Beta 1 of 0.9.5a building.

movements, keyboard etc. and write it to a seed file.

.cvsignore

@@ -5,3 +5,9 @@ tmp
 out
 outinc
 rehash.time
+testlog
+make.log
+maketest.log
+cctest
+cctest.c
+cctest.a

CHANGES

@@ -2,7 +2,167 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
+ Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf M<>ller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
+  *) For easily testing in shell scripts whether some command
+     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+     returns with exit code 0 iff no command of the given name is available.
+     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
+     the output goes to stdout and nothing is printed to stderr.
+     Additional arguments are always ignored.
+
+     Since for each cipher there is a command of the same name,
+     the 'no-cipher' compilation switches can be tested this way.
+
+     ('openssl no-XXX' is not able to detect pseudo-commands such
+     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+     [Bodo Moeller]
+
+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+
+  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+     is set; it will be thrown away anyway because each handshake creates
+     its own key.
+     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+     to parameters -- in previous versions (since OpenSSL 0.9.3) the
+     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+     [Bodo Moeller]
+
+  *) New s_client option -ign_eof: EOF at stdin is ignored, and
+     'Q' and 'R' lose their special meanings (quit/renegotiate).
+     This is part of what -quiet does; unlike -quiet, -ign_eof
+     does not suppress any output.
+     [Richard Levitte]
+
+  *) Add compatibility options to the purpose and trust code. The
+     purpose X509_PURPOSE_ANY is "any purpose" which automatically
+     accepts a certificate or CA, this was the previous behaviour,
+     with all the associated security issues.
+
+     X509_TRUST_COMPAT is the old trust behaviour: only and
+     automatically trust self signed roots in certificate store. A
+     new trust setting X509_TRUST_DEFAULT is used to specify that
+     a purpose has no associated trust setting and it should instead
+     use the value in the default purpose.
+     [Steve Henson]
+
+  *) Fix the PKCS#8 DSA private key code so it decodes keys again
+     and fix a memory leak.
+     [Steve Henson]
+
+  *) In util/mkerr.pl (which implements 'make errors'), preserve
+     reason strings from the previous version of the .c file, as
+     the default to have only downcase letters (and digits) in
+     automatically generated reasons codes is not always appropriate.
+     [Bodo Moeller]
+
+  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+     using strerror.  Previously, ERR_reason_error_string() returned
+     library names as reason strings for SYSerr; but SYSerr is a special
+     case where small numbers are errno values, not library numbers.
+     [Bodo Moeller]
+
+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+
+  *) The second argument to set_label in perlasm was already being used
+     so couldn't be used as a "file scope" flag. Moved to third argument
+     which was free.
+     [Steve Henson]
+
+  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+     instead of RAND_bytes for encryption IVs and salts.
+     [Bodo Moeller]
+
+  *) Include RAND_status() into RAND_METHOD instead of implementing
+     it only for md_rand.c  Otherwise replacing the PRNG by calling
+     RAND_set_rand_method would be impossible.
+     [Bodo Moeller]
+
+  *) Don't let DSA_generate_key() enter an infinite loop if the random
+     number generation fails.
+     [Bodo Moeller]
+
+  *) New 'rand' application for creating pseudo-random output.
+     [Bodo Moeller]
+
+  *) Added configuration support for Linux/IA64
+     [Rolf Haberrecker <rolf@suse.de>]
+
+  *) Assembler module support for Mingw32.
+     [Ulf M<>ller]
+
+  *) Shared library support for HPUX (in shlib/).
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
+
+  *) Shared library support for Solaris gcc.
+     [Lutz Behnke <behnke@trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
+
+  *) PKCS7_encrypt() was adding text MIME headers twice because they
+     were added manually and by SMIME_crlf_copy().
+     [Steve Henson]
+
+  *) In bntest.c don't call BN_rand with zero bits argument.
+     [Steve Henson, pointed out by Andrew W. Gray <agray@iconsinc.com>]
+
+  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+     case was implemented. This caused BN_div_recp() to fail occasionally.
+     [Ulf M<>ller]
+
+  *) Add an optional second argument to the set_label() in the perl
+     assembly language builder. If this argument exists and is set
+     to 1 it signals that the assembler should use a symbol whose 
+     scope is the entire file, not just the current function. This
+     is needed with MASM which uses the format label:: for this scope.
+     [Steve Henson, pointed out by Peter Runestig <peter@runestig.com>]
+
+  *) Change the ASN1 types so they are typedefs by default. Before
+     almost all types were #define'd to ASN1_STRING which was causing
+     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+     for example.
+     [Steve Henson]
+
+  *) Change names of new functions to the new get1/get0 naming
+     convention: After 'get1', the caller owns a reference count
+     and has to call ..._free; 'get0' returns a pointer to some
+     data structure without incrementing reference counters.
+     (Some of the existing 'get' functions increment a reference
+     counter, some don't.)
+     Similarly, 'set1' and 'add1' functions increase reference
+     counters or duplicate objects.
+     [Steve Henson]
+
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
+  *) Fix potential buffer overrun problem in BIO_printf().
+     [Ulf M<>ller, using public domain code by Patrick Powell; problem
+      pointed out by David Sacerdote <das33@cornell.edu>]
+
+  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
+     RAND_egd() and RAND_status().  In the command line application,
+     the EGD socket can be specified like a seed file using RANDFILE
+     or -rand.
+     [Ulf M<>ller]
 
   *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
      Some CAs (e.g. Verisign) distribute certificates in this form.
@@ -288,7 +448,8 @@
   *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
      [Bodo Moeller]
 
-  *) New function X509_CTX_rget_chain(), this returns the chain
+  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+     in the 0.9.5 release), this returns the chain
      from an X509_CTX structure with a dup of the stack and all
      the X509 reference counts upped: so the stack will exist
      after X509_CTX_cleanup() has been called. Modify pkcs12.c
@@ -624,10 +785,12 @@
      it clearly returns an error if you try to read the wrong kind of key.
 
      Added a -pubkey option to the 'x509' utility to output the public key.
-     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() and add
-     EVP_PKEY_rset_*() functions that do the same as the EVP_PKEY_assign_*()
-     except they up the reference count of the added key (they don't "swallow"
-     the supplied key).
+     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+     that do the same as the EVP_PKEY_assign_*() except they up the
+     reference count of the added key (they don't "swallow" the
+     supplied key).
      [Steve Henson]
 
   *) Fixes to crypto/x509/by_file.c the code to read in certificates and

Configure

@@ -89,10 +89,10 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
 #config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj
 
 my %table=(
-#"b",		"$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
-#"bl-4c-2c",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
-#"bl-4c-ri",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
-#"b2-is-ri-dp",	"$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+#"b",		"${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
 
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
@@ -100,11 +100,11 @@ my %table=(
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
 "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-levitte-linux-elf","gcc:-DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
 "dist",		"cc:-O::(unknown):::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -117,7 +117,7 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}",
 
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -266,27 +266,31 @@ my %table=(
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
-"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
 
 # UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
+# UnixWare 7
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
@@ -317,12 +321,12 @@ my %table=(
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -349,8 +353,8 @@ my %table=(
 # CygWin32
 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
 # and its library files in util/pl/*)
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -360,7 +364,7 @@ my %table=(
 
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
 "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
 "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 
@@ -418,6 +422,7 @@ my $target="";
 my $options="";
 foreach (@ARGV)
 	{
+	s /^-no-/no-/; # some people just can't read the instructions
 	if (/^no-asm$/)
 	 	{
 		$no_asm=1;
@@ -554,14 +559,14 @@ else
 	{
 	$thread_cflags="-DTHREADS $thread_cflag $cflags";
 	$thread_defines .= "#define THREADS\n";
-	my $def;
-	foreach $def (split ' ',$thread_cflag)
-		{
-		if ($def =~ s/^-D// && $def !~ /^_/)
-			{
-			$thread_defines .= "#define $def\n";
-			}
-		}
+#	my $def;
+#	foreach $def (split ' ',$thread_cflag)
+#		{
+#		if ($def =~ s/^-D// && $def !~ /^_/)
+#			{
+#			$thread_defines .= "#define $def\n";
+#			}
+#		}
 	}	
 
 $lflags="$libs$lflags"if ($libs ne "");
@@ -862,9 +867,6 @@ EOF
 print <<EOF;
 
 Configured for $target.
-
-NOTE: OpenSSL header files were moved from <*.h> to <openssl/*.h>;
-see file INSTALL for hints on coping with compatibility problems.
 EOF
 
 print <<\EOF if (!$no_threads && !$threads);
@@ -935,12 +937,11 @@ sub dofile
 		{
 		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
 		}
-	($ff=$f) =~ s/\..*$//;
-	open(OUT,">$ff.new") || die "unable to open $f:$!\n";
+	open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
 	print OUT @a;
 	close(OUT);
-	rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
-	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
+	rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
+	rename("$f.new",$f) || die "unable to rename $f.new\n";
 	}
 
 sub print_table_entry

FAQ

@@ -14,7 +14,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.4 was released on August 9th, 1999.
+OpenSSL 0.9.5 was released on February 28th, 2000.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -44,8 +44,11 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
 predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
 of this still applies to OpenSSL.
 
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
 The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt.  It may be useful when none of the other ressources
+doc/ssleay.txt.  It may be useful when none of the other resources
 help, but please note that it reflects the obsolete version SSLeay
 0.6.6.
 
@@ -76,9 +79,11 @@ the popular web browsers without RSA support.
 
 * Is OpenSSL thread-safe?
 
-Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
-multi-threaded versions of the standard libraries.  If your platform
-is not one of these, consult the INSTALL file.
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.
 
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
@@ -100,17 +105,37 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
 perform potentially insecure encryption.
 
+Most components of the openssl command line tool try to use the
+file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+for seeding the PRNG.  If this file does not exist or is too short,
+the "PRNG not seeded" error message may occur.
+Note that the command "openssl rsa" in OpenSSL 0.9.5 does not do this
+and will fail on systems without /dev/urandom when trying to
+password-encrypt an RSA key!  This is a bug in the library;
+try a later snaphost instead.
+
 
 * Why does the linker complain about undefined symbols?
 
-Maybe the compilation was interruped, and make doesn't notice that
+Maybe the compilation was interrupted, and make doesn't notice that
 something is missing.  Run "make clean; make".
 
 If you used ./Configure instead of ./config, make sure that you
 selected the right target.  File formats may differ slightly between
 OS versions (for example sparcv8/sparcv9, or a.out/elf).
 
-If that doesn't help, you may want to try using the current snapshot.
+In case you get errors about the following symbols, use the config
+option "no-asm", as described in INSTALL:
+
+ BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
+ CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
+ RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
+ bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
+ bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
+ des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
+ des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
+
+If none of these helps, you may want to try using the current snapshot.
 If the problem persists, please submit a bug report.
 
 

INSTALL

@@ -2,8 +2,8 @@
  INSTALLATION ON THE UNIX PLATFORM
  ---------------------------------
 
- [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
-  and INSTALL.VMS for installing on OpenVMS systems.]
+ [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
+  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
 
  To install OpenSSL, you will need:
 
@@ -77,8 +77,9 @@
 
      This guesses at your operating system (and compiler, if necessary) and
      configures OpenSSL based on this guess. Run ./config -t to see
-     if it guessed correctly. If it did not get it correct or you want to
-     use a different compiler then go to step 1b. Otherwise go to step 2.
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
 
      On some systems, you can include debugging information as follows:
 
@@ -101,7 +102,8 @@
 
      If your system is not available, you will have to edit the Configure
      program and add the correct configuration for your system. The
-     generic configurations "cc" or "gcc" should usually work.
+     generic configurations "cc" or "gcc" should usually work on 32 bit
+     systems.
 
      Configure creates the file Makefile.ssl from Makefile.org and
      defines various macros in crypto/opensslconf.h (generated from
@@ -117,8 +119,7 @@
 
      If "make" fails, please report the problem to <openssl-bugs@openssl.org>
      (note that your message will be forwarded to a public mailing list).
-     Include the output of "./config -t" and the OpenSSL version
-     number in your message.
+     Include the output of "make report" in your message.
 
      [If you encounter assembler error messages, try the "no-asm"
      configuration option as an immediate fix.]
@@ -133,7 +134,7 @@
     If a test fails, try removing any compiler optimization flags from
     the CFLAGS line in Makefile.ssl and run "make clean; make". Please
     send a bug report to <openssl-bugs@openssl.org>, including the
-    output of "openssl version -a" and of the failed test.
+    output of "make report".
 
   4. If everything tests ok, install OpenSSL with
 

INSTALL.VMS

@@ -8,13 +8,44 @@ Intro:
 
 This file is divided in the following parts:
 
+  Checking the distribution	- Mandatory reading.
   Compilation			- Mandatory reading.
+  Logical names			- Mandatory reading.
   Test				- Mandatory reading.
   Installation			- Mandatory reading.
   Backward portability		- Read if it's an issue.
   Possible bugs or quirks	- A few warnings on things that
 				  may go wrong or may surprise you.
-  Report			- How to get in touch with me.
+  TODO				- Things that are to come.
+
+
+Checking the distribution:
+==========================
+
+There have been reports of places where the distribution didn't quite get
+through, for example if you've copied the tree from a NFS-mounted unix
+mount point.
+
+The easiest way to check if everything got through as it should is to check
+for oen of the following files:
+
+	[.CRYPTO]OPENSSLCONF.H_IN
+	[.CRYPTO]OPENSSLCONF_H.IN
+
+They should never exist both at once, but one of them should (preferably
+the first variant).  If you can't find any of those two, something went
+wrong.
+
+The best way to get a correct distribution is to download the gzipped tar
+file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
+use VMSTAR to unpack the resulting tar file.
+
+GUNZIP is available in many places on the net.  One of the distribution
+points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
+
+VMSTAR is also available in many places on the net.  The recommended place
+to find information about it is http://www.free.lp.se/vmstar/ .
+
 
 Compilation:
 ============
@@ -35,26 +66,28 @@ directory.  The syntax is trhe following:
 <option> must be one of the following:
 
       ALL       Just build "everything".
-      DATE      Just build the "[.INCLUDE]DATE.H" file.
+      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
+      BUILDINF  Just build the "[.INCLUDE]BUILDINF.H" file.
       SOFTLINKS Just copies some files, to simulate Unix soft links.
+      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
       RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
       CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
       SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
       SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
-      TEST      Just build the "test" programs for OpenSSL.
-      APPS      Just build the "application" programs for OpenSSL.
+      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
+      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
 
 <rsaref-p> must be one of the following:
 
       RSAREF    compile using the RSAREF Library
       NORSAREF  compile without using RSAREF
 
-Note: The RSAREF libraries are NOT INCLUDED and you have to
-      download it from "ftp://ftp.rsa.com/rsaref".  You have to
-      get the ".tar-Z" file as the ".zip" file doesn't have the
-      directory structure stored.  You have to extract the file
-      into the [.RSAREF] directory as that is where the scripts
-      will look for the files.
+Note 1: The RSAREF libraries are NOT INCLUDED and you have to
+        download it from "ftp://ftp.rsa.com/rsaref".  You have to
+        get the ".tar-Z" file as the ".zip" file doesn't have the
+        directory structure stored.  You have to extract the file
+        into the [.RSAREF] directory as that is where the scripts
+        will look for the files.
 
 Note 2: I have never done this, so I've no idea if it works or not.
 
@@ -65,7 +98,6 @@ Note 2: I have never done this, so I've no idea if it works or not.
 
 <compiler> must be one of the following:
 
-      VAXC      For VAX C.
       DECC      For DEC C.
       GNUC      For GNU C.
 
@@ -77,15 +109,33 @@ named LIBSSL.OLB, and you will find a bunch of useful programs in
 just to test them.  For production use, make sure you install first, see
 Installation below.
 
-Note: Some programs in this package require a TCP/IP library.
+Note 1: Some programs in this package require a TCP/IP library.
 
 Note 2: if you want to compile the crypto library only, please make sure
-        you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
-        A lot of things will break if you don't.
+        you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
+        a @MAKEVMS SOFTLINKS.  A lot of things will break if you don't.
+
+
+Logical names:
+==============
+
+There are a few things that can't currently be given through the command
+line.  Instead, logical names are used.
+
+Currently, the logical names supported are:
+
+      OPENSSL_NO_ASM    with value YES, the assembler parts of OpenSSL will
+                        not be used.  Instead, plain C implementations are
+                        used.  This is good to try if something doesn't work.
+      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
+                        will not be implemented.  Supported algorithms to
+                        do this with are: RSA, DSA, DH, MD2, MD5, RIPEMD,
+                        SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
+                        SSL2.  So, for example, having the logical name
+                        OPENSSL_NO_RSA with the value YES means that the
+                        LIBCRYPTO.OLB library will not contain an RSA
+                        implementation.
 
-Note 3: Alpha users will get a number of informational messages when
-        compiling the [.asm]vms.mar file in the BN (bignum) part of
-        the crypto library.  These can be safely ignored.
 
 Test:
 =====
@@ -99,6 +149,7 @@ it's an ugly hack!) and rebuild. Please send a bug report to
 <openssl-bugs@openssl.org>, including the output of "openssl version -a"
 and of the failed test.
 
+
 Installation:
 =============
 
@@ -158,6 +209,7 @@ The logical names that are set up are the following:
 		(the NOTE in section 4 of "Installation in Detail").
 		You don't need to "deleting old header files"!!!
 
+
 Backward portability:
 =====================
 
@@ -212,19 +264,6 @@ directory by default, it may very well be that you have to give them
 extra arguments.  Please experiment.
 
 
-Report:
-=======
-
-I maintain a few mailinglists for bug reports and such on software that
-I develop/port/enhance/destroy.  Please look at http://www.free.lp.se/
-for further info.
-
-
--- 
-Richard Levitte <richard@levitte.org>
-1999-03-09
-
-
 TODO:
 =====
 
@@ -242,4 +281,4 @@ have any ideas.
 
 --
 Richard Levitte <richard@levitte.org>
-1999-05-24
+2000-02-27

INSTALL.W32

@@ -21,10 +21,12 @@
   * Microsoft MASM (aka "ml")
   * Free Netwide Assembler NASM.
 
- MASM was I believe distributed in the past with VC++ and it is also part of
- the MSDN SDKs. It is no longer distributed as part of VC++ and can be hard
- to get hold of. It can be purchased: see Microsoft's site for details at:
- http://www.microsoft.com/
+ MASM was at one point distributed with VC++. It is now distributed with some
+ Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
+ you do not have either of these DDKs then you can just download the binaries
+ for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
+ XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
+ DDKs can be downloaded from the Microsoft developers site www.msdn.com.
 
  NASM is freely available. Version 0.98 was used during testing: other versions
  may also work. It is available from many places, see for example:
@@ -59,7 +61,7 @@
    > ms\do_ms
 
  If you get errors about things not having numbers assigned then check the
- troubleshooting section: you probably wont be able to compile it as it
+ troubleshooting section: you probably won't be able to compile it as it
  stands.
 
  Then from the VC++ environment at a prompt do:
@@ -114,10 +116,12 @@
 
  * Compile OpenSSL:
 
-   > perl Configure Mingw32
-   > ms\mw.bat
+   > ms\mingw32
 
-   This will create the library and binaries in out.
+   This will create the library and binaries in out. In case any problems
+   occur, try
+   > ms\mingw32 no-asm
+   instead.
 
    libcrypto.a and libssl.a are the static libraries. To use the DLLs,
    link with libeay32.a and libssl32.a instead.
@@ -145,12 +149,16 @@
  assigned in the CVS tree: so anything linked against this version of the
  library may need to be recompiled.
 
- If you get errors about unresolved externals then this means that either you
- didn't read the note above about functions not having numbers assigned or
- someone forgot to add a function to the header file.
+ If you get errors about unresolved symbols there are several possible
+ causes.
 
- In this latter case check out the header file to see if the function is
- defined in the header file.
+ If this happens when the DLL is being linked and you have disabled some
+ ciphers then it is possible the DEF file generator hasn't removed all
+ the disabled symbols: the easiest solution is to edit the DEF files manually
+ to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
+
+ Another cause is if you missed or ignored the errors about missing numbers
+ mentioned above.
 
  If you get warnings in the code then the compilation will halt.
 

MacOS/GetHTTPS.src/GetHTTPS.cpp

@@ -19,6 +19,7 @@
  *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
  */
 /* modified to seed the PRNG */
+/* modified to use CRandomizer for seeding */
 
 
 //	Include some funky libs I've developed over time
@@ -26,14 +27,13 @@
 #include "CPStringUtils.hpp"
 #include "ErrorHandling.hpp"
 #include "MacSocket.h"
-
+#include "Randomizer.h"
 
 //	We use the OpenSSL implementation of SSL....
 //	This was a lot of work to finally get going, though you wouldn't know it by the results!
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
 
 #include <timer.h>
 
@@ -48,10 +48,6 @@
 
 OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
 
-
-
-
-
 //	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.
 
 OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
@@ -59,31 +55,33 @@ OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
 #pragma unused(inUserRefPtr)
 
 EventRecord		theEvent;
-
 	::EventAvail(everyEvent,&theEvent);
+	
+	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
+	if (randomizer)
+		randomizer->PeriodicAction();
 
 	return(noErr);
 }
 
 
-
 //	Finally!
 
 void main(void)
 {
-OSErr				errCode;
-int					theSocket = -1;
-int					theTimeout = 30;
+	OSErr				errCode;
+	int					theSocket = -1;
+	int					theTimeout = 30;
 
-SSL_CTX				*ssl_ctx = nil;
-SSL					*ssl = nil;
+	SSL_CTX				*ssl_ctx = nil;
+	SSL					*ssl = nil;
 
-char				tempString[256];
-UnsignedWide		microTickCount;
+	char				tempString[256];
+	UnsignedWide		microTickCount;
+
+
+	CRandomizer randomizer;
 	
-#warning   -- USE A TRUE RANDOM SEED, AND ADD ENTROPY WHENEVER POSSIBLE. --
-const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*";	// Just gobbledygook
-
 	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
 	
 	BailIfError(errCode = MacSocket_Startup());
@@ -92,7 +90,7 @@ const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*";	// Just gobbled
 
 	//	Create a socket-like object
 	
-	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,nil));
+	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
 
 	
 	//	Set up the connect string and try to connect
@@ -118,10 +116,6 @@ const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*";	// Just gobbled
 //	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 			
 
-	RAND_seed (seed, sizeof (seed));
-	Microseconds (&microTickCount);
-	RAND_add (&microTickCount, sizeof (microTickCount), 0);		// Entropy is actually > 0, needs an estimate
-
 	//	Create an SSL thingey and try to negotiate the connection
 	
 	ssl = SSL_new(ssl_ctx);

MacOS/Randomizer.cpp

@@ -0,0 +1,476 @@
+/* 
+------- Strong random data generation on a Macintosh (pre - OS X) ------
+		
+--	GENERAL: We aim to generate unpredictable bits without explicit
+	user interaction. A general review of the problem may be found
+	in RFC 1750, "Randomness Recommendations for Security", and some
+	more discussion, of general and Mac-specific issues has appeared
+	in "Using and Creating Cryptographic- Quality Random Numbers" by
+	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
+
+	The data and entropy estimates provided below are based on my
+	limited experimentation and estimates, rather than by any
+	rigorous study, and the entropy estimates tend to be optimistic.
+	They should not be considered absolute.
+
+	Some of the information being collected may be correlated in
+	subtle ways. That includes mouse positions, timings, and disk
+	size measurements. Some obvious correlations will be eliminated
+	by the programmer, but other, weaker ones may remain. The
+	reliability of the code depends on such correlations being
+	poorly understood, both by us and by potential interceptors.
+
+	This package has been planned to be used with OpenSSL, v. 0.9.5.
+	It requires the OpenSSL function RAND_add. 
+
+--	OTHER WORK: Some source code and other details have been
+	published elsewhere, but I haven't found any to be satisfactory
+	for the Mac per se:
+
+	* The Linux random number generator (by Theodore Ts'o, in
+	  drivers/char/random.c), is a carefully designed open-source
+	  crypto random number package. It collects data from a variety
+	  of sources, including mouse, keyboard and other interrupts.
+	  One nice feature is that it explicitly estimates the entropy
+	  of the data it collects. Some of its features (e.g. interrupt
+	  timing) cannot be reliably exported to the Mac without using
+	  undocumented APIs.
+
+	* Truerand by Don P. Mitchell and Matt Blaze uses variations
+	  between different timing mechanisms on the same system. This
+	  has not been tested on the Mac, but requires preemptive
+	  multitasking, and is hardware-dependent, and can't be relied
+	  on to work well if only one oscillator is present.
+
+	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
+	  gathers a lot of information about the machine and system
+	  environment. Unfortunately, much of it is constant from one
+	  startup to the next. In other words, the random seed could be
+	  the same from one day to the next. Some of the APIs are
+	  hardware-dependent, and not all are compatible with Carbon (OS
+	  X). Incidentally, the EGD library is based on the UNIX entropy
+	  gathering methods in cryptlib, and isn't suitable for MacOS
+	  either.
+
+	* Mozilla (and perhaps earlier versions of Netscape) uses the
+	  time of day (in seconds) and an uninitialized local variable
+	  to seed the random number generator. The time of day is known
+	  to an outside interceptor (to within the accuracy of the
+	  system clock). The uninitialized variable could easily be
+	  identical between subsequent launches of an application, if it
+	  is reached through the same path.
+
+	* OpenSSL provides the function RAND_screen(), by G. van
+	  Oosten, which hashes the contents of the screen to generate a
+	  seed. This is not useful for an extension or for an
+	  application which launches at startup time, since the screen
+	  is likely to look identical from one launch to the next. This
+	  method is also rather slow.
+
+	* Using variations in disk drive seek times has been proposed
+	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
+	  Jakobsson, Shriver, Hillyer and Juels,
+	  www.bell-labs.com/user/shriver/random.html). These variations
+	  appear to be due to air turbulence inside the disk drive
+	  mechanism, and are very strongly unpredictable. Unfortunately
+	  this technique is slow, and some implementations of it may be
+	  patented (see Shriver's page above.) It of course cannot be
+	  used with a RAM disk.
+
+--	TIMING: On the 601 PowerPC the time base register is guaranteed
+	to change at least once every 10 addi instructions, i.e. 10
+	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
+	a resolution of 1/6 usec. Newer machines seem to be using a 10
+	cycle resolution as well.
+	
+	For 68K Macs, the Microseconds() call may be used. See Develop
+	issue 29 on the Apple developer site
+	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
+	for information on its accuracy and resolution. The code below
+	has been tested only on PowerPC based machines.
+
+	The time from machine startup to the launch of an application in
+	the startup folder has a variance of about 1.6 msec on a new G4
+	machine with a defragmented and optimized disk, most extensions
+	off and no icons on the desktop. This can be reasonably taken as
+	a lower bound on the variance. Most of this variation is likely
+	due to disk seek time variability. The distribution of startup
+	times is probably not entirely even or uncorrelated. This needs
+	to be investigated, but I am guessing that it not a majpor
+	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
+	machine, ~16 bits for a 450 MHz machine.
+
+	User-launched application startup times will have a variance of
+	a second or more relative to machine startup time. Entropy >~22
+	bits.
+
+	Machine startup time is available with a 1-second resolution. It
+	is predictable to no better a minute or two, in the case of
+	people who show up punctually to work at the same time and
+	immediately start their computer. Using the scheduled startup
+	feature (when available) will cause the machine to start up at
+	the same time every day, making the value predictable. Entropy
+	>~7 bits, or 0 bits with scheduled startup.
+
+	The time of day is of course known to an outsider and thus has 0
+	entropy if the system clock is regularly calibrated.
+
+--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
+	inter-key timing interval of 100 msec. We can assume a variance
+	of no less than 2 msec -- maybe. Do good typists have a constant
+	rhythm, like drummers? Since what we measure is not the
+	key-generated interrupt but the time at which the key event was
+	taken off the event queue, our resolution is roughly the time
+	between process switches, at best 1 tick (17 msec). I  therefore
+	consider this technique questionable and not very useful for
+	obtaining high entropy data on the Mac.
+
+--	MOUSE POSITION AND TIMING: The high bits of the mouse position
+	are far from arbitrary, since the mouse tends to stay in a few
+	limited areas of the screen. I am guessing that the position of
+	the mouse is arbitrary within a 6 pixel square. Since the mouse
+	stays still for long periods of time, it should be sampled only
+	after it was moved, to avoid correlated data. This gives an
+	entropy of log2(6*6) ~= 5 bits per measurement.
+
+	The time during which the mouse stays still can vary from zero
+	to, say, 5 seconds (occasionally longer). If the still time is
+	measured by sampling the mouse during null events, and null
+	events are received once per tick, its resolution is 1/60th of a
+	second, giving an entropy of log2 (60*5) ~= 8 bits per
+	measurement. Since the distribution of still times is uneven,
+	this estimate is on the high side.
+
+	For simplicity and compatibility across system versions, the
+	mouse is to be sampled explicitly (e.g. in the event loop),
+	rather than in a time manager task.
+
+--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
+	from one startup to the next, with 'minimal' computer use. Won't
+	vary at all if machine is started again immediately after
+	startup (unless virtual memory is on), but any application which
+	uses the web and caches information to disk is likely to cause
+	this much variation or more. The variation is probably not
+	random, but I don't know in what way. File sizes tend to be
+	divisible by 4 bytes since file format fields are often
+	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
+	
+--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
+	gets fragmented this could be anywhere in principle. In a
+	perfectly unfragmented volume this will be strongly correlated
+	with the total file size on the disk. With more fragmentation
+	comes less certainty. I took the variation in this value to be
+	1/8 of the total file size on the volume.
+
+--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
+	(for Gestalt and Microseconds calls). All the calls used are
+	Carbon-compatible.
+*/
+
+/*------------------------------ Includes ----------------------------*/
+
+#include "Randomizer.h"
+
+// Mac OS API
+#include <Files.h>
+#include <Folders.h>
+#include <Events.h>
+#include <Processes.h>
+#include <Gestalt.h>
+#include <Resources.h>
+#include <LowMem.h>
+
+// Standard C library
+#include <stdlib.h>
+#include <math.h>
+
+/*---------------------- Function declarations -----------------------*/
+
+// declared in OpenSSL/crypto/rand/rand.h
+extern "C" void RAND_add (const void *buf, int num, double entropy);
+
+unsigned long GetPPCTimer (bool is601);	// Make it global if needed
+					// elsewhere
+
+/*---------------------------- Constants -----------------------------*/
+
+#define kMouseResolution 6		// Mouse position has to differ
+					// from the last one by this
+					// much to be entered
+#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
+#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
+					// amount of time between mouse
+					// moves is 5 seconds
+#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
+					// assuming a variation of 20K
+					// in total file size and
+					// long-aligned file formats.
+#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
+					// in ticks  
+#define kSysStartupEntropy 7.0		// Entropy for machine startup
+					// time
+
+
+/*------------------------ Function definitions ----------------------*/
+
+CRandomizer::CRandomizer (void)
+{
+	long	result;
+	
+	mSupportsLargeVolumes =
+		(Gestalt(gestaltFSAttr, &result) == noErr) &&
+		((result & (1L << gestaltFSSupports2TBVols)) != 0);
+	
+	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
+	{
+		mIsPowerPC = false;
+		mIs601 = false;
+	}
+	else
+	{
+		mIs601 = (result == gestaltCPU601);
+		mIsPowerPC = (result >= gestaltCPU601);
+	}
+	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
+						// always be recorded
+	mLastPeriodicTicks = TickCount();
+	GetTimeBaseResolution ();
+	
+	// Add initial entropy
+	AddTimeSinceMachineStartup ();
+	AddAbsoluteSystemStartupTime ();
+	AddStartupVolumeInfo ();
+	AddFiller ();
+}
+
+void CRandomizer::PeriodicAction (void)
+{
+	AddCurrentMouse ();
+	AddNow (0.0);	// Should have a better entropy estimate here
+	mLastPeriodicTicks = TickCount();
+}
+
+/*------------------------- Private Methods --------------------------*/
+
+void CRandomizer::AddCurrentMouse (void)
+{
+	Point mouseLoc;
+	unsigned long lastCheck;	// Ticks since mouse was last
+					// sampled
+
+#if TARGET_API_MAC_CARBON
+	GetGlobalMouse (&mouseLoc);
+#else
+	mouseLoc = LMGetMouseLocation();
+#endif
+	
+	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
+	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
+		AddBytes (&mouseLoc, sizeof (mouseLoc),
+				kMousePositionEntropy);
+	
+	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
+		mMouseStill ++;
+	else
+	{
+		double entropy;
+		
+		// Mouse has moved. Add the number of measurements for
+		// which it's been still. If the resolution is too
+		// coarse, assume the entropy is 0.
+
+		lastCheck = TickCount() - mLastPeriodicTicks;
+		if (lastCheck <= 0)
+			lastCheck = 1;
+		entropy = log2l
+			(kTypicalMouseIdleTicks/(double)lastCheck);
+		if (entropy < 0.0)
+			entropy = 0.0;
+		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
+		mMouseStill = 0;
+	}
+	mLastMouse = mouseLoc;
+}
+
+void CRandomizer::AddAbsoluteSystemStartupTime (void)
+{
+	unsigned long	now;		// Time in seconds since
+					// 1/1/1904
+	GetDateTime (&now);
+	now -= TickCount() / 60;	// Time in ticks since machine
+					// startup
+	AddBytes (&now, sizeof (now), kSysStartupEntropy);
+}
+
+void CRandomizer::AddTimeSinceMachineStartup (void)
+{
+	AddNow (1.5);			// Uncertainty in app startup
+					// time is > 1.5 msec (for
+					// automated app startup).
+}
+
+void CRandomizer::AddAppRunningTime (void)
+{
+	ProcessSerialNumber PSN;
+	ProcessInfoRec		ProcessInfo;
+	
+	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
+	ProcessInfo.processName = nil;
+	ProcessInfo.processAppSpec = nil;
+	
+	GetCurrentProcess (&PSN);
+	GetProcessInformation (&PSN, &ProcessInfo);
+
+	// Now add the amount of time in ticks that the current process
+	// has been active
+
+	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
+			kApplicationUpTimeEntropy);
+}
+
+void CRandomizer::AddStartupVolumeInfo (void)
+{
+	short			vRefNum;
+	long			dirID;
+	XVolumeParam	pb;
+	OSErr			err;
+	
+	if (!mSupportsLargeVolumes)
+		return;
+		
+	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
+			&vRefNum, &dirID);
+	pb.ioVRefNum = vRefNum;
+	pb.ioCompletion = 0;
+	pb.ioNamePtr = 0;
+	pb.ioVolIndex = 0;
+	err = PBXGetVolInfoSync (&pb);
+	if (err != noErr)
+		return;
+		
+	// Base the entropy on the amount of space used on the disk and
+	// on the next available allocation block. A lot else might be
+	// unpredictable, so might as well toss the whole block in. See
+	// comments for entropy estimate justifications.
+
+	AddBytes (&pb, sizeof (pb),
+		kVolumeBytesEntropy +
+		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
+				* 4294967296.0D +
+			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
+				/ pb.ioVAlBlkSiz - 3.0));
+}
+
+/*
+	On a typical startup CRandomizer will come up with about 60
+	bits of good, unpredictable data. Assuming no more input will
+	be available, we'll need some more lower-quality data to give
+	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
+	relatively predictable data into the soup.
+*/
+
+void CRandomizer::AddFiller (void)
+{
+	struct
+	{
+		ProcessSerialNumber psn;	// Front process serial
+						// number
+		RGBColor	hiliteRGBValue;	// User-selected
+						// highlight color
+		long		processCount;	// Number of active
+						// processes
+		long		cpuSpeed;	// Processor speed
+		long		totalMemory;	// Total logical memory
+						// (incl. virtual one)
+		long		systemVersion;	// OS version
+		short		resFile;	// Current resource file
+	} data;
+	
+	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
+	while (GetNextProcess (&data.psn) == noErr)
+		data.processCount++;
+	GetFrontProcess (&data.psn);
+	LMGetHiliteRGB (&data.hiliteRGBValue);
+	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
+	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
+	Gestalt (gestaltSystemVersion, &data.systemVersion);
+	data.resFile = CurResFile ();
+	
+	// Here we pretend to feed the PRNG completely random data. This
+	// is of course false, as much of the above data is predictable
+	// by an outsider. At this point we don't have any more
+	// randomness to add, but with OpenSSL we must have a 128 bit
+	// seed before we can start. We just add what we can, without a
+	// real entropy estimate, and hope for the best.
+
+	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
+	AddCurrentMouse ();
+	AddNow (1.0);
+}
+
+//-------------------  LOW LEVEL ---------------------
+
+void CRandomizer::AddBytes (void *data, long size, double entropy)
+{
+	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
+						// to bytes
+}
+
+void CRandomizer::AddNow (double millisecondUncertainty)
+{
+	long time = SysTimer();
+	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
+			mTimebaseTicksPerMillisec));
+}
+
+//----------------- TIMING SUPPORT ------------------
+
+void CRandomizer::GetTimeBaseResolution (void)
+{	
+#ifdef __powerc
+	long speed;
+	
+	// gestaltProcClkSpeed available on System 7.5.2 and above
+	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
+		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
+		// machines.
+		mTimebaseTicksPerMillisec =  6000.0D;
+	// Assume 10 cycles per clock update, as in 601 spec. Seems true
+	// for later chips as well.
+	mTimebaseTicksPerMillisec = speed / 1.0e4D;
+#else
+	// 68K VIA-based machines (see Develop Magazine no. 29)
+	mTimebaseTicksPerMillisec = 783.360D;
+#endif
+}
+
+unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
+						// bit of the chip timer
+{
+#ifdef __powerc
+	return GetPPCTimer (mIs601);
+#else
+	UnsignedWide usec;
+	Microseconds (&usec);
+	return usec.lo;
+#endif
+}
+
+#ifdef __powerc
+// The timebase is available through mfspr on 601, mftb on later chips.
+// Motorola recommends that an 601 implementation map mftb to mfspr
+// through an exception, but I haven't tested to see if MacOS actually
+// does this. We only sample the lower 32 bits of the timer (i.e. a
+// few minutes of resolution)
+
+asm unsigned long GetPPCTimer (register bool is601)
+{
+	cmplwi	is601, 0	// Check if 601
+	bne	_601		// if non-zero goto _601
+	mftb  	r3		// Available on 603 and later.
+	blr			// return with result in r3
+_601:
+	mfspr r3, spr5  	// Available on 601 only.
+				// blr inserted automatically
+}
+#endif

MacOS/Randomizer.h

@@ -0,0 +1,43 @@
+
+//	Gathers unpredictable system data to be used for generating
+//	random bits
+
+#include <MacTypes.h>
+
+class CRandomizer
+{
+public:
+	CRandomizer (void);
+	void PeriodicAction (void);
+	
+private:
+
+	// Private calls
+
+	void		AddTimeSinceMachineStartup (void);
+	void		AddAbsoluteSystemStartupTime (void);
+	void		AddAppRunningTime (void);
+	void		AddStartupVolumeInfo (void);
+	void		AddFiller (void);
+
+	void		AddCurrentMouse (void);
+	void		AddNow (double millisecondUncertainty);
+	void		AddBytes (void *data, long size, double entropy);
+	
+	void		GetTimeBaseResolution (void);
+	unsigned long	SysTimer (void);
+
+	// System Info	
+	bool		mSupportsLargeVolumes;
+	bool		mIsPowerPC;
+	bool		mIs601;
+	
+	// Time info
+	double		mTimebaseTicksPerMillisec;
+	unsigned long	mLastPeriodicTicks;
+	
+	// Mouse info
+	long		mSamplePeriod;
+	Point		mLastMouse;
+	long		mMouseStill;
+};

MacOS/buildinf.h

@@ -1,5 +1,5 @@
 #ifndef MK1MF_BUILD
 #  define CFLAGS	"-DB_ENDIAN"
 #  define PLATFORM	"macos"
-#  define DATE		"Sat Dec 18 23:10 MEST 1999"
+#  define DATE		"Sun Feb 27 19:44:16 MET 2000"
 #endif

MacOS/opensslconf.h

@@ -112,6 +112,5 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif /* HEADER_DES_LOCL_H */
 
 #ifndef __POWERPC__
-#define SHA_XARRAY
+#define MD32_XARRAY
 #endif
-

Makefile.org

@@ -28,8 +28,6 @@ OPENSSLDIR=/usr/local/ssl
 # DEVRANDOM - Give this the value of the 'random device' if your OS supports
 #           one.  32 bytes will be read from this when the random
 #           number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#           SSLv3 anon-DH ciphers.
 # SSL_FORBID_ENULL - define if you want the server to be not able to use the
 #           NULL encryption ciphers.
 #
@@ -219,7 +217,7 @@ libclean:
 	rm -f *.a */lib */*/lib
 
 clean:
-	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time
+	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making clean in $$i..." && \
@@ -368,21 +366,28 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man7
 	@echo installing man 1 and man 5
 	@for i in doc/apps/*.pod; do \
-		(cd `dirname $$i`; \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			 --release=$(VERSION) `basename $$i` \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+			 --release=$(VERSION) `basename $$i`) \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@echo installing man 3 and man 7
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		(cd `dirname $$i`; \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i` \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+			--release=$(VERSION) `basename $$i`) \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 
+shlib: all
+	if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
+	cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
+            -o ./libcrypto.so.0.9.4 && rm *.o
+	cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
+            -o ./libssl.so.0.9.4 && rm *.o
+
 # DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -35,8 +35,9 @@
       o Memory leak detection now allows applications to add extra information
         via a per-thread stack
       o PRNG robustness improved
+      o EGD support
       o BIGNUM library bug fixes
-      o faster DSA parameter generation
+      o Faster DSA parameter generation
       o Enhanced support for Alpha Linux
       o Experimental MacOS support
 

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.5-dev  xx XXX 2000
+ OpenSSL 0.9.5a-beta1  20 Mar 2000
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -11,9 +11,10 @@
  The OpenSSL Project is a collaborative effort to develop a robust,
  commercial-grade, fully featured, and Open Source toolkit implementing the
  Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols with full-strength cryptography world-wide. The project is managed
- by a worldwide community of volunteers that use the Internet to communicate,
- plan, and develop the OpenSSL toolkit and its related documentation. 
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation. 
 
  OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
  and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the

STATUS

@@ -1,12 +1,11 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/02/14 16:58:40 $
+  ______________                           $Date: 2000/03/06 14:24:25 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.5:  Under development...
-                       Proposed freeze  time: Monday, February 21st 2000
-                       Proposed release time: Monday, February 28th 2000
+    o  OpenSSL 0.9.5a: Under development...
+    o  OpenSSL 0.9.5:  Released on February 28th, 2000
     o  OpenSSL 0.9.4:  Released on August   09th, 1999
     o  OpenSSL 0.9.3a: Released on May      29th, 1999
     o  OpenSSL 0.9.3:  Released on May      25th, 1999
@@ -17,11 +16,7 @@
 
   AVAILABLE PATCHES
 
-    o shared libraries <behnke@trustcenter.de>
-    o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
-    o SMIME tool (demo), Sampo Kellomaki <sampo@iki.fi>
     o CA.pl patch (Damien Miller)
-    o FreeBSD 3.0 changes (Richard Levitte)
 
   IN PROGRESS
 
@@ -32,38 +27,9 @@
         Various X509 issues: character sets, certificate request extensions.
 	Documentation for the openssl utility.
 
-    o Mark is currently working on:
-        Folding in any changes that are in the C2Net code base that were
-        not in the original SSLeay-0.9.1.b release.  Plus other minor
-        tidying.
-
-    o Ralf is currently working on:
-        1. Support for SSL_set_default_verify_paths(),
-           SSL_load_verify_locations(), SSL_get_cert_store() and
-           SSL_set_cert_store() functions which work like their existing
-           SSL_CTX_xxx() variants but on a per connection basis. That's needed
-           to let us provide full-featured per-URL client verification in
-           mod_ssl or Apache-SSL.
-           => It still dumps core, so I suspend this and investigate
-              again for OpenSSL 0.9.3.
-        2. The perl/ stuff to make it really work the first time ;-)
-           => I'll investigate a few more hours for OpenSSL 0.9.2
-        3. The new documentation set in POD format under doc/
-           => I'll investigate a few more hours for OpenSSL 0.9.2
-        4. More cleanups to get rid of obsolete/old/ugly files in the
-           source tree which are not really needed.
-           => Done all which were possible with my personal knowledge
-
-    o Ben is currently working on:
-	1. Function Prototype Thought Police issues.
-	2. Integrated documentation.
-	3. New TLS Ciphersuites.
-	4. Anything else that takes his fancy.
-
   NEEDS PATCH
 
-    o  salzr@certco.com (Rich Salz): Bug in X509_name_print
-       <29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
+    o  non-blocking socket on AIX
     o  $(PERL) in */Makefile.ssl
     o  "Sign the certificate?" - "n" creates empty certificate file
 
@@ -122,8 +88,6 @@
       use a key length decided by the size of the RSA encrypted key and expect
       RC2 to adapt).
 
-    o Properly initialize the PRNG in the absence of /dev/random.
-
     o ERR_error_string(..., buf) does not know how large buf is,
       there should be ERR_error_string_n(..., buf, bufsize)
       or similar.

TABLE

@@ -665,7 +665,7 @@ $rc5_obj      = asm/r586-elf.o
 
 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
+$cflags       = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = 
@@ -801,7 +801,7 @@ $rc5_obj      = asm/r586-elf.o
 
 *** debug-ulf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
+$cflags       = -DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = 
@@ -1292,6 +1292,23 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 
+*** linux-ia64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+
 *** linux-mips
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
@@ -1313,9 +1330,9 @@ $rc5_obj      =
 $cc           = gcc
 $cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -D_REENTRANT
 $lflags       = 
-$bn_ops       = 
+$bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -1750,3 +1767,20 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
+
+*** unixware-7
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca
+$unistd       = 
+$thread_cflag = -Kthread
+$lflags       = -lsocket -lnsl
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 

VMS/vms_idhacks.h

@@ -143,6 +143,27 @@
 #define sk_ACCESS_DESCRIPTION_pop		sk_ACC_DESC_pop
 #define sk_ACCESS_DESCRIPTION_sort		sk_ACC_DESC_sort
 
+/* Hack the names created with DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) */
+#define sk_CRYPTO_EX_DATA_FUNCS_new		sk_CRYPT_EX_DATFNS_new
+#define sk_CRYPTO_EX_DATA_FUNCS_new_null	sk_CRYPT_EX_DATFNS_new_null
+#define sk_CRYPTO_EX_DATA_FUNCS_free		sk_CRYPT_EX_DATFNS_free
+#define sk_CRYPTO_EX_DATA_FUNCS_num		sk_CRYPT_EX_DATFNS_num
+#define sk_CRYPTO_EX_DATA_FUNCS_value		sk_CRYPT_EX_DATFNS_value
+#define sk_CRYPTO_EX_DATA_FUNCS_set		sk_CRYPT_EX_DATFNS_set
+#define sk_CRYPTO_EX_DATA_FUNCS_zero		sk_CRYPT_EX_DATFNS_zero
+#define sk_CRYPTO_EX_DATA_FUNCS_push		sk_CRYPT_EX_DATFNS_push
+#define sk_CRYPTO_EX_DATA_FUNCS_unshift		sk_CRYPT_EX_DATFNS_unshift
+#define sk_CRYPTO_EX_DATA_FUNCS_find		sk_CRYPT_EX_DATFNS_find
+#define sk_CRYPTO_EX_DATA_FUNCS_delete		sk_CRYPT_EX_DATFNS_delete
+#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr	sk_CRYPT_EX_DATFNS_delete_ptr
+#define sk_CRYPTO_EX_DATA_FUNCS_insert		sk_CRYPT_EX_DATFNS_insert
+#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func	sk_CRYPT_EX_DATFNS_set_cmp_func
+#define sk_CRYPTO_EX_DATA_FUNCS_dup		sk_CRYPT_EX_DATFNS_dup
+#define sk_CRYPTO_EX_DATA_FUNCS_pop_free	sk_CRYPT_EX_DATFNS_pop_free
+#define sk_CRYPTO_EX_DATA_FUNCS_shift		sk_CRYPT_EX_DATFNS_shift
+#define sk_CRYPTO_EX_DATA_FUNCS_pop		sk_CRYPT_EX_DATFNS_pop
+#define sk_CRYPTO_EX_DATA_FUNCS_sort		sk_CRYPT_EX_DATFNS_sort
+
 /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
 #define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF
 #define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF

apps/Makefile.ssl

@@ -38,7 +38,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime
+	pkcs8 spkac smime rand
 
 PROGS= $(PROGRAM).c
 
@@ -54,18 +54,14 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o
-
-#	pem_mail.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
 
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c
-
-#	pem_mail.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
 
 SRC=$(E_SRC)
 
@@ -537,6 +533,23 @@ pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
 pkcs8.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -734,11 +747,12 @@ speed.o: ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
-spkac.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/idea.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h

apps/app_rand.c

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -109,12 +109,15 @@
  *
  */
 
+#define NON_MAIN
 #include "apps.h"
+#undef NON_MAIN
 #include <openssl/bio.h>
 #include <openssl/rand.h>
 
 
 static int seeded = 0;
+static int egdsocket = 0;
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 	{
@@ -130,12 +133,19 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 
 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof buffer);
+	else if (RAND_egd(file) > 0)
+		{
+		/* we try if the given filename is an EGD socket.
+		   if it is, we don't write anything back to the file. */
+		egdsocket = 1;
+		return 1;
+		}
 	if (file == NULL || !RAND_load_file(file, -1))
 		{
-		if (!dont_warn)
+		if (RAND_status() == 0 && !dont_warn)
 			{
 			BIO_printf(bio_e,"unable to load 'random state'\n");
-			BIO_printf(bio_e,"What this means is that the random number generator has not been seeded\n");
+			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
 			BIO_printf(bio_e,"with much random data.\n");
 			if (consider_randfile) /* explanation does not apply when a file is explicitly named */
 				{
@@ -154,7 +164,8 @@ long app_RAND_load_files(char *name)
 	char *p,*n;
 	int last;
 	long tot=0;
-
+	int egd;
+	
 	for (;;)
 		{
 		last=0;
@@ -165,7 +176,9 @@ long app_RAND_load_files(char *name)
 		name=p+1;
 		if (*n == '\0') break;
 
-		tot+=RAND_load_file(n,1024L*1024L);
+		egd=RAND_egd(n);
+		if (egd > 0) tot+=egd;
+		tot+=RAND_load_file(n,-1);
 		if (last) break;
 		}
 	if (tot > 512)
@@ -177,7 +190,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
 	{
 	char buffer[200];
 	
-	if (!seeded)
+	if (egdsocket || !seeded)
 		/* If we did not manage to read the seed file,
 		 * we should not write a low-entropy seed file back --
 		 * it would suppress a crucial warning the next time

apps/ca.c

@@ -603,7 +603,6 @@ bad:
 			perror(outdir);
 			goto err;
 			}
-#endif
 
 		if (stat(outdir,&sb) != 0)
 			{
@@ -618,6 +617,7 @@ bad:
 			perror(outdir);
 			goto err;
 			}
+#endif
 #endif
 		}
 
@@ -1662,7 +1662,7 @@ again2:
 					}
 				if (j < 0)
 					{
-					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
+					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
 					goto err;
 					}
 				}

apps/dh.c

@@ -1,4 +1,5 @@
 /* apps/dh.c */
+/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -234,8 +235,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
-			printf("p value is not a strong prime\n");
+		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+			printf("p value is not a safe prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)

apps/dhparam.c

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef NO_DH
 #include <stdio.h>
@@ -69,6 +122,10 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
+#ifndef NO_DSA
+#include <openssl/dsa.h>
+#endif
+
 #undef PROG
 #define PROG	dhparam_main
 
@@ -78,6 +135,7 @@
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
+ * -dsaparam  - read or generate DSA parameters, convert to DH
  * -check	- check the parameters are ok
  * -noout
  * -text
@@ -92,6 +150,9 @@ int MAIN(int argc, char **argv)
 	{
 	DH *dh=NULL;
 	int i,badops=0,text=0;
+#ifndef NO_DSA
+	int dsaparam=0;
+#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
@@ -138,6 +199,10 @@ int MAIN(int argc, char **argv)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
+#ifndef NO_DSA
+		else if (strcmp(*argv,"-dsaparam") == 0)
+			dsaparam=1;
+#endif
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-noout") == 0)
@@ -166,13 +231,16 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
+#ifndef NO_DSA
+		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
+#endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
 		BIO_printf(bio_err," -noout        no output\n");
@@ -181,8 +249,25 @@ bad:
 
 	ERR_load_crypto_strings();
 
-	if(g && !num) num = DEFBITS;
-	else if(num && !g) g = 2;
+	if (g && !num)
+		num = DEFBITS;
+
+#ifndef NO_DSA
+	if (dsaparam)
+		{
+		if (g)
+			{
+			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
+			goto end;
+			}
+		}
+	else
+#endif
+		{
+		/* DH parameters */
+		if (num && !g)
+			g = 2;
+		}
 
 	if(num) {
 
@@ -194,11 +279,40 @@ bad:
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
 
-		BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
-		BIO_printf(bio_err,"This is going to take a long time\n");
-		dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+#ifndef NO_DSA
+		if (dsaparam)
+			{
+			DSA *dsa;
 			
-		if (dh == NULL) goto end;
+			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+	        dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
+			if (dsa == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+
+			dh = DSA_dup_DH(dsa);
+			DSA_free(dsa);
+			if (dh == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+		else
+#endif
+			{
+			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+			BIO_printf(bio_err,"This is going to take a long time\n");
+			dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+			
+			if (dh == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
 
 		app_RAND_write_file(NULL, bio_err);
 	} else {
@@ -220,24 +334,56 @@ bad:
 				}
 			}
 
-		if	(informat == FORMAT_ASN1)
-			dh=d2i_DHparams_bio(in,NULL);
-		else if (informat == FORMAT_PEM)
-			dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-		else
+		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
 			{
 			BIO_printf(bio_err,"bad input format specified\n");
 			goto end;
 			}
-		if (dh == NULL)
+
+#ifndef NO_DSA
+		if (dsaparam)
 			{
-			BIO_printf(bio_err,"unable to load DH parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
+			DSA *dsa;
+			
+			if (informat == FORMAT_ASN1)
+				dsa=d2i_DSAparams_bio(in,NULL);
+			else /* informat == FORMAT_PEM */
+				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+			
+			if (dsa == NULL)
+				{
+				BIO_printf(bio_err,"unable to load DSA parameters\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			
+			dh = DSA_dup_DH(dsa);
+			DSA_free(dsa);
+			if (dh == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
 			}
-
+		else
+#endif
+			{
+			if (informat == FORMAT_ASN1)
+				dh=d2i_DHparams_bio(in,NULL);
+			else /* informat == FORMAT_PEM */
+				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+			
+			if (dh == NULL)
+				{
+				BIO_printf(bio_err,"unable to load DH parameters\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+		
+		/* dh != NULL */
 	}
-
+	
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -255,7 +401,6 @@ bad:
 			}
 		}
 
-	
 
 	if (text)
 		{
@@ -271,8 +416,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
-			printf("p value is not a strong prime\n");
+		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+			printf("p value is not a safe prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -293,25 +438,29 @@ bad:
 			perror("Malloc");
 			goto end;
 			}
+		printf("#ifndef HEADER_DH_H\n"
+		       "#include <openssl/dh.h>\n"
+		       "#endif\n");
+		printf("DH *get_dh%d()\n\t{\n",bits);
+
 		l=BN_bn2bin(dh->p,data);
-		printf("static unsigned char dh%d_p[]={",bits);
+		printf("\tstatic unsigned char dh%d_p[]={",bits);
 		for (i=0; i<l; i++)
 			{
-			if ((i%12) == 0) printf("\n\t");
+			if ((i%12) == 0) printf("\n\t\t");
 			printf("0x%02X,",data[i]);
 			}
-		printf("\n\t};\n");
+		printf("\n\t\t};\n");
 
 		l=BN_bn2bin(dh->g,data);
-		printf("static unsigned char dh%d_g[]={",bits);
+		printf("\tstatic unsigned char dh%d_g[]={",bits);
 		for (i=0; i<l; i++)
 			{
-			if ((i%12) == 0) printf("\n\t");
+			if ((i%12) == 0) printf("\n\t\t");
 			printf("0x%02X,",data[i]);
 			}
-		printf("\n\t};\n\n");
+		printf("\n\t\t};\n");
 
-		printf("DH *get_dh%d()\n\t{\n",bits);
 		printf("\tDH *dh;\n\n");
 		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
 		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
@@ -319,7 +468,9 @@ bad:
 		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
 			bits,bits);
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DH_free(dh); return(NULL); }\n");
+		if (dh->length)
+			printf("\tdh->length = %d;\n", dh->length);
 		printf("\treturn(dh);\n\t}\n");
 		Free(data);
 		}
@@ -350,6 +501,7 @@ end:
 	EXIT(ret);
 	}
 
+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';

apps/eay.c

@@ -1,131 +0,0 @@
-/* apps/eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define MONOLITH
-#define USE_SOCKETS
-
-#include "openssl/e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-
-#include <openssl/err.h>
-
-#include <openssl/bn.h>
-
-#include <openssl/evp.h>
-
-#include <openssl/rand.h>
-#include <openssl/conf.h>
-#include <openssl/txt_db.h>
-
-#include <openssl/err.h>
-
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-
-#define MONOLITH
-
-#include "openssl.c"
-#include "apps.c"
-#include "asn1pars.c"
-#ifndef NO_RSA
-#include "ca.c"
-#include "genrsa.c"
-#include "req.c"
-#include "rsa.c"
-#endif
-#ifndef NO_DH
-#include "gendh.c"
-#include "dh.c"
-#endif
-#include "crl.c"
-#include "crl2p7.c"
-#include "dgst.c"
-#include "enc.c"
-#include "errstr.c"
-#if !defined(NO_SSL2) || !defined(NO_SSL3)
-#ifndef NO_SOCK
-#include "s_cb.c"
-#include "s_client.c"
-#include "s_server.c"
-#include "s_socket.c"
-#include "s_time.c"
-#endif
-#endif
-#include "speed.c"
-#include "verify.c"
-#include "version.c"
-#include "x509.c"
-#include "ciphers.c"
-#include "sess_id.c"
-#include "pkcs7.c"
-#ifndef NO_DSA
-#include "dsaparam.c"
-#include "dsa.c"
-#include "gendsa.c"
-#endif
-

apps/gendh.c

@@ -1,4 +1,5 @@
 /* apps/gendh.c */
+/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -127,7 +128,7 @@ bad:
 		BIO_printf(bio_err," -2    use 2 as the generator value\n");
 	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5    use 5 as the generator value\n");
-		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
@@ -159,7 +160,7 @@ bad:
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
 
-	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
 	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		

apps/gendsa.c

@@ -145,7 +145,7 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
-		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		BIO_printf(bio_err," dsaparam-file\n");

apps/genrsa.c

@@ -154,7 +154,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
-		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;

apps/makeapps.com

@@ -152,19 +152,18 @@ $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The Application Files.
 $!
-$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;GENDH;ERRSTR;"+-
+$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "CA;PKCS7;CRL2P7;CRL;"+-
 	      "RSA;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME"
-$ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,ENC.OBJ,GENDH.OBJ,-
-	       ERRSTR.OBJ,CA.OBJ,-
-	       PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
+$ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
+	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
      TCPIP_PROGRAMS = ",OPENSSL,"
@@ -807,12 +806,36 @@ $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
 $ CCDEFS = "VMS=1,MONOLITH"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
+$ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
+$ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"
+$ IF F$TRNLNM("OPENSSL_NO_DH") THEN CCDEFS = CCDEFS + ",NO_DH"
+$ IF F$TRNLNM("OPENSSL_NO_MD2") THEN CCDEFS = CCDEFS + ",NO_MD2"
+$ IF F$TRNLNM("OPENSSL_NO_MD5") THEN CCDEFS = CCDEFS + ",NO_MD5"
+$ IF F$TRNLNM("OPENSSL_NO_RIPEMD") THEN CCDEFS = CCDEFS + ",NO_RIPEMD"
+$ IF F$TRNLNM("OPENSSL_NO_SHA") THEN CCDEFS = CCDEFS + ",NO_SHA"
+$ IF F$TRNLNM("OPENSSL_NO_SHA0") THEN CCDEFS = CCDEFS + ",NO_SHA0"
+$ IF F$TRNLNM("OPENSSL_NO_SHA1") THEN CCDEFS = CCDEFS + ",NO_SHA1"
+$ IF F$TRNLNM("OPENSSL_NO_DES")
+$ THEN
+$   CCDEFS = CCDEFS + ",NO_DES,NO_MDC2"
+$ ELSE
+$   IF F$TRNLNM("OPENSSL_NO_MDC2") THEN CCDEFS = CCDEFS + ",NO_MDC2"
+$ ENDIF
+$ IF F$TRNLNM("OPENSSL_NO_RC2") THEN CCDEFS = CCDEFS + ",NO_RC2"
+$ IF F$TRNLNM("OPENSSL_NO_RC4") THEN CCDEFS = CCDEFS + ",NO_RC4"
+$ IF F$TRNLNM("OPENSSL_NO_RC5") THEN CCDEFS = CCDEFS + ",NO_RC5"
+$ IF F$TRNLNM("OPENSSL_NO_IDEA") THEN CCDEFS = CCDEFS + ",NO_IDEA"
+$ IF F$TRNLNM("OPENSSL_NO_BF") THEN CCDEFS = CCDEFS + ",NO_BF"
+$ IF F$TRNLNM("OPENSSL_NO_CAST") THEN CCDEFS = CCDEFS + ",NO_CAST"
+$ IF F$TRNLNM("OPENSSL_NO_HMAC") THEN CCDEFS = CCDEFS + ",NO_HMAC"
+$ IF F$TRNLNM("OPENSSL_NO_SSL2") THEN CCDEFS = CCDEFS + ",NO_SSL2"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = ""
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
 $!  Check To See If The User Entered A Valid Paramter.
 $!

apps/openssl.c

@@ -56,13 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef DEBUG
-#undef DEBUG
-#endif
-
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
@@ -71,18 +68,11 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include "apps.h"
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
 
-/*
-#ifdef WINDOWS
-#include "bss_file.c"
-#endif
-*/
-
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
@@ -90,15 +80,6 @@ static int do_cmd(LHASH *prog,int argc,char *argv[]);
 LHASH *config=NULL;
 char *default_config_file=NULL;
 
-#ifdef DEBUG
-static void sig_stop(int i)
-	{
-	char *a=NULL;
-
-	*a='\0';
-	}
-#endif
-
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
 BIO *bio_err=NULL;
@@ -120,15 +101,6 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;
 
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
-	signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
-	signal(SIGSEGV,sig_stop);
-#endif
-#endif
-
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
 	apps_startup();
@@ -234,13 +206,7 @@ end:
 
 	EVP_cleanup();
 	ERR_free_strings();
-
-#ifdef LEVITTE_DEBUG
-	CRYPTO_push_info("Just to make sure I get a memory leak I can see :-)");
-	(void)Malloc(1024);
-	CRYPTO_pop_info();
-#endif
-
+	
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
@@ -267,6 +233,18 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		{
 		ret=fp->func(argc,argv);
 		}
+	else if ((strncmp(argv[0],"no-",3)) == 0)
+		{
+		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+		f.name=argv[0]+3;
+		ret = (lh_retrieve(prog,&f) != NULL);
+		if (!ret)
+			BIO_printf(bio_stdout, "%s\n", argv[0]);
+		else
+			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
+		BIO_free(bio_stdout);
+		goto end;
+		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||

apps/passwd.c

@@ -54,6 +54,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
  * -reverse      - switch table columns
  */
 
+int MAIN(int, char **);
+
 int MAIN(int argc, char **argv)
 	{
 	int ret = 1;

apps/pkcs12.c

@@ -265,7 +265,7 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
-	BIO_printf(bio_err,  "-rand file:file:...\n");
+	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
@@ -693,7 +693,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		goto err;
 	}
-	chn =  X509_STORE_CTX_rget_chain(&store_ctx);
+	chn =  X509_STORE_CTX_get1_chain(&store_ctx);
 	i = 0;
 	*chain = chn;
 err:

apps/progs.h

@@ -33,6 +33,7 @@ extern int pkcs12_main(int argc,char *argv[]);
 extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
+extern int rand_main(int argc,char *argv[]);
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -103,6 +104,7 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
+	{FUNC_TYPE_GENERAL,"rand",rand_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},

apps/rand.c

@@ -0,0 +1,140 @@
+/* apps/rand.c */
+
+#include "apps.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#undef PROG
+#define PROG rand_main
+
+/* -out file         - write to file
+ * -rand file:file   - PRNG seed files
+ * -base64           - encode output
+ * num               - write 'num' bytes
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	int i, r, ret = 1;
+	int badopt;
+	char *outfile = NULL;
+	char *inrand = NULL;
+	int base64 = 0;
+	BIO *out = NULL;
+	int num = -1;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+	badopt = 0;
+	i = 0;
+	while (!badopt && argv[++i] != NULL)
+		{
+		if (strcmp(argv[i], "-out") == 0)
+			{
+			if ((argv[i+1] != NULL) && (outfile == NULL))
+				outfile = argv[++i];
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-rand") == 0)
+			{
+			if ((argv[i+1] != NULL) && (inrand == NULL))
+				inrand = argv[++i];
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-base64") == 0)
+			{
+			if (!base64)
+				base64 = 1;
+			else
+				badopt = 1;
+			}
+		else if (isdigit(argv[i][0]))
+			{
+			if (num < 0)
+				{
+				r = sscanf(argv[i], "%d", &num);
+				if (r == 0 || num < 0)
+					badopt = 1;
+				}
+			else
+				badopt = 1;
+			}
+		else
+			badopt = 1;
+		}
+
+	if (num < 0)
+		badopt = 1;
+	
+	if (badopt) 
+		{
+		BIO_printf(bio_err, "Usage: rand [options] num\n");
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, "-out file            - write to file\n");
+		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64              - encode output\n");
+		goto err;
+		}
+
+	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+
+	out = BIO_new(BIO_s_file());
+	if (out == NULL)
+		goto err;
+	if (outfile != NULL)
+		r = BIO_write_filename(out, outfile);
+	else
+		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+	if (r <= 0)
+		goto err;
+
+	if (base64)
+		{
+		BIO *b64 = BIO_new(BIO_f_base64());
+		if (b64 == NULL)
+			goto err;
+		out = BIO_push(b64, out);
+		}
+	
+	while (num > 0) 
+		{
+		unsigned char buf[4096];
+		int chunk;
+
+		chunk = num;
+		if (chunk > sizeof buf)
+			chunk = sizeof buf;
+		r = RAND_bytes(buf, chunk);
+		if (r <= 0)
+			goto err;
+		BIO_write(out, buf, chunk);
+		num -= chunk;
+		}
+	BIO_flush(out);
+
+	app_RAND_write_file(NULL, bio_err);
+	ret = 0;
+	
+err:
+	ERR_print_errors(bio_err);
+	if (out)
+		BIO_free_all(out);
+	EXIT(ret);
+	}

apps/req.c

@@ -878,8 +878,8 @@ end:
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
-	if(passin) Free(passin);
-	if(passout) Free(passout);
+	if(passargin && passin) Free(passin);
+	if(passargout && passout) Free(passout);
 	OBJ_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
@@ -1103,7 +1103,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 			for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
 				{
 				v=sk_CONF_VALUE_value(attr_sk,i);
-				if(!X509_REQ_radd_attr_by_txt(req, v->name, MBSTRING_ASC,
+				if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC,
 					(unsigned char *)v->value, -1)) return 0;
 				}
 			}
@@ -1201,7 +1201,7 @@ start:
 	buf[--i]='\0';
 	if(!req_check_len(i, min, max)) goto start;
 
-	if(!X509_REQ_radd_attr_by_NID(req, nid, MBSTRING_ASC,
+	if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
 					(unsigned char *)buf, -1)) {
 		BIO_printf(bio_err, "Error adding attribute\n");
 		ERR_print_errors(bio_err);

apps/rsa.c

@@ -179,7 +179,6 @@ bad:
 		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");

apps/rsa/01.pem

@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
-MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
-BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
-cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
-qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
-MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
-gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
-LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
-Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
-Pjrmw2eSgbdmmdumWAcNPVbV
------END CERTIFICATE-----

apps/rsa/1.txt

@@ -1,50 +0,0 @@
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : May 18 23:59:59 1999 GMT
-        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
-                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
-                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
-                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
-                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
-                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
-                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
-                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
-                    b0:91:2d:85:ad:2a:1c:e7:f7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
-        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
-        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
-        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
-        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
-        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
-        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
------BEGIN CERTIFICATE-----
-MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
-MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
-BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
-cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
-qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
-MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
-gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
-LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
-Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
-Pjrmw2eSgbdmmdumWAcNPVbV
------END CERTIFICATE-----

apps/rsa/SecureServer.pem

@@ -1,47 +0,0 @@
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Nov  9 00:00:00 1994 GMT
-            Not After : Jan  7 23:59:59 2010 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
-                    dd:2d:d6:c8:1e:7b
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----

apps/rsa/s.txt

@@ -1,49 +0,0 @@
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Nov  9 00:00:00 1994 GMT
-            Not After : Jan  7 23:59:59 2010 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
-                    dd:2d:d6:c8:1e:7b
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----

apps/s_apps.h

@@ -84,7 +84,6 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-int do_accept(int acc_sock, int *sock, char **host);
 int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
@@ -97,17 +96,9 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
 #endif
 int init_client(int *sock, char *server, int port);
-int init_client_ip(int *sock,unsigned char ip[4], int port);
-int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
-int nbio_sock_error(int sock);
-int spawn(int argc, char **argv, int *in, int *out);
-int init_server(int *sock, int port);
-int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
-void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-int host_ip(char *str, unsigned char ip[4]);
 
 long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);

apps/s_cb.c

@@ -1,4 +1,4 @@
-/* apps/s_cb.c */
+/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *

apps/s_client.c

@@ -117,6 +117,7 @@ static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
+static int c_ign_eof=0;
 
 static void sc_usage(void)
 	{
@@ -143,6 +144,7 @@ static void sc_usage(void)
 #endif
 	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
+	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
@@ -192,6 +194,7 @@ int MAIN(int argc, char **argv)
 	apps_startup();
 	c_Pause=0;
 	c_quiet=0;
+	c_ign_eof=0;
 	c_debug=0;
 	c_showcerts=0;
 
@@ -249,7 +252,12 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-crlf") == 0)
 			crlf=1;
 		else if	(strcmp(*argv,"-quiet") == 0)
+			{
 			c_quiet=1;
+			c_ign_eof=1;
+			}
+		else if	(strcmp(*argv,"-ign_eof") == 0)
+			c_ign_eof=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
@@ -711,13 +719,13 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 			else
 				i=read(fileno(stdin),cbuf,BUFSIZZ);
 
-			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
+			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
 				BIO_printf(bio_err,"DONE\n");
 				goto shut;
 				}
 
-			if ((!c_quiet) && (cbuf[0] == 'R'))
+			if ((!c_ign_eof) && (cbuf[0] == 'R'))
 				{
 				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);

apps/s_socket.c

@@ -1,4 +1,4 @@
-/* apps/s_socket.c */
+/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -79,16 +79,17 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include <openssl/ssl.h>
 
-#ifdef VMS
-#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
-			      and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-#include <processes.h> /* for vfork() */
-#endif
-
 static struct hostent *GetHostByName(char *name);
-int sock_init(void );
+#ifdef WINDOWS
+static void sock_cleanup(void);
+#endif
+static int sock_init(void);
+static int init_client_ip(int *sock,unsigned char ip[4], int port);
+static int init_server(int *sock, int port);
+static int init_server_long(int *sock, int port,char *ip);
+static int do_accept(int acc_sock, int *sock, char **host);
+static int host_ip(char *str, unsigned char ip[4]);
+
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
@@ -131,19 +132,19 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 #endif /* WIN32 */
 #endif /* WINDOWS */
 
-void sock_cleanup(void)
-	{
 #ifdef WINDOWS
+static void sock_cleanup(void)
+	{
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
 		WSACancelBlockingCall();
 		WSACleanup();
 		}
-#endif
 	}
+#endif
 
-int sock_init(void)
+static int sock_init(void)
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
@@ -187,7 +188,7 @@ int init_client(int *sock, char *host, int port)
 	return(init_client_ip(sock,ip,port));
 	}
 
-int init_client_ip(int *sock, unsigned char ip[4], int port)
+static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -218,75 +219,6 @@ int init_client_ip(int *sock, unsigned char ip[4], int port)
 	return(1);
 	}
 
-int nbio_sock_error(int sock)
-	{
-	int j,i;
-	int size;
-
-	size=sizeof(int);
-	/* Note: under VMS with SOCKETSHR the third parameter is currently
-	 * of type (int *) whereas under other systems it is (void *) if
-	 * you don't have a cast it will choke the compiler: if you do
-	 * have a cast then you can either go for (int *) or (void *).
-	 */
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
-	if (i < 0)
-		return(1);
-	else
-		return(j);
-	}
-
-int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
-	{
-	unsigned long addr;
-	struct sockaddr_in them;
-	int s,i;
-
-	if (!sock_init()) return(0);
-
-	memset((char *)&them,0,sizeof(them));
-	them.sin_family=AF_INET;
-	them.sin_port=htons((unsigned short)port);
-	addr=	(unsigned long)
-		((unsigned long)ip[0]<<24L)|
-		((unsigned long)ip[1]<<16L)|
-		((unsigned long)ip[2]<< 8L)|
-		((unsigned long)ip[3]);
-	them.sin_addr.s_addr=htonl(addr);
-
-	if (*sock <= 0)
-		{
-#ifdef FIONBIO
-		unsigned long l=1;
-#endif
-
-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
-		i=0;
-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-		if (i < 0) { perror("keepalive"); return(0); }
-		*sock=s;
-
-#ifdef FIONBIO
-		BIO_socket_ioctl(s,FIONBIO,&l);
-#endif
-		}
-	else
-		s= *sock;
-
-	i=connect(s,(struct sockaddr *)&them,sizeof(them));
-	if (i == INVALID_SOCKET)
-		{
-		if (BIO_sock_should_retry(i))
-			return(-1);
-		else
-			return(0);
-		}
-	else
-		return(1);
-	}
-
 int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
@@ -319,7 +251,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
 		}
 	}
 
-int init_server_long(int *sock, int port, char *ip)
+static int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -369,12 +301,12 @@ err:
 	return(ret);
 	}
 
-int init_server(int *sock, int port)
+static int init_server(int *sock, int port)
 	{
 	return(init_server_long(sock, port, NULL));
 	}
 
-int do_accept(int acc_sock, int *sock, char **host)
+static int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -490,7 +422,7 @@ err:
 	return(0);
 	}
 
-int host_ip(char *str, unsigned char ip[4])
+static int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
@@ -606,69 +538,3 @@ static struct hostent *GetHostByName(char *name)
 		return(ret);
 		}
 	}
-
-#ifndef MSDOS
-int spawn(int argc, char **argv, int *in, int *out)
-	{
-	int pid;
-#define CHILD_READ	p1[0]
-#define CHILD_WRITE	p2[1]
-#define PARENT_READ	p2[0]
-#define PARENT_WRITE	p1[1]
-	int p1[2],p2[2];
-
-	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
-
-#ifdef VMS
-	if ((pid=vfork()) == 0)
-#else
-	if ((pid=fork()) == 0)
-#endif
-		{ /* child */
-		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
-			perror("dup2");
-		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
-			perror("dup2");
-		if (dup2(CHILD_READ,fileno(stdin)) < 0)
-			perror("dup2");
-		close(CHILD_READ); 
-		close(CHILD_WRITE);
-
-		close(PARENT_READ);
-		close(PARENT_WRITE);
-		execvp(argv[0],argv);
-		perror("child");
-		exit(1);
-		}
-
-	/* parent */
-	*in= PARENT_READ;
-	*out=PARENT_WRITE;
-	close(CHILD_READ);
-	close(CHILD_WRITE);
-	return(pid);
-	}
-#endif /* MSDOS */
-
-
-#ifdef undef
-	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
-	 * on sockets */
-	{
-	SOCKET s;
-	int optionValue = SO_SYNCHRONOUS_NONALERT;
-	int err;
-
-	err = setsockopt( 
-	    INVALID_SOCKET, 
-	    SOL_SOCKET, 
-	    SO_OPENTYPE, 
-	    (char *)&optionValue, 
-	    sizeof(optionValue));
-	if (err != NO_ERROR) {
-	/* failed for some reason... */
-		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
-			WSAGetLastError());
-		}
-	}
-#endif

apps/smime.c

@@ -272,7 +272,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf(bio_err,  "-rand file:file:...\n");
+		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
@@ -309,9 +309,6 @@ int MAIN(int argc, char **argv)
 			goto end;
 #endif
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("load encryption certificates");
-#endif		
 		encerts = sk_X509_new_null();
 		while (*args) {
 			if(!(cert = load_cert(*args))) {
@@ -322,50 +319,29 @@ int MAIN(int argc, char **argv)
 			cert = NULL;
 			args++;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
 	if(signerfile && (operation == SMIME_SIGN)) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("load signer certificate");
-#endif		
 		if(!(signer = load_cert(signerfile))) {
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
 	if(certfile) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("load other certfiles");
-#endif		
 		if(!(other = load_certs(certfile))) {
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
 	if(recipfile && (operation == SMIME_DECRYPT)) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("load recipient certificate");
-#endif		
 		if(!(recip = load_cert(recipfile))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
 	if(operation == SMIME_DECRYPT) {
@@ -375,22 +351,13 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;
 
 	if(keyfile) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("load keyfile");
-#endif		
 		if(!(key = load_key(keyfile, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_push_info("open input files");
-#endif		
 	if (infile) {
 		if (!(in = BIO_new_file(infile, inmode))) {
 			BIO_printf (bio_err,
@@ -398,13 +365,7 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-#endif		
 
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_push_info("open output files");
-#endif		
 	if (outfile) {
 		if (!(out = BIO_new_file(outfile, outmode))) {
 			BIO_printf (bio_err,
@@ -412,50 +373,23 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-#endif		
 
 	if(operation == SMIME_VERIFY) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("setup_verify");
-#endif		
 		if(!(store = setup_verify(CAfile, CApath))) goto end;
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
 	ret = 3;
 
 	if(operation == SMIME_ENCRYPT) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("PKCS7_encrypt");
-#endif		
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	} else if(operation == SMIME_SIGN) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("PKCS7_sign");
-#endif		
 		p7 = PKCS7_sign(signer, key, other, in, flags);
 		BIO_reset(in);
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	} else {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("SMIME_read_PKCS7");
-#endif		
 		if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	}
 
 	if(!p7) {
@@ -465,45 +399,25 @@ int MAIN(int argc, char **argv)
 
 	ret = 4;
 	if(operation == SMIME_DECRYPT) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("PKCS7_decrypt");
-#endif		
 		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("PKCS7_verify");
-#endif		
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
 			BIO_printf(bio_err, "Verification Successful\n");
 		} else {
 			BIO_printf(bio_err, "Verification Failure\n");
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-		CRYPTO_push_info("PKCS7_iget_signers");
-#endif		
-		signers = PKCS7_iget_signers(p7, other, flags);
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-		CRYPTO_push_info("save_certs");
-#endif		
+		signers = PKCS7_get0_signers(p7, other, flags);
 		if(!save_certs(signerfile, signers)) {
 			BIO_printf(bio_err, "Error writing signers to %s\n",
 								signerfile);
 			ret = 5;
 			goto end;
 		}
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif		
 		sk_X509_free(signers);
 	} else if(operation == SMIME_PK7OUT) {
 		PEM_write_bio_PKCS7(out, p7);
@@ -515,9 +429,6 @@ int MAIN(int argc, char **argv)
 	}
 	ret = 0;
 end:
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_remove_all_info();
-#endif
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
 	if(ret) ERR_print_errors(bio_err);
@@ -583,20 +494,9 @@ static X509_STORE *setup_verify(char *CAfile, char *CApath)
 {
 	X509_STORE *store;
 	X509_LOOKUP *lookup;
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_push_info("X509_STORE_new");
-#endif	
 	if(!(store = X509_STORE_new())) goto end;
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("X509_STORE_add_lookup(...file)");
-#endif	
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
 	if (lookup == NULL) goto end;
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("X509_LOOKUP_load_file");
-#endif	
 	if (CAfile) {
 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
@@ -604,25 +504,14 @@ static X509_STORE *setup_verify(char *CAfile, char *CApath)
 		}
 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 		
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("X509_STORE_add_lookup(...hash_dir)");
-#endif	
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
 	if (lookup == NULL) goto end;
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("X509_LOOKUP_add_dir");
-#endif	
 	if (CApath) {
 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
 			goto end;
 		}
 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-#endif	
 
 	ERR_clear_error();
 	return store;

apps/speed.c

@@ -1030,6 +1030,11 @@ int MAIN(int argc, char **argv)
 
 	RAND_pseudo_bytes(buf,20);
 #ifndef NO_DSA
+	if (RAND_status() != 1)
+		{
+		RAND_seed(rnd_seed, sizeof rnd_seed);
+		rnd_fake = 1;
+		}
 	for (j=0; j<DSA_NUM; j++)
 		{
 		unsigned int kk;
@@ -1089,6 +1094,7 @@ int MAIN(int argc, char **argv)
 				dsa_doit[j]=0;
 			}
 		}
+	if (rnd_fake) RAND_cleanup();
 #endif
 
 	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));

apps/spkac.c

@@ -63,8 +63,10 @@
 #include <time.h>
 #include "apps.h"
 #include <openssl/bio.h>
+#include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 

apps/testdsa.h

@@ -1,4 +1,5 @@
 /* NOCW */
+/* used by apps/speed.c */
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
@@ -146,3 +147,5 @@ DSA *get_dsa2048()
 	return(dsa);
 	}
 
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;

apps/testrsa.h

@@ -1,4 +1,5 @@
 /* apps/testrsa.h */
+/* used by apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *

apps/tkca

@@ -1,66 +0,0 @@
-#!/usr/local/bin/perl5
-#
-# This is only something I'm playing with, it does not work :-)
-#
-
-use Tk;
-
-my $main=MainWindow->new();
-my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
-$f->pack(-fill => 'x');
-
-my $ff=$f->Frame;
-$ff->pack(-fill => 'x');
-my $l=$ff->Label(-text => "TkCA - SSLeay",
-	-relief => "ridge", -borderwidth => 2);
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Certify");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Review");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Revoke");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Generate CRL");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my($db)=&load_db("demoCA/index.txt");
-
-MainLoop;
-
-sub load_db
-	{
-	my(%ret);
-	my($file)=@_;
-	my(*IN);
-	my(%db_serial,%db_name,@f,@db_s);
-
-	$ret{'serial'}=\%db_serial;
-	$ret{'name'}=\%db_name;
-
-	open(IN,"<$file") || die "unable to open $file:$!\n";
-	while (<IN>)
-		{
-		chop;
-		s/([^\\])\t/\1\t\t/g;
-		my(@f)=split(/\t\t/);
-		die "wrong number of fields in $file, line $.\n"
-			if ($#f != 5);
-
-		my(%f);
-		$f{'type'}=$f[0];
-		$f{'exp'}=$f[1];
-		$f{'rev'}=$f[2];
-		$f{'serial'}=$f[3];
-		$f{'file'}=$f[4];
-		$f{'name'}=$f[5];
-		die "serial number $f{'serial'} appears twice (line $.)\n"
-			if (defined($db{$f{'serial'}}))
-		$db_serial{$f{'serial'}}=\%f;
-		$db_name{$f{'name'}}.=$f{'serial'}." ";
-		}
-	return \%ret;
-	}

apps/verify.c

@@ -124,7 +124,7 @@ int MAIN(int argc, char **argv)
 					BIO_printf(bio_err, "unrecognized purpose\n");
 					goto end;
 					}
-				xptmp = X509_PURPOSE_iget(i);
+				xptmp = X509_PURPOSE_get0(i);
 				purpose = X509_PURPOSE_get_id(xptmp);
 				}
 			else if (strcmp(*argv,"-untrusted") == 0)
@@ -190,9 +190,9 @@ end:
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
-			ptmp = X509_PURPOSE_iget(i);
-			BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_iget_sname(ptmp),
-								X509_PURPOSE_iget_name(ptmp));
+			ptmp = X509_PURPOSE_get0(i);
+			BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
+								X509_PURPOSE_get0_name(ptmp));
 		}
 	}
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);

apps/winrand.c

@@ -0,0 +1,149 @@
+/* apps/winrand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Usage: winrand [filename]
+ *
+ * Collects entropy from mouse movements and other events and writes
+ * random data to filename or .rnd
+ */
+
+#include <windows.h>
+#include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
+LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
+const char *filename;
+
+int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
+        PSTR cmdline, int iCmdShow)
+	{
+	static char appname[] = "OpenSSL";
+	HWND hwnd;
+	MSG msg;
+	WNDCLASSEX wndclass;
+        char buffer[200];
+
+        if (cmdline[0] == '\0')
+                filename = RAND_file_name(buffer, sizeof buffer);
+        else
+                filename = cmdline;
+
+        RAND_load_file(filename, -1);
+
+	wndclass.cbSize = sizeof(wndclass);
+	wndclass.style = CS_HREDRAW | CS_VREDRAW;
+	wndclass.lpfnWndProc = WndProc;
+	wndclass.cbClsExtra = 0;
+	wndclass.cbWndExtra = 0;
+	wndclass.hInstance = hInstance;
+	wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
+	wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
+	wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
+	wndclass.lpszMenuName = NULL;
+        wndclass.lpszClassName = appname;
+	wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
+	RegisterClassEx(&wndclass);
+
+        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
+		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
+		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
+
+	ShowWindow(hwnd, iCmdShow);
+	UpdateWindow(hwnd);
+
+
+	while (GetMessage(&msg, NULL, 0, 0))
+		{
+		TranslateMessage(&msg);
+		DispatchMessage(&msg);
+		}
+
+	return msg.wParam;
+	}
+
+LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
+	{
+        HDC hdc;
+	PAINTSTRUCT ps;
+        RECT rect;
+        char buffer[200];
+        static int seeded = 0;
+
+	switch (iMsg)
+		{
+	case WM_PAINT:
+		hdc = BeginPaint(hwnd, &ps);
+		GetClientRect(hwnd, &rect);
+                DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
+			&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
+		EndPaint(hwnd, &ps);
+		return 0;
+		
+        case WM_DESTROY:
+                PostQuitMessage(0);
+                return 0;
+                }
+
+        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
+                {
+                seeded = 1;
+                if (RAND_write_file(filename) <= 0)
+                        MessageBox(hwnd, "Couldn't write random file!",
+				"OpenSSL", MB_OK | MB_ICONERROR);
+                PostQuitMessage(0);
+                }
+
+	return DefWindowProc(hwnd, iMsg, wParam, lParam);
+	}

apps/x509.c

@@ -555,7 +555,7 @@ bad:
 			}
 		}
 
-	if(alias) X509_alias_rset(x, (unsigned char *)alias, -1);
+	if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
 
 	if(clrtrust) X509_trust_clear(x);
 	if(clrreject) X509_reject_clear(x);
@@ -563,14 +563,14 @@ bad:
 	if(trust) {
 		for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
 			objtmp = sk_ASN1_OBJECT_value(trust, i);
-			X509_radd_trust_object(x, objtmp);
+			X509_add1_trust_object(x, objtmp);
 		}
 	}
 
 	if(reject) {
 		for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
 			objtmp = sk_ASN1_OBJECT_value(reject, i);
-			X509_radd_reject_object(x, objtmp);
+			X509_add1_reject_object(x, objtmp);
 		}
 	}
 
@@ -599,7 +599,7 @@ bad:
 			else if (aliasout == i)
 				{
 				unsigned char *alstr;
-				alstr = X509_alias_iget(x, NULL);
+				alstr = X509_alias_get0(x, NULL);
 				if(alstr) BIO_printf(STDout,"%s\n", alstr);
 				else BIO_puts(STDout,"<No Alias>\n");
 				}
@@ -614,7 +614,7 @@ bad:
 				BIO_printf(STDout, "Certificate purposes:\n");
 				for(j = 0; j < X509_PURPOSE_get_count(); j++)
 					{
-					ptmp = X509_PURPOSE_iget(j);
+					ptmp = X509_PURPOSE_get0(j);
 					purpose_print(STDout, x, ptmp);
 					}
 				}
@@ -1235,7 +1235,7 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
 	int id, i, idret;
 	char *pname;
 	id = X509_PURPOSE_get_id(pt);
-	pname = X509_PURPOSE_iget_name(pt);
+	pname = X509_PURPOSE_get0_name(pt);
 	for(i = 0; i < 2; i++) {
 		idret = X509_check_purpose(cert, id, i);
 		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 

config

@@ -27,6 +27,7 @@ RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
 SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
 VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
 
+
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
 # We need to work around FreeBSD 1.1.5.1 
@@ -50,6 +51,8 @@ if [ "x$XREL" != "x" ]; then
 	    4.2MP)
 		if [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
+		elif [ "x$VERSION" = "x2.1.2" ]; then
+		    echo "${MACHINE}-whatever-unixware212"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -57,6 +60,11 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
+	    5)
+		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+		    echo "${MACHINE}-sco-unixware7"; exit 0
+		fi
+		;;
 	esac
     fi
 fi
@@ -284,6 +292,8 @@ TEST="false"
 for i
 do
 case "$i" in 
+# shared library support (behnke@trustcenter.de)
+-shared) SHARED=true;;
 -d*) PREFIX="debug-";;
 -t*) TEST="true";;
 -h*) TEST="true"; cat <<EOF
@@ -399,6 +409,7 @@ case "$GUESSOS" in
 	;;
   mips-*-linux?) OUT="linux-mips" ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
+  ia64-*-linux?) OUT="linux-ia64" ;;
   ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
   sparc64-*-linux2)
 	#Before we can uncomment following lines we have to wait at least
@@ -444,8 +455,12 @@ case "$GUESSOS" in
   *-*-openbsd) OUT="OpenBSD" ;;
   *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
   *-*-osf) OUT="alpha-cc" ;;
-  *-*-unixware*) OUT="unixware-2.0" ;;
-  *-*-UnixWare*) OUT="unixware-2.0" ;;
+  *-*-unixware7) OUT="unixware-7" ;;
+  *-*-UnixWare7) OUT="unixware-7" ;;
+  *-*-Unixware7) OUT="unixware-7" ;;
+  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
+  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
   BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
   RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
   *-siemens-sysv4) OUT="SINIX" ;;
@@ -464,6 +479,16 @@ then
   options="$options -DATALLA"
 fi
 
+#get some basic shared lib support (behnke@trustcenter.de)
+case "$OUT" in
+   solaris-*-gcc)
+	if  [ "$SHARED" = "true" ] 
+	 then
+	  options="$options -DPIC -fPIC"
+        fi
+     ;;
+esac
+
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then

crypto/asn1/asn1.h

@@ -238,7 +238,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ub_title			64
 #define ub_email_address		128
 
-#ifndef DEBUG
+#ifdef NO_ASN1_TYPEDEFS
 #define ASN1_INTEGER		ASN1_STRING
 #define ASN1_ENUMERATED		ASN1_STRING
 #define ASN1_BIT_STRING		ASN1_STRING

crypto/asn1/asn1_err.c

@@ -54,7 +54,8 @@
  */
 
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file.
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
 
 #include <stdio.h>
@@ -91,7 +92,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_ADD"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},

crypto/asn1/p5_pbe.c

@@ -129,7 +129,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
 	}
 	pbe->salt->length = saltlen;
 	if (salt) memcpy (pbe->salt->data, salt, saltlen);
-	else if (RAND_bytes (pbe->salt->data, saltlen) <= 0)
+	else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
 		return NULL;
 
 	if (!(astype = ASN1_TYPE_new())) {

crypto/asn1/p5_pbev2.c

@@ -194,7 +194,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
 
 	/* Create random IV */
-	RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher));
+	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+		goto err;
 
 	/* Dummy cipherinit to just setup the IV */
 	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
@@ -212,7 +213,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if (!(osalt->data = Malloc (saltlen))) goto merr;
 	osalt->length = saltlen;
 	if (salt) memcpy (osalt->data, salt, saltlen);
-	else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr;
+	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
 
 	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
 	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;

crypto/asn1/t_req.c

@@ -119,7 +119,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 
 	pkey=X509_REQ_get_pubkey(x);
 #ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+	if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
 		{
 		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
 			BN_num_bits(pkey->pkey.rsa->n));
@@ -128,7 +128,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 	else 
 #endif
 #ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
+		if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
 		{
 		BIO_printf(bp,"%12sDSA Public Key:\n","");
 		DSA_print(bp,pkey->pkey.dsa,16);
@@ -137,7 +137,8 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
-	EVP_PKEY_free(pkey);
+	if (pkey != NULL)
+	    EVP_PKEY_free(pkey);
 
 	/* may not be */
 	sprintf(str,"%8sAttributes:\n","");

crypto/asn1/x_pubkey.c

@@ -297,7 +297,7 @@ RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
 	if(!pkey) return NULL;
-	key = EVP_PKEY_rget_RSA(pkey);
+	key = EVP_PKEY_get1_RSA(pkey);
 	EVP_PKEY_free(pkey);
 	if(!key) return NULL;
 	*pp = q;
@@ -318,7 +318,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
-	EVP_PKEY_rset_RSA(pktmp, a);
+	EVP_PKEY_set1_RSA(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return ret;
@@ -335,7 +335,7 @@ DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
 	if(!pkey) return NULL;
-	key = EVP_PKEY_rget_DSA(pkey);
+	key = EVP_PKEY_get1_DSA(pkey);
 	EVP_PKEY_free(pkey);
 	if(!key) return NULL;
 	*pp = q;
@@ -356,7 +356,7 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
-	EVP_PKEY_rset_DSA(pktmp, a);
+	EVP_PKEY_set1_DSA(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return ret;

crypto/asn1/x_x509a.c

@@ -145,7 +145,7 @@ static X509_CERT_AUX *aux_get(X509 *x)
 	return x->aux;
 }
 
-int X509_alias_rset(X509 *x, unsigned char *name, int len)
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
 	X509_CERT_AUX *aux;
 	if(!(aux = aux_get(x))) return 0;
@@ -153,14 +153,14 @@ int X509_alias_rset(X509 *x, unsigned char *name, int len)
 	return ASN1_STRING_set(aux->alias, name, len);
 }
 
-unsigned char *X509_alias_iget(X509 *x, int *len)
+unsigned char *X509_alias_get0(X509 *x, int *len)
 {
 	if(!x->aux || !x->aux->alias) return NULL;
 	if(len) *len = x->aux->alias->length;
 	return x->aux->alias->data;
 }
 
-int X509_radd_trust_object(X509 *x, ASN1_OBJECT *obj)
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
 	X509_CERT_AUX *aux;
 	ASN1_OBJECT *objtmp;
@@ -171,7 +171,7 @@ int X509_radd_trust_object(X509 *x, ASN1_OBJECT *obj)
 	return sk_ASN1_OBJECT_push(aux->trust, objtmp);
 }
 
-int X509_radd_reject_object(X509 *x, ASN1_OBJECT *obj)
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
 	X509_CERT_AUX *aux;
 	ASN1_OBJECT *objtmp;

crypto/bf/Makefile.ssl

@@ -49,7 +49,7 @@ lib:	$(LIBOBJ)
 
 # elf
 asm/bx86-elf.o: asm/bx86unix.cpp
-	$(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
+	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
 
 # solaris
 asm/bx86-sol.o: asm/bx86unix.cpp
@@ -65,7 +65,7 @@ asm/bx86-out.o: asm/bx86unix.cpp
 asm/bx86bsdi.o: asm/bx86unix.cpp
 	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
 
-asm/bx86unix.cpp:
+asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
 	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
 
 files:

crypto/bf/Makefile.uni

@@ -1,157 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-DIR=	bf
-TOP=	.
-# use BF_PTR2 for intel boxes,
-# BF_PTR for sparc and MIPS/SGI
-# use nothing for Alpha and HP.
-
-# There are 3 possible performance options, experiment :-)
-#OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
-#OPTS= -DBF_PTR2 # use for pentium
-OPTS=		 # use for pentium pro, Alpha and HP
-
-MAKE=make -f Makefile
-#CC=cc
-#CFLAG= -O
-
-CC=gcc
-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
-CFLAG= -O3 -fomit-frame-pointer
-
-CFLAGS=$(OPTS) $(CFLAG)
-CPP=$(CC) -E
-AS=as
-RANLIB=ranlib
-
-# Assember version of bf_encrypt().
-BF_ENC=bf_enc.o		# normal C version
-#BF_ENC=asm/bx86-elf.o	# elf format x86
-#BF_ENC=asm/bx86-out.o	# a.out format x86
-#BF_ENC=asm/bx86-sol.o	# solaris format x86 
-#BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
-
-LIBDIR=/usr/local/lib
-BINDIR=/usr/local/bin
-INCDIR=/usr/local/include
-MANDIR=/usr/local/man
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-
-GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
-	COPYRIGHT blowfish.doc INSTALL
-
-TESTING=    bftest bfspeed bf_opts
-TESTING_SRC=bftest.c bfspeed.c bf_opts.c
-HEADERS=bf_locl.h blowfish.h bf_pi.h
-
-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
-
-BLIB=	libblowfish.a
-
-all: $(BLIB) $(TESTING)
-
-cc:
-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
-
-gcc:
-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
-
-x86-elf:
-	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
-
-x86-out:
-	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
-
-x86-solaris:
-	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
-
-x86-bsdi:
-	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
-
-# elf
-asm/bx86-elf.o: asm/bx86unix.cpp
-	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
-
-# solaris
-asm/bx86-sol.o: asm/bx86unix.cpp
-	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
-	as -o asm/bx86-sol.o asm/bx86-sol.s
-	rm -f asm/bx86-sol.s
-
-# a.out
-asm/bx86-out.o: asm/bx86unix.cpp
-	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
-
-# bsdi
-asm/bx86bsdi.o: asm/bx86unix.cpp
-	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
-
-asm/bx86unix.cpp:
-	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
-	
-test:	all
-	./bftest
-
-$(BLIB): $(LIBOBJ)
-	/bin/rm -f $(BLIB)
-	ar cr $(BLIB) $(LIBOBJ)
-	$(RANLIB) $(BLIB)
-
-bftest: bftest.o $(BLIB)
-	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
-
-bfspeed: bfspeed.o $(BLIB)
-	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
-
-bf_opts: bf_opts.o $(BLIB)
-	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
-
-tags:
-	ctags $(TESTING_SRC) $(LIBBF)
-
-tar:
-	tar chf libbf.tar $(ALL)
-
-shar:
-	shar $(ALL) >libbf.shar
-
-depend:
-	makedepend $(LIBBF) $(TESTING_SRC)
-
-clean:
-	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
-
-dclean:
-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
-	mv -f Makefile.new Makefile
-
-# Eric is probably going to choke when he next looks at this --tjh
-install: $(BLIB)
-	if test $(INSTALLTOP); then \
-	    echo SSL style install; \
-	    cp $(BLIB) $(INSTALLTOP)/lib; \
-		$(RANLIB) $(BLIB); \
-	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
-	    cp blowfish.h $(INSTALLTOP)/include; \
-	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
-	else \
-	    echo Standalone install; \
-	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
-		$(RANLIB) $(BLIB); \
-	    chmod 644 $(LIBDIR)/$(BLIB); \
-	    cp blowfish.h $(INCDIR)/blowfish.h; \
-	    chmod 644 $(INCDIR)/blowfish.h; \
-	fi
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

crypto/bf/asm/b-win32.asm

@@ -1,906 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by bf-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	bf-586.asm
-        .486
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_BF_encrypt
-
-_BF_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	; Load the 2 words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	xor	eax,		eax
-	mov	ebx,		DWORD PTR [ebp]
-	xor	ecx,		ecx
-	xor	edi,		ebx
-	; 
-	; Round 0
-	mov	edx,		DWORD PTR 4[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 1
-	mov	edx,		DWORD PTR 8[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 2
-	mov	edx,		DWORD PTR 12[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 3
-	mov	edx,		DWORD PTR 16[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 4
-	mov	edx,		DWORD PTR 20[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 5
-	mov	edx,		DWORD PTR 24[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 6
-	mov	edx,		DWORD PTR 28[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 7
-	mov	edx,		DWORD PTR 32[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 8
-	mov	edx,		DWORD PTR 36[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 9
-	mov	edx,		DWORD PTR 40[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 10
-	mov	edx,		DWORD PTR 44[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 11
-	mov	edx,		DWORD PTR 48[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 12
-	mov	edx,		DWORD PTR 52[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 13
-	mov	edx,		DWORD PTR 56[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 14
-	mov	edx,		DWORD PTR 60[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 15
-	mov	edx,		DWORD PTR 64[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	; Load parameter 0 (16) enc=1
-	mov	eax,		DWORD PTR 20[esp]
-	xor	edi,		ebx
-	mov	edx,		DWORD PTR 68[ebp]
-	xor	esi,		edx
-	mov	DWORD PTR 4[eax],edi
-	mov	DWORD PTR [eax],esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_BF_encrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_BF_decrypt
-
-_BF_decrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	; Load the 2 words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	xor	eax,		eax
-	mov	ebx,		DWORD PTR 68[ebp]
-	xor	ecx,		ecx
-	xor	edi,		ebx
-	; 
-	; Round 16
-	mov	edx,		DWORD PTR 64[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 15
-	mov	edx,		DWORD PTR 60[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 14
-	mov	edx,		DWORD PTR 56[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 13
-	mov	edx,		DWORD PTR 52[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 12
-	mov	edx,		DWORD PTR 48[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 11
-	mov	edx,		DWORD PTR 44[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 10
-	mov	edx,		DWORD PTR 40[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 9
-	mov	edx,		DWORD PTR 36[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 8
-	mov	edx,		DWORD PTR 32[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 7
-	mov	edx,		DWORD PTR 28[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 6
-	mov	edx,		DWORD PTR 24[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 5
-	mov	edx,		DWORD PTR 20[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 4
-	mov	edx,		DWORD PTR 16[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 3
-	mov	edx,		DWORD PTR 12[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 2
-	mov	edx,		DWORD PTR 8[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 1
-	mov	edx,		DWORD PTR 4[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	; Load parameter 0 (1) enc=0
-	mov	eax,		DWORD PTR 20[esp]
-	xor	edi,		ebx
-	mov	edx,		DWORD PTR [ebp]
-	xor	esi,		edx
-	mov	DWORD PTR 4[eax],edi
-	mov	DWORD PTR [eax],esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_BF_decrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_BF_cbc_encrypt
-
-_BF_cbc_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	ebp,		DWORD PTR 28[esp]
-	; getting iv ptr from parameter 4
-	mov	ebx,		DWORD PTR 36[esp]
-	mov	esi,		DWORD PTR [ebx]
-	mov	edi,		DWORD PTR 4[ebx]
-	push	edi
-	push	esi
-	push	edi
-	push	esi
-	mov	ebx,		esp
-	mov	esi,		DWORD PTR 36[esp]
-	mov	edi,		DWORD PTR 40[esp]
-	; getting encrypt flag from parameter 5
-	mov	ecx,		DWORD PTR 56[esp]
-	; get and push parameter 3
-	mov	eax,		DWORD PTR 48[esp]
-	push	eax
-	push	ebx
-	cmp	ecx,		0
-	jz	$L000decrypt
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	jz	$L001encrypt_finish
-L002encrypt_loop:
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR 4[esi]
-	xor	eax,		ecx
-	xor	ebx,		edx
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L002encrypt_loop
-$L001encrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L003finish
-	xor	ecx,		ecx
-	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L004cbc_enc_jmp_table[ebp*4]
-	jmp	 ebp
-L005ej7:
-	mov	dh,		BYTE PTR 6[esi]
-	shl	edx,		8
-L006ej6:
-	mov	dh,		BYTE PTR 5[esi]
-L007ej5:
-	mov	dl,		BYTE PTR 4[esi]
-L008ej4:
-	mov	ecx,		DWORD PTR [esi]
-	jmp	$L009ejend
-L010ej3:
-	mov	ch,		BYTE PTR 2[esi]
-	shl	ecx,		8
-L011ej2:
-	mov	ch,		BYTE PTR 1[esi]
-L012ej1:
-	mov	cl,		BYTE PTR [esi]
-$L009ejend:
-	xor	eax,		ecx
-	xor	ebx,		edx
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	jmp	$L003finish
-$L000decrypt:
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	jz	$L013decrypt_finish
-L014decrypt_loop:
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR [edi],ecx
-	mov	DWORD PTR 4[edi],edx
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L014decrypt_loop
-$L013decrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L003finish
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-L015dj7:
-	ror	edx,		16
-	mov	BYTE PTR 6[edi],dl
-	shr	edx,		16
-L016dj6:
-	mov	BYTE PTR 5[edi],dh
-L017dj5:
-	mov	BYTE PTR 4[edi],dl
-L018dj4:
-	mov	DWORD PTR [edi],ecx
-	jmp	$L019djend
-L020dj3:
-	ror	ecx,		16
-	mov	BYTE PTR 2[edi],cl
-	shl	ecx,		16
-L021dj2:
-	mov	BYTE PTR 1[esi],ch
-L022dj1:
-	mov	BYTE PTR [esi],	cl
-$L019djend:
-	jmp	$L003finish
-$L003finish:
-	mov	ecx,		DWORD PTR 60[esp]
-	add	esp,		24
-	mov	DWORD PTR [ecx],eax
-	mov	DWORD PTR 4[ecx],ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L004cbc_enc_jmp_table:
-	DD	0
-	DD	L012ej1
-	DD	L011ej2
-	DD	L010ej3
-	DD	L008ej4
-	DD	L007ej5
-	DD	L006ej6
-	DD	L005ej7
-L023cbc_dec_jmp_table:
-	DD	0
-	DD	L022dj1
-	DD	L021dj2
-	DD	L020dj3
-	DD	L018dj4
-	DD	L017dj5
-	DD	L016dj6
-	DD	L015dj7
-_BF_cbc_encrypt ENDP
-_TEXT	ENDS
-END

crypto/bio/Makefile.ssl

@@ -172,8 +172,10 @@ bss_acpt.o: ../../include/openssl/opensslconf.h
 bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_acpt.o: ../../include/openssl/stack.h ../cryptlib.h
 bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
-bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bss_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_bio.o: ../../include/openssl/stack.h
 bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

crypto/bio/b_print.c

@@ -62,26 +62,783 @@
 
 #include <stdio.h>
 #include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <limits.h>
 #include "cryptlib.h"
+#ifndef NO_SYS_TYPES_H
+#include <sys/types.h>
+#endif
 #include <openssl/bio.h>
 
+#ifdef BN_LLONG
+# ifndef HAVE_LONG_LONG
+#  define HAVE_LONG_LONG 1
+# endif
+#endif
+
+static void dopr (char *buffer, size_t maxlen, size_t *retlen,
+	const char *format, va_list args);
+#ifdef USE_ALLOCATING_PRINT
+static void doapr (char **buffer, size_t *retlen,
+	const char *format, va_list args);
+#endif
+
 int BIO_printf (BIO *bio, ...)
 	{
 	va_list args;
 	char *format;
 	int ret;
+	size_t retlen;
+#ifdef USE_ALLOCATING_PRINT
+	char *hugebuf;
+#else
 	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
+#endif
 
 	va_start(args, bio);
 	format=va_arg(args, char *);
 
+#ifndef USE_ALLOCATING_PRINT
 	hugebuf[0]='\0';
+	dopr(hugebuf, sizeof(hugebuf), &retlen, format, args);
+#else
+	hugebuf = NULL;
+	CRYPTO_push_info("doapr()");
+	doapr(&hugebuf, &retlen, format, args);
+	if (hugebuf)
+		{
+#endif
+		ret=BIO_write(bio, hugebuf, (int)retlen);
 
-	vsprintf(hugebuf,format,args);
-
-	ret=BIO_write(bio,hugebuf,strlen(hugebuf));
-
+#ifdef USE_ALLOCATING_PRINT
+		Free(hugebuf);
+		}
+	CRYPTO_pop_info();
+#endif
 	va_end(args);
 	return(ret);
 	}
 
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell@astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+/*
+ * This code contains numerious changes and enhancements which were
+ * made by lots of contributors over the last years to Patrick Powell's
+ * original code:
+ *
+ * o Patrick Powell <papowell@astart.com>      (1995)
+ * o Brandon Long <blong@fiction.net>          (1996, for Mutt)
+ * o Thomas Roessler <roessler@guug.de>        (1998, for Mutt)
+ * o Michael Elkins <me@cs.hmc.edu>            (1998, for Mutt)
+ * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
+ * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
+ * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
+ */
+
+#if HAVE_LONG_DOUBLE
+#define LDOUBLE long double
+#else
+#define LDOUBLE double
+#endif
+
+#if HAVE_LONG_LONG
+#define LLONG long long
+#else
+#define LLONG long
+#endif
+
+static void fmtstr     (void (*)(char **, size_t *, size_t *, int),
+			char **, size_t *, size_t *, const char *, int, int,
+			int);
+static void fmtint     (void (*)(char **, size_t *, size_t *, int),
+			char **, size_t *, size_t *, LLONG, int, int, int, int);
+static void fmtfp      (void (*)(char **, size_t *, size_t *, int),
+			char **, size_t *, size_t *, LDOUBLE, int, int, int);
+#ifndef USE_ALLOCATING_PRINT
+static int dopr_isbig (size_t, size_t);
+static int dopr_copy (size_t);
+static void dopr_outch (char **, size_t *, size_t *, int);
+#else
+static int doapr_isbig (size_t, size_t);
+static int doapr_copy (size_t);
+static void doapr_outch (char **, size_t *, size_t *, int);
+#endif
+static void _dopr(void (*)(char **, size_t *, size_t *, int),
+		  int (*)(size_t, size_t), int (*)(size_t),
+		  char **buffer, size_t *maxlen, size_t *retlen,
+		  const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+#define DP_F_MINUS      (1 << 0)
+#define DP_F_PLUS       (1 << 1)
+#define DP_F_SPACE      (1 << 2)
+#define DP_F_NUM        (1 << 3)
+#define DP_F_ZERO       (1 << 4)
+#define DP_F_UP         (1 << 5)
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define MAX(p,q) ((p >= q) ? p : q)
+
+#ifndef USE_ALLOCATING_PRINT
+static void
+dopr(
+    char *buffer,
+    size_t maxlen,
+    size_t *retlen,
+    const char *format,
+    va_list args)
+{
+    _dopr(dopr_outch, dopr_isbig, dopr_copy,
+	  &buffer, &maxlen, retlen, format, args);
+}
+
+#else
+static void
+doapr(
+    char **buffer,
+    size_t *retlen,
+    const char *format,
+    va_list args)
+{
+    size_t dummy_maxlen = 0;
+    _dopr(doapr_outch, doapr_isbig, doapr_copy,
+	  buffer, &dummy_maxlen, retlen, format, args);
+}
+#endif
+
+static void
+_dopr(
+    void (*outch_fn)(char **, size_t *, size_t *, int),
+    int (*isbig_fn)(size_t, size_t),
+    int (*copy_fn)(size_t),
+    char **buffer,
+    size_t *maxlen,
+    size_t *retlen,
+    const char *format,
+    va_list args)
+{
+    char ch;
+    LLONG value;
+    LDOUBLE fvalue;
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if ((ch == '\0') || (*isbig_fn)(currlen, *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                (*outch_fn)(buffer, &currlen, maxlen, ch);
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (isdigit((unsigned char)ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (isdigit((unsigned char)ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, LLONG);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                fmtint(outch_fn, buffer, &currlen, maxlen,
+		       value, 10, min, max, flags);
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = (LLONG) va_arg(args,
+                        unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, unsigned LLONG);
+                    break;
+                default:
+                    value = (LLONG) va_arg(args,
+                        unsigned int);
+                    break;
+                }
+                fmtint(outch_fn, buffer, &currlen, maxlen, value,
+                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                       min, max, flags);
+                break;
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                fmtfp(outch_fn, buffer, &currlen, maxlen,
+		      fvalue, min, max, flags);
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'c':
+                (*outch_fn)(buffer, &currlen, maxlen,
+                    va_arg(args, int));
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0)
+                    max = (*copy_fn)(*maxlen);
+                fmtstr(outch_fn, buffer, &currlen, maxlen, strvalue,
+		       flags, min, max);
+                break;
+            case 'p':
+                value = (long)va_arg(args, void *);
+                fmtint(outch_fn, buffer, &currlen, maxlen,
+                    value, 16, min, max, flags);
+                break;
+            case 'n': /* XXX */
+                if (cflags == DP_C_SHORT) {
+                    short int *num;
+                    num = va_arg(args, short int *);
+                    *num = currlen;
+                } else if (cflags == DP_C_LONG) { /* XXX */
+                    long int *num;
+                    num = va_arg(args, long int *);
+                    *num = (long int) currlen;
+                } else if (cflags == DP_C_LLONG) { /* XXX */
+                    LLONG *num;
+                    num = va_arg(args, LLONG *);
+                    *num = (LLONG) currlen;
+                } else {
+                    int    *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                (*outch_fn)(buffer, &currlen, maxlen, ch);
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    if (currlen >= *maxlen - 1)
+        currlen = *maxlen - 1;
+    (*buffer)[currlen] = '\0';
+    *retlen = currlen;
+    return;
+}
+
+static void
+fmtstr(
+    void (*outch_fn)(char **, size_t *, size_t *, int),
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    const char *value,
+    int flags,
+    int min,
+    int max)
+{
+    int padlen, strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+    for (strln = 0; value[strln]; ++strln)
+        ;
+    padlen = min - strln;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (cnt < max)) {
+        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        --padlen;
+        ++cnt;
+    }
+    while (*value && (cnt < max)) {
+        (*outch_fn)(buffer, currlen, maxlen, *value++);
+        ++cnt;
+    }
+    while ((padlen < 0) && (cnt < max)) {
+        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        ++padlen;
+        ++cnt;
+    }
+}
+
+static void
+fmtint(
+    void (*outch_fn)(char **, size_t *, size_t *, int),
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    LLONG value,
+    int base,
+    int min,
+    int max,
+    int flags)
+{
+    int signvalue = 0;
+    unsigned LLONG uvalue;
+    char convert[20];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = -value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] =
+            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned) base];
+        uvalue = (uvalue / (unsigned) base);
+    } while (uvalue && (place < 20));
+    if (place == 20)
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        (*outch_fn)(buffer, currlen, maxlen, signvalue);
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            (*outch_fn)(buffer, currlen, maxlen, '0');
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0)
+        (*outch_fn)(buffer, currlen, maxlen, convert[--place]);
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        ++spadlen;
+    }
+    return;
+}
+
+static LDOUBLE
+abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE
+pow10(int exp)
+{
+    LDOUBLE result = 1;
+    while (exp) {
+        result *= 10;
+        exp--;
+    }
+    return result;
+}
+
+static long
+round(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long) value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static void
+fmtfp(
+    void (*outch_fn)(char **, size_t *, size_t *, int),
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    LDOUBLE fvalue,
+    int min,
+    int max,
+    int flags)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    char iconvert[20];
+    char fconvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+    long intpart;
+    long fracpart;
+
+    if (max < 0)
+        max = 6;
+    ufvalue = abs_val(fvalue);
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
+
+    intpart = (long)ufvalue;
+
+    /* sorry, we only support 9 digits past the decimal because of our
+       conversion method */
+    if (max > 9)
+        max = 9;
+
+    /* we "cheat" by converting the fractional part to integer by
+       multiplying by a factor of 10 */
+    fracpart = round((pow10(max)) * (ufvalue - intpart));
+
+    if (fracpart >= pow10(max)) {
+        intpart++;
+        fracpart -= (long)pow10(max);
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] =
+            (caps ? "0123456789ABCDEF"
+              : "0123456789abcdef")[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < 20));
+    if (iplace == 20)
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    do {
+        fconvert[fplace++] =
+            (caps ? "0123456789ABCDEF"
+              : "0123456789abcdef")[fracpart % 10];
+        fracpart = (fracpart / 10);
+    } while (fracpart && (fplace < 20));
+    if (fplace == 20)
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* -1 for decimal point, another -1 if we are printing a sign */
+    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            (*outch_fn)(buffer, currlen, maxlen, signvalue);
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            (*outch_fn)(buffer, currlen, maxlen, '0');
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        --padlen;
+    }
+    if (signvalue)
+        (*outch_fn)(buffer, currlen, maxlen, signvalue);
+
+    while (iplace > 0)
+        (*outch_fn)(buffer, currlen, maxlen, iconvert[--iplace]);
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0) {
+        (*outch_fn)(buffer, currlen, maxlen, '.');
+
+        while (fplace > 0)
+            (*outch_fn)(buffer, currlen, maxlen, fconvert[--fplace]);
+    }
+    while (zpadlen > 0) {
+        (*outch_fn)(buffer, currlen, maxlen, '0');
+        --zpadlen;
+    }
+
+    while (padlen < 0) {
+        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        ++padlen;
+    }
+}
+
+static int
+dopr_copy(
+    size_t len)
+{
+    return len;
+}
+
+#ifdef USE_ALLOCATING_PRINT
+static int
+doapr_copy(
+    size_t len)
+{
+    /* Return as high an integer as possible */
+    return INT_MAX;
+}
+#endif
+
+static int
+dopr_isbig(
+    size_t currlen,
+    size_t maxlen)
+{
+    return currlen > maxlen;
+}
+
+#ifdef USE_ALLOCATING_PRINT
+static int
+doapr_isbig(
+    size_t currlen,
+    size_t maxlen)
+{
+    return 0;
+}
+#endif
+
+static void
+dopr_outch(
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    int c)
+{
+    if (*currlen < *maxlen)
+        (*buffer)[(*currlen)++] = (char)c;
+    return;
+}
+
+#ifdef USE_ALLOCATING_PRINT
+static void
+doapr_outch(
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    int c)
+{
+    if (*buffer == NULL) {
+	if (*maxlen == 0)
+	    *maxlen = 1024;
+	*buffer = Malloc(*maxlen);
+    }
+    while (*currlen >= *maxlen) {
+	*maxlen += 1024;
+	*buffer = Realloc(*buffer, *maxlen);
+    }
+    /* What to do if *buffer is NULL? */
+    assert(*buffer != NULL);
+
+    (*buffer)[(*currlen)++] = (char)c;
+    return;
+}
+#endif

crypto/bio/bio.h

@@ -507,7 +507,7 @@ int	BIO_set(BIO *a,BIO_METHOD *type);
 int	BIO_free(BIO *a);
 int	BIO_read(BIO *b, void *data, int len);
 int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, const char *data, int len);
+int	BIO_write(BIO *b, const void *data, int len);
 int	BIO_puts(BIO *bp,const char *buf);
 long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
 long	BIO_callback_ctrl(BIO *bp,int cmd,void (*fp)());

crypto/bio/bio_err.c

@@ -54,7 +54,8 @@
  */
 
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file.
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
 
 #include <stdio.h>

crypto/bio/bio_lib.c

@@ -169,7 +169,7 @@ int BIO_read(BIO *b, void *out, int outl)
 	return(i);
 	}
 
-int BIO_write(BIO *b, const char *in, int inl)
+int BIO_write(BIO *b, const void *in, int inl)
 	{
 	int i;
 	long (*cb)();

crypto/bio/bss_bio.c

@@ -19,8 +19,14 @@
 
 #include <openssl/bio.h>
 #include <openssl/err.h>
+#include <openssl/err.h>
 #include <openssl/crypto.h>
 
+#include "openssl/e_os.h"
+#ifndef SSIZE_MAX
+# define SSIZE_MAX INT_MAX
+#endif
+
 static int bio_new(BIO *bio);
 static int bio_free(BIO *bio);
 static int bio_read(BIO *bio, char *buf, int size);
@@ -205,10 +211,10 @@ static int bio_read(BIO *bio, char *buf, int size_)
  */
 /* WARNING: The non-copying interface is largely untested as of yet
  * and may contain bugs. */
-static size_t bio_nread0(BIO *bio, char **buf)
+static ssize_t bio_nread0(BIO *bio, char **buf)
 	{
 	struct bio_bio_st *b, *peer_b;
-	size_t num;
+	ssize_t num;
 	
 	BIO_clear_retry_flags(bio);
 
@@ -243,15 +249,20 @@ static size_t bio_nread0(BIO *bio, char **buf)
 	return num;
 	}
 
-static size_t bio_nread(BIO *bio, char **buf, size_t num)
+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
 	{
 	struct bio_bio_st *b, *peer_b;
-	size_t available;
+	ssize_t num, available;
+
+	if (num_ > SSIZE_MAX)
+		num = SSIZE_MAX;
+	else
+		num = (ssize_t)num_;
 
 	available = bio_nread0(bio, buf);
 	if (num > available)
 		num = available;
-	if (num == 0)
+	if (num <= 0)
 		return num;
 
 	b = bio->ptr;
@@ -351,7 +362,7 @@ static int bio_write(BIO *bio, char *buf, int num_)
  * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
  *  or just         bio_nwrite(), write to buffer)
  */
-static size_t bio_nwrite0(BIO *bio, char **buf)
+static ssize_t bio_nwrite0(BIO *bio, char **buf)
 	{
 	struct bio_bio_st *b;
 	size_t num;
@@ -399,15 +410,20 @@ static size_t bio_nwrite0(BIO *bio, char **buf)
 	return num;
 	}
 
-static size_t bio_nwrite(BIO *bio, char **buf, size_t num)
+static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
 	{
 	struct bio_bio_st *b;
-	size_t space;
+	ssize_t num, space;
+
+	if (num_ > SSIZE_MAX)
+		num = SSIZE_MAX;
+	else
+		num = (ssize_t)num_;
 
 	space = bio_nwrite0(bio, buf);
 	if (num > space)
 		num = space;
-	if (num == 0)
+	if (num <= 0)
 		return num;
 	b = bio->ptr;
 	assert(b != NULL);
@@ -509,6 +525,11 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		ret = 1;
 		break;
 
+	case BIO_C_NREAD0:
+		/* prepare for non-copying read */
+		ret = (long) bio_nread0(bio, ptr);
+		break;
+		
 	case BIO_C_NREAD:
 		/* non-copying read */
 		ret = (long) bio_nread(bio, ptr, (size_t) num);

crypto/bio/bss_log.c

@@ -57,8 +57,8 @@
 	Why BIO_s_log?
 
 	BIO_s_log is useful for system daemons (or services under NT).
-	It is one-way BIO, it sends all stuff to syslogd (or event log
-	under NT).
+	It is one-way BIO, it sends all stuff to syslogd (on system that
+	commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
 
 */
 
@@ -66,29 +66,58 @@
 #include <stdio.h>
 #include <errno.h>
 
-#ifndef WIN32
-#ifdef __ultrix
-#include <sys/syslog.h>
-#else
-#include <syslog.h>
-#endif
-#else
-#include <process.h>
+#if defined(WIN32)
+#  include <process.h>
+#elif defined(VMS) || defined(__VMS)
+#  include <opcdef.h>
+#  include <descrip.h>
+#  include <lib$routines.h>
+#  include <starlet.h>
+#elif defined(__ultrix)
+#  include <sys/syslog.h>
+#elif !defined(MSDOS) /* Unix */
+#  include <syslog.h>
 #endif
 
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+
 #ifndef NO_SYSLOG
 
+#if defined(WIN32)
+#define LOG_EMERG	0
+#define LOG_ALERT	1
+#define LOG_CRIT	2
+#define LOG_ERR		3
+#define LOG_WARNING	4
+#define LOG_NOTICE	5
+#define LOG_INFO	6
+#define LOG_DEBUG	7
+
+#define LOG_DAEMON	(3<<3)
+#elif defined(VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#define LOG_EMERG	0
+#define LOG_ALERT	1
+#define LOG_CRIT	2
+#define LOG_ERR		3
+#define LOG_WARNING	4
+#define LOG_NOTICE	5
+#define LOG_INFO	6
+#define LOG_DEBUG	7
+
+#define LOG_DAEMON	OPC$M_NM_NTWORK
+#endif
 
 static int MS_CALLBACK slg_write(BIO *h,char *buf,int num);
 static int MS_CALLBACK slg_puts(BIO *h,char *str);
 static long MS_CALLBACK slg_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int MS_CALLBACK slg_new(BIO *h);
 static int MS_CALLBACK slg_free(BIO *data);
-static int xopenlog(BIO* bp, const char* name, int level);
-static int xcloselog(BIO* bp);
+static void xopenlog(BIO* bp, const char* name, int level);
+static void xsyslog(BIO* bp, int priority, const char* string);
+static void xcloselog(BIO* bp);
 
 static BIO_METHOD methods_slg=
 	{
@@ -113,11 +142,7 @@ static int MS_CALLBACK slg_new(BIO *bi)
 	bi->init=1;
 	bi->num=0;
 	bi->ptr=NULL;
-#ifndef WIN32
 	xopenlog(bi, "application", LOG_DAEMON);
-#else
-	xopenlog(bi, "application", 0);
-#endif
 	return(1);
 	}
 
@@ -133,43 +158,14 @@ static int MS_CALLBACK slg_write(BIO *b, char *in, int inl)
 	int ret= inl;
 	char* buf= in;
 	char* pp;
-#if defined(WIN32)
-	LPCSTR lpszStrings[2];
-	WORD evtype= EVENTLOG_ERROR_TYPE;
-	int pid = _getpid();
-	char pidbuf[20];
-#else
 	int priority;
-#endif
 
 	if((buf= (char *)Malloc(inl+ 1)) == NULL){
 		return(0);
 	}
 	strncpy(buf, in, inl);
 	buf[inl]= '\0';
-#if defined(WIN32)
-	if(strncmp(buf, "ERR ", 4) == 0){
-		evtype= EVENTLOG_ERROR_TYPE;
-		pp= buf+ 4;
-	}else if(strncmp(buf, "WAR ", 4) == 0){
-		evtype= EVENTLOG_WARNING_TYPE;
-		pp= buf+ 4;
-	}else if(strncmp(buf, "INF ", 4) == 0){
-		evtype= EVENTLOG_INFORMATION_TYPE;
-		pp= buf+ 4;
-	}else{
-		evtype= EVENTLOG_ERROR_TYPE;
-		pp= buf;
-	}
 
-	sprintf(pidbuf, "[%d] ", pid);
-	lpszStrings[0] = pidbuf;
-	lpszStrings[1] = pp;
-
-	if(b->ptr)
-		ReportEvent(b->ptr, evtype, 0, 1024, NULL, 2, 0,
-				lpszStrings, NULL);
-#else
 	if(strncmp(buf, "ERR ", 4) == 0){
 		priority= LOG_ERR;
 		pp= buf+ 4;
@@ -184,8 +180,8 @@ static int MS_CALLBACK slg_write(BIO *b, char *in, int inl)
 		pp= buf;
 	}
 
-	syslog(priority, "%s", pp);
-#endif
+	xsyslog(b, priority, pp);
+
 	Free(buf);
 	return(ret);
 	}
@@ -213,28 +209,128 @@ static int MS_CALLBACK slg_puts(BIO *bp, char *str)
 	return(ret);
 	}
 
-static int xopenlog(BIO* bp, const char* name, int level)
-{
 #if defined(WIN32)
-	if((bp->ptr= (char *)RegisterEventSource(NULL, name)) == NULL){
-		return(0);
-	}
-#else
-	openlog(name, LOG_PID|LOG_CONS, level);
-#endif
-	return(1);
+
+static void xopenlog(BIO* bp, const char* name, int level)
+{
+	bp->ptr= (char *)RegisterEventSource(NULL, name);
 }
 
-static int xcloselog(BIO* bp)
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+	LPCSTR lpszStrings[2];
+	WORD evtype= EVENTLOG_ERROR_TYPE;
+	int pid = _getpid();
+	char pidbuf[20];
+
+	switch (priority)
+		{
+	case LOG_ERR:
+		evtype = EVENTLOG_ERROR_TYPE;
+		break;
+	case LOG_WARNING:
+		evtype = EVENTLOG_WARNING_TYPE;
+		break;
+	case LOG_INFO:
+		evtype = EVENTLOG_INFORMATION_TYPE;
+		break;
+	default:
+		evtype = EVENTLOG_ERROR_TYPE;
+		break;
+		}
+
+	sprintf(pidbuf, "[%d] ", pid);
+	lpszStrings[0] = pidbuf;
+	lpszStrings[1] = string;
+
+	if(bp->ptr)
+		ReportEvent(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
+				lpszStrings, NULL);
+}
+	
+static void xcloselog(BIO* bp)
 {
-#if defined(WIN32)
 	if(bp->ptr)
 		DeregisterEventSource((HANDLE)(bp->ptr));
 	bp->ptr= NULL;
-#else
-	closelog();
-#endif
-	return(1);
 }
 
-#endif
+#elif defined(VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO* bp, const char* name, int level)
+{
+	VMS_OPC_target = level; 
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+	struct dsc$descriptor_s opc_dsc;
+	struct opcdef *opcdef_p;
+	char buf[10240];
+	unsigned int len;
+        struct dsc$descriptor_s buf_dsc;
+	$DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+	char *priority_tag;
+
+	switch (priority)
+	  {
+	  case LOG_EMERG: priority_tag = "Emergency"; break;
+	  case LOG_ALERT: priority_tag = "Alert"; break;
+	  case LOG_CRIT: priority_tag = "Critical"; break;
+	  case LOG_ERR: priority_tag = "Error"; break;
+	  case LOG_WARNING: priority_tag = "Warning"; break;
+	  case LOG_NOTICE: priority_tag = "Notice"; break;
+	  case LOG_INFO: priority_tag = "Info"; break;
+	  case LOG_DEBUG: priority_tag = "DEBUG"; break;
+	  }
+
+	buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+	buf_dsc.dsc$a_pointer = buf;
+	buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+	/* we know there's an 8 byte header.  That's documented */
+	opcdef_p = (struct opcdef *) Malloc(8 + len);
+	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+	opcdef_p->opc$l_ms_rqstid = 0;
+	memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+	opc_dsc.dsc$w_length = len + 8;
+
+	sys$sndopr(opc_dsc, 0);
+
+	Free(opcdef_p);
+}
+
+static void xcloselog(BIO* bp)
+{
+}
+
+#else /* Unix */
+
+static void xopenlog(BIO* bp, const char* name, int level)
+{
+	openlog(name, LOG_PID|LOG_CONS, level);
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+	syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO* bp)
+{
+	closelog();
+}
+
+#endif /* Unix */
+
+#endif /* NO_SYSLOG */

crypto/bn/Makefile.ssl

@@ -59,12 +59,11 @@ all:	lib
 bn_prime.h: bn_prime.pl
 	$(PERL) bn_prime.pl >bn_prime.h
 
-knuth: bn_knuth.c
-	cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
-
-knuth.fast: bn_knuth.c
-	cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+divtest: divtest.c ../../libcrypto.a
+	cc -I../../include divtest.c -o divtest ../../libcrypto.a
 
+bnbug: bnbug.c ../../libcrypto.a top
+	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
@@ -73,10 +72,10 @@ lib:	$(LIBOBJ)
 
 # elf
 asm/bn86-elf.o: asm/bn86unix.cpp
-	$(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
+	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
 
 asm/co86-elf.o: asm/co86unix.cpp
-	$(CPP) -DELF asm/co86unix.cpp | as -o asm/co86-elf.o
+	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
 
 # solaris
 asm/bn86-sol.o: asm/bn86unix.cpp
@@ -103,10 +102,10 @@ asm/bn86bsdi.o: asm/bn86unix.cpp
 asm/co86bsdi.o: asm/co86unix.cpp
 	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
 
-asm/bn86unix.cpp: asm/bn-586.pl
+asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
 
-asm/co86unix.cpp: asm/co-586.pl
+asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
 
 asm/sparcv8.o: asm/sparcv8.S

crypto/bn/asm/README

@@ -1,5 +1,5 @@
 All assember in this directory are just version of the file
-crypto/bn/bn_mulw.c.
+crypto/bn/bn_asm.c.
 
 Quite a few of these files are just the assember output from gcc since on 
 quite a few machines they are 2 times faster than the system compiler.
@@ -15,13 +15,6 @@ On the 2 alpha C compilers I had access to, it was not possible to do
 were 64 bits).  So the hand assember gives access to the 128 bit result and
 a 2 times speedup :-).
 
-The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
-I had such a hard time finding a macro assember for Microsoft, I decided to
-include the object file to save others the hassle :-).
-
-I have also included uu encoded versions of the .obj incase they get
-trashed.
-
 There are 2 versions of assember for the HP PA-RISC.
 pa-risc.s is the origional one which works fine.
 pa-risc2.s is a new version that often generates warnings but if the

crypto/bn/asm/x86w16.asm

@@ -1,297 +0,0 @@
-;	Static Name Aliases
-;
-	TITLE   bn_mulw.c
-	.8087
-F_TEXT	SEGMENT  WORD PUBLIC 'CODE'
-F_TEXT	ENDS
-_DATA	SEGMENT  WORD PUBLIC 'DATA'
-_DATA	ENDS
-_CONST	SEGMENT  WORD PUBLIC 'CONST'
-_CONST	ENDS
-_BSS	SEGMENT  WORD PUBLIC 'BSS'
-_BSS	ENDS
-DGROUP	GROUP	_CONST, _BSS, _DATA
-	ASSUME DS: DGROUP, SS: DGROUP
-F_TEXT      SEGMENT
-	ASSUME	CS: F_TEXT
-	PUBLIC	_bn_mul_add_words
-_bn_mul_add_words	PROC FAR
-; Line 58
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-;	w = 26
-;	num = 24
-;	ap = 20
-;	rp = 16
-	xor	si,si			;c=0;
-	mov	di,WORD PTR [bp+16]	; load r
-	mov	ds,WORD PTR [bp+18]	; load r
-	mov	bx,WORD PTR [bp+20]	; load a
-	mov	es,WORD PTR [bp+22]	; load a
-	mov	cx,WORD PTR [bp+26]	; load w
-	mov	bp,WORD PTR [bp+24]	; load num
-
-	shr	bp,1	; div count by 4 and do groups of 4
-	shr	bp,1
-	je	$L555
-
-$L546:
-	mov	ax,cx
-	mul	WORD PTR es:[bx]	; w* *a
-	add	ax,WORD PTR ds:[di]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di],ax
-	mov	si,dx
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+2]	; w* *a
-	add	ax,WORD PTR ds:[di+2]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+2],ax
-	mov	si,dx
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+4]	; w* *a
-	add	ax,WORD PTR ds:[di+4]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+4],ax
-	mov	si,dx
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+6]	; w* *a
-	add	ax,WORD PTR ds:[di+6]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+6],ax
-	mov	si,dx
-	;
-	add	bx,8
-	add	di,8
-	;
-	dec	bp
-	je	$L555
-	jmp	$L546
-;
-;
-$L555:
-	mov	bp,sp
-	mov	bp,WORD PTR [bp+24]	; load num
-	and	bp,3
-	dec	bp
-	js	$L547
-
-	mov	ax,cx
-	mul	WORD PTR es:[bx]	; w* *a
-	add	ax,WORD PTR ds:[di]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di],ax
-	mov	si,dx
-	dec	bp
-	js	$L547			; Note that we are now testing for -1
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+2]	; w* *a
-	add	ax,WORD PTR ds:[di+2]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+2],ax
-	mov	si,dx
-	dec	bp
-	js	$L547
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+4]	; w* *a
-	add	ax,WORD PTR ds:[di+4]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+4],ax
-	mov	si,dx
-$L547:
-	mov	ax,si
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-
-_bn_mul_add_words	ENDP
-	PUBLIC	_bn_mul_words
-_bn_mul_words	PROC FAR
-; Line 76
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	xor	si,si
-	mov	bp,sp
-	mov	di,WORD PTR [bp+16]	; r
-	mov	ds,WORD PTR [bp+18]
-	mov	bx,WORD PTR [bp+20]	; a
-	mov	es,WORD PTR [bp+22]
-	mov	cx,WORD PTR [bp+26]	; w
-	mov	bp,WORD PTR [bp+24]	; num 
-$FC743:
-	mov	ax,cx
-	mul	WORD PTR es:[bx]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+2]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+2],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+4]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+4],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+6]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+6],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	add	bx,8
-	add	di,8
-	jmp	$FC743
-	nop
-$L764:
-	mov	ax,si
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_mul_words	ENDP
-	PUBLIC	_bn_sqr_words
-_bn_sqr_words	PROC FAR
-; Line 92
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-	mov	si,WORD PTR [bp+16]
-	mov	ds,WORD PTR [bp+18]
-	mov	di,WORD PTR [bp+20]
-	mov	es,WORD PTR [bp+22]
-	mov	bx,WORD PTR [bp+24]
-
-	mov	bp,bx	; save a memory lookup later
-	shr	bx,1	; div count by 4 and do groups of 4
-	shr	bx,1
-	je	$L666
-
-$L765:
-	mov	ax,WORD PTR es:[di]
-	mul	ax
-	mov	WORD PTR ds:[si],ax
-	mov	WORD PTR ds:[si+2],dx
-	;
-	mov	ax,WORD PTR es:[di+2]
-	mul	ax
-	mov	WORD PTR ds:[si+4],ax
-	mov	WORD PTR ds:[si+6],dx
-	;
-	mov	ax,WORD PTR es:[di+4]
-	mul	ax
-	mov	WORD PTR ds:[si+8],ax
-	mov	WORD PTR ds:[si+10],dx
-	;
-	mov	ax,WORD PTR es:[di+6]
-	mul	ax
-	mov	WORD PTR ds:[si+12],ax
-	mov	WORD PTR ds:[si+14],dx
-	;
-	add	di,8
-	add	si,16
-	dec	bx
-	je	$L666
-	jmp	$L765
-$L666:
-	and	bp,3
-	dec	bp	; The copied value of bx (num)
-	js	$L645
-	;
-	mov	ax,WORD PTR es:[di]
-	mul	ax
-	mov	WORD PTR ds:[si],ax
-	mov	WORD PTR ds:[si+2],dx
-	dec	bp
-	js	$L645
-	;
-	mov	ax,WORD PTR es:[di+2]
-	mul	ax
-	mov	WORD PTR ds:[si+4],ax
-	mov	WORD PTR ds:[si+6],dx
-	dec	bp
-	js	$L645
-	;
-	mov	ax,WORD PTR es:[di+4]
-	mul	ax
-	mov	WORD PTR ds:[si+8],ax
-	mov	WORD PTR ds:[si+10],dx
-$L645:
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-
-_bn_sqr_words	ENDP
-	PUBLIC	_bn_div64
-_bn_div64	PROC FAR
-	push	bp
-	mov	bp,sp
-	mov	dx, WORD PTR [bp+6]
-	mov	ax, WORD PTR [bp+8]
-	div	WORD PTR [bp+10]
-	pop	bp
-	ret	
-_bn_div64	ENDP
-F_TEXT	ENDS
-END

crypto/bn/asm/x86w32.asm

@@ -1,360 +0,0 @@
-;	Static Name Aliases
-;
-	TITLE   bn_mulw.c
-	.386
-F_TEXT	SEGMENT  WORD USE16 PUBLIC 'CODE'
-F_TEXT	ENDS
-_DATA	SEGMENT  WORD USE16 PUBLIC 'DATA'
-_DATA	ENDS
-_CONST	SEGMENT  WORD USE16 PUBLIC 'CONST'
-_CONST	ENDS
-_BSS	SEGMENT  WORD USE16 PUBLIC 'BSS'
-_BSS	ENDS
-DGROUP	GROUP	_CONST, _BSS, _DATA
-	ASSUME DS: DGROUP, SS: DGROUP
-F_TEXT      SEGMENT
-	ASSUME	CS: F_TEXT
-	PUBLIC	_bn_mul_add_words
-_bn_mul_add_words	PROC FAR
-; Line 58
-	push	bp
-	push	bx
-	push	esi
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-;	w = 28
-;	num = 26
-;	ap = 22
-;	rp = 18
-	xor	esi,esi			;c=0;
-	mov	di,WORD PTR [bp+18]	; load r
-	mov	ds,WORD PTR [bp+20]	; load r
-	mov	bx,WORD PTR [bp+22]	; load a
-	mov	es,WORD PTR [bp+24]	; load a
-	mov	ecx,DWORD PTR [bp+28]	; load w
-	mov	bp,WORD PTR [bp+26]	; load num
-	shr	bp,1	; div count by 4 and do groups of 4
-	shr	bp,1
-	je	$L555
-
-$L546:
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx]	; w* *a
-	add	eax,DWORD PTR ds:[di]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di],eax
-	mov	esi,edx
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+4]	; w* *a
-	add	eax,DWORD PTR ds:[di+4]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+4],eax
-	mov	esi,edx
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+8]	; w* *a
-	add	eax,DWORD PTR ds:[di+8]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+8],eax
-	mov	esi,edx
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+12]	; w* *a
-	add	eax,DWORD PTR ds:[di+12]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+12],eax
-	mov	esi,edx
-	;
-	add	bx,16
-	add	di,16
-	;
-	dec	bp
-	je	$L555
-	jmp	$L546
-;
-;
-$L555:
-	mov	bp,sp
-	mov	bp,WORD PTR [bp+26]	; load num
-	and	bp,3
-	dec	bp
-	js	$L547m
-
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx]	; w* *a
-	add	eax,DWORD PTR ds:[di]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di],eax
-	mov	esi,edx
-	dec	bp
-	js	$L547m			; Note that we are now testing for -1
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+4]	; w* *a
-	add	eax,DWORD PTR ds:[di+4]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+4],eax
-	mov	esi,edx
-	dec	bp
-	js	$L547m
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+8]	; w* *a
-	add	eax,DWORD PTR ds:[di+8]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+8],eax
-	mov	esi,edx
-$L547m:
-	mov	eax,esi
-	mov	edx,esi
-	shr	edx,16
-	pop	es
-	pop	ds
-	pop	di
-	pop	esi
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_mul_add_words	ENDP
-
-	PUBLIC	_bn_mul_words
-_bn_mul_words	PROC FAR
-; Line 76
-	push	bp
-	push	bx
-	push	esi
-	push	di
-	push	ds
-	push	es
-	xor	esi,esi
-	mov	bp,sp
-	mov	di,WORD PTR [bp+18]	; r
-	mov	ds,WORD PTR [bp+20]
-	mov	bx,WORD PTR [bp+22]	; a
-	mov	es,WORD PTR [bp+24]
-	mov	ecx,DWORD PTR [bp+28]	; w
-	mov	bp,WORD PTR [bp+26]	; num 
-
-$FC743:
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+4]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+4],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+8]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+8],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+12]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+12],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	add	bx,16
-	add	di,16
-	jmp	$FC743
-	nop
-$L764:
-	mov	eax,esi
-	mov	edx,esi
-	shr	edx,16
-	pop	es
-	pop	ds
-	pop	di
-	pop	esi
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_mul_words	ENDP
-	PUBLIC	_bn_sqr_words
-_bn_sqr_words	PROC FAR
-; Line 92
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-	mov	si,WORD PTR [bp+16]
-	mov	ds,WORD PTR [bp+18]
-	mov	di,WORD PTR [bp+20]
-	mov	es,WORD PTR [bp+22]
-	mov	bx,WORD PTR [bp+24]
-
-	mov	bp,bx	; save a memory lookup later
-	shr	bx,1	; div count by 4 and do groups of 4
-	shr	bx,1
-	je	$L666
-
-$L765:
-	mov	eax,DWORD PTR es:[di]
-	mul	eax
-	mov	DWORD PTR ds:[si],eax
-	mov	DWORD PTR ds:[si+4],edx
-	;
-	mov	eax,DWORD PTR es:[di+4]
-	mul	eax
-	mov	DWORD PTR ds:[si+8],eax
-	mov	DWORD PTR ds:[si+12],edx
-	;
-	mov	eax,DWORD PTR es:[di+8]
-	mul	eax
-	mov	DWORD PTR ds:[si+16],eax
-	mov	DWORD PTR ds:[si+20],edx
-	;
-	mov	eax,DWORD PTR es:[di+12]
-	mul	eax
-	mov	DWORD PTR ds:[si+24],eax
-	mov	DWORD PTR ds:[si+28],edx
-	;
-	add	di,16
-	add	si,32
-	dec	bx
-	je	$L666
-	jmp	$L765
-$L666:
-	and	bp,3
-	dec	bp	; The copied value of bx (num)
-	js	$L645
-	;
-	mov	eax,DWORD PTR es:[di]
-	mul	eax
-	mov	DWORD PTR ds:[si],eax
-	mov	DWORD PTR ds:[si+4],edx
-	dec	bp
-	js	$L645
-	;
-	mov	eax,DWORD PTR es:[di+4]
-	mul	eax
-	mov	DWORD PTR ds:[si+8],eax
-	mov	DWORD PTR ds:[si+12],edx
-	dec	bp
-	js	$L645
-	;
-	mov	eax,DWORD PTR es:[di+8]
-	mul	eax
-	mov	DWORD PTR ds:[si+16],eax
-	mov	DWORD PTR ds:[si+20],edx
-$L645:
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-_bn_sqr_words	ENDP
-
-	PUBLIC	_bn_div64
-_bn_div64	PROC FAR
-	push	bp
-	mov	bp,sp
-	mov	edx, DWORD PTR [bp+6]
-	mov	eax, DWORD PTR [bp+10]
-	div	DWORD PTR [bp+14]
-	mov	edx,eax
-	shr	edx,16
-	pop	bp
-	ret	
-_bn_div64	ENDP
-
-	PUBLIC	_bn_add_words
-_bn_add_words	PROC FAR
-; Line 58
-	push	bp
-	push	bx
-	push	esi
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-;	w = 28
-;	num = 26
-;	ap = 22
-;	rp = 18
-	xor	esi,esi			;c=0;
-	mov	bx,WORD PTR [bp+18]	; load low r
-	mov	si,WORD PTR [bp+22]	; load a
-	mov	es,WORD PTR [bp+24]	; load a
-	mov	di,WORD PTR [bp+26]	; load b
-	mov	ds,WORD PTR [bp+28]	; load b
-
-	mov	dx,WORD PTR [bp+30]	; load num
-	xor	ecx,ecx
-	dec	dx
-	js	$L547a
-
-$L5477:
-	mov	eax,DWORD PTR es:[si]	; *a
-	add	eax,ecx
-	mov	ecx,0
-	adc	ecx,0
-	add	si,4			; a++
-	add	eax,DWORD PTR ds:[di]	; + *b
-	adc	ecx,0
-	mov	ds,WORD PTR [bp+20]
-	add	di,4
-	mov	DWORD PTR ds:[bx],eax
-	mov	ds,WORD PTR [bp+28]
-	add	bx,4
-	dec	dx
-	js	$L547a			; Note that we are now testing for -1
-	jmp	$L5477
-	;
-$L547a:
-	mov	eax,ecx
-	mov	edx,ecx
-	shr	edx,16
-	pop	es
-	pop	ds
-	pop	di
-	pop	esi
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_add_words	ENDP
-F_TEXT	ENDS
-END

crypto/bn/bn.h

@@ -89,7 +89,7 @@ extern "C" {
  * For machines with only one compiler (or shared libraries), this should
  * be on.  Again this in only really a problem on machines
  * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
+#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
 #define BN_DIV2W
 #endif
 
@@ -289,7 +289,6 @@ typedef struct bn_recp_ctx_st
 #define BN_prime_checks 0 /* default: select number of iterations
 			     based on the size of the number */
 
-
 /* number of Miller-Rabin iterations for an error rate  of less than 2^-80
  * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
  * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
@@ -319,20 +318,6 @@ typedef struct bn_recp_ctx_st
 /*#define BN_ascii2bn(a)	BN_hex2bn(a) */
 /*#define BN_bn2ascii(a)	BN_bn2hex(a) */
 
-#define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\
-	(n):bn_expand2((n),(b)/BN_BITS2+1))
-#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
-
-#define bn_fix_top(a) \
-        { \
-        BN_ULONG *ftl; \
-	if ((a)->top > 0) \
-		{ \
-		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-		if (*(ftl--)) break; \
-		} \
-	}
-
 BIGNUM *BN_value_one(void);
 char *	BN_options(void);
 BN_CTX *BN_CTX_new(void);
@@ -385,19 +370,18 @@ int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
 	BIGNUM *m,BN_CTX *ctx);
 int	BN_mask_bits(BIGNUM *a,int n);
 int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#ifndef WIN16
+#ifndef NO_FP_API
 int	BN_print_fp(FILE *fp, const BIGNUM *a);
 #endif
 #ifdef HEADER_BIO_H
 int	BN_print(BIO *fp, const BIGNUM *a);
 #else
-int	BN_print(char *fp, const BIGNUM *a);
+int	BN_print(void *fp, const BIGNUM *a);
 #endif
 int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
 int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
 int	BN_rshift1(BIGNUM *r, BIGNUM *a);
 void	BN_clear(BIGNUM *a);
-BIGNUM *bn_expand2(BIGNUM *b, int bits);
 BIGNUM *BN_dup(const BIGNUM *a);
 int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
 int	BN_set_bit(BIGNUM *a, int n);
@@ -418,13 +402,6 @@ int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
 		int do_trial_division);
 void	ERR_load_BN_strings(void );
 
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
-
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
@@ -454,6 +431,39 @@ int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
 		BN_RECP_CTX *recp, BN_CTX *ctx);
 
+/* library internal functions */
+
+#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->max)?\
+	(a):bn_expand2((a),(bits)/BN_BITS2+1))
+#define bn_wexpand(a,words) (((words) <= (a)->max)?(a):bn_expand2((a),(words)))
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *ftl; \
+	if ((a)->top > 0) \
+		{ \
+		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(ftl--)) break; \
+		} \
+	}
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+
+#ifdef BN_DEBUG
+  void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n);
+# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
+   fprintf(stderr,"\n");}
+# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
+#else
+# define bn_print(a)
+# define bn_dump(a,b)
+#endif
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

crypto/bn/bn_asm.c

@@ -56,7 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
 #include <stdio.h>
+#include <assert.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
@@ -66,7 +72,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c1=0;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return(c1);
 
 	while (num&~3)
@@ -91,7 +97,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c1=0;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return(c1);
 
 	while (num&~3)
@@ -113,7 +119,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 
 void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
         {
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return;
 	while (n&~3)
 		{
@@ -131,14 +137,14 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
 		}
 	}
 
-#else
+#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
 
 BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c=0;
 	BN_ULONG bl,bh;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return((BN_ULONG)0);
 
 	bl=LBITS(w);
@@ -165,7 +171,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 	BN_ULONG carry=0;
 	BN_ULONG bl,bh;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return((BN_ULONG)0);
 
 	bl=LBITS(w);
@@ -189,7 +195,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
 
 void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
         {
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return;
 	for (;;)
 		{
@@ -210,7 +216,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
 		}
 	}
 
-#endif
+#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
 
 #if defined(BN_LLONG) && defined(BN_DIV2W)
 
@@ -292,14 +298,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 	ret|=q;
 	return(ret);
 	}
-#endif
+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
 
 #ifdef BN_LLONG
 BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
         {
 	BN_ULLONG ll=0;
 
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return((BN_ULONG)0);
 
 	for (;;)
@@ -330,12 +336,12 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 		}
 	return((BN_ULONG)ll);
 	}
-#else
+#else /* !BN_LLONG */
 BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
         {
 	BN_ULONG c,l,t;
 
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return((BN_ULONG)0);
 
 	c=0;
@@ -379,14 +385,14 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 		}
 	return((BN_ULONG)c);
 	}
-#endif
+#endif /* !BN_LLONG */
 
 BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
         {
 	BN_ULONG t1,t2;
 	int c=0;
 
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return((BN_ULONG)0);
 
 	for (;;)
@@ -425,6 +431,11 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 #undef bn_sqr_comba8
 #undef bn_sqr_comba4
 
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
 #ifdef BN_LLONG
 #define mul_add_c(a,b,c0,c1,c2) \
 	t=(BN_ULLONG)a*b; \
@@ -484,7 +495,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 #define sqr_add_c2(a,i,j,c0,c1,c2)	\
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
 
-#else
+#else /* !BN_LLONG */
 #define mul_add_c(a,b,c0,c1,c2) \
 	t1=LBITS(a); t2=HBITS(a); \
 	bl=LBITS(b); bh=HBITS(b); \
@@ -511,7 +522,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 
 #define sqr_add_c2(a,i,j,c0,c1,c2) \
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif
+#endif /* !BN_LLONG */
 
 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
@@ -786,7 +797,7 @@ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
 	r[6]=c1;
 	r[7]=c2;
 	}
-#else
+#else /* !BN_MUL_COMBA */
 
 /* hmm... is it faster just to do a multiply? */
 #undef bn_sqr_comba4
@@ -823,4 +834,4 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
 	}
 
-#endif /* BN_COMBA */
+#endif /* !BN_MUL_COMBA */

crypto/bn/bn_comba.c

@@ -1,345 +0,0 @@
-/* crypto/bn/bn_comba.c */
-#include <stdio.h>
-#include "bn_lcl.h"
-/* Auto generated from crypto/bn/comba.pl
- */
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	tt=(t+t)&BN_MASK; \
-	if (tt < t) c2++; \
-	t1=(BN_ULONG)Lw(tt); \
-	t2=(BN_ULONG)Hw(tt); \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	t=(BN_ULLONG)a[i]*a[i]; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#else
-#define mul_add_c(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	if (t2 & BN_TBIT) c2++; \
-	t2=(t2+t2)&BN_MASK2; \
-	if (t1 & BN_TBIT) t2++; \
-	t1=(t1+t1)&BN_MASK2; \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	sqr64(t1,t2,(a)[i]); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif
-
-void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
-void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
-
-void bn_mul_comba88(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[4],b[0],c2,c3,c1);
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	mul_add_c(a[0],b[4],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[0],b[5],c3,c1,c2);
-	mul_add_c(a[1],b[4],c3,c1,c2);
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	mul_add_c(a[4],b[1],c3,c1,c2);
-	mul_add_c(a[5],b[0],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[6],b[0],c1,c2,c3);
-	mul_add_c(a[5],b[1],c1,c2,c3);
-	mul_add_c(a[4],b[2],c1,c2,c3);
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	mul_add_c(a[2],b[4],c1,c2,c3);
-	mul_add_c(a[1],b[5],c1,c2,c3);
-	mul_add_c(a[0],b[6],c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	mul_add_c(a[0],b[7],c2,c3,c1);
-	mul_add_c(a[1],b[6],c2,c3,c1);
-	mul_add_c(a[2],b[5],c2,c3,c1);
-	mul_add_c(a[3],b[4],c2,c3,c1);
-	mul_add_c(a[4],b[3],c2,c3,c1);
-	mul_add_c(a[5],b[2],c2,c3,c1);
-	mul_add_c(a[6],b[1],c2,c3,c1);
-	mul_add_c(a[7],b[0],c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	mul_add_c(a[7],b[1],c3,c1,c2);
-	mul_add_c(a[6],b[2],c3,c1,c2);
-	mul_add_c(a[5],b[3],c3,c1,c2);
-	mul_add_c(a[4],b[4],c3,c1,c2);
-	mul_add_c(a[3],b[5],c3,c1,c2);
-	mul_add_c(a[2],b[6],c3,c1,c2);
-	mul_add_c(a[1],b[7],c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	mul_add_c(a[2],b[7],c1,c2,c3);
-	mul_add_c(a[3],b[6],c1,c2,c3);
-	mul_add_c(a[4],b[5],c1,c2,c3);
-	mul_add_c(a[5],b[4],c1,c2,c3);
-	mul_add_c(a[6],b[3],c1,c2,c3);
-	mul_add_c(a[7],b[2],c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	mul_add_c(a[7],b[3],c2,c3,c1);
-	mul_add_c(a[6],b[4],c2,c3,c1);
-	mul_add_c(a[5],b[5],c2,c3,c1);
-	mul_add_c(a[4],b[6],c2,c3,c1);
-	mul_add_c(a[3],b[7],c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	mul_add_c(a[4],b[7],c3,c1,c2);
-	mul_add_c(a[5],b[6],c3,c1,c2);
-	mul_add_c(a[6],b[5],c3,c1,c2);
-	mul_add_c(a[7],b[4],c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	mul_add_c(a[7],b[5],c1,c2,c3);
-	mul_add_c(a[6],b[6],c1,c2,c3);
-	mul_add_c(a[5],b[7],c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	mul_add_c(a[6],b[7],c2,c3,c1);
-	mul_add_c(a[7],b[6],c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	mul_add_c(a[7],b[7],c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_mul_comba44(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-
-void bn_sqr_comba88(BN_ULONG *r, BN_ULONG *a)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	sqr_add_c2(a,4,0,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,5,0,c3,c1,c2);
-	sqr_add_c2(a,4,1,c3,c1,c2);
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	sqr_add_c2(a,4,2,c1,c2,c3);
-	sqr_add_c2(a,5,1,c1,c2,c3);
-	sqr_add_c2(a,6,0,c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	sqr_add_c2(a,7,0,c2,c3,c1);
-	sqr_add_c2(a,6,1,c2,c3,c1);
-	sqr_add_c2(a,5,2,c2,c3,c1);
-	sqr_add_c2(a,4,3,c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	sqr_add_c(a,4,c3,c1,c2);
-	sqr_add_c2(a,5,3,c3,c1,c2);
-	sqr_add_c2(a,6,2,c3,c1,c2);
-	sqr_add_c2(a,7,1,c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	sqr_add_c2(a,7,2,c1,c2,c3);
-	sqr_add_c2(a,6,3,c1,c2,c3);
-	sqr_add_c2(a,5,4,c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	sqr_add_c(a,5,c2,c3,c1);
-	sqr_add_c2(a,6,4,c2,c3,c1);
-	sqr_add_c2(a,7,3,c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	sqr_add_c2(a,7,4,c3,c1,c2);
-	sqr_add_c2(a,6,5,c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	sqr_add_c(a,6,c1,c2,c3);
-	sqr_add_c2(a,7,5,c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	sqr_add_c2(a,7,6,c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	sqr_add_c(a,7,c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_sqr_comba44(BN_ULONG *r, BN_ULONG *a)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}

crypto/bn/bn_err.c

@@ -54,7 +54,8 @@
  */
 
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file.
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
 
 #include <stdio.h>

crypto/bn/bn_lcl.h

@@ -73,19 +73,6 @@ extern "C" {
 #define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
 #define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
 
-#if 0
-#ifndef BN_MUL_COMBA
-/* #define bn_mul_comba8(r,a,b)	bn_mul_normal(r,a,8,b,8) */
-/* #define bn_mul_comba4(r,a,b)	bn_mul_normal(r,a,4,b,4) */
-#endif
-
-#ifndef BN_SQR_COMBA
-/* This is probably faster than using the C code - I need to check */
-#define bn_sqr_comba8(r,a)	bn_mul_normal(r,a,8,a,8)
-#define bn_sqr_comba4(r,a)	bn_mul_normal(r,a,4,a,4)
-#endif
-#endif
-
 #if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC)
 /*
  * BN_UMULT_HIGH section.
@@ -140,15 +127,12 @@ extern "C" {
 #define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
 #define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
 
-/* These are used for internal error checking and are not normally used */
+/* This is used for internal error checking and is not normally used */
 #ifdef BN_DEBUG
-#define bn_check_top(a) \
-	{ if (((a)->top < 0) || ((a)->top > (a)->max)) \
-		{ char *nullp=NULL; *nullp='z'; } }
-#define bn_check_num(a) if ((a) < 0) { char *nullp=NULL; *nullp='z'; }
+# include <assert.h>
+# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->max);
 #else
-#define bn_check_top(a)
-#define bn_check_num(a)
+# define bn_check_top(a)
 #endif
 
 /* This macro is to add extra stuff for development checking */
@@ -182,8 +166,6 @@ extern "C" {
 	bn_set_max(r); \
 	}
 
-/* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
-
 #ifdef BN_LLONG
 #define mul_add(r,a,w,c) { \
 	BN_ULLONG t; \
@@ -313,21 +295,7 @@ extern "C" {
 	(c)=h&BN_MASK2; \
 	(r)=l&BN_MASK2; \
 	}
-
-#endif
-
-OPENSSL_EXTERN int bn_limit_bits;
-OPENSSL_EXTERN int bn_limit_num;        /* (1<<bn_limit_bits) */
-/* Recursive 'low' limit */
-OPENSSL_EXTERN int bn_limit_bits_low;
-OPENSSL_EXTERN int bn_limit_num_low;    /* (1<<bn_limit_bits_low) */
-/* Do modified 'high' part calculation' */
-OPENSSL_EXTERN int bn_limit_bits_high;
-OPENSSL_EXTERN int bn_limit_num_high;   /* (1<<bn_limit_bits_high) */
-OPENSSL_EXTERN int bn_limit_bits_mont;
-OPENSSL_EXTERN int bn_limit_num_mont;   /* (1<<bn_limit_bits_mont) */
-
-BIGNUM *bn_expand2(BIGNUM *b, int bits);
+#endif /* !BN_LLONG */
 
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);

crypto/bn/bn_lib.c

@@ -71,14 +71,14 @@ const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
  * 7 - 128 == 4096
  * 8 - 256 == 8192
  */
-OPENSSL_GLOBAL int bn_limit_bits=0;
-OPENSSL_GLOBAL int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-OPENSSL_GLOBAL int bn_limit_bits_low=0;
-OPENSSL_GLOBAL int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-OPENSSL_GLOBAL int bn_limit_bits_high=0;
-OPENSSL_GLOBAL int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-OPENSSL_GLOBAL int bn_limit_bits_mont=0;
-OPENSSL_GLOBAL int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
+static int bn_limit_bits=0;
+static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low=0;
+static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high=0;
+static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont=0;
+static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
 
 void BN_set_params(int mult, int high, int low, int mont)
 	{
@@ -305,10 +305,10 @@ BIGNUM *BN_new(void)
 	}
 
 /* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'bits' bit number.  It is
- * mostly used by the various BIGNUM routines.  If there is an error,
- * NULL is returned. if not, 'b' is returned.
- */
+ * It ensures that 'b' has enough room for a 'words' word number number.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
+
 BIGNUM *bn_expand2(BIGNUM *b, int words)
 	{
 	BN_ULONG *A,*a;

crypto/bn/bn_mont.c

@@ -73,6 +73,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
 	BIGNUM *tmp,*tmp2;
+	int ret=0;
 
 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
@@ -101,10 +102,10 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 		}
 	/* reduce from aRR to aR */
 	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-	BN_CTX_end(ctx);
-	return(1);
+	ret=1;
 err:
-	return(0);
+	BN_CTX_end(ctx);
+	return(ret);
 	}
 
 int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,

crypto/bn/bn_mul.c

@@ -61,6 +61,9 @@
 #include "bn_lcl.h"
 
 #ifdef BN_RECURSION
+/* Karatsuba recursive multiplication algorithm
+ * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
+
 /* r is 2*n2 words in size,
  * a and b are both n2 words in size.
  * n2 must be a power of 2.
@@ -78,21 +81,23 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 	unsigned int neg,zero;
 	BN_ULONG ln,lo,*p;
 
-#ifdef BN_COUNT
-printf(" bn_mul_recursive %d * %d\n",n2,n2);
-#endif
-#ifdef BN_MUL_COMBA
-/*	if (n2 == 4)
+# ifdef BN_COUNT
+	printf(" bn_mul_recursive %d * %d\n",n2,n2);
+# endif
+# ifdef BN_MUL_COMBA
+#  if 0
+	if (n2 == 4)
 		{
 		bn_mul_comba4(r,a,b);
 		return;
 		}
-	else */ if (n2 == 8)
+#  endif
+	if (n2 == 8)
 		{
 		bn_mul_comba8(r,a,b);
 		return; 
 		}
-#endif
+# endif /* BN_MUL_COMBA */
 	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
 		{
 		/* This should not happen */
@@ -136,7 +141,7 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 		break;
 		}
 
-#ifdef BN_MUL_COMBA
+# ifdef BN_MUL_COMBA
 	if (n == 4)
 		{
 		if (!zero)
@@ -158,7 +163,7 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
 		}
 	else
-#endif
+# endif /* BN_MUL_COMBA */
 		{
 		p= &(t[n2*2]);
 		if (!zero)
@@ -219,12 +224,12 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
 	     int n, BN_ULONG *t)
 	{
 	int i,j,n2=n*2;
-	unsigned int c1;
+	unsigned int c1,c2,neg,zero;
 	BN_ULONG ln,lo,*p;
 
-#ifdef BN_COUNT
-printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-#endif
+# ifdef BN_COUNT
+	printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+# endif
 	if (n < 8)
 		{
 		i=tn+n;
@@ -233,17 +238,54 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
 		}
 
 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	bn_sub_words(t,      a,      &(a[n]),n); /* + */
-	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-
-/*	if (n == 4)
+	c1=bn_cmp_words(a,&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),b,n);
+	zero=neg=0;
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		break;
+	case -3:
+		zero=1;
+		/* break; */
+	case -2:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		/* break; */
+	case 2:
+		bn_sub_words(t,      a,      &(a[n]),n); /* + */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		/* break; */
+	case 4:
+		bn_sub_words(t,      a,      &(a[n]),n);
+		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+		break;
+		}
+		/* The zero case isn't yet implemented here. The speedup
+		   would probably be negligible. */
+# if 0
+	if (n == 4)
 		{
 		bn_mul_comba4(&(t[n2]),t,&(t[n]));
 		bn_mul_comba4(r,a,b);
 		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
 		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
 		}
-	else */ if (n == 8)
+	else
+# endif
+	if (n == 8)
 		{
 		bn_mul_comba8(&(t[n2]),t,&(t[n]));
 		bn_mul_comba8(r,a,b);
@@ -308,7 +350,16 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
 	 */
 
 	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+	if (neg) /* if t[32] is negative */
+		{
+		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+		}
+	else
+		{
+		/* Might have a carry */
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+		}
 
 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
 	 * r[10] holds (a[0]*b[0])
@@ -345,9 +396,9 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 	{
 	int n=n2/2;
 
-#ifdef BN_COUNT
-printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
-#endif
+# ifdef BN_COUNT
+	printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+# endif
 
 	bn_mul_recursive(r,a,b,n,&(t[0]));
 	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
@@ -379,9 +430,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 	int neg,oneg,zero;
 	BN_ULONG ll,lc,*lp,*mp;
 
-#ifdef BN_COUNT
-printf(" bn_mul_high %d * %d\n",n2,n2);
-#endif
+# ifdef BN_COUNT
+	printf(" bn_mul_high %d * %d\n",n2,n2);
+# endif
 	n=n2/2;
 
 	/* Calculate (al-ah)*(bh-bl) */
@@ -424,14 +475,14 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 	oneg=neg;
 	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
 	/* r[10] = (a[1]*b[1]) */
-#ifdef BN_MUL_COMBA
+# ifdef BN_MUL_COMBA
 	if (n == 8)
 		{
 		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
 		bn_mul_comba8(r,&(a[n]),&(b[n]));
 		}
 	else
-#endif
+# endif
 		{
 		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
 		bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
@@ -555,19 +606,23 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 			}
 		}
 	}
-#endif
+#endif /* BN_RECURSION */
 
 int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	{
 	int top,al,bl;
 	BIGNUM *rr;
+	int ret = 0;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+	int i;
+#endif
 #ifdef BN_RECURSION
 	BIGNUM *t;
-	int i,j,k;
+	int j,k;
 #endif
 
 #ifdef BN_COUNT
-printf("BN_mul %d * %d\n",a->top,b->top);
+	printf("BN_mul %d * %d\n",a->top,b->top);
 #endif
 
 	bn_check_top(a);
@@ -594,113 +649,90 @@ printf("BN_mul %d * %d\n",a->top,b->top);
 		rr = r;
 
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-	if (al == bl)
+	i = al-bl;
+#endif
+#ifdef BN_MUL_COMBA
+	if (i == 0)
 		{
-#  ifdef BN_MUL_COMBA
-/*		if (al == 4)
+# if 0
+		if (al == 4)
 			{
 			if (bn_wexpand(rr,8) == NULL) goto err;
 			rr->top=8;
 			bn_mul_comba4(rr->d,a->d,b->d);
 			goto end;
 			}
-		else */ if (al == 8)
+# endif
+		if (al == 8)
 			{
 			if (bn_wexpand(rr,16) == NULL) goto err;
 			rr->top=16;
 			bn_mul_comba8(rr->d,a->d,b->d);
 			goto end;
 			}
-		else
-#  endif
-#ifdef BN_RECURSION
-		if (al < BN_MULL_SIZE_NORMAL)
-#endif
-			{
-			if (bn_wexpand(rr,top) == NULL) goto err;
-			rr->top=top;
-			bn_mul_normal(rr->d,a->d,al,b->d,bl);
-			goto end;
-			}
-#  ifdef BN_RECURSION
-		goto symmetric;
-#  endif
 		}
-#endif
+#endif /* BN_MUL_COMBA */
 #ifdef BN_RECURSION
-	else if ((al < BN_MULL_SIZE_NORMAL) || (bl < BN_MULL_SIZE_NORMAL))
+	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
 		{
-		if (bn_wexpand(rr,top) == NULL) goto err;
-		rr->top=top;
-		bn_mul_normal(rr->d,a->d,al,b->d,bl);
-		goto end;
-		}
-	else
-		{
-		i=(al-bl);
-		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
 			bn_wexpand(b,al);
 			b->d[bl]=0;
 			bl++;
-			goto symmetric;
+			i--;
 			}
-		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
 			bn_wexpand(a,bl);
 			a->d[al]=0;
 			al++;
-			goto symmetric;
+			i++;
+			}
+		if (i == 0)
+			{
+			/* symmetric and > 4 */
+			/* 16 or larger */
+			j=BN_num_bits_word((BN_ULONG)al);
+			j=1<<(j-1);
+			k=j+j;
+			t = BN_CTX_get(ctx);
+			if (al == j) /* exact multiple */
+				{
+				bn_wexpand(t,k*2);
+				bn_wexpand(rr,k*2);
+				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+				}
+			else
+				{
+				bn_wexpand(a,k);
+				bn_wexpand(b,k);
+				bn_wexpand(t,k*4);
+				bn_wexpand(rr,k*4);
+				for (i=a->top; i<k; i++)
+					a->d[i]=0;
+				for (i=b->top; i<k; i++)
+					b->d[i]=0;
+				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
+				}
+			rr->top=top;
+			goto end;
 			}
 		}
-#endif
-
-	/* asymmetric and >= 4 */ 
+#endif /* BN_RECURSION */
 	if (bn_wexpand(rr,top) == NULL) goto err;
 	rr->top=top;
 	bn_mul_normal(rr->d,a->d,al,b->d,bl);
 
-#ifdef BN_RECURSION
-	if (0)
-		{
-symmetric:
-		/* symmetric and > 4 */
-		/* 16 or larger */
-		j=BN_num_bits_word((BN_ULONG)al);
-		j=1<<(j-1);
-		k=j+j;
-		t = BN_CTX_get(ctx);
-		if (al == j) /* exact multiple */
-			{
-			bn_wexpand(t,k*2);
-			bn_wexpand(rr,k*2);
-			bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
-			}
-		else
-			{
-			bn_wexpand(a,k);
-			bn_wexpand(b,k);
-			bn_wexpand(t,k*4);
-			bn_wexpand(rr,k*4);
-			for (i=a->top; i<k; i++)
-				a->d[i]=0;
-			for (i=b->top; i<k; i++)
-				b->d[i]=0;
-			bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
-			}
-		rr->top=top;
-		}
-#endif
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
 end:
 #endif
 	bn_fix_top(rr);
 	if (r != rr) BN_copy(r,rr);
-	BN_CTX_end(ctx);
-	return(1);
+	ret=1;
 err:
 	BN_CTX_end(ctx);
-	return(0);
+	return(ret);
 	}
 
 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
@@ -708,7 +740,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
 	BN_ULONG *rr;
 
 #ifdef BN_COUNT
-printf(" bn_mul_normal %d * %d\n",na,nb);
+	printf(" bn_mul_normal %d * %d\n",na,nb);
 #endif
 
 	if (na < nb)
@@ -742,7 +774,7 @@ printf(" bn_mul_normal %d * %d\n",na,nb);
 void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 	{
 #ifdef BN_COUNT
-printf(" bn_mul_low_normal %d * %d\n",n,n);
+	printf(" bn_mul_low_normal %d * %d\n",n,n);
 #endif
 	bn_mul_words(r,a,n,b[0]);
 
@@ -760,4 +792,3 @@ printf(" bn_mul_low_normal %d * %d\n",n,n);
 		b+=4;
 		}
 	}
-

crypto/bn/bn_opts.c

@@ -1,326 +0,0 @@
-/* unused */
-
-/* crypto/bn/bn_opts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/tmdiff.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-
-#define DEFAULT_SIZE	512
-#define DEFAULT_TIME	3
-
-int verbose=1;
-
-typedef struct parms_st
-	{
-	char *name;
-	void (*func)();
-	BIGNUM r;
-	BIGNUM a;
-	BIGNUM b;
-	BIGNUM c;
-	BIGNUM low;
-	BN_CTX *ctx;
-	BN_MONT_CTX *mont;
-	int w;
-	} PARMS;
-
-void do_mul_exp(int num,PARMS *p);
-void do_mul(int num,PARMS *p);
-void do_sqr(int num,PARMS *p);
-void do_mul_low(int num,PARMS *p);
-void do_mul_high(int num,PARMS *p);
-void do_from_montgomery(int num,PARMS *p);
-int time_it(int sec, PARMS *p);
-void do_it(int sec, PARMS *p);
-
-#define P_EXP	1
-#define P_MUL	2
-#define P_SQR	3
-#define P_MULL	4
-#define P_MULH	5
-#define P_MRED	6
-
-int main(int argc, char **argv)
-	{
-	PARMS p;
-	BN_MONT_CTX *mont;
-	int size=0,num;
-	char *name;
-	int type=P_EXP;
-
-	mont=BN_MONT_CTX_new();
-	p.mont=NULL;
-	p.ctx=BN_CTX_new();
-	BN_init(&p.r);
-	BN_init(&p.a);
-	BN_init(&p.b);
-	BN_init(&p.c);
-	BN_init(&p.low);
-	p.w=0;
-
-	for (;;)
-		{
-		if (argc > 1)
-			{
-			if (argv[1][0] == '-')
-				{
-				switch(argv[1][1])
-					{
-				case 'e': type=P_EXP; break;
-				case 'm': type=P_MUL; break;
-				case 's': type=P_SQR; break;
-				case 'l': type=P_MULL; break;
-				case 'h': type=P_MULH; break;
-				case 'r': type=P_MRED; break;
-				default:
-					fprintf(stderr,"options: -[emslhr]\n");
-					exit(1);
-					}
-				}
-			else
-				{
-				size=atoi(argv[1]);
-				}
-			argc--;
-			argv++;
-			}
-		else
-			break;
-		}
-	if (size == 0)
-		size=DEFAULT_SIZE;
-
-	printf("bit size:%5d\n",size);
-
-	BN_rand(&p.a,size,1,0);
-	BN_rand(&p.b,size,1,0);
-	BN_rand(&p.c,size,1,1);
-	BN_mod(&p.a,&p.a,&p.c,p.ctx);
-	BN_mod(&p.b,&p.b,&p.c,p.ctx);
-	p.w=(p.a.top+1)/2;
-
-	BN_mul(&p.low,&p.a,&p.b,p.ctx);
-	p.low.top=p.a.top;
-	
-	switch(type)
-		{
-	case P_EXP:
-		p.name="r=a^b%c";
-		p.func=do_mul_exp;
-		p.mont=mont;
-		break;
-	case P_MUL:
-		p.name="r=a*b";
-		p.func=do_mul;
-		break;
-	case P_SQR:
-		p.name="r=a*a";
-		p.func=do_sqr;
-		break;
-	case P_MULL:
-		p.name="r=low(a*b)";
-		p.func=do_mul_low;
-		break;
-	case P_MULH:
-		p.name="r=high(a*b)";
-		p.func=do_mul_high;
-		break;
-	case P_MRED:
-		p.name="r=montgomery_reduction(a)";
-		p.func=do_from_montgomery;
-		p.mont=mont;
-		break;
-	default:
-		fprintf(stderr,"options: -[emslhr]\n");
-		exit(1);
-		}
-
-	num=time_it(DEFAULT_TIME,&p);
-	do_it(num,&p);
-	}
-
-void do_it(int num, PARMS *p)
-	{
-	char *start,*end;
-	int i,j,number;
-	double d;
-
-	start=ms_time_new();
-	end=ms_time_new();
-
-	number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
-		BN_num_bits_word(BN_BITS2)+2;
-	for (i=number-1; i >=0; i--)
-		{
-		if (i == 1) continue;
-		BN_set_params(i,i,i,1);
-		if (p->mont != NULL)
-			BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
-
-		printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
-			(1<<i)*BN_BITS2,i,
-				BN_get_params(0),
-				BN_get_params(1),
-				BN_get_params(2),
-				BN_get_params(3));
-		fflush(stdout);
-
-		ms_time_get(start);
-		p->func(num,p);
-		ms_time_get(end);
-		d=ms_time_diff(start,end);
-		printf("%6.6f sec, or %d in %.4f seconds\n",
-			(double)d/num,num,d);
-		}
-	}
-
-int time_it(int sec, PARMS *p)
-	{
-	char *start,*end;
-	int i,j;
-	double d;
-
-	if (p->mont != NULL)
-		BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
-
-	start=ms_time_new();
-	end=ms_time_new();
-
-	i=1;
-	for (;;)
-		{
-		if (verbose)
-			printf("timing %s for %d iterations\n",p->name,i);
-
-		ms_time_get(start);
-		p->func(i,p);
-		ms_time_get(end);
-		d=ms_time_diff(start,end);
-
-		if 	(d < 0.01) i*=100;
-		else if (d < 0.1 ) i*=10;
-		else if (d > (double)sec) break;
-		else
-			{
-			i=(int)(1.0*i*sec/d);
-			break;
-			}
-		}
-	if (verbose)
-		printf("using %d iterations\n",i);
-	return(i);
-	}
-
-void do_mul_exp(int num, PARMS *p)
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-		BN_mod_exp_mont(&(p->r),&(p->a),&(p->b),&(p->c),
-			p->ctx,p->mont);
-	}
-
-void do_mul(int num, PARMS *p)
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-		BN_mul(&(p->r),&(p->a),&(p->b),p->ctx);
-	}
-
-void do_sqr(int num, PARMS *p)
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-			BN_sqr(&(p->r),&(p->a),p->ctx);
-	}
-
-void do_mul_low(int num, PARMS *p)
-	{
-	int i;
-	
-	for (i=0; i<num; i++)
-		BN_mul_low(&(p->r),&(p->a),&(p->b),p->w,p->ctx);
-	}
-
-void do_mul_high(int num, PARMS *p)
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-		BN_mul_low(&(p->r),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
-	}
-
-void do_from_montgomery(int num, PARMS *p)
-	{
-	int i;
-	
-	for (i=0; i<num; i++)
-		BN_from_montgomery(&(p->r),&(p->a),p->mont,p->ctx);
-	}
-

crypto/bn/bn_print.c

@@ -278,7 +278,6 @@ err:
 	}
 
 #ifndef NO_BIO
-
 #ifndef NO_FP_API
 int BN_print_fp(FILE *fp, const BIGNUM *a)
 	{
@@ -319,5 +318,15 @@ int BN_print(BIO *bp, const BIGNUM *a)
 end:
 	return(ret);
 	}
-
+#endif
+
+#ifdef BN_DEBUG
+void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n)
+	{
+	int i;
+	fprintf(o, "%s=", a);
+	for (i=n-1;i>=0;i--)
+		fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */
+	fprintf(o, "\n");
+	}
 #endif

crypto/bn/bn_recp.c

@@ -128,7 +128,7 @@ err:
 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
 	     BN_CTX *ctx)
 	{
-	int i,j,ret=0,ex;
+	int i,j,ret=0;
 	BIGNUM *a,*b,*d,*r;
 
 	BN_CTX_start(ctx);
@@ -158,35 +158,25 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
 	 *
 	 */
 	i=BN_num_bits(m);
-	if (i%2) i--;
 
-	j=recp->num_bits*2;
-	if (j > i)
-		{
-		i=j;
-		ex=0;
-		}
-	else
-		{
-		ex=(i-j)/2;
-		}
-
-	j=i/2;
+	j=recp->num_bits<<1;
+	if (j>i) i=j;
+	j>>=1;
 
 	if (i != recp->shift)
 		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
 			i,ctx);
 
-	if (!BN_rshift(a,m,j-ex)) goto err;
+	if (!BN_rshift(a,m,j)) goto err;
 	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
-	if (!BN_rshift(d,b,j+ex)) goto err;
+	if (!BN_rshift(d,b,i-j)) goto err;
 	d->neg=0;
 	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
 	if (!BN_usub(r,m,b)) goto err;
 	r->neg=0;
 
-	j=0;
 #if 1
+	j=0;
 	while (BN_ucmp(r,&(recp->N)) >= 0)
 		{
 		if (j++ > 2)

crypto/bn/bntest.c

@@ -165,68 +165,68 @@ int main(int argc, char *argv[])
 
 	message(out,"BN_add");
 	if (!test_add(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_sub");
 	if (!test_sub(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_lshift1");
 	if (!test_lshift1(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_lshift (fixed)");
 	if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
 	    goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_lshift");
 	if (!test_lshift(out,ctx,NULL)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_rshift1");
 	if (!test_rshift1(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_rshift");
 	if (!test_rshift(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_sqr");
 	if (!test_sqr(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_mul");
 	if (!test_mul(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_div");
 	if (!test_div(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_div_recp");
 	if (!test_div_recp(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_mod");
 	if (!test_mod(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_mod_mul");
 	if (!test_mod_mul(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_mont");
 	if (!test_mont(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_mod_exp");
 	if (!test_mod_exp(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	message(out,"BN_exp");
 	if (!test_exp(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
 	BN_CTX_free(ctx);
 	BIO_free(out);
@@ -234,7 +234,9 @@ int main(int argc, char *argv[])
 /**/
 	exit(0);
 err:
-	BIO_puts(out,"1\n"); /* make sure bc fails if we are piping to it */
+	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+	                      * the failure, see test_bn in test/Makefile.ssl*/
+	BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
 	exit(1);
@@ -505,7 +507,7 @@ int test_mul(BIO *bp)
 
 	for (i=0; i<num0+num1; i++)
 		{
-		if (i < num1)
+		if (i <= num1)
 			{
 			BN_rand(&a,100,0,0);
 			BN_rand(&b,100,0,0);

crypto/bn/comba.pl

@@ -1,285 +0,0 @@
-#!/usr/local/bin/perl
-
-$num=8;
-$num2=8/2;
-
-print <<"EOF";
-/* crypto/bn/bn_comba.c */
-#include <stdio.h>
-#include "bn_lcl.h"
-/* Auto generated from crypto/bn/comba.pl
- */
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \\
-	t=(BN_ULLONG)a*b; \\
-	t1=(BN_ULONG)Lw(t); \\
-	t2=(BN_ULONG)Hw(t); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \\
-	t=(BN_ULLONG)a*b; \\
-	tt=(t+t)&BN_MASK; \\
-	if (tt < t) c2++; \\
-	t1=(BN_ULONG)Lw(tt); \\
-	t2=(BN_ULONG)Hw(tt); \\
-	c0=(c0+t1)&BN_MASK2;  \\
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \\
-	t=(BN_ULLONG)a[i]*a[i]; \\
-	t1=(BN_ULONG)Lw(t); \\
-	t2=(BN_ULONG)Hw(t); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#else
-#define mul_add_c(a,b,c0,c1,c2) \\
-	t1=LBITS(a); t2=HBITS(a); \\
-	bl=LBITS(b); bh=HBITS(b); \\
-	mul64(t1,t2,bl,bh); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \\
-	t1=LBITS(a); t2=HBITS(a); \\
-	bl=LBITS(b); bh=HBITS(b); \\
-	mul64(t1,t2,bl,bh); \\
-	if (t2 & BN_TBIT) c2++; \\
-	t2=(t2+t2)&BN_MASK2; \\
-	if (t1 & BN_TBIT) t2++; \\
-	t1=(t1+t1)&BN_MASK2; \\
-	c0=(c0+t1)&BN_MASK2;  \\
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \\
-	sqr64(t1,t2,(a)[i]); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif
-
-void bn_mul_comba${num}(r,a,b)
-BN_ULONG *r,*a,*b;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
-printf <<"EOF";
-	}
-
-void bn_mul_comba${num2}(r,a,b)
-BN_ULONG *r,*a,*b;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
-printf <<"EOF";
-	}
-
-void bn_sqr_comba${num}(r,a)
-BN_ULONG *r,*a;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_sqr("r","a",$num,"c1","c2","c3");
-printf <<"EOF";
-	}
-
-void bn_sqr_comba${num2}(r,a)
-BN_ULONG *r,*a;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
-printf <<"EOF";
-	}
-EOF
-
-sub bn_str
-	{
-	local($var,$val)=@_;
-	print "\t$var=$val;\n";
-	}
-
-sub bn_ary
-	{
-	local($var,$idx)=@_;
-	return("${var}[$idx]");
-	}
-
-sub bn_clr
-	{
-	local($var)=@_;
-
-	print "\t$var=0;\n";
-	}
-
-sub bn_mad
-	{
-	local($a,$b,$c0,$c1,$c2,$num)=@_;
-
-	if ($num == 2)
-		{ printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
-	else
-		{ printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
-	}
-
-sub bn_sad
-	{
-	local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
-
-	if ($num == 2)
-		{ printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
-	else
-		{ printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
-	}
-
-sub combas_mul
-	{
-	local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($tot,$end);
-
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-	&bn_clr($c0);
-	&bn_clr($c1);
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-		@numa=@numb=();
-
-#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
-		for ($j=$bs; $j<$end; $j++)
-			{
-			push(@numa,$ai);
-			push(@numb,$bi);
-			$ai--;
-			$bi++;
-			}
-
-		if ($i & 1)
-			{
-			@numa=reverse(@numa);
-			@numb=reverse(@numb);
-			}
-
-		&bn_clr($c2);
-		for ($j=0; $j<=$#numa; $j++)
-			{
-			&bn_mad(&bn_ary($a,$numa[$j]),
-				&bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
-			}
-		&bn_str(&bn_ary($r,$i),$c0);
-		($c0,$c1,$c2)=($c1,$c2,$c0);
-
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&bn_str(&bn_ary($r,$i),$c0);
-	}
-
-sub combas_sqr
-	{
-	local($r,$a,$num,$c0,$c1,$c2)=@_;
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($b,$tot,$end,$half);
-
-	$b=$a;
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-	&bn_clr($c0);
-	&bn_clr($c1);
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-		@numa=@numb=();
-
-#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
-		for ($j=$bs; $j<$end; $j++)
-			{
-			push(@numa,$ai);
-			push(@numb,$bi);
-			$ai--;
-			$bi++;
-			last if ($ai < $bi);
-			}
-		if (!($i & 1))
-			{
-			@numa=reverse(@numa);
-			@numb=reverse(@numb);
-			}
-
-		&bn_clr($c2);
-		for ($j=0; $j <= $#numa; $j++)
-			{
-			if ($numa[$j] == $numb[$j])
-				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
-			else
-				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
-			}
-		&bn_str(&bn_ary($r,$i),$c0);
-		($c0,$c1,$c2)=($c1,$c2,$c0);
-
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&bn_str(&bn_ary($r,$i),$c0);
-	}

crypto/bn/d.c

@@ -1,74 +0,0 @@
-/* unused */
-
-#include <stdio.h>
-#include <openssl/bio.h>
-#include "bn_lcl.h"
-
-#define SIZE_A (100*4+4)
-#define SIZE_B (13*4)
-
-main(argc,argv)
-int argc;
-char *argv[];
-	{
-	BN_CTX ctx;
-	BN_RECP_CTX recp;
-	BIGNUM a,b,dd,d,r,rr,t,l;
-	int i;
-
-	MemCheck_start();
-	MemCheck_on();
-	BN_CTX_init(&ctx);
-	BN_RECP_CTX_init(&recp);
-
-	BN_init(&r);
-	BN_init(&rr);
-	BN_init(&d);
-	BN_init(&dd);
-	BN_init(&a);
-	BN_init(&b);
-
-	{
-	BN_rand(&a,SIZE_A,0,0);
-	BN_rand(&b,SIZE_B,0,0);
-
-	a.neg=1;
-	BN_RECP_CTX_set(&recp,&b,&ctx);
-
-	BN_print_fp(stdout,&a); printf(" a\n");
-	BN_print_fp(stdout,&b); printf(" b\n");
-
-	BN_print_fp(stdout,&recp.N); printf(" N\n");
-	BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
-
-	BN_div_recp(&r,&d,&a,&recp,&ctx);
-
-for (i=0; i<300; i++)
-	BN_div(&rr,&dd,&a,&b,&ctx);
-
-	BN_print_fp(stdout,&r); printf(" div recp\n");
-	BN_print_fp(stdout,&rr); printf(" div\n");
-	BN_print_fp(stdout,&d); printf(" rem recp\n");
-	BN_print_fp(stdout,&dd); printf(" rem\n");
-	}
-	BN_CTX_free(&ctx);
-	BN_RECP_CTX_free(&recp);
-
-	BN_free(&r);
-	BN_free(&rr);
-	BN_free(&d);
-	BN_free(&dd);
-	BN_free(&a);
-	BN_free(&b);
-
-	{
-	BIO *out;
-
-	if ((out=BIO_new(BIO_s_file())) != NULL)
-		BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-        CRYPTO_mem_leaks(out);
-	BIO_free(out);
-	}
-
-	}

crypto/bn/divtest.c

@@ -0,0 +1,41 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+
+static int rand(n)
+{
+    unsigned char x[2];
+    RAND_pseudo_bytes(x,2);
+    return (x[0] + 2*x[1]);
+}
+
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+    printf("%s!\na=",m);
+    BN_print_fp(stdout, a);
+    printf("\nb=");
+    BN_print_fp(stdout, b);
+    printf("\n");
+    fflush(stdout);
+}
+
+main()
+{
+    BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
+	*C=BN_new(), *D=BN_new();
+    BN_RECP_CTX *recp=BN_RECP_CTX_new();
+    BN_CTX *ctx=BN_CTX_new();
+
+    for(;;) {
+	BN_pseudo_rand(a,rand(),0,0);
+	BN_pseudo_rand(b,rand(),0,0);
+	if (BN_is_zero(b)) continue;
+
+	BN_RECP_CTX_set(recp,b,ctx);
+	if (BN_div(C,D,a,b,ctx) != 1)
+	    bug("BN_div failed",a,b);
+	if (BN_div_recp(c,d,a,recp,ctx) != 1)
+	    bug("BN_div_recp failed",a,b);
+	else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
+	    bug("mismatch",a,b);
+    }
+}

crypto/bn/new

@@ -1,23 +0,0 @@
-void BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new();
-void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
-
-int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
-	BN_RECP_CTX *recp,BN_CTX *ctx);
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
-	BN_RECP_CTX *recp, BN_CTX *ctx);
-int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
-	BN_RECP_CTX *recp, BN_CTX *ctx);
-int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
-
-int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
-	BN_MONT_CTX *m_ctx,BN_CTX *ctx);
-int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
-                BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
-
-
-bn_div64 -> bn_div_words
-
-

crypto/bn/old/b_sqr.c

@@ -1,199 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
-
-/* r must be different to a and b */
-/* int BN_mmul(r, a, b) */
-int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b)
-	{
-	BN_ULONG *ap,*bp,*rp;
-	BIGNUM *sk;
-	int i,n,ret;
-	int max,al,bl;
-	BN_CTX ctx;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
-		{
-		r->top=0;
-		return(1);
-		}
-#ifdef BN_MUL_DEBUG
-printf("BN_mul(%d,%d)\n",a->top,b->top);
-#endif
-
-	if (	(bn_limit_bits > 0) &&
-		(bl > bn_limit_num) && (al > bn_limit_num))
-		{
-		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
-		n*=2;
-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
-		memset(sk,0,sizeof(BIGNUM)*n);
-		memset(&ctx,0,sizeof(ctx));
-
-		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
-		for (i=0; i<n; i+=2)
-			{
-			BN_clear_free(&sk[i]);
-			BN_clear_free(&sk[i+1]);
-			}
-		Free(sk);
-		return(ret);
-		}
-
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->top=max;
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-
-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-	rp++;
-	for (i=1; i<bl; i++)
-		{
-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-		rp++;
-		}
-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
-	return(1);
-	}
-
-
-#define ahal	(sk[0])
-#define blbh	(sk[1])
-
-/* r must be different to a and b */
-int bn_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk, BN_CTX *ctx)
-	{
-	int n,num,sqr=0;
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	an=A->top;
-	bn=B->top;
-#ifdef BN_MUL_DEBUG
-printf("bn_mm(%d,%d)\n",A->top,B->top);
-#endif
-
-	if (A == B) sqr=1;
-	num=(an>bn)?an:bn;
-	n=(num+1)/2;
-	/* Are going to now chop things into 'num' word chunks. */
-
-	BN_init(&ah);
-	BN_init(&al);
-	BN_init(&bh);
-	BN_init(&bl);
-
-	bn_set_low (&al,A,n);
-	bn_set_high(&ah,A,n);
-	bn_set_low (&bl,B,n);
-	bn_set_high(&bh,B,n);
-
-	BN_sub(&ahal,&ah,&al);
-	BN_sub(&blbh,&bl,&bh);
-
-	if (num <= (bn_limit_num+bn_limit_num))
-		{
-		BN_mul(m,&ahal,&blbh);
-		if (sqr)
-			{
-			BN_sqr(&ahal,&al,ctx);
-			BN_sqr(&blbh,&ah,ctx);
-			}
-		else
-			{
-			BN_mul(&ahal,&al,&bl);
-			BN_mul(&blbh,&ah,&bh);
-			}
-		}
-	else
-		{
-		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
-		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
-		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
-		}
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	BN_lshift(m,m,n*BN_BITS2);
-	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-#undef ahal	(sk[0])
-#undef blbh	(sk[1])
-
-#include "bn_low.c"
-#include "bn_high.c"

crypto/bn/old/bn_com.c

@@ -1,90 +0,0 @@
-/* crypto/bn/bn_mulw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#ifdef BN_LLONG 
-
-ab
-12
-   a2 b2
-a1 b1
-
-abc
-123
-      a3 b3 c3
-   a2 b2 c2
-a1 b1 c1
-
-abcd
-1234
-         a4 b4 c4 d4
-      a3 b3 c3 d3
-   a2 b2 c2 d2
-a1 b1 c1 d1
-
-abcde
-01234
-               a5 b5 c5 d5 e5
-            a4 b4 c4 d4 e4
-         a3 b3 c3 d3 e3
-      a2 b2 c2 d2 e2
-   a1 b1 c1 d1 e1
-a0 b0 c0 d0 e0

crypto/bn/old/bn_high.c

@@ -1,135 +0,0 @@
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#undef BN_MUL_HIGH_DEBUG
-
-#ifdef BN_MUL_HIGH_DEBUG
-#define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
-#else
-#define debug_BN_print(a,b,c)
-#endif
-
-int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
-
-#undef t1
-#undef t2
-
-int BN_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
-	{
-	int w2,borrow=0,full=0;
-	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
-	BN_ULONG ul1,ul2;
-	
-	BN_mul(r,a,b);
-	BN_rshift(r,r,words*BN_BITS2);
-	return(1);
-
-	w2=(words+1)/2;
-
-#ifdef BN_MUL_HIGH_DEBUG
-fprintf(stdout,"words=%d w2=%d\n",words,w2);
-#endif
-debug_BN_print(stdout,a," a\n");
-debug_BN_print(stdout,b," b\n");
-debug_BN_print(stdout,low," low\n");
-	BN_init(&al); BN_init(&ah);
-	BN_init(&bl); BN_init(&bh);
-	BN_init(&t1); BN_init(&t2); BN_init(&t3);
-	BN_init(&s0); BN_init(&s1);
-	BN_init(&h); BN_init(&m);
-
-	bn_set_low (&al,a,w2);
-	bn_set_high(&ah,a,w2);
-	bn_set_low (&bl,b,w2);
-	bn_set_high(&bh,b,w2);
-
-	bn_set_low(&s0,low,w2);
-	bn_set_high(&s1,low,w2);
-
-debug_BN_print(stdout,&al," al\n");
-debug_BN_print(stdout,&ah," ah\n");
-debug_BN_print(stdout,&bl," bl\n");
-debug_BN_print(stdout,&bh," bh\n");
-debug_BN_print(stdout,&s0," s0\n");
-debug_BN_print(stdout,&s1," s1\n");
-
-	/* Calculate (al-ah)*(bh-bl) */
-	BN_sub(&t1,&al,&ah);
-	BN_sub(&t2,&bh,&bl);
-	BN_mul(&m,&t1,&t2);
-
-	/* Calculate ah*bh */
-	BN_mul(&h,&ah,&bh);
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
-	 */
-	BN_add(&m,&m,&h);
-	BN_add(&t2,&m,&s0);
-
-debug_BN_print(stdout,&t2," middle value\n");
-
-	/* Quick and dirty mask off of high words */
-	if (w2 < t2.top) t2.top=w2;
-#if 0
-	bn_set_low(&t3,&t2,w2);
-#endif
-
-debug_BN_print(stdout,&t2," low middle value\n");
-	BN_sub(&t1,&s1,&t2);
-
-	if (t1.neg)
-		{
-debug_BN_print(stdout,&t1," before\n");
-		BN_zero(&t2);
-		BN_set_bit(&t2,w2*BN_BITS2);
-		BN_add(&t1,&t2,&t1);
-		/* BN_mask_bits(&t1,w2*BN_BITS2); */
-		/* if (words < t1.top) t1.top=words; */
-debug_BN_print(stdout,&t1," after\n");
-		borrow=1;
-		}
-
-/* XXXXX SPEED THIS UP */
-	/* al*bl == high(al*bl)<<words+s0 */
-	BN_lshift(&t1,&t1,w2*BN_BITS2);
-	BN_add(&t1,&t1,&s0);
-	if (w2*2 < t1.top) t1.top=w2*2; /* This should not happen? */
-	
-	/* We now have
-	 * al*bl			- t1
-	 * (al-ah)*(bh-bl)+ah*bh	- m
-	 * ah*bh			- h
-	 */
-#if 0
-	BN_add(&m,&m,&t1);
-debug_BN_print(stdout,&t1," s10\n");
-debug_BN_print(stdout,&m," s21\n");
-debug_BN_print(stdout,&h," s32\n");
-	BN_lshift(&m,&m,w2*BN_BITS2);
-	BN_lshift(&h,&h,w2*2*BN_BITS2);
-	BN_add(r,&m,&t1);
-	BN_add(r,r,&h);
-	BN_rshift(r,r,w2*2*BN_BITS2);
-#else
-	BN_add(&m,&m,&t1); 		/* Do a cmp then +1 if needed? */
-	bn_set_high(&t3,&t1,w2);
-	BN_add(&m,&m,&t3);
-	bn_set_high(&t3,&m,w2);
-	BN_add(r,&h,&t3);
-#endif
-
-#ifdef BN_MUL_HIGH_DEBUG
-printf("carry=%d\n",borrow);
-#endif
-debug_BN_print(stdout,r," ret\n");
-	BN_free(&t1); BN_free(&t2);
-	BN_free(&m); BN_free(&h);
-	return(1);
-	}
-
-
-

crypto/bn/old/bn_ka.c

@@ -1,567 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <strings.h>
-#include "bn_lcl.h"
-
-/* r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calulate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	     BN_ULONG *t)
-	{
-	int n=n2/2;
-	int neg,zero,c1,c2;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-printf(" bn_mul_recursive %d * %d\n",n2,n2);
-#endif
-	if (n2 <= 8)
-		{
-		if (n2 == 8)
-			bn_mul_comba8(r,a,b);
-		else
-			bn_mul_normal(r,a,n2,b,n2);
-		return;
-		}
-
-	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
-		{
-		/* This should not happen */
-		/*abort(); */
-		bn_mul_normal(r,a,n2,b,n2);
-		return;
-		}
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),b,n);
-	zero=neg=0;
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
-		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_words(t,      a,      &(a[n]),n); /* + */
-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_words(t,      a,      &(a[n]),n);
-		bn_sub_words(&(t[n]),&(b[n]),b,      n);
-		break;
-		}
-
-	if (n == 8)
-		{
-		if (!zero)
-			bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		else
-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-		
-		bn_mul_comba8(r,a,b);
-		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		if (!zero)
-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-		else
-			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
-		bn_mul_recursive(r,a,b,n,p);
-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-
-	if (neg) /* if t[32] is negative */
-		{
-		c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
-		}
-	else
-		{
-		/* Might have a carry */
-		c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-	     int n, BN_ULONG *t)
-	{
-	int n2=n*2,i,j;
-	int c1;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-#endif
-	if (n < 8)
-		{
-		i=tn+n;
-		bn_mul_normal(r,a,i,b,i);
-		return;
-		}
-
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	bn_sub_words(t,      a,      &(a[n]),n); /* + */
-	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-
-	if (n == 8)
-		{
-		bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		bn_mul_comba8(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-		bn_mul_recursive(r,a,b,n,p);
-		i=n/2;
-		/* If there is only a bottom half to the number,
-		 * just do it */
-		j=tn-i;
-		if (j == 0)
-			{
-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
-			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
-			}
-		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
-				{
-				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-					j,i,p);
-				memset(&(r[n2+tn*2]),0,
-					sizeof(BN_ULONG)*(n2-tn*2));
-				}
-		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-			{
-			memset(&(r[n2]),0,sizeof(BN_ULONG)*(tn*2));
-			for (;;)
-				{
-				i/=2;
-				if (i < tn)
-					{
-					bn_mul_part_recursive(&(r[n2]),
-						&(a[n]),&(b[n]),
-						tn-i,i,p);
-					break;
-					}
-				else if (i == tn)
-					{
-					bn_mul_recursive(&(r[n2]),
-						&(a[n]),&(b[n]),
-						i,p);
-					break;
-					}
-				}
-			}
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* r is 2*n words in size,
- * a and b are both n words in size.
- * n must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n words in size
- * We calulate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
-	{
-	int n=n2/2;
-	int zero,c1;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-printf(" bn_sqr_recursive %d * %d\n",n2,n2);
-#endif
-	if (n2 == 4)
-		{
-		bn_sqr_comba4(r,a);
-		return;
-		}
-	else if (n2 == 8)
-		{
-		bn_sqr_comba8(r,a);
-		return;
-		}
-	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_sqr_normal(r,a,n2,t);
-		return;
-		abort();
-		}
-	/* r=(a[0]-a[1])*(a[1]-a[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	zero=0;
-	if (c1 > 0)
-		bn_sub_words(t,a,&(a[n]),n);
-	else if (c1 < 0)
-		bn_sub_words(t,&(a[n]),a,n);
-	else
-		zero=1;
-
-	/* The result will always be negative unless it is zero */
-
-	if (n == 8)
-		{
-		if (!zero)
-			bn_sqr_comba8(&(t[n2]),t);
-		else
-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-		
-		bn_sqr_comba8(r,a);
-		bn_sqr_comba8(&(r[n2]),&(a[n]));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		if (!zero)
-			bn_sqr_recursive(&(t[n2]),t,n,p);
-		else
-			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
-		bn_sqr_recursive(r,a,n,p);
-		bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-
-	/* t[32] is negative */
-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
-
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
-	 * r[10] holds (a[0]*a[0])
-	 * r[32] holds (a[1]*a[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-#if 1
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	     BN_ULONG *t)
-	{
-	int n=n2/2;
-
-#ifdef BN_COUNT
-printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
-#endif
-
-	bn_mul_recursive(r,a,b,n,&(t[0]));
-	if (n > BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		}
-	else
-		{
-		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
-		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
-		}
-	}
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-	     BN_ULONG *t)
-	{
-	int j,i,n,c1,c2;
-	int neg,oneg,zero;
-	BN_ULONG ll,lc,*lp,*mp;
-
-#ifdef BN_COUNT
-printf(" bn_mul_high %d * %d\n",n2,n2);
-#endif
-	n=(n2+1)/2;
-
-	/* Calculate (al-ah)*(bh-bl) */
-	neg=zero=0;
-	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		break;
-		}
-		
-	oneg=neg;
-	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-	bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
-	/* r[10] = (a[1]*b[1]) */
-	bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2+n]);
-		c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
-		}
-	else
-		{
-		c1=0;
-		lp= &(r[0]);
-		}
-
-	if (neg)
-		neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
-	else
-		{
-		bn_add_words(&(t[n2]),lp,&(t[0]),n);
-		neg=0;
-		}
-
-	if (l != NULL)
-		{
-		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		mp= &(t[n2]);
-		for (i=0; i<n; i++)
-			lp[i]=((~mp[i])+1)&BN_MASK2;
-		}
-
-	/* s[0] = low(al*bl)
-	 * t[3] = high(al*bl)
-	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-	 * r[10] = (a[1]*b[1])
-	 */
-	/* R[10] = al*bl
-	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-	 * R[32] = ah*bh
-	 */
-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-	 * R[3]=r[1]+(carry/borrow)
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2]);
-		c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		c1=0;
-		}
-	c1+=bn_add_words(&(t[n2]),lp,  &(r[0]),n);
-	if (oneg)
-		c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);
-	else
-		c1+=bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n);
-
-	c2 =bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n);
-	c2+=bn_add_words(&(r[0]),&(r[0]),&(r[n]),n);
-	if (oneg)
-		c2-=bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n);
-	else
-		c2+=bn_add_words(&(r[0]),&(r[0]),&(t[n]),n);
-	
-	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
-		{
-		i=0;
-		if (c1 > 0)
-			{
-			lc=c1;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c1;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	if (c2 != 0) /* Add starting at r[1] */
-		{
-		i=n;
-		if (c2 > 0)
-			{
-			lc=c2;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c2;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	}
-#endif

crypto/bn/old/bn_low.c

@@ -1,194 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static int bn_mm_low(BIGNUM *m,BIGNUM *A,BIGNUM *B, int num,
-		BIGNUM *sk,BN_CTX *ctx);
-int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b,int words);
-
-/* r must be different to a and b */
-int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b, int num)
-	{
-	BN_ULONG *ap,*bp,*rp;
-	BIGNUM *sk;
-	int j,i,n,ret;
-	int max,al,bl;
-	BN_CTX ctx;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-#ifdef BN_MUL_DEBUG
-printf("BN_mul_low(%d,%d,%d)\n",a->top,b->top,num);
-#endif
-
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
-		{
-		r->top=0;
-		return(1);
-		}
-
-	if ((bn_limit_bits_low > 0) && (num > bn_limit_num_low))
-		{
-		n=BN_num_bits_word(num*2)-bn_limit_bits_low;
-		n*=2;
-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
-		memset(sk,0,sizeof(BIGNUM)*n);
-		memset(&ctx,0,sizeof(ctx));
-
-		ret=bn_mm_low(r,a,b,num,&(sk[0]),&ctx);
-		for (i=0; i<n; i+=2)
-			{
-			BN_clear_free(&sk[i]);
-			BN_clear_free(&sk[i+1]);
-			}
-		Free(sk);
-		return(ret);
-		}
-
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-	r->top=(max > num)?num:max;
-
-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-	rp++;
-	j=bl;
-	for (i=1; i<j; i++)
-		{
-		if (al >= num--)
-			{
-			al--;
-			if (al <= 0) break;
-			}
-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-		rp++;
-		}
-	
-	while ((r->top > 0) && (r->d[r->top-1] == 0))
-		r->top--;
-	return(1);
-	}
-
-
-#define t1	(sk[0])
-#define t2	(sk[1])
-
-/* r must be different to a and b */
-int bn_mm_low(BIGNUM *m, BIGNUM *A, BIGNUM *B, int num, BIGNUM *sk,
-	     BN_CTX *ctx)
-	{
-	int n; /* ,sqr=0; */
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	bn_wexpand(m,num+3);
-	an=A->top;
-	bn=B->top;
-
-#ifdef BN_MUL_DEBUG
-printf("bn_mm_low(%d,%d,%d)\n",A->top,B->top,num);
-#endif
-
-	n=(num+1)/2;
-
-	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl);
-
-	bn_set_low( &al,A,n);
-	bn_set_high(&ah,A,n);
-	bn_set_low( &bl,B,n);
-	bn_set_high(&bh,B,n);
-
-	if (num <= (bn_limit_num_low+bn_limit_num_low))
-		{
-		BN_mul(m,&al,&bl);
-		BN_mul_low(&t1,&al,&bh,n);
-		BN_mul_low(&t2,&ah,&bl,n);
-		}
-	else
-		{
-		bn_mm(m  ,&al,&bl,&(sk[2]),ctx);
-		bn_mm_low(&t1,&al,&bh,n,&(sk[2]),ctx);
-		bn_mm_low(&t2,&ah,&bl,n,&(sk[2]),ctx);
-		}
-
-	BN_add(&t1,&t1,&t2);
-
-	/* We will now do an evil hack instead of
-	 * BN_lshift(&t1,&t1,n*BN_BITS2);
-	 * BN_add(m,m,&t1);
-	 * BN_mask_bits(m,num*BN_BITS2);
-	 */
-	bn_set_high(&ah,m,n); ah.max=num+2;
-	BN_add(&ah,&ah,&t1);
-	m->top=num;
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-
-#undef t1	(sk[0])
-#undef t2	(sk[1])

crypto/bn/old/bn_m.c

@@ -1,139 +0,0 @@
-/* crypto/bn/bn_m.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-/*#include "cryptlib.h"*/
-#include "bn_lcl.h"
-
-#define limit_bits 5			/* 2^5, or 32 words */
-#define limit_num (1<<limit_bits)
-
-int BN_m(BIGNUM *r, BIGNUM *a, BIGNUM *b)
-	{
-	BIGNUM *sk;
-	int i,n;
-
-	n=(BN_num_bits_word(a->top|b->top)-limit_bits);
-	n*=2;
-	sk=(BIGNUM *)malloc(sizeof(BIGNUM)*n);
-	for (i=0; i<n; i++)
-		BN_init(&(sk[i]));
-
-	return(BN_mm(r,a,b,&(sk[0])));
-	}
-
-#define ahal	(sk[0])
-#define blbh	(sk[1])
-
-/* r must be different to a and b */
-int BN_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk)
-	{
-	int i,num,anum,bnum;
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	an=A->top;
-	bn=B->top;
-	if ((an <= limit_num) || (bn <= limit_num))
-		{
-		return(BN_mul(m,A,B));
-		}
-
-	anum=(an>bn)?an:bn;
-	num=(anum)/2;
-
-	/* Are going to now chop things into 'num' word chunks. */
-	bnum=num*BN_BITS2;
-
-	BN_init(&ahal);
-	BN_init(&blbh);
-	BN_init(&ah);
-	BN_init(&al);
-	BN_init(&bh);
-	BN_init(&bl);
-
-	al.top=num;
-	al.d=A->d;
-	ah.top=A->top-num;
-	ah.d= &(A->d[num]);
-
-	bl.top=num;
-	bl.d=B->d;
-	bh.top=B->top-num;
-	bh.d= &(B->d[num]);
-
-	BN_sub(&ahal,&ah,&al);
-	BN_sub(&blbh,&bl,&bh);
-
-	BN_mm(m,&ahal,&blbh,&(sk[2]));
-	BN_mm(&ahal,&al,&bl,&(sk[2]));
-	BN_mm(&blbh,&ah,&bh,&(sk[2]));
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	BN_lshift(m,m,bnum);
-	BN_add(m,m,&ahal);
-
-	BN_lshift(&blbh,&blbh,bnum*2);
-	BN_add(m,m,&blbh);
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-

crypto/bn/old/bn_mul.c.works

@@ -1,219 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
-
-/* r must be different to a and b */
-int BN_mul(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-	{
-	BN_ULONG *ap,*bp,*rp;
-	BIGNUM *sk;
-	int i,n,ret;
-	int max,al,bl;
-	BN_CTX ctx;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
-		{
-		r->top=0;
-		return(1);
-		}
-#ifdef BN_MUL_DEBUG
-printf("BN_mul(%d,%d)\n",a->top,b->top);
-#endif
-
-#ifdef BN_RECURSION
-	if (	(bn_limit_bits > 0) &&
-		(bl > bn_limit_num) && (al > bn_limit_num))
-		{
-		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
-		n*=2;
-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
-		memset(sk,0,sizeof(BIGNUM)*n);
-		memset(&ctx,0,sizeof(ctx));
-
-		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
-		for (i=0; i<n; i+=2)
-			{
-			BN_clear_free(&sk[i]);
-			BN_clear_free(&sk[i+1]);
-			}
-		Free(sk);
-		return(ret);
-		}
-#endif
-
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->top=max;
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-
-#ifdef BN_RECURSION
-	if ((al == bl) && (al == 8))
-		{
-		bn_mul_comba8(rp,ap,bp);
-		}
-	else
-#endif
-		{
-		rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-		rp++;
-		for (i=1; i<bl; i++)
-			{
-			rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-			rp++;
-			}
-		}
-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
-	return(1);
-	}
-
-#ifdef BN_RECURSION
-
-#define ahal	(sk[0])
-#define blbh	(sk[1])
-
-/* r must be different to a and b */
-int bn_mm(m, A, B, sk,ctx)
-BIGNUM *m,*A,*B;
-BIGNUM *sk;
-BN_CTX *ctx;
-	{
-	int n,num,sqr=0;
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	an=A->top;
-	bn=B->top;
-#ifdef BN_MUL_DEBUG
-printf("bn_mm(%d,%d)\n",A->top,B->top);
-#endif
-
-	if (A == B) sqr=1;
-	num=(an>bn)?an:bn;
-	n=(num+1)/2;
-	/* Are going to now chop things into 'num' word chunks. */
-
-	BN_init(&ah);
-	BN_init(&al);
-	BN_init(&bh);
-	BN_init(&bl);
-
-	bn_set_low (&al,A,n);
-	bn_set_high(&ah,A,n);
-	bn_set_low (&bl,B,n);
-	bn_set_high(&bh,B,n);
-
-	BN_sub(&ahal,&ah,&al);
-	BN_sub(&blbh,&bl,&bh);
-
-	if (num <= (bn_limit_num+bn_limit_num))
-		{
-		BN_mul(m,&ahal,&blbh);
-		if (sqr)
-			{
-			BN_sqr(&ahal,&al,ctx);
-			BN_sqr(&blbh,&ah,ctx);
-			}
-		else
-			{
-			BN_mul(&ahal,&al,&bl);
-			BN_mul(&blbh,&ah,&bh);
-			}
-		}
-	else
-		{
-		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
-		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
-		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
-		}
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	BN_lshift(m,m,n*BN_BITS2);
-	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-#undef ahal	(sk[0])
-#undef blbh	(sk[1])
-
-#include "bn_low.c"
-#include "bn_high.c"
-#include "f.c"
-
-#endif

crypto/bn/old/bn_wmul.c

@@ -1,175 +0,0 @@
-#include <stdio.h>
-#include "bn_lcl.h"
-
-#if 1
-
-int bn_mull(BIGNUM *r,BIGNUM *a,BIGNUM *b, BN_CTX *ctx);
-
-int bn_mull(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	int top,i,j,k,al,bl;
-	BIGNUM *t;
-
-#ifdef BN_COUNT
-printf("bn_mull %d * %d\n",a->top,b->top);
-#endif
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(r);
-	BN_CTX_start(ctx);
-
-	al=a->top;
-	bl=b->top;
-	r->neg=a->neg^b->neg;
-
-	top=al+bl;
-	if ((al < 4) || (bl < 4))
-		{
-		if (bn_wexpand(r,top) == NULL) return(0);
-		r->top=top;
-		bn_mul_normal(r->d,a->d,al,b->d,bl);
-		goto end;
-		}
-	else if (al == bl) /* A good start, they are the same size */
-		goto symetric;
-	else
-		{
-		i=(al-bl);
-		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
-			{
-			bn_wexpand(b,al);
-			b->d[bl]=0;
-			bl++;
-			goto symetric;
-			}
-		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
-			{
-			bn_wexpand(a,bl);
-			a->d[al]=0;
-			al++;
-			goto symetric;
-			}
-		}
-
-	/* asymetric and >= 4 */ 
-	if (bn_wexpand(r,top) == NULL) return(0);
-	r->top=top;
-	bn_mul_normal(r->d,a->d,al,b->d,bl);
-
-	if (0)
-		{
-		/* symetric and > 4 */
-symetric:
-		if (al == 4)
-			{
-			if (bn_wexpand(r,al*2) == NULL) return(0);
-			r->top=top;
-			bn_mul_comba4(r->d,a->d,b->d);
-			goto end;
-			}
-		if (al == 8)
-			{
-			if (bn_wexpand(r,al*2) == NULL) return(0);
-			r->top=top;
-			bn_mul_comba8(r->d,a->d,b->d);
-			goto end;
-			}
-		if (al <= BN_MULL_NORMAL_SIZE)
-			{
-			if (bn_wexpand(r,al*2) == NULL) return(0);
-			r->top=top;
-			bn_mul_normal(r->d,a->d,al,b->d,bl);
-			goto end;
-			}
-		/* 16 or larger */
-		j=BN_num_bits_word((BN_ULONG)al);
-		j=1<<(j-1);
-		k=j+j;
-		t = BN_CTX_get(ctx);
-		if (al == j) /* exact multiple */
-			{
-			bn_wexpand(t,k*2);
-			bn_wexpand(r,k*2);
-			bn_mul_recursive(r->d,a->d,b->d,al,t->d);
-			}
-		else
-			{
-			bn_wexpand(a,k);
-			bn_wexpand(b,k);
-			bn_wexpand(t,k*4);
-			bn_wexpand(r,k*4);
-			for (i=a->top; i<k; i++)
-				a->d[i]=0;
-			for (i=b->top; i<k; i++)
-				b->d[i]=0;
-			bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
-			}
-		r->top=top;
-		}
-end:
-	BN_CTX_end(ctx);
-	bn_fix_top(r);
-	return(1);
-	}
-#endif
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-	{
-	BN_ULONG *rr;
-
-#ifdef BN_COUNT
-printf(" bn_mul_normal %d * %d\n",na,nb);
-#endif
-
-	if (na < nb)
-		{
-		int itmp;
-		BN_ULONG *ltmp;
-
-		itmp=na; na=nb; nb=itmp;
-		ltmp=a;   a=b;   b=ltmp;
-
-		}
-	rr= &(r[na]);
-	rr[0]=bn_mul_words(r,a,na,b[0]);
-
-	for (;;)
-		{
-		if (--nb <= 0) return;
-		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
-		if (--nb <= 0) return;
-		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
-		if (--nb <= 0) return;
-		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
-		if (--nb <= 0) return;
-		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
-		rr+=4;
-		r+=4;
-		b+=4;
-		}
-	}
-
-#if 1
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-	{
-#ifdef BN_COUNT
-printf(" bn_mul_low_normal %d * %d\n",n,n);
-#endif
-	bn_mul_words(r,a,n,b[0]);
-
-	for (;;)
-		{
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[1]),a,n,b[1]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[2]),a,n,b[2]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[3]),a,n,b[3]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[4]),a,n,b[4]);
-		r+=4;
-		b+=4;
-		}
-	}
-#endif