:
ret = engine_def_bn_mod_exp; break;
case ENGINE_TYPE_BN_MOD_EXP_CRT:
ret = engine_def_bn_mod_exp_crt; break;
}
/* Unforunately we can't do this work outside the lock with a
* call to ENGINE_init() because that would leave a race
* condition open. */
if(ret)
{
ret->struct_ref++;
ret->funct_ref++;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return ret;
}
ENGINE *ENGINE_get_default_RSA(void)
{
return engine_get_default_type(ENGINE_TYPE_RSA);
}
ENGINE *ENGINE_get_default_DSA(void)
{
return engine_get_default_type(ENGINE_TYPE_DSA);
}
ENGINE *ENGINE_get_default_DH(void)
{
return engine_get_default_type(ENGINE_TYPE_DH);
}
ENGINE *ENGINE_get_default_RAND(void)
{
return engine_get_default_type(ENGINE_TYPE_RAND);
}
ENGINE *ENGINE_get_default_BN_mod_exp(void)
{
return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
}
ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
{
return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
}
static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
{
ENGINE *old = NULL;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/* engine_def_check is lean and mean and won't replace any
* prior default engines ... so we must ensure that it is always
* the first function to get to touch the default values. */
engine_def_check();
/* Attempt to get a functional reference (we need one anyway, but
* also, 'e' may be just a structural reference being passed in so
* this call may actually be the first). */
if(!ENGINE_init(e))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
ENGINE_R_INIT_FAILED);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
case ENGINE_TYPE_RSA:
old = engine_def_rsa;
engine_def_rsa = e; break;
case ENGINE_TYPE_DSA:
old = engine_def_dsa;
engine_def_dsa = e; break;
case ENGINE_TYPE_DH:
old = engine_def_dh;
engine_def_dh = e; break;
case ENGINE_TYPE_RAND:
old = engine_def_rand;
engine_def_rand = e; break;
case ENGINE_TYPE_BN_MOD_EXP:
old = engine_def_bn_mod_exp;
engine_def_bn_mod_exp = e; break;
case ENGINE_TYPE_BN_MOD_EXP_CRT:
old = engine_def_bn_mod_exp_crt;
engine_def_bn_mod_exp_crt = e; break;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* If we've replaced a previous value, then we need to remove the
* functional reference we had. */
if(old && !ENGINE_finish(old))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
ENGINE_R_FINISH_FAILED);
return 0;
}
return 1;
}
int ENGINE_set_default_RSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_RSA, e);
}
int ENGINE_set_default_DSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DSA, e);
}
int ENGINE_set_default_DH(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DH, e);
}
int ENGINE_set_default_RAND(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_RAND, e);
}
int ENGINE_set_default_BN_mod_exp(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
}
int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
}
int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
!ENGINE_set_default_RSA(e))
return 0;
if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
!ENGINE_set_default_DSA(e))
return 0;
if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
!ENGINE_set_default_DH(e))
return 0;
if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
!ENGINE_set_default_RAND(e))
return 0;
if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
!ENGINE_set_default_BN_mod_exp(e))
return 0;
if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
!ENGINE_set_default_BN_mod_exp_crt(e))
return 0;
return 1;
}

675
crypto/engine/engine_list.c
View File

@@ -1,675 +0,0 @@
/* crypto/engine/engine_list.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/crypto.h>
#include "cryptlib.h"
#include "engine_int.h"
#include <openssl/engine.h>
/* The linked-list of pointers to engine types. engine_list_head
* incorporates an implicit structural reference but engine_list_tail
* does not - the latter is a computational niceity and only points
* to something that is already pointed to by its predecessor in the
* list (or engine_list_head itself). In the same way, the use of the
* "prev" pointer in each ENGINE is to save excessive list iteration,
* it doesn't correspond to an extra structural reference. Hence,
* engine_list_head, and each non-null "next" pointer account for
* the list itself assuming exactly 1 structural reference on each
* list member. */
static ENGINE *engine_list_head = NULL;
static ENGINE *engine_list_tail = NULL;
/* A boolean switch, used to ensure we only initialise once. This
* is needed because the engine list may genuinely become empty during
* use (so we can't use engine_list_head as an indicator for example. */
static int engine_list_flag = 0;
/* These static functions starting with a lower case "engine_" always
* take place when CRYPTO_LOCK_ENGINE has been locked up. */
static int engine_list_add(ENGINE *e)
{
int conflict = 0;
ENGINE *iterator = NULL;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
iterator = engine_list_head;
while(iterator && !conflict)
{
conflict = (strcmp(iterator->id, e->id) == 0);
iterator = iterator->next;
}
if(conflict)
{
ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
ENGINE_R_CONFLICTING_ENGINE_ID);
return 0;
}
if(engine_list_head == NULL)
{
/* We are adding to an empty list. */
if(engine_list_tail)
{
ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
ENGINE_R_INTERNAL_LIST_ERROR);
return 0;
}
engine_list_head = e;
e->prev = NULL;
}
else
{
/* We are adding to the tail of an existing list. */
if((engine_list_tail == NULL) ||
(engine_list_tail->next != NULL))
{
ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
ENGINE_R_INTERNAL_LIST_ERROR);
return 0;
}
engine_list_tail->next = e;
e->prev = engine_list_tail;
}
/* Having the engine in the list assumes a structural
* reference. */
e->struct_ref++;
/* However it came to be, e is the last item in the list. */
engine_list_tail = e;
e->next = NULL;
return 1;
}
static int engine_list_remove(ENGINE *e)
{
ENGINE *iterator;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/* We need to check that e is in our linked list! */
iterator = engine_list_head;
while(iterator && (iterator != e))
iterator = iterator->next;
if(iterator == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
ENGINE_R_ENGINE_IS_NOT_IN_LIST);
return 0;
}
/* un-link e from the chain. */
if(e->next)
e->next->prev = e->prev;
if(e->prev)
e->prev->next = e->next;
/* Correct our head/tail if necessary. */
if(engine_list_head == e)
engine_list_head = e->next;
if(engine_list_tail == e)
engine_list_tail = e->prev;
/* remove our structural reference. */
e->struct_ref--;
return 1;
}
/* This check always takes place with CRYPTO_LOCK_ENGINE locked up
* so we're synchronised, but we can't call anything that tries to
* lock it again! :-) NB: For convenience (and code-clarity) we
* don't output errors for failures of the engine_list_add function
* as it will generate errors itself. */
static int engine_internal_check(void)
{
if(engine_list_flag)
return 1;
/* This is our first time up, we need to populate the list
* with our statically compiled-in engines. */
if(!engine_list_add(ENGINE_openssl()))
return 0;
#ifndef NO_HW
#ifndef NO_HW_CSWIFT
if(!engine_list_add(ENGINE_cswift()))
return 0;
#endif /* !NO_HW_CSWIFT */
#ifndef NO_HW_NCIPHER
if(!engine_list_add(ENGINE_ncipher()))
return 0;
#endif /* !NO_HW_NCIPHER */
#ifndef NO_HW_ATALLA
if(!engine_list_add(ENGINE_atalla()))
return 0;
#endif /* !NO_HW_ATALLA */
#endif /* !NO_HW */
engine_list_flag = 1;
return 1;
}
/* Get the first/last "ENGINE" type available. */
ENGINE *ENGINE_get_first(void)
{
ENGINE *ret = NULL;
CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
if(engine_internal_check())
{
ret = engine_list_head;
if(ret)
ret->struct_ref++;
}
CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
return ret;
}
ENGINE *ENGINE_get_last(void)
{
ENGINE *ret = NULL;
CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
if(engine_internal_check())
{
ret = engine_list_tail;
if(ret)
ret->struct_ref++;
}
CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
return ret;
}
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *ENGINE_get_next(ENGINE *e)
{
ENGINE *ret = NULL;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
ret = e->next;
e->struct_ref--;
if(ret)
ret->struct_ref++;
CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
return ret;
}
ENGINE *ENGINE_get_prev(ENGINE *e)
{
ENGINE *ret = NULL;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
ret = e->prev;
e->struct_ref--;
if(ret)
ret->struct_ref++;
CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
return ret;
}
/* Add another "ENGINE" type into the list. */
int ENGINE_add(ENGINE *e)
{
int to_return = 1;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_ADD,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if((e->id == NULL) || (e->name == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_ADD,
ENGINE_R_ID_OR_NAME_MISSING);
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(!engine_internal_check() || !engine_list_add(e))
{
ENGINEerr(ENGINE_F_ENGINE_ADD,
ENGINE_R_INTERNAL_LIST_ERROR);
to_return = 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return to_return;
}
/* Remove an existing "ENGINE" type from the array. */
int ENGINE_remove(ENGINE *e)
{
int to_return = 1;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_REMOVE,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(!engine_internal_check() || !engine_list_remove(e))
{
ENGINEerr(ENGINE_F_ENGINE_REMOVE,
ENGINE_R_INTERNAL_LIST_ERROR);
to_return = 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return to_return;
}
ENGINE *ENGINE_by_id(const char *id)
{
ENGINE *iterator = NULL;
if(id == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_BY_ID,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
if(!engine_internal_check())
ENGINEerr(ENGINE_F_ENGINE_BY_ID,
ENGINE_R_INTERNAL_LIST_ERROR);
else
{
iterator = engine_list_head;
while(iterator && (strcmp(id, iterator->id) != 0))
iterator = iterator->next;
if(iterator)
/* We need to return a structural reference */
iterator->struct_ref++;
}
CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
if(iterator == NULL)
ENGINEerr(ENGINE_F_ENGINE_BY_ID,
ENGINE_R_NO_SUCH_ENGINE);
return iterator;
}
/* As per the comments in engine.h, it is generally better all round
* if the ENGINE structure is allocated within this framework. */
#if 0
int ENGINE_get_struct_size(void)
{
return sizeof(ENGINE);
}
ENGINE *ENGINE_new(ENGINE *e)
{
ENGINE *ret;
if(e == NULL)
{
ret = (ENGINE *)(OPENSSL_malloc(sizeof(ENGINE));
if(ret == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_NEW,
ERR_R_MALLOC_FAILURE);
return NULL;
}
}
else
ret = e;
memset(ret, 0, sizeof(ENGINE));
if(e)
ret->flags = ENGINE_FLAGS_MALLOCED;
ret->struct_ref = 1;
return ret;
}
#else
ENGINE *ENGINE_new(void)
{
ENGINE *ret;
ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
if(ret == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset(ret, 0, sizeof(ENGINE));
ret->flags = ENGINE_FLAGS_MALLOCED;
ret->struct_ref = 1;
return ret;
}
#endif
int ENGINE_free(ENGINE *e)
{
int i;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_FREE,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
#ifdef REF_PRINT
REF_PRINT("ENGINE",e);
#endif
if (i > 0) return 1;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"ENGINE_free, bad reference count\n");
abort();
}
#endif
if(e->flags & ENGINE_FLAGS_MALLOCED)
OPENSSL_free(e);
return 1;
}
int ENGINE_set_id(ENGINE *e, const char *id)
{
if((e == NULL) || (id == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_ID,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->id = id;
return 1;
}
int ENGINE_set_name(ENGINE *e, const char *name)
{
if((e == NULL) || (name == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->name = name;
return 1;
}
int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth)
{
if((e == NULL) || (rsa_meth == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->rsa_meth = rsa_meth;
return 1;
}
int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth)
{
if((e == NULL) || (dsa_meth == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->dsa_meth = dsa_meth;
return 1;
}
int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth)
{
if((e == NULL) || (dh_meth == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DH,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->dh_meth = dh_meth;
return 1;
}
int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth)
{
if((e == NULL) || (rand_meth == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_RAND,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->rand_meth = rand_meth;
return 1;
}
int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
{
if((e == NULL) || (bn_mod_exp == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->bn_mod_exp = bn_mod_exp;
return 1;
}
int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
{
if((e == NULL) || (bn_mod_exp_crt == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->bn_mod_exp_crt = bn_mod_exp_crt;
return 1;
}
int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
{
if((e == NULL) || (init_f == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_INIT_FUNCTION,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->init = init_f;
return 1;
}
int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
{
if((e == NULL) || (finish_f == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_FINISH_FUNCTION,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->finish = finish_f;
return 1;
}
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
{
if((e == NULL) || (ctrl_f == NULL))
{
ENGINEerr(ENGINE_F_ENGINE_SET_CTRL_FUNCTION,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
e->ctrl = ctrl_f;
return 1;
}
const char *ENGINE_get_id(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_ID,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return e->id;
}
const char *ENGINE_get_name(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_NAME,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return e->name;
}
RSA_METHOD *ENGINE_get_RSA(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->rsa_meth;
}
DSA_METHOD *ENGINE_get_DSA(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_DSA,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->dsa_meth;
}
DH_METHOD *ENGINE_get_DH(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_DH,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->dh_meth;
}
RAND_METHOD *ENGINE_get_RAND(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_RAND,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->rand_meth;
}
BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->bn_mod_exp;
}
BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->bn_mod_exp_crt;
}
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_INIT_FUNCTION,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->init;
}
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_FINISH_FUNCTION,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->finish;
}
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_GET_CTRL_FUNCTION,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
return e->ctrl;
}

174
crypto/engine/engine_openssl.c
View File

@@ -1,174 +0,0 @@
/* crypto/engine/engine_openssl.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include "engine_int.h"
#include <openssl/engine.h>
#include <openssl/dso.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
/* This is the only function we need to implement as OpenSSL
* doesn't have a native CRT mod_exp. Perhaps this should be
* BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
/* The ENGINE structure that can be pointed to. */
static ENGINE engine_openssl =
{
"openssl",
"Software default engine support",
NULL,
NULL,
NULL, /* these methods are "stolen" in ENGINE_openssl() */
NULL,
NULL,
openssl_mod_exp_crt,
NULL, /* no init() */
NULL, /* no finish() */
NULL, /* no ctrl() */
NULL, /* no load_privkey() */
NULL, /* no load_pubkey() */
0, /* no flags */
0, 0, /* no references. */
NULL, NULL /* unlinked */
};
/* As this is only ever called once, there's no need for locking
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_openssl()
{
/* We need to populate our structure with the software pointers
* that we want to steal. */
engine_openssl.rsa_meth = RSA_get_default_openssl_method();
engine_openssl.dsa_meth = DSA_get_default_openssl_method();
engine_openssl.dh_meth = DH_get_default_openssl_method();
engine_openssl.rand_meth = RAND_SSLeay();
engine_openssl.bn_mod_exp = BN_mod_exp;
return &engine_openssl;
}
/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
{
BIGNUM r1,m1;
int ret=0;
BN_CTX *bn_ctx;
BIGNUM *temp_bn = NULL;
if (ctx)
bn_ctx = ctx;
else
if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&m1);
BN_init(&r1);
/* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
* to duplicate what I need. <sigh> */
if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
if (!BN_copy(temp_bn, iqmp)) goto err;
if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
goto err;
if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
goto err;
if (!BN_sub(r, r, &m1)) goto err;
/* This will help stop the size of r0 increasing, which does
* affect the multiply if it optimised for a power of 2 size */
if (r->neg)
if (!BN_add(r, r, p)) goto err;
if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
/* If p < q it is occasionally possible for the correction of
* adding 'p' if r is negative above to leave the result still
* negative. This can break the private key operations: the following
* second correction should *always* correct this rare occurrence.
* This will *never* happen with OpenSSL generated keys because
* they ensure p > q [steve]
*/
if (r->neg)
if (!BN_add(r, r, p)) goto err;
/* Again, BN_mul() will need non-const values. */
if (!BN_copy(temp_bn, q)) goto err;
if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
if (!BN_add(r, &r1, &m1)) goto err;
ret=1;
err:
BN_clear_free(&m1);
BN_clear_free(&r1);
if (temp_bn)
bn_ctx->tos--;
if (!ctx)
BN_CTX_free(bn_ctx);
return(ret);
}

251
crypto/engine/enginetest.c
View File

@@ -1,251 +0,0 @@
/* crypto/engine/enginetest.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/engine.h>
#include <openssl/err.h>
static void display_engine_list()
{
ENGINE *h;
int loop;
h = ENGINE_get_first();
loop = 0;
printf("listing available engine types\n");
while(h)
{
printf("engine %i, id = \"%s\", name = \"%s\"\n",
loop++, ENGINE_get_id(h), ENGINE_get_name(h));
h = ENGINE_get_next(h);
}
printf("end of list\n");
}
int main(int argc, char *argv[])
{
ENGINE *block[512];
char buf[256];
const char *id, *name;
ENGINE *ptr;
int loop;
int to_return = 1;
ENGINE *new_h1 = NULL;
ENGINE *new_h2 = NULL;
ENGINE *new_h3 = NULL;
ENGINE *new_h4 = NULL;
ERR_load_crypto_strings();
memset(block, 0, 512 * sizeof(ENGINE *));
if(((new_h1 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h1, "test_id0") ||
!ENGINE_set_name(new_h1, "First test item") ||
((new_h2 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h2, "test_id1") ||
!ENGINE_set_name(new_h2, "Second test item") ||
((new_h3 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h3, "test_id2") ||
!ENGINE_set_name(new_h3, "Third test item") ||
((new_h4 = ENGINE_new()) == NULL) ||
!ENGINE_set_id(new_h4, "test_id3") ||
!ENGINE_set_name(new_h4, "Fourth test item"))
{
printf("Couldn't set up test ENGINE structures\n");
goto end;
}
printf("\nenginetest beginning\n\n");
display_engine_list();
if(!ENGINE_add(new_h1))
{
printf("Add failed!\n");
goto end;
}
display_engine_list();
ptr = ENGINE_get_first();
if(!ENGINE_remove(ptr))
{
printf("Remove failed!\n");
goto end;
}
display_engine_list();
if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
{
printf("Add failed!\n");
goto end;
}
display_engine_list();
if(!ENGINE_remove(new_h2))
{
printf("Remove failed!\n");
goto end;
}
display_engine_list();
if(!ENGINE_add(new_h4))
{
printf("Add failed!\n");
goto end;
}
display_engine_list();
if(ENGINE_add(new_h3))
{
printf("Add *should* have failed but didn't!\n");
goto end;
}
else
printf("Add that should fail did.\n");
ERR_clear_error();
if(ENGINE_remove(new_h2))
{
printf("Remove *should* have failed but didn't!\n");
goto end;
}
else
printf("Remove that should fail did.\n");
if(!ENGINE_remove(new_h1))
{
printf("Remove failed!\n");
goto end;
}
display_engine_list();
if(!ENGINE_remove(new_h3))
{
printf("Remove failed!\n");
goto end;
}
display_engine_list();
if(!ENGINE_remove(new_h4))
{
printf("Remove failed!\n");
goto end;
}
display_engine_list();
/* Depending on whether there's any hardware support compiled
* in, this remove may be destined to fail. */
ptr = ENGINE_get_first();
if(ptr)
if(!ENGINE_remove(ptr))
printf("Remove failed!i - probably no hardware "
"support present.\n");
display_engine_list();
if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
{
printf("Couldn't add and remove to an empty list!\n");
goto end;
}
else
printf("Successfully added and removed to an empty list!\n");
printf("About to beef up the engine-type list\n");
for(loop = 0; loop < 512; loop++)
{
sprintf(buf, "id%i", loop);
id = strdup(buf);
sprintf(buf, "Fake engine type %i", loop);
name = strdup(buf);
if(((block[loop] = ENGINE_new()) == NULL) ||
!ENGINE_set_id(block[loop], id) ||
!ENGINE_set_name(block[loop], name))
{
printf("Couldn't create block of ENGINE structures.\n"
"I'll probably also core-dump now, damn.\n");
goto end;
}
}
for(loop = 0; loop < 512; loop++)
{
if(!ENGINE_add(block[loop]))
{
printf("\nAdding stopped at %i, (%s,%s)\n",
loop, ENGINE_get_id(block[loop]),
ENGINE_get_name(block[loop]));
goto cleanup_loop;
}
else
printf("."); fflush(stdout);
}
cleanup_loop:
printf("\nAbout to empty the engine-type list\n");
while((ptr = ENGINE_get_first()) != NULL)
{
if(!ENGINE_remove(ptr))
{
printf("\nRemove failed!\n");
goto end;
}
printf("."); fflush(stdout);
}
for(loop = 0; loop < 512; loop++)
{
free((char *)(ENGINE_get_id(block[loop])));
free((char *)(ENGINE_get_name(block[loop])));
}
printf("\nTests completed happily\n");
to_return = 0;
end:
if(to_return)
ERR_print_errors_fp(stderr);
if(new_h1) ENGINE_free(new_h1);
if(new_h2) ENGINE_free(new_h2);
if(new_h3) ENGINE_free(new_h3);
if(new_h4) ENGINE_free(new_h4);
for(loop = 0; loop < 512; loop++)
if(block[loop])
ENGINE_free(block[loop]);
return to_return;
}

444
crypto/engine/hw_atalla.c
View File

@@ -1,444 +0,0 @@
/* crypto/engine/hw_atalla.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/dso.h>
#include "engine_int.h"
#include <openssl/engine.h>
#ifndef NO_HW
#ifndef NO_HW_ATALLA
#ifdef FLAT_INC
#include "atalla.h"
#else
#include "vendor_defns/atalla.h"
#endif
static int atalla_init(void);
static int atalla_finish(void);
/* BIGNUM stuff */
static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
/* RSA stuff */
static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* DSA stuff */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD atalla_rsa =
{
"Atalla RSA method",
NULL,
NULL,
NULL,
NULL,
atalla_rsa_mod_exp,
atalla_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD atalla_dsa =
{
"Atalla DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
atalla_dsa_mod_exp, /* dsa_mod_exp */
atalla_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD atalla_dh =
{
"Atalla DH method",
NULL,
NULL,
atalla_mod_exp_dh,
NULL,
NULL,
0,
NULL
};
/* Our ENGINE structure. */
static ENGINE engine_atalla =
{
"atalla",
"Atalla hardware engine support",
&atalla_rsa,
&atalla_dsa,
&atalla_dh,
NULL,
atalla_mod_exp,
NULL,
atalla_init,
atalla_finish,
NULL, /* no ctrl() */
NULL, /* no load_privkey() */
NULL, /* no load_pubkey() */
0, /* no flags */
0, 0, /* no references */
NULL, NULL /* unlinked */
};
/* As this is only ever called once, there's no need for locking
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_atalla()
{
RSA_METHOD *meth1;
DSA_METHOD *meth2;
DH_METHOD *meth3;
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the atalla-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
atalla_dh.generate_key = meth3->generate_key;
atalla_dh.compute_key = meth3->compute_key;
return &engine_atalla;
}
/* This is a process-global DSO handle used for loading and unloading
* the Atalla library. NB: This is only set (or unset) during an
* init() or finish() call (reference counts permitting) and they're
* operating with global locks, so this should be thread-safe
* implicitly. */
static DSO *atalla_dso = NULL;
/* These are the function pointers that are (un)set when the library has
* successfully (un)loaded. */
static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
/* (de)initialisation functions. */
static int atalla_init()
{
tfnASI_GetHardwareConfig *p1;
tfnASI_RSAPrivateKeyOpFn *p2;
tfnASI_GetPerformanceStatistics *p3;
/* Not sure of the origin of this magic value, but Ben's code had it
* and it seemed to have been working for a few people. :-) */
unsigned int config_buf[1024];
if(atalla_dso != NULL)
{
ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
* changed unfortunately because the Atalla drivers don't have
* standard library names that can be platform-translated well. */
/* TODO: Work out how to actually map to the names the Atalla
* drivers really use - for now a symbollic link needs to be
* created on the host system from libatasi.so to atasi.so on
* unix variants. */
atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL,
DSO_FLAG_NAME_TRANSLATION);
if(atalla_dso == NULL)
{
ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
goto err;
}
if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
atalla_dso, ATALLA_F1)) ||
!(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
atalla_dso, ATALLA_F2)) ||
!(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
atalla_dso, ATALLA_F3)))
{
ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_Atalla_GetHardwareConfig = p1;
p_Atalla_RSAPrivateKeyOpFn = p2;
p_Atalla_GetPerformanceStatistics = p3;
/* Perform a basic test to see if there's actually any unit
* running. */
if(p1(0L, config_buf) != 0)
{
ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
goto err;
}
/* Everything's fine. */
return 1;
err:
if(atalla_dso)
DSO_free(atalla_dso);
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
return 0;
}
static int atalla_finish()
{
if(atalla_dso == NULL)
{
ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
return 0;
}
if(!DSO_free(atalla_dso))
{
ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
return 0;
}
atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
return 1;
}
static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/* I need somewhere to store temporary serialised values for
* use with the Atalla API calls. A neat cheat - I'll use
* BIGNUMs from the BN_CTX but access their arrays directly as
* byte arrays <grin>. This way I don't have to clean anything
* up. */
BIGNUM *modulus;
BIGNUM *exponent;
BIGNUM *argument;
BIGNUM *result;
RSAPrivateKey keydata;
int to_return, numbytes;
modulus = exponent = argument = result = NULL;
to_return = 0; /* expect failure */
if(!atalla_dso)
{
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
goto err;
}
/* Prepare the params */
modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if(!modulus || !exponent || !argument || !result)
{
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
{
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
goto err;
}
/* Prepare the key-data */
memset(&keydata, 0,sizeof keydata);
numbytes = BN_num_bytes(m);
memset(exponent->d, 0, numbytes);
memset(modulus->d, 0, numbytes);
BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
keydata.privateExponent.data = (unsigned char *)exponent->d;
keydata.privateExponent.len = numbytes;
keydata.modulus.data = (unsigned char *)modulus->d;
keydata.modulus.len = numbytes;
/* Prepare the argument */
memset(argument->d, 0, numbytes);
memset(result->d, 0, numbytes);
BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
/* Perform the operation */
if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
(unsigned char *)argument->d,
keydata.modulus.len) != 0)
{
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, numbytes, r);
to_return = 1;
err:
if(modulus) ctx->tos--;
if(exponent) ctx->tos--;
if(argument) ctx->tos--;
if(result) ctx->tos--;
return to_return;
}
static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx = NULL;
int to_return = 0;
if(!atalla_dso)
{
ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
goto err;
}
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!rsa->d || !rsa->n)
{
ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
err:
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
/* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
* (it doesn't have a CRT form for RSA), this function means that an
* Atalla system running with a DSA server certificate can handshake
* around 5 or 6 times faster/more than an equivalent system running with
* RSA. Just check out the "signs" statistics from the RSA and DSA parts
* of "openssl speed -engine atalla dsa1024 rsa1024". */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
/* let t = a2 ^ p2 mod m */
if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
#endif /* !NO_HW_ATALLA */
#endif /* !NO_HW */

807
crypto/engine/hw_cswift.c
View File

@@ -1,807 +0,0 @@
/* crypto/engine/hw_cswift.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/dso.h>
#include "engine_int.h"
#include <openssl/engine.h>
#ifndef NO_HW
#ifndef NO_HW_CSWIFT
/* Attribution notice: Rainbow have generously allowed me to reproduce
* the necessary definitions here from their API. This means the support
* can build independently of whether application builders have the
* API or hardware. This will allow developers to easily produce software
* that has latent hardware support for any users that have accelerators
* installed, without the developers themselves needing anything extra.
*
* I have only clipped the parts from the CryptoSwift header files that
* are (or seem) relevant to the CryptoSwift support code. This is
* simply to keep the file sizes reasonable.
* [Geoff]
*/
#ifdef FLAT_INC
#include "cswift.h"
#else
#include "vendor_defns/cswift.h"
#endif
static int cswift_init(void);
static int cswift_finish(void);
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
/* RSA stuff */
static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* DSA stuff */
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD cswift_rsa =
{
"CryptoSwift RSA method",
NULL,
NULL,
NULL,
NULL,
cswift_rsa_mod_exp,
cswift_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD cswift_dsa =
{
"CryptoSwift DSA method",
cswift_dsa_sign,
NULL, /* dsa_sign_setup */
cswift_dsa_verify,
NULL, /* dsa_mod_exp */
NULL, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD cswift_dh =
{
"CryptoSwift DH method",
NULL,
NULL,
cswift_mod_exp_dh,
NULL,
NULL,
0,
NULL
};
/* Our ENGINE structure. */
static ENGINE engine_cswift =
{
"cswift",
"CryptoSwift hardware engine support",
&cswift_rsa,
&cswift_dsa,
&cswift_dh,
NULL,
cswift_mod_exp,
cswift_mod_exp_crt,
cswift_init,
cswift_finish,
NULL, /* no ctrl() */
NULL, /* no load_privkey() */
NULL, /* no load_pubkey() */
0, /* no flags */
0, 0, /* no references */
NULL, NULL /* unlinked */
};
/* As this is only ever called once, there's no need for locking
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_cswift()
{
RSA_METHOD *meth1;
DH_METHOD *meth2;
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
cswift_dh.generate_key = meth2->generate_key;
cswift_dh.compute_key = meth2->compute_key;
return &engine_cswift;
}
/* This is a process-global DSO handle used for loading and unloading
* the CryptoSwift library. NB: This is only set (or unset) during an
* init() or finish() call (reference counts permitting) and they're
* operating with global locks, so this should be thread-safe
* implicitly. */
static DSO *cswift_dso = NULL;
/* These are the function pointers that are (un)set when the library has
* successfully (un)loaded. */
t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
/* Used in the DSO operations. */
static const char *CSWIFT_LIBNAME = "swift";
static const char *CSWIFT_F1 = "swAcquireAccContext";
static const char *CSWIFT_F2 = "swAttachKeyParam";
static const char *CSWIFT_F3 = "swSimpleRequest";
static const char *CSWIFT_F4 = "swReleaseAccContext";
/* CryptoSwift library functions and mechanics - these are used by the
* higher-level functions further down. NB: As and where there's no
* error checking, take a look lower down where these functions are
* called, the checking and error handling is probably down there. */
/* utility function to obtain a context */
static int get_context(SW_CONTEXT_HANDLE *hac)
{
SW_STATUS status;
status = p_CSwift_AcquireAccContext(hac);
if(status != SW_OK)
return 0;
return 1;
}
/* similarly to release one. */
static void release_context(SW_CONTEXT_HANDLE hac)
{
p_CSwift_ReleaseAccContext(hac);
}
/* (de)initialisation functions. */
static int cswift_init()
{
SW_CONTEXT_HANDLE hac;
t_swAcquireAccContext *p1;
t_swAttachKeyParam *p2;
t_swSimpleRequest *p3;
t_swReleaseAccContext *p4;
if(cswift_dso != NULL)
{
ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libswift.so/swift.dll/whatever. */
cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL,
DSO_FLAG_NAME_TRANSLATION);
if(cswift_dso == NULL)
{
ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
goto err;
}
if(!(p1 = (t_swAcquireAccContext *)
DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
!(p2 = (t_swAttachKeyParam *)
DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
!(p3 = (t_swSimpleRequest *)
DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
!(p4 = (t_swReleaseAccContext *)
DSO_bind_func(cswift_dso, CSWIFT_F4)))
{
ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_CSwift_AcquireAccContext = p1;
p_CSwift_AttachKeyParam = p2;
p_CSwift_SimpleRequest = p3;
p_CSwift_ReleaseAccContext = p4;
/* Try and get a context - if not, we may have a DSO but no
* accelerator! */
if(!get_context(&hac))
{
ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
goto err;
}
release_context(hac);
/* Everything's fine. */
return 1;
err:
if(cswift_dso)
DSO_free(cswift_dso);
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
p_CSwift_ReleaseAccContext = NULL;
return 0;
}
static int cswift_finish()
{
if(cswift_dso == NULL)
{
ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
return 0;
}
if(!DSO_free(cswift_dso))
{
ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
return 0;
}
cswift_dso = NULL;
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
p_CSwift_ReleaseAccContext = NULL;
return 1;
}
/* Un petit mod_exp */
static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/* I need somewhere to store temporary serialised values for
* use with the CryptoSwift API calls. A neat cheat - I'll use
* BIGNUMs from the BN_CTX but access their arrays directly as
* byte arrays <grin>. This way I don't have to clean anything
* up. */
BIGNUM *modulus;
BIGNUM *exponent;
BIGNUM *argument;
BIGNUM *result;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
int to_return, acquired;
modulus = exponent = argument = result = NULL;
to_return = 0; /* expect failure */
acquired = 0;
if(!get_context(&hac))
{
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
goto err;
}
acquired = 1;
/* Prepare the params */
modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if(!modulus || !exponent || !argument || !result)
{
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
{
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_EXP;
sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
(unsigned char *)modulus->d);
sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
(unsigned char *)exponent->d);
sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,
ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
goto err;
default:
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
arg.value = (unsigned char *)argument->d;
res.nbytes = BN_num_bytes(m);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
&res, 1)) != SW_OK)
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
if(acquired)
release_context(hac);
if(modulus) ctx->tos--;
if(exponent) ctx->tos--;
if(argument) ctx->tos--;
if(result) ctx->tos--;
return to_return;
}
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
{
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
BIGNUM *rsa_p = NULL;
BIGNUM *rsa_q = NULL;
BIGNUM *rsa_dmp1 = NULL;
BIGNUM *rsa_dmq1 = NULL;
BIGNUM *rsa_iqmp = NULL;
BIGNUM *argument = NULL;
BIGNUM *result = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
if(!get_context(&hac))
{
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
goto err;
}
acquired = 1;
/* Prepare the params */
rsa_p = BN_CTX_get(ctx);
rsa_q = BN_CTX_get(ctx);
rsa_dmp1 = BN_CTX_get(ctx);
rsa_dmq1 = BN_CTX_get(ctx);
rsa_iqmp = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp ||
!argument || !result)
{
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
!bn_wexpand(rsa_dmp1, dmp1->top) ||
!bn_wexpand(rsa_dmq1, dmq1->top) ||
!bn_wexpand(rsa_iqmp, iqmp->top) ||
!bn_wexpand(argument, a->top) ||
!bn_wexpand(result, p->top + q->top))
{
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_CRT;
sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
(unsigned char *)rsa_dmp1->d);
sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
(unsigned char *)rsa_dmq1->d);
sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
(unsigned char *)rsa_iqmp->d);
sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,
ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
goto err;
default:
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
arg.value = (unsigned char *)argument->d;
res.nbytes = 2 * BN_num_bytes(p);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
&res, 1)) != SW_OK)
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
if(acquired)
release_context(hac);
if(rsa_p) ctx->tos--;
if(rsa_q) ctx->tos--;
if(rsa_dmp1) ctx->tos--;
if(rsa_dmq1) ctx->tos--;
if(rsa_iqmp) ctx->tos--;
if(argument) ctx->tos--;
if(result) ctx->tos--;
return to_return;
}
static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
err:
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cswift_mod_exp(r, a, p, m, ctx);
}
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
unsigned char *ptr;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
BIGNUM *dsa_g = NULL;
BIGNUM *dsa_key = NULL;
BIGNUM *result = NULL;
DSA_SIG *to_return = NULL;
int acquired = 0;
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!get_context(&hac))
{
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
goto err;
}
acquired = 1;
/* Prepare the params */
dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
{
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(dsa_p, dsa->p->top) ||
!bn_wexpand(dsa_q, dsa->q->top) ||
!bn_wexpand(dsa_g, dsa->g->top) ||
!bn_wexpand(dsa_key, dsa->priv_key->top) ||
!bn_wexpand(result, dsa->p->top))
{
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_DSA;
sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
(unsigned char *)dsa_p->d);
sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
(unsigned char *)dsa_q->d);
sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
(unsigned char *)dsa_g->d);
sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
(unsigned char *)dsa_key->d);
sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,
ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
goto err;
default:
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = dlen;
arg.value = (unsigned char *)dgst;
res.nbytes = BN_num_bytes(dsa->p);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
&res, 1);
if(sw_status != SW_OK)
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
ptr = (unsigned char *)result->d;
if((to_return = DSA_SIG_new()) == NULL)
goto err;
to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
err:
if(acquired)
release_context(hac);
if(dsa_p) ctx->tos--;
if(dsa_q) ctx->tos--;
if(dsa_g) ctx->tos--;
if(dsa_key) ctx->tos--;
if(result) ctx->tos--;
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg[2], res;
unsigned long sig_result;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
BIGNUM *dsa_g = NULL;
BIGNUM *dsa_key = NULL;
BIGNUM *argument = NULL;
int to_return = -1;
int acquired = 0;
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!get_context(&hac))
{
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
goto err;
}
acquired = 1;
/* Prepare the params */
dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
{
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(dsa_p, dsa->p->top) ||
!bn_wexpand(dsa_q, dsa->q->top) ||
!bn_wexpand(dsa_g, dsa->g->top) ||
!bn_wexpand(dsa_key, dsa->pub_key->top) ||
!bn_wexpand(argument, 40))
{
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_DSA;
sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
(unsigned char *)dsa_p->d);
sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
(unsigned char *)dsa_q->d);
sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
(unsigned char *)dsa_g->d);
sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
(unsigned char *)dsa_key->d);
sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,
ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
goto err;
default:
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg[0].nbytes = dgst_len;
arg[0].value = (unsigned char *)dgst;
arg[1].nbytes = 40;
arg[1].value = (unsigned char *)argument->d;
memset(arg[1].value, 0, 40);
BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
res.nbytes = 4; /* unsigned long */
res.value = (unsigned char *)(&sig_result);
/* Perform the operation */
sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
&res, 1);
if(sw_status != SW_OK)
{
char tmpbuf[20];
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
to_return = ((sig_result == 0) ? 0 : 1);
err:
if(acquired)
release_context(hac);
if(dsa_p) ctx->tos--;
if(dsa_q) ctx->tos--;
if(dsa_g) ctx->tos--;
if(dsa_key) ctx->tos--;
if(argument) ctx->tos--;
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cswift_mod_exp(r, a, p, m, ctx);
}
#endif /* !NO_HW_CSWIFT */
#endif /* !NO_HW */

1019
crypto/engine/hw_ncipher.c
View File

File diff suppressed because it is too large Load Diff

61
crypto/engine/vendor_defns/atalla.h
View File

@@ -1,61 +0,0 @@
/* This header declares the necessary definitions for using the exponentiation
* acceleration capabilities of Atalla cards. The only cryptographic operation
* is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
* defines an "RSA private key". However, it is really only performing a
* regular mod_exp using the supplied modulus and exponent - no CRT form is
* being used. Hence, it is a generic mod_exp function in disguise, and we use
* it as such.
*
* Thanks to the people at Atalla for letting me know these definitions are
* fine and that they can be reproduced here.
*
* Geoff.
*/
typedef struct ItemStr
{
unsigned char *data;
int len;
} Item;
typedef struct RSAPrivateKeyStr
{
void *reserved;
Item version;
Item modulus;
Item publicExponent;
Item privateExponent;
Item prime[2];
Item exponent[2];
Item coefficient;
} RSAPrivateKey;
/* Predeclare the function pointer types that we dynamically load from the DSO.
* These use the same names and form that Ben's original support code had (in
* crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
* somewhere along the way!
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
unsigned char *output,
unsigned char *input,
unsigned int modulus_len);
/* These are the static string constants for the DSO file name and the function
* symbol names to bind to. Regrettably, the DSO name on *nix appears to be
* "atasi.so" rather than something more consistent like "libatasi.so". At the
* time of writing, I'm not sure what the file name on win32 is but clearly
* native name translation is not possible (eg libatasi.so on *nix, and
* atasi.dll on win32). For the purposes of testing, I have created a symbollic
* link called "libatasi.so" so that we can use native name-translation - a
* better solution will be needed. */
static const char *ATALLA_LIBNAME = "atasi";
static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";

213
crypto/engine/vendor_defns/cswift.h
View File

@@ -1,213 +0,0 @@
/* Attribution notice: Rainbow have generously allowed me to reproduce
* the necessary definitions here from their API. This means the support
* can build independently of whether application builders have the
* API or hardware. This will allow developers to easily produce software
* that has latent hardware support for any users that have accelertors
* installed, without the developers themselves needing anything extra.
*
* I have only clipped the parts from the CryptoSwift header files that
* are (or seem) relevant to the CryptoSwift support code. This is
* simply to keep the file sizes reasonable.
* [Geoff]
*/
/* NB: These type widths do *not* seem right in general, in particular
* they're not terribly friendly to 64-bit architectures (unsigned long)
* will be 64-bit on IA-64 for a start. I'm leaving these alone as they
* agree with Rainbow's API and this will only be called into question
* on platforms with Rainbow support anyway! ;-) */
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
typedef long SW_STATUS; /* status */
typedef unsigned char SW_BYTE; /* 8 bit byte */
typedef unsigned short SW_U16; /* 16 bit number */
#if defined(_IRIX)
#include <sgidefs.h>
typedef __uint32_t SW_U32;
#else
typedef unsigned long SW_U32; /* 32 bit integer */
#endif
#if defined(WIN32)
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#elif defined(MAC)
typedef longlong SW_U64
#else /* Unix variants */
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#endif
/* status codes */
#define SW_OK (0L)
#define SW_ERR_BASE (-10000L)
#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
/* up yet */
#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
/* time out */
#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
/* execute the command */
#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
/* NULL */
#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
/* small, too large. */
#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
/* handle */
#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
/* standing at this */
/* context handle */
#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
/* in SW_PARAM structure */
#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
/* context. */
/* swAttachKeyParam() is */
/* not called. */
#define SW_ERR_KEY_CMD_MISMATCH \
(SW_ERR_BASE-14)/* Cannot perform requested */
/* SW_COMMAND_CODE since */
/* key attached via */
/* swAttachKeyParam() */
/* cannot be used for this*/
/* SW_COMMAND_CODE. */
#define SW_ERR_NOT_IMPLEMENTED \
(SW_ERR_BASE-15)/* Not implemented */
#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
/* the "initems" or */
/* "outitems". */
#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
/* test fail, look at the */
/* selfTestBitmap in */
/* SW_ACCELERATOR_INFO for*/
/* details. */
#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
/* key materials aligned */
/* in certain order, e.g. */
/* 128 bit for CRT */
#define SW_ERR_OUTPUT_NULL_PTR \
(SW_ERR_BASE-21)/* a required pointer is */
/* NULL */
#define SW_ERR_OUTPUT_SIZE \
(SW_ERR_BASE-22)/* size is invalid, too */
/* small, too large. */
#define SW_ERR_FIRMWARE_CHECKSUM \
(SW_ERR_BASE-23)/* firmware checksum mismatch*/
/* download failed. */
#define SW_ERR_UNKNOWN_FIRMWARE \
(SW_ERR_BASE-24)/* unknown firmware error */
#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
/* it's waiting to be */
/* completed. */
#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
/* volatile memory */
#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
/* writing to NV memory */
#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
/* failure */
#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
/* calculations */
#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
/* board memory */
#define SW_ERR_FIRMWARE_VERSION \
(SW_ERR_BASE-32)/* Wrong version in firmware */
/* update */
#define SW_ERR_ZERO_WORKING_ACCELERATOR \
(SW_ERR_BASE-44)/* All accelerators are bad */
/* algorithm type */
#define SW_ALG_CRT 1
#define SW_ALG_EXP 2
#define SW_ALG_DSA 3
#define SW_ALG_NVDATA 4
/* command code */
#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
/* Chinese Remainder Theorem (CRT) */
#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
#define SW_CMD_RAND 5 /* perform random number generation */
#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
typedef SW_U32 SW_STATE; /* state */
typedef SW_U32 SW_COMMAND_CODE; /* command code */
typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
typedef struct _SW_LARGENUMBER {
SW_U32 nbytes; /* number of bytes in the buffer "value" */
SW_BYTE* value; /* the large integer as a string of */
/* bytes in network (big endian) order */
} SW_LARGENUMBER;
typedef struct _SW_CRT {
SW_LARGENUMBER p; /* prime number p */
SW_LARGENUMBER q; /* prime number q */
SW_LARGENUMBER dmp1; /* exponent1 */
SW_LARGENUMBER dmq1; /* exponent2 */
SW_LARGENUMBER iqmp; /* CRT coefficient */
} SW_CRT;
typedef struct _SW_EXP {
SW_LARGENUMBER modulus; /* modulus */
SW_LARGENUMBER exponent;/* exponent */
} SW_EXP;
typedef struct _SW_DSA {
SW_LARGENUMBER p; /* */
SW_LARGENUMBER q; /* */
SW_LARGENUMBER g; /* */
SW_LARGENUMBER key; /* private/public key */
} SW_DSA;
typedef struct _SW_NVDATA {
SW_U32 accnum; /* accelerator board number */
SW_U32 offset; /* offset in byte */
} SW_NVDATA;
typedef struct _SW_PARAM {
SW_ALGTYPE type; /* type of the alogrithm */
union {
SW_CRT crt;
SW_EXP exp;
SW_DSA dsa;
SW_NVDATA nvdata;
} up;
} SW_PARAM;
typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
/* Now the OpenSSL bits, these function types are the for the function
* pointers that will bound into the Rainbow shared libraries. */
typedef SW_STATUS t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
typedef SW_STATUS t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
SW_PARAM *key_params);
typedef SW_STATUS t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
SW_COMMAND_CODE cmd,
SW_LARGENUMBER pin[],
SW_U32 pin_count,
SW_LARGENUMBER pout[],
SW_U32 pout_count);
typedef SW_STATUS t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
#ifdef __cplusplus
}
#endif /* __cplusplus */

476
crypto/engine/vendor_defns/hwcryptohook.h
View File

@@ -1,476 +0,0 @@
/*
* ModExp / RSA (with/without KM) plugin API
*
* The application will load a dynamic library which
* exports entrypoint(s) defined in this file.
*
* This set of entrypoints provides only a multithreaded,
* synchronous-within-each-thread, facility.
*
*
* This file is Copyright 1998-1999 nCipher Corporation Limited.
*
* This file is provided for your information and assistance. You are
* permitted to copy it verbatim, to use it to create compatible
* software, and for review and comment. However, you may not
* distribute changed versions or other derivative works. All other
* rights are reserved.
*
* IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
* ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
* damages arising directly or indirectly from this file, its use or
* this licence. Without prejudice to the generality of the
* foregoing: all liability shall be excluded for direct, indirect,
* special, incidental, consequential or other damages or any loss of
* profits, business, revenue goodwill or anticipated savings;
* liability shall be excluded even if nCipher or anyone else has been
* advised of the possibility of damage. In any event, if the
* exclusion of liability is not effective, the liability of nCipher
* or any author or distributor shall be limited to the lesser of the
* price paid and 1,000 pounds sterling. This licence only fails to
* exclude or limit liability for death or personal injury arising out
* of negligence, and only to the extent that such an exclusion or
* limitation is not effective.
*
* NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
* AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
* limited to, any implied warranties of merchantability, fitness for
* a particular purpose, satisfactory quality, and/or non-infringement
* of any third party rights.
*
* US Government use: This software and documentation is Commercial
* Computer Software and Computer Software Documentation, as defined in
* sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
* Noncommercial Computer Software and Noncommercial Computer Software
* Documentation." Use, duplication or disclosure by the Government is
* subject to the terms and conditions specified here.
*
* By using or distributing this file you will be accepting these
* terms and conditions, including the limitation of liability and
* lack of warranty. If you do not wish to accept these terms and
* conditions, DO NOT USE THE FILE.
*
*
* The actual dynamically loadable plugin, and the library files for
* static linking, which are also provided in this distribution, are
* not covered by the licence described above. You should have
* received a separate licence with terms and conditions for these
* library files; if you received the library files without a licence,
* please contact nCipher.
*
*
* $Id: hwcryptohook.h,v 1.1.2.1 2000/06/13 16:19:53 levitte Exp $
*/
#ifndef HWCRYPTOHOOK_H
#define HWCRYPTOHOOK_H
#include <sys/types.h>
#include <stdio.h>
#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
#endif
#define HWCRYPTOHOOK_ERROR_FAILED -1
#define HWCRYPTOHOOK_ERROR_FALLBACK -2
#define HWCRYPTOHOOK_ERROR_MPISIZE -3
#if HWCRYPTOHOOK_DECLARE_APPTYPES
/* These structs are defined by the application and opaque to the
* crypto plugin. The application may define these as it sees fit.
* Default declarations are provided here, but the application may
* #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
* to prevent these declarations, and instead provide its own
* declarations of these types. (Pointers to them must still be
* ordinary pointers to structs or unions, or the resulting combined
* program will have a type inconsistency.)
*/
typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
/* These next two structs are opaque to the application. The crypto
* plugin will return pointers to them; the caller simply manipulates
* the pointers.
*/
typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
typedef struct {
char *buf;
size_t size;
} HWCryptoHook_ErrMsgBuf;
/* Used for error reporting. When a HWCryptoHook function fails it
* will return a sentinel value (0 for pointer-valued functions, or a
* negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
* integer-valued ones). It will, if an ErrMsgBuf is passed, also put
* an error message there.
*
* size is the size of the buffer. When the buffer is filled, it will
* always be null-terminated. If you pass 0 buf buf you must pass 0
* for size, and nothing will be recorded (just as if you passed 0 for
* the struct pointer). Size will not be modified when an error is
* recorded. The buffer is always null-terminated even if there is an
* overrun.
*
* The contents of the buffer are not defined if there is no error.
*/
typedef struct HWCryptoHook_MPIStruct {
unsigned char *buf;
size_t size;
} HWCryptoHook_MPI;
/* When one of these is returned, a pointer is passed to the function.
* At call, size is the space available. Afterwards it is updated.
* buf (the pointer) is not updated. size is in bytes and may be
* zero, but must be a multiple of the limb size. Zero limbs at the
* MS end are not permitted.
*/
#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
/* Enable requesting fallback to software in case of problems with the
* hardware support. This indicates to the crypto provider that the
* application is prepared to fall back to software operation if the
* ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
* Without this flag those calls will never return
* HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
* provider to avoid repeatedly attempting to contact dead hardware
* within a short interval, if appropriate.
*/
#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
/* Without _SimpleForkCheck the library is allowed to assume that the
* application will not fork and call the library in the child(ren).
*
* When it is specified, this is allowed. However, after a fork
* neither parent nor child may unload any loaded keys or call
* _Finish. Instead, they should call exit (or die with a signal)
* without calling _Finish. After all the children have died the
* parent may unload keys or call _Finish.
*
* This flag only has any effect on UN*X platforms.
*/
typedef struct {
unsigned long flags;
void *logstream; /* usually a FILE*. See below. */
size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
int mslimbfirst; /* 0 or 1 */
int msbytefirst; /* 0 or 1; -1 = native */
/* All the callback functions should return 0 on success, or a
* nonzero integer (whose value will be visible in the error message
* put in the buffer passed to the call).
*
* If a callback is not available pass a null function pointer.
*
* The callbacks may not call down again into the crypto plugin.
*/
/* For thread-safety. Set everything to 0 if you promise only to be
* singlethreaded. maxsimultaneous is the number of calls to
* ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
* put there then say 0 and the hook library will use a default.
*
* maxmutexes is a small limit on the number of simultaneous mutexes
* which will be requested by the library. If there is no small
* limit, set it to 0. If the crypto plugin cannot create the
* advertised number of mutexes the calls to its functions may fail.
* If a low number of mutexes is advertised the plugin will try to
* do the best it can. Making larger numbers of mutexes available
* may improve performance and parallelism by reducing contention
* over critical sections. Unavailability of any mutexes, implying
* single-threaded operation, should be indicated by the setting
* mutex_init et al to 0.
*/
int maxmutexes;
int maxsimultaneous;
size_t mutexsize;
int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
int (*mutex_acquire)(HWCryptoHook_Mutex*);
void (*mutex_release)(HWCryptoHook_Mutex*);
void (*mutex_destroy)(HWCryptoHook_Mutex*);
/* For greater efficiency, can use condition vars internally for
* synchronisation. In this case maxsimultaneous is ignored, but
* the other mutex stuff must be available. In singlethreaded
* programs, set everything to 0.
*/
size_t condvarsize;
int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
void (*condvar_signal)(HWCryptoHook_CondVar*);
void (*condvar_broadcast)(HWCryptoHook_CondVar*);
void (*condvar_destroy)(HWCryptoHook_CondVar*);
/* The semantics of acquiring and releasing mutexes and broadcasting
* and waiting on condition variables are expected to be those from
* POSIX threads (pthreads). The mutexes may be (in pthread-speak)
* fast mutexes, recursive mutexes, or nonrecursive ones.
*
* The _release/_signal/_broadcast and _destroy functions must
* always succeed when given a valid argument; if they are given an
* invalid argument then the program (crypto plugin + application)
* has an internal error, and they should abort the program.
*/
int (*getpassphrase)(const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx);
/* Passphrases and the prompt_info, if they contain high-bit-set
* characters, are UTF-8. The prompt_info may be a null pointer if
* no prompt information is available (it should not be an empty
* string). It will not contain text like `enter passphrase';
* instead it might say something like `Operator Card for John
* Smith' or `SmartCard in nFast Module #1, Slot #1'.
*
* buf points to a buffer in which to return the passphrase; on
* entry *len_io is the length of the buffer. It should be updated
* by the callback. The returned passphrase should not be
* null-terminated by the callback.
*/
int (*getphystoken)(const char *prompt_info,
const char *wrong_info,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx);
/* Requests that the human user physically insert a different
* smartcard, DataKey, etc. The plugin should check whether the
* currently inserted token(s) are appropriate, and if they are it
* should not make this call.
*
* prompt_info is as before. wrong_info is a description of the
* currently inserted token(s) so that the user is told what
* something is. wrong_info, like prompt_info, may be null, but
* should not be an empty string. Its contents should be
* syntactically similar to that of prompt_info.
*/
/* Note that a single LoadKey operation might cause several calls to
* getpassphrase and/or requestphystoken. If requestphystoken is
* not provided (ie, a null pointer is passed) then the plugin may
* not support loading keys for which authorisation by several cards
* is required. If getpassphrase is not provided then cards with
* passphrases may not be supported.
*
* getpassphrase and getphystoken do not need to check that the
* passphrase has been entered correctly or the correct token
* inserted; the crypto plugin will do that. If this is not the
* case then the crypto plugin is responsible for calling these
* routines again as appropriate until the correct token(s) and
* passphrase(s) are supplied as required, or until any retry limits
* implemented by the crypto plugin are reached.
*
* In either case, the application must allow the user to say `no'
* or `cancel' to indicate that they do not know the passphrase or
* have the appropriate token; this should cause the callback to
* return nonzero indicating error.
*/
void (*logmessage)(void *logstream, const char *message);
/* A log message will be generated at least every time something goes
* wrong and an ErrMsgBuf is filled in (or would be if one was
* provided). Other diagnostic information may be written there too,
* including more detailed reasons for errors which are reported in an
* ErrMsgBuf.
*
* When a log message is generated, this callback is called. It
* should write a message to the relevant logging arrangements.
*
* The message string passed will be null-terminated and may be of arbitrary
* length. It will not be prefixed by the time and date, nor by the
* name of the library that is generating it - if this is required,
* the logmessage callback must do it. The message will not have a
* trailing newline (though it may contain internal newlines).
*
* If a null pointer is passed for logmessage a default function is
* used. The default function treats logstream as a FILE* which has
* been converted to a void*. If logstream is 0 it does nothing.
* Otherwise it prepends the date and time and library name and
* writes the message to logstream. Each line will be prefixed by a
* descriptive string containing the date, time and identity of the
* crypto plugin. Errors on the logstream are not reported
* anywhere, and the default function doesn't flush the stream, so
* the application must set the buffering how it wants it.
*
* The crypto plugin may also provide a facility to have copies of
* log messages sent elsewhere, and or for adjusting the verbosity
* of the log messages; any such facilities will be configured by
* external means.
*/
} HWCryptoHook_InitInfo;
typedef
HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
size_t initinfosize,
HWCryptoHook_ErrMsgBuf *errors,
HWCryptoHook_CallerContext *cactx);
extern HWCryptoHook_Init_t HWCryptoHook_Init;
/* Caller should set initinfosize to the size of the HWCryptoHook struct,
* so it can be extended later.
*
* On success, a message for display or logging by the server,
* including the name and version number of the plugin, will be filled
* in into *errors; on failure *errors is used for error handling, as
* usual.
*/
/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
* on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
* the output MPI buffer(s) was too small; the sizes of all have been
* set to the desired size (and for those where the buffer was large
* enough, the value may have been copied in), and no error message
* has been recorded.
*
* You may pass 0 for the errors struct. In any case, unless you set
* _NoStderr at init time then messages may be reported to stderr.
*/
/* The RSAImmed* functions (and key managed RSA) only work with
* modules which have an RSA patent licence - currently that means KM
* units; the ModExp* ones work with all modules, so you need a patent
* licence in the software in the US.
*/
typedef
void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
/* You must not have any calls going or keys loaded when you call this. */
typedef
int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
unsigned char *buf, size_t len,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
typedef
int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI n,
HWCryptoHook_MPI *r,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
typedef
int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI e,
HWCryptoHook_MPI n,
HWCryptoHook_MPI *r,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
typedef
int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI q,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
HWCryptoHook_MPI *r,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
typedef
int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI p,
HWCryptoHook_MPI q,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
HWCryptoHook_MPI *r,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
/* The RSAImmed* and ModExp* functions may return E_FAILED or
* E_FALLBACK for failure.
*
* E_FAILED means the failure is permanent and definite and there
* should be no attempt to fall back to software. (Eg, for some
* applications, which support only the acceleration-only
* functions, the `key material' may actually be an encoded key
* identifier, and doing the operation in software would give wrong
* answers.)
*
* E_FALLBACK means that doing the computation in software would seem
* reasonable. If an application pays attention to this and is
* able to fall back, it should also set the Fallback init flags.
*/
typedef
int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
const char *key_ident,
HWCryptoHook_RSAKeyHandle *keyhandle_r,
const HWCryptoHook_ErrMsgBuf *errors,
HWCryptoHook_PassphraseContext *ppctx);
extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
/* The key_ident is a null-terminated string configured by the
* user via the application's usual configuration mechanisms.
* It is provided to the user by the crypto provider's key management
* system. The user must be able to enter at least any string of between
* 1 and 1023 characters inclusive, consisting of printable 7-bit
* ASCII characters. The provider should avoid using
* any characters except alphanumerics and the punctuation
* characters _ - + . / @ ~ (the user is expected to be able
* to enter these without quoting). The string may be case-sensitive.
* The application may allow the user to enter other NULL-terminated strings,
* and the provider must cope (returning an error if the string is not
* valid).
*
* If the key does not exist, it is _not_ an error - in that case,
* keyhandle_r will be set to 0 instead of to a key handle.
*/
typedef
int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
HWCryptoHook_MPI *n,
HWCryptoHook_MPI *e,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
/* The crypto plugin will not store certificates.
*
* Although this function for acquiring the public key value is
* provided, it is not the purpose of this API to deal fully with the
* handling of the public key.
*
* It is expected that the crypto supplier's key generation program
* will provide general facilities for producing X.509
* self-certificates and certificate requests in PEM format. These
* will be given to the user so that they can configure them in the
* application, send them to CAs, or whatever.
*
* In case this kind of certificate handling is not appropriate, the
* crypto supplier's key generation program should be able to be
* configured not to generate such a self-certificate or certificate
* request. Then the application will need to do all of this, and
* will need to store and handle the public key and certificates
* itself.
*/
typedef
int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
/* Might fail due to locking problems, or other serious internal problems. */
typedef
int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
HWCryptoHook_RSAKeyHandle k,
HWCryptoHook_MPI *r,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
#endif /*HWCRYPTOHOOK_H*/

29
crypto/err/Makefile.ssl
View File

@@ -93,21 +93,20 @@ err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
err_all.o: ../../include/openssl/x509v3.h
err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

2
crypto/err/err.c
View File

@@ -157,7 +157,6 @@ static ERR_STRING_DATA ERR_str_libraries[]=
{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"},
{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"},
{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"},
{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"},
{0,NULL},
};
@@ -209,7 +208,6 @@ static ERR_STRING_DATA ERR_str_reasons[]=
{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"},
{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"},
{ERR_R_DSO_LIB ,"DSO lib"},
{ERR_R_ENGINE_LIB ,"ENGINE lib"},
{0,NULL},
};

3
crypto/err/err.h
View File

@@ -132,7 +132,6 @@ typedef struct err_state_st
#define ERR_LIB_PKCS12 35
#define ERR_LIB_RAND 36
#define ERR_LIB_DSO 37
#define ERR_LIB_ENGINE 38
#define ERR_LIB_USER 128
@@ -162,7 +161,6 @@ typedef struct err_state_st
#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
@@ -212,7 +210,6 @@ typedef struct err_state_st
#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
#define ERR_R_DSO_LIB ERR_LIB_DSO
#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
/* fatal error */
#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)

4
crypto/err/err_all.c
View File

@@ -81,9 +81,8 @@
#include <openssl/conf.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/err.h>
#include <openssl/dso.h>
void ERR_load_crypto_strings(void)
{
@@ -121,6 +120,5 @@ void ERR_load_crypto_strings(void)
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
ERR_load_ENGINE_strings();
#endif
}

1
crypto/err/openssl.ec
View File

@@ -23,7 +23,6 @@ L RSAREF rsaref/rsaref.h rsaref/rsar_err.c
L SSL ssl/ssl.h ssl/ssl_err.c
L COMP crypto/comp/comp.h crypto/comp/comp_err.c
L RAND crypto/rand/rand.h crypto/rand/rand_err.c
L ENGINE crypto/engine/engine.h crypto/engine/engine_err.c
F RSAREF_F_RSA_BN2BIN

2
crypto/evp/e_bf.c
View File

@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
0, bf_init_key, NULL,
EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

6
crypto/evp/evp.h
View File

@@ -554,9 +554,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(char *prompt);
char * EVP_get_pw_prompt(void);
int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
unsigned char *data, int datal, int count,
unsigned char *key,unsigned char *iv);
int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key, unsigned char *iv);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);

6
crypto/evp/evp_key.c
View File

@@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
#endif
}
int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
unsigned char *data, int datal, int count, unsigned char *key,
unsigned char *iv)
int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key, unsigned char *iv)
{
EVP_MD_CTX c;
unsigned char md_buf[EVP_MAX_MD_SIZE];

3
crypto/install.com
View File

@@ -34,7 +34,7 @@ $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
$
$ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
DES,RC2,RC4,RC5,IDEA,BF,CAST,-
BN,RSA,DSA,DH,DSO,ENGINE,-
BN,RSA,DSA,DH,DSO,-
BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP
$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h
@@ -57,7 +57,6 @@ $ EXHEADER_RSA := rsa.h
$ EXHEADER_DSA := dsa.h
$ EXHEADER_DH := dh.h
$ EXHEADER_DSO := dso.h
$ EXHEADER_ENGINE := engine.h
$ EXHEADER_BUFFER := buffer.h
$ EXHEADER_BIO := bio.h
$ EXHEADER_STACK := stack.h,safestack.h

6
crypto/opensslv.h
View File

@@ -2,7 +2,7 @@
#define HEADER_OPENSSLV_H
/* Numeric release version identifier:
* MMNNFFPPS: major minor fix patch status
* MNNFFPPS: major minor fix patch status
* The status nibble has one of the values 0 for development, 1 to e for betas
* 1 to 14, and f for release. The patch level is exactly that.
* For example:
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x0090601fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001"
#define OPENSSL_VERSION_NUMBER 0x0090602fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b 9 Jul 2001"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

2
crypto/perlasm/x86unix.pl
View File

@@ -79,7 +79,7 @@ sub main'DWP
local($addr,$reg1,$reg2,$idx)=@_;
$ret="";
$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
$addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
$reg1="$regs{$reg1}" if defined($regs{$reg1});
$reg2="$regs{$reg2}" if defined($regs{$reg2});
$ret.=$addr if ($addr ne "") && ($addr ne 0);

17
crypto/rand/Makefile.ssl
View File

@@ -92,22 +92,7 @@ rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rand_err.o: ../../include/openssl/symhacks.h
rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rand_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
rand_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
rand_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
rand_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
rand_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
rand_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
rand_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rand_lib.o: ../../include/openssl/symhacks.h
rand_lib.o: ../../include/openssl/rand.h
rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

124
crypto/rand/md_rand.c
View File

@@ -141,10 +141,11 @@ static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
/* This should be set to 1 only when ssleay_rand_add() is called inside
an already locked state, so it doesn't try to lock and thereby cause
a hang. And it should always be reset back to 0 before unlocking. */
static int add_do_not_lock=0;
static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
* holds CRYPTO_LOCK_RAND
* (to prevent double locking) */
static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
#ifdef PREDICT
int rand_predictable=0;
@@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
MD_CTX m;
int do_not_lock;
/*
* (Based on the rand(3) manpage)
@@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
* hash function.
*/
if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* check if we already have the lock */
do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx=state_index;
/* use our own copies of the counters so that even
@@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
{
@@ -281,7 +286,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
}
memset((char *)&m,0,sizeof(m));
if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as
@@ -292,7 +297,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
}
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
#if !defined(THREADS) && !defined(WIN32)
assert(md_c[1] == md_count[1]);
@@ -308,6 +313,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
{
static volatile int stirred_pool = 0;
int i,j,k,st_num,st_idx;
int num_ceil;
int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
@@ -328,33 +334,42 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
}
#endif
if (num <= 0)
return 1;
/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
/*
* (Based on the rand(3) manpage:)
*
* For each group of 10 bytes (or less), we do the following:
*
* Input into the hash function the top 10 bytes from the
* local 'md' (which is initialized from the global 'md'
* before any bytes are generated), the bytes that are
* to be overwritten by the random bytes, and bytes from the
* 'state' (incrementing looping index). From this digest output
* (which is kept in 'md'), the top (up to) 10 bytes are
* returned to the caller and the bottom (up to) 10 bytes are xored
* into the 'state'.
* Input into the hash function the local 'md' (which is initialized from
* the global 'md' before any bytes are generated), the bytes that are to
* be overwritten by the random bytes, and bytes from the 'state'
* (incrementing looping index). From this digest output (which is kept
* in 'md'), the top (up to) 10 bytes are returned to the caller and the
* bottom 10 bytes are xored into the 'state'.
*
* Finally, after we have finished 'num' random bytes for the
* caller, 'count' (which is incremented) and the local and global 'md'
* are fed into the hash function and the results are kept in the
* global 'md'.
*/
if (!initialized)
RAND_poll();
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
this locked state. */
initialized = 1;
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
crypto_lock_rand = 1;
locking_thread = CRYPTO_thread_id();
if (!initialized)
{
RAND_poll();
initialized = 1;
}
if (!stirred_pool)
do_stir_pool = 1;
@@ -380,11 +395,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
if (do_stir_pool)
{
/* Our output function chains only half of 'md', so we better
* make sure that the required entropy gets 'evenly distributed'
* through 'state', our randomness pool. The input function
* (ssleay_rand_add) chains all of 'md', which makes it more
* suitable for this purpose.
/* In the output function only half of 'md' remains secret,
* so we better make sure that the required entropy gets
* 'evenly distributed' through 'state', our randomness pool.
* The input function (ssleay_rand_add) chains all of 'md',
* which makes it more suitable for this purpose.
*/
int n = STATE_SIZE; /* so that the complete pool gets accessed */
@@ -409,21 +424,23 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
md_c[1] = md_count[1];
memcpy(local_md, md, sizeof md);
state_index+=num;
state_index+=num_ceil;
if (state_index > state_num)
state_index %= state_num;
/* state[st_idx], ..., state[(st_idx + num - 1) % st_num]
/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
* are now ours (but other threads may use them too) */
md_count[0] += 1;
add_do_not_lock = 0; /* If this would ever be forgotten, we can
expect any evil god to eat our souls. */
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
{
/* num_ceil -= MD_DIGEST_LENGTH/2 */
j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
num-=j;
MD_Init(&m);
@@ -434,27 +451,28 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
curr_pid = 0;
}
#endif
MD_Update(&m,&(local_md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
MD_Update(&m,local_md,MD_DIGEST_LENGTH);
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
#ifndef PURIFY
MD_Update(&m,buf,j); /* purify complains */
#endif
k=(st_idx+j)-st_num;
k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
if (k > 0)
{
MD_Update(&m,&(state[st_idx]),j-k);
MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
MD_Update(&m,&(state[0]),k);
}
else
MD_Update(&m,&(state[st_idx]),j);
MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
MD_Final(local_md,&m);
for (i=0; i<j; i++)
for (i=0; i<MD_DIGEST_LENGTH/2; i++)
{
state[st_idx++]^=local_md[i]; /* may compete with other threads */
*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
if (st_idx >= st_num)
st_idx=0;
if (i < j)
*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
}
}
@@ -483,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
{
int ret;
unsigned long err;
ret = RAND_bytes(buf, num);
if (ret == 0)
{
long err = ERR_peek_error();
err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
(void)ERR_get_error();
@@ -498,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
static int ssleay_rand_status(void)
{
int ret;
int do_not_lock;
/* check if we already have the lock
* (could happen if a RAND_poll() implementation calls RAND_status()) */
do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
if (!do_not_lock)
{
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
crypto_lock_rand = 1;
locking_thread = CRYPTO_thread_id();
}
if (!initialized)
{
RAND_poll();
initialized = 1;
}
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
initialized = 1;
ret = entropy >= ENTROPY_NEEDED;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
if (!do_not_lock)
{
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
return ret;
}

4
crypto/rand/rand.h
View File

@@ -79,9 +79,7 @@ typedef struct rand_meth_st
extern int rand_predictable;
#endif
struct engine_st;
int RAND_set_rand_method(struct engine_st *meth);
void RAND_set_rand_method(RAND_METHOD *meth);
RAND_METHOD *RAND_get_rand_method(void );
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );

57
crypto/rand/rand_lib.c
View File

@@ -59,78 +59,59 @@
#include <stdio.h>
#include <time.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
static ENGINE *rand_engine=NULL;
#ifdef NO_RAND
static RAND_METHOD *rand_meth=NULL;
#else
extern RAND_METHOD rand_ssleay_meth;
static RAND_METHOD *rand_meth= &rand_ssleay_meth;
#endif
#if 0
void RAND_set_rand_method(RAND_METHOD *meth)
{
rand_meth=meth;
}
#else
int RAND_set_rand_method(ENGINE *engine)
{
ENGINE *mtmp;
mtmp = rand_engine;
if (!ENGINE_init(engine))
return 0;
rand_engine = engine;
/* SHOULD ERROR CHECK THIS!!! */
ENGINE_finish(mtmp);
return 1;
}
#endif
RAND_METHOD *RAND_get_rand_method(void)
{
if (rand_engine == NULL
&& (rand_engine = ENGINE_get_default_RAND()) == NULL)
return NULL;
return ENGINE_get_RAND(rand_engine);
return(rand_meth);
}
void RAND_cleanup(void)
{
RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->cleanup)
meth->cleanup();
if (rand_meth != NULL)
rand_meth->cleanup();
}
void RAND_seed(const void *buf, int num)
{
RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->seed)
meth->seed(buf,num);
if (rand_meth != NULL)
rand_meth->seed(buf,num);
}
void RAND_add(const void *buf, int num, double entropy)
{
RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->add)
meth->add(buf,num,entropy);
if (rand_meth != NULL)
rand_meth->add(buf,num,entropy);
}
int RAND_bytes(unsigned char *buf, int num)
{
RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->bytes)
return meth->bytes(buf,num);
if (rand_meth != NULL)
return rand_meth->bytes(buf,num);
return(-1);
}
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->pseudorand)
return meth->pseudorand(buf,num);
if (rand_meth != NULL)
return rand_meth->pseudorand(buf,num);
return(-1);
}
int RAND_status(void)
{
RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->status)
return meth->status();
if (rand_meth != NULL)
return rand_meth->status();
return 0;
}

8
crypto/rand/randfile.c
View File

@@ -211,6 +211,12 @@ const char *RAND_file_name(char *buf, size_t size)
{
if (OPENSSL_issetugid() == 0)
s=getenv("HOME");
#ifdef DEFAULT_HOME
if (s == NULL)
{
s = DEFAULT_HOME;
}
#endif
if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
{
strcpy(buf,s);
@@ -220,7 +226,7 @@ const char *RAND_file_name(char *buf, size_t size)
strcat(buf,RFILE);
ret=buf;
}
else
else
buf[0] = '\0'; /* no file name */
}
return(ret);

69
crypto/rsa/Makefile.ssl
View File

@@ -87,23 +87,13 @@ rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_chk.o: ../../include/openssl/symhacks.h
rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_eay.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_eay.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h
rsa_eay.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
rsa_eay.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
rsa_eay.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
rsa_eay.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rsa_eay.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_eay.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
@@ -119,24 +109,14 @@ rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_gen.o: ../cryptlib.h
rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
rsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
rsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_lib.o: ../cryptlib.h
rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
@@ -197,20 +177,19 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
rsa_sign.o: ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
rsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
rsa_sign.o: ../cryptlib.h
rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

16
crypto/rsa/rsa.h
View File

@@ -114,11 +114,7 @@ struct rsa_st
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
int version;
#if 0
RSA_METHOD *meth;
#else
struct engine_st *engine;
#endif
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
@@ -172,11 +168,7 @@ struct rsa_st
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA * RSA_new(void);
#if 0
RSA * RSA_new_method(RSA_METHOD *method);
#else
RSA * RSA_new_method(struct engine_st *engine);
#endif
int RSA_size(RSA *);
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
@@ -194,14 +186,10 @@ void RSA_free (RSA *r);
int RSA_flags(RSA *r);
void RSA_set_default_openssl_method(RSA_METHOD *meth);
RSA_METHOD *RSA_get_default_openssl_method(void);
void RSA_set_default_method(RSA_METHOD *meth);
RSA_METHOD *RSA_get_default_method(void);
RSA_METHOD *RSA_get_method(RSA *rsa);
#if 0
RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
#else
int RSA_set_method(RSA *rsa, struct engine_st *engine);
#endif
/* This function needs the memory locking malloc callbacks to be installed */
int RSA_memory_lock(RSA *r);

35
crypto/rsa/rsa_eay.c
View File

@@ -61,7 +61,6 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#ifndef RSA_NULL
@@ -98,13 +97,11 @@ RSA_METHOD *RSA_PKCS1_SSLeay(void)
static int RSA_eay_public_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -162,8 +159,8 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
/* put in leading 0 bytes if the number is less than the
@@ -189,13 +186,11 @@ err:
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
@@ -235,10 +230,10 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
}
if (rsa->flags & RSA_FLAG_BLINDING)
@@ -267,14 +262,12 @@ err:
static int RSA_eay_private_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
const RSA_METHOD *meth;
BIGNUM f,ret;
int j,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
ctx=BN_CTX_new();
@@ -311,10 +304,10 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
goto err;
}
@@ -362,14 +355,12 @@ err:
static int RSA_eay_public_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
const RSA_METHOD *meth;
BIGNUM f,ret;
int i,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
ctx=BN_CTX_new();
@@ -416,8 +407,8 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
p=buf;
@@ -452,12 +443,10 @@ err:
static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
{
const RSA_METHOD *meth;
BIGNUM r1,m1,vrfy;
int ret=0;
BN_CTX *ctx;
meth = ENGINE_get_RSA(rsa->engine);
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&m1);
BN_init(&r1);
@@ -515,11 +504,11 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
}
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;
if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
rsa->_method_mod_p)) goto err;
if (!BN_sub(r0,r0,&m1)) goto err;
@@ -544,10 +533,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
if (rsa->e && rsa->n)
{
if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
if (BN_cmp(I, &vrfy) != 0)
{
if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
}
}
ret=1;

88
crypto/rsa/rsa_lib.c
View File

@@ -62,7 +62,6 @@
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
@@ -75,26 +74,12 @@ RSA *RSA_new(void)
return(RSA_new_method(NULL));
}
void RSA_set_default_openssl_method(RSA_METHOD *meth)
void RSA_set_default_method(RSA_METHOD *meth)
{
ENGINE *e;
/* We'll need to notify the "openssl" ENGINE of this
* change too. We won't bother locking things down at
* our end as there was never any locking in these
* functions! */
if(default_RSA_meth != meth)
{
default_RSA_meth = meth;
e = ENGINE_by_id("openssl");
if(e)
{
ENGINE_set_RSA(e, meth);
ENGINE_free(e);
}
}
default_RSA_meth=meth;
}
RSA_METHOD *RSA_get_default_openssl_method(void)
RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
@@ -114,10 +99,9 @@ RSA_METHOD *RSA_get_default_openssl_method(void)
RSA_METHOD *RSA_get_method(RSA *rsa)
{
return ENGINE_get_RSA(rsa->engine);
return rsa->meth;
}
#if 0
RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
{
RSA_METHOD *mtmp;
@@ -127,32 +111,9 @@ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
if (meth->init) meth->init(rsa);
return mtmp;
}
#else
int RSA_set_method(RSA *rsa, ENGINE *engine)
{
ENGINE *mtmp;
RSA_METHOD *meth;
mtmp = rsa->engine;
meth = ENGINE_get_RSA(mtmp);
if (!ENGINE_init(engine))
return 0;
if (meth->finish) meth->finish(rsa);
rsa->engine = engine;
meth = ENGINE_get_RSA(engine);
if (meth->init) meth->init(rsa);
/* SHOULD ERROR CHECK THIS!!! */
ENGINE_finish(mtmp);
return 1;
}
#endif
#if 0
RSA *RSA_new_method(RSA_METHOD *meth)
#else
RSA *RSA_new_method(ENGINE *engine)
#endif
{
RSA_METHOD *meth;
RSA *ret;
ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
@@ -162,17 +123,10 @@ RSA *RSA_new_method(ENGINE *engine)
return(NULL);
}
if (engine == NULL)
{
if((ret->engine=ENGINE_get_default_RSA()) == NULL)
{
OPENSSL_free(ret);
return NULL;
}
}
if (meth == NULL)
ret->meth=RSA_get_default_method();
else
ret->engine=engine;
meth = ENGINE_get_RSA(ret->engine);
ret->meth=meth;
ret->pad=0;
ret->version=0;
@@ -190,9 +144,9 @@ RSA *RSA_new_method(ENGINE *engine)
ret->_method_mod_q=NULL;
ret->blinding=NULL;
ret->bignum_data=NULL;
ret->flags=meth->flags;
ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data);
OPENSSL_free(ret);
@@ -203,7 +157,6 @@ RSA *RSA_new_method(ENGINE *engine)
void RSA_free(RSA *r)
{
RSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -221,10 +174,8 @@ void RSA_free(RSA *r)
}
#endif
meth = ENGINE_get_RSA(r->engine);
if (meth->finish != NULL)
meth->finish(r);
ENGINE_finish(r->engine);
if (r->meth->finish != NULL)
r->meth->finish(r);
CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
@@ -267,34 +218,30 @@ int RSA_size(RSA *r)
int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
from, to, rsa, padding));
return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
}
int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
from, to, rsa, padding));
return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
from, to, rsa, padding));
return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
}
int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
from, to, rsa, padding));
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
int RSA_flags(RSA *r)
{
return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
return((r == NULL)?0:r->meth->flags);
}
void RSA_blinding_off(RSA *rsa)
@@ -328,8 +275,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
if (!BN_rand_range(A,rsa->n)) goto err;
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
rsa->e,rsa->n,ctx,rsa->_method_mod_n))
if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
rsa->flags|=RSA_FLAG_BLINDING;

29
crypto/rsa/rsa_oaep.c
View File

@@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
int i, dblen, mlen = -1;
unsigned char *maskeddb;
int lzero;
unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
if (--num < 2 * SHA_DIGEST_LENGTH + 1)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
return (-1);
}
goto decoding_err;
lzero = num - flen;
if (lzero < 0)
goto decoding_err;
maskeddb = from - lzero + SHA_DIGEST_LENGTH;
dblen = num - SHA_DIGEST_LENGTH;
db = OPENSSL_malloc(dblen);
if (db == NULL)
@@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
return (-1);
}
lzero = num - flen;
maskeddb = from - lzero + SHA_DIGEST_LENGTH;
MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i - lzero];
@@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
goto decoding_err;
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
if (db[i] != 0x00)
break;
if (db[i] != 0x01 || i++ >= dblen)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
RSA_R_OAEP_DECODING_ERROR);
goto decoding_err;
else
{
mlen = dblen - i;
if (tlen < mlen)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
mlen = -1;
}
else
@@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
}
OPENSSL_free(db);
return (mlen);
decoding_err:
/* to avoid chosen ciphertext attacks, the error message should not reveal
* which kind of decoding error happened */
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
if (db != NULL) OPENSSL_free(db);
return -1;
}
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)

7
crypto/rsa/rsa_sign.c
View File

@@ -62,7 +62,6 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/engine.h>
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
@@ -77,8 +76,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
if(rsa->flags & RSA_FLAG_SIGN_VER)
return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
m, m_len, sigret, siglen, rsa);
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
/* Special case: SSL signature, just check the length */
if(type == NID_md5_sha1) {
if(m_len != SSL_SIG_LENGTH) {
@@ -153,8 +151,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
}
if(rsa->flags & RSA_FLAG_SIGN_VER)
return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
m, m_len, sigbuf, siglen, rsa);
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)

4
crypto/symhacks.h
View File

@@ -138,8 +138,8 @@
#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
/* Hack some long ENGINE names */
#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt
#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt
#endif /* defined VMS */

2
crypto/x509/x509_obj.c
View File

@@ -214,6 +214,8 @@ int i;
}
else
p=buf;
if (i == 0)
*p = '\0';
return(p);
err:
X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);

3
crypto/x509/x509_trs.c
View File

@@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
{
if(x->aux) return obj_trust(trust->arg1, x, flags);
if(x->aux && (x->aux->trust || x->aux->reject))
return obj_trust(trust->arg1, x, flags);
/* we don't have any trust settings: for compatibility
* we return trusted if it is self signed
*/

Some files were not shown because too many files have changed in this diff Show More