Roll OpenSSL-0.9.7-beta2

Submitted by:
Reviewed by:
PR:

CHANGES

@@ -2,48 +2,38 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7 and 0.9.8  [xx XXX 2002]
-
-  *) Add a function EC_GROUP_check_discriminant() (defined via
-     EC_METHOD) that verifies that the curve discriminant is non-zero.
-
-     Add a function EC_GROUP_check() that makes some sanity tests
-     on a EC_GROUP, its generator and order.  This includes
-     EC_GROUP_check_discriminant().
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Add ECDSA in new directory crypto/ecdsa/.
-
-     Add applications 'openssl ecdsaparam' and 'openssl ecdsa'
-     (these are variants of 'openssl dsaparam' and 'openssl dsa').
-
-     ECDSA support is also included in various other files across the
-     library.  Most notably,
-     - 'openssl req' now has a '-newkey ecdsa:file' option;
-     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
-     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
-       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
-       them suitable for ECDSA where domain parameters must be
-       extracted before the specific public key.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Include some named elliptic curves, and add OIDs from X9.62,
-     SECG, and WAP/WTLS.  The curves can be obtained from the new
-     functions
-          EC_GROUP_new_by_nid()
-          EC_GROUP_new_by_name()
-     Also add a 'nid' field to EC_GROUP objects, which can be accessed
-     via
-         EC_GROUP_set_nid()
-         EC_GROUP_get_nid()
-     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
- 
  Changes between 0.9.6d and 0.9.7  [XX xxx 2002]
 
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+     [Lutz Jaenicke]
+
   *) Make object definitions compliant to LDAP (RFC2256): SN is the short
      form for "surname", serialNumber has no short form.
      Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
      therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
      Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
      [Lutz Jaenicke]
 
@@ -350,6 +340,10 @@
      By default, clients may request session resumption even during
      renegotiation (if session ID contexts permit); with this option,
      session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
      [Bodo Moeller]
 
   *) Add some demos for certificate and certificate request creation.
@@ -1053,9 +1047,16 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
   *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
      handle the new API. Currently only ECB, CBC modes supported. Add new
-     AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites
-     for TLS" draft-ietf-tls-ciphersuite-03.txt.
-     [Ben Laurie, Steve Henson]
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in the "AES Ciphersuites
+     for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet
+     official, they are not enabled by default and are not even part
+     of the "ALL" ciphersuite alias; for now, they must be explicitly
+     requested by specifying the new "AESdraft" ciphersuite alias. If
+     you want the default ciphersuite list plus the new ciphersuites,
+     use "DEFAULT:AESdraft:@STRENGTH".
+     [Ben Laurie, Steve Henson, Bodo Moeller]
 
   *) New function OCSP_copy_nonce() to copy nonce value (if present) from
      request to response.
@@ -1625,7 +1626,29 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6c and 0.9.6d  [XX xxx 2002]
+ Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
+
+  *) Fix EVP_dsa_sha macro.
+     [Nils Larsch]
+
+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
 
   *) Check various X509_...() return values in apps/req.c.
      [Nils Larsch <nla@trustcenter.de>]

Configure

@@ -144,8 +144,9 @@ my %table=(
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -168,6 +169,7 @@ my %table=(
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
 "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -195,10 +197,10 @@ my %table=(
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
 #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -254,6 +256,9 @@ my %table=(
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# 64bit PARISC for GCC without optimization, which seems to make problems.
+# Submitted by <ross.alexander@uk.neceur.com>
+"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IA-64 targets
 # I have no idea if this one actually works, feedback needed. <appro>
@@ -375,7 +380,7 @@ my %table=(
 "linux-k6",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
@@ -476,7 +481,7 @@ my %table=(
 
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
 
@@ -507,9 +512,15 @@ my %table=(
 # and its library files in util/pl/*)
 "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
+# UWIN 
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L$ENV{DJDIR}/watt32/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::",
@@ -528,12 +539,12 @@ my %table=(
 "OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenBSD-vax",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::-fPIC",
+"darwin-ppc-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 ##### Sony NEWS-OS 4.x
 "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
@@ -635,6 +646,7 @@ my $libs;
 my $target;
 my $options;
 my $symlink;
+my $make_depend=0;
 my %withargs=();
 
 my @argvcopy=@ARGV;
@@ -733,14 +745,6 @@ PROCESS_ARGS:
 				$depflags .= "-DOPENSSL_NO_MDC2 ";
 				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
 				}
-			if ($algo eq "EC" || $algo eq "SHA" || $algo eq "SHA1")
-				{
-				push @skip, "ecdsa";
-				$options .= " no-ecdsa";
-				$flags .= "-DOPENSSL_NO_ECDSA ";
-				$depflags .= "-DOPENSSL_NO_ECDSA ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
-				}
 			if ($algo eq "MD5")
 				{
 				$no_md5 = 1;
@@ -900,6 +904,7 @@ print "Configuring for $target\n";
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 
 $exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
 
@@ -907,7 +912,7 @@ chop $openssldir if $openssldir =~ /\/$/;
 chop $prefix if $prefix =~ /\/$/;
 
 $openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
 
 
 print "IsWindows=$IsWindows\n";
@@ -1122,6 +1127,10 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}
 
+# "Stringify" the C flags string.  This permits it to be made part of a string
+# and works as well on command lines.
+$cflags =~ s/([\\\"])/\\\1/g;
+
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
@@ -1207,13 +1216,21 @@ while (<IN>)
 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
+		}
 	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
@@ -1422,11 +1439,12 @@ if($IsWindows) {
 EOF
 	close(OUT);
 } else {
-	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
-		if $symlink;
-	### (system 'make depend') == 0 or exit $? if $depflags ne "";
-	# Run "make depend" manually if you want to be able to delete
-	# the source code files of ciphers you left out.
+	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+	my $make_targets = "";
+	$make_targets .= " links" if $symlink;
+	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+	(system $make_command.$make_targets) == 0 or exit $?
+		if $make_targets ne "";
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1437,6 +1455,15 @@ EOF
 	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
+	if ($depflags ne "" && !$make_depend) {
+		print <<EOF;
+
+Since you've disabled at least one algorithm, you need to do the following
+before building:
+
+	make depend
+EOF
+	}
 }
 
 print <<EOF;

FAQ

@@ -29,6 +29,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why can't I use OpenSSL certificates with SSL client authentication?
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
 
 [BUILD] Questions about building and testing OpenSSL
 
@@ -51,6 +52,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 
 ===============================================================================
 
@@ -59,7 +61,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6c was released on December 21st, 2001.
+OpenSSL 0.9.6d was released on May 9, 2002.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -343,6 +345,13 @@ DO NOT DO THIS! This command will give away your CAs private key and
 reduces its security to zero: allowing anyone to forge certificates in
 whatever name they choose.
 
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+The ways to print out the oneline format of the DN (Distinguished Name) have
+been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
+interface, the "-nameopt" option could be introduded. See the manual
+page of the "openssl x509" commandline tool for details. The old behaviour
+has however been left as default for the sake of compatibility.
 
 [BUILD] =======================================================================
 
@@ -616,5 +625,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
 SSL_CTX_set_verify() function to enable the use of client certificates.
 
 
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
+versions, uniqueIdentifier was incorrectly used for X.509 certificates.
+The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
+Change your code to use the new name when compiling against OpenSSL 0.9.7.
+
+
 ===============================================================================
 

INSTALL

@@ -2,8 +2,10 @@
  INSTALLATION ON THE UNIX PLATFORM
  ---------------------------------
 
- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
-  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+  This document describes installation on operating systems in the Unix
+  family.]
 
  To install OpenSSL, you will need:
 

INSTALL.DJGPP

@@ -0,0 +1,32 @@
+
+ 
+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
+ -------------------------------------------
+
+ Openssl has been ported to DOS, but only with long filename support. If
+ you wish to compile on native DOS with 8+3 filenames, you will have to
+ tweak the installation yourself, including renaming files with illegal
+ or duplicate names.
+
+ You should have a full DJGPP environment installed, including the
+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
+ requires that PERL and BC also be installed.
+
+ All of these can be obtained from the usual DJGPP mirror sites, such as
+ "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to have
+ the WATT-32 networking package installed before you try to compile
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/". The
+ Makefile assumes that the WATT-32 code is in directory "watt32" under
+ /dev/env/DJDIR.
+
+ To compile openssl, start your BASH shell. Then configure for DOS by
+ running "./Configure" with appropriate arguments. The basic syntax for
+ DOS is:
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ 
+ You may run out of DPMI selectors when running in a DOS box under
+ Windows. If so, just close the BASH shell, go back to Windows, and
+ restart BASH. Then run "make" again.
+
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.

INSTALL.W32

@@ -112,10 +112,10 @@
  * Compiler installation:
 
    Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
-   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
-   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
-   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
-   C:\egcs-1.1.2\mingw32.bat to set the PATH.
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
+   to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
+   the PATH environment variable in "System Properties"; or edit and
+   run C:\gcc-2.95.2\mingw32.bat to set the PATH.
 
  * Compile OpenSSL:
 

Makefile.org

@@ -166,7 +166,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
@@ -585,7 +585,7 @@ test:   tests
 
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
 	@LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
 		export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
 		apps/openssl version -a
@@ -598,7 +598,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
 
@@ -644,13 +644,19 @@ TABLE: Configure
 
 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
 tar:
-	@$(TAR) $(TARFLAGS) -cvf - \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
+	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
 
 tar-snap:
@@ -665,7 +671,7 @@ dist:
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) tar
+	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
 
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -697,8 +703,8 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
-	done
+		fi; \
+	done;
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
@@ -715,7 +721,7 @@ install: all install_docs
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
-			fi \
+			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
@@ -732,18 +738,20 @@ install_docs:
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			 --release=$(VERSION) `basename $$i`) \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "`cd ../../util; ./pod2mantest ignore` \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "`cd ../../util; ./pod2mantest ignore` \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 

NEWS

@@ -31,6 +31,7 @@
       o Reworked parts of the BIGNUM code.
       o Support for new engines: Broadcom ubsec, Accelerated Encryption
         Processing, IBM 4758.
+      o Extended and corrected OID (object identifier) table.
       o PRNG: query at more locations for a random device, automatic query for
         EGD style random sources at several locations.
       o SSL/TLS: allow optional cipher choice according to server's preference.
@@ -38,6 +39,7 @@
       o SSL/TLS: support Kerberos cipher suites (RFC2712).
       o SSL/TLS: allow more precise control of renegotiations and sessions.
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).
 
   Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
 

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8-dev XX xxx XXXX
+ OpenSSL 0.9.7-beta2 16 Jun 2002
 
  Copyright (c) 1998-2002 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,10 +1,13 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/04/13 22:47:04 $
+  ______________                           $Date: 2002/06/16 11:27:38 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7-beta2: Released on June 16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
+    o  OpenSSL 0.9.6d: Released on May        9th, 2002
     o  OpenSSL 0.9.6c: Released on December  21st, 2001
     o  OpenSSL 0.9.6b: Released on July       9th, 2001
     o  OpenSSL 0.9.6a: Released on April      5th, 2001
@@ -17,22 +20,11 @@
     o  OpenSSL 0.9.2b: Released on March     22th, 1999
     o  OpenSSL 0.9.1c: Released on December  23th, 1998
 
+  [See also http://www.openssl.org/support/rt2.html]
+
   RELEASE SHOWSTOPPERS
 
-    o BIGNUM library failures on 64-bit platforms (0.9.7-dev):
-      - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc
-        and other 64-bit platforms
-
-	Checked on			Result
-	alpha-cc (Tru64 version 4.0)	works
-	linux-alpha+bwx-gcc		doesn't work. Reported by
-					Sean O'Riordain <seanpor@acm.org>
-	OpenBSD-sparc64			doesn't work.  BN_mod_mul breaks.
-
-	Needs checked on
-	[add platforms here]
-
-      - BN_mod_mul verification fails for mips3-sgi-irix
+    o BN_mod_mul verification fails for mips3-sgi-irix
       unless configured with no-asm
 
   AVAILABLE PATCHES

TABLE

@@ -1,3 +1,4 @@
+Output of `Configure TABLE':
 
 *** BC-16
 $cc           = bcc
@@ -79,15 +80,15 @@ $thread_cflag =
 $sys_id       = CYGWIN32
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
 $dso_scheme   = win32
 $shared_target= cygwin-shared
 $shared_cflag = 
@@ -119,6 +120,30 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 
+*** DJGPP
+$cc           = gcc
+$cflags       = -I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = MSDOS
+$lflags       = -L/watt32/lib -lwatt
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+
 *** FreeBSD
 $cc           = gcc
 $cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
@@ -427,8 +452,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= bsd-gcc-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
 *** OpenBSD-i386
@@ -739,8 +764,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= reliantunix-shared
 $shared_cflag = 
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
 *** SINIX
@@ -791,6 +816,30 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 
+*** UWIN
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = UWIN
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+
 *** VC-MSDOS
 $cc           = cl
 $cflags       = 
@@ -1289,10 +1338,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
-$shared_target= 
+$shared_target= darwin-shared
 $shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
 
 *** darwin-ppc-cc
@@ -1315,8 +1364,8 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= darwin-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
 
 *** debug
@@ -1489,7 +1538,7 @@ $ranlib       =
 
 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1513,7 +1562,7 @@ $ranlib       =
 
 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1555,8 +1604,8 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
 *** debug-linux-elf-noefence
@@ -1775,6 +1824,30 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 
+*** debug-steve-linux-pseudo64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -rdynamic -ldl
+$bn_ops       = SIXTY_FOUR_BIT
+$bn_obj       = 
+$des_obj      = dlfcn
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+
 *** debug-ulf
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
@@ -2327,6 +2400,30 @@ $shared_ldflag =
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
+*** hpux64-parisc-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = -fpic
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+
 *** hpux64-parisc2-cc
 $cc           = cc
 $cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
@@ -2981,7 +3078,7 @@ $cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
 $des_obj      = 
@@ -2992,11 +3089,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
 *** linux-sparcv9
@@ -3005,7 +3102,7 @@ $cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
 $des_obj      = 
@@ -3019,8 +3116,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$shared_extension = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
 *** ncr-scde
@@ -3599,6 +3696,30 @@ $shared_ldflag =
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 
+*** solaris64-sparcv9-gcc31
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+
 *** sunos-gcc
 $cc           = gcc
 $cflags       = -O3 -mv8 -Dssize_t=int

VMS/tcpip_shr_decc.opt

@@ -0,0 +1 @@
+sys$share:tcpip$ipc_shr.exe/share

apps/apps.c

@@ -310,10 +310,17 @@ void program_name(char *in, char *out, int size)
 
 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = in+size;
-	strncpy(out,p,q-p);
+		q = p + strlen(p);
+	strncpy(out,p,size-1);
+	if (q-p >= size)
+		{
+		out[size-1]='\0';
+		}
+	else
+		{
 		out[q-p]='\0';
 		}
+	}
 #else
 void program_name(char *in, char *out, int size)
 	{
@@ -483,7 +490,7 @@ static int ui_close(UI *ui)
 	{
 	return UI_method_get_closer(UI_OpenSSL())(ui);
 	}
-int setup_ui_method()
+int setup_ui_method(void)
 	{
 	ui_method = UI_create_method("OpenSSL application user interface");
 	UI_method_set_opener(ui_method, ui_open);
@@ -492,7 +499,7 @@ int setup_ui_method()
 	UI_method_set_closer(ui_method, ui_close);
 	return 0;
 	}
-void destroy_ui_method()
+void destroy_ui_method(void)
 	{
 	if(ui_method)
 		{
@@ -1256,7 +1263,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
 }
 
 /* Try to load an engine in a shareable library */
-ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
 	{
 	ENGINE *e = ENGINE_by_id("dynamic");
 	if (e)

apps/apps.h

@@ -134,10 +134,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                        * (see e_os.h).  The string is
                                        * destroyed! */
 
-#ifdef OPENSSL_NO_STDIO
-BIO_METHOD *BIO_s_file();
-#endif
-
 #ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
@@ -217,8 +213,8 @@ typedef struct pw_cb_data
 int password_callback(char *buf, int bufsiz, int verify,
 	PW_CB_DATA *cb_data);
 
-int setup_ui_method();
-void destroy_ui_method();
+int setup_ui_method(void);
+void destroy_ui_method(void);
 
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
@@ -253,6 +249,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
 int make_serial_index(TXT_DB *db);
 
+X509_NAME *do_subject(char *str, long chtype);
+
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

apps/asn1pars.c

@@ -184,7 +184,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
@@ -195,7 +195,6 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}
 

apps/ca.c

@@ -238,7 +238,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
 	int ext_copy);
-static X509_NAME *do_subject(char *subject);
 static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, TXT_DB *db);
 static int do_updatedb(TXT_DB *db);
@@ -1510,11 +1509,6 @@ bad:
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
 			else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_ECDSA)
-				dgst=EVP_ecdsa();
-			else
 #endif
 				dgst=EVP_md5();
 			}
@@ -1574,6 +1568,10 @@ bad:
 				}
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
@@ -1581,10 +1579,6 @@ bad:
 #else
 			strcat(buf[1],"-old");
 #endif
-			BIO_free(in);
-			in = NULL;
-			BIO_free(out);
-			out = NULL;
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1879,7 +1873,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 
 	if (subj)
 		{
-		X509_NAME *n = do_subject(subj);
+		X509_NAME *n = do_subject(subj, MBSTRING_ASC);
 
 		if (!n)
 			{
@@ -2290,16 +2284,6 @@ again2:
 		EVP_PKEY_copy_parameters(pktmp,pkey);
 	EVP_PKEY_free(pktmp);
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_ECDSA)
-		dgst = EVP_ecdsa();
-	pktmp = X509_get_pubkey(ret);
-	if (EVP_PKEY_missing_parameters(pktmp) &&
-		!EVP_PKEY_missing_parameters(pkey))
-		EVP_PKEY_copy_parameters(pktmp, pkey);
-	EVP_PKEY_free(pktmp);
-#endif
-
 
 	if (!X509_sign(ret,pkey,dgst))
 		goto err;
@@ -3023,65 +3007,124 @@ int make_revoked(X509_REVOKED *rev, char *str)
 	return ret;
 	}
 
-static X509_NAME *do_subject(char *subject)
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *do_subject(char *subject, long chtype)
 	{
+	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+	char *buf = OPENSSL_malloc(buflen);
+	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
+
+	char *sp = subject, *bp = buf;
+	int i, ne_num = 0;
+
 	X509_NAME *n = NULL;
+	int nid;
 
-	int i, nid, ne_num=0;
-
-	char *ne_name = NULL;
-	char *ne_value = NULL;
-
-	char *tmp = NULL;
-	char *p[2];
-
-	char *str_list[256];
-       
-	p[0] = ",/";
-	p[1] = "=";
-
-	n = X509_NAME_new();
-
-	tmp = strtok(subject, p[0]);
-	while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
+	if (!buf || !ne_types || !ne_values)
 	{
-		char *token = tmp;
+		BIO_printf(bio_err, "malloc error\n");
+		goto error;
+	}
 
-		while (token[0] == ' ')
-			token++;
-		str_list[ne_num] = token;
+	if (*subject != '/')
+	{
+		BIO_printf(bio_err, "Subject does not start with '/'.\n");
+		goto error;
+	}
+	sp++; /* skip leading / */
 
-		tmp = strtok(NULL, p[0]);
+	while (*sp)
+	{
+		/* collect type */
+		ne_types[ne_num] = bp;
+		while (*sp)
+		{
+			if (*sp == '\\') /* is there anything to escape in the type...? */
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+				{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+				}
+			else if (*sp == '=')
+			{
+				sp++;
+				*bp++ = '\0';
+				break;
+			}
+			else
+				*bp++ = *sp++;
+		}
+		if (!*sp)
+		{
+			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
+			goto error;
+		}
+		ne_values[ne_num] = bp;
+		while (*sp)
+		{
+			if (*sp == '\\')
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+				{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+				}
+			else if (*sp == '/')
+			{
+				sp++;
+				break;
+			}
+			else
+				*bp++ = *sp++;
+		}
+		*bp++ = '\0';
 		ne_num++;
 	}
 
+	if (!(n = X509_NAME_new()))
+		goto error;
+
 	for (i = 0; i < ne_num; i++)
 		{
-		ne_name  = strtok(str_list[i], p[1]);
-		ne_value = strtok(NULL, p[1]);
-
-		if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
+		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
 			{
-			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
+			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
 			continue;
 			}
 
-		if (ne_value == NULL)
+		if (!*ne_values[i])
 			{
-			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
+			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
 			continue;
 			}
 
-		if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
-			{
+		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
+			goto error;
+		}
+
+	OPENSSL_free(ne_values);
+	OPENSSL_free(ne_types);
+	OPENSSL_free(buf);
+	return n;
+
+error:
 	X509_NAME_free(n);
+	if (ne_values)
+		OPENSSL_free(ne_values);
+	if (ne_types)
+		OPENSSL_free(ne_types);
+	if (buf)
+		OPENSSL_free(buf);
 	return NULL;
 }
-		}
-
-	return n;
-	}
-
 
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
 	{

apps/crl.c

@@ -87,6 +87,7 @@ static char *crl_usage[]={
 " -noout          - no CRL output\n",
 " -CAfile  name   - verify CRL using certificates in file \"name\"\n",
 " -CApath  dir    - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg    - various certificate name options\n",
 NULL
 };
 
@@ -97,6 +98,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
+	unsigned long nmflag = 0;
 	X509_CRL *x=NULL;
 	char *CAfile = NULL, *CApath = NULL;
 	int ret=1,i,num,badops=0;
@@ -105,7 +107,7 @@ int MAIN(int argc, char **argv)
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	int fingerprint = 0;
-	char **pp,buf[256];
+	char **pp;
 	X509_STORE *store = NULL;
 	X509_STORE_CTX ctx;
 	X509_LOOKUP *lookup = NULL;
@@ -188,6 +190,11 @@ int MAIN(int argc, char **argv)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
 		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
@@ -271,9 +278,7 @@ bad:
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(X509_CRL_get_issuer(x),
-								buf,256);
-				BIO_printf(bio_out,"issuer= %s\n",buf);
+				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
 				}
 
 			if (hash == i)

apps/dgst.c

@@ -73,8 +73,9 @@
 #undef PROG
 #define PROG	dgst_main
 
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-		EVP_PKEY *key, unsigned char *sigin, int siglen);
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file);
 
 int MAIN(int, char **);
 
@@ -319,22 +320,36 @@ int MAIN(int argc, char **argv)
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
+		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
+			  siglen,"","(stdin)");
 		}
 	else
 		{
 		name=OBJ_nid2sn(md->type);
 		for (i=0; i<argc; i++)
 			{
+			char *tmp,*tofree=NULL;
+			int r;
+
 			if (BIO_read_filename(in,argv[i]) <= 0)
 				{
 				perror(argv[i]);
 				err++;
 				continue;
 				}
-			if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
-			do_fp(out, buf,inp,separator, out_bin, sigkey, 
-								sigbuf, siglen);
+			if(!out_bin)
+				{
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
+				}
+			else
+				tmp="";
+			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
+				siglen,tmp,argv[i]);
+			if(r)
+			    err=r;
+			if(tofree)
+				OPENSSL_free(tofree);
 			(void)BIO_reset(bmd);
 			}
 		}
@@ -353,8 +368,9 @@ end:
 	EXIT(err);
 	}
 
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-			EVP_PKEY *key, unsigned char *sigin, int siglen)
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file)
 	{
 	int len;
 	int i;
@@ -362,21 +378,33 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
-		if (i <= 0) break;
+		if(i < 0)
+			{
+			BIO_printf(bio_err, "Read Error in %s\n",file);
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		if (i == 0) break;
 		}
 	if(sigin)
 		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
-		if(i > 0) BIO_printf(out, "Verified OK\n");
-		else if(i == 0) BIO_printf(out, "Verification Failure\n");
+		if(i > 0)
+			BIO_printf(out, "Verified OK\n");
+		else if(i == 0)
+			{
+			BIO_printf(out, "Verification Failure\n");
+			return 1;
+			}
 		else
 			{
 			BIO_printf(bio_err, "Error Verifying Data\n");
 			ERR_print_errors(bio_err);
+			return 1;
 			}
-		return;
+		return 0;
 		}
 	if(key)
 		{
@@ -386,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			{
 			BIO_printf(bio_err, "Error Signing Data\n");
 			ERR_print_errors(bio_err);
-			return;
+			return 1;
 			}
 		}
 	else
@@ -395,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	if(binout) BIO_write(out, buf, len);
 	else 
 		{
+		BIO_write(out,title,strlen(title));
 		for (i=0; i<len; i++)
 			{
 			if (sep && (i != 0))
@@ -403,5 +432,6 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
+	return 0;
 	}
 

apps/dsaparam.c

@@ -186,7 +186,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -genkey       generate a DSA key\n");

apps/ecdsa.c

@@ -1,445 +0,0 @@
-/* apps/ecdsa.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_ECDSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecdsa_main
-
-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -des		- encrypt output if PEM format with DES in cbc mode
- * -des3	- encrypt output if PEM format
- * -idea	- encrypt output if PEM format
- * -aes128	- encrypt output if PEM format
- * -aes192	- encrypt output if PEM format
- * -aes256	- encrypt output if PEM format
- * -text	- print a text version
- * -pub		- print the ECDSA public key
- * -compressed  - print the public key in compressed form ( default )   
- * -hybrid 	- print the public key in hybrid form
- * -uncompressed - print the public key in uncompressed form
- *		  the last three options ( compressed, hybrid and uncompressed )
- *		  are only used if the "-pub" option is also selected.
- *	  	  For a precise description of the the meaning of compressed,
- *		  hybrid and uncompressed please refer to the X9.62 standart.
- *		  All three forms represents ways to express the ecdsa public
- *		  key ( a point on a elliptic curve ) as octet string. Let len be
- *		  the length ( in bytes ) of an element of the field over which
- *		  the curve is defined, then a compressed octet string has the form
- *		  0x02 + result of BN_bn2bin() of the x coordinate of the public key
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE 	*e = NULL;
-	int 	ret = 1;
-	ECDSA 	*ecdsa = NULL;
-	int 	i, badops = 0;
-	const EVP_CIPHER *enc = NULL;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, text=0, noout=0;
-	int  	pubin = 0, pubout = 0;
-	char 	*infile, *outfile, *prog, *engine;
-	char 	*passargin = NULL, *passargout = NULL;
-	char 	*passin = NULL, *passout = NULL;
-	int 	pub = 0, point_form = 0;
-	unsigned char *buffer = NULL;
-	unsigned int  buf_len = 0;
-	BIGNUM	*tmp_bn = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	engine = NULL;
-	infile = NULL;
-	outfile = NULL;
-	informat = FORMAT_PEM;
-	outformat = FORMAT_PEM;
-
-	prog = argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-	{
-		if (strcmp(*argv,"-inform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-outform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-in") == 0)
-		{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-		}
-		else if (strcmp(*argv,"-out") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-		}
-		else if (strcmp(*argv,"-passin") == 0)
-		{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-		}
-		else if (strcmp(*argv,"-passout") == 0)
-		{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-		}
-		else if (strcmp(*argv, "-engine") == 0)
-		{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-		}
-		else if (strcmp(*argv, "-noout") == 0)
-			noout = 1;
-		else if (strcmp(*argv, "-text") == 0)
-			text = 1;
-		else if (strcmp(*argv, "-pub") == 0)
-		{
-			pub = 1;
-			buffer = (unsigned char *)(*(argv+1));
-			if (strcmp((char *)buffer, "compressed") == 0)
-				point_form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp((char *)buffer, "hybrid") == 0)
-				point_form = POINT_CONVERSION_HYBRID;
-			else if (strcmp((char *)buffer, "uncompressed") == 0)
-				point_form = POINT_CONVERSION_UNCOMPRESSED;
-			if (point_form)
-			{
-				argc--;
-				argv++;
-			}
-		}
-		else if (strcmp(*argv, "-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv, "-pubout") == 0)
-			pubout=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-		{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-		}
-		argc--;
-		argv++;
-	}
-
-	if (badops)
-	{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg     input format - DER or PEM\n");
-		BIO_printf(bio_err, " -outform arg    output format - DER or PEM\n");
-		BIO_printf(bio_err, " -in arg         input file\n");
-		BIO_printf(bio_err, " -passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err, " -out arg        output file\n");
-		BIO_printf(bio_err, " -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err, " -engine e       use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err, " -des            encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err, " -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
-		BIO_printf(bio_err, " -idea           encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
-		BIO_printf(bio_err, "                 encrypt PEM output with cbc aes\n");
-#endif
-		BIO_printf(bio_err, " -text           print the key in text\n");
-		BIO_printf(bio_err, " -noout          don't print key out\n");
-		BIO_printf(bio_err, " -pub [compressed | hybrid | uncompressed] \n");
-		BIO_printf(bio_err, "         compressed     print the public key in compressed form ( default )\n");   
-		BIO_printf(bio_err, "         hybrid         print the public key in hybrid form\n");
- 		BIO_printf(bio_err, "         uncompressed   print the public key in uncompressed form\n");
-		goto end;
-	}
-
-	ERR_load_crypto_strings();
-
-        e = setup_engine(bio_err, engine, 0);
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
-	{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-	}
-
-	in = BIO_new(BIO_s_file());
-	out = BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-	{
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-	{
-		if (BIO_read_filename(in,infile) <= 0)
-		{
-			perror(infile);
-			goto end;
-		}
-	}
-
-	BIO_printf(bio_err,"read ECDSA key\n");
-	if (informat == FORMAT_ASN1) 
-	{
-		if (pubin) 
-			ecdsa = d2i_ECDSA_PUBKEY_bio(in, NULL);
-		else 
-			ecdsa = d2i_ECDSAPrivateKey_bio(in, NULL);
-	} else if (informat == FORMAT_PEM) 
-	{
-		if (pubin) 
-			ecdsa = PEM_read_bio_ECDSA_PUBKEY(in, NULL, NULL, NULL);
-		else 
-			ecdsa = PEM_read_bio_ECDSAPrivateKey(in, NULL, NULL, passin);
-	} else
-	{
-		BIO_printf(bio_err, "bad input format specified for key\n");
-		goto end;
-	}
-	if (ecdsa == NULL)
-	{
-		BIO_printf(bio_err,"unable to load Key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (outfile == NULL)
-	{
-		BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-	else
-	{
-		if (BIO_write_filename(out, outfile) <= 0)
-		{
-			perror(outfile);
-			goto end;
-		}
-	}
-
-	if (text) 
-		if (!ECDSA_print(out, ecdsa, 0))
-		{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-
-	if (pub)
-	{
-		fprintf(stdout, "Public Key (");
-		if (point_form == POINT_CONVERSION_COMPRESSED)
-			fprintf(stdout, "COMPRESSED");
-		else if (point_form == POINT_CONVERSION_UNCOMPRESSED)
-			fprintf(stdout, "UNCOMPRESSED");
-		else if (point_form == POINT_CONVERSION_HYBRID)
-			fprintf(stdout, "HYBRID");
-		fprintf(stdout, ")=");
-		buf_len = EC_POINT_point2oct(ecdsa->group, EC_GROUP_get0_generator(ecdsa->group),
-					     point_form, NULL, 0, NULL);
-		if (!buf_len)
-		{
-			BIO_printf(bio_err,"invalid public key length\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		if ((tmp_bn = BN_new()) == NULL ||
-		    (buffer = OPENSSL_malloc(buf_len)) == NULL) goto end;
-		if (!EC_POINT_point2oct(ecdsa->group, EC_GROUP_get0_generator(ecdsa->group),
-					     point_form, buffer, buf_len, NULL) ||
-		    !BN_bin2bn(buffer, buf_len, tmp_bn))
-		{
-			BIO_printf(bio_err,"can not encode public key\n");
-			ERR_print_errors(bio_err);
-			OPENSSL_free(buffer);
-			goto end;
-		}
-		BN_print(out, tmp_bn);
-		fprintf(stdout,"\n");
-	}
-
-	if (noout) 
-		goto end;
-	BIO_printf(bio_err, "writing ECDSA key\n");
-	if (outformat == FORMAT_ASN1) 
-	{
-		if(pubin || pubout) 
-			i = i2d_ECDSA_PUBKEY_bio(out, ecdsa);
-		else 
-			i = i2d_ECDSAPrivateKey_bio(out, ecdsa);
-	} else if (outformat == FORMAT_PEM) 
-	{
-		if(pubin || pubout)
-			i = PEM_write_bio_ECDSA_PUBKEY(out, ecdsa);
-		else 
-			i = PEM_write_bio_ECDSAPrivateKey(out, ecdsa, enc,
-							NULL, 0, NULL, passout);
-	} else 
-	{
-		BIO_printf(bio_err, "bad output format specified for outfile\n");
-		goto end;
-	}
-	if (!i)
-	{
-		BIO_printf(bio_err, "unable to write private key\n");
-		ERR_print_errors(bio_err);
-	}
-	else
-		ret=0;
-end:
-	if (in) 	BIO_free(in);
-	if (out)	BIO_free_all(out);
-	if (ecdsa) 	ECDSA_free(ecdsa);
-	if (tmp_bn)	BN_free(tmp_bn);
-	if (passin) 	OPENSSL_free(passin);
-	if (passout) 	OPENSSL_free(passout);
-	apps_shutdown();
-	EXIT(ret);
-}
-#endif

apps/ecdsaparam.c

@@ -1,660 +0,0 @@
-/* apps/ecdsaparam.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_ECDSA
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecdsaparam_main
-
-/* -inform arg	  	- input format - default PEM (DER or PEM)
- * -outform arg 	- output format - default PEM
- * -in arg		- input file  - default stdin
- * -out arg		- output file - default stdout
- * -noout
- * -text
- * -check               - validate the ec parameters
- * -C
- * -noout
- * -genkey		- generate a private public keypair based on the supplied curve
- * -named_curve		- use the curve oid instead of the parameters
- * -NIST_192		- use the NIST recommended curve parameters over a 192 bit prime field
- * -NIST_224		- use the NIST recommended curve parameters over a 224 bit prime field
- * -NIST_256		- use the NIST recommended curve parameters over a 256 bit prime field
- * -NIST_384		- use the NIST recommended curve parameters over a 384 bit prime field
- * -NIST_521		- use the NIST recommended curve parameters over a 521 bit prime field
- * -X9_62_192v1		- use the X9_62 192v1 example curve over a 192 bit prime field
- * -X9_62_192v2		- use the X9_62 192v2 example curve over a 192 bit prime field
- * -X9_62_192v3		- use the X9_62 192v3 example curve over a 192 bit prime field
- * -X9_62_239v1		- use the X9_62 239v1 example curve over a 239 bit prime field
- * -X9_62_239v2		- use the X9_62 239v2 example curve over a 239 bit prime field
- * -X9_62_239v3		- use the X9_62 239v3 example curve over a 239 bit prime field
- * -X9_62_256v1		- use the X9_62 239v1 example curve over a 256 bit prime field
- * -SECG_PRIME_112R1    - use the SECG 112r1 recommended curve over a 112 bit prime field
- * -SECG_PRIME_112R2    - use the SECG 112r2 recommended curve over a 112 bit prime field
- * -SECG_PRIME_128R1    - use the SECG 128r1 recommended curve over a 128 bit prime field
- * -SECG_PRIME_128R2    - use the SECG 128r2 recommended curve over a 128 bit prime field
- * -SECG_PRIME_160K1    - use the SECG 160k1 recommended curve over a 160 bit prime field
- * -SECG_PRIME_160R1    - use the SECG 160r1 recommended curve over a 160 bit prime field
- * -SECG_PRIME_160R2    - use the SECG 160r2 recommended curve over a 160 bit prime field
- * -SECG_PRIME_192K1    - use the SECG 192k1 recommended curve over a 192 bit prime field
- * -SECG_PRIME_192R1    - use the SECG 192r1 recommended curve over a 192 bit prime field
- * -SECG_PRIME_224K1    - use the SECG 224k1 recommended curve over a 224 bit prime field
- * -SECG_PRIME_224R1    - use the SECG 224r1 recommended curve over a 224 bit prime field
- * -SECG_PRIME_256K1    - use the SECG 256k1 recommended curve over a 256 bit prime field
- * -SECG_PRIME_256R1    - use the SECG 256r1 recommended curve over a 256 bit prime field
- * -SECG_PRIME_384R1    - use the SECG 384r1 recommended curve over a 384 bit prime field
- * -SECG_PRIME_521R1    - use the SECG 521r1 recommended curve over a 521 bit prime field
- * -WTLS_6              - use the WAP/WTLS recommended curve number 6 over a 112 bit field
- * -WTLS_8              - use the WAP/WTLS recommended curve number 8 over a 112 bit field
- * -WTLS_9              - use the WAP/WTLS recommended curve number 9 over a 160 bit field
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE 	*e = NULL;
-	ECDSA 	*ecdsa = NULL;
-	int 	i, badops = 0, text = 0;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, noout = 0, C = 0, ret = 1;
-	char 	*infile, *outfile, *prog, *inrand = NULL;
-	int 	genkey = 0;
-	int	check = 0;
-	int 	need_rand = 0;
-	char 	*engine=NULL;
-	int	curve_type = EC_GROUP_NO_CURVE;
-	int	named_curve = 0;
-	BIGNUM	*tmp_1 = NULL, *tmp_2 = NULL, *tmp_3 = NULL, *tmp_4 = NULL, *tmp_5 = NULL,
-		*tmp_6 = NULL, *tmp_7 = NULL;
-	BN_CTX	*ctx = NULL;
-	EC_POINT *point = NULL;
-	unsigned char *data = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-outform") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-		}
-		else if (strcmp(*argv,"-in") == 0)
-		{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-		}
-		else if (strcmp(*argv,"-out") == 0)
-		{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-		}
-		else if(strcmp(*argv, "-engine") == 0)
-		{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-		}
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
-		else if (strcmp(*argv,"-C") == 0)
-			C = 1;
-		else if (strcmp(*argv,"-check") == 0)
-			check = 1;
-		else if (strcmp(*argv,"-genkey") == 0)
-		{
-			genkey = 1;
-			need_rand = 1;
-		}
-		else if (strcmp(*argv,"-rand") == 0)
-		{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			need_rand=1;
-		}
-		else if (strcmp(*argv, "-named_curve") == 0)
-			named_curve = 1;
-		else if (strcmp(*argv, "-NIST_192") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_192;
-		else if (strcmp(*argv, "-NIST_224") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_224;
-		else if (strcmp(*argv, "-NIST_256") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_256;
-		else if (strcmp(*argv, "-NIST_384") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_384;
-		else if (strcmp(*argv, "-NIST_521") == 0)
-			curve_type = EC_GROUP_NIST_PRIME_521;
-		else if (strcmp(*argv, "-X9_62_192v1") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_192V1;
-		else if (strcmp(*argv, "-X9_62_192v2") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_192V2;
-		else if (strcmp(*argv, "-X9_62_192v3") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_192V3;
-		else if (strcmp(*argv, "-X9_62_239v1") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_239V1;
-		else if (strcmp(*argv, "-X9_62_239v2") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_239V2;
-		else if (strcmp(*argv, "-X9_62_239v3") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_239V3;
-		else if (strcmp(*argv, "-X9_62_256v1") == 0)
-			curve_type = EC_GROUP_X9_62_PRIME_256V1;
-		else if (strcmp(*argv, "-SECG_PRIME_112R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_112R1;
-		else if (strcmp(*argv, "-SECG_PRIME_112R2") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_112R2;
-		else if (strcmp(*argv, "-SECG_PRIME_128R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_128R1;
-		else if (strcmp(*argv, "-SECG_PRIME_128R2") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_128R2;
-		else if (strcmp(*argv, "-SECG_PRIME_160K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_160K1;
-		else if (strcmp(*argv, "-SECG_PRIME_160R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_160R1;
-		else if (strcmp(*argv, "-SECG_PRIME_160R2") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_160R2;
-		else if (strcmp(*argv, "-SECG_PRIME_192K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_192K1;
-		else if (strcmp(*argv, "-SECG_PRIME_192R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_192R1;
-		else if (strcmp(*argv, "-SECG_PRIME_224K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_224K1;
-		else if (strcmp(*argv, "-SECG_PRIME_224R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_224R1;
-		else if (strcmp(*argv, "-SECG_PRIME_256K1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_256K1;
-		else if (strcmp(*argv, "-SECG_PRIME_256R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_256R1;
-		else if (strcmp(*argv, "-SECG_PRIME_384R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_384R1;
-		else if (strcmp(*argv, "-SECG_PRIME_521R1") == 0)
-			curve_type = EC_GROUP_SECG_PRIME_521R1;
-		else if (strcmp(*argv, "-WTLS_6") == 0)
-			curve_type = EC_GROUP_WTLS_6;
-		else if (strcmp(*argv, "-WTLS_8") == 0)
-			curve_type = EC_GROUP_WTLS_8;
-		else if (strcmp(*argv, "-WTLS_9") == 0)
-			curve_type = EC_GROUP_WTLS_9;
-		else if (strcmp(*argv, "-noout") == 0)
-			noout=1;
-		else
-		{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-		}
-		argc--;
-		argv++;
-	}
-
-	if (badops)
-	{
-bad:
-		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg        input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg       output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg            input file\n");
-		BIO_printf(bio_err," -out arg           output file\n");
-		BIO_printf(bio_err," -text              print the key in text\n");
-		BIO_printf(bio_err," -C                 Output C code\n");
-		BIO_printf(bio_err," -check             validate the ec parameters\n");
-		BIO_printf(bio_err," -noout             no output\n");
-		BIO_printf(bio_err," -rand              files to use for random number input\n");
-		BIO_printf(bio_err," -engine e          use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -named_curve       use the curve oid instead of the parameters\n");
-		BIO_printf(bio_err," -NIST_192          use the NIST recommended curve parameters over a 192 bit prime field\n");
-		BIO_printf(bio_err," -NIST_224          use the NIST recommended curve parameters over a 224 bit prime field\n");
-		BIO_printf(bio_err," -NIST_256          use the NIST recommended curve parameters over a 256 bit prime field\n");
-		BIO_printf(bio_err," -NIST_384          use the NIST recommended curve parameters over a 384 bit prime field\n");
-		BIO_printf(bio_err," -NIST_521          use the NIST recommended curve parameters over a 521 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_192v1       use the X9_62 192v1 example curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_192v2       use the X9_62 192v2 example curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_192v3       use the X9_62 192v3 example curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_239v1       use the X9_62 239v1 example curve over a 239 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_239v2       use the X9_62 239v2 example curve over a 239 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_239v3       use the X9_62 239v3 example curve over a 239 bit prime field\n");
-		BIO_printf(bio_err," -X9_62_256v1       use the X9_62 239v1 example curve over a 256 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_112R1  use the SECG 112r1 recommended curve over a 112 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_112R2  use the SECG 112r2 recommended curve over a 112 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_128R1  use the SECG 128r1 recommended curve over a 128 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_128R2  use the SECG 128r2 recommended curve over a 128 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_160K1  use the SECG 160k1 recommended curve over a 160 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_160R1  use the SECG 160r1 recommended curve over a 160 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_160R2  use the SECG 160r2 recommended curve over a 160 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_192K1  use the SECG 192k1 recommended curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_192R1  use the SECG 192r1 recommended curve over a 192 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_224K1  use the SECG 224k1 recommended curve over a 224 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_224R1  use the SECG 224r1 recommended curve over a 224 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_256K1  use the SECG 256k1 recommended curve over a 256 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_256R1  use the SECG 256r1 recommended curve over a 256 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_384R1  use the SECG 384r1 recommended curve over a 384 bit prime field\n");
-		BIO_printf(bio_err," -SECG_PRIME_521R1  use the SECG 521r1 recommended curve over a 521 bit prime field\n");
-		BIO_printf(bio_err," -WTLS_6            use the WAP/WTLS recommended curve number 6 over a 112 bit field\n");
-		BIO_printf(bio_err," -WTLS_8            use the WAP/WTLS recommended curve number 8 over a 112 bit field\n");
-		BIO_printf(bio_err," -WTLS_9            use the WAP/WTLS recommended curve number 9 over a 112 bit field\n");
-		goto end;
-	}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-	{
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-	{
-		if (BIO_read_filename(in,infile) <= 0)
-		{
-			perror(infile);
-			goto end;
-		}
-	}
-	if (outfile == NULL)
-	{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-	else
-	{
-		if (BIO_write_filename(out,outfile) <= 0)
-		{
-			perror(outfile);
-			goto end;
-		}
-	}
-
-        e = setup_engine(bio_err, engine, 0);
-
-	if (need_rand)
-	{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-	}
-
-	if (curve_type != EC_GROUP_NO_CURVE)
-	{
-		if ((ecdsa = ECDSA_new()) == NULL)
-			goto end;
-		ecdsa->group = EC_GROUP_new_by_name(curve_type);
-		if (named_curve)
-			ECDSA_set_parameter_flags(ecdsa, ECDSA_FLAG_NAMED_CURVE);
-	}
-	else if (informat == FORMAT_ASN1)
-		ecdsa = d2i_ECDSAParameters_bio(in,NULL);
-	else if (informat == FORMAT_PEM)
-		ecdsa = PEM_read_bio_ECDSAParameters(in, NULL, NULL, NULL);
-	else
-	{
-		BIO_printf(bio_err, "bad input format specified\n");
-		goto end;
-	}
-	if (ecdsa == NULL)
-	{
-		BIO_printf(bio_err, "unable to load ECDSA parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (text)
-	{
-		ECDSAParameters_print(out, ecdsa);
-	}
-
-	if (check)
-	{
-		if (ecdsa == NULL)
-			BIO_printf(bio_err, "no elliptic curve parameters\n");
-		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-		if (!EC_GROUP_check(ecdsa->group, NULL))
-		{
-			BIO_printf(bio_err, "failed\n");
-			ERR_print_errors(bio_err);
-		}
-		else
-			BIO_printf(bio_err, "ok\n");
-			
-	}
-	
-	if (C)
-	{	/* TODO: characteristic two */
-		int 	l, len, bits_p;
-		if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-		    (tmp_3 = BN_new()) == NULL || (tmp_4 = BN_new()) == NULL ||
-		    (tmp_5 = BN_new()) == NULL || (tmp_6 = BN_new()) == NULL ||
-                    (tmp_7 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL)
-		{
-			perror("OPENSSL_malloc");
-			goto end;
-		}
-		if (!EC_GROUP_get_curve_GFp(ecdsa->group, tmp_1, tmp_2, tmp_3, ctx))
-			goto end;
-		if ((point = EC_GROUP_get0_generator(ecdsa->group)) == NULL)
-			goto end;
-		if (!EC_POINT_get_affine_coordinates_GFp(ecdsa->group, point, tmp_4, tmp_5, ctx))
-			goto end;
-		if (!EC_GROUP_get_order(ecdsa->group, tmp_6, ctx))
-			goto end;
-		if (!EC_GROUP_get_cofactor(ecdsa->group, tmp_7, ctx))
-			goto end;
-		
-		len    = BN_num_bytes(tmp_1);
-		bits_p = BN_num_bits(tmp_1);
-		data=(unsigned char *)OPENSSL_malloc(len+20);
-		if (data == NULL)
-		{
-			perror("OPENSSL_malloc");
-			goto end;
-		}
-		l = BN_bn2bin(tmp_1, data);
-		printf("static unsigned char ecdsa%d_p[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n\n");
-
-		l = BN_bn2bin(tmp_2, data);
-		printf("static unsigned char ecdsa%d_a[]={",bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_3, data);
-		printf("static unsigned char ecdsa%d_b[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n\n");
-
-		l = BN_bn2bin(tmp_4, data);
-		printf("static unsigned char ecdsa%d_x[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_5, data);
-		printf("static unsigned char ecdsa%d_y[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_6, data);
-		printf("static unsigned char ecdsa%d_o[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n");
-
-		l = BN_bn2bin(tmp_7, data);
-		printf("static unsigned char ecdsa%d_c[]={", bits_p);
-		for (i=0; i<l; i++)
-		{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-		}
-		printf("\n\t};\n\n");
-
-		/* FIXME:
-		 * generated code should check for errors
-		 */
-
-		printf("ECDSA *get_ecdsa%d(void)\n\t{\n",bits_p);
-		printf("\tint ok=0;\n");
-		printf("\tECDSA    *ecdsa=NULL;\n");
-		printf("\tEC_POINT *point=NULL;\n");
-		printf("\tBIGNUM   *tmp_1=NULL,*tmp_2=NULL,*tmp_3=NULL;\n\n");
-		printf("\tif ((ecdsa=ECDSA_new()) == NULL)\n");
-		printf("\t\treturn(NULL);\n\n");
-		printf("\t/* generate EC_GROUP structure */\n");
-		printf("\tif ((tmp_1 = BN_bin2bn(ecdsa%d_p, sizeof(ecdsa%d_p), NULL)) == NULL) goto err;\n", bits_p, bits_p);
-		printf("\tif ((tmp_2 = BN_bin2bn(ecdsa%d_a, sizeof(ecdsa%d_a), NULL)) == NULL) goto err;\n", bits_p, bits_p);
-		printf("\tif ((tmp_3 = BN_bin2bn(ecdsa%d_b, sizeof(ecdsa%d_b), NULL)) == NULL) goto err;\n", bits_p, bits_p);
-		printf("\tif ((ecdsa->group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL) goto err;\n\n");
-		printf("\t/* build generator */\n");
-		printf("\tif (!BN_bin2bn(ecdsa%d_x, sizeof(ecdsa%d_x), tmp_1)) goto err;\n", bits_p, bits_p);
-		printf("\tif (!BN_bin2bn(ecdsa%d_y, sizeof(ecdsa%d_y), tmp_2)) goto err;\n", bits_p, bits_p);
-		printf("\tif ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err;\n");
-		printf("\tif (!EC_POINT_set_affine_coordinates_GFp(ecdsa->group, point, tmp_1, tmp_2, NULL)) goto err;\n");
-		printf("\t/* set generator, order and cofactor */\n");
-		printf("\tif (!BN_bin2bn(ecdsa%d_o, sizeof(ecdsa%d_o), tmp_1)) goto err;\n", bits_p, bits_p);
-		printf("\tif (!BN_bin2bn(ecdsa%d_c, sizeof(ecdsa%d_c), tmp_2)) goto err;\n", bits_p, bits_p);
-		printf("\tif (!EC_GROUP_set_generator(ecdsa->group, point, tmp_1, tmp_2)) goto err;\n");
-		printf("\n\tok=1;\n");
-		printf("err:\n");
-		printf("\tif (tmp_1) BN_free(tmp_1);\n");
-		printf("\tif (tmp_2) BN_free(tmp_2);\n");
-		printf("\tif (tmp_3) BN_free(tmp_3);\n");
-		printf("\tif (point) EC_POINT_free(point);\n");
-		printf("\tif (!ok)\n");
-		printf("\t\t{\n");
-		printf("\t\tECDSA_free(ecdsa);\n");
-		printf("\t\tecdsa = NULL;\n");
-		printf("\t\t}\n");
-		printf("\treturn(ecdsa);\n\t}\n");
-	}
-
-
-	if (!noout)
-	{
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECDSAParameters_bio(out, ecdsa);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECDSAParameters(out, ecdsa);
-		else	
-		{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-		}
-		if (!i)
-		{
-			BIO_printf(bio_err, "unable to write ECDSA parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-	if (genkey)
-	{
-		ECDSA *ecdsakey;
-
-		assert(need_rand);
-		if ((ecdsakey = ECDSAParameters_dup(ecdsa)) == NULL) goto end;
-		if (!ECDSA_generate_key(ecdsakey)) goto end;
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECDSAPrivateKey_bio(out, ecdsakey);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECDSAPrivateKey(out, ecdsakey, NULL, NULL, 0, NULL, NULL);
-		else	
-		{
-			BIO_printf(bio_err, "bad output format specified for outfile\n");
-			goto end;
-		}
-		ECDSA_free(ecdsakey);
-	}
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-	ret=0;
-end:
-	if (in != NULL) 	BIO_free(in);
-	if (out != NULL) 	BIO_free_all(out);
-	if (ecdsa != NULL) 	ECDSA_free(ecdsa);
-	if (tmp_1)		BN_free(tmp_1);
-	if (tmp_2)		BN_free(tmp_2);
-	if (tmp_3)		BN_free(tmp_3);
-	if (tmp_3)		BN_free(tmp_4);
-	if (tmp_3)		BN_free(tmp_5);
-	if (tmp_3)		BN_free(tmp_6);
-	if (tmp_3)		BN_free(tmp_7);
-	if (ctx)		BN_CTX_free(ctx);
-	if (data)		OPENSSL_free(data);
-	apps_shutdown();
-	EXIT(ret);
-}
-#endif

apps/enc.c

@@ -78,7 +78,7 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 
-void show_ciphers(const OBJ_NAME *name,void *bio_)
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
 	{
 	BIO *bio=bio_;
 	static int n;

apps/makeapps.com

@@ -44,6 +44,7 @@ $!  keywords:
 $!
 $!	UCX		for UCX
 $!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!	TCPIP		for TCPIP (post UCX)
 $!
 $!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
@@ -963,7 +964,8 @@ $ ENDIF
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
 $ THEN
 $!
 $!  Check to see if SOCKETSHR was chosen
@@ -973,7 +975,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -999,19 +1001,45 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
 $     ENDIF
 $!
 $!    Done with UCX
 $!
 $   ENDIF
 $!
+$!  Check to see if TCPIP (post UCX) was chosen
+$!
+$   IF P4.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P4.EQS."NONE"
+$   THEN
+$!
+$!    Do not use TCPIP.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
 $!  Add TCP/IP type to CC definitions.
 $!
 $   CCDEFS = CCDEFS + ",TCPIP_TYPE_''P4'"
@@ -1031,6 +1059,7 @@ $   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
 $   WRITE SYS$OUTPUT ""
 $   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
 $   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
 $   WRITE SYS$OUTPUT ""
 $!
 $!  Time To EXIT.

apps/ocsp.c

@@ -553,8 +553,8 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-port num		 port to run responder on\n");
 		BIO_printf (bio_err, "-index file	 certificate status index file\n");
 		BIO_printf (bio_err, "-CA file		 CA certificate\n");
-		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign requests with\n");
-		BIO_printf (bio_err, "-rkey file	 responder key to sign requests with\n");
+		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign responses with\n");
+		BIO_printf (bio_err, "-rkey file	 responder key to sign responses with\n");
 		BIO_printf (bio_err, "-rother file	 other certificates to include in response\n");
 		BIO_printf (bio_err, "-resp_no_certs     don't include any certificates in response\n");
 		BIO_printf (bio_err, "-nmin n	 	 number of minutes before next update\n");
@@ -676,6 +676,18 @@ int MAIN(int argc, char **argv)
 
 	if (req_text && req) OCSP_REQUEST_print(out, req, 0);
 
+	if (reqout)
+		{
+		derbio = BIO_new_file(reqout, "wb");
+		if(!derbio)
+			{
+			BIO_printf(bio_err, "Error opening file %s\n", reqout);
+			goto end;
+			}
+		i2d_OCSP_REQUEST_bio(derbio, req);
+		BIO_free(derbio);
+		}
+
 	if (ridx_filename && (!rkey || !rsigner || !rca_cert))
 		{
 		BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
@@ -809,6 +821,8 @@ int MAIN(int argc, char **argv)
 
 	if (!store)
 		store = setup_verify(bio_err, CAfile, CApath);
+	if (!store)
+		goto end;
 	if (verify_certfile)
 		{
 		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,

apps/pkcs12.c

@@ -779,7 +779,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
+			PKCS8_PRIV_KEY_INFO_free(p8);
+			return 0;
+		}
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);

apps/progs.h

@@ -17,8 +17,6 @@ extern int rsa_main(int argc,char *argv[]);
 extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
-extern int ecdsa_main(int argc,char *argv[]);
-extern int ecdsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
 extern int gendsa_main(int argc,char *argv[]);
@@ -80,12 +78,6 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	{FUNC_TYPE_GENERAL,"ecdsa",ecdsa_main},
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	{FUNC_TYPE_GENERAL,"ecdsaparam",ecdsaparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
 #ifndef OPENSSL_NO_RSA

apps/progs.pl

@@ -33,8 +33,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^ecdsa$/) || ($_ =~ /^ecdsaparam$/))
-		{ print "#ifndef OPENSSL_NO_ECDSA\n${str}#endif\n";}
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))

apps/req.c

@@ -142,7 +142,6 @@ static int batch=0;
 #define TYPE_RSA	1
 #define TYPE_DSA	2
 #define TYPE_DH		3
-#define TYPE_ECDSA	4
 
 int MAIN(int, char **);
 
@@ -151,9 +150,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	ECDSA *ecdsa_params = NULL;
 #endif
 	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
@@ -322,60 +318,8 @@ int MAIN(int argc, char **argv)
 						}
 					}
 				BIO_free(in);
-				in=NULL;
 				newkey=BN_num_bits(dsa_params->p);
-				}
-			else 
-#endif
-#ifndef OPENSSL_NO_ECDSA
-				if (strncmp("ecdsa:",p,4) == 0)
-				{
-				X509 *xtmp=NULL;
-				EVP_PKEY *dtmp;
-
-				pkey_type=TYPE_ECDSA;
-				p+=6;
-				if ((in=BIO_new_file(p,"r")) == NULL)
-					{
-					perror(p);
-					goto end;
-					}
-				if ((ecdsa_params = PEM_read_bio_ECDSAParameters(in, NULL, NULL, NULL)) == NULL)
-					{
-					ERR_clear_error();
-					(void)BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-						{	
-						BIO_printf(bio_err,"unable to load ECDSA parameters from file\n");
-						goto end;
-						}
-
-					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
-					if (dtmp->type == EVP_PKEY_ECDSA)
-						ecdsa_params = ECDSAParameters_dup(dtmp->pkey.ecdsa);
-					EVP_PKEY_free(dtmp);
-					X509_free(xtmp);
-					if (ecdsa_params == NULL)
-						{
-						BIO_printf(bio_err,"Certificate does not contain ECDSA parameters\n");
-						goto end;
-						}
-					}
-
-				BIO_free(in);
 				in=NULL;
-				
-				{
-				BIGNUM *order = BN_new();
-				
-				if (!order)
-					goto end;
-				if (!EC_GROUP_get_order(ecdsa_params->group, order, NULL))
-					goto end;
-				newkey = BN_num_bits(order);
-				BN_free(order);
-				}
-
 				}
 			else 
 #endif
@@ -490,7 +434,6 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-		BIO_printf(bio_err," -newkey ecdsa:file generate a new ECDSA key, parameters taken from CA in 'file'\n");
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
@@ -505,6 +448,7 @@ bad:
 		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
 		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
 		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
 		goto end;
 		}
 
@@ -686,7 +630,7 @@ bad:
 			   message */
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || EVP_PKEY_type(pkey->type) == EVP_PKEY_ECDSA)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -710,15 +654,14 @@ bad:
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
-		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
-		/* TODO: appropriate minimal keylength for the different algorithm (esp. ECDSA) */
+		if (newkey < MIN_KEY_LENGTH)
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
 			BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
 			goto end;
 			}
 		BIO_printf(bio_err,"Generating a %d bit %s private key\n",
-			newkey,(pkey_type == TYPE_RSA)?"RSA":(pkey_type == TYPE_DSA)?"DSA":"ECDSA");
+			newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
 
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
@@ -740,14 +683,6 @@ bad:
 			dsa_params=NULL;
 			}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey_type == TYPE_ECDSA)
-			{
-			if (!ECDSA_generate_key(ecdsa_params)) goto end;
-			if (!EVP_PKEY_assign_ECDSA(pkey, ecdsa_params)) goto end;
-			ecdsa_params = NULL;
-			}
-#endif
 
 		app_RAND_write_file(randfile, bio_err);
 
@@ -853,10 +788,6 @@ loop:
 #ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
-			digest=EVP_ecdsa();
 #endif
 		if (req == NULL)
 			{
@@ -1138,9 +1069,6 @@ end:
 	OBJ_cleanup();
 #ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	if (ecdsa_params != NULL) ECDSA_free(ecdsa_params);
 #endif
 	apps_shutdown();
 	EXIT(ex);
@@ -1210,64 +1138,22 @@ err:
 	return(ret);
 	}
 
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
 static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
 	{
-	X509_NAME *n = NULL;
+	X509_NAME *n;
 
-	int i, nid, ne_num=0;
+	if (!(n = do_subject(subject, chtype)))
+		return 0;
 
-	char *ne_name = NULL;
-	char *ne_value = NULL;
-
-	char *tmp = NULL;
-	char *p[2];
-
-	char *str_list[256];
-       
-	p[0] = ",/";
-        p[1] = "=";
-
-	n = X509_NAME_new();
-
-	tmp = strtok(subject, p[0]);
-	while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
-		{
-		char *token = tmp;
-
-		while (token[0] == ' ')
-			token++;
-		str_list[ne_num] = token;
-
-		tmp = strtok(NULL, p[0]);
-		ne_num++;
-		}
-
-	for(i = 0; i < ne_num; i++)
-		{
-		ne_name  = strtok(str_list[i], p[1]);
-		ne_value = strtok(NULL, p[1]);
-
-		if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
-			{
-			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
-			continue;
-			}
-
-		if (ne_value == NULL)
-			{
-			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
-			continue;
-			}
-
-		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_value, -1,-1,0))
+	if (!X509_REQ_set_subject_name(req, n))
 		{
 		X509_NAME_free(n);
 		return 0;
 		}
-		}
-
-	if (!X509_REQ_set_subject_name(req, n))
-		return 0;
 	X509_NAME_free(n);
 	return 1;
 }

apps/s_server.c

@@ -705,7 +705,7 @@ bad:
 			}
 		}
 
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
 	if (nocert)
 #endif
 		{

apps/smime.c

@@ -109,6 +109,12 @@ int MAIN(int argc, char **argv)
 	args = argv + 1;
 	ret = 1;
 
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
 	if (!load_config(bio_err, NULL))
 		goto end;
 
@@ -465,7 +471,10 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		BIO_reset(in);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
+		  BIO_printf(bio_err, "Can't rewind input file\n");
+		  goto end;
+		}
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);

apps/x509.c

@@ -245,7 +245,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
+			CAkeyformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -869,10 +869,6 @@ bad:
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (Upkey->type == EVP_PKEY_ECDSA)
-					digest=EVP_ecdsa();
-#endif
 
 				assert(need_rand);
 				if (!sign(x,Upkey,days,clrext,digest,
@@ -892,10 +888,6 @@ bad:
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-				if (CApkey->type == EVP_PKEY_ECDSA)
-					digest = EVP_ecdsa();
-#endif
 				
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
@@ -925,8 +917,6 @@ bad:
 
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
-				else if (pk->type == EVP_PKEY_ECDSA)
-					digest=EVP_ecdsa();
 
 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);

config

@@ -390,18 +390,30 @@ exit 0
 
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc --version) 2>/dev/null`
+GCCVER=`(gcc -dumpversion) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
   CC=gcc
-  # then strip off whatever prefix Cygnus prepends the number with...
-  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+  # does give us what we want though, so we use that.  We just just the
+  # major and minor version numbers.
   # peak single digit before and after first dot, e.g. 2.95.1 gives 29
   GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
   CC=cc
 fi
 GCCVER=${GCCVER:-0}
-
+if [ "$SYSTEM" = "HP-UX" ];then
+  # By default gcc is a ILP32 compiler (with long long == 64).
+  GCC_BITS="32"
+  if [ $GCCVER -ge 30 ]; then
+    # PA64 support only came in with gcc 3.0.x.
+    # We look for the preprocessor symbol __LP64__ indicating
+    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
+      GCC_BITS="64"
+    fi
+  fi
+fi
 if [ "$SYSTEM" = "SunOS" ]; then
   if [ $GCCVER -ge 30 ]; then
     # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
@@ -517,6 +529,10 @@ EOF
 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
 	rm dummy dummy.c
 	;;
+  ppc64-*-linux2)
+	#Use the standard target for PPC architecture until we create a
+	#special one for the 64bit architecture.
+	OUT="linux-ppc" ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
   m68k-*-linux*) OUT="linux-m68k" ;;
   ia64-*-linux?) OUT="linux-ia64" ;;
@@ -655,7 +671,16 @@ EOF
   RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
   *-siemens-sysv4) OUT="SINIX" ;;
   *-hpux1*)
+	if [ $CC = "gcc" ];
+	then
+	  if [ $GCC_BITS = "64" ]; then
+	    OUT="hpux64-parisc-gcc"
+	  else
+	    OUT="hpux-parisc-gcc"
+	  fi
+	else
 	  OUT="hpux-parisc-$CC"
+	fi
 	KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
 	KERNEL_BITS=${KERNEL_BITS:-32}
 	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`

crypto/Makefile.ssl

@@ -28,7 +28,7 @@ LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh dso engine aes \
+	bn ec rsa dsa dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
@@ -54,11 +54,11 @@ all: buildinf.h lib subdirs shared
 
 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
-	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
-	echo "  #define PLATFORM \"$(PLATFORM)\""; \
-	echo "  #define DATE \"`date`\""; \
-	echo "#endif" ) >buildinf.h
+	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+	echo '  #define PLATFORM "$(PLATFORM)"'; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+	echo '#endif' ) >buildinf.h
 
 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -141,7 +141,7 @@ depend:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making depend in crypto/$$i..." && \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
 	done;
 
 clean:

crypto/aes/aes_cfb.c

@@ -137,7 +137,7 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	} else {
 		while (l--) {
 			if (n == 0) {
-				AES_decrypt(ivec, ivec, key);
+				AES_encrypt(ivec, ivec, key);
 			}
 			c = *(in);
 			*(out++) = *(in++) ^ ivec[n];

crypto/aes/aes_ctr.c

@@ -106,8 +106,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 
 	while (l--) {
 		if (n == 0) {
-			AES_ctr128_inc(counter);
 			AES_encrypt(counter, tmp, key);
+			AES_ctr128_inc(counter);
 		}
 		*(out++) = *(in++) ^ tmp[n];
 		n = (n+1) % AES_BLOCK_SIZE;

crypto/asn1/Makefile.ssl

@@ -145,14 +145,13 @@ a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
 a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
-a_digest.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -258,12 +257,10 @@ a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_set.o: ../cryptlib.h a_set.c
-a_sign.o: ../../e_os.h ../../include/openssl/asn1.h
-a_sign.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 a_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -273,20 +270,18 @@ a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 a_sign.o: ../cryptlib.h a_sign.c
-a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-a_strex.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: a_strex.c charmap.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h
 a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -331,14 +326,13 @@ a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_utf8.o: ../cryptlib.h a_utf8.c
 a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
-a_verify.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_verify.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -353,10 +347,11 @@ asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
 asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_lib.o: ../../include/openssl/opensslconf.h
 asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
@@ -370,15 +365,14 @@ asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
 asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
-asn_moid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-asn_moid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+asn_moid.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+asn_moid.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+asn_moid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
 asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -393,12 +387,10 @@ asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
-d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h
-d2i_pr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 d2i_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -406,12 +398,10 @@ d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 d2i_pr.o: ../cryptlib.h d2i_pr.c
-d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h
-d2i_pu.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 d2i_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-d2i_pu.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -452,12 +442,10 @@ f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
-i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h
-i2d_pr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 i2d_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-i2d_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -465,12 +453,10 @@ i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i2d_pr.o: ../cryptlib.h i2d_pr.c
-i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h
-i2d_pu.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 i2d_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-i2d_pu.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -483,8 +469,7 @@ n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 n_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -497,8 +482,7 @@ nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 nsseq.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
 nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -511,7 +495,6 @@ p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p5_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -526,7 +509,6 @@ p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p5_pbev2.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p5_pbev2.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -541,7 +523,6 @@ p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p8_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p8_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -552,28 +533,24 @@ p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p8_pkey.o: ../cryptlib.h p8_pkey.c
 t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
-t_bitst.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-t_bitst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_bitst.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h t_bitst.c
-t_crl.o: ../../e_os.h ../../include/openssl/asn1.h
-t_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+t_bitst.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -583,24 +560,20 @@ t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 t_crl.o: ../cryptlib.h t_crl.c
-t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-t_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
-t_req.o: ../../e_os.h ../../include/openssl/asn1.h
-t_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -610,12 +583,10 @@ t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 t_req.o: ../cryptlib.h t_req.c
-t_spki.o: ../../e_os.h ../../include/openssl/asn1.h
-t_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -625,13 +596,11 @@ t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 t_spki.o: ../cryptlib.h t_spki.c
-t_x509.o: ../../e_os.h ../../include/openssl/asn1.h
-t_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -642,20 +611,18 @@ t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 t_x509.o: ../cryptlib.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
-t_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../cryptlib.h t_x509a.c
+t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+t_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
 tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -710,8 +677,7 @@ x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_algor.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_algor.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
 x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -725,7 +691,6 @@ x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_attrib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_attrib.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -749,7 +714,6 @@ x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -763,8 +727,7 @@ x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_exten.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_exten.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
 x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -773,12 +736,10 @@ x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 x_exten.o: x_exten.c
-x_info.o: ../../e_os.h ../../include/openssl/asn1.h
-x_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_info.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -802,7 +763,6 @@ x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_name.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_name.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -813,26 +773,24 @@ x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 x_name.o: ../cryptlib.h x_name.c
 x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
-x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../cryptlib.h x_pkey.c
 x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_pubkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_pubkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -847,7 +805,6 @@ x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_req.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -862,7 +819,6 @@ x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_sig.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -877,7 +833,6 @@ x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -892,7 +847,6 @@ x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_val.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_val.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -907,8 +861,7 @@ x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -923,7 +876,6 @@ x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

crypto/asn1/a_bitstr.c

@@ -71,8 +71,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL) return(0);
 
 	len=a->length;
-	ret=1+len;
-	if (pp == NULL) return(ret);
 
 	if (len > 0)
 		{
@@ -100,6 +98,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
+
+	ret=1+len;
+	if (pp == NULL) return(ret);
+
 	p= *pp;
 
 	*(p++)=(unsigned char)bits;

crypto/asn1/a_enum.c

@@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
+		{
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
+
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:

crypto/asn1/a_int.c

@@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
+		{
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	/* Correct zero case */
 	if(!ret->length)

crypto/asn1/a_set.c

@@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}
 
         pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
 we will store the SET blobs */
 
         for (i=0; i<sk_num(a); i++)
@@ -135,7 +135,7 @@ SetBlob
  /* Now we have to sort the blobs. I am using a simple algo.
     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
         qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = OPENSSL_malloc(totSize);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
 
 /* Copy to temp mem */
         p = pTempMem;

crypto/asn1/a_sign.c

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <time.h>
@@ -90,7 +143,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
@@ -169,7 +229,14 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);

crypto/asn1/a_strex.c

@@ -77,8 +77,8 @@
 /* Three IO functions for sending data to memory, a BIO and
  * and a FILE pointer.
  */
-
-int send_mem_chars(void *arg, const void *buf, int len)
+#if 0				/* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
 {
 	unsigned char **out = arg;
 	if(!out) return 1;
@@ -86,15 +86,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
 	*out += len;
 	return 1;
 }
+#endif
 
-int send_bio_chars(void *arg, const void *buf, int len)
+static int send_bio_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(BIO_write(arg, buf, len) != len) return 0;
 	return 1;
 }
 
-int send_fp_chars(void *arg, const void *buf, int len)
+static int send_fp_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
@@ -240,7 +241,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
  * #01234 format.
  */
 
-int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
 {
 	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 	 * the DER encoding to readily obtained

crypto/asn1/a_utctm.c

@@ -222,6 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
+	struct tm data;
 	int offset;
 	int year;
 
@@ -238,7 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 
-	{ struct tm data; tm = OPENSSL_gmtime(&t, &data); }
+	tm = OPENSSL_gmtime(&t, &data);
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);

crypto/asn1/asn1.h

@@ -773,6 +773,7 @@ int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
 DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
@@ -1008,13 +1009,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509_PKEY				 159
 #define ASN1_F_I2D_ASN1_TIME				 160
 #define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_ECDSA_PUBKEY				 174
 #define ASN1_F_I2D_NETSCAPE_RSA				 162
 #define ASN1_F_I2D_PRIVATEKEY				 163
 #define ASN1_F_I2D_PUBLICKEY				 164
 #define ASN1_F_I2D_RSA_PUBKEY				 165
 #define ASN1_F_LONG_C2I					 166
-#define ASN1_F_OID_MODULE_INIT				 175
+#define ASN1_F_OID_MODULE_INIT				 174
 #define ASN1_F_PKCS5_PBE2_SET				 167
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169

crypto/asn1/asn1_err.c

@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -128,7 +128,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0),	"i2d_ECDSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},

crypto/asn1/asn1_lib.c

@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 
 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);

crypto/asn1/d2i_pr.c

@@ -68,9 +68,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -110,16 +107,6 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	case EVP_PKEY_ECDSA:
-		if ((ret->pkey.ecdsa = d2i_ECDSAPrivateKey(NULL, 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
@@ -151,10 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
 	/* Since we only need to discern "traditional format" RSA and DSA
 	 * keys we can just count the elements.
          */
-	if(sk_ASN1_TYPE_num(inkey) == 6) 
-		keytype = EVP_PKEY_DSA;
-	else if (sk_ASN1_TYPE_num(inkey) == 4)
-		keytype = EVP_PKEY_ECDSA;
+	if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
 	else keytype = EVP_PKEY_RSA;
 	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
 	return d2i_PrivateKey(keytype, a, pp, length);

crypto/asn1/d2i_pu.c

@@ -68,9 +68,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -103,23 +100,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa),
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
 			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	case EVP_PKEY_ECDSA:
-		if ((ret->pkey.ecdsa = ECDSAPublicKey_set_octet_string(&(ret->pkey.ecdsa), 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	break;
 #endif
 	default:
 		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);

crypto/asn1/i2d_pr.c

@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -86,12 +83,6 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (a->type == EVP_PKEY_ECDSA)
-		{
-		return(i2d_ECDSAPrivateKey(a->pkey.ecdsa, pp));
-		}
-#endif
 
 	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 	return(-1);

crypto/asn1/i2d_pu.c

@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
@@ -82,10 +79,6 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	case EVP_PKEY_ECDSA:
-		return(ECDSAPublicKey_get_octet_string(a->pkey.ecdsa, pp));
 #endif
 	default:
 		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

crypto/asn1/n_pkey.c

@@ -92,6 +92,8 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
 	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
 } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
 
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -100,6 +102,8 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
 	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,

crypto/asn1/p5_pbev2.c

@@ -116,6 +116,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
 		goto err;
 
+	EVP_CIPHER_CTX_init(&ctx);
+
 	/* Dummy cipherinit to just setup the IV */
 	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
 	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {

crypto/asn1/t_pkey.c

@@ -69,9 +69,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 
 static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
@@ -212,150 +209,6 @@ err:
 	}
 #endif /* !OPENSSL_NO_DSA */
 
-#ifndef OPENSSL_NO_ECDSA
-#ifndef OPENSSL_NO_FP_API
-int ECDSA_print_fp(FILE *fp, const ECDSA *x, int off)
-{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-	}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECDSA_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-}
-#endif
-
-int ECDSA_print(BIO *bp, const ECDSA *x, int off)
-	{
-	char str[128];
-	unsigned char *buffer=NULL;
-	int     i, buf_len=0, ret=0, reason=ERR_R_BIO_LIB;
-	BIGNUM  *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL,
-		*tmp_4=NULL, *tmp_5=NULL, *tmp_6=NULL,
-		*tmp_7=NULL;
-	BN_CTX  *ctx=NULL;
-	EC_POINT *point=NULL;
- 
-	/* TODO: fields other than prime fields */
-       
-	if (!x || !x->group)
-		{
-		reason = ECDSA_R_MISSING_PARAMETERS;
-		goto err;
-		}
-	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-		(tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL ||
-		(tmp_6 = BN_new()) == NULL || (tmp_7 = BN_new()) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	if (!EC_GROUP_get_curve_GFp(x->group, tmp_1, tmp_2, tmp_3, ctx))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if ((point = EC_GROUP_get0_generator(x->group)) == NULL)
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if (!EC_GROUP_get_order(x->group, tmp_6, NULL) || !EC_GROUP_get_cofactor(x->group, tmp_7, NULL))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if ((buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0)
-		{
-		reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH;
-		goto err;
-		}
-	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), 
-				buffer, buf_len, ctx)) goto err;
-	if ((tmp_4 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
-		{
-		reason = ERR_R_BN_LIB;
-		goto err;
-		}
-	if ((i = EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0)
-		{
-		reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH;
-		goto err;
-		}
-	if (i > buf_len && (buffer = OPENSSL_realloc(buffer, i)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		buf_len = i;
-		goto err;
-		}
-	if (!EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), 
-				buffer, buf_len, ctx))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-	if ((tmp_5 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
-		{
-		reason = ERR_R_BN_LIB;
-		goto err;
-		}
-	if (tmp_1 != NULL)
-		i = BN_num_bytes(tmp_1)*2;
-	else
-		i=256;
-	if ((i + 10) > buf_len && (buffer = OPENSSL_realloc(buffer, i+10)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		buf_len = i;
-		goto err;
-		}
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
-	if (x->priv_key != NULL)
-		{
-		if (off && (BIO_write(bp, str, off) <= 0)) goto err;
-		if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(tmp_1)) <= 0) goto err;
-		}
-  
-	if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, buffer, off)) goto err;
-	if ((tmp_5 != NULL) && !print(bp, "pub: ", tmp_5, buffer, off)) goto err;
-	if ((tmp_1 != NULL) && !print(bp, "P:   ", tmp_1, buffer, off)) goto err;
-	if ((tmp_2 != NULL) && !print(bp, "A:   ", tmp_2, buffer, off)) goto err;
-	if ((tmp_3 != NULL) && !print(bp, "B:   ", tmp_3, buffer, off)) goto err;
-	if ((tmp_4 != NULL) && !print(bp, "Gen: ", tmp_4, buffer, off)) goto err;
-	if ((tmp_6 != NULL) && !print(bp, "Order: ", tmp_6, buffer, off)) goto err;
-	if ((tmp_7 != NULL) && !print(bp, "Cofactor: ", tmp_7, buffer, off)) goto err;
-	ret=1;
-err:
-	if (!ret)
- 		ECDSAerr(ECDSA_F_ECDSA_PRINT, reason);
-	if (tmp_1) BN_free(tmp_1);
-	if (tmp_2) BN_free(tmp_2);
-	if (tmp_3) BN_free(tmp_3);
-	if (tmp_4) BN_free(tmp_4);
-	if (tmp_5) BN_free(tmp_5);
-	if (tmp_6) BN_free(tmp_6);
-	if (tmp_7) BN_free(tmp_7);
-	if (ctx)   BN_CTX_free(ctx);
-	if (buffer != NULL) OPENSSL_free(buffer);
-	return(ret);
-	}
-#endif
-
 static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	     int off)
 	{
@@ -506,95 +359,3 @@ err:
 
 #endif /* !OPENSSL_NO_DSA */
 
-#ifndef OPENSSL_NO_ECDSA
-#ifndef OPENSSL_NO_FP_API
-int ECDSAParameters_print_fp(FILE *fp, const ECDSA *x)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSAPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-	}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECDSAParameters_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int ECDSAParameters_print(BIO *bp, const ECDSA *x)
-       {
-       unsigned char *buffer=NULL;
-       int     buf_len;
-       int     reason=ERR_R_EC_LIB, i, ret=0;
-       BIGNUM  *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL, *tmp_4=NULL,
-               *tmp_5=NULL, *tmp_6=NULL;
-       BN_CTX  *ctx=NULL;
-       EC_POINT *point=NULL;
- 
-       /* TODO: fields other than prime fields */
-       if (!x || !x->group)
-       {
-		reason = ECDSA_R_MISSING_PARAMETERS;
-		goto err;
-       }
-       if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-	   (tmp_3 = BN_new()) == NULL || (tmp_5 = BN_new()) == NULL ||
-           (tmp_6 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL)
-       {
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
-	if (!EC_GROUP_get_curve_GFp(x->group, tmp_1, tmp_2, tmp_3, ctx)) goto err;
-	if ((point = EC_GROUP_get0_generator(x->group)) == NULL) goto err;
-	if (!EC_GROUP_get_order(x->group, tmp_5, ctx)) goto err;
-	if (!EC_GROUP_get_cofactor(x->group, tmp_6, ctx)) goto err;	
-	buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL)
-	{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
-	if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), buffer, buf_len, ctx))
-	{
-		reason = ERR_R_EC_LIB;
-		goto err;
-	}
-	if ((tmp_4 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
-	{
-		reason = ERR_R_BN_LIB;
-		goto err;
-	}
-  
-	i = BN_num_bits(tmp_1) + 10;
-	if (i > buf_len && (buffer = OPENSSL_realloc(buffer, i)) == NULL)
-	{
-		reason=ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
- 
-	if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", BN_num_bits(tmp_1)) <= 0) goto err;
-	if (!print(bp, "Prime p:", tmp_1, buffer, 4)) goto err;
-	if (!print(bp, "Curve a:", tmp_2, buffer, 4)) goto err;
-	if (!print(bp, "Curve b:", tmp_3, buffer, 4)) goto err;
-	if (!print(bp, "Generator (compressed):", tmp_4, buffer, 4)) goto err; 
-	if (!print(bp, "Order:", tmp_5, buffer, 4)) goto err;
-	if (!print(bp, "Cofactor:", tmp_6, buffer, 4)) goto err;
-	ret=1;
-err:
-	if (tmp_1)  BN_free(tmp_1);
-	if (tmp_2)  BN_free(tmp_2);
-	if (tmp_3)  BN_free(tmp_3);
-	if (tmp_4)  BN_free(tmp_4);
-	if (tmp_5)  BN_free(tmp_5);
-	if (tmp_6)  BN_free(tmp_6);
-	if (ctx)    BN_CTX_free(ctx);
-	if (buffer) OPENSSL_free(buffer);
-	ECDSAerr(ECDSA_F_ECDSAPARAMETERS_PRINT, reason);
-	return(ret);
-	}
-  
-#endif

crypto/asn1/t_req.c

@@ -134,15 +134,6 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 		}
 	else
 #endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey != NULL && pkey->type == EVP_PKEY_ECDSA)
-		{
-			BIO_printf(bp, "%12sECDSA Public Key: \n","");
-			ECDSA_print(bp, pkey->pkey.ecdsa, 16);
-		}
-	else
-#endif
-
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
 	if (pkey != NULL)

crypto/asn1/t_spki.c

@@ -93,15 +93,6 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 		}
 		else
 #endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
-		{
-			BIO_printf(out, "  ECDSA Public Key:\n");
-			ECDSA_print(out, pkey->pkey.ecdsa,2);
-		}
-		else
-#endif
-
 			BIO_printf(out,"  Unknown Public Key:\n");
 		EVP_PKEY_free(pkey);
 	}

crypto/asn1/t_x509.c

@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -231,14 +228,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			DSA_print(bp,pkey->pkey.dsa,16);
 			}
 		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
-			{
-			BIO_printf(bp, "%12sECDSA Public Key:\n","");
-			ECDSA_print(bp, pkey->pkey.ecdsa, 16);
-			}
-		else
 #endif
 			BIO_printf(bp,"%12sUnknown Public Key:\n","");
 

crypto/asn1/x_pubkey.c

@@ -64,8 +64,7 @@
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if (operation == ASN1_OP_FREE_POST)
-		{
+	if(operation == ASN1_OP_FREE_POST) {
 		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
 		EVP_PKEY_free(pubkey->pkey);
 	}
@@ -109,8 +108,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			a->parameter->type=V_ASN1_NULL;
 			}
 		}
+	else
 #ifndef OPENSSL_NO_DSA
-	else if (pkey->type == EVP_PKEY_DSA)
+		if (pkey->type == EVP_PKEY_DSA)
 		{
 		unsigned char *pp;
 		DSA *dsa;
@@ -119,7 +119,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		p=(unsigned char *)OPENSSL_malloc(i);
+		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
@@ -128,68 +128,19 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		ASN1_STRING_set(a->parameter->value.sequence,p,i);
 		OPENSSL_free(p);
 		}
+	else
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	else if (pkey->type == EVP_PKEY_ECDSA)
-		{
-		int nid=0;
-		unsigned char *pp;
-		ECDSA *ecdsa;
-		
-		ecdsa = pkey->pkey.ecdsa;
-		ASN1_TYPE_free(a->parameter);
-
-		if ((a->parameter = ASN1_TYPE_new()) == NULL)
-			{
-			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-			goto err;
-			}
-
-		if ((ECDSA_get_parameter_flags(ecdsa) & ECDSA_FLAG_NAMED_CURVE) && (nid = EC_GROUP_get_nid(ecdsa->group)))
-			{
-			/* just set the OID */
-			a->parameter->type = V_ASN1_OBJECT;
-			a->parameter->value.object = OBJ_nid2obj(nid);
-			}
-		else /* explicit parameters */
-			{
-			if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
-				goto err;
-				}
-			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}	
-			pp = p;
-			if (!i2d_ECDSAParameters(ecdsa, &pp))
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			a->parameter->type = V_ASN1_SEQUENCE;
-			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			ASN1_STRING_set(a->parameter->value.sequence, p, i);
-			OPENSSL_free(p);
-			}
-		}
-#endif
-	else if (1)
 		{
 		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
 		goto err;
 		}
 
 	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
+	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
@@ -222,7 +173,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	long j;
 	int type;
 	unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#ifndef OPENSSL_NO_DSA
 	const unsigned char *cp;
 	X509_ALGOR *a;
 #endif
@@ -238,31 +189,21 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	if (key->public_key == NULL) goto err;
 
 	type=OBJ_obj2nid(key->algor->algorithm);
-	if ((ret = EVP_PKEY_new()) == NULL)
+	p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
 		{
-		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+		X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
 		goto err;
 		}
-	ret->type = EVP_PKEY_type(type);
+	ret->save_parameters=0;
 
-	/* the parameters must be extracted before the public key (ECDSA!) */
-	
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	a=key->algor;
-#endif
-
-	if (0)
-		;
 #ifndef OPENSSL_NO_DSA
-	else if (ret->type == EVP_PKEY_DSA)
+	a=key->algor;
+	if (ret->type == EVP_PKEY_DSA)
 		{
 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
-			if ((ret->pkey.dsa = DSA_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
 			ret->pkey.dsa->write_params=0;
 			cp=p=a->parameter->value.sequence->data;
 			j=a->parameter->value.sequence->length;
@@ -272,53 +213,6 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 		ret->save_parameters=1;
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	else if (ret->type == EVP_PKEY_ECDSA)
-		{
-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-			{
-			/* type == V_ASN1_SEQUENCE => we have explicit parameters
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
-			 */
-			if ((ret->pkey.ecdsa= ECDSA_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			cp = p = a->parameter->value.sequence->data;
-			j = a->parameter->value.sequence->length;
-			if (!d2i_ECDSAParameters(&ret->pkey.ecdsa, &cp, (long)j))
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_ECDSA_LIB);
-				goto err;
-				}
-			}
-		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-			{
-			/* type == V_ASN1_OBJECT => the parameters are given
-			 * by an asn1 OID
-			 */
-			if (ret->pkey.ecdsa == NULL)
-				ret->pkey.ecdsa = ECDSA_new();
-			if (ret->pkey.ecdsa->group)
-				EC_GROUP_free(ret->pkey.ecdsa->group);
-			ret->pkey.ecdsa->parameter_flags |= ECDSA_FLAG_NAMED_CURVE;
-			if ((ret->pkey.ecdsa->group = EC_GROUP_new_by_name(OBJ_obj2nid(a->parameter->value.object))) == NULL)
-				goto err;
-			}
-			/* the case implicitlyCA is currently not implemented */
-		ret->save_parameters = 1;
-		}
-#endif
-
-	p=key->public_key->data;
-        j=key->public_key->length;
-        if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL)
-		{
-		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
-		goto err;
-		}
-
 	key->pkey=ret;
 	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
 	return(ret);
@@ -342,8 +236,7 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
 	pktmp = X509_PUBKEY_get(xpk);
 	X509_PUBKEY_free(xpk);
 	if(!pktmp) return NULL;
-	if(a)
-		{
+	if(a) {
 		EVP_PKEY_free(*a);
 		*a = pktmp;
 	}
@@ -378,8 +271,7 @@ RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
 	EVP_PKEY_free(pkey);
 	if(!key) return NULL;
 	*pp = q;
-	if (a)
-		{
+	if(a) {
 		RSA_free(*a);
 		*a = key;
 	}
@@ -392,8 +284,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 	int ret;
 	if(!a) return 0;
 	pktmp = EVP_PKEY_new();
-	if (!pktmp)
-		{
+	if(!pktmp) {
 		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
@@ -418,8 +309,7 @@ DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
 	EVP_PKEY_free(pkey);
 	if(!key) return NULL;
 	*pp = q;
-	if (a)
-		{
+	if(a) {
 		DSA_free(*a);
 		*a = key;
 	}
@@ -432,8 +322,7 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 	int ret;
 	if(!a) return 0;
 	pktmp = EVP_PKEY_new();
-	if(!pktmp)
-		{
+	if(!pktmp) {
 		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
@@ -443,41 +332,3 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 	return ret;
 }
 #endif
-
-#ifndef OPENSSL_NO_ECDSA
-ECDSA *d2i_ECDSA_PUBKEY(ECDSA **a, unsigned char **pp, long length)
-	{
-	EVP_PKEY *pkey;
-	ECDSA *key;
-	unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return(NULL);
-	key = EVP_PKEY_get1_ECDSA(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key)  return(NULL);
-	*pp = q;
-	if (a)
-		{
-		ECDSA_free(*a);
-		*a = key;
-		}
-	return(key);
-	}
-
-int i2d_ECDSA_PUBKEY(ECDSA *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a)	return(0);
-	if ((pktmp = EVP_PKEY_new()) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_ECDSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	EVP_PKEY_set1_ECDSA(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return(ret);
-	}
-#endif

crypto/bio/b_print.c

@@ -56,6 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
 /* 
  * Stolen from tjh's ssl/ssl_trc.c stuff.
  */
@@ -716,12 +723,13 @@ doapr_outch(
     if (buffer) {
 	while (*currlen >= *maxlen) {
 	    if (*buffer == NULL) {
-		assert(*sbuffer != NULL);
 		if (*maxlen == 0)
 		    *maxlen = 1024;
 		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0)
+		if (*currlen > 0) {
+		    assert(*sbuffer != NULL);
 		    memcpy(*buffer, *sbuffer, *currlen);
+		}
 		*sbuffer = NULL;
 	    } else {
 		*maxlen += 1024;
@@ -761,7 +769,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
 	{
 	int ret;
 	size_t retlen;
-	MS_STATIC char hugebuf[1024*10];
+	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
+				   in small-stack environments, like threads
+				   or DOS programs. */
 	char *hugebufp = hugebuf;
 	size_t hugebufsize = sizeof(hugebuf);
 	char *dynbuf = NULL;

crypto/bio/b_sock.c

@@ -484,7 +484,11 @@ int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
 	{
 	int i;
 
+#ifdef __DJGPP__
+	i=ioctlsocket(fd,type,(char *)arg);
+#else
 	i=ioctlsocket(fd,type,arg);
+#endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
 	return(i);

crypto/bio/bf_nbio.c

@@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;
 
-	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
+	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;

crypto/bio/bio.h

@@ -647,6 +647,7 @@ void ERR_load_BIO_strings(void);
 #define BIO_F_CONN_CTRL					 127
 #define BIO_F_CONN_STATE				 115
 #define BIO_F_FILE_CTRL					 116
+#define BIO_F_FILE_READ					 130
 #define BIO_F_LINEBUFFER_CTRL				 129
 #define BIO_F_MEM_READ					 128
 #define BIO_F_MEM_WRITE					 117

crypto/bio/bio_err.c

@@ -91,6 +91,7 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_CTRL,0),	"CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_FILE_READ,0),	"FILE_READ"},
 {ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),	"LINEBUFFER_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_READ,0),	"MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},

crypto/bio/bss_bio.c

@@ -7,10 +7,19 @@
  * for which no specific BIO method is available.
  * See ssl/ssltest.c for some hints on how this can be used. */
 
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
 # ifndef BIO_PAIR_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+#  define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+#ifndef BIO_PAIR_DEBUG
+# ifndef NDEBUG
 #  define NDEBUG
 # endif
+#endif
 
 #include <assert.h>
 #include <limits.h>

crypto/bio/bss_file.c

@@ -162,6 +162,12 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
 	if (b->init && (out != NULL))
 		{
 		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+		if(ret == 0 && ferror((FILE *)b->ptr))
+			{
+			SYSerr(SYS_F_FREAD,get_last_sys_error());
+			BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
+			ret=-1;
+			}
 		}
 	return(ret);
 	}

crypto/bn/bn.h

@@ -136,7 +136,7 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000LL)
 #define BN_MASK2h1	(0xffffffff80000000LL)
 #define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000LL)
+#define BN_DEC_CONV	(10000000000000000000ULL)
 #define BN_DEC_FMT1	"%llu"
 #define BN_DEC_FMT2	"%019llu"
 #define BN_DEC_NUM	19

crypto/bn/bn_div.c

@@ -200,10 +200,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	BN_lshift(sdiv,divisor,norm_shift);
+	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
 	sdiv->neg=0;
 	norm_shift+=BN_BITS2;
-	BN_lshift(snum,num,norm_shift);
+	if (!(BN_lshift(snum,num,norm_shift))) goto err;
 	snum->neg=0;
 	div_n=sdiv->top;
 	num_n=snum->top;
@@ -327,7 +327,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		tmp->top=j;
 
 		j=wnum.top;
-		BN_sub(&wnum,&wnum,tmp);
+		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
 
 		snum->top=snum->top+wnum.top-j;
 
@@ -335,7 +335,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			{
 			q--;
 			j=wnum.top;
-			BN_add(&wnum,&wnum,sdiv);
+			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
 			snum->top+=wnum.top-j;
 			}
 		*(resp--)=q;

crypto/bn/bn_mont.c

@@ -221,7 +221,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 
 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
 	if (!BN_add(t2,a,t1)) goto err;
-	BN_rshift(ret,t2,mont->ri);
+	if (!BN_rshift(ret,t2,mont->ri)) goto err;
 #endif /* MONT_WORD */
 
 	if (BN_ucmp(ret, &(mont->N)) >= 0)
@@ -282,8 +282,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		BN_ULONG buf[2];
 
 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		BN_zero(R);
-		BN_set_bit(R,BN_BITS2);			/* R */
+		if (!(BN_zero(R))) goto err;
+		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
 
 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;

crypto/bn/bn_mul.c

@@ -66,7 +66,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__))/* Assembler implementation exists only for x86 */
+#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__)) || defined(__DJGPP__) /* Assembler implementation exists only for x86 */
 /* Here follows specialised variants of bn_add_words() and
    bn_sub_words().  They have the property performing operations on
    arrays of different sizes.  The sizes of those arrays is expressed through
@@ -408,16 +408,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 		return;
 		}
 #  endif
-	if (n2 == 8)
+	/* Only call bn_mul_comba 8 if n2 == 8 and the
+	 * two arrays are complete [steve]
+	 */
+	if (n2 == 8 && dna == 0 && dnb == 0)
 		{
 		bn_mul_comba8(r,a,b);
 		return; 
 		}
 # endif /* BN_MUL_COMBA */
+	/* Else do normal multiply */
 	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
 		{
-		/* This should not happen */
-		bn_mul_normal(r,a,n2,b,n2);
+		bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+		if ((dna + dnb) < 0)
+			memset(&r[2*n2 + dna + dnb], 0,
+				sizeof(BN_ULONG) * -(dna + dnb));
 		return;
 		}
 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
@@ -958,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 
 	if ((al == 0) || (bl == 0))
 		{
-		BN_zero(r);
+		if (!BN_zero(r)) goto err;
 		return(1);
 		}
 	top=al+bl;
@@ -1038,7 +1044,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
 			BIGNUM *tmp_bn = (BIGNUM *)b;
-			bn_wexpand(tmp_bn,al);
+			if (bn_wexpand(tmp_bn,al) == NULL) goto err;
 			tmp_bn->d[bl]=0;
 			bl++;
 			i--;
@@ -1046,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
 			BIGNUM *tmp_bn = (BIGNUM *)a;
-			bn_wexpand(tmp_bn,bl);
+			if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
 			tmp_bn->d[al]=0;
 			al++;
 			i++;
@@ -1061,14 +1067,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 			t = BN_CTX_get(ctx);
 			if (al == j) /* exact multiple */
 				{
-				bn_wexpand(t,k*2);
-				bn_wexpand(rr,k*2);
+				if (bn_wexpand(t,k*2) == NULL) goto err;
+				if (bn_wexpand(rr,k*2) == NULL) goto err;
 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
 				}
 			else
 				{
-				bn_wexpand(t,k*4);
-				bn_wexpand(rr,k*4);
+				if (bn_wexpand(t,k*4) == NULL) goto err;
+				if (bn_wexpand(rr,k*4) == NULL) goto err;
 				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
 				}
 			rr->top=top;

crypto/conf/Makefile.ssl

@@ -112,15 +112,14 @@ conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_lib.o: conf_lib.c
 conf_mall.o: ../../e_os.h ../../include/openssl/asn1.h
-conf_mall.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-conf_mall.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-conf_mall.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-conf_mall.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_mall.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+conf_mall.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+conf_mall.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
 conf_mall.o: ../../include/openssl/opensslconf.h
 conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -130,15 +129,14 @@ conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 conf_mall.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 conf_mall.o: ../cryptlib.h conf_mall.c
 conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h
-conf_mod.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-conf_mod.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-conf_mod.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_mod.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+conf_mod.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+conf_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
 conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -146,16 +144,14 @@ conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 conf_mod.o: ../cryptlib.h conf_mod.c
 conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h
-conf_sap.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-conf_sap.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-conf_sap.o: ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_sap.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+conf_sap.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+conf_sap.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

crypto/conf/conf.h

@@ -129,6 +129,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out);
 int CONF_dump_bio(LHASH *conf, BIO *out);
 
 void OPENSSL_config(const char *config_name);
+void OPENSSL_no_config(void);
 
 /* New conf code.  The semantics are different from the functions above.
    If that wasn't the case, the above functions would have been replaced */
@@ -141,10 +142,10 @@ struct conf_st
 	};
 
 CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default();
-CONF_METHOD *NCONF_WIN32();
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
 #if 0 /* Just to give you an idea of what I have in mind */
-CONF_METHOD *NCONF_XML();
+CONF_METHOD *NCONF_XML(void);
 #endif
 void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);
@@ -176,6 +177,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
 			   unsigned long flags);
 void CONF_modules_unload(int all);
 void CONF_modules_finish(void);
+void CONF_modules_free(void);
 int CONF_module_add(const char *name, conf_init_func *ifunc,
 		    conf_finish_func *ffunc);
 

crypto/conf/conf_lib.c

@@ -382,8 +382,9 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)
 	return conf->meth->dump(conf, out);
 	}
 
+
 /* This function should be avoided */
-#undef NCONF_get_number
+#if 0
 long NCONF_get_number(CONF *conf,char *group,char *name)
 	{
 	int status;
@@ -397,4 +398,4 @@ long NCONF_get_number(CONF *conf,char *group,char *name)
 		}
 	return ret;
 	}
-
+#endif

crypto/cryptlib.c

@@ -103,9 +103,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"dynlock",
 	"engine",
 	"ui",
-	"ecdsa",
-	"ec",
-#if CRYPTO_NUM_LOCKS != 33
+#if CRYPTO_NUM_LOCKS != 31
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};

crypto/crypto-lib.com

@@ -49,6 +49,7 @@ $!  P5, if defined, sets a TCP/IP library to use, through one of the following
 $!  keywords:
 $!
 $!	UCX		for UCX
+$!	TCPIP		for TCPIP (post UCX)
 $!	SOCKETSHR	for SOCKETSHR+NETLIB
 $!
 $!  P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
@@ -640,6 +641,7 @@ $   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
 $!
 $! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
 $!
+$   ON ERROR THEN GOTO NEXT_APPLICATION
 $   IF (RSAREF.EQS."TRUE")
 $   THEN
 $!
@@ -1358,7 +1360,8 @@ $   WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
-$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX"
+$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" -
+     .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE"
 $ THEN
 $!
 $!  Check to see if SOCKETSHR was chosen
@@ -1368,7 +1371,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -1394,19 +1397,45 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
 $     ENDIF
 $!
 $!    Done with UCX
 $!
 $   ENDIF
 $!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P5.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P5.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
 $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
@@ -1422,6 +1451,7 @@ $   WRITE SYS$OUTPUT "The Option ",P5," Is Invalid.  The Valid Options Are:"
 $   WRITE SYS$OUTPUT ""
 $   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
 $   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
 $   WRITE SYS$OUTPUT ""
 $!
 $!  Time To EXIT.

crypto/crypto.h

@@ -126,9 +126,7 @@ extern "C" {
 #define	CRYPTO_LOCK_DYNLOCK		28
 #define	CRYPTO_LOCK_ENGINE		29
 #define	CRYPTO_LOCK_UI			30
-#define CRYPTO_LOCK_ECDSA               31
-#define CRYPTO_LOCK_EC			32
-#define	CRYPTO_NUM_LOCKS		33
+#define	CRYPTO_NUM_LOCKS		31
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
@@ -235,7 +233,6 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 #define CRYPTO_EX_INDEX_ENGINE		9
 #define CRYPTO_EX_INDEX_X509		10
 #define CRYPTO_EX_INDEX_UI		11
-#define CRYPTO_EX_INDEX_ECDSA		12
 
 /* Dynamically assigned indexes start from this value (don't use directly, use
  * via CRYPTO_ex_data_new_class). */

crypto/des/Makefile.ssl

@@ -108,7 +108,6 @@ files:
 
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

crypto/des/des_old.h

@@ -366,7 +366,7 @@ int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule
 	_ossl_old_des_cblock *iv);
 char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
 char *_ossl_old_des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+#if !defined(PERL5) && !defined(NeXT)
 char *_ossl_old_crypt(const char *buf,const char *salt);
 #endif
 void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,

crypto/des/read_pwd.c

@@ -246,7 +246,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 	long status;
 	unsigned short channel = 0;
 #else
-#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
 	TTY_STRUCT tty_orig,tty_new;
 #endif
 #endif

crypto/dh/Makefile.ssl

@@ -112,12 +112,10 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h dh_gen.c
-dh_key.o: ../../e_os.h ../../include/openssl/asn1.h
-dh_key.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dh_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -125,12 +123,10 @@ dh_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 dh_key.o: ../cryptlib.h dh_key.c
-dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-dh_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dh_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
 dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

crypto/dsa/Makefile.ssl

@@ -121,54 +121,49 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_key.o: ../cryptlib.h dsa_key.c
 dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-dsa_lib.o: ../cryptlib.h dsa_lib.c
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
 dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_ossl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_ossl.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_ossl.o: ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 dsa_ossl.o: ../cryptlib.h dsa_ossl.c
 dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_sign.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 dsa_sign.o: ../cryptlib.h dsa_sign.c
 dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-dsa_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_vrf.o: ../cryptlib.h dsa_vrf.c

crypto/dso/dso_dlfcn.c

@@ -114,7 +114,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
  * as we don't have autoconf yet, I'm implementing a hack that could
  * be hacked further relatively easily to deal with cases as we find
  * them. Initially this is to cope with OpenBSD. */
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || defined(__NetBSD__)
 #	ifdef DL_LAZY
 #		define DLOPEN_FLAG DL_LAZY
 #	else

crypto/ec/Makefile.ssl

@@ -24,10 +24,10 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \
-	ec_err.c ec_curve.c ec_check.c
+	ec_err.c
 
 LIBOBJ=	ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \
-	ec_err.o ec_curve.o ec_check.o
+	ec_err.o
 
 SRC= $(LIBSRC)
 
@@ -82,22 +82,6 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-ec_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-ec_check.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ec_check.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-ec_check.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-ec_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ec_check.o: ec_check.c ec_lcl.h
-ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-ec_curve.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-ec_curve.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ec_curve.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-ec_curve.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ec_curve.o: ../../include/openssl/opensslconf.h
-ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h
 ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
 ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
 ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h

crypto/ec/ec.h

@@ -1,6 +1,6 @@
 /* crypto/ec/ec.h */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -107,9 +107,6 @@ void EC_GROUP_free(EC_GROUP *);
 void EC_GROUP_clear_free(EC_GROUP *);
 int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
 
-void EC_GROUP_set_nid(EC_GROUP *, int);
-int EC_GROUP_get_nid(const EC_GROUP *);
-
 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
 	
 
@@ -120,59 +117,14 @@ const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
 int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
 
-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-
-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
- * elliptic curve is not zero, 0 otherwise */
-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
-
 /* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp()
  * after choosing an appropriate EC_METHOD */
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 
-/* EC_GROUP_new_by_nid() and EC_GROUP_new_by_name() also set
- * generator and order */
-EC_GROUP *EC_GROUP_new_by_nid(int nid);
-EC_GROUP *EC_GROUP_new_by_name(int name);
-/* Currently valid arguments to EC_GROUP_new_by_name() */
-#define EC_GROUP_NO_CURVE		0
-#define EC_GROUP_NIST_PRIME_192		NID_X9_62_prime192v1
-#define EC_GROUP_NIST_PRIME_224		NID_secp224r1
-#define EC_GROUP_NIST_PRIME_256		NID_X9_62_prime256v1
-#define EC_GROUP_NIST_PRIME_384		NID_secp384r1
-#define EC_GROUP_NIST_PRIME_521		NID_secp521r1
-#define EC_GROUP_X9_62_PRIME_192V1	NID_X9_62_prime192v1
-#define EC_GROUP_X9_62_PRIME_192V2	NID_X9_62_prime192v2
-#define EC_GROUP_X9_62_PRIME_192V3	NID_X9_62_prime192v3
-#define EC_GROUP_X9_62_PRIME_239V1	NID_X9_62_prime239v1
-#define EC_GROUP_X9_62_PRIME_239V2	NID_X9_62_prime239v2
-#define EC_GROUP_X9_62_PRIME_239V3	NID_X9_62_prime239v3
-#define EC_GROUP_X9_62_PRIME_256V1	NID_X9_62_prime256v1
-#define EC_GROUP_SECG_PRIME_112R1	NID_secp112r1
-#define EC_GROUP_SECG_PRIME_112R2	NID_secp112r2
-#define EC_GROUP_SECG_PRIME_128R1	NID_secp128r1
-#define EC_GROUP_SECG_PRIME_128R2	NID_secp128r2
-#define EC_GROUP_SECG_PRIME_160K1	NID_secp160k1
-#define EC_GROUP_SECG_PRIME_160R1	NID_secp160r1
-#define EC_GROUP_SECG_PRIME_160R2	NID_secp160r2
-#define EC_GROUP_SECG_PRIME_192K1	NID_secp192k1
-#define EC_GROUP_SECG_PRIME_192R1	NID_X9_62_prime192v1
-#define EC_GROUP_SECG_PRIME_224K1	NID_secp224k1
-#define EC_GROUP_SECG_PRIME_224R1	NID_secp224r1
-#define EC_GROUP_SECG_PRIME_256K1	NID_secp256k1
-#define EC_GROUP_SECG_PRIME_256R1	NID_X9_62_prime256v1
-#define EC_GROUP_SECG_PRIME_384R1	NID_secp384r1
-#define EC_GROUP_SECG_PRIME_521R1	NID_secp521r1
-#define EC_GROUP_WTLS_6			NID_wap_wsg_idm_ecid_wtls6
-#define EC_GROUP_WTLS_7			NID_secp160r1
-#define EC_GROUP_WTLS_8			NID_wap_wsg_idm_ecid_wtls8
-#define EC_GROUP_WTLS_9			NID_wap_wsg_idm_ecid_wtls9
-#define EC_GROUP_WTLS_12		NID_secp224r1
+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
 
 EC_POINT *EC_POINT_new(const EC_GROUP *);
 void EC_POINT_free(EC_POINT *);
@@ -230,7 +182,6 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134
 #define EC_F_EC_GFP_MONT_FIELD_MUL			 131
 #define EC_F_EC_GFP_MONT_FIELD_SQR			 132
-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 152
 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100
 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101
 #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102
@@ -240,19 +191,13 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
 #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
 #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-#define EC_F_EC_GROUP_CHECK				 150
-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 153
 #define EC_F_EC_GROUP_COPY				 106
 #define EC_F_EC_GROUP_GET0_GENERATOR			 139
 #define EC_F_EC_GROUP_GET_COFACTOR			 140
 #define EC_F_EC_GROUP_GET_CURVE_GFP			 130
 #define EC_F_EC_GROUP_GET_EXTRA_DATA			 107
 #define EC_F_EC_GROUP_GET_ORDER				 141
-#define EC_F_EC_GROUP_GROUP2NID				 147
 #define EC_F_EC_GROUP_NEW				 108
-#define EC_F_EC_GROUP_NEW_BY_NAME			 144
-#define EC_F_EC_GROUP_NEW_BY_NID			 146
-#define EC_F_EC_GROUP_NEW_GFP_FROM_HEX			 148
 #define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
 #define EC_F_EC_GROUP_SET_CURVE_GFP			 109
 #define EC_F_EC_GROUP_SET_EXTRA_DATA			 110
@@ -279,7 +224,6 @@ void ERR_load_EC_strings(void);
 
 /* Reason codes. */
 #define EC_R_BUFFER_TOO_SMALL				 100
-#define EC_R_DISCRIMINANT_IS_ZERO			 118
 #define EC_R_INCOMPATIBLE_OBJECTS			 101
 #define EC_R_INVALID_ARGUMENT				 112
 #define EC_R_INVALID_COMPRESSED_POINT			 110
@@ -287,16 +231,12 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_ENCODING				 102
 #define EC_R_INVALID_FIELD				 103
 #define EC_R_INVALID_FORM				 104
-#define EC_R_INVALID_GROUP_ORDER			 119
 #define EC_R_NOT_INITIALIZED				 111
 #define EC_R_NO_SUCH_EXTRA_DATA				 105
 #define EC_R_POINT_AT_INFINITY				 106
 #define EC_R_POINT_IS_NOT_ON_CURVE			 107
 #define EC_R_SLOT_FULL					 108
 #define EC_R_UNDEFINED_GENERATOR			 113
-#define EC_R_UNDEFINED_ORDER				 122
-#define EC_R_UNKNOWN_GROUP				 116
-#define EC_R_UNKNOWN_NID				 117
 #define EC_R_UNKNOWN_ORDER				 114
 
 #ifdef  __cplusplus

crypto/ec/ec_check.c

@@ -1,122 +0,0 @@
-/* crypto/ec/ec_check.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ec_lcl.h"
-#include <openssl/err.h>
-
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *order;
-	BN_CTX *new_ctx = NULL;
-	EC_POINT *point = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	if ((order = BN_CTX_get(ctx)) == NULL) goto err;
-
-	/* check the discriminant */
-	if (!EC_GROUP_check_discriminant(group, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
-		goto err;
-		}
-
-	/* check the generator */
-	if (group->generator == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-
-	/* check the order of the generator */
-	if ((point = EC_POINT_new(group)) == NULL) goto err;
-	if (!EC_GROUP_get_order(group, order, ctx)) goto err; 
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
-		goto err;
-		}
-	
-	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err;
-	if (!EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-
-	ret = 1;
-
-err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (point)
-		EC_POINT_free(point);
-	return ret;
-	}

crypto/ec/ec_curve.c

@@ -1,362 +0,0 @@
-/* crypto/ec/ec_curve.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* #define _EC_GROUP_EXAMPLE_PRIME_CURVE	\
- *		"the prime number p", "a", "b", "the compressed base point", "y-bit", "order", "cofactor"
- */
-/* the nist prime curves */
-#define _EC_GROUP_NIST_PRIME_192	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\
-		"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",\
-		"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",1,\
-		"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1
-#define _EC_GROUP_NIST_PRIME_224	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",\
-		"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",\
-		"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",0,\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1
-#define _EC_GROUP_NIST_PRIME_384	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",\
-		"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",\
-		"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",1,\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",1
-#define _EC_GROUP_NIST_PRIME_521	\
-		"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",\
-		"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",\
-		"051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"\
-		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",\
-		"C6858E06B70404E9CD9E3ECB662395B4429C648139053F"\
-		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",0,\
-		"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\
-		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1
-/* the x9.62 prime curves (minus the nist prime curves) */
-#define _EC_GROUP_X9_62_PRIME_192V2	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\
-		"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",\
-		"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",1,\
-		"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1
-#define _EC_GROUP_X9_62_PRIME_192V3	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\
-		"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",\
-		"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",0,\
-		"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1
-#define _EC_GROUP_X9_62_PRIME_239V1	\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",\
-		"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",\
-		"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",0,\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1
-#define _EC_GROUP_X9_62_PRIME_239V2	\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",\
-		"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",\
-		"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",0,\
-		"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1
-#define _EC_GROUP_X9_62_PRIME_239V3	\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",\
-		"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",\
-		"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",1,\
-		"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1
-#define _EC_GROUP_X9_62_PRIME_256V1	\
-		"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",\
-		"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",\
-		"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",\
-		"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",1,\
-		"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1
-/* the secg prime curves (minus the nist and x9.62 prime curves) */
-#define _EC_GROUP_SECG_PRIME_112R1	\
-		"DB7C2ABF62E35E668076BEAD208B",\
-		"DB7C2ABF62E35E668076BEAD2088",\
-		"659EF8BA043916EEDE8911702B22",\
-		"09487239995A5EE76B55F9C2F098",0,\
-		"DB7C2ABF62E35E7628DFAC6561C5",1
-#define _EC_GROUP_SECG_PRIME_112R2	\
-		"DB7C2ABF62E35E668076BEAD208B",\
-		"6127C24C05F38A0AAAF65C0EF02C",\
-		"51DEF1815DB5ED74FCC34C85D709",\
-		"4BA30AB5E892B4E1649DD0928643",1,\
-		"36DF0AAFD8B8D7597CA10520D04B",4
-#define _EC_GROUP_SECG_PRIME_128R1	\
-		"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",\
-		"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",\
-		"E87579C11079F43DD824993C2CEE5ED3",\
-		"161FF7528B899B2D0C28607CA52C5B86",1,\
-		"FFFFFFFE0000000075A30D1B9038A115",1
-#define _EC_GROUP_SECG_PRIME_128R2	\
-		"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",\
-		"D6031998D1B3BBFEBF59CC9BBFF9AEE1",\
-		"5EEEFCA380D02919DC2C6558BB6D8A5D",\
-		"7B6AA5D85E572983E6FB32A7CDEBC140",0,\
-		"3FFFFFFF7FFFFFFFBE0024720613B5A3",4
-#define _EC_GROUP_SECG_PRIME_160K1	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",\
-		"0",\
-		"7",\
-		"3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",0,\
-		"0100000000000000000001B8FA16DFAB9ACA16B6B3",1
-#define _EC_GROUP_SECG_PRIME_160R1	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",\
-		"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",\
-		"4A96B5688EF573284664698968C38BB913CBFC82",0,\
-		"0100000000000000000001F4C8F927AED3CA752257",1
-#define _EC_GROUP_SECG_PRIME_160R2	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",\
-		"B4E134D3FB59EB8BAB57274904664D5AF50388BA",\
-		"52DCB034293A117E1F4FF11B30F7199D3144CE6D",0,\
-		"0100000000000000000000351EE786A818F3A1A16B",1
-#define _EC_GROUP_SECG_PRIME_192K1	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",\
-		"0",\
-		"3",\
-		"DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",1,\
-		"FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1
-#define _EC_GROUP_SECG_PRIME_224K1	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",\
-		"0",\
-		"5",\
-		"A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",1,\
-		"010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1
-#define _EC_GROUP_SECG_PRIME_256K1	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",\
-		"0",\
-		"7",\
-		"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",0,\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1
-/* some wap/wtls curves */
-#define _EC_GROUP_WTLS_6	\
-		"DB7C2ABF62E35E668076BEAD208B",\
-		"DB7C2ABF62E35E668076BEAD2088",\
-		"659EF8BA043916EEDE8911702B22",\
-		"09487239995A5EE76B55F9C2F098",0,\
-		"DB7C2ABF62E35E7628DFAC6561C5",1
-#define _EC_GROUP_WTLS_8	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFDE7",\
-		"0",\
-		"3",\
-		"1",0,\
-		"0100000000000001ECEA551AD837E9",1
-#define _EC_GROUP_WTLS_9	\
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",\
-		"0",\
-		"3",\
-		"1",0,\
-		"0100000000000000000001CDC98AE0E2DE574ABF33",1
-
-static EC_GROUP *ec_group_new_GFp_from_hex(const char *prime_in,
-	    const char *a_in, const char *b_in,
-	    const char *x_in, const int y_bit, const char *order_in, const BN_ULONG cofac_in)
-	{
-	EC_GROUP *group=NULL;
-	EC_POINT *P=NULL;
-	BN_CTX	 *ctx=NULL;
-	BIGNUM 	 *prime=NULL,*a=NULL,*b=NULL,*x=NULL,*order=NULL;
-	int	 ok=0;
-
-	if ((ctx = BN_CTX_new()) == NULL) goto bn_err;
-	if ((prime = BN_new()) == NULL || (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-		(x = BN_new()) == NULL || (order = BN_new()) == NULL) goto bn_err;
-	
-	if (!BN_hex2bn(&prime, prime_in)) goto bn_err;
-	if (!BN_hex2bn(&a, a_in)) goto bn_err;
-	if (!BN_hex2bn(&b, b_in)) goto bn_err;
-
-	if ((group = EC_GROUP_new_curve_GFp(prime, a, b, ctx)) == NULL) goto err;
-	if ((P = EC_POINT_new(group)) == NULL) goto err;
-	
-	if (!BN_hex2bn(&x, x_in)) goto bn_err;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, y_bit, ctx)) goto err;
-	if (!BN_hex2bn(&order, order_in)) goto bn_err;
-	if (!BN_set_word(x, cofac_in)) goto bn_err;
-	if (!EC_GROUP_set_generator(group, P, order, x)) goto err;
-	ok=1;
-bn_err:
-	if (!ok)
-		ECerr(EC_F_EC_GROUP_NEW_GFP_FROM_HEX, ERR_R_BN_LIB);
-err:
-	if (!ok)
-		{
-		EC_GROUP_free(group);
-		group = NULL;
-		}
-	if (P) 	   EC_POINT_free(P);
-	if (ctx)   BN_CTX_free(ctx);
-	if (prime) BN_free(prime);
-	if (a)     BN_free(a);
-	if (b)     BN_free(b);
-	if (order) BN_free(order);
-	if (x)     BN_free(x);
-	return(group);
-	}
-
-EC_GROUP *EC_GROUP_new_by_name(int name)
-	{
-	EC_GROUP *ret = NULL;
-	switch (name)
-		{
-	case EC_GROUP_NO_CURVE:
-		return NULL;
-	/* some nist curves */
-	case EC_GROUP_NIST_PRIME_224: /* EC_GROUP_NIST_PRIME_224 == EC_GROUP_SECG_PRIME_224R1 */
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_224);
-		break;
-
-	case EC_GROUP_NIST_PRIME_384: /* EC_GROUP_NIST_PRIME_384 == EC_GROUP_SECG_PRIME_384R1 */
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_384);
-		break;
-
-	case EC_GROUP_NIST_PRIME_521: /* EC_GROUP_NIST_PRIME_521 == EC_GROUP_SECG_PRIME_521R1 */
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_521);
-		break;
-	/* x9.62 prime curves */
-	case EC_GROUP_X9_62_PRIME_192V1: /* == EC_GROUP_NIST_PRIME_192 == EC_GROUP_SECG_PRIME_192R1 */
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_192);
-		break;
-
-	case EC_GROUP_X9_62_PRIME_192V2:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_192V2);
-		break;
-
-	case EC_GROUP_X9_62_PRIME_192V3:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_192V3);
-		break;
-
-	case EC_GROUP_X9_62_PRIME_239V1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V1);
-		break;
-
-	case EC_GROUP_X9_62_PRIME_239V2:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V2);
-		break;
-
-	case EC_GROUP_X9_62_PRIME_239V3:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V3);
-		break;
-
-	case EC_GROUP_X9_62_PRIME_256V1: /* == EC_GROUP_NIST_PRIME_256 == EC_GROUP_SECG_PRIME_256R1 */
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_256V1);
-		break;
-	/* the remaining secg curves */
-	case EC_GROUP_SECG_PRIME_112R1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_112R1);
-		break;
-	case EC_GROUP_SECG_PRIME_112R2:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_112R2);
-		break;
-	case EC_GROUP_SECG_PRIME_128R1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_128R1);
-		break;
-	case EC_GROUP_SECG_PRIME_128R2:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_128R2);
-		break;
-	case EC_GROUP_SECG_PRIME_160K1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_160K1);
-		break;
-	case EC_GROUP_SECG_PRIME_160R1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_160R1);
-		break;
-	case EC_GROUP_SECG_PRIME_160R2:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_160R2);
-		break;
-	case EC_GROUP_SECG_PRIME_192K1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_192K1);
-		break;
-	case EC_GROUP_SECG_PRIME_224K1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_224K1);
-		break;
-	case EC_GROUP_SECG_PRIME_256K1:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_256K1);
-		break;
-	/* some wap/wtls curves */
-	case EC_GROUP_WTLS_6:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_WTLS_6);
-		break;
-	case EC_GROUP_WTLS_8:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_WTLS_8);
-		break;
-	case EC_GROUP_WTLS_9:
-		ret = ec_group_new_GFp_from_hex(_EC_GROUP_WTLS_9);
-		break;
-
-		}
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_BY_NAME, EC_R_UNKNOWN_GROUP);
-		return NULL;
-		}
-	EC_GROUP_set_nid(ret, name);
-	return ret;
-	}
-
-
-EC_GROUP *EC_GROUP_new_by_nid(int nid)
-	{
-	return EC_GROUP_new_by_name(nid);
-	}

crypto/ec/ec_cvt.c

@@ -1,6 +1,6 @@
 /* crypto/ec/ec_cvt.c */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

crypto/ec/ec_err.c

@@ -1,6 +1,6 @@
 /* crypto/ec/ec_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -71,7 +71,6 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0),	"ec_GFp_mont_field_encode"},
 {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0),	"ec_GFp_mont_field_mul"},
 {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0),	"ec_GFp_mont_field_sqr"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,0),	"ec_GFp_simple_group_check_discriminant"},
 {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0),	"ec_GFp_simple_group_set_curve_GFp"},
 {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0),	"ec_GFp_simple_group_set_generator"},
 {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0),	"ec_GFp_simple_make_affine"},
@@ -81,19 +80,13 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0),	"ec_GFp_simple_point_get_affine_coordinates_GFp"},
 {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0),	"ec_GFp_simple_point_set_affine_coordinates_GFp"},
 {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0),	"ec_GFp_simple_set_compressed_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_CHECK,0),	"EC_GROUP_check"},
-{ERR_PACK(0,EC_F_EC_GROUP_CHECK_DISCRIMINANT,0),	"EC_GROUP_check_discriminant"},
 {ERR_PACK(0,EC_F_EC_GROUP_COPY,0),	"EC_GROUP_copy"},
 {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0),	"EC_GROUP_get0_generator"},
 {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0),	"EC_GROUP_get_cofactor"},
 {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0),	"EC_GROUP_get_curve_GFp"},
 {ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0),	"EC_GROUP_get_extra_data"},
 {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0),	"EC_GROUP_get_order"},
-{ERR_PACK(0,EC_F_EC_GROUP_GROUP2NID,0),	"EC_GROUP_GROUP2NID"},
 {ERR_PACK(0,EC_F_EC_GROUP_NEW,0),	"EC_GROUP_new"},
-{ERR_PACK(0,EC_F_EC_GROUP_NEW_BY_NAME,0),	"EC_GROUP_new_by_name"},
-{ERR_PACK(0,EC_F_EC_GROUP_NEW_BY_NID,0),	"EC_GROUP_new_by_nid"},
-{ERR_PACK(0,EC_F_EC_GROUP_NEW_GFP_FROM_HEX,0),	"EC_GROUP_NEW_GFP_FROM_HEX"},
 {ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0),	"EC_GROUP_precompute_mult"},
 {ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0),	"EC_GROUP_set_curve_GFp"},
 {ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0),	"EC_GROUP_set_extra_data"},
@@ -123,7 +116,6 @@ static ERR_STRING_DATA EC_str_functs[]=
 static ERR_STRING_DATA EC_str_reasons[]=
 	{
 {EC_R_BUFFER_TOO_SMALL                   ,"buffer too small"},
-{EC_R_DISCRIMINANT_IS_ZERO               ,"discriminant is zero"},
 {EC_R_INCOMPATIBLE_OBJECTS               ,"incompatible objects"},
 {EC_R_INVALID_ARGUMENT                   ,"invalid argument"},
 {EC_R_INVALID_COMPRESSED_POINT           ,"invalid compressed point"},
@@ -131,16 +123,12 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {EC_R_INVALID_ENCODING                   ,"invalid encoding"},
 {EC_R_INVALID_FIELD                      ,"invalid field"},
 {EC_R_INVALID_FORM                       ,"invalid form"},
-{EC_R_INVALID_GROUP_ORDER                ,"invalid group order"},
 {EC_R_NOT_INITIALIZED                    ,"not initialized"},
 {EC_R_NO_SUCH_EXTRA_DATA                 ,"no such extra data"},
 {EC_R_POINT_AT_INFINITY                  ,"point at infinity"},
 {EC_R_POINT_IS_NOT_ON_CURVE              ,"point is not on curve"},
 {EC_R_SLOT_FULL                          ,"slot full"},
 {EC_R_UNDEFINED_GENERATOR                ,"undefined generator"},
-{EC_R_UNDEFINED_ORDER                    ,"undefined order"},
-{EC_R_UNKNOWN_GROUP                      ,"unknown group"},
-{EC_R_UNKNOWN_NID                        ,"unknown nid"},
 {EC_R_UNKNOWN_ORDER                      ,"unknown order"},
 {0,NULL}
 	};

crypto/ec/ec_lcl.h

@@ -82,9 +82,6 @@ struct ec_method_st {
 	int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
 	int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
 
-	/* used by EC_GROUP_check: */
-	int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
-
 	/* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
 	int (*point_init)(EC_POINT *);
 	void (*point_finish)(EC_POINT *);
@@ -169,8 +166,6 @@ struct ec_group_st {
 	EC_POINT *generator; /* optional */
 	BIGNUM order, cofactor;
 
-	int nid;
-
 	void *field_data1; /* method-specific (e.g., Montgomery structure) */
 	void *field_data2; /* method-specific */
 } /* EC_GROUP */;
@@ -218,7 +213,6 @@ int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
 EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
 int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
 int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
 int ec_GFp_simple_point_init(EC_POINT *);
 void ec_GFp_simple_point_finish(EC_POINT *);
 void ec_GFp_simple_point_clear_finish(EC_POINT *);

crypto/ec/ec_lib.c

@@ -1,6 +1,6 @@
 /* crypto/ec/ec_lib.c */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -94,8 +94,6 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
 	ret->extra_data_free_func = 0;
 	ret->extra_data_clear_free_func = 0;
 	
-	ret->nid = 0;	
-
 	if (!meth->group_init(ret))
 		{
 		OPENSSL_free(ret);
@@ -108,6 +106,8 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
 
 void EC_GROUP_free(EC_GROUP *group)
 	{
+	if (!group) return;
+
 	if (group->meth->group_finish != 0)
 		group->meth->group_finish(group);
 
@@ -119,6 +119,8 @@ void EC_GROUP_free(EC_GROUP *group)
 
 void EC_GROUP_clear_free(EC_GROUP *group)
 	{
+	if (!group) return;
+
 	if (group->meth->group_clear_finish != 0)
 		group->meth->group_clear_finish(group);
 	else if (group->meth != NULL && group->meth->group_finish != 0)
@@ -237,29 +239,6 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
 	}
 
 
-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	if (group->meth->group_check_discriminant == 0)
-		{
-		ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_check_discriminant(group, ctx);
-	}
-
-
-void EC_GROUP_set_nid(EC_GROUP *group, int nid)
-	{
-	group->nid = nid;
-	}
-
-
-int EC_GROUP_get_nid(const EC_GROUP *group)
-	{
-	return group->nid;
-	}
-
-
 /* this has 'package' visibility */
 int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
 	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
@@ -323,6 +302,7 @@ void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
 	}
 
 
+
 /* functions for EC_POINT objects */
 
 EC_POINT *EC_POINT_new(const EC_GROUP *group)
@@ -361,6 +341,8 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
 
 void EC_POINT_free(EC_POINT *point)
 	{
+	if (!point) return;
+
 	if (point->meth->point_finish != 0)
 		point->meth->point_finish(point);
 	OPENSSL_free(point);
@@ -369,6 +351,8 @@ void EC_POINT_free(EC_POINT *point)
 
 void EC_POINT_clear_free(EC_POINT *point)
 	{
+	if (!point) return;
+
 	if (point->meth->point_clear_finish != 0)
 		point->meth->point_clear_finish(point);
 	else if (point->meth != NULL && point->meth->point_finish != 0)

crypto/ec/ecp_mont.c

@@ -71,7 +71,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
 		ec_GFp_simple_group_get0_generator,
 		ec_GFp_simple_group_get_order,
 		ec_GFp_simple_group_get_cofactor,
-		ec_GFp_simple_group_check_discriminant,
 		ec_GFp_simple_point_init,
 		ec_GFp_simple_point_finish,
 		ec_GFp_simple_point_clear_finish,

crypto/ec/ecp_nist.c

@@ -69,7 +69,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
 		ec_GFp_simple_group_get0_generator,
 		ec_GFp_simple_group_get_order,
 		ec_GFp_simple_group_get_cofactor,
-		ec_GFp_simple_group_check_discriminant,
 		ec_GFp_simple_point_init,
 		ec_GFp_simple_point_finish,
 		ec_GFp_simple_point_clear_finish,

crypto/ec/ecp_recp.c

@@ -69,7 +69,6 @@ const EC_METHOD *EC_GFp_recp_method(void)
 		ec_GFp_simple_group_get0_generator,
 		ec_GFp_simple_group_get_order,
 		ec_GFp_simple_group_get_cofactor,
-		ec_GFp_simple_group_check_discriminant,
 		ec_GFp_simple_point_init,
 		ec_GFp_simple_point_finish,
 		ec_GFp_simple_point_clear_finish,

crypto/ec/ecp_smpl.c

@@ -2,7 +2,7 @@
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project. */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -73,7 +73,6 @@ const EC_METHOD *EC_GFp_simple_method(void)
 		ec_GFp_simple_group_get0_generator,
 		ec_GFp_simple_group_get_order,
 		ec_GFp_simple_group_get_cofactor,
-		ec_GFp_simple_group_check_discriminant,
 		ec_GFp_simple_point_init,
 		ec_GFp_simple_point_finish,
 		ec_GFp_simple_point_clear_finish,
@@ -339,72 +338,6 @@ int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN
 	}
 
 
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *a,*b,*order,*tmp_1,*tmp_2;
-	const BIGNUM *p = &group->field;
-	BN_CTX *new_ctx = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	tmp_1 = BN_CTX_get(ctx);
-	tmp_2 = BN_CTX_get(ctx);
-	order = BN_CTX_get(ctx);
-	if (order == NULL) goto err;
-
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
-		if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_copy(a, &group->a)) goto err;
-		if (!BN_copy(b, &group->b)) goto err;
-		}
-	
-	/* check the discriminant:
-	 * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) 
-         * 0 =< a, b < p */
-	if (BN_is_zero(a))
-		{
-		if (BN_is_zero(b)) goto err;
-		}
-	else if (!BN_is_zero(b))
-		{
-		if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;
-		if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;
-		if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;
-		/* tmp_1 = 4*a^3 */
-
-		if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;
-		if (!BN_mul_word(tmp_2, 27)) goto err;
-		/* tmp_2 = 27*b^2 */
-
-		if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;
-		if (BN_is_zero(a)) goto err;
-		}
-	ret = 1;
-
-err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
 int ec_GFp_simple_point_init(EC_POINT *point)
 	{
 	BN_init(&point->X);

crypto/ec/ectest.c

@@ -75,8 +75,8 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
 	exit(1); \
 } while (0)
 
-
-void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
+#if 0
+static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
 	{
 	clock_t clck;
 	int i, j;
@@ -138,7 +138,7 @@ void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
 	BN_free(s);
 	BN_free(s0);
 	}
-
+#endif
 
 int main(int argc, char *argv[])
 	{	

crypto/ecdsa/.cvsignore

@@ -1,2 +0,0 @@
-lib
-Makefile.save

crypto/ecdsa/Makefile.ssl

@@ -1,163 +0,0 @@
-#
-# crypto/ecdsa/Makefile
-#
-
-DIR=	ecdsa
-TOP=	../..
-CC=	cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g -Wall
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=ecdsatest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=	ecs_lib.c ecs_gen.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c \
-	ecs_key.c ecs_err.c 
-
-LIBOBJ=	ecs_lib.o ecs_gen.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o \
-	ecs_key.o ecs_err.o 
-
-SRC= $(LIBSRC)
-
-EXHEADER= ecdsa.h
-HEADER=	ecs_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-ecs_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ecs_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ecs_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ecs_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h ecdsa.h ecs_asn1.c
-ecs_asn1.o: ecs_locl.h
-ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-ecs_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ecs_err.o: ecs_err.c
-ecs_gen.o: ecs_gen.c
-ecs_key.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_key.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ecs_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ecs_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-ecs_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecs_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-ecs_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ecs_key.o: ../cryptlib.h ecs_key.c
-ecs_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-ecs_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecs_lib.o: ../cryptlib.h ecdsa.h ecs_lib.c ecs_locl.h
-ecs_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_ossl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ecs_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_ossl.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-ecs_ossl.o: ../../include/openssl/opensslconf.h
-ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h ecs_ossl.c
-ecs_sign.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_sign.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-ecs_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecs_sign.o: ../cryptlib.h ecs_sign.c
-ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-ecs_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecs_vrf.o: ecs_vrf.c

crypto/ecdsa/ecdsa.h

@@ -1,282 +0,0 @@
-/* crypto/ecdsa/ecdsa.h */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDSA_H
-#define HEADER_ECDSA_H
-
-#ifdef OPENSSL_NO_ECDSA
-#error ECDSA is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ecdsa_st ECDSA;
-
-typedef struct ECDSA_SIG_st
-{
-	BIGNUM *r;
-	BIGNUM *s;
-} ECDSA_SIG;
-
-typedef struct ecdsa_method 
-{
-	const char *name;
-	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa);
-	int (*ecdsa_sign_setup)(ECDSA *ecdsa, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r);
-	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECDSA *ecdsa);
-	int (*init)(ECDSA *ecdsa);
-	int (*finish)(ECDSA *ecdsa);
-	int flags;
-	char *app_data;
-} ECDSA_METHOD;
-
-#define ECDSA_FLAG_NAMED_CURVE	1
-#define ECDSA_FLAG_IMPLICITLYCA	2
-
-struct ecdsa_st
-{
-	int version;
-	point_conversion_form_t conversion_form;
-
-	EC_GROUP *group;
-
-	EC_POINT *pub_key;
-	BIGNUM	 *priv_key;
-
-	BIGNUM	 *kinv; /* signing pre-calc */
-	BIGNUM	 *r;	/* signing pre-calc */
-
-	unsigned char *seed;	/* seed for curve generation */
-	unsigned int  seed_len; 
-
-	int	parameter_flags;
-
-	int 	references;
-	int	flags;
-	CRYPTO_EX_DATA ex_data;
-	const ECDSA_METHOD *meth;
-	struct engine_st *engine;
-};
-
-ECDSA_SIG *ECDSA_SIG_new(void);
-void	  ECDSA_SIG_free(ECDSA_SIG *a);
-int	  i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long length);
-
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa);
-int	  ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECDSA* ecdsa);
-int 	  ECDSA_generate_key(ECDSA *ecdsa);
-int	  ECDSA_check_key(ECDSA *ecdsa);
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void);
-
-void	  ECDSA_set_default_method(const ECDSA_METHOD *);
-const ECDSA_METHOD *ECDSA_get_default_method(void);
-int 	  ECDSA_set_method(ECDSA *, const ECDSA_METHOD *);
-
-ECDSA	  *ECDSA_new(void);
-ECDSA	  *ECDSA_new_method(ENGINE *engine);
-int	  ECDSA_size(const ECDSA *);
-int 	  ECDSA_sign_setup(ECDSA *ecdsa, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
-int	  ECDSA_sign(int type, const unsigned char *dgst, int dgst_len, unsigned char *sig, 
-		     unsigned int *siglen, ECDSA *ecdsa);
-int 	  ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sig,
-		       int sig_len, ECDSA *ecdsa);
-int	  ECDSA_up_ref(ECDSA *ecdsa);
-void	  ECDSA_free(ECDSA *a);
-int 	  ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     			 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int 	  ECDSA_set_ex_data(ECDSA *d, int idx, void *arg);
-void 	  *ECDSA_get_ex_data(ECDSA *d, int idx);
-
-#ifndef OPENSSL_NO_BIO
-int	ECDSAParameters_print(BIO *bp, const ECDSA *x);
-int	ECDSA_print(BIO *bp, const ECDSA *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int	ECDSAParameters_print_fp(FILE *fp, const ECDSA *x);
-int	ECDSA_print_fp(FILE *fp, const ECDSA *x, int off);
-#endif 
-
-void 	ECDSA_set_parameter_flags(ECDSA *, int);
-int	ECDSA_get_parameter_flags(const ECDSA*);
-
-/* The ECDSA_{set|get}_conversion_type() functions set/get the
- * conversion form for ec-points (see ec.h) in a ECDSA-structure */
-void	ECDSA_set_conversion_form(ECDSA *, const point_conversion_form_t);
-point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *);
-/* The ECDSA_{set|get}_default_conversion_form() functions set/get the 
- * default conversion form */
-void	ECDSA_set_default_conversion_form(const point_conversion_form_t);
-point_conversion_form_t ECDSA_get_default_conversion_form(void);
-
-/* the basic de- and encode functions ( see ecs_asn1.c ) */
-ECDSA   *d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len);
-int     i2d_ECDSAParameters(ECDSA *a, unsigned char **out);
-
-ECDSA   *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len);
-int     i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out);
-
-/* ECDSAPublicKey_set_octet_string() sets the public key in the ECDSA-structure.
- * (*a) must be a pointer to a ECDSA-structure with (*a)->group not zero 
- * (e.g. a ECDSA-structure with a valid EC_GROUP-structure) */
-ECDSA 	*ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len);
-/* ECDSAPublicKey_get_octet_string() returns the length of the octet string encoding
- * of the public key. If out != NULL then the function returns in *out 
- * a pointer to the octet string */
-int 	ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out);
-
-
-#define ECDSAParameters_dup(x) (ECDSA *)ASN1_dup((int (*)())i2d_ECDSAParameters, \
-		(char *(*)())d2i_ECDSAParameters,(char *)(x))
-#define d2i_ECDSAParameters_fp(fp,x) (ECDSA *)ASN1_d2i_fp((char *(*)())ECDSA_new, \
-		(char *(*)())d2i_ECDSAParameters,(fp),(unsigned char **)(x))
-#define i2d_ECDSAParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECDSAParameters,(fp), \
-		(unsigned char *)(x))
-#define d2i_ECDSAParameters_bio(bp,x) (ECDSA *)ASN1_d2i_bio((char *(*)())ECDSA_new, \
-		(char *(*)())d2i_ECDSAParameters,(bp),(unsigned char **)(x))
-#define i2d_ECDSAParameters_bio(bp,x) ASN1_i2d_bio(i2d_ECDSAParameters,(bp), \
-		(unsigned char *)(x))
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDSA_strings(void);
-
-/* Error codes for the ECDSA functions. */
-
-/* Function codes. */
-#define ECDSA_F_D2I_ECDSAPARAMETERS			 100
-#define ECDSA_F_D2I_ECDSAPRIVATEKEY			 101
-#define ECDSA_F_ECDSAPARAMETERS_PRINT			 102
-#define ECDSA_F_ECDSAPARAMETERS_PRINT_FP		 103
-#define ECDSA_F_ECDSA_DO_SIGN				 104
-#define ECDSA_F_ECDSA_DO_VERIFY				 105
-#define ECDSA_F_ECDSA_GENERATE_KEY			 106
-#define ECDSA_F_ECDSA_GET				 107
-#define ECDSA_F_ECDSA_GET_CURVE_NID			 120
-#define ECDSA_F_ECDSA_GET_ECDSA				 121
-#define ECDSA_F_ECDSA_GET_EC_PARAMETERS			 122
-#define ECDSA_F_ECDSA_GET_X9_62_CURVE			 108
-#define ECDSA_F_ECDSA_GET_X9_62_EC_PARAMETERS		 109
-#define ECDSA_F_ECDSA_GET_X9_62_FIELDID			 110
-#define ECDSA_F_ECDSA_NEW				 111
-#define ECDSA_F_ECDSA_PRINT				 112
-#define ECDSA_F_ECDSA_PRINT_FP				 113
-#define ECDSA_F_ECDSA_SET_GROUP_P			 114
-#define ECDSA_F_ECDSA_SET_PRIME_GROUP			 123
-#define ECDSA_F_ECDSA_SIGN_SETUP			 115
-#define ECDSA_F_I2D_ECDSAPARAMETERS			 116
-#define ECDSA_F_I2D_ECDSAPRIVATEKEY			 117
-#define ECDSA_F_I2D_ECDSAPUBLICKEY			 118
-#define ECDSA_F_SIG_CB					 119
-
-/* Reason codes. */
-#define ECDSA_R_BAD_SIGNATURE				 100
-#define ECDSA_R_CAN_NOT_GET_GENERATOR			 101
-#define ECDSA_R_D2I_ECDSAPRIVATEKEY_MISSING_PRIVATE_KEY	 102
-#define ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE		 103
-#define ECDSA_R_D2I_EC_PARAMETERS_FAILURE		 133
-#define ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE		 104
-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 105
-#define ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE		 106
-#define ECDSA_R_ECDSA_F_ECDSA_NEW			 107
-#define ECDSA_R_ECDSA_GET_EC_PARAMETERS_FAILURE		 134
-#define ECDSA_R_ECDSA_GET_FAILURE			 108
-#define ECDSA_R_ECDSA_GET_X9_62_CURVE_FAILURE		 109
-#define ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE	 110
-#define ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE		 111
-#define ECDSA_R_ECDSA_NEW_FAILURE			 112
-#define ECDSA_R_ECDSA_R_D2I_EC_PARAMETERS_FAILURE	 135
-#define ECDSA_R_ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE	 113
-#define ECDSA_R_ECPARAMETERS2ECDSA_FAILURE		 138
-#define ECDSA_R_EC_GROUP_NID2CURVE_FAILURE		 136
-#define ECDSA_R_ERR_EC_LIB				 114
-#define ECDSA_R_I2D_ECDSA_PRIVATEKEY			 115
-#define ECDSA_R_I2D_ECDSA_PUBLICKEY			 116
-#define ECDSA_R_MISSING_PARAMETERS			 117
-#define ECDSA_R_NOT_SUPPORTED				 118
-#define ECDSA_R_NO_CURVE_PARAMETER_A_SPECIFIED		 119
-#define ECDSA_R_NO_CURVE_PARAMETER_B_SPECIFIED		 120
-#define ECDSA_R_NO_CURVE_SPECIFIED			 121
-#define ECDSA_R_NO_FIELD_SPECIFIED			 122
-#define ECDSA_R_PRIME_MISSING				 123
-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 124
-#define ECDSA_R_SIGNATURE_MALLOC_FAILED			 125
-#define ECDSA_R_UNEXPECTED_ASN1_TYPE			 126
-#define ECDSA_R_UNEXPECTED_PARAMETER			 127
-#define ECDSA_R_UNEXPECTED_PARAMETER_LENGTH		 128
-#define ECDSA_R_UNEXPECTED_VERSION_NUMER		 129
-#define ECDSA_R_UNKNOWN_PARAMETERS_TYPE			 137
-#define ECDSA_R_WRONG_FIELD_IDENTIFIER			 130
-#define ECDSA_R_X9_62_CURVE_NEW_FAILURE			 131
-#define ECDSA_R_X9_62_EC_PARAMETERS_NEW_FAILURE		 132
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

crypto/ecdsa/ecdsatest.c

@@ -1,684 +0,0 @@
-/* crypto/ecdsa/ecdsatest.c */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#ifdef CLOCKS_PER_SEC
-	/* "To determine the time in seconds, the value returned
-	 * by the clock function should be divided by the value
-	 * of the macro CLOCKS_PER_SEC."
-	 *                                       -- ISO/IEC 9899 */
-#	define UNIT "s"
-#else
-	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
-	 *                            -- cc on NeXTstep/OpenStep */
-#	define UNIT "units"
-#	define CLOCKS_PER_SEC 1
-#endif
-
-#ifdef OPENSSL_NO_ECDSA
-int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/ecdsa.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
-
-static BIO *bio_err=NULL;
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-#define	ECDSA_NIST_TESTS	10
-ECDSA_SIG*	signatures[ECDSA_NIST_TESTS];
-unsigned char	digest[ECDSA_NIST_TESTS][20];
-
-void clear_ecdsa(ECDSA *ecdsa)
-{
-	if (!ecdsa)
-		return;
-	if (ecdsa->group)
-	{
-		EC_GROUP_free(ecdsa->group);
-		ecdsa->group = NULL;
-	}
-	if (ecdsa->pub_key)
-	{
-		EC_POINT_free(ecdsa->pub_key);
-		ecdsa->pub_key = NULL;
-	}
-	if (ecdsa->priv_key)
-	{
-		BN_free(ecdsa->priv_key);
-		ecdsa->priv_key = NULL;
-	}
-}
-
-int set_p192_param(ECDSA *ecdsa)
-{
-	BN_CTX	 *ctx=NULL;
-	int 	 ret=0;
-
-	if (!ecdsa)
-		return 0;
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-	clear_ecdsa(ecdsa);
-	
-	if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_192V1)) == NULL)
-	{
-		BIO_printf(bio_err,"ECDSA_SET_GROUP_P_192_V1() failed \n");
-		goto err;
-	}
-	if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL)
-	{
-		BIO_printf(bio_err,"EC_POINT_new failed \n");
-		goto err;
-	}
-
-	if (!BN_dec2bn(&(ecdsa->priv_key), "651056770906015076056810763456358567190100156695615665659"))	goto err;
-	if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx))
-	{
-		BIO_printf(bio_err,"EC_POINT_mul() failed \n");
-		goto err;
-	}
-	ret = 1;
-
-err :	if (ctx)	BN_CTX_free(ctx);
-	return ret;
-}
-
-int set_p239_param(ECDSA *ecdsa)
-{
-	BN_CTX	 *ctx=NULL;
-	int 	 ret=0;
-
-	if (!ecdsa)
-		return 0;
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-	clear_ecdsa(ecdsa);
-	
-	if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_239V1)) == NULL)
-	{
-		BIO_printf(bio_err,"ECDSA_SET_GROUP_P_239_V1() failed \n");
-		goto err;
-	}
-	if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL)
-	{
-		BIO_printf(bio_err,"EC_POINT_new failed \n");
-		goto err;
-	}
-
-	if (!BN_dec2bn(&(ecdsa->priv_key), "876300101507107567501066130761671078357010671067781776716671676178726717"))	goto err;
-	if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx))
-	{
-		BIO_printf(bio_err,"EC_POINT_mul() failed \n");
-		goto err;
-	}
-	ret = 1;
-
-err :	if (ctx)	BN_CTX_free(ctx);
-	return ret;
-}
-
-int test_sig_vrf(ECDSA *ecdsa, const unsigned char* dgst)
-{
-        int       ret=0,type=0;
-        unsigned char *buffer=NULL;
-        unsigned int  buf_len;
-        clock_t  tim;
- 
-        if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key)
-                return 0;
-        if ((buf_len = ECDSA_size(ecdsa)) == 0)
-        {
-                BIO_printf(bio_err, "ECDSA_size() == 0 \n");
-                goto err;
-        }
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                goto err;
- 
-        tim = clock();
-        if (!ECDSA_sign(type, dgst , 20, buffer, &buf_len, ecdsa))
-        {
-                BIO_printf(bio_err, "ECDSA_sign() FAILED \n");
-                goto err;
-        }
-        tim = clock() - tim;
-        BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)tim/(CLOCKS_PER_SEC));
- 
-        tim = clock();
-        ret = ECDSA_verify(type, dgst, 20, buffer, buf_len, ecdsa);
-        if (ret != 1)
-        {
-                BIO_printf(bio_err, "ECDSA_verify() FAILED \n");
-                goto err;
-        }
-        tim = clock() - tim;
-        BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)tim/(CLOCKS_PER_SEC));
- 
-err:    OPENSSL_free(buffer);
-        return(ret == 1);
-}
-
-int test_x962_sig_vrf(ECDSA *ecdsa, const unsigned char *dgst,
-                           const char *k_in, const char *r_in, const char *s_in)
-{
-        int       ret=0;
-        ECDSA_SIG *sig=NULL;
-        EC_POINT  *point=NULL;
-        BIGNUM    *r=NULL,*s=NULL,*k=NULL,*x=NULL,*y=NULL,*m=NULL,*ord=NULL;
-        BN_CTX    *ctx=NULL;
-        char      *tmp_char=NULL;
- 
-        if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key)
-                return 0;
-        if ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err;
-        if ((r = BN_new()) == NULL || (s = BN_new()) == NULL || (k = BN_new()) == NULL ||
-            (x = BN_new()) == NULL || (y = BN_new()) == NULL || (m = BN_new()) == NULL ||
-            (ord = BN_new()) == NULL) goto err;
-        if ((ctx = BN_CTX_new()) == NULL) goto err;
-        if (!BN_bin2bn(dgst, 20, m)) goto err;
-        if (!BN_dec2bn(&k, k_in)) goto err;
-        if (!EC_POINT_mul(ecdsa->group, point, k, NULL, NULL, ctx)) goto err;
-        if (!EC_POINT_get_affine_coordinates_GFp(ecdsa->group, point, x, y, ctx)) goto err;
-        if (!EC_GROUP_get_order(ecdsa->group, ord, ctx)) goto err;
-        if ((ecdsa->r = BN_dup(x)) == NULL) goto err;
-        if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL) goto err;
- 
-        if ((sig = ECDSA_do_sign(dgst, 20, ecdsa)) == NULL)
-        {
-                BIO_printf(bio_err,"ECDSA_do_sign() failed \n");
-                goto err;
-        }
- 
-        if (!BN_dec2bn(&r, r_in)) goto err;
-        if (!BN_dec2bn(&s, s_in)) goto err;
-        if (BN_cmp(sig->r,r) != 0 || BN_cmp(sig->s,s) != 0)
-        {
-                tmp_char = OPENSSL_malloc(128);
-                if (tmp_char == NULL) goto err;
-                tmp_char = BN_bn2dec(sig->r);
-                BIO_printf(bio_err,"unexpected signature \n");
-                BIO_printf(bio_err,"sig->r = %s\n",tmp_char);
-                tmp_char = BN_bn2dec(sig->s);
-                BIO_printf(bio_err,"sig->s = %s\n",tmp_char);
-                goto err;
-        }
-	        ret = ECDSA_do_verify(dgst, 20, sig, ecdsa);
-        if (ret != 1)
-        {
-                BIO_printf(bio_err,"ECDSA_do_verify : signature verification failed \n");
-                goto err;
-        }
- 
-        ret = 1;
-err :   if (r)    BN_free(r);
-        if (s)    BN_free(s);
-        if (k)    BN_free(k);
-        if (x)    BN_free(x);
-        if (y)    BN_free(y);
-	if (m)	  BN_free(m);
-        if (ord)  BN_free(ord);
-        if (sig)  ECDSA_SIG_free(sig);
-        if (ctx)  BN_CTX_free(ctx);
-        if (point) EC_POINT_free(point);
-        if (tmp_char) OPENSSL_free(tmp_char);
-        return(ret == 1);
-}
-
-int ecdsa_cmp(const ECDSA *a, const ECDSA *b)
-{
-	int 	ret=1;
-	BN_CTX	*ctx=NULL;
-	BIGNUM	*tmp_a1=NULL, *tmp_a2=NULL, *tmp_a3=NULL;
-	BIGNUM	*tmp_b1=NULL, *tmp_b2=NULL, *tmp_b3=NULL;
-
-	if ((ctx = BN_CTX_new()) == NULL) return 1;
-	if ((tmp_a1 = BN_new()) == NULL || (tmp_a2 = BN_new()) == NULL || (tmp_a3 = BN_new()) == NULL) goto err;
-	if ((tmp_b1 = BN_new()) == NULL || (tmp_b2 = BN_new()) == NULL || (tmp_b3 = BN_new()) == NULL) goto err;
-
-	if (a->pub_key && b->pub_key)
-		if (EC_POINT_cmp(a->group, a->pub_key, b->pub_key, ctx) != 0) goto err;
-	if (a->priv_key && b->priv_key)
-		if (BN_cmp(a->priv_key, b->priv_key) != 0) goto err;
-	if (!EC_GROUP_get_curve_GFp(a->group, tmp_a1, tmp_a2, tmp_a3, ctx)) goto err;
-	if (!EC_GROUP_get_curve_GFp(a->group, tmp_b1, tmp_b2, tmp_b3, ctx)) goto err;
-	if (BN_cmp(tmp_a1, tmp_b1) != 0) goto err;
-	if (BN_cmp(tmp_a2, tmp_b2) != 0) goto err;
-	if (BN_cmp(tmp_a3, tmp_b3) != 0) goto err;
-
-	ret = 0;
-err:	if (tmp_a1) BN_free(tmp_a1);
-	if (tmp_a2) BN_free(tmp_a2);
-	if (tmp_a3) BN_free(tmp_a3);
-	if (tmp_b1) BN_free(tmp_b1);
-	if (tmp_b2) BN_free(tmp_b2);
-	if (tmp_b3) BN_free(tmp_b3);
-	if (ctx) BN_CTX_free(ctx);
-	return(ret);
-}
-
-int main(void)
-{
-	ECDSA	 	*ecdsa=NULL, *ret_ecdsa=NULL;
-	BIGNUM	 	*d=NULL;
-	X509_PUBKEY 	*x509_pubkey=NULL;
-	PKCS8_PRIV_KEY_INFO *pkcs8=NULL;
-	EVP_PKEY 	*pkey=NULL, *ret_pkey=NULL;
-	int 	 	dgst_len=0;
-	unsigned char 	*dgst=NULL;
-	int 	 	ret = 0, i=0;
-	clock_t		tim;
-	unsigned char 	*buffer=NULL;
-	unsigned char   *pp;
-	long		buf_len=0;
-	double		tim_d;
-	EVP_MD_CTX	*md_ctx=NULL;
-	
-	/* enable memory leak checking unless explicitly disabled */
-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
-		{
-		CRYPTO_malloc_debug_init();
-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-		}
-	else
-		{
-		/* OPENSSL_DEBUG_MEMORY=off */
-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-		}
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
-	RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-	if ((ecdsa = ECDSA_new()) == NULL)   goto err;
-
-	set_p192_param(ecdsa);
-	ECDSA_print(bio_err, ecdsa, 0);
-
-	/* en- decode tests */
-
-	/* i2d_ - d2i_ECDSAParameters() */
-	BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAParameters \n");
-	buf_len = i2d_ECDSAParameters(ecdsa, NULL);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
-	pp = buffer;
-	if (!i2d_ECDSAParameters(ecdsa, &pp)) goto err;
-	pp = buffer;
-	if ((ret_ecdsa = d2i_ECDSAParameters(&ret_ecdsa, (const unsigned char **)&pp, 
-			buf_len)) == NULL) goto err;
-	ECDSAParameters_print(bio_err, ret_ecdsa);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
-	OPENSSL_free(buffer);
-	buffer = NULL;
-	ECDSA_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-
-	/* i2d_ - d2i_ECDSAPrivateKey() */
-	BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPrivateKey \n");
-	buf_len = i2d_ECDSAPrivateKey(ecdsa, NULL);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
-	pp = buffer;
-	if (!i2d_ECDSAPrivateKey(ecdsa, &pp)) goto err;
-	pp = buffer;
-	if ((ret_ecdsa = d2i_ECDSAPrivateKey(&ret_ecdsa, (const unsigned char**)&pp, 
-			buf_len)) == NULL) goto err;
-	ECDSA_print(bio_err, ret_ecdsa, 0);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
-	ECDSA_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-	OPENSSL_free(buffer);
-	buffer = NULL;
-
-	/* X509_PUBKEY_set() &  X509_PUBKEY_get() */	
-
-	BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set}            : ");
-	if ((pkey = EVP_PKEY_new()) == NULL) goto err;
-	EVP_PKEY_assign_ECDSA(pkey, ecdsa);
-	if ((x509_pubkey = X509_PUBKEY_new()) == NULL) goto err;
-	if (!X509_PUBKEY_set(&x509_pubkey, pkey)) goto err;
-
-	if ((ret_pkey = X509_PUBKEY_get(x509_pubkey)) == NULL) goto err;
-	ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey);
-	EVP_PKEY_free(ret_pkey);
-	ret_pkey = NULL;
-
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) 
-	{
-		BIO_printf(bio_err, "TEST FAILED \n");
-		goto err;
-	}
-	else BIO_printf(bio_err, "TEST OK \n");
-	X509_PUBKEY_free(x509_pubkey);
-	x509_pubkey = NULL;
-	ECDSA_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-
-	/* Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY */
-	BIO_printf(bio_err, "Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY : \n");
-	BIO_printf(bio_err, "PKCS8_OK              : ");
-	if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK)) == NULL) goto err;
-	if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err;
-	ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa))
-	{
-		BIO_printf(bio_err, "TEST FAILED \n");
-		goto err;
-	}
-	else BIO_printf(bio_err, "TEST OK \n");
-	EVP_PKEY_free(ret_pkey);
-	ret_pkey = NULL;
-	ECDSA_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-	PKCS8_PRIV_KEY_INFO_free(pkcs8);
-	BIO_printf(bio_err, "PKCS8_NO_OCTET        : ");
-        if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NO_OCTET)) == NULL) goto err;
-        if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err;
-        ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey);
-        if (ecdsa_cmp(ecdsa, ret_ecdsa))
-        {
-                BIO_printf(bio_err, "TEST FAILED \n");
-                goto err;
-        }
-        else BIO_printf(bio_err, "TEST OK \n");
-        EVP_PKEY_free(ret_pkey);
-        ret_pkey = NULL;
-        ECDSA_free(ret_ecdsa);
-        ret_ecdsa = NULL;
-	PKCS8_PRIV_KEY_INFO_free(pkcs8);
-	BIO_printf(bio_err, "PKCS8_EMBEDDED_PARAM  : ");
-        if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_EMBEDDED_PARAM)) == NULL) goto err;
-        if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err;
-        ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey);
-        if (ecdsa_cmp(ecdsa, ret_ecdsa))
-        {
-                BIO_printf(bio_err, "TEST FAILED \n");
-                goto err;
-        }
-        else BIO_printf(bio_err, "TEST OK \n");
-        EVP_PKEY_free(ret_pkey);
-        ret_pkey = NULL;
-        ECDSA_free(ret_ecdsa);
-        ret_ecdsa = NULL;
-	PKCS8_PRIV_KEY_INFO_free(pkcs8);
-        BIO_printf(bio_err, "PKCS8_NS_DB           : ");
-        if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NS_DB)) == NULL) goto err;
-        if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err;
-        ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey);
-        if (ecdsa_cmp(ecdsa, ret_ecdsa))
-        {
-                BIO_printf(bio_err, "TEST FAILED \n");
-                goto err;
-        }
-        else BIO_printf(bio_err, "TEST OK \n");
-        EVP_PKEY_free(ret_pkey);
-        ret_pkey = NULL;
-        ECDSA_free(ret_ecdsa);
-        ret_ecdsa = NULL;
-	EVP_PKEY_free(pkey);
-	pkey  = NULL;
-	ecdsa = NULL;
-	PKCS8_PRIV_KEY_INFO_free(pkcs8);
-	pkcs8 = NULL;
-
-	/* sign and verify tests */
-	if ((d = BN_new()) == NULL) goto err;
- 
-        if (!BN_dec2bn(&d, "968236873715988614170569073515315707566766479517")) goto err;
-        dgst_len = BN_num_bytes(d);
-	if ((dgst = OPENSSL_malloc(dgst_len)) == NULL) goto err;
-        if (!BN_bn2bin(d, dgst)) goto err;
-
-        BIO_printf(bio_err, "Performing tests based on examples H.3.1 and H.3.2 of X9.62 \n");
- 
-        BIO_printf(bio_err, "PRIME_192_V1 : ");
-	if ((ecdsa = ECDSA_new()) == NULL) goto err;
-        if (!set_p192_param(ecdsa)) goto err;
-        if (!test_x962_sig_vrf(ecdsa, dgst, "6140507067065001063065065565667405560006161556565665656654",
-                               "3342403536405981729393488334694600415596881826869351677613",
-                               "5735822328888155254683894997897571951568553642892029982342"))
-                goto err;
-        else
-                BIO_printf(bio_err, "OK\n");
-        BIO_printf(bio_err, "PRIME_239_V1 : ");
-        if (!set_p239_param(ecdsa))
-                goto err;
-        if (!test_x962_sig_vrf(ecdsa, dgst, "700000017569056646655505781757157107570501575775705779575555657156756655",
-                               "308636143175167811492622547300668018854959378758531778147462058306432176",
-                               "323813553209797357708078776831250505931891051755007842781978505179448783"))
-                goto err;
-        else
-                BIO_printf(bio_err, "OK\n");
-
-	ECDSA_free(ecdsa);
-	ecdsa = NULL;
-	OPENSSL_free(dgst);
-	dgst = NULL;
-
-
-	/* NIST PRIME CURVES TESTS */
-	/* EC_GROUP_NIST_PRIME_192 */
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-		if (!RAND_bytes(digest[i], 20)) goto err;	
-
- 	BIO_printf(bio_err, "\nTesting sign & verify with NIST Prime-Curve P-192 : \n");
-	ECDSA_free(ecdsa);
-	if ((ecdsa = ECDSA_new()) == NULL) goto err;
-	if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) == NULL) goto err;
-	if (!ECDSA_generate_key(ecdsa)) goto err;
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
-        tim = clock() - tim;
-	tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_sign()   in %.2f"UNIT" => average time for ECDSA_do_sign()   %.4f"UNIT"\n"
-		, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
-	tim = clock();
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-		if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
-	tim = clock() - tim;
-	tim_d = (double)tim / CLOCKS_PER_SEC;
-	BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-	{
-		ECDSA_SIG_free(signatures[i]);
-		signatures[i] = NULL;
-	}
-
-	/* EC_GROUP_NIST_PRIME_224 */
-	BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-224 : \n");
-        ECDSA_free(ecdsa);
-        if ((ecdsa = ECDSA_new()) == NULL) goto err;
-        if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err;
-        if (!ECDSA_generate_key(ecdsa)) goto err;
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_sign()   in %.2f"UNIT" => average time for ECDSA_do_sign()   %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-	{
-		ECDSA_SIG_free(signatures[i]);
-		signatures[i] = NULL;
-	}
-
-	/* EC_GROUP_NIST_PRIME_256 */
-        BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-256 : \n");
-        ECDSA_free(ecdsa);
-        if ((ecdsa = ECDSA_new()) == NULL) goto err;
-        if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err;
-        if (!ECDSA_generate_key(ecdsa)) goto err;
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_sign()   in %.2f"UNIT" => average time for ECDSA_do_sign()   %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-	{
-		ECDSA_SIG_free(signatures[i]);
-		signatures[i] = NULL;
-	}
-
-	/* EC_GROUP_NIST_PRIME_384 */
-        BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-384 : \n");
-        ECDSA_free(ecdsa);
-        if ((ecdsa = ECDSA_new()) == NULL) goto err;
-        if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err;
-        if (!ECDSA_generate_key(ecdsa)) goto err;
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_sign()   in %.2f"UNIT" => average time for ECDSA_do_sign()   %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-	{
-		ECDSA_SIG_free(signatures[i]);
-		signatures[i] = NULL;
-	}
-
-	/* EC_GROUP_NIST_PRIME_521 */
-        BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-521 : \n");
-        ECDSA_free(ecdsa);
-        if ((ecdsa = ECDSA_new()) == NULL) goto err;
-        if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err;
-        if (!ECDSA_generate_key(ecdsa)) goto err;
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_sign()   in %.2f"UNIT" => average time for ECDSA_do_sign()   %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
-        tim = clock();
-        for (i=0; i<ECDSA_NIST_TESTS; i++)
-                if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
-        tim = clock() - tim;
-        tim_d = (double)tim / CLOCKS_PER_SEC;
-        BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
-                , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
-	ECDSA_free(ecdsa);
-	ecdsa = NULL;
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-	{
-		ECDSA_SIG_free(signatures[i]);
-		signatures[i] = NULL;
-	}
-
-	OPENSSL_free(buffer);
-	buffer = NULL;
-	EVP_PKEY_free(pkey);
-	pkey = NULL;
-	ecdsa = NULL;
-	
-	ret = 1;
-err:	if (!ret) 	
-		BIO_printf(bio_err, "TEST FAILED \n");
-	else 
-		BIO_printf(bio_err, "TEST PASSED \n");
-	if (!ret)
-		ERR_print_errors(bio_err);
-	if (ecdsa)	ECDSA_free(ecdsa);
-	if (d)		BN_free(d);
-	if (dgst)	OPENSSL_free(dgst);
-	if (md_ctx)	EVP_MD_CTX_destroy(md_ctx);
-	CRYPTO_cleanup_all_ex_data();
-	ERR_remove_state(0);
-	ERR_free_strings();
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-	{
-		BIO_free(bio_err);
-		bio_err = NULL;
-	}
-	return(0);
-}	
-
-#endif

crypto/ecdsa/ecs_asn1.c

@@ -1,677 +0,0 @@
-/* crypto/ecdsa/ecs_asn1.c */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "ecs_locl.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-ASN1_SEQUENCE(ECDSA_SIG) = {
-	ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
-	ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END(ECDSA_SIG)
-
-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
-
-ASN1_SEQUENCE(X9_62_FIELDID) = {
-	ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
-	ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY)
-} ASN1_SEQUENCE_END(X9_62_FIELDID)
-
-DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID)
-IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID)
-
-ASN1_SEQUENCE(X9_62_CURVE) = {
-	ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
-	ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(X9_62_CURVE)
-
-DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE)
-IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE)
-
-ASN1_SEQUENCE(X9_62_EC_PARAMETERS) = {
-	ASN1_SIMPLE(X9_62_EC_PARAMETERS, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X9_62_EC_PARAMETERS, fieldID, X9_62_FIELDID),
-	ASN1_SIMPLE(X9_62_EC_PARAMETERS, curve, X9_62_CURVE),
-	ASN1_SIMPLE(X9_62_EC_PARAMETERS, base, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(X9_62_EC_PARAMETERS, order, ASN1_INTEGER),
-	ASN1_SIMPLE(X9_62_EC_PARAMETERS, cofactor, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(X9_62_EC_PARAMETERS)
-
-DECLARE_ASN1_FUNCTIONS_const(X9_62_EC_PARAMETERS)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_EC_PARAMETERS, X9_62_EC_PARAMETERS)
-IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_EC_PARAMETERS)
-
-ASN1_CHOICE(EC_PARAMETERS) = {
-	ASN1_SIMPLE(EC_PARAMETERS, value.named_curve, ASN1_OBJECT),
-	ASN1_SIMPLE(EC_PARAMETERS, value.parameters, X9_62_EC_PARAMETERS),
-	ASN1_SIMPLE(EC_PARAMETERS, value.implicitlyCA, ASN1_NULL)
-} ASN1_CHOICE_END(EC_PARAMETERS)
-
-DECLARE_ASN1_FUNCTIONS_const(EC_PARAMETERS)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PARAMETERS, EC_PARAMETERS)
-IMPLEMENT_ASN1_FUNCTIONS_const(EC_PARAMETERS)
-             
-ASN1_SEQUENCE(ECDSAPrivateKey) = {
-	ASN1_SIMPLE(ECDSAPrivateKey, version, LONG),
-	ASN1_SIMPLE(ECDSAPrivateKey, parameters, EC_PARAMETERS),
-	ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(ECDSAPrivateKey, priv_key, BIGNUM)
-} ASN1_SEQUENCE_END(ECDSAPrivateKey)
-
-DECLARE_ASN1_FUNCTIONS_const(ECDSAPrivateKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPrivateKey)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(ECDSAPrivateKey, ECDSAPrivateKey, ECDSAPrivateKey)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPrivateKey, ecdsaPrivateKey)
-
-
-X9_62_FIELDID 	*ECDSA_get_X9_62_FIELDID(const ECDSA *ecdsa, X9_62_FIELDID *field)
-{
-	/* TODO : characteristic two */
-	int	ok=0, reason=ERR_R_ASN1_LIB;
-	X9_62_FIELDID *ret=NULL;
-	BIGNUM  *tmp=NULL;
-	
-	if (!ecdsa || !ecdsa->group)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-	if (field == NULL)
-	{
-		if ((ret = X9_62_FIELDID_new()) == NULL) return NULL;
-	}
-	else
-	{	
-		ret = field;
-		if (ret->fieldType != NULL)	ASN1_OBJECT_free(ret->fieldType);
-		if (ret->parameters != NULL)	ASN1_TYPE_free(ret->parameters);
-	}
-	if ((tmp = BN_new()) == NULL) 
-		OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
-	if ((ret->fieldType = OBJ_nid2obj(NID_X9_62_prime_field)) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_OBJ_LIB)
-	if ((ret->parameters = ASN1_TYPE_new()) == NULL) goto err;
-	ret->parameters->type = V_ASN1_INTEGER;
-	if (!EC_GROUP_get_curve_GFp(ecdsa->group, tmp, NULL, NULL, NULL))
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	if ((ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL)) == NULL) goto err;
-	ok = 1;
-err :	if (!ok)
-	{
-		if (ret && !field) X9_62_FIELDID_free(ret);
-		ret = NULL;
-		ECDSAerr(ECDSA_F_ECDSA_GET_X9_62_FIELDID, reason);
-	}
-	if (tmp) BN_free(tmp);
-	return(ret);
-}
-
-X9_62_CURVE   *ECDSA_get_X9_62_CURVE(const ECDSA *ecdsa, X9_62_CURVE *curve)
-{
-	int	ok=0, reason=ERR_R_BN_LIB, len1=0, len2=0;
-	X9_62_CURVE *ret=NULL;
-	BIGNUM      *tmp1=NULL, *tmp2=NULL;
-	unsigned char *buffer=NULL;
-	unsigned char char_buf = 0;
-
-	if (!ecdsa || !ecdsa->group)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-	if ((tmp1 = BN_new()) == NULL || (tmp2 = BN_new()) == NULL) goto err;
-	if (curve == NULL)
-	{
-		if ((ret = X9_62_CURVE_new()) == NULL)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_X9_62_CURVE_NEW_FAILURE)
-	}
-	else
-	{
-		ret = curve;
-		if (ret->a)	ASN1_OCTET_STRING_free(ret->a);
-		if (ret->b)	ASN1_OCTET_STRING_free(ret->b);
-		if (ret->seed)	ASN1_BIT_STRING_free(ret->seed);
-	}
-	if (!EC_GROUP_get_curve_GFp(ecdsa->group, NULL, tmp1, tmp2, NULL))
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-
-	if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || 
-	    (ret->b = M_ASN1_OCTET_STRING_new()) == NULL )
-		OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-
-	len1 = BN_num_bytes(tmp1);
-	len2 = BN_num_bytes(tmp2);
-
-	if ((buffer = OPENSSL_malloc(len1 > len2 ? len1 : len2)) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-
-	if (len1 == 0) /* => a == 0 */
-	{
-		if (!M_ASN1_OCTET_STRING_set(ret->a, &char_buf, 1))
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-	}
-	else
-	{
-		if ((len1 = BN_bn2bin(tmp1, buffer)) == 0) goto err;
-		if (!M_ASN1_OCTET_STRING_set(ret->a, buffer, len1))
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-	}
-	if (len2 == 0) /* => b == 0 */
-	{
-		if (!M_ASN1_OCTET_STRING_set(ret->a, &char_buf, 1))
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-	}
-	else
-	{
-		if ((len2 = BN_bn2bin(tmp2, buffer)) == 0) goto err;
-		if (!M_ASN1_OCTET_STRING_set(ret->b, buffer, len2))
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-	}
-
-	if (ecdsa->seed)
-	{	
-		if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err;
-		if (!ASN1_BIT_STRING_set(ret->seed, ecdsa->seed, (int)ecdsa->seed_len))
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-	}
-	else
-		ret->seed = NULL;
-
-	ok = 1;
-err :	if (!ok)
-	{
-		if (ret && !curve) X9_62_CURVE_free(ret);
-		ret = NULL;
-		ECDSAerr(ECDSA_F_ECDSA_GET_X9_62_CURVE, reason);
-	}
-	if (buffer) OPENSSL_free(buffer);
-	if (tmp1)   BN_free(tmp1);
-	if (tmp2)   BN_free(tmp2);
-	return(ret);
-}
-
-X9_62_EC_PARAMETERS *ECDSA_get_X9_62_EC_PARAMETERS(const ECDSA *ecdsa, X9_62_EC_PARAMETERS *param)
-{
-	int	ok=0, reason=ERR_R_ASN1_LIB;
-	size_t  len=0;
-	X9_62_EC_PARAMETERS *ret=NULL;
-	BIGNUM	      *tmp=NULL;
-	unsigned char *buffer=NULL;
-	EC_POINT      *point=NULL;
-
-	if (!ecdsa || !ecdsa->group)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-	if ((tmp = BN_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
-	if (param == NULL)
-	{
-		if ((ret = X9_62_EC_PARAMETERS_new()) == NULL)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_X9_62_EC_PARAMETERS_NEW_FAILURE)
-	}
-	else
-		ret = param;
-	if (ret->version == NULL && (ret->version = ASN1_INTEGER_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-	if (!ASN1_INTEGER_set(ret->version, (long)ecdsa->version)) goto err;
-	if ((ret->fieldID = ECDSA_get_X9_62_FIELDID(ecdsa, ret->fieldID)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE)
-	if ((ret->curve = ECDSA_get_X9_62_CURVE(ecdsa, ret->curve)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_CURVE_FAILURE)
-	if ((point = EC_GROUP_get0_generator(ecdsa->group)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_CAN_NOT_GET_GENERATOR)
-	if (!(len = EC_POINT_point2oct(ecdsa->group, point, POINT_CONVERSION_COMPRESSED, NULL, len, NULL)))
-		OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER_LENGTH)
-	if ((buffer = OPENSSL_malloc(len)) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-	if (!EC_POINT_point2oct(ecdsa->group, point, POINT_CONVERSION_COMPRESSED, buffer, len, NULL)) 
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) goto err;
-	if (!EC_GROUP_get_order(ecdsa->group, tmp, NULL))
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	if ((ret->order = BN_to_ASN1_INTEGER(tmp, ret->order)) == NULL) goto err;
-	if (!EC_GROUP_get_cofactor(ecdsa->group, tmp, NULL))
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	if ((ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor)) == NULL) goto err;
-	ok = 1;
-
-err :	if(!ok)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_GET_X9_62_EC_PARAMETERS, reason);
-		if (ret && !param) X9_62_EC_PARAMETERS_free(ret);
-		ret = NULL;
-	}
-	if (tmp)    BN_free(tmp);
-	if (buffer) OPENSSL_free(buffer);
-	return(ret);
-}
-
-EC_PARAMETERS *ECDSA_get_EC_PARAMETERS(const ECDSA *ecdsa, EC_PARAMETERS *params)
-{
-	int ok = 1;
-	int tmp = 0;
-	EC_PARAMETERS *ret = params;
-	if (ret == NULL)
-		if ((ret = EC_PARAMETERS_new()) == NULL)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_GET_EC_PARAMETERS, ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-	if (ecdsa == NULL)
-	{	/* missing parameter */
-		ECDSAerr(ECDSA_F_ECDSA_GET_EC_PARAMETERS, ECDSA_R_MISSING_PARAMETERS);
-		EC_PARAMETERS_free(params);
-		return NULL;
-	}
-	if (ecdsa->parameter_flags & ECDSA_FLAG_NAMED_CURVE)
-	{	/* use a named curve */
-		tmp = EC_GROUP_get_nid(ecdsa->group);
-		if (tmp)
-		{
-			ret->type = 0;
-			if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
-				ok = 0;
-		}
-		else
-		{
-			/* use the x9_64 ec_parameters structure */
-			ret->type = 1;
-			if ((ret->value.parameters = ECDSA_get_X9_62_EC_PARAMETERS(ecdsa, NULL)) == NULL)
-				ok = 0;
-		}
-	}
-	else if (ecdsa->parameter_flags & ECDSA_FLAG_IMPLICITLYCA)
-	{	/* use implicitlyCA */
-		ret->type = 2;
-		if ((ret->value.implicitlyCA = ASN1_NULL_new()) == NULL)
-			ok = 0;
-	}
-	else
-	{	/* use the x9_64 ec_parameters structure */
-		ret->type = 1;
-		if ((ret->value.parameters = ECDSA_get_X9_62_EC_PARAMETERS(ecdsa, NULL)) == NULL)
-			ok = 0;
-	}
-	if (!ok)
-	{
-		EC_PARAMETERS_free(ret);
-		return NULL;
-	}
-		return ret;
-}
-
-ECDSA         *ECDSA_x9_62parameters2ecdsa(const X9_62_EC_PARAMETERS *params, ECDSA *ecdsa)
-{
-	int	  ok=0, reason=ERR_R_EC_LIB, tmp;
-	ECDSA	  *ret=NULL;
-	const EC_METHOD *meth=NULL;
-	BIGNUM	  *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL;
-	EC_POINT  *point=NULL;
-
-	if (!params) 
-		OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-	if (ecdsa == NULL)
-	{
-		if ((ret = ECDSA_new()) == NULL) 
-			OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_NEW_FAILURE)
-	}
-	else
-	{
-		if (ecdsa->group)	EC_GROUP_free(ecdsa->group);
-		if (ecdsa->pub_key)	EC_POINT_free(ecdsa->pub_key);
-		ecdsa->pub_key = NULL;
-		if (ecdsa->priv_key)	BN_clear_free(ecdsa->priv_key);
-		ecdsa->priv_key = NULL;
-		if (ecdsa->seed)	OPENSSL_free(ecdsa->seed);
-		ecdsa->seed = NULL;
-		if (ecdsa->kinv)	
-		{
-			BN_clear_free(ecdsa->kinv);
-			ecdsa->kinv = NULL;
-		}
-		if (ecdsa->r)
-		{
-			BN_clear_free(ecdsa->r);
-			ecdsa->r = NULL;
-		}
-		ret = ecdsa;
-	}
-	/* TODO : characteristic two */
-	if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->parameters)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_NO_FIELD_SPECIFIED)
-	tmp = OBJ_obj2nid(params->fieldID->fieldType); 
-	if (tmp == NID_X9_62_characteristic_two_field)
-	{
-		OPENSSL_ECDSA_ABORT(ECDSA_R_NOT_SUPPORTED)
-	}
-	else if (tmp == NID_X9_62_prime_field)
-	{
-		/* TODO : optimal method for the curve */
-		meth = EC_GFp_mont_method();
-		if ((ret->group = EC_GROUP_new(meth)) == NULL) goto err;
-		if (params->fieldID->parameters->type != V_ASN1_INTEGER)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_ASN1_TYPE)
-		if (!params->fieldID->parameters->value.integer)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_PRIME_MISSING)
-		if ((tmp_1 = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-		if (!params->curve)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_NO_CURVE_SPECIFIED)
-		if (!params->curve->a || !params->curve->a->data)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_NO_CURVE_PARAMETER_A_SPECIFIED)
-		if ((tmp_2 = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
-		if (!params->curve->b || !params->curve->b->data)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_NO_CURVE_PARAMETER_B_SPECIFIED)
-		if ((tmp_3 = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
-		if (!EC_GROUP_set_curve_GFp(ret->group, tmp_1, tmp_2, tmp_3, NULL)) goto err;
-		if ((point = EC_POINT_new(ret->group)) == NULL) goto err;
-	}
-	else OPENSSL_ECDSA_ABORT(ECDSA_R_WRONG_FIELD_IDENTIFIER)
-	if (params->curve->seed != NULL)
-	{
-		if (ret->seed != NULL)
-			OPENSSL_free(ret->seed);
-		if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-		memcpy(ret->seed, params->curve->seed->data, params->curve->seed->length);
-		ret->seed_len = params->curve->seed->length;
-	}
-	if (params->version)
-	{
-		if ((ret->version = (int)ASN1_INTEGER_get(params->version)) < 0)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_VERSION_NUMER)
-	}
-	else
-		ret->version  = 1;
-	if (params->order && params->cofactor && params->base && params->base->data)
-	{
-		if ((tmp_1 = ASN1_INTEGER_to_BN(params->order, tmp_1)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-		if ((tmp_2 = ASN1_INTEGER_to_BN(params->cofactor, tmp_2)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-		if (!EC_POINT_oct2point(ret->group, point, params->base->data, 
-			        params->base->length, NULL)) goto err;
-		if (!EC_GROUP_set_generator(ret->group, point, tmp_1, tmp_2)) goto err;
-	}
-	ok = 1;
-
-err:	if (!ok)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_GET, reason);
-		if (ret && !ecdsa) ECDSA_free(ret);
-		ret = NULL;
-	}
-	if (tmp_1)	BN_free(tmp_1);
-	if (tmp_2)	BN_free(tmp_2);
-	if (tmp_3)	BN_free(tmp_3);
-	if (point)	EC_POINT_free(point);
-	return(ret);
-}
-
-ECDSA *ECDSA_ecparameters2ecdsa(const EC_PARAMETERS *params, ECDSA *ecdsa)
-{
-	ECDSA *ret = ecdsa;
-	int tmp = 0;
-	if (ret == NULL)
-		if ((ret = ECDSA_new()) == NULL)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-	if (params == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ECDSA_R_MISSING_PARAMETERS);
-		ECDSA_free(ret);
-		return NULL;
-	}
-	if (params->type == 0)
-	{
-		if (ret->group)
-			EC_GROUP_free(ret->group);
-		tmp = OBJ_obj2nid(params->value.named_curve);
-		ret->parameter_flags |= ECDSA_FLAG_NAMED_CURVE;
-		if ((ret->group = EC_GROUP_new_by_name(tmp)) == NULL)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ECDSA_R_EC_GROUP_NID2CURVE_FAILURE);
-			ECDSA_free(ret);
-			return NULL;
-		}
-	}
-	else if (params->type == 1)
-	{
-		ret = ECDSA_x9_62parameters2ecdsa(params->value.parameters, ret);
-	}
-	else if (params->type == 2)
-	{
-		if (ret->group)
-			EC_GROUP_free(ret->group);
-		ret->group = NULL;
-		ret->parameter_flags |= ECDSA_FLAG_IMPLICITLYCA;		
-	}
-	else
-	{
-		ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ECDSA_R_UNKNOWN_PARAMETERS_TYPE);
-		ECDSA_free(ret);
-		ret = NULL;
-	}
-	return ret;
-}
-
-ECDSA 	*d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len)
-{
-	ECDSA		*ecdsa = (a && *a)? *a : NULL;
-	EC_PARAMETERS	*params = NULL;
-
-	if ((params = d2i_EC_PARAMETERS(NULL, in, len)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, ECDSA_R_D2I_EC_PARAMETERS_FAILURE);
-		EC_PARAMETERS_free(params);
-		return NULL;
-	}
-	if ((ecdsa = ECDSA_ecparameters2ecdsa(params, ecdsa)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, ECDSA_R_ECPARAMETERS2ECDSA_FAILURE);
-		return NULL; 
-	}
-	EC_PARAMETERS_free(params);
-	return(ecdsa);	
-}
-
-int	i2d_ECDSAParameters(ECDSA *a, unsigned char **out)
-{
-	int		ret=0;
-	EC_PARAMETERS	*tmp = ECDSA_get_EC_PARAMETERS(a, NULL);
-	if (tmp == NULL)
-	{
-		ECDSAerr(ECDSA_F_I2D_ECDSAPARAMETERS, ECDSA_R_ECDSA_GET_EC_PARAMETERS_FAILURE);
-		return 0;
-	}
-	if ((ret = i2d_EC_PARAMETERS(tmp, out)) == 0)
-	{
-		ECDSAerr(ECDSA_F_I2D_ECDSAPARAMETERS, ECDSA_R_ECDSA_R_D2I_EC_PARAMETERS_FAILURE);
-		EC_PARAMETERS_free(tmp);
-		return 0;
-	}	
-	EC_PARAMETERS_free(tmp);
-	return(ret);
-}
-
-ECDSA 	*d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len)
-{
-	int reason=ERR_R_BN_LIB, ok=0;
-	ECDSA *ret=NULL;
-	ECDSAPrivateKey *priv_key=NULL;
-
-	if ((priv_key = ECDSAPrivateKey_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
-	if ((priv_key = d2i_ecdsaPrivateKey(&priv_key, in, len)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE)
-	if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, NULL)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE)
-	ret->version = priv_key->version;
-	if (priv_key->priv_key)
-	{
-		if ((ret->priv_key = BN_dup(priv_key->priv_key)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
-	}
-	else
-		OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSAPRIVATEKEY_MISSING_PRIVATE_KEY)
-	if ((ret->pub_key = EC_POINT_new(ret->group)) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data, priv_key->pub_key->length, NULL))
-		OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	ok = 1;
-err :	if (!ok)
-	{
-		if (ret) ECDSA_free(ret);
-		ret = NULL;
-		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, reason);
-	}
-	if (priv_key)	ECDSAPrivateKey_free(priv_key);
-	return(ret);
-}
-
-int	i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out)
-{
-	int ret=0, ok=0, reason=ERR_R_EC_LIB;
-	unsigned char   *buffer=NULL;
-	size_t		buf_len=0;
-	ECDSAPrivateKey *priv_key=NULL;
-
-	if (a == NULL || a->group == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-	if ((priv_key = ECDSAPrivateKey_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
-	if ((priv_key->parameters = ECDSA_get_EC_PARAMETERS(a, priv_key->parameters)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE)
-	priv_key->version      = a->version;
-	if (BN_copy(priv_key->priv_key, a->priv_key) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
-	buf_len = EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL);
-	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-	if (!EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_COMPRESSED,
-	                        buffer, buf_len, NULL)) goto err;
-	if (!M_ASN1_OCTET_STRING_set(priv_key->pub_key, buffer, buf_len))
-		OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-	if ((ret = i2d_ecdsaPrivateKey(priv_key, out)) == 0)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_I2D_ECDSA_PRIVATEKEY)
-	ok=1;
-	
-err:	if (!ok)
-		ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, reason);
-	if (buffer)   OPENSSL_free(buffer);
-	if (priv_key) ECDSAPrivateKey_free(priv_key);	
-	return(ok?ret:0);
-}
-
-
-ECDSA 	*ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len)
-{
-	ECDSA *ret=NULL;
-
-	if (a == NULL || (*a) == NULL || (*a)->group == NULL)
-	{
-		/* sorry, but a EC_GROUP-structur is necessary
-                 * to set the public key */
-		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ECDSA_R_MISSING_PARAMETERS);
-		return 0;
-	}
-	ret = *a;
-	if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
-	{
-		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB);
-		return 0;
-	}
-	ECDSA_set_conversion_form(ret, (point_conversion_form_t)(*in[0] & ~0x01));
-	return ret;
-}
-
-int 	ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out)
-{
-        size_t  buf_len=0;
-
-        if (a == NULL) 
-	{
-		ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ECDSA_R_MISSING_PARAMETERS);
-		return 0;
-	}
-        buf_len = EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a), NULL, 0, NULL);
-	if (out == NULL || buf_len == 0)
-	/* out == NULL => just return the length of the octet string */
-		return buf_len;
-	if (*out == NULL)
-		if ((*out = OPENSSL_malloc(buf_len)) == NULL)
-		{
-			ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-        if (!EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a),
-				*out, buf_len, NULL))
-	{
-		ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_EC_LIB);
-		OPENSSL_free(*out);
-		*out = NULL;
-		return 0;
-	}
-	return buf_len;
-}

crypto/ecdsa/ecs_err.c

@@ -1,155 +0,0 @@
-/* crypto/ecdsa/ecs_err.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ECDSA_str_functs[]=
-	{
-{ERR_PACK(0,ECDSA_F_D2I_ECDSAPARAMETERS,0),	"d2i_ECDSAParameters"},
-{ERR_PACK(0,ECDSA_F_D2I_ECDSAPRIVATEKEY,0),	"d2i_ECDSAPrivateKey"},
-{ERR_PACK(0,ECDSA_F_ECDSAPARAMETERS_PRINT,0),	"ECDSAParameters_print"},
-{ERR_PACK(0,ECDSA_F_ECDSAPARAMETERS_PRINT_FP,0),	"ECDSAParameters_print_fp"},
-{ERR_PACK(0,ECDSA_F_ECDSA_DO_SIGN,0),	"ECDSA_do_sign"},
-{ERR_PACK(0,ECDSA_F_ECDSA_DO_VERIFY,0),	"ECDSA_do_verify"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GENERATE_KEY,0),	"ECDSA_generate_key"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET,0),	"ECDSA_GET"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET_CURVE_NID,0),	"ECDSA_GET_CURVE_NID"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET_ECDSA,0),	"ECDSA_GET_ECDSA"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET_EC_PARAMETERS,0),	"ECDSA_get_EC_PARAMETERS"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET_X9_62_CURVE,0),	"ECDSA_get_X9_62_CURVE"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET_X9_62_EC_PARAMETERS,0),	"ECDSA_get_X9_62_EC_PARAMETERS"},
-{ERR_PACK(0,ECDSA_F_ECDSA_GET_X9_62_FIELDID,0),	"ECDSA_get_X9_62_FIELDID"},
-{ERR_PACK(0,ECDSA_F_ECDSA_NEW,0),	"ECDSA_NEW"},
-{ERR_PACK(0,ECDSA_F_ECDSA_PRINT,0),	"ECDSA_print"},
-{ERR_PACK(0,ECDSA_F_ECDSA_PRINT_FP,0),	"ECDSA_print_fp"},
-{ERR_PACK(0,ECDSA_F_ECDSA_SET_GROUP_P,0),	"ECDSA_set_group_p"},
-{ERR_PACK(0,ECDSA_F_ECDSA_SET_PRIME_GROUP,0),	"ECDSA_SET_PRIME_GROUP"},
-{ERR_PACK(0,ECDSA_F_ECDSA_SIGN_SETUP,0),	"ECDSA_sign_setup"},
-{ERR_PACK(0,ECDSA_F_I2D_ECDSAPARAMETERS,0),	"i2d_ECDSAParameters"},
-{ERR_PACK(0,ECDSA_F_I2D_ECDSAPRIVATEKEY,0),	"i2d_ECDSAPrivateKey"},
-{ERR_PACK(0,ECDSA_F_I2D_ECDSAPUBLICKEY,0),	"i2d_ECDSAPublicKey"},
-{ERR_PACK(0,ECDSA_F_SIG_CB,0),	"SIG_CB"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA ECDSA_str_reasons[]=
-	{
-{ECDSA_R_BAD_SIGNATURE                   ,"bad signature"},
-{ECDSA_R_CAN_NOT_GET_GENERATOR           ,"can not get generator"},
-{ECDSA_R_D2I_ECDSAPRIVATEKEY_MISSING_PRIVATE_KEY,"d2i ecdsaprivatekey missing private key"},
-{ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE    ,"d2i ecdsa privatekey failure"},
-{ECDSA_R_D2I_EC_PARAMETERS_FAILURE       ,"d2i ec parameters failure"},
-{ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE ,"d2i x9 62 ec parameters failure"},
-{ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE     ,"data too large for key size"},
-{ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE     ,"ecdsaprivatekey new failure"},
-{ECDSA_R_ECDSA_F_ECDSA_NEW               ,"ecdsa f ecdsa new"},
-{ECDSA_R_ECDSA_GET_EC_PARAMETERS_FAILURE ,"ecdsa get ec parameters failure"},
-{ECDSA_R_ECDSA_GET_FAILURE               ,"ecdsa get failure"},
-{ECDSA_R_ECDSA_GET_X9_62_CURVE_FAILURE   ,"ecdsa get x9 62 curve failure"},
-{ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE,"ecdsa get x9 62 ec parameters failure"},
-{ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE ,"ecdsa get x9 62 fieldid failure"},
-{ECDSA_R_ECDSA_NEW_FAILURE               ,"ecdsa new failure"},
-{ECDSA_R_ECDSA_R_D2I_EC_PARAMETERS_FAILURE,"ecdsa r d2i ec parameters failure"},
-{ECDSA_R_ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE,"ecdsa r d2i x9 62 ec parameters failure"},
-{ECDSA_R_ECPARAMETERS2ECDSA_FAILURE      ,"ecparameters2ecdsa failure"},
-{ECDSA_R_EC_GROUP_NID2CURVE_FAILURE      ,"ec group nid2curve failure"},
-{ECDSA_R_ERR_EC_LIB                      ,"err ec lib"},
-{ECDSA_R_I2D_ECDSA_PRIVATEKEY            ,"i2d ecdsa privatekey"},
-{ECDSA_R_I2D_ECDSA_PUBLICKEY             ,"i2d ecdsa publickey"},
-{ECDSA_R_MISSING_PARAMETERS              ,"missing parameters"},
-{ECDSA_R_NOT_SUPPORTED                   ,"not supported"},
-{ECDSA_R_NO_CURVE_PARAMETER_A_SPECIFIED  ,"no curve parameter a specified"},
-{ECDSA_R_NO_CURVE_PARAMETER_B_SPECIFIED  ,"no curve parameter b specified"},
-{ECDSA_R_NO_CURVE_SPECIFIED              ,"no curve specified"},
-{ECDSA_R_NO_FIELD_SPECIFIED              ,"no field specified"},
-{ECDSA_R_PRIME_MISSING                   ,"prime missing"},
-{ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED ,"random number generation failed"},
-{ECDSA_R_SIGNATURE_MALLOC_FAILED         ,"signature malloc failed"},
-{ECDSA_R_UNEXPECTED_ASN1_TYPE            ,"unexpected asn1 type"},
-{ECDSA_R_UNEXPECTED_PARAMETER            ,"unexpected parameter"},
-{ECDSA_R_UNEXPECTED_PARAMETER_LENGTH     ,"unexpected parameter length"},
-{ECDSA_R_UNEXPECTED_VERSION_NUMER        ,"unexpected version numer"},
-{ECDSA_R_UNKNOWN_PARAMETERS_TYPE         ,"unknown parameters type"},
-{ECDSA_R_WRONG_FIELD_IDENTIFIER          ,"wrong field identifier"},
-{ECDSA_R_X9_62_CURVE_NEW_FAILURE         ,"x9 62 curve new failure"},
-{ECDSA_R_X9_62_EC_PARAMETERS_NEW_FAILURE ,"x9 62 ec parameters new failure"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_ECDSA_strings(void)
-	{
-	static int init=1;
-
-	if (init)
-		{
-		init=0;
-#ifndef OPENSSL_NO_ERR
-		ERR_load_strings(ERR_LIB_ECDSA,ECDSA_str_functs);
-		ERR_load_strings(ERR_LIB_ECDSA,ECDSA_str_reasons);
-#endif
-
-		}
-	}