From 5d7e960adf8758abec954f3b194d6ef45cd934c4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 15 Feb 2002 16:22:22 +0000 Subject: [PATCH 001/173] Give the linux-sparv9 target shared capability. Submitted by Ian Marsh --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index a65112d8e3..9b01806202 100755 --- a/Configure +++ b/Configure @@ -198,7 +198,7 @@ my %table=( "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # !!!Folowing can't be even tested yet!!! # We have to wait till 64-bit glibc for SPARC is operational!!! #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", From cd6461867484ef0fc3fdd1840e08027c6e526c12 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 11:57:25 +0000 Subject: [PATCH 002/173] gcc chokes on C++ comments in C code. --- apps/ecdsaparam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index c4436a7a22..9e9c1cb7cb 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -375,7 +375,7 @@ bad: } if (C) - { // TODO : characteristic two + { /* TODO : characteristic two */ int l, len, bits_p; if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL || (tmp_3 = BN_new()) == NULL || (tmp_4 = BN_new()) == NULL || From 48b5083ca00fa1007ae7f279eaf0ab30e4da1fe8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 11:58:16 +0000 Subject: [PATCH 003/173] Missing #endif --- crypto/tmdiff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c index aea47598ad..7ebf2b202a 100644 --- a/crypto/tmdiff.c +++ b/crypto/tmdiff.c @@ -228,6 +228,7 @@ int ms_time_cmp(char *ap, char *bp) d= (double)(b->ms_timeb.time-a->ms_timeb.time)+ (((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0; # endif +# endif #endif if (d == 0.0) ret=0; From 48f9859d2a8f1aea691de14f340def92bfc1defc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 12:01:13 +0000 Subject: [PATCH 004/173] Local `time' shadows the global function `time()'. Rename the local variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d'). --- crypto/ecdsa/ecdsatest.c | 98 ++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index ff9338c4c9..02f9df923f 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -180,7 +180,7 @@ int test_sig_vrf(ECDSA *ecdsa, const unsigned char* dgst) int ret=0,type=0; unsigned char *buffer=NULL; unsigned int buf_len; - clock_t time; + clock_t tim; if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) return 0; @@ -192,24 +192,24 @@ int test_sig_vrf(ECDSA *ecdsa, const unsigned char* dgst) if ((buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - time = clock(); + tim = clock(); if (!ECDSA_sign(type, dgst , 20, buffer, &buf_len, ecdsa)) { BIO_printf(bio_err, "ECDSA_sign() FAILED \n"); goto err; } - time = clock() - time; - BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)time/(CLOCKS_PER_SEC)); + tim = clock() - tim; + BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)tim/(CLOCKS_PER_SEC)); - time = clock(); + tim = clock(); ret = ECDSA_verify(type, dgst, 20, buffer, buf_len, ecdsa); if (ret != 1) { BIO_printf(bio_err, "ECDSA_verify() FAILED \n"); goto err; } - time = clock() - time; - BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)time/(CLOCKS_PER_SEC)); + tim = clock() - tim; + BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)tim/(CLOCKS_PER_SEC)); err: OPENSSL_free(buffer); return(ret == 1); @@ -323,11 +323,11 @@ int main(void) int dgst_len=0; unsigned char *dgst=NULL; int ret = 0, i=0; - clock_t time; + clock_t tim; unsigned char *buffer=NULL; unsigned char *pp; long buf_len=0; - double time_d; + double tim_d; EVP_MD_CTX *md_ctx=NULL; /* enable memory leak checking unless explicitly disabled */ @@ -542,20 +542,20 @@ int main(void) if ((ecdsa = ECDSA_new()) == NULL) goto err; if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) == NULL) goto err; if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); + tim = clock(); for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); + , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); + tim = clock(); for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); + , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err; if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); + tim = clock(); for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); + , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); + tim = clock(); for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); + , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err; if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); + tim = clock(); for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); + , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); + tim = clock(); for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); + , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err; if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); + tim = clock(); for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); + , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); + tim = clock(); for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); + , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); for (i=0; igroup = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err; if (!ECDSA_generate_key(ecdsa)) goto err; - time = clock(); + tim = clock(); for (i=0; i average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d / ECDSA_NIST_TESTS); - time = clock(); + , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); + tim = clock(); for (i=0; i average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, time_d, time_d/ECDSA_NIST_TESTS); + , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); ECDSA_free(ecdsa); ecdsa = NULL; for (i=0; i Date: Sat, 16 Feb 2002 12:03:25 +0000 Subject: [PATCH 005/173] The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;, so do not add one after the expansion, since ANSI C doesn't allow ;; at this level (or at least, so tells me gcc). --- crypto/ecdsa/ecs_asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index fe2ed62d11..b3bdd4e5fb 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -119,7 +119,7 @@ ASN1_CHOICE(EC_PARAMETERS) = { ASN1_SIMPLE(EC_PARAMETERS, value.implicitlyCA, ASN1_NULL) } ASN1_CHOICE_END(EC_PARAMETERS) -IMPLEMENT_ASN1_FUNCTIONS_const(EC_PARAMETERS); +IMPLEMENT_ASN1_FUNCTIONS_const(EC_PARAMETERS) ASN1_SEQUENCE(ECDSAPrivateKey) = { ASN1_SIMPLE(ECDSAPrivateKey, version, LONG), From ab1dee1efc39f7e18487323663d073e7a48ebeaf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 12:15:30 +0000 Subject: [PATCH 006/173] Adjust the NID names for the AES modes OFB and CFB to contain the number of feedback bits --- crypto/objects/obj_dat.h | 36 ++++++++++++++-------------- crypto/objects/obj_mac.h | 48 +++++++++++++++++++------------------- crypto/objects/obj_mac.num | 12 +++++----- crypto/objects/objects.txt | 6 +++++ 4 files changed, 54 insertions(+), 48 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 630aa63c2a..b095fd3148 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -460,16 +460,16 @@ static unsigned char lvalues[3837]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3030] OBJ_ms_csp_name */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3039] OBJ_aes_128_ecb */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3048] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3057] OBJ_aes_128_ofb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3066] OBJ_aes_128_cfb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3057] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3066] OBJ_aes_128_cfb128 */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3075] OBJ_aes_192_ecb */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3084] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3093] OBJ_aes_192_ofb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3102] OBJ_aes_192_cfb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3093] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3102] OBJ_aes_192_cfb128 */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3111] OBJ_aes_256_ecb */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3120] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3129] OBJ_aes_256_ofb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3138] OBJ_aes_256_cfb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3129] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3138] OBJ_aes_256_cfb128 */ 0x55,0x1D,0x17, /* [3147] OBJ_hold_instruction_code */ 0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3150] OBJ_hold_instruction_none */ 0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3157] OBJ_hold_instruction_call_issuer */ @@ -1193,16 +1193,16 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3030]),0}, {"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3039]),0}, {"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3048]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb,9,&(lvalues[3057]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb,9,&(lvalues[3066]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3057]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3066]),0}, {"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3075]),0}, {"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3084]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb,9,&(lvalues[3093]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb,9,&(lvalues[3102]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3093]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3102]),0}, {"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3111]),0}, {"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3120]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb,9,&(lvalues[3129]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb,9,&(lvalues[3138]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3129]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3138]),0}, {"holdInstructionCode","Hold Instruction Code", NID_hold_instruction_code,3,&(lvalues[3147]),0}, {"holdInstructionNone","Hold Instruction None", @@ -2628,16 +2628,16 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ &(nid_objs[418]),/* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ &(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ -&(nid_objs[420]),/* OBJ_aes_128_ofb 2 16 840 1 101 3 4 1 3 */ -&(nid_objs[421]),/* OBJ_aes_128_cfb 2 16 840 1 101 3 4 1 4 */ +&(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ +&(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ &(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ &(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ -&(nid_objs[424]),/* OBJ_aes_192_ofb 2 16 840 1 101 3 4 1 23 */ -&(nid_objs[425]),/* OBJ_aes_192_cfb 2 16 840 1 101 3 4 1 24 */ +&(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ +&(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ &(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ &(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ -&(nid_objs[428]),/* OBJ_aes_256_ofb 2 16 840 1 101 3 4 1 43 */ -&(nid_objs[429]),/* OBJ_aes_256_cfb 2 16 840 1 101 3 4 1 44 */ +&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ +&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ &(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ &(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ &(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index a6fb0a1cd5..9f11fd463f 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1922,15 +1922,15 @@ #define NID_aes_128_cbc 419 #define OBJ_aes_128_cbc OBJ_aes,2L -#define SN_aes_128_ofb "AES-128-OFB" -#define LN_aes_128_ofb "aes-128-ofb" -#define NID_aes_128_ofb 420 -#define OBJ_aes_128_ofb OBJ_aes,3L +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L -#define SN_aes_128_cfb "AES-128-CFB" -#define LN_aes_128_cfb "aes-128-cfb" -#define NID_aes_128_cfb 421 -#define OBJ_aes_128_cfb OBJ_aes,4L +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L #define SN_aes_192_ecb "AES-192-ECB" #define LN_aes_192_ecb "aes-192-ecb" @@ -1942,15 +1942,15 @@ #define NID_aes_192_cbc 423 #define OBJ_aes_192_cbc OBJ_aes,22L -#define SN_aes_192_ofb "AES-192-OFB" -#define LN_aes_192_ofb "aes-192-ofb" -#define NID_aes_192_ofb 424 -#define OBJ_aes_192_ofb OBJ_aes,23L +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L -#define SN_aes_192_cfb "AES-192-CFB" -#define LN_aes_192_cfb "aes-192-cfb" -#define NID_aes_192_cfb 425 -#define OBJ_aes_192_cfb OBJ_aes,24L +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L #define SN_aes_256_ecb "AES-256-ECB" #define LN_aes_256_ecb "aes-256-ecb" @@ -1962,15 +1962,15 @@ #define NID_aes_256_cbc 427 #define OBJ_aes_256_cbc OBJ_aes,42L -#define SN_aes_256_ofb "AES-256-OFB" -#define LN_aes_256_ofb "aes-256-ofb" -#define NID_aes_256_ofb 428 -#define OBJ_aes_256_ofb OBJ_aes,43L +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L -#define SN_aes_256_cfb "AES-256-CFB" -#define LN_aes_256_cfb "aes-256-cfb" -#define NID_aes_256_cfb 429 -#define OBJ_aes_256_cfb OBJ_aes,44L +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L #define SN_hold_instruction_code "holdInstructionCode" #define LN_hold_instruction_code "Hold Instruction Code" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 63b75951ac..52c75f7411 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -417,16 +417,16 @@ ecdsa_with_SHA1 416 ms_csp_name 417 aes_128_ecb 418 aes_128_cbc 419 -aes_128_ofb 420 -aes_128_cfb 421 +aes_128_ofb128 420 +aes_128_cfb128 421 aes_192_ecb 422 aes_192_cbc 423 -aes_192_ofb 424 -aes_192_cfb 425 +aes_192_ofb128 424 +aes_192_cfb128 425 aes_256_ecb 426 aes_256_cbc 427 -aes_256_ofb 428 -aes_256_cfb 429 +aes_256_ofb128 428 +aes_256_cfb128 429 hold_instruction_code 430 hold_instruction_none 431 hold_instruction_call_issuer 432 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 5260da4f4c..9a969ccd32 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -644,17 +644,23 @@ enterprises 1466 344 : dcobject : dcObject aes 1 : AES-128-ECB : aes-128-ecb aes 2 : AES-128-CBC : aes-128-cbc +!Cname aes-128-ofb128 aes 3 : AES-128-OFB : aes-128-ofb +!Cname aes-128-cfb128 aes 4 : AES-128-CFB : aes-128-cfb aes 21 : AES-192-ECB : aes-192-ecb aes 22 : AES-192-CBC : aes-192-cbc +!Cname aes-192-ofb128 aes 23 : AES-192-OFB : aes-192-ofb +!Cname aes-192-cfb128 aes 24 : AES-192-CFB : aes-192-cfb aes 41 : AES-256-ECB : aes-256-ecb aes 42 : AES-256-CBC : aes-256-cbc +!Cname aes-256-ofb128 aes 43 : AES-256-OFB : aes-256-ofb +!Cname aes-256-cfb128 aes 44 : AES-256-CFB : aes-256-cfb # Hold instruction CRL entry extension From 97879bcd57aa72555c624ae04b91159212c125d7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 12:20:34 +0000 Subject: [PATCH 007/173] Add the modes OFB128, CFB128 and CTR128 to AES. Submitted by Stephen Sprunk --- crypto/aes/Makefile.ssl | 4 +- crypto/aes/aes.h | 36 +++++++--- crypto/aes/aes_cbc.c | 2 +- crypto/aes/aes_cfb.c | 151 ++++++++++++++++++++++++++++++++++++++++ crypto/aes/aes_core.c | 10 --- crypto/aes/aes_ctr.c | 117 +++++++++++++++++++++++++++++++ crypto/aes/aes_ecb.c | 2 +- crypto/aes/aes_locl.h | 11 ++- crypto/aes/aes_misc.c | 2 +- crypto/aes/aes_ofb.c | 136 ++++++++++++++++++++++++++++++++++++ 10 files changed, 445 insertions(+), 26 deletions(-) create mode 100644 crypto/aes/aes_cfb.c create mode 100644 crypto/aes/aes_ctr.c create mode 100644 crypto/aes/aes_ofb.c diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl index 13deef0604..099bf0dd28 100644 --- a/crypto/aes/Makefile.ssl +++ b/crypto/aes/Makefile.ssl @@ -26,8 +26,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c -LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o +LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c +LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o SRC= $(LIBSRC) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 2d6c201838..e8da921ec5 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -1,6 +1,6 @@ /* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,8 +58,10 @@ static const int AES_DECRYPT = 0; static const int AES_ENCRYPT = 1; -#define AES_MAXNR 14 /* array size can't be a const in C */ -static const int AES_BLOCK_SIZE = 16; /* bytes */ +/* Because array size can't be a const in C, the following two are macros. + Both sizes are in bytes. */ +#define AES_MAXNR 14 +#define AES_BLOCK_SIZE 16 #ifdef __cplusplus extern "C" { @@ -74,17 +76,31 @@ typedef struct aes_key_st AES_KEY; const char *AES_options(void); -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); -void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); -void AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc); + const AES_KEY *key, const int enc); void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, const int enc); + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, int *num); +void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *counter, unsigned int *num); + #ifdef __cplusplus } diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 964a9780e4..3dfd7aba2a 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -1,6 +1,6 @@ /* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c new file mode 100644 index 0000000000..9b2917298a --- /dev/null +++ b/crypto/aes/aes_cfb.c @@ -0,0 +1,151 @@ +/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "aes_locl.h" + +/* The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ + +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) { + + unsigned int n; + unsigned long l = length; + unsigned char c; + + assert(in && out && key && ivec && num); + + n = *num; + + if (enc) { + while (l--) { + if (n == 0) { + AES_encrypt(ivec, ivec, key); + } + ivec[n] = *(out++) = *(in++) ^ ivec[n]; + n = (n+1) % AES_BLOCK_SIZE; + } + } else { + while (l--) { + if (n == 0) { + AES_decrypt(ivec, ivec, key); + } + c = *(in); + *(out++) = *(in++) ^ ivec[n]; + ivec[n] = c; + n = (n+1) % AES_BLOCK_SIZE; + } + } + + *num=n; +} + diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index a9bc1c0de4..937988dd8c 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -715,16 +715,6 @@ static const u32 rcon[] = { 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; -#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) - -#ifdef _MSC_VER -#define GETU32(p) SWAP(*((u32 *)(p))) -#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -#else -#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -#endif - /** * Expand the cipher key into the encryption key schedule. */ diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c new file mode 100644 index 0000000000..8e800481de --- /dev/null +++ b/crypto/aes/aes_ctr.c @@ -0,0 +1,117 @@ +/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include "aes_locl.h" + +/* NOTE: CTR mode is big-endian. The rest of the AES code + * is endian-neutral. */ + +/* increment counter (128-bit int) by 2^64 */ +static void AES_ctr128_inc(unsigned char *counter) { + unsigned long c; + + /* Grab 3rd dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#else + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab top dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 12); + c++; + PUTU32(counter + 12, c); +#else + c = GETU32(counter + 0); + c++; + PUTU32(counter + 0, c); +#endif + +} + +/* The input encrypted as though 128bit counter mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *counter, unsigned int *num) { + + unsigned int n; + unsigned long l=length; + unsigned char tmp[AES_BLOCK_SIZE]; + + assert(in && out && key && counter && num); + + n = *num; + + while (l--) { + if (n == 0) { + AES_ctr128_inc(counter); + AES_encrypt(counter, tmp, key); + } + *(out++) = *(in++) ^ tmp[n]; + n = (n+1) % AES_BLOCK_SIZE; + } + + *num=n; +} diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c index 8ea0f66088..1cb2e07d3d 100644 --- a/crypto/aes/aes_ecb.c +++ b/crypto/aes/aes_ecb.c @@ -1,6 +1,6 @@ /* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h index d49e829933..541d1d6e84 100644 --- a/crypto/aes/aes_locl.h +++ b/crypto/aes/aes_locl.h @@ -1,6 +1,6 @@ /* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,6 +65,15 @@ #include #endif +#ifdef _MSC_VER +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +#else +# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +#endif + typedef unsigned long u32; typedef unsigned short u16; typedef unsigned char u8; diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c index 6bec96f67d..090def25d5 100644 --- a/crypto/aes/aes_misc.c +++ b/crypto/aes/aes_misc.c @@ -1,6 +1,6 @@ /* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c new file mode 100644 index 0000000000..e33bdaea28 --- /dev/null +++ b/crypto/aes/aes_ofb.c @@ -0,0 +1,136 @@ +/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "aes_locl.h" + +/* The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, int *num) { + + unsigned int n; + unsigned long l=length; + + assert(in && out && key && ivec && num); + + n = *num; + + while (l--) { + if (n == 0) { + AES_encrypt(ivec, ivec, key); + } + *(out++) = *(in++) ^ ivec[n]; + n = (n+1) % AES_BLOCK_SIZE; + } + + *num=n; +} From a6cd870784b190afcfd5c98b2957f73996aad4fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 12:39:07 +0000 Subject: [PATCH 008/173] The AES modes OFB and CFB are defined with 128 feedback bits. This deviates from the "standard" 64 bits of feedback that all other algorithms are using. Therefore, let's redo certain EVP macros to accept different amounts of feedback bits for these modes. Also, change e_aes.c to provide all usually available modes for AES. CTR isn't included yet. --- crypto/evp/e_aes.c | 46 ++++++++++++++++----------------------- crypto/evp/e_bf.c | 2 +- crypto/evp/e_cast.c | 2 +- crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 4 ++-- crypto/evp/e_idea.c | 6 +++--- crypto/evp/e_rc2.c | 2 +- crypto/evp/e_rc5.c | 2 +- crypto/evp/evp_locl.h | 50 +++++++++++++++++++++++-------------------- 9 files changed, 55 insertions(+), 61 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 9d91533a9e..9d03a9602f 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -66,34 +66,24 @@ typedef struct #define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) -#define IMPLEMENT_BLOCK_CIPHER_def_ecb_cbc(cname, ksched, cprefix, kstruct, \ - nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, 0, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) - -IMPLEMENT_BLOCK_CIPHER_def_ecb_cbc(aes_128, ks, AES, EVP_AES_KEY, - NID_aes_128, 16, 16, 16, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER_def_ecb_cbc(aes_192, ks, AES, EVP_AES_KEY, - NID_aes_192, 16, 24, 16, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER_def_ecb_cbc(aes_256, ks, AES, EVP_AES_KEY, - NID_aes_256, 16, 32, 16, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) +IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, + NID_aes_128, 16, 16, 16, 128, + 0, aes_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, + NID_aes_192, 16, 24, 16, 128, + 0, aes_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, + NID_aes_256, 16, 32, 16, 128, + 0, aes_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index e543df7496..e74337567b 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -74,7 +74,7 @@ typedef struct #define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) -IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, +IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 3d4079c4dd..3400fef187 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -76,7 +76,7 @@ typedef struct #define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, + NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 3e2cf30a6b..105266a4b3 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -100,7 +100,7 @@ static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, +BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 0, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 13b396c5d2..077860e7b6 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -130,7 +130,7 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, +BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 0, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, @@ -141,7 +141,7 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, #define des_ede3_cbc_cipher des_ede_cbc_cipher #define des_ede3_ecb_cipher des_ede_ecb_cipher -BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, +BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 0, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 66f06c0622..ed838d3e62 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -88,10 +88,10 @@ typedef struct } EVP_IDEA_KEY; BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_ofb(idea, idea, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_cfb(idea, idea, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, +BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, 0, idea_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index b62d941979..4685198e2e 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -83,7 +83,7 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, 8, - RC2_KEY_LENGTH, 8, + RC2_KEY_LENGTH, 8, 64, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, rc2_init_key, NULL, rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index e22aedd685..3c7713b181 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -78,7 +78,7 @@ typedef struct #define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, - 8, RC5_32_KEY_LENGTH, 8, + 8, RC5_32_KEY_LENGTH, 8, 64, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index fbf0a3ab8c..7b088b4848 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -75,10 +75,10 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns return 1;\ } -#define BLOCK_CIPHER_func_ofb(cname, cprefix, kstruct, ksched) \ +#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_ofb64_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ return 1;\ } @@ -89,18 +89,18 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns return 1;\ } -#define BLOCK_CIPHER_func_cfb(cname, cprefix, kstruct, ksched) \ +#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cfb64_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } -#define BLOCK_CIPHER_all_funcs(cname, cprefix, kstruct, ksched) \ +#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_cfb(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_ofb(cname, cprefix, kstruct, ksched) + BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ key_len, iv_len, flags, init_key, cleanup, \ @@ -125,16 +125,18 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb64, cfb, CFB, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ofb64, ofb, OFB, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ iv_len, flags, init_key, cleanup, set_asn1, \ @@ -143,14 +145,14 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) #define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, flags, \ + nid, block_size, key_len, iv_len, cbits, flags, \ init_key, cleanup, set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ init_key, cleanup, set_asn1, get_asn1, ctrl) @@ -214,10 +216,12 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } */ #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ - block_size, key_len, iv_len, flags, init_key, \ + block_size, key_len, iv_len, cbits, \ + flags, init_key, \ cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + cbits, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) From 46dae77c2308355621bad4f4dcde65f3c130e3e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 16 Feb 2002 16:53:25 +0000 Subject: [PATCH 009/173] Cygwin target name has been changed! --- INSTALL.W32 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 7c1d13e964..3ca4c1b129 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -160,7 +160,7 @@ * $ tar zxvf openssl-x.x.x.tar.gz $ cd openssl-x.x.x - $ ./Configure no-threads CygWin32 + $ ./Configure no-threads Cygwin [...] $ make [...] From 290d3eab76e902371ce80303e0e4f2b2e5549354 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 22:28:31 +0000 Subject: [PATCH 010/173] Since Cygwin is the proper spelling, let's change to that everywhere. Also, with the change in Configure, it now knows on it's own if threads are supported or not. --- INSTALL.W32 | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 3ca4c1b129..081eced313 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -6,15 +6,15 @@ of this is tested on Win32 but it may also work in Win 3.1 with some modification. - You need Perl for Win32. Unless you will build on CygWin32, you will need + You need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl. - For CygWin32 users, there's more info in the CygWin32 section. + For Cygwin users, there's more info in the Cygwin section. and one of the following C compilers: * Visual C++ * Borland C - * GNU C (Mingw32 or Cygwin32) + * GNU C (Mingw32 or Cygwin) If you want to compile in the assembly language routines with Visual C++ then you will need an assembler. This is worth doing because it will result in @@ -137,30 +137,30 @@ > cd out > ..\ms\test - GNU C (CygWin32) - --------------- + GNU C (Cygwin) + -------------- - CygWin32 provides a bash shell and GNU tools environment running on + Cygwin provides a bash shell and GNU tools environment running on NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL - with CygWin is closer to a GNU bash environment such as Linux rather + with Cygwin is closer to a GNU bash environment such as Linux rather than other W32 makes that are based on a single makefile approach. - CygWin32 implements Posix/Unix calls through cygwin1.dll, and is + Cygwin implements Posix/Unix calls through cygwin1.dll, and is contrasted to Mingw32 which links dynamically to msvcrt.dll or crtdll.dll. - To build OpenSSL using CygWin32: + To build OpenSSL using Cygwin: - * Install CygWin32 (see http://sourceware.cygnus.com/cygwin) + * Install Cygwin (see http://sourceware.cygnus.com/cygwin) * Install Perl and ensure it is in the path (recent Cygwin perl (version 5.6.1-2 of the latter has been reported to work) or ActivePerl) - * Run the CygWin bash shell + * Run the Cygwin bash shell * $ tar zxvf openssl-x.x.x.tar.gz $ cd openssl-x.x.x - $ ./Configure no-threads Cygwin + $ ./Configure Cygwin [...] $ make [...] @@ -169,26 +169,26 @@ This will create a default install in /usr/local/ssl. - CygWin32 Notes: + Cygwin Notes: "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin stripping of carriage returns. To avoid this ensure that a binary mount is used, e.g. mount -b c:\somewhere /home. - As of version 1.1.1 CygWin32 is relatively unstable in its handling + As of version 1.1.1 Cygwin is relatively unstable in its handling of cr/lf issues. These make procedures succeeded with versions 1.1 and the snapshot 20000524 (Slow!). - "bc" is not provided in the CygWin32 distribution. This causes a + "bc" is not provided in the Cygwin distribution. This causes a non-fatal error in "make test" but is otherwise harmless. If - desired, GNU bc can be built with CygWin32 without change. + desired, GNU bc can be built with Cygwin without change. Installation ------------ - If you used the CygWin procedure above, you have already installed and + If you used the Cygwin procedure above, you have already installed and can skip this section. For all other procedures, there's currently no real installation procedure for Win32. There are, however, some suggestions: From 9c5b91fd0be0ff6caea17ed62535590a7027b36a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 16 Feb 2002 22:31:16 +0000 Subject: [PATCH 011/173] Oh, and since config figures out that we run Cygwin and what versions, let's recommend running config instead of a manual Configure. --- INSTALL.W32 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 081eced313..633ebd7c65 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -160,7 +160,7 @@ * $ tar zxvf openssl-x.x.x.tar.gz $ cd openssl-x.x.x - $ ./Configure Cygwin + $ ./config [...] $ make [...] From 744c49a81b84bc78b01e0203770512c183bb754e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 20 Feb 2002 05:02:50 +0000 Subject: [PATCH 012/173] - Add support for cipher suites that require a temporary RSA key for key-agreement. - Tolerate signal interruptions of select(). --- demos/tunala/cb.c | 10 ++++++++++ demos/tunala/tunala.c | 28 +++++++++++++++++++++------- demos/tunala/tunala.h | 1 + 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c index cd32f74c70..e64983896e 100644 --- a/demos/tunala/cb.c +++ b/demos/tunala/cb.c @@ -129,5 +129,15 @@ void cb_ssl_verify_set_level(unsigned int level) cb_ssl_verify_level = level; } +RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength) +{ + /* TODO: Perhaps make it so our global key can be generated on-the-fly + * after certain intervals? */ + static RSA *rsa_tmp = NULL; + if(!rsa_tmp) + rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); + return rsa_tmp; +} + #endif /* !defined(NO_OPENSSL) */ diff --git a/demos/tunala/tunala.c b/demos/tunala/tunala.c index e802a6209f..e918cba2ce 100644 --- a/demos/tunala/tunala.c +++ b/demos/tunala/tunala.c @@ -69,8 +69,8 @@ typedef struct _tunala_world_t { static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, const char *CAfile, const char *cert, const char *key, const char *dcert, const char *dkey, const char *cipher_list, - const char *dh_file, const char *dh_special, int ctx_options, - int out_state, int out_verify, int verify_mode, + const char *dh_file, const char *dh_special, int tmp_rsa, + int ctx_options, int out_state, int out_verify, int verify_mode, unsigned int verify_depth); static void selector_init(tunala_selector_t *selector); static void selector_add_listener(tunala_selector_t *selector, int fd); @@ -102,6 +102,7 @@ static int def_flipped = 0; static const char *def_cipher_list = NULL; static const char *def_dh_file = NULL; static const char *def_dh_special = NULL; +static int def_tmp_rsa = 1; static int def_ctx_options = 0; static int def_verify_mode = 0; static unsigned int def_verify_depth = 10; @@ -127,6 +128,7 @@ static const char *helpstring = " -cipher (specifies cipher list to use)\n" " -dh_file (a PEM file containing DH parameters to use)\n" " -dh_special (see below: def=NULL)\n" +" -no_tmp_rsa (don't generate temporary RSA keys)\n" " -no_ssl2 (disable SSLv2)\n" " -no_ssl3 (disable SSLv3)\n" " -no_tls1 (disable TLSv1)\n" @@ -306,6 +308,7 @@ int main(int argc, char *argv[]) const char *cipher_list = def_cipher_list; const char *dh_file = def_dh_file; const char *dh_special = def_dh_special; + int tmp_rsa = def_tmp_rsa; int ctx_options = def_ctx_options; int verify_mode = def_verify_mode; unsigned int verify_depth = def_verify_depth; @@ -427,6 +430,9 @@ next_arg: if(!parse_dh_special(*argv, &dh_special)) return 1; goto next_arg; + } else if(strcmp(*argv, "-no_tmp_rsa") == 0) { + tmp_rsa = 0; + goto next_arg; } else if(strcmp(*argv, "-no_ssl2") == 0) { ctx_options |= SSL_OP_NO_SSLv2; goto next_arg; @@ -487,7 +493,7 @@ next_arg: /* Create the SSL_CTX */ if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id, cacert, cert, key, dcert, dkey, cipher_list, dh_file, - dh_special, ctx_options, out_state, out_verify, + dh_special, tmp_rsa, ctx_options, out_state, out_verify, verify_mode, verify_depth)) == NULL) return err_str1("initialise_ssl_ctx(engine_id=%s) failed", (engine_id == NULL) ? "NULL" : engine_id); @@ -522,8 +528,13 @@ main_loop: /* Now do the select */ switch(selector_select(&world.selector)) { case -1: - fprintf(stderr, "selector_select returned a badness error.\n"); - goto shouldnt_happen; + if(errno != EINTR) { + fprintf(stderr, "selector_select returned a " + "badness error.\n"); + goto shouldnt_happen; + } + fprintf(stderr, "Warn, selector interrupted by a signal\n"); + goto main_loop; case 0: fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n"); goto main_loop; @@ -717,8 +728,8 @@ do_it: static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, const char *CAfile, const char *cert, const char *key, const char *dcert, const char *dkey, const char *cipher_list, - const char *dh_file, const char *dh_special, int ctx_options, - int out_state, int out_verify, int verify_mode, + const char *dh_file, const char *dh_special, int tmp_rsa, + int ctx_options, int out_state, int out_verify, int verify_mode, unsigned int verify_depth) { SSL_CTX *ctx = NULL, *ret = NULL; @@ -770,6 +781,9 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, /* dcert and dkey */ if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey)) goto err; + /* temporary RSA key generation */ + if(tmp_rsa) + SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa); /* cipher_list */ if(cipher_list) { diff --git a/demos/tunala/tunala.h b/demos/tunala/tunala.h index b4c8ec78d8..3a752f259a 100644 --- a/demos/tunala/tunala.h +++ b/demos/tunala/tunala.h @@ -149,6 +149,7 @@ int cb_ssl_verify(int ok, X509_STORE_CTX *ctx); void cb_ssl_verify_set_output(FILE *fp); void cb_ssl_verify_set_depth(unsigned int verify_depth); void cb_ssl_verify_set_level(unsigned int level); +RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength); #endif /* !defined(NO_OPENSSL) */ #endif /* !defined(OPENSSL_NO_BUFFER) */ From afeab58a3cdc9b6ff4dae42613e21952c6e4a3f6 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 20 Feb 2002 05:09:22 +0000 Subject: [PATCH 013/173] Make the "ungunk" logic a little more robust. --- demos/tunala/autoungunk.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/demos/tunala/autoungunk.sh b/demos/tunala/autoungunk.sh index 14d10790fd..0c9123b6cf 100755 --- a/demos/tunala/autoungunk.sh +++ b/demos/tunala/autoungunk.sh @@ -4,13 +4,13 @@ # mess has been left in the directory thanks to autoconf, automake, and their # friends. -if test -f Makefile; then - make distclean - rm -f Makefile -fi - if test -f Makefile.plain; then + if test -f Makefile; then + make distclean + fi mv Makefile.plain Makefile +else + make clean fi rm -f aclocal.m4 config.* configure install-sh \ From 877b2fbd3c9d2ca38b6a15b55846f33b0dece9e8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 20 Feb 2002 05:12:45 +0000 Subject: [PATCH 014/173] A rough little self-test for tunala. This runs through all cipher-suite / SSL/TLS version combinations looking for mishaps. --- demos/tunala/test.sh | 107 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100755 demos/tunala/test.sh diff --git a/demos/tunala/test.sh b/demos/tunala/test.sh new file mode 100755 index 0000000000..105b447333 --- /dev/null +++ b/demos/tunala/test.sh @@ -0,0 +1,107 @@ +#!/bin/sh + +HTTP="localhost:8080" +CLIENT_PORT="9020" +SERVER_PORT="9021" + +sub_test () +{ + echo "STARTING - $VER $CIPHER" + ./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \ + -cacert CA.pem -cert A-client.pem -server 0 \ + -dh_special standard -v_peer -v_strict \ + $VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt & + ./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \ + -cacert CA.pem -cert A-server.pem -server 1 \ + -dh_special standard -v_peer -v_strict \ + $VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt & + # Wait for the servers to be listening before starting the wget test + DONE="no" + while [ "$DONE" != "yes" ]; do + L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"` + L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"` + if [ "x$L1" != "x" ]; then + DONE="yes" + elif [ "x$L2" != "x" ]; then + DONE="yes" + else + sleep 1 + fi + done + HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep ""` + if [ "x$HTML" != "x" ]; then + echo "OK - $CIPHER ($VER)" + else + echo "FAIL - $CIPHER ($VER)" + killall tunala + exit 1 + fi + killall tunala + # Wait for the servers to stop before returning - otherwise the next + # test my fail to start ... (fscking race conditions) + DONE="yes" + while [ "$DONE" != "no" ]; do + L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"` + L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"` + if [ "x$L1" != "x" ]; then + DONE="yes" + elif [ "x$L2" != "x" ]; then + DONE="yes" + else + DONE="no" + fi + done + exit 0 +} + +run_test () +{ + (sub_test 1> /dev/null) || exit 1 +} + +run_ssl_test () +{ +killall tunala 1> /dev/null 2> /dev/null +echo "" +echo "Starting all $PRETTY tests" +if [ "$PRETTY" != "SSLv2" ]; then + if [ "$PRETTY" != "SSLv3" ]; then + export VER="-no_ssl2 -no_ssl3" + export OSSL="-tls1" + else + export VER="-no_ssl2 -no_tls1" + export OSSL="-ssl3" + fi +else + export VER="-no_ssl3 -no_tls1" + export OSSL="-ssl2" +fi +LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`" +#echo "$LIST" +for i in $LIST; do \ + DSS=`echo "$i" | grep "DSS"` + if [ "x$DSS" != "x" ]; then + echo "---- skipping $i (no DSA cert/keys) ----" + else + export CIPHER=$i + run_test + echo "SUCCESS: $i" + fi +done; +} + +# Welcome the user +echo "Tests will assume an http server running at $HTTP" + +# TLSv1 test +export PRETTY="TLSv1" +run_ssl_test + +# SSLv3 test +export PRETTY="SSLv3" +run_ssl_test + +# SSLv2 test +export PRETTY="SSLv2" +run_ssl_test + From 5b2d6ff07e5736d46f8a9334cc79abfa70be5279 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 20 Feb 2002 08:33:55 +0000 Subject: [PATCH 015/173] make update --- TABLE | 32 ++++++++++++++++++++++++++++---- crypto/aes/Makefile.ssl | 6 ++++++ util/libeay.num | 3 +++ 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/TABLE b/TABLE index c211c0f449..6ba53ec53e 100644 --- a/TABLE +++ b/TABLE @@ -2825,10 +2825,10 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $shared_extension = $ranlib = @@ -3695,3 +3695,27 @@ $shared_cflag = -Kpic $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = + +*** vxworks-ppc405 +$cc = ccppc +$cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl index 099bf0dd28..a20686dadd 100644 --- a/crypto/aes/Makefile.ssl +++ b/crypto/aes/Makefile.ssl @@ -88,10 +88,16 @@ clean: aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h +aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h +aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h +aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h +aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c +aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h +aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c diff --git a/util/libeay.num b/util/libeay.num index 837d7d0602..238dc1fc1f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2832,3 +2832,6 @@ ECDSA_generate_key 3278 EXIST::FUNCTION:ECDSA PEM_write_ECDSAParameters 3279 EXIST:!WIN16:FUNCTION:ECDSA i2d_ECDSAPrivateKey_fp 3280 EXIST::FUNCTION:ECDSA,FP_API PEM_read_ECDSAPrivateKey 3281 EXIST:!WIN16:FUNCTION:ECDSA +AES_ofb128_encrypt 3282 EXIST::FUNCTION:AES +AES_ctr128_encrypt 3283 EXIST::FUNCTION:AES +AES_cfb128_encrypt 3284 EXIST::FUNCTION:AES From 02e666d59f9df1e2b1c5de9efc30205f5e064181 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 11:42:42 +0000 Subject: [PATCH 016/173] Don't shadow already defined variables --- Configure | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index 9b01806202..999707794d 100755 --- a/Configure +++ b/Configure @@ -912,11 +912,11 @@ my $bn_ops = $fields[$idx_bn_ops]; my $bn_obj = $fields[$idx_bn_obj]; my $des_obj = $fields[$idx_des_obj]; my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; +$md5_obj = $fields[$idx_md5_obj]; +$sha1_obj = $fields[$idx_sha1_obj]; my $cast_obj = $fields[$idx_cast_obj]; my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; +$rmd160_obj = $fields[$idx_rmd160_obj]; my $rc5_obj = $fields[$idx_rc5_obj]; my $dso_scheme = $fields[$idx_dso_scheme]; my $shared_target = $fields[$idx_shared_target]; From 3adb8c385404448629465cdf02fe1431b8e0e160 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 11:43:40 +0000 Subject: [PATCH 017/173] With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all --- crypto/aes/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl index a20686dadd..c189ce0824 100644 --- a/crypto/aes/Makefile.ssl +++ b/crypto/aes/Makefile.ssl @@ -54,7 +54,7 @@ files: links: @$(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @#$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: installs From 4b71f63ac0de0df0ec321b0522a30e8d3e356760 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 11:57:33 +0000 Subject: [PATCH 018/173] Comparing a pointer (data) with 0 using > is incorrect. The changed comparison doesn't look right, but at least it compiles. It would be nice if the one who knows what this is supposed to do changed it to do it correctly --- crypto/ecdsa/ecs_asn1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index b3bdd4e5fb..542a987bc2 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -439,7 +439,9 @@ ECDSA *ECDSA_x9_62parameters2ecdsa(const X9_62_EC_PARAMETERS *params, EC if ((point = EC_POINT_new(ret->group)) == NULL) goto err; } else OPENSSL_ECDSA_ABORT(ECDSA_R_WRONG_FIELD_IDENTIFIER) - if (params->curve->seed != NULL && params->curve->seed->data > 0) + /* FIXME!!! It seems like the comparison of data with 0 isn't the + intended thing. */ + if (params->curve->seed != NULL && params->curve->seed->data != 0) { if (ret->seed != NULL) OPENSSL_free(ret->seed); From d009bcbfb6f768b366a7cdd471186511282467a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 20 Feb 2002 11:59:42 +0000 Subject: [PATCH 019/173] bugfix: allocate sufficiently large buffer Submitted by: Nils Larsch --- crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f14f8d88ed..4e409d07bf 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -233,7 +233,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc(totalnum * sizeof wNAF[0] + 1); + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); if (wNAF != NULL) { wNAF[0] = NULL; /* preliminary pivot */ From f19759a1823afafe2a3d3c72e8a4bacb40232b70 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 12:01:24 +0000 Subject: [PATCH 020/173] Instead of just checking for OpenVMS, check if DEC C is used, since it's as picky on all platforms --- crypto/ebcdic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index eb46054433..bc968ea807 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -212,7 +212,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) #else /*CHARSET_EBCDIC*/ #include -#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) +#if defined(PEDANTIC) || defined(__DECC) static void *dummy=&dummy; #endif #endif From aa89bcd279f4b2959877d011f4779a4e1e7f1312 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 12:16:17 +0000 Subject: [PATCH 021/173] With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all --- test/Makefile.ssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 31d6090ac4..6a48b0b736 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -265,8 +265,8 @@ test_ca: fi test_rd: #$(RDTEST) - @echo "test Rijndael" - #./$(RDTEST) +# @echo "test Rijndael" +# ./$(RDTEST) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff From 006723cf76819118b1ef2e33fe3af4e2527f2b55 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 12:31:23 +0000 Subject: [PATCH 022/173] Add reports on checked 64-bit platforms and make space to add platforms that need to be checked --- STATUS | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 3a6d0ae435..a24799f0e8 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/13 10:21:25 $ + ______________ $Date: 2002/02/20 12:31:23 $ DEVELOPMENT STATE @@ -22,6 +22,12 @@ o BIGNUM library failures on 64-bit platforms (0.9.7-dev): - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc + Checked on Result + Tru64 version 4.0 works + + Needs checked on + [add platforms here] + AVAILABLE PATCHES o From f8e21776f9351d78f836d217dda0649fdabe39f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 20 Feb 2002 12:38:00 +0000 Subject: [PATCH 023/173] typo --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e2b130fccd..2d109a7557 100644 --- a/CHANGES +++ b/CHANGES @@ -17,10 +17,10 @@ d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make them suitable for ECDSA where domain parameters must be extracted before the specific public key. - [Nils Larsch ] *) Add reference counting for EC_GROUP objects. - [Nils Larsch ] *) Include some named elliptic curves. These can be obtained from the new functions From 3613e6fc57d59d05a1b9e992879845000783bb36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 20 Feb 2002 13:08:17 +0000 Subject: [PATCH 024/173] simplifications Submitted by: Nils Larsch --- crypto/ecdsa/ecs_asn1.c | 27 +++------------------------ crypto/ecdsa/ecs_ossl.c | 12 ++++++++---- 2 files changed, 11 insertions(+), 28 deletions(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 542a987bc2..886cd01db2 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -61,29 +61,10 @@ static point_conversion_form_t POINT_CONVERSION_FORM = POINT_CONVERSION_COMPRESSED; -/* Override the default new methods */ -static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - if(operation == ASN1_OP_NEW_PRE) { - ECDSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(ECDSA_SIG)); - if (sig == NULL) - { - ECDSAerr(ECDSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); - return 0; - } - sig->r = NULL; - sig->s = NULL; - *pval = (ASN1_VALUE *)sig; - return 2; - } - return 1; -} - -ASN1_SEQUENCE_cb(ECDSA_SIG, sig_cb) = { +ASN1_SEQUENCE(ECDSA_SIG) = { ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) -} ASN1_SEQUENCE_END_cb(ECDSA_SIG, ECDSA_SIG) +} ASN1_SEQUENCE_END(ECDSA_SIG) IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG) @@ -439,9 +420,7 @@ ECDSA *ECDSA_x9_62parameters2ecdsa(const X9_62_EC_PARAMETERS *params, EC if ((point = EC_POINT_new(ret->group)) == NULL) goto err; } else OPENSSL_ECDSA_ABORT(ECDSA_R_WRONG_FIELD_IDENTIFIER) - /* FIXME!!! It seems like the comparison of data with 0 isn't the - intended thing. */ - if (params->curve->seed != NULL && params->curve->seed->data != 0) + if (params->curve->seed != NULL) { if (ret->seed != NULL) OPENSSL_free(ret->seed); diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 5a36707cfb..a79b0c2fe2 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -285,16 +285,20 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA * reason = ECDSA_R_SIGNATURE_MALLOC_FAILED; goto err; } - ret->r = r; - ret->s = s; + if (BN_copy(ret->r, r) == NULL || BN_copy(ret->s, s) == NULL) + { + ECDSA_SIG_free(ret); + ret = NULL; + reason = ERR_R_BN_LIB; + } err: if (!ret) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,reason); - BN_free(r); - BN_free(s); } + if (r != NULL) BN_clear_free(r); + if (s != NULL) BN_clear_free(s); if (ctx != NULL) BN_CTX_free(ctx); if (m != NULL) BN_clear_free(m); if (tmp != NULL) BN_clear_free(tmp); From a60033f106479b0b29249e59a865897060fcac70 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 13:19:59 +0000 Subject: [PATCH 025/173] Update the status on 64-bit thingy. --- STATUS | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/STATUS b/STATUS index a24799f0e8..998bdafe5a 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/20 12:31:23 $ + ______________ $Date: 2002/02/20 13:19:59 $ DEVELOPMENT STATE @@ -22,8 +22,10 @@ o BIGNUM library failures on 64-bit platforms (0.9.7-dev): - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc - Checked on Result - Tru64 version 4.0 works + Checked on Result + alpha-cc (Tru64 version 4.0) works + linux-alpha+bwx-gcc doesn't work. Reported by + Sean O'Riordain Needs checked on [add platforms here] From 1fc1bd382bd08a140a0074ca41b2c9b74e6fab34 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 13:49:17 +0000 Subject: [PATCH 026/173] Instead of casting a lvalue, let's constify meth. --- crypto/ecdsa/ecs_asn1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 886cd01db2..6fa0b3fb7f 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -355,7 +355,7 @@ ECDSA *ECDSA_x9_62parameters2ecdsa(const X9_62_EC_PARAMETERS *params, EC { int ok=0, reason=ERR_R_EC_LIB, tmp; ECDSA *ret=NULL; - EC_METHOD *meth=NULL; + const EC_METHOD *meth=NULL; BIGNUM *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL; EC_POINT *point=NULL; @@ -398,7 +398,7 @@ ECDSA *ECDSA_x9_62parameters2ecdsa(const X9_62_EC_PARAMETERS *params, EC else if (tmp == NID_X9_62_prime_field) { /* TODO : optimal method for the curve */ - (const EC_METHOD *)meth = EC_GFp_mont_method(); + meth = EC_GFp_mont_method(); if ((ret->group = EC_GROUP_new(meth)) == NULL) goto err; if (params->fieldID->parameters->type != V_ASN1_INTEGER) OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_ASN1_TYPE) From 236be53269d7231edde44e194ae40f732d00c620 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 13:50:36 +0000 Subject: [PATCH 027/173] gcc figures that the format specifier %2x means unsigned int, so let's make n unsigned. --- crypto/evp/evp_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index bf0fc3692b..3607fe7776 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -73,7 +73,7 @@ static int convert(unsigned char *s) for(d=s ; *s ; s+=2,++d) { - int n; + unsigned int n; if(!s[1]) { From 58706d595b177c35aa6281e29b6f3907b2c511d3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 14:07:07 +0000 Subject: [PATCH 028/173] Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since it's exported. Changing that is a BIG step, which has been done in 0.9.7-dev. --- STATUS | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/STATUS b/STATUS index 998bdafe5a..9cb4627591 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/20 13:19:59 $ + ______________ $Date: 2002/02/20 14:07:07 $ DEVELOPMENT STATE @@ -68,10 +68,6 @@ o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file - o OpenSSL_0_9_6-stable: - #include in exported header files is illegal since - e_os.h is suitable only for library-internal use. - o Whenever strncpy is used, make sure the resulting string is NULL-terminated or an error is reported From 915c6a21baf18e74f450032b17cc708ee0daf618 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 17:55:08 +0000 Subject: [PATCH 029/173] Stop assuming the IV is 8 bytes long, use the real size instead. This is especially important for AES that has a 16 bytes IV. --- crypto/pem/pem_info.c | 2 +- crypto/pem/pem_lib.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 8bcd9f770d..7fc5e5c4c0 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -350,7 +350,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, /* create the right magic header stuff */ buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf,objstr,8,(char *)iv); + PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); /* use the normal code to write things out */ i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 52a36dc00d..94ecae7f3f 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -335,7 +335,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - if (RAND_pseudo_bytes(iv,8) < 0) /* Generate a salt */ + if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ @@ -345,7 +345,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf,objstr,8,(char *)iv); + PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); /* k=strlen(buf); */ EVP_CIPHER_CTX_init(&ctx); @@ -471,7 +471,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); return(0); } - if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0); + if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0); return(1); } From 5b7848a34578e5819e9bb335e9da0e9d04ab921d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 17:59:49 +0000 Subject: [PATCH 030/173] Add comfy aliases for AES in CBC mode. --- crypto/evp/c_allc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 0fe5457425..37e6ab83a5 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -149,10 +149,16 @@ void OpenSSL_add_all_ciphers(void) #ifndef OPENSSL_NO_AES EVP_add_cipher(EVP_aes_128_ecb()); EVP_add_cipher(EVP_aes_128_cbc()); + EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); EVP_add_cipher(EVP_aes_192_ecb()); EVP_add_cipher(EVP_aes_192_cbc()); + EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); EVP_add_cipher(EVP_aes_256_ecb()); EVP_add_cipher(EVP_aes_256_cbc()); + EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif PKCS12_PBE_add(); PKCS5_PBE_add(); From b3dfaaa143d06eb23ec0985ba37bd9ab24bee6bb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 20 Feb 2002 18:03:07 +0000 Subject: [PATCH 031/173] Add AES support in the applications that support -des and -des3. --- STATUS | 5 +---- apps/dsa.c | 7 +++++++ apps/ecdsa.c | 15 +++++++++++---- apps/gendsa.c | 12 ++++++++++++ apps/genrsa.c | 12 ++++++++++++ apps/pkcs12.c | 9 +++++++++ apps/rsa.c | 7 +++++++ apps/smime.c | 12 ++++++++++++ 8 files changed, 71 insertions(+), 8 deletions(-) diff --git a/STATUS b/STATUS index 9cb4627591..7929c02231 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/20 14:07:07 $ + ______________ $Date: 2002/02/20 18:03:00 $ DEVELOPMENT STATE @@ -61,9 +61,6 @@ weakness in SSL/TLS should be added; see http://www.openssl.org/~bodo/tls-cbc.txt - o All 'openssl' subprograms taking '-des' and '-des3' options should - include AES support (0.9.7-dev) - o 'openssl speed' should include AES support (0.9.7-dev) o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file diff --git a/apps/dsa.c b/apps/dsa.c index 59aa0ea106..9d10a7c860 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -79,6 +79,9 @@ * -des - encrypt output if PEM format with DES in cbc mode * -des3 - encrypt output if PEM format * -idea - encrypt output if PEM format + * -aes128 - encrypt output if PEM format + * -aes192 - encrypt output if PEM format + * -aes256 - encrypt output if PEM format * -text - print a text version * -modulus - print the DSA public key */ @@ -188,6 +191,10 @@ bad: BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); diff --git a/apps/ecdsa.c b/apps/ecdsa.c index e8aa7461b4..80cbdb2e4a 100644 --- a/apps/ecdsa.c +++ b/apps/ecdsa.c @@ -132,6 +132,9 @@ * -des - encrypt output if PEM format with DES in cbc mode * -des3 - encrypt output if PEM format * -idea - encrypt output if PEM format + * -aes128 - encrypt output if PEM format + * -aes192 - encrypt output if PEM format + * -aes256 - encrypt output if PEM format * -text - print a text version * -pub - print the ECDSA public key * -compressed - print the public key in compressed form ( default ) @@ -227,12 +230,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-pub") == 0) { pub = 1; - buffer = (*(argv+1)); - if (strcmp(buffer, "compressed") == 0) + buffer = (unsigned char *)(*(argv+1)); + if (strcmp((char *)buffer, "compressed") == 0) point_form = POINT_CONVERSION_COMPRESSED; - else if (strcmp(buffer, "hybrid") == 0) + else if (strcmp((char *)buffer, "hybrid") == 0) point_form = POINT_CONVERSION_HYBRID; - else if (strcmp(buffer, "uncompressed") == 0) + else if (strcmp((char *)buffer, "uncompressed") == 0) point_form = POINT_CONVERSION_UNCOMPRESSED; if (point_form) { @@ -270,6 +273,10 @@ bad: BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); #endif BIO_printf(bio_err, " -text print the key in text\n"); BIO_printf(bio_err, " -noout don't print key out\n"); diff --git a/apps/gendsa.c b/apps/gendsa.c index 6b74142991..ebee7f0269 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -129,6 +129,14 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); +#endif +#ifndef OPENSSL_NO_AES + else if (strcmp(*argv,"-aes128") == 0) + enc=EVP_aes_128_cbc(); + else if (strcmp(*argv,"-aes192") == 0) + enc=EVP_aes_192_cbc(); + else if (strcmp(*argv,"-aes256") == 0) + enc=EVP_aes_256_cbc(); #endif else if (**argv != '-' && dsaparams == NULL) { @@ -151,6 +159,10 @@ bad: #endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); diff --git a/apps/genrsa.c b/apps/genrsa.c index b5ae1beacf..5a58235e0c 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -138,6 +138,14 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); +#endif +#ifndef OPENSSL_NO_AES + else if (strcmp(*argv,"-aes128") == 0) + enc=EVP_aes_128_cbc(); + else if (strcmp(*argv,"-aes192") == 0) + enc=EVP_aes_192_cbc(); + else if (strcmp(*argv,"-aes256") == 0) + enc=EVP_aes_256_cbc(); #endif else if (strcmp(*argv,"-passout") == 0) { @@ -157,6 +165,10 @@ bad: BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0e2bd6dbcd..a424218034 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -151,6 +151,11 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); #endif else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); +#ifndef OPENSSL_NO_AES + else if (!strcmp(*argv,"-aes128")) enc=EVP_aes_128_cbc(); + else if (!strcmp(*argv,"-aes192")) enc=EVP_aes_192_cbc(); + else if (!strcmp(*argv,"-aes256")) enc=EVP_aes_256_cbc(); +#endif else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp (*args, "-maciter")) maciter = PKCS12_DEFAULT_ITER; @@ -279,6 +284,10 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); #ifndef OPENSSL_NO_IDEA BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); #endif BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); diff --git a/apps/rsa.c b/apps/rsa.c index 863159d83a..6cadcb2174 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -79,6 +79,9 @@ * -des - encrypt output if PEM format with DES in cbc mode * -des3 - encrypt output if PEM format * -idea - encrypt output if PEM format + * -aes128 - encrypt output if PEM format + * -aes192 - encrypt output if PEM format + * -aes256 - encrypt output if PEM format * -text - print a text version * -modulus - print the RSA key modulus * -check - verify key consistency @@ -195,6 +198,10 @@ bad: BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); diff --git a/apps/smime.c b/apps/smime.c index 7c4aac1ef2..731f9dd5d0 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -128,6 +128,14 @@ int MAIN(int argc, char **argv) cipher = EVP_rc2_cbc(); else if (!strcmp (*args, "-rc2-64")) cipher = EVP_rc2_64_cbc(); +#endif +#ifndef OPENSSL_NO_AES + else if (!strcmp(*argv,"-aes128") == 0) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(*argv,"-aes192") == 0) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(*argv,"-aes256") == 0) + cipher = EVP_aes_256_cbc(); #endif else if (!strcmp (*args, "-text")) flags |= PKCS7_TEXT; @@ -283,6 +291,10 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); #endif BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf (bio_err, "-nosigs don't verify message signature\n"); From 92f91ff48b320a81964d7347444683a734c53734 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 21 Feb 2002 00:54:54 +0000 Subject: [PATCH 032/173] Config file updates from stable branch --- CHANGES | 9 +++++++++ crypto/conf/conf.h | 3 ++- crypto/conf/conf_mall.c | 21 ++++----------------- crypto/conf/conf_mod.c | 34 ++++++++++++++++++++++++++-------- 4 files changed, 41 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 2d109a7557..c7997c122d 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,15 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Move default behaviour to CONF_modules_load_file(). Is appname is NULL + use "openssl_conf" if filename is NULL use default openssl config file. + [Steve Henson] + + +) Add an argument to OPENSSL_config() to allow the use of an alternative + config section name. Add a new flag to tolerate a missing config file + and move code to CONF_modules_load_file(). + [Steve Henson] + *) Add information about CygWin 1.3 and on, and preserve proper configuration for the versions before that. [Corinna Vinschen and Richard Levitte] diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 2c6f573349..4e14cd000f 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -112,6 +112,7 @@ typedef void conf_finish_func(CONF_IMODULE *md); #define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 #define CONF_MFLAGS_SILENT 0x4 #define CONF_MFLAGS_NO_DSO 0x8 +#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf,LHASH *hash); @@ -127,7 +128,7 @@ void CONF_free(LHASH *conf); int CONF_dump_fp(LHASH *conf, FILE *out); int CONF_dump_bio(LHASH *conf, BIO *out); -void OPENSSL_config(void); +void OPENSSL_config(const char *config_name); /* New conf code. The semantics are different from the functions above. If that wasn't the case, the above functions would have been replaced */ diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 01cff6946a..c1bab7df3a 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -81,30 +81,16 @@ void OPENSSL_load_builtin_modules(void) static int openssl_configured = 0; -void OPENSSL_config(void) +void OPENSSL_config(const char *config_name) { - int err_exit = 0; - char *file; if (openssl_configured) return; OPENSSL_load_builtin_modules(); - file = CONF_get1_default_config_file(); - if (!file) - return; - ERR_clear_error(); - if (CONF_modules_load_file(file, "openssl_config", 0) <= 0) - { - if (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE) - ERR_clear_error(); - else - err_exit = 1; - } - - OPENSSL_free(file); - if (err_exit) + if (CONF_modules_load_file(NULL, NULL, + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { BIO *bio_err; ERR_load_crypto_strings(); @@ -113,6 +99,7 @@ void OPENSSL_config(void) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_printf(bio_err,"Auto configuration failed\n"); ERR_print_errors(bio_err); + BIO_free(bio_err); } exit(1); } diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 23e1f191da..7e88cfb625 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -163,18 +163,40 @@ int CONF_modules_load(const CONF *cnf, const char *appname, int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags) { + char *file; CONF *conf = NULL; int ret = 0; conf = NCONF_new(NULL); if (!conf) goto err; - if (NCONF_load(conf, filename, NULL) <= 0) + if (filename == NULL) + { + file = CONF_get1_default_config_file(); + if (!file) + goto err; + } + else + file = (char *)filename; + if (appname == NULL) + appname = "openssl_conf"; + + if (NCONF_load(conf, file, NULL) <= 0) + { + if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && + (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) + { + ERR_clear_error(); + ret = 1; + } goto err; + } ret = CONF_modules_load(conf, appname, flags); err: + if (filename == NULL) + OPENSSL_free(file); NCONF_free(conf); return ret; @@ -189,7 +211,7 @@ static int module_run(const CONF *cnf, char *name, char *value, md = module_find(name); /* Module not found: try to load DSO */ - if (!md) + if (!md && !(flags & CONF_MFLAGS_NO_DSO)) md = module_load_dso(cnf, name, value, flags); if (!md) @@ -248,11 +270,6 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, goto err; } ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); - if (!ffunc) - { - errcode = CONF_R_MISSING_FINISH_FUNCTION; - goto err; - } /* All OK, add module */ md = module_add(dso, name, ifunc, ffunc); @@ -450,7 +467,8 @@ void CONF_modules_finish(void) static void module_finish(CONF_IMODULE *imod) { - imod->pmod->finish(imod); + if (imod->pmod->finish) + imod->pmod->finish(imod); imod->pmod->links--; OPENSSL_free(imod->name); OPENSSL_free(imod->value); From 3e563bcea70ed81ac3f578883458014fc6ee9855 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 21 Feb 2002 13:07:44 +0000 Subject: [PATCH 033/173] disable '#ifdef DEBUG' sections --- crypto/rand/rand_win.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 5f71d2da26..c1b955b06f 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -316,7 +316,7 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), 0); -#ifdef DEBUG +#if 0 printf("randomness from PROV_RSA_FULL\n"); #endif } @@ -329,7 +329,7 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); -#ifdef DEBUG +#if 0 printf("randomness from PROV_INTEL_SEC\n"); #endif } @@ -515,7 +515,7 @@ int RAND_poll(void) FreeLibrary(kernel); } -#ifdef DEBUG +#if 0 printf("Exiting RAND_poll\n"); #endif From e2aebccba1b7d5e02cfdb79d9bdce3d7f2b28dee Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Feb 2002 17:23:04 +0000 Subject: [PATCH 034/173] We have AES support in openssl speed --- STATUS | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/STATUS b/STATUS index 7929c02231..67ecd83a98 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/20 18:03:00 $ + ______________ $Date: 2002/02/21 17:23:04 $ DEVELOPMENT STATE @@ -61,8 +61,6 @@ weakness in SSL/TLS should be added; see http://www.openssl.org/~bodo/tls-cbc.txt - o 'openssl speed' should include AES support (0.9.7-dev) - o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file o Whenever strncpy is used, make sure the resulting string is NULL-terminated From 3647bee263ebfef8694f7df07498a17b03ad883d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Feb 2002 14:01:21 +0000 Subject: [PATCH 035/173] Config code updates. CONF_modules_unload() now calls CONF_modules_finish() automatically. Default use of section openssl_conf moved to CONF_modules_load() Load config file in several openssl utilities. Most utilities now load modules from the config file, though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is the same as the utility itself: that is the -config command line option can be used to specify an alternative file. --- CHANGES | 14 +++++++++++++- apps/apps.c | 18 ++++++++++++++++++ apps/apps.h | 5 ++++- apps/asn1pars.c | 3 +++ apps/ca.c | 3 +++ apps/crl.c | 3 +++ apps/dgst.c | 3 +++ apps/dh.c | 3 +++ apps/dhparam.c | 3 +++ apps/dsa.c | 3 +++ apps/dsaparam.c | 3 +++ apps/ecdsa.c | 3 +++ apps/ecdsaparam.c | 3 +++ apps/enc.c | 3 +++ apps/engine.c | 3 +++ apps/gendh.c | 3 +++ apps/gendsa.c | 3 +++ apps/genrsa.c | 3 +++ apps/ocsp.c | 3 +++ apps/passwd.c | 3 +++ apps/pkcs12.c | 3 +++ apps/pkcs8.c | 4 ++++ apps/rand.c | 3 +++ apps/req.c | 2 ++ apps/rsa.c | 3 +++ apps/rsautl.c | 3 +++ apps/s_client.c | 3 +++ apps/s_server.c | 3 +++ apps/smime.c | 3 +++ apps/speed.c | 3 +++ apps/spkac.c | 3 +++ apps/verify.c | 3 +++ apps/x509.c | 3 +++ crypto/conf/conf.h | 2 ++ crypto/conf/conf_mod.c | 7 ++++--- 35 files changed, 131 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index c7997c122d..91b01bc919 100644 --- a/CHANGES +++ b/CHANGES @@ -43,7 +43,19 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only - +) Move default behaviour to CONF_modules_load_file(). Is appname is NULL + +) Config modules support in openssl utility. + + Most commands now load modules from the config file, + though in a few (such as version) this isn't done + because it couldn't be used for anything. + + In the case of ca and req the config file used is + the same as the utility itself: that is the -config + command line option can be used to specify an + alternative file. + [Steve Henson] + + +) Move default behaviour from OPENSSL_config(). If appname is NULL use "openssl_conf" if filename is NULL use default openssl config file. [Steve Henson] diff --git a/apps/apps.c b/apps/apps.c index 7864e792e3..8c9726ebd7 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1314,3 +1314,21 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } return e; } + +int load_config(BIO *err, CONF *cnf) + { + if (!cnf) + cnf = config; + if (!cnf) + return 1; + + OPENSSL_load_builtin_modules(); + + if (CONF_modules_load(cnf, NULL, 0) <= 0) + { + BIO_printf(err, "Error configuring OpenSSL\n"); + ERR_print_errors(err); + return 0; + } + return 1; + } diff --git a/apps/apps.h b/apps/apps.h index db75538a03..aad2862123 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -196,7 +196,8 @@ extern BIO *bio_err; # define apps_shutdown() \ do { destroy_ui_method(); EVP_cleanup(); \ ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); \ - ERR_remove_state(0); ERR_free_strings(); } while(0) + ERR_remove_state(0); ERR_free_strings(); \ + CONF_modules_unload(1); } while(0) #endif typedef struct args_st @@ -244,6 +245,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); ENGINE *setup_engine(BIO *err, const char *engine, int debug); +int load_config(BIO *err, CONF *cnf); + /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str); diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 4918bcb1c0..0e6167d2d4 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -103,6 +103,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + prog=argv[0]; argc--; argv++; diff --git a/apps/ca.c b/apps/ca.c index 3417e328d2..182c29e8c6 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -590,6 +590,9 @@ bad: goto err; } + if (!load_config(bio_err, conf)) + goto err; + /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/crl.c b/apps/crl.c index 5ea59d0169..f25b1877b5 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -120,6 +120,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + if (bio_out == NULL) if ((bio_out=BIO_new(BIO_s_file())) != NULL) { diff --git a/apps/dgst.c b/apps/dgst.c index 7989a1dcd3..c3e37be41f 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -112,6 +112,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + /* first check the program name */ program_name(argv[0],pname,PROG_NAME_SIZE); diff --git a/apps/dh.c b/apps/dh.c index dc854264f0..27c3dc8df2 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -100,6 +100,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + engine=NULL; infile=NULL; outfile=NULL; diff --git a/apps/dhparam.c b/apps/dhparam.c index e55d0ce0cb..f1664a59b7 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -166,6 +166,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; diff --git a/apps/dsa.c b/apps/dsa.c index 9d10a7c860..9da1a41645 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -109,6 +109,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + engine=NULL; infile=NULL; outfile=NULL; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 84a5ac6286..d54c77d93e 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -106,6 +106,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; diff --git a/apps/ecdsa.c b/apps/ecdsa.c index 80cbdb2e4a..8f15ee2f12 100644 --- a/apps/ecdsa.c +++ b/apps/ecdsa.c @@ -177,6 +177,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + engine = NULL; infile = NULL; outfile = NULL; diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index 9e9c1cb7cb..8594d8f8e7 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -178,6 +178,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; diff --git a/apps/enc.c b/apps/enc.c index a8b33874b0..d01060f226 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -127,6 +127,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + /* first check the program name */ program_name(argv[0],pname,PROG_NAME_SIZE); if (strcmp(pname,"base64") == 0) diff --git a/apps/engine.c b/apps/engine.c index f71076b13b..734ecb3e5d 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -356,6 +356,9 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { diff --git a/apps/gendh.c b/apps/gendh.c index 83cbff9120..f2542960bf 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -96,6 +96,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + argv++; argc--; for (;;) diff --git a/apps/gendsa.c b/apps/gendsa.c index ebee7f0269..1e1e9f3e4c 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -93,6 +93,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + argv++; argc--; for (;;) diff --git a/apps/genrsa.c b/apps/genrsa.c index 5a58235e0c..515bd7c901 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -99,6 +99,9 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto err; if ((out=BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err,"unable to create BIO for output\n"); diff --git a/apps/ocsp.c b/apps/ocsp.c index 66460391fb..c87edbc44b 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -145,6 +145,9 @@ int MAIN(int argc, char **argv) int nmin = 0, ndays = -1; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; SSL_load_error_strings(); args = argv + 1; reqnames = sk_new_null(); diff --git a/apps/passwd.c b/apps/passwd.c index d3fa228bdb..2023b76f5b 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -79,6 +79,9 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto err; out = BIO_new(BIO_s_file()); if (out == NULL) goto err; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index a424218034..6a23b64f5e 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -127,6 +127,9 @@ int MAIN(int argc, char **argv) enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + args = argv + 1; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index c0becce903..ea8c04dffa 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -90,6 +90,9 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + informat=FORMAT_PEM; outformat=FORMAT_PEM; @@ -347,6 +350,7 @@ int MAIN(int argc, char **argv) return (1); } + end: EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); diff --git a/apps/rand.c b/apps/rand.c index 68622165eb..f51f5bec35 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -92,6 +92,9 @@ int MAIN(int argc, char **argv) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto err; + badopt = 0; i = 0; while (!badopt && argv[++i] != NULL) diff --git a/apps/req.c b/apps/req.c index 27a7bba106..a6daf6287e 100644 --- a/apps/req.c +++ b/apps/req.c @@ -560,6 +560,8 @@ bad: if (req_conf != NULL) { + if (!load_config(bio_err, req_conf)) + goto end; p=NCONF_get_string(req_conf,NULL,"oid_file"); if (p == NULL) ERR_clear_error(); diff --git a/apps/rsa.c b/apps/rsa.c index 6cadcb2174..60a3381527 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -113,6 +113,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; diff --git a/apps/rsautl.c b/apps/rsautl.c index e079dc87f8..9b02e6782e 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -104,6 +104,9 @@ int MAIN(int argc, char **argv) argv++; if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); pad = RSA_PKCS1_PADDING; diff --git a/apps/s_client.c b/apps/s_client.c index 15a63cc9e6..9c0dbc2bf6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -271,6 +271,9 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) diff --git a/apps/s_server.c b/apps/s_server.c index 078e220c03..65525572e2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -504,6 +504,9 @@ int MAIN(int argc, char *argv[]) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + verify_depth=0; #ifdef FIONBIO s_nbio=0; diff --git a/apps/smime.c b/apps/smime.c index 731f9dd5d0..cd750e32b7 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -109,6 +109,9 @@ int MAIN(int argc, char **argv) args = argv + 1; ret = 1; + if (!load_config(bio_err, NULL)) + goto end; + while (!badarg && *args && *args[0] == '-') { if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; diff --git a/apps/speed.c b/apps/speed.c index 5e53668025..1c2b4eeda2 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -515,6 +515,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + #ifndef OPENSSL_NO_RSA memset(rsa_key,0,sizeof(rsa_key)); for (i=0; i= 0; i--) { From 6707d22a40b8872aecae826943f6568b3e6343a9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Feb 2002 14:07:35 +0000 Subject: [PATCH 036/173] Update from stable branch. --- crypto/asn1/asn_moid.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index b033787988..be20db4bad 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -65,21 +65,31 @@ /* Simple ASN1 OID module: add all objects in a given section */ -/* NOTE: doesn't do anything other than print debug messages yet... */ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) { - fprintf(stderr, "Called oid_module_init: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + int i; + const char *oid_section; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *oval; + oid_section = CONF_imodule_get_value(md); + if(!(sktmp = NCONF_get_section(cnf, oid_section))) + { + ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); + return 0; + } + for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) + { + oval = sk_CONF_VALUE_value(sktmp, i); + if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef) + { + ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); + return 0; + } + } return 1; - } - -static void oid_module_finish(CONF_IMODULE *md) - { - fprintf(stderr, "Called oid_module_finish: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); - } +} void ASN1_add_oid_module(void) { - CONF_module_add("oid_section", oid_module_init, oid_module_finish); + CONF_module_add("oid_section", oid_module_init, 0); } From 3208ff58ca59d143b49dd2f1c05fbc33cf35e64f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Feb 2002 21:17:31 +0000 Subject: [PATCH 037/173] make errors --- crypto/asn1/asn1.h | 3 +++ crypto/asn1/asn1_err.c | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 83706353e1..170a2aa276 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1012,6 +1012,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_I2D_PUBLICKEY 164 #define ASN1_F_I2D_RSA_PUBKEY 165 #define ASN1_F_LONG_C2I 166 +#define ASN1_F_OID_MODULE_INIT 175 #define ASN1_F_PKCS5_PBE2_SET 167 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 @@ -1021,6 +1022,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_X509_PKEY_NEW 173 /* Reason codes. */ +#define ASN1_R_ADDING_OBJECT 171 #define ASN1_R_AUX_ERROR 100 #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 @@ -1034,6 +1036,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 #define ASN1_R_EXPECTING_AN_INTEGER 115 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index dd8fb347d4..dbb9753bb9 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -134,6 +134,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, {ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, +{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"}, {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, {ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, @@ -146,6 +147,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= static ERR_STRING_DATA ASN1_str_reasons[]= { +{ASN1_R_ADDING_OBJECT ,"adding object"}, {ASN1_R_AUX_ERROR ,"aux error"}, {ASN1_R_BAD_CLASS ,"bad class"}, {ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, @@ -159,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_DECODE_ERROR ,"decode error"}, {ASN1_R_DECODING_ERROR ,"decoding error"}, {ASN1_R_ENCODE_ERROR ,"encode error"}, +{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, {ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, From 032c49b8b3bd732e1bfec6ac41cc3dad8663e503 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Feb 2002 21:21:18 +0000 Subject: [PATCH 038/173] non-Monolith fixes. Submitted by Andrew W. Gray --- apps/apps.h | 1 + apps/req.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/apps.h b/apps/apps.h index aad2862123..24aa447117 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -121,6 +121,7 @@ #include #include #include +#include #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); diff --git a/apps/req.c b/apps/req.c index a6daf6287e..ba2167aabd 100644 --- a/apps/req.c +++ b/apps/req.c @@ -181,6 +181,7 @@ int MAIN(int argc, char **argv) unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH MS_STATIC char config_name[256]; + long errline; #endif req_conf = NULL; @@ -529,7 +530,7 @@ bad: } default_config_file=p; config=NCONF_new(NULL); - i=NCONF_load(config, p); + i=NCONF_load(config, p, &errline); #endif if (template != NULL) From 3a3ca3f5154d9c76e72832f5d584beff393f890d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Feb 2002 21:26:25 +0000 Subject: [PATCH 039/173] Fix for AIX. Submitted by Dawn Whiteside --- ssl/ssltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0592e6c2a8..7d6b53eed1 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -111,7 +111,7 @@ #define _XOPEN_SOURCE 600 /* Or gethostname won't be declared properly on Linux and GNU platforms. */ -#define _XOPEN_SOURCE_EXTENDED /* Or gethostname won't be declared properly +#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly on Compaq platforms (at least with DEC C). */ From e84be9b495f1672eac43642687bfa05491d53cff Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Feb 2002 01:00:44 +0000 Subject: [PATCH 040/173] New OPENSSL_LOAD_CONF define to load openssl.cnf when OpenSSL_add_all_algorithms() is called. --- CHANGES | 9 ++++ crypto/conf/Makefile.ssl | 6 ++- crypto/conf/conf_mall.c | 41 +-------------- crypto/conf/conf_sap.c | 107 +++++++++++++++++++++++++++++++++++++++ crypto/evp/Makefile.ssl | 4 +- crypto/evp/c_all.c | 11 +++- crypto/evp/evp.h | 12 ++++- crypto/evp/evp_acnf.c | 74 +++++++++++++++++++++++++++ 8 files changed, 218 insertions(+), 46 deletions(-) create mode 100644 crypto/conf/conf_sap.c create mode 100644 crypto/evp/evp_acnf.c diff --git a/CHANGES b/CHANGES index 91b01bc919..8f7374e263 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,15 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Add and OPENSSL_LOAD_CONF define which will cause + OpenSSL_add_all_algorithms() to load the openssl.cnf config file. + This allows older applications to transparently support certain + OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. + Two new functions OPENSSL_add_all_algorithms_noconf() which will never + load the config file and OPENSSL_add_all_algorithms_conf() which will + always load it have also been added. + [Steve Henson] + +) Config modules support in openssl utility. Most commands now load modules from the config file, diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index 81cbbc0b5f..a660c562f2 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -23,9 +23,11 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c conf_mall.c +LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \ + conf_mall.c conf_sap.c -LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o conf_mall.o +LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \ + conf_mall.o conf_sap.o SRC= $(LIBSRC) diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index c1bab7df3a..d702af689b 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -65,6 +65,8 @@ #include #include +/* Load all OpenSSL builtin modules */ + void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ @@ -72,42 +74,3 @@ void OPENSSL_load_builtin_modules(void) ENGINE_add_conf_module(); } -#if 0 /* not yet */ -/* This is the automatic configuration loader: it is called automatically by - * OpenSSL when any of a number of standard initialisation functions are called, - * unless this is overridden by calling OPENSSL_no_config() - */ -#endif - -static int openssl_configured = 0; - -void OPENSSL_config(const char *config_name) - { - if (openssl_configured) - return; - - OPENSSL_load_builtin_modules(); - - ERR_clear_error(); - if (CONF_modules_load_file(NULL, NULL, - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) - { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - { - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); - BIO_printf(bio_err,"Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - exit(1); - } - - return; - } - -void OPENSSL_no_config() - { - openssl_configured = 1; - } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c new file mode 100644 index 0000000000..97fb174303 --- /dev/null +++ b/crypto/conf/conf_sap.c @@ -0,0 +1,107 @@ +/* conf_sap.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include + +/* This is the automatic configuration loader: it is called automatically by + * OpenSSL when any of a number of standard initialisation functions are called, + * unless this is overridden by calling OPENSSL_no_config() + */ + +static int openssl_configured = 0; + +void OPENSSL_config(const char *config_name) + { + if (openssl_configured) + return; + + OPENSSL_load_builtin_modules(); + /* Need to load ENGINEs */ + ENGINE_load_builtin_engines(); + /* Add others here? */ + + + ERR_clear_error(); + if (CONF_modules_load_file(NULL, NULL, + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) + { + BIO *bio_err; + ERR_load_crypto_strings(); + if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) + { + BIO_printf(bio_err,"Auto configuration failed\n"); + ERR_print_errors(bio_err); + BIO_free(bio_err); + } + exit(1); + } + + return; + } + +void OPENSSL_no_config() + { + openssl_configured = 1; + } diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index e5ee36d3ef..eb6251681f 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -24,7 +24,7 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ +LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ e_des.c e_bf.c e_idea.c e_des3.c \ e_rc4.c e_aes.c names.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ @@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c -LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ +LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ e_des.o e_bf.o e_idea.o e_des3.o \ e_rc4.o e_aes.o names.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 1e185830a3..5ffd352ea0 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -60,8 +60,15 @@ #include "cryptlib.h" #include +#undef OpenSSL_add_all_algorithms + void OpenSSL_add_all_algorithms(void) -{ + { + OPENSSL_add_all_algorithms_noconf(); + } + +void OPENSSL_add_all_algorithms_noconf(void) + { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -} + } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index cc521feb63..8d99c29f5f 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -664,7 +664,17 @@ const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); #endif -void OpenSSL_add_all_algorithms(void); +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_noconf() +#endif + void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c new file mode 100644 index 0000000000..a68b979bdb --- /dev/null +++ b/crypto/evp/evp_acnf.c @@ -0,0 +1,74 @@ +/* evp_acnf.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include +#include + + +/* Load all algorithms and configure OpenSSL. + * This function is called automatically when + * OPENSSL_LOAD_CONF is set. + */ + +void OPENSSL_add_all_algorithms_conf(void) + { + OPENSSL_add_all_algorithms_noconf(); + OPENSSL_config(NULL); + } From a3829cb720c235a93b6d1067555d7d113a8ba326 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Feb 2002 13:50:29 +0000 Subject: [PATCH 041/173] Updates from stable branch. --- crypto/evp/evp_enc.c | 3 ++- crypto/x509/x509_vfy.c | 36 +++++++++++++++++++++++------------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index eb39539ca6..9c65a553d3 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -77,7 +77,8 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_CIPHER_CTX_init(ctx); + if (cipher) + EVP_CIPHER_CTX_init(ctx); return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3c69bb9e0e..db12f7bd35 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1054,10 +1054,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->cert=x509; ctx->untrusted=chain; ctx->last_untrusted=0; - ctx->purpose=store->purpose; - ctx->trust=store->trust; ctx->check_time=0; - ctx->flags=0; ctx->other_ctx=NULL; ctx->valid=0; ctx->chain=NULL; @@ -1071,49 +1068,62 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, * use defaults. */ - ctx->flags = store->flags; - if (store->check_issued) + if (store) + { + ctx->purpose=store->purpose; + ctx->trust=store->trust; + ctx->flags = store->flags; + ctx->cleanup = store->cleanup; + } + else + { + ctx->purpose = 0; + ctx->trust = 0; + ctx->flags = 0; + ctx->cleanup = 0; + } + + if (store && store->check_issued) ctx->check_issued = store->check_issued; else ctx->check_issued = check_issued; - if (store->get_issuer) + if (store && store->get_issuer) ctx->get_issuer = store->get_issuer; else ctx->get_issuer = X509_STORE_CTX_get1_issuer; - if (store->verify_cb) + if (store && store->verify_cb) ctx->verify_cb = store->verify_cb; else ctx->verify_cb = null_callback; - if (store->verify) + if (store && store->verify) ctx->verify = store->verify; else ctx->verify = internal_verify; - if (store->check_revocation) + if (store && store->check_revocation) ctx->check_revocation = store->check_revocation; else ctx->check_revocation = check_revocation; - if (store->get_crl) + if (store && store->get_crl) ctx->get_crl = store->get_crl; else ctx->get_crl = get_crl; - if (store->check_crl) + if (store && store->check_crl) ctx->check_crl = store->check_crl; else ctx->check_crl = check_crl; - if (store->cert_crl) + if (store && store->cert_crl) ctx->cert_crl = store->cert_crl; else ctx->cert_crl = cert_crl; - ctx->cleanup = store->cleanup; /* This memset() can't make any sense anyway, so it's removed. As * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a From 4a3e6bce79825137ef90261b6c195ee49bec6780 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 24 Feb 2002 16:20:50 +0000 Subject: [PATCH 042/173] Make the engine config module always add dynamic ENGINEs to the list using dynamic_path. This stops ENGINEs which don't supply any default algorithms being automatically freed (because they have no references) and allows them to be accessed by id. Alternative dynamic loading behaviour can be achieved by issuing the dynamic ENGINE ctrls separately in the config file. --- crypto/engine/eng_cnf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index 3f5aa73943..d8d3092f0d 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -118,6 +118,8 @@ int int_engine_configure(char *name, char *value, const CONF *cnf) goto err; if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) goto err; + if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) + goto err; if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) goto err; } From 31188ee1a8ec60a539beff47412935df122be979 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 26 Feb 2002 13:46:55 +0000 Subject: [PATCH 043/173] Fix new -aes command argument handling --- apps/pkcs12.c | 6 +++--- apps/smime.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 6a23b64f5e..1f5a456947 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -155,9 +155,9 @@ int MAIN(int argc, char **argv) #endif else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); #ifndef OPENSSL_NO_AES - else if (!strcmp(*argv,"-aes128")) enc=EVP_aes_128_cbc(); - else if (!strcmp(*argv,"-aes192")) enc=EVP_aes_192_cbc(); - else if (!strcmp(*argv,"-aes256")) enc=EVP_aes_256_cbc(); + else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); + else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); + else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); #endif else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp (*args, "-maciter")) diff --git a/apps/smime.c b/apps/smime.c index cd750e32b7..28a1106639 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -133,11 +133,11 @@ int MAIN(int argc, char **argv) cipher = EVP_rc2_64_cbc(); #endif #ifndef OPENSSL_NO_AES - else if (!strcmp(*argv,"-aes128") == 0) + else if (!strcmp(*args,"-aes128")) cipher = EVP_aes_128_cbc(); - else if (!strcmp(*argv,"-aes192") == 0) + else if (!strcmp(*args,"-aes192")) cipher = EVP_aes_192_cbc(); - else if (!strcmp(*argv,"-aes256") == 0) + else if (!strcmp(*args,"-aes256")) cipher = EVP_aes_256_cbc(); #endif else if (!strcmp (*args, "-text")) From 0d7b9b8b7e2c65d824bdf6dabf0842f79409f4e6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 26 Feb 2002 14:41:29 +0000 Subject: [PATCH 044/173] make update, after moving around symbols in libeay.num to match 0.9.7-stable. --- apps/Makefile.ssl | 720 +++++++++++++++++++++------------------ crypto/conf/Makefile.ssl | 18 + crypto/evp/Makefile.ssl | 15 + util/libeay.num | 151 ++++---- 4 files changed, 496 insertions(+), 408 deletions(-) diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 4d7e0bab99..33f539c64c 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -163,6 +163,7 @@ app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h app_rand.o: ../include/openssl/crypto.h ../include/openssl/dh.h app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h +app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h @@ -170,8 +171,9 @@ app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h +app_rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c +app_rand.o: apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h apps.o: ../include/openssl/bio.h ../include/openssl/bn.h apps.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -196,196 +198,213 @@ asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/dh.h asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h -asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h -asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h +asn1pars.o: ../include/openssl/evp.h ../include/openssl/lhash.h +asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c +asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +asn1pars.o: asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ca.o: ../include/openssl/bio.h ../include/openssl/bn.h ca.o: ../include/openssl/buffer.h ../include/openssl/conf.h ca.o: ../include/openssl/crypto.h ../include/openssl/dh.h ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h ca.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -ca.o: ../include/openssl/err.h ../include/openssl/evp.h -ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ca.o: ../include/openssl/engine.h ../include/openssl/err.h +ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ca.o: ../include/openssl/sha.h ../include/openssl/stack.h ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ca.o: ../include/openssl/x509v3.h apps.h ca.c +ca.o: ../include/openssl/ui.h ../include/openssl/x509.h +ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ciphers.o: ../include/openssl/bio.h ../include/openssl/bn.h ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h +ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -ciphers.o: ciphers.c +ciphers.o: ../include/openssl/ui.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h crl.o: ../include/openssl/bio.h ../include/openssl/bn.h crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl.o: ../include/openssl/crypto.h ../include/openssl/dh.h crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h crl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -crl.o: ../include/openssl/err.h ../include/openssl/evp.h -crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +crl.o: ../include/openssl/engine.h ../include/openssl/err.h +crl.o: ../include/openssl/evp.h ../include/openssl/lhash.h +crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +crl.o: ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h crl2p7.o: ../include/openssl/bio.h ../include/openssl/bn.h crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl2p7.o: ../include/openssl/crypto.h ../include/openssl/dh.h crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h -crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h +crl2p7.o: ../include/openssl/evp.h ../include/openssl/lhash.h +crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c +crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +crl2p7.o: crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h dgst.o: ../include/openssl/bio.h ../include/openssl/bn.h dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h dgst.o: ../include/openssl/crypto.h ../include/openssl/dh.h dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h dgst.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -dgst.o: ../include/openssl/err.h ../include/openssl/evp.h -dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +dgst.o: ../include/openssl/engine.h ../include/openssl/err.h +dgst.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c +dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h dh.o: ../include/openssl/bio.h ../include/openssl/bn.h dh.o: ../include/openssl/buffer.h ../include/openssl/conf.h dh.o: ../include/openssl/crypto.h ../include/openssl/dh.h dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h dh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -dh.o: ../include/openssl/err.h ../include/openssl/evp.h -dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dh.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +dh.o: ../include/openssl/engine.h ../include/openssl/err.h +dh.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dh.o: ../include/openssl/x509_vfy.h apps.h dh.c +dh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h dsa.o: ../include/openssl/bio.h ../include/openssl/bn.h dsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h dsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h dsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -dsa.o: ../include/openssl/err.h ../include/openssl/evp.h -dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +dsa.o: ../include/openssl/engine.h ../include/openssl/err.h +dsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c +dsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h dsaparam.o: ../include/openssl/bio.h ../include/openssl/bn.h dsaparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h dsaparam.o: ../include/openssl/crypto.h ../include/openssl/dh.h dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h dsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h -dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h +dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c +dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +dsaparam.o: dsaparam.c ecdsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ecdsa.o: ../include/openssl/bio.h ../include/openssl/bn.h ecdsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h ecdsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h ecdsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h ecdsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -ecdsa.o: ../include/openssl/err.h ../include/openssl/evp.h -ecdsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ecdsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +ecdsa.o: ../include/openssl/engine.h ../include/openssl/err.h +ecdsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ecdsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecdsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecdsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ecdsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ecdsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h ecdsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h ecdsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ecdsa.o: ../include/openssl/x509_vfy.h apps.h ecdsa.c +ecdsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ecdsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ecdsa.c ecdsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ecdsaparam.o: ../include/openssl/bio.h ../include/openssl/bn.h ecdsaparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h ecdsaparam.o: ../include/openssl/crypto.h ../include/openssl/dh.h ecdsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h ecdsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -ecdsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h -ecdsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ecdsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +ecdsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h +ecdsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ecdsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecdsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecdsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ecdsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ecdsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h ecdsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h ecdsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsaparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ecdsaparam.o: ../include/openssl/x509_vfy.h apps.h ecdsaparam.c +ecdsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ecdsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ecdsaparam.o: ecdsaparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h enc.o: ../include/openssl/bio.h ../include/openssl/bn.h enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h enc.o: ../include/openssl/crypto.h ../include/openssl/dh.h enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h enc.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -enc.o: ../include/openssl/err.h ../include/openssl/evp.h -enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -enc.o: ../include/openssl/sha.h ../include/openssl/stack.h -enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +enc.o: ../include/openssl/engine.h ../include/openssl/err.h +enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h +enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h +enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enc.o: ../include/openssl/txt_db.h ../include/openssl/ui.h enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h engine.o: ../include/openssl/bio.h ../include/openssl/bn.h @@ -414,35 +433,37 @@ errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -errstr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +errstr.o: ../include/openssl/err.h ../include/openssl/evp.h +errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -errstr.o: errstr.c +errstr.o: ../include/openssl/ui.h ../include/openssl/x509.h +errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h gendh.o: ../include/openssl/bio.h ../include/openssl/bn.h gendh.o: ../include/openssl/buffer.h ../include/openssl/conf.h gendh.o: ../include/openssl/crypto.h ../include/openssl/dh.h gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h gendh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -gendh.o: ../include/openssl/err.h ../include/openssl/evp.h -gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h -gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendh.o: ../include/openssl/engine.h ../include/openssl/err.h +gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h +gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h +gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h gendsa.o: ../include/openssl/bio.h ../include/openssl/bn.h @@ -450,31 +471,34 @@ gendsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h gendsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h -gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h +gendsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c +gendsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +gendsa.o: gendsa.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h genrsa.o: ../include/openssl/bio.h ../include/openssl/bn.h genrsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h genrsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h genrsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h -genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h +genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h +genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h genrsa.o: genrsa.c nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h @@ -483,36 +507,39 @@ nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h nseq.o: ../include/openssl/crypto.h ../include/openssl/dh.h nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h nseq.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -nseq.o: ../include/openssl/err.h ../include/openssl/evp.h -nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h -nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +nseq.o: ../include/openssl/engine.h ../include/openssl/err.h +nseq.o: ../include/openssl/evp.h ../include/openssl/lhash.h +nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c +nseq.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ocsp.o: ../include/openssl/bio.h ../include/openssl/bn.h ocsp.o: ../include/openssl/buffer.h ../include/openssl/comp.h ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h +ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h openssl.o: ../include/openssl/bio.h ../include/openssl/bn.h openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -540,81 +567,86 @@ passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des_old.h passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h passwd.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -passwd.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h -passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h -passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -passwd.o: passwd.c +passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +passwd.o: ../include/openssl/err.h ../include/openssl/evp.h +passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h +passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +passwd.o: ../include/openssl/rand.h ../include/openssl/rsa.h +passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h +passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h pkcs12.o: ../include/openssl/bio.h ../include/openssl/bn.h pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs12.o: ../include/openssl/crypto.h ../include/openssl/dh.h pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h +pkcs12.o: ../include/openssl/evp.h ../include/openssl/lhash.h +pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -pkcs12.o: pkcs12.c +pkcs12.o: ../include/openssl/ui.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h pkcs7.o: ../include/openssl/bio.h ../include/openssl/bn.h pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs7.o: ../include/openssl/crypto.h ../include/openssl/dh.h pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h +pkcs7.o: ../include/openssl/evp.h ../include/openssl/lhash.h +pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c +pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h pkcs8.o: ../include/openssl/bio.h ../include/openssl/bn.h pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs8.o: ../include/openssl/crypto.h ../include/openssl/dh.h pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h +pkcs8.o: ../include/openssl/evp.h ../include/openssl/lhash.h +pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c +pkcs8.o: ../include/openssl/ui.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h rand.o: ../include/openssl/bio.h ../include/openssl/bn.h rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h rand.o: ../include/openssl/crypto.h ../include/openssl/dh.h rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -rand.o: ../include/openssl/err.h ../include/openssl/evp.h -rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/engine.h ../include/openssl/err.h +rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h +rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h +rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h req.o: ../include/openssl/bio.h ../include/openssl/bn.h @@ -622,87 +654,94 @@ req.o: ../include/openssl/buffer.h ../include/openssl/conf.h req.o: ../include/openssl/crypto.h ../include/openssl/dh.h req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h req.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -req.o: ../include/openssl/err.h ../include/openssl/evp.h -req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -req.o: ../include/openssl/pem.h ../include/openssl/pem2.h -req.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +req.o: ../include/openssl/engine.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/lhash.h +req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +req.o: ../include/openssl/rand.h ../include/openssl/rsa.h req.o: ../include/openssl/safestack.h ../include/openssl/sha.h req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h rsa.o: ../include/openssl/bio.h ../include/openssl/bn.h rsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h rsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h rsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -rsa.o: ../include/openssl/err.h ../include/openssl/evp.h -rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsa.o: ../include/openssl/engine.h ../include/openssl/err.h +rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c +rsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h rsautl.o: ../include/openssl/bio.h ../include/openssl/bn.h rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h rsautl.o: ../include/openssl/crypto.h ../include/openssl/dh.h rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h -rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h +rsautl.o: ../include/openssl/evp.h ../include/openssl/lhash.h +rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c +rsautl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +rsautl.o: rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h s_cb.o: ../include/openssl/bio.h ../include/openssl/bn.h s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h +s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h -s_cb.o: s_cb.c +s_cb.o: ../include/openssl/ui.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h s_client.o: ../include/openssl/bio.h ../include/openssl/bn.h s_client.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_client.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_client.o: ../include/openssl/err.h ../include/openssl/evp.h +s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_client.o: ../include/openssl/ui.h ../include/openssl/x509.h s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h s_server.o: ../include/openssl/bio.h ../include/openssl/bn.h @@ -710,19 +749,20 @@ s_server.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_server.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_server.o: ../include/openssl/err.h ../include/openssl/evp.h +s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h @@ -730,18 +770,20 @@ s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h +s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_socket.o: ../include/openssl/ui.h ../include/openssl/x509.h s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h s_time.o: ../include/openssl/bio.h ../include/openssl/bn.h @@ -749,56 +791,59 @@ s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_time.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_time.o: ../include/openssl/err.h ../include/openssl/evp.h +s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_time.o: s_apps.h s_time.c +s_time.o: ../include/openssl/ui.h ../include/openssl/x509.h +s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h sess_id.o: ../include/openssl/bio.h ../include/openssl/bn.h sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h -sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h +sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -sess_id.o: sess_id.c +sess_id.o: ../include/openssl/ui.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h smime.o: ../include/openssl/bio.h ../include/openssl/bn.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/dh.h smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h smime.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -smime.o: ../include/openssl/err.h ../include/openssl/evp.h -smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h -smime.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +smime.o: ../include/openssl/engine.h ../include/openssl/err.h +smime.o: ../include/openssl/evp.h ../include/openssl/lhash.h +smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -smime.o: ../include/openssl/x509_vfy.h apps.h smime.c +smime.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/asn1t.h ../include/openssl/bio.h speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h @@ -807,55 +852,58 @@ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h speed.o: ../include/openssl/des.h ../include/openssl/des_old.h speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -speed.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h -speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h -speed.o: ../include/openssl/md2.h ../include/openssl/md4.h -speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h -speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h -speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h +speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +speed.o: ../include/openssl/err.h ../include/openssl/evp.h +speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h +speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h +speed.o: ../include/openssl/md4.h ../include/openssl/md5.h +speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +speed.o: ../include/openssl/sha.h ../include/openssl/stack.h +speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c +speed.o: testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h spkac.o: ../include/openssl/bio.h ../include/openssl/bn.h spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h spkac.o: ../include/openssl/crypto.h ../include/openssl/dh.h spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h spkac.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -spkac.o: ../include/openssl/err.h ../include/openssl/evp.h -spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h -spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +spkac.o: ../include/openssl/engine.h ../include/openssl/err.h +spkac.o: ../include/openssl/evp.h ../include/openssl/lhash.h +spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c +spkac.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h verify.o: ../include/openssl/bio.h ../include/openssl/bn.h verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h verify.o: ../include/openssl/crypto.h ../include/openssl/dh.h verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h verify.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -verify.o: ../include/openssl/err.h ../include/openssl/evp.h -verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h -verify.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +verify.o: ../include/openssl/engine.h ../include/openssl/err.h +verify.o: ../include/openssl/evp.h ../include/openssl/lhash.h +verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -verify.o: verify.c +verify.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify.o: ../include/openssl/x509v3.h apps.h verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h version.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -863,30 +911,34 @@ version.o: ../include/openssl/conf.h ../include/openssl/crypto.h version.o: ../include/openssl/des_old.h ../include/openssl/dh.h version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h version.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h +version.o: ../include/openssl/engine.h ../include/openssl/err.h version.o: ../include/openssl/evp.h ../include/openssl/idea.h version.o: ../include/openssl/lhash.h ../include/openssl/md2.h version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h -version.o: ../include/openssl/safestack.h ../include/openssl/sha.h -version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -version.o: ../include/openssl/x509_vfy.h apps.h version.c +version.o: ../include/openssl/rand.h ../include/openssl/rc4.h +version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +version.o: ../include/openssl/sha.h ../include/openssl/stack.h +version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +version.o: version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h x509.o: ../include/openssl/bio.h ../include/openssl/bn.h x509.o: ../include/openssl/buffer.h ../include/openssl/conf.h x509.o: ../include/openssl/crypto.h ../include/openssl/dh.h x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h x509.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -x509.o: ../include/openssl/err.h ../include/openssl/evp.h -x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h -x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +x509.o: ../include/openssl/engine.h ../include/openssl/err.h +x509.o: ../include/openssl/evp.h ../include/openssl/lhash.h +x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +x509.o: ../include/openssl/x509v3.h apps.h x509.c diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index a660c562f2..2bd2a4a57f 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -145,3 +145,21 @@ conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h conf_mod.o: ../cryptlib.h conf_mod.c +conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h +conf_sap.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +conf_sap.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h +conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h +conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_sap.o: ../../include/openssl/opensslconf.h +conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +conf_sap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +conf_sap.o: ../cryptlib.h conf_sap.c diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index eb6251681f..a679dcc12b 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -313,6 +313,21 @@ encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c +evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h +evp_acnf.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +evp_acnf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +evp_acnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_acnf.o: ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h evp_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/util/libeay.num b/util/libeay.num index 238dc1fc1f..8999547a11 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -497,7 +497,7 @@ SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1 SHA_Final 505 EXIST::FUNCTION:SHA,SHA0 SHA_Init 506 EXIST::FUNCTION:SHA,SHA0 SHA_Update 507 EXIST::FUNCTION:SHA,SHA0 -OpenSSL_add_all_algorithms 508 EXIST::FUNCTION: +OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION: OpenSSL_add_all_ciphers 509 EXIST::FUNCTION: OpenSSL_add_all_digests 510 EXIST::FUNCTION: TXT_DB_create_index 511 EXIST::FUNCTION: @@ -2762,76 +2762,79 @@ UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: ENGINE_load_aep 3210 EXIST::FUNCTION: ENGINE_load_sureware 3211 EXIST::FUNCTION: -EC_GROUP_new_by_name 3212 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY 3213 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAPrivateKey 3214 EXIST::FUNCTION:ECDSA -ECDSA_SIG_new 3215 EXIST::FUNCTION:ECDSA -ECDSA_verify 3216 EXIST::FUNCTION:ECDSA -i2d_ECDSAParameters 3217 EXIST::FUNCTION:ECDSA -i2d_ECDSAPrivateKey_bio 3218 EXIST::FUNCTION:BIO,ECDSA -PEM_write_bio_ECDSAParameters 3219 EXIST::FUNCTION:ECDSA -ECDSAParameters_print_fp 3220 EXIST::FUNCTION:ECDSA,FP_API -ENGINE_set_default_ECDSA 3221 EXIST::FUNCTION: -PEM_read_bio_ECDSA_PUBKEY 3222 EXIST::FUNCTION:ECDSA -ECDSA_check_key 3223 EXIST::FUNCTION:ECDSA -ECDSA_new_method 3224 EXIST::FUNCTION:ECDSA -d2i_ECDSAPrivateKey_bio 3225 EXIST::FUNCTION:BIO,ECDSA -i2d_ECDSA_PUBKEY 3226 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_fp 3227 EXIST::FUNCTION:ECDSA,FP_API -ENGINE_unregister_ECDSA 3228 EXIST::FUNCTION: -ECDSA_free 3229 EXIST::FUNCTION:ECDSA -ECDSAParameters_print 3230 EXIST::FUNCTION:BIO,ECDSA -PEM_write_bio_ECDSA_PUBKEY 3231 EXIST::FUNCTION:ECDSA -ECDSA_set_method 3232 EXIST::FUNCTION:ECDSA -ECDSA_print 3233 EXIST::FUNCTION:BIO,ECDSA -EVP_PKEY_get1_ECDSA 3234 EXIST::FUNCTION:ECDSA -ECDSA_SIG_free 3235 EXIST::FUNCTION:ECDSA -ECDSA_get_default_openssl_method 3236 EXIST::FUNCTION:ECDSA -ENGINE_get_default_ECDSA 3237 EXIST::FUNCTION: -PEM_write_ECDSAPrivateKey 3238 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_sign_setup 3239 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3240 EXIST::FUNCTION: -d2i_ECDSA_PUBKEY_bio 3241 EXIST::FUNCTION:BIO,ECDSA -ECDSA_sign 3242 EXIST::FUNCTION:ECDSA -ENGINE_register_ECDSA 3243 EXIST::FUNCTION: -d2i_ECDSAPrivateKey_fp 3244 EXIST::FUNCTION:ECDSA,FP_API -ECDSA_print_fp 3245 EXIST::FUNCTION:ECDSA,FP_API -i2d_ECDSAPrivateKey 3246 EXIST::FUNCTION:ECDSA -d2i_ECDSAParameters 3247 EXIST::FUNCTION:ECDSA -d2i_ECDSAPublicKey 3248 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECDSAPrivateKey 3249 EXIST::FUNCTION:ECDSA -d2i_ECDSA_SIG 3250 EXIST::FUNCTION:ECDSA -ECDSA_size 3251 EXIST::FUNCTION:ECDSA -EC_GROUP_set_nid 3252 EXIST::FUNCTION:EC -EVP_PKEY_set1_ECDSA 3253 EXIST::FUNCTION:ECDSA -EC_GROUP_get_nid 3254 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY_fp 3255 EXIST::FUNCTION:ECDSA,FP_API -ECDSA_OpenSSL 3256 EXIST::FUNCTION:ECDSA -ECDSA_get_parameter_flags 3257 EXIST::FUNCTION:ECDSA -PEM_read_ECDSAParameters 3258 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_get_ex_data 3259 EXIST::FUNCTION:ECDSA -ECDSA_do_verify 3260 EXIST::FUNCTION:ECDSA -ECDSA_do_sign 3261 EXIST::FUNCTION:ECDSA -ECDSA_set_parameter_flags 3262 EXIST::FUNCTION:ECDSA -i2d_ECDSA_SIG 3263 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAParameters 3264 EXIST::FUNCTION:ECDSA -EVP_ecdsa 3265 EXIST::FUNCTION:SHA -ECDSA_set_default_method 3266 EXIST::FUNCTION:ECDSA -ENGINE_set_ECDSA 3267 EXIST::FUNCTION: -ECDSA_get_ex_new_index 3268 EXIST::FUNCTION:ECDSA -i2d_ECDSAPublicKey 3269 EXIST::FUNCTION:ECDSA -PEM_write_ECDSA_PUBKEY 3270 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_set_ex_data 3271 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_bio 3272 EXIST::FUNCTION:BIO,ECDSA -d2i_ECDSAPrivateKey 3273 EXIST::FUNCTION:ECDSA -EC_GROUP_new_by_nid 3274 EXIST::FUNCTION:EC -PEM_read_ECDSA_PUBKEY 3275 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_up_ref 3276 EXIST::FUNCTION:ECDSA -ENGINE_register_all_ECDSA 3277 EXIST::FUNCTION: -ECDSA_generate_key 3278 EXIST::FUNCTION:ECDSA -PEM_write_ECDSAParameters 3279 EXIST:!WIN16:FUNCTION:ECDSA -i2d_ECDSAPrivateKey_fp 3280 EXIST::FUNCTION:ECDSA,FP_API -PEM_read_ECDSAPrivateKey 3281 EXIST:!WIN16:FUNCTION:ECDSA -AES_ofb128_encrypt 3282 EXIST::FUNCTION:AES -AES_ctr128_encrypt 3283 EXIST::FUNCTION:AES -AES_cfb128_encrypt 3284 EXIST::FUNCTION:AES +OPENSSL_add_all_algorithms_noconf 3212 EXIST::FUNCTION: +OPENSSL_add_all_algorithms_conf 3213 EXIST::FUNCTION: +OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: +AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES +AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES +AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES +EC_GROUP_new_by_name 3218 EXIST::FUNCTION:EC +d2i_ECDSA_PUBKEY 3219 EXIST::FUNCTION:ECDSA +PEM_read_bio_ECDSAPrivateKey 3220 EXIST::FUNCTION:ECDSA +ECDSA_SIG_new 3221 EXIST::FUNCTION:ECDSA +ECDSA_verify 3222 EXIST::FUNCTION:ECDSA +i2d_ECDSAParameters 3223 EXIST::FUNCTION:ECDSA +i2d_ECDSAPrivateKey_bio 3224 EXIST::FUNCTION:BIO,ECDSA +PEM_write_bio_ECDSAParameters 3225 EXIST::FUNCTION:ECDSA +ECDSAParameters_print_fp 3226 EXIST::FUNCTION:ECDSA,FP_API +ENGINE_set_default_ECDSA 3227 EXIST::FUNCTION: +PEM_read_bio_ECDSA_PUBKEY 3228 EXIST::FUNCTION:ECDSA +ECDSA_check_key 3229 EXIST::FUNCTION:ECDSA +ECDSA_new_method 3230 EXIST::FUNCTION:ECDSA +d2i_ECDSAPrivateKey_bio 3231 EXIST::FUNCTION:BIO,ECDSA +i2d_ECDSA_PUBKEY 3232 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_fp 3233 EXIST::FUNCTION:ECDSA,FP_API +ENGINE_unregister_ECDSA 3234 EXIST::FUNCTION: +ECDSA_free 3235 EXIST::FUNCTION:ECDSA +ECDSAParameters_print 3236 EXIST::FUNCTION:BIO,ECDSA +PEM_write_bio_ECDSA_PUBKEY 3237 EXIST::FUNCTION:ECDSA +ECDSA_set_method 3238 EXIST::FUNCTION:ECDSA +ECDSA_print 3239 EXIST::FUNCTION:BIO,ECDSA +EVP_PKEY_get1_ECDSA 3240 EXIST::FUNCTION:ECDSA +ECDSA_SIG_free 3241 EXIST::FUNCTION:ECDSA +ECDSA_get_default_openssl_method 3242 EXIST::FUNCTION:ECDSA +ENGINE_get_default_ECDSA 3243 EXIST::FUNCTION: +PEM_write_ECDSAPrivateKey 3244 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_sign_setup 3245 EXIST::FUNCTION:ECDSA +ENGINE_get_ECDSA 3246 EXIST::FUNCTION: +d2i_ECDSA_PUBKEY_bio 3247 EXIST::FUNCTION:BIO,ECDSA +ECDSA_sign 3248 EXIST::FUNCTION:ECDSA +ENGINE_register_ECDSA 3249 EXIST::FUNCTION: +d2i_ECDSAPrivateKey_fp 3250 EXIST::FUNCTION:ECDSA,FP_API +ECDSA_print_fp 3251 EXIST::FUNCTION:ECDSA,FP_API +i2d_ECDSAPrivateKey 3252 EXIST::FUNCTION:ECDSA +d2i_ECDSAParameters 3253 EXIST::FUNCTION:ECDSA +d2i_ECDSAPublicKey 3254 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECDSAPrivateKey 3255 EXIST::FUNCTION:ECDSA +d2i_ECDSA_SIG 3256 EXIST::FUNCTION:ECDSA +ECDSA_size 3257 EXIST::FUNCTION:ECDSA +EC_GROUP_set_nid 3258 EXIST::FUNCTION:EC +EVP_PKEY_set1_ECDSA 3259 EXIST::FUNCTION:ECDSA +EC_GROUP_get_nid 3260 EXIST::FUNCTION:EC +d2i_ECDSA_PUBKEY_fp 3261 EXIST::FUNCTION:ECDSA,FP_API +ECDSA_OpenSSL 3262 EXIST::FUNCTION:ECDSA +ECDSA_get_parameter_flags 3263 EXIST::FUNCTION:ECDSA +PEM_read_ECDSAParameters 3264 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_get_ex_data 3265 EXIST::FUNCTION:ECDSA +ECDSA_do_verify 3266 EXIST::FUNCTION:ECDSA +ECDSA_do_sign 3267 EXIST::FUNCTION:ECDSA +ECDSA_set_parameter_flags 3268 EXIST::FUNCTION:ECDSA +i2d_ECDSA_SIG 3269 EXIST::FUNCTION:ECDSA +PEM_read_bio_ECDSAParameters 3270 EXIST::FUNCTION:ECDSA +EVP_ecdsa 3271 EXIST::FUNCTION:SHA +ECDSA_set_default_method 3272 EXIST::FUNCTION:ECDSA +ENGINE_set_ECDSA 3273 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3274 EXIST::FUNCTION:ECDSA +i2d_ECDSAPublicKey 3275 EXIST::FUNCTION:ECDSA +PEM_write_ECDSA_PUBKEY 3276 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_set_ex_data 3277 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_bio 3278 EXIST::FUNCTION:BIO,ECDSA +d2i_ECDSAPrivateKey 3279 EXIST::FUNCTION:ECDSA +EC_GROUP_new_by_nid 3280 EXIST::FUNCTION:EC +PEM_read_ECDSA_PUBKEY 3281 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_up_ref 3282 EXIST::FUNCTION:ECDSA +ENGINE_register_all_ECDSA 3283 EXIST::FUNCTION: +ECDSA_generate_key 3284 EXIST::FUNCTION:ECDSA +PEM_write_ECDSAParameters 3285 EXIST:!WIN16:FUNCTION:ECDSA +i2d_ECDSAPrivateKey_fp 3286 EXIST::FUNCTION:ECDSA,FP_API +PEM_read_ECDSAPrivateKey 3287 EXIST:!WIN16:FUNCTION:ECDSA From b12540520daea56e5a6c2ee22092b0ee2f060e44 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 26 Feb 2002 19:33:24 +0000 Subject: [PATCH 045/173] Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up. --- crypto/pkcs7/pk7_doit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 0119272d75..f589508fdd 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -512,6 +512,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; ASN1_OCTET_STRING *os=NULL; + EVP_MD_CTX_init(&ctx_tmp); i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -576,7 +577,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ - EVP_MD_CTX_init(&ctx_tmp); EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) { From 334f1842fc61801398d88b006ab36c632f5e6f6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 26 Feb 2002 21:40:09 +0000 Subject: [PATCH 046/173] Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). --- CHANGES | 4 ++++ ssl/ssl_lib.c | 14 ++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 8f7374e263..269a774099 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,10 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Fix bug in SSL_clear(): bad sessions were not removed (found by + Yoram Zahavi ). + [Lutz Jaenicke] + +) Add and OPENSSL_LOAD_CONF define which will cause OpenSSL_add_all_algorithms() to load the openssl.cnf config file. This allows older applications to transparently support certain diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1195171a57..2b60d7288f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -136,7 +136,6 @@ OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ int SSL_clear(SSL *s) { - int state; if (s->method == NULL) { @@ -161,9 +160,14 @@ int SSL_clear(SSL *s) } #endif - state=s->state; /* Keep to check if we throw away the session-id */ s->type=0; + if (ssl_clear_bad_session(s)) + { + SSL_SESSION_free(s->session); + s->session=NULL; + } + s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); s->version=s->method->version; @@ -182,12 +186,6 @@ int SSL_clear(SSL *s) ssl_clear_cipher_ctx(s); - if (ssl_clear_bad_session(s)) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - s->first_packet=0; #if 1 From ce4b274aa1b0c584b0b863e888acb954d5040352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 27 Feb 2002 08:08:57 +0000 Subject: [PATCH 047/173] SSL_clear != SSL_free/SSL_new --- doc/ssl/SSL_clear.pod | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod index f0aa5e94eb..8e077e31c9 100644 --- a/doc/ssl/SSL_clear.pod +++ b/doc/ssl/SSL_clear.pod @@ -25,6 +25,25 @@ if L was not called for the connection or at least L was used to set the SSL_SENT_SHUTDOWN state. +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a SSL client object will use a TLSv1 client +method for the next handshake and a SSL server object will use a TLSv1 +server method, even if SSLv23_*_methods were chosen on startup. This +will might lead to connection failures (see L) +for a description of the method's properties. + +=head1 WARNINGS + +SSL_clear() resets the SSL object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense when opening a new session (or reusing +an old one) with the same peer that shares these settings. +SSL_clear() is not a short form for the sequence +L; L; . + =head1 RETURN VALUES The following return values can occur: From d62bfb39cd1d41856b82a76158483df12bcab7d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 27 Feb 2002 11:23:05 +0000 Subject: [PATCH 048/173] Fix the fix (Yoram Zahavi)... --- ssl/ssl_lib.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2b60d7288f..eaf1abdd1b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -143,6 +143,12 @@ int SSL_clear(SSL *s) return(0); } + if (ssl_clear_bad_session(s)) + { + SSL_SESSION_free(s->session); + s->session=NULL; + } + s->error=0; s->hit=0; s->shutdown=0; @@ -162,12 +168,6 @@ int SSL_clear(SSL *s) s->type=0; - if (ssl_clear_bad_session(s)) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); s->version=s->method->version; From 92d1bc09cb7240851b4eaf7fd58f150ca40778a9 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 27 Feb 2002 22:55:28 +0000 Subject: [PATCH 049/173] This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice Gittens. --- CHANGES | 3 + crypto/engine/Makefile.ssl | 4 +- crypto/engine/eng_all.c | 3 + crypto/engine/engine.h | 1 + crypto/engine/hw.ec | 1 + crypto/engine/hw_4758_cca.c | 950 +++++++++++++++++++++++ crypto/engine/hw_4758_cca_err.c | 149 ++++ crypto/engine/hw_4758_cca_err.h | 93 +++ crypto/engine/vendor_defns/hw_4758_cca.h | 149 ++++ 9 files changed, 1351 insertions(+), 2 deletions(-) create mode 100644 crypto/engine/hw_4758_cca.c create mode 100644 crypto/engine/hw_4758_cca_err.c create mode 100644 crypto/engine/hw_4758_cca_err.h create mode 100644 crypto/engine/vendor_defns/hw_4758_cca.h diff --git a/CHANGES b/CHANGES index 269a774099..223d889cc4 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,9 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Added the '4758cca' ENGINE to support IBM 4758 cards. + [Maurice Gittens , touchups by Geoff Thorpe] + *) Fix bug in SSL_clear(): bad sessions were not removed (found by Yoram Zahavi ). [Lutz Jaenicke] diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 674b38495c..82432bd037 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -28,13 +28,13 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \ eng_openssl.c eng_dyn.c eng_cnf.c \ hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ - hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c + hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \ eng_openssl.o eng_dyn.o eng_cnf.o \ hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ - hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o + hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o SRC= $(LIBSRC) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 53866b0d69..b3030fe505 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -92,6 +92,9 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_SUREWARE ENGINE_load_sureware(); #endif +#ifndef OPENSSL_NO_HW_4758_CCA + ENGINE_load_4758cca(); +#endif #ifdef OPENSSL_OPENBSD_DEV_CRYPTO ENGINE_load_openbsd_dev_crypto(); #endif diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 38db508c3d..3a9ad0fe93 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -313,6 +313,7 @@ void ENGINE_load_nuron(void); void ENGINE_load_ubsec(void); void ENGINE_load_aep(void); void ENGINE_load_sureware(void); +void ENGINE_load_4758cca(void); void ENGINE_load_openbsd_dev_crypto(void); void ENGINE_load_builtin_engines(void); diff --git a/crypto/engine/hw.ec b/crypto/engine/hw.ec index e3de2754a3..5481a43918 100644 --- a/crypto/engine/hw.ec +++ b/crypto/engine/hw.ec @@ -5,3 +5,4 @@ L HWCRHK hw_ncipher_err.h hw_ncipher_err.c L NURON hw_nuron_err.h hw_nuron_err.c L SUREWARE hw_sureware_err.h hw_sureware_err.c L UBSEC hw_ubsec_err.h hw_ubsec_err.c +L CCA4758 hw_4758_cca_err.h hw_4758_cca_err.c diff --git a/crypto/engine/hw_4758_cca.c b/crypto/engine/hw_4758_cca.c new file mode 100644 index 0000000000..3d01cafec4 --- /dev/null +++ b/crypto/engine/hw_4758_cca.c @@ -0,0 +1,950 @@ +/* Author: Maurice Gittens */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +/* #include */ +#include "cryptlib.h" +#include +#include +#include +#include + +#ifndef NO_HW +#ifndef NO_HW_4758_CCA + +#ifdef FLAT_INC +#include "hw_4758_cca.h" +#else +#include "vendor_defns/hw_4758_cca.h" +#endif + +#include "hw_4758_cca_err.c" + +static int ibm_4758_cca_destroy(ENGINE *e); +static int ibm_4758_cca_init(ENGINE *e); +static int ibm_4758_cca_finish(ENGINE *e); +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); + +/* rsa functions */ +/*---------------*/ +#ifndef OPENSSL_NO_RSA +static int cca_rsa_pub_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int cca_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); + +/* utility functions */ +/*-----------------------*/ +static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*, + UI_METHOD *ui_method, void *callback_data); +static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*, + UI_METHOD *ui_method, void *callback_data); + +static int getModulusAndExponent(const char *token, long *exponentLength, + char *exponent, long *modulusLength, + long *modulusFieldLength, char *modulus); +#endif + +/* RAND number functions */ +/*-----------------------*/ +static int cca_get_random_bytes(unsigned char*, int ); +static int cca_random_status(void); + +static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, + int index,long argl, void *argp); + +/* Function pointers for CCA verbs */ +/*---------------------------------*/ +#ifndef OPENSSL_NO_RSA +static F_KEYRECORDREAD keyRecordRead; +static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate; +static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify; +static F_PUBLICKEYEXTRACT publicKeyExtract; +static F_PKAENCRYPT pkaEncrypt; +static F_PKADECRYPT pkaDecrypt; +#endif +static F_RANDOMNUMBERGENERATE randomNumberGenerate; + +/* static variables */ +/*------------------*/ +static const char def_CCA4758_LIB_NAME[] = CCA_LIB_NAME; +static const char *CCA4758_LIB_NAME = def_CCA4758_LIB_NAME; +#ifndef OPENSSL_NO_RSA +static const char* n_keyRecordRead = CSNDKRR; +static const char* n_digitalSignatureGenerate = CSNDDSG; +static const char* n_digitalSignatureVerify = CSNDDSV; +static const char* n_publicKeyExtract = CSNDPKX; +static const char* n_pkaEncrypt = CSNDPKE; +static const char* n_pkaDecrypt = CSNDPKD; +#endif +static const char* n_randomNumberGenerate = CSNBRNG; + +static int hndidx = -1; +static DSO *dso = NULL; + +/* openssl engine initialization structures */ +/*------------------------------------------*/ + +#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE +static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = { + {CCA4758_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the '4758cca' shared library", + ENGINE_CMD_FLAG_STRING}, + {0, NULL, NULL, 0} + }; + +#ifndef OPENSSL_NO_RSA +static RSA_METHOD ibm_4758_cca_rsa = + { + "IBM 4758 CCA RSA method", + cca_rsa_pub_enc, + NULL, + NULL, + cca_rsa_priv_dec, + NULL, /*rsa_mod_exp,*/ + NULL, /*mod_exp_mont,*/ + NULL, /* init */ + NULL, /* finish */ + RSA_FLAG_SIGN_VER, /* flags */ + NULL, /* app_data */ + cca_rsa_sign, /* rsa_sign */ + cca_rsa_verify /* rsa_verify */ + }; +#endif + +static RAND_METHOD ibm_4758_cca_rand = + { + /* "IBM 4758 RAND method", */ + NULL, /* seed */ + cca_get_random_bytes, /* get random bytes from the card */ + NULL, /* cleanup */ + NULL, /* add */ + cca_get_random_bytes, /* pseudo rand */ + cca_random_status, /* status */ + }; + +static const char *engine_4758_cca_id = "4758cca"; +static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support"; + +/* engine implementation */ +/*-----------------------*/ +static int bind_helper(ENGINE *e) + { + if(!ENGINE_set_id(e, engine_4758_cca_id) || + !ENGINE_set_name(e, engine_4758_cca_name) || +#ifndef OPENSSL_NO_RSA + !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) || +#endif + !ENGINE_set_RAND(e, &ibm_4758_cca_rand) || + !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) || + !ENGINE_set_init_function(e, ibm_4758_cca_init) || + !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || + !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || + !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || + !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || + !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) + return 0; + /* Ensure the error handling is set up */ + ERR_load_CCA4758_strings(); + return 1; + } + +static ENGINE *engine_4758_cca(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_4758cca(void) + { + ENGINE *e_4758 = engine_4758_cca(); + if (!e_4758) return; + ENGINE_add(e_4758); + ENGINE_free(e_4758); + ERR_clear_error(); + } + +static int ibm_4758_cca_destroy(ENGINE *e) + { + ERR_unload_CCA4758_strings(); + return 1; + } + +static int ibm_4758_cca_init(ENGINE *e) + { + if(dso) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED); + goto err; + } + + dso = DSO_load(NULL, CCA4758_LIB_NAME , NULL, 0); + if(!dso) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); + goto err; + } + +#ifndef OPENSSL_NO_RSA + if(!(keyRecordRead = (F_KEYRECORDREAD) + DSO_bind_func(dso, n_keyRecordRead)) || + !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) + DSO_bind_func(dso, n_randomNumberGenerate)) || + !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) + DSO_bind_func(dso, n_digitalSignatureGenerate)) || + !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY) + DSO_bind_func(dso, n_digitalSignatureVerify)) || + !(publicKeyExtract = (F_PUBLICKEYEXTRACT) + DSO_bind_func(dso, n_publicKeyExtract)) || + !(pkaEncrypt = (F_PKAENCRYPT) + DSO_bind_func(dso, n_pkaEncrypt)) || + !(pkaDecrypt = (F_PKADECRYPT) + DSO_bind_func(dso, n_pkaDecrypt))) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); + goto err; + } +#else + if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) + DSO_bind_func(dso, n_randomNumberGenerate))) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); + goto err; + } +#endif + + hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", + NULL, NULL, cca_ex_free); + + return 1; +err: + if(dso) + DSO_free(dso); + dso = NULL; + + keyRecordRead = (F_KEYRECORDREAD)NULL; + randomNumberGenerate = (F_RANDOMNUMBERGENERATE)NULL; + digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)NULL; + digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)NULL; + publicKeyExtract = (F_PUBLICKEYEXTRACT)NULL; + pkaEncrypt = (F_PKAENCRYPT)NULL; + pkaDecrypt = (F_PKADECRYPT)NULL; + return 0; + } + +static int ibm_4758_cca_finish(ENGINE *e) + { + if(dso) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, + CCA4758_R_NOT_LOADED); + return 0; + } + if(!DSO_free(dso)) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, + CCA4758_R_UNIT_FAILURE); + return 0; + } + dso = NULL; + keyRecordRead = (F_KEYRECORDREAD)NULL; + randomNumberGenerate = (F_RANDOMNUMBERGENERATE)NULL; + digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)NULL; + digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)NULL; + publicKeyExtract = (F_PUBLICKEYEXTRACT)NULL; + pkaEncrypt = (F_PKAENCRYPT)NULL; + pkaDecrypt = (F_PKADECRYPT)NULL; + return 1; + } + +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int initialised = ((dso == NULL) ? 0 : 1); + switch(cmd) + { + case CCA4758_CMD_SO_PATH: + if(p == NULL) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if(initialised) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, + CCA4758_R_ALREADY_LOADED); + return 0; + } + CCA4758_LIB_NAME = (const char *)p; + return 1; + default: + break; + } + CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, + CCA4758_R_COMMAND_NOT_IMPLEMENTED); + return 0; + } + +#ifndef OPENSSL_NO_RSA + +#define MAX_CCA_PKA_TOKEN_SIZE 2500 + +static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, + UI_METHOD *ui_method, void *callback_data) + { + RSA *rtmp = NULL; + EVP_PKEY *res = NULL; + char* keyToken = NULL; + char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE]; + long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; + long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; + long returnCode; + long reasonCode; + long exitDataLength = 0; + long ruleArrayLength = 0; + unsigned char exitData[8]; + unsigned char ruleArray[8]; + char keyLabel[64]; + long keyLabelLength = strlen(key_id); + char modulus[256]; + long modulusFieldLength = sizeof(modulus); + long modulusLength = 0; + char exponent[256]; + long exponentLength = sizeof(exponent); + + if (keyLabelLength > sizeof(keyLabel)) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return NULL; + } + + memset(keyLabel,' ', sizeof(keyLabel)); + memcpy(keyLabel, key_id, keyLabelLength); + + keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); + if (!keyToken) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + keyRecordRead(&returnCode, &reasonCode, &exitDataLength, + exitData, &ruleArrayLength, ruleArray, keyLabel, + &keyTokenLength, keyToken+sizeof(long)); + + if (returnCode) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + CCA4758_R_FAILED_LOADING_PRIVATE_KEY); + goto err; + } + + publicKeyExtract(&returnCode, &reasonCode, &exitDataLength, + exitData, &ruleArrayLength, ruleArray, &keyTokenLength, + keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken); + + if (returnCode) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + CCA4758_R_FAILED_LOADING_PRIVATE_KEY); + goto err; + } + + if (!getModulusAndExponent(pubKeyToken, &exponentLength, + exponent, &modulusLength, &modulusFieldLength, + modulus)) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + CCA4758_R_FAILED_LOADING_PRIVATE_KEY); + goto err; + } + + (*(long*)keyToken) = keyTokenLength; + rtmp = RSA_new_method(e); + RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); + + rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); + rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); + rtmp->flags |= RSA_FLAG_EXT_PKEY; + + res = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(res, rtmp); + + return res; +err: + if (keyToken) + OPENSSL_free(keyToken); + if (res) + EVP_PKEY_free(res); + if (rtmp) + RSA_free(rtmp); + return NULL; + } + +static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, + UI_METHOD *ui_method, void *callback_data) + { + RSA *rtmp = NULL; + EVP_PKEY *res = NULL; + char* keyToken = NULL; + long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; + long returnCode; + long reasonCode; + long exitDataLength = 0; + long ruleArrayLength = 0; + unsigned char exitData[8]; + unsigned char ruleArray[8]; + char keyLabel[64]; + long keyLabelLength = strlen(key_id); + char modulus[512]; + long modulusFieldLength = sizeof(modulus); + long modulusLength = 0; + char exponent[512]; + long exponentLength = sizeof(exponent); + + if (keyLabelLength > sizeof(keyLabel)) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return NULL; + } + + memset(keyLabel,' ', sizeof(keyLabel)); + memcpy(keyLabel, key_id, keyLabelLength); + + keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); + if (!keyToken) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData, + &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength, + keyToken+sizeof(long)); + + if (returnCode) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength, + exponent, &modulusLength, &modulusFieldLength, modulus)) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, + CCA4758_R_FAILED_LOADING_PUBLIC_KEY); + goto err; + } + + (*(long*)keyToken) = keyTokenLength; + rtmp = RSA_new_method(e); + RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); + rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); + rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); + rtmp->flags |= RSA_FLAG_EXT_PKEY; + res = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(res, rtmp); + + return res; +err: + if (keyToken) + OPENSSL_free(keyToken); + if (res) + EVP_PKEY_free(res); + if (rtmp) + RSA_free(rtmp); + return NULL; + } + +static int cca_rsa_pub_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding) + { + long returnCode; + long reasonCode; + long lflen = flen; + long exitDataLength = 0; + unsigned char exitData[8]; + long ruleArrayLength = 1; + unsigned char ruleArray[8] = "PKCS-1.2"; + long dataStructureLength = 0; + unsigned char dataStructure[8]; + long outputLength = RSA_size(rsa); + long keyTokenLength; + unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); + + keyTokenLength = *(long*)keyToken; + keyToken+=sizeof(long); + + pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData, + &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from, + &dataStructureLength, dataStructure, &keyTokenLength, + keyToken, &outputLength, to); + + if (returnCode || reasonCode) + return -(returnCode << 16 | reasonCode); + return outputLength; + } + +static int cca_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding) + { + long returnCode; + long reasonCode; + long lflen = flen; + long exitDataLength = 0; + unsigned char exitData[8]; + long ruleArrayLength = 1; + unsigned char ruleArray[8] = "PKCS-1.2"; + long dataStructureLength = 0; + unsigned char dataStructure[8]; + long outputLength = RSA_size(rsa); + long keyTokenLength; + unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); + + keyTokenLength = *(long*)keyToken; + keyToken+=sizeof(long); + + pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData, + &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from, + &dataStructureLength, dataStructure, &keyTokenLength, + keyToken, &outputLength, to); + + return (returnCode | reasonCode) ? 0 : 1; + } + +#define SSL_SIG_LEN 36 + +static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) + { + long returnCode; + long reasonCode; + long lsiglen = siglen; + long exitDataLength = 0; + unsigned char exitData[8]; + long ruleArrayLength = 1; + unsigned char ruleArray[8] = "PKCS-1.1"; + long keyTokenLength; + unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); + long length = SSL_SIG_LEN; + long keyLength ; + char *hashBuffer = NULL; + X509_SIG sig; + ASN1_TYPE parameter; + X509_ALGOR algorithm; + ASN1_OCTET_STRING digest; + + keyTokenLength = *(long*)keyToken; + keyToken+=sizeof(long); + + if (type == NID_md5 || type == NID_sha1) + { + sig.algor = &algorithm; + algorithm.algorithm = OBJ_nid2obj(type); + + if (!algorithm.algorithm) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + CCA4758_R_UNKNOWN_ALGORITHM_TYPE); + return 0; + } + + if (!algorithm.algorithm->length) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); + return 0; + } + + parameter.type = V_ASN1_NULL; + parameter.value.ptr = NULL; + algorithm.parameter = ¶meter; + + sig.digest = &digest; + sig.digest->data = (unsigned char*)m; + sig.digest->length = m_len; + + length = i2d_X509_SIG(&sig, NULL); + } + + keyLength = RSA_size(rsa); + + if (length - RSA_PKCS1_PADDING > keyLength) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return 0; + } + + switch (type) + { + case NID_md5_sha1 : + if (m_len != SSL_SIG_LEN) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return 0; + } + + hashBuffer = (char*)m; + length = m_len; + break; + case NID_md5 : + { + unsigned char *ptr; + ptr = hashBuffer = OPENSSL_malloc( + (unsigned int)keyLength+1); + if (!hashBuffer) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + i2d_X509_SIG(&sig, &ptr); + } + break; + case NID_sha1 : + { + unsigned char *ptr; + ptr = hashBuffer = OPENSSL_malloc( + (unsigned int)keyLength+1); + if (!hashBuffer) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + ERR_R_MALLOC_FAILURE); + return 0; + } + i2d_X509_SIG(&sig, &ptr); + } + break; + default: + return 0; + } + + digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength, + exitData, &ruleArrayLength, ruleArray, &keyTokenLength, + keyToken, &length, hashBuffer, &lsiglen, sigbuf); + + if (type == NID_sha1 || type == NID_md5) + { + memset(hashBuffer, keyLength+1, 0); + OPENSSL_free(hashBuffer); + } + + return ((returnCode || reasonCode) ? 0 : 1); + } + +#define SSL_SIG_LEN 36 + +static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + { + long returnCode; + long reasonCode; + long exitDataLength = 0; + unsigned char exitData[8]; + long ruleArrayLength = 1; + unsigned char ruleArray[8] = "PKCS-1.1"; + long outputLength=256; + long outputBitLength; + long keyTokenLength; + char *hashBuffer = NULL; + unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); + long length = SSL_SIG_LEN; + long keyLength ; + X509_SIG sig; + ASN1_TYPE parameter; + X509_ALGOR algorithm; + ASN1_OCTET_STRING digest; + + keyTokenLength = *(long*)keyToken; + keyToken+=sizeof(long); + + if (type == NID_md5 || type == NID_sha1) + { + sig.algor = &algorithm; + algorithm.algorithm = OBJ_nid2obj(type); + + if (!algorithm.algorithm) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, + CCA4758_R_UNKNOWN_ALGORITHM_TYPE); + return 0; + } + + if (!algorithm.algorithm->length) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, + CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); + return 0; + } + + parameter.type = V_ASN1_NULL; + parameter.value.ptr = NULL; + algorithm.parameter = ¶meter; + + sig.digest = &digest; + sig.digest->data = (unsigned char*)m; + sig.digest->length = m_len; + + length = i2d_X509_SIG(&sig, NULL); + } + + keyLength = RSA_size(rsa); + + if (length - RSA_PKCS1_PADDING > keyLength) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, + CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return 0; + } + + switch (type) + { + case NID_md5_sha1 : + if (m_len != SSL_SIG_LEN) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, + CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return 0; + } + hashBuffer = (char*)m; + length = m_len; + break; + case NID_md5 : + { + unsigned char *ptr; + ptr = hashBuffer = OPENSSL_malloc( + (unsigned int)keyLength+1); + if (!hashBuffer) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + ERR_R_MALLOC_FAILURE); + return 0; + } + i2d_X509_SIG(&sig, &ptr); + } + break; + case NID_sha1 : + { + unsigned char *ptr; + ptr = hashBuffer = OPENSSL_malloc( + (unsigned int)keyLength+1); + if (!hashBuffer) + { + CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, + ERR_R_MALLOC_FAILURE); + return 0; + } + i2d_X509_SIG(&sig, &ptr); + } + break; + default: + return 0; + } + + digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength, + exitData, &ruleArrayLength, ruleArray, &keyTokenLength, + keyToken, &length, hashBuffer, &outputLength, &outputBitLength, + sigret); + + if (type == NID_sha1 || type == NID_md5) + { + memset(hashBuffer, keyLength+1, 0); + OPENSSL_free(hashBuffer); + } + + *siglen = outputLength; + + return ((returnCode || reasonCode) ? 0 : 1); + } + +static int getModulusAndExponent(const char*token, long *exponentLength, + char *exponent, long *modulusLength, long *modulusFieldLength, + char *modulus) + { + unsigned long len; + + if (*token++ != (char)0x1E) /* internal PKA token? */ + return 0; + + if (*token++) /* token version must be zero */ + return 0; + + len = *token++; + len = len << 8; + len |= (unsigned char)*token++; + + token += 4; /* skip reserved bytes */ + + if (*token++ == (char)0x04) + { + if (*token++) /* token version must be zero */ + return 0; + + len = *token++; + len = len << 8; + len |= (unsigned char)*token++; + + token+=2; /* skip reserved section */ + + len = *token++; + len = len << 8; + len |= (unsigned char)*token++; + + *exponentLength = len; + + len = *token++; + len = len << 8; + len |= (unsigned char)*token++; + + *modulusLength = len; + + len = *token++; + len = len << 8; + len |= (unsigned char)*token++; + + *modulusFieldLength = len; + + memcpy(exponent, token, *exponentLength); + token+= *exponentLength; + + memcpy(modulus, token, *modulusFieldLength); + return 1; + } + return 0; + } + +#endif /* OPENSSL_NO_RSA */ + +static int cca_random_status(void) + { + return 1; + } + +static int cca_get_random_bytes(unsigned char* buf, int num) + { + long ret_code; + long reason_code; + long exit_data_length; + char exit_data[4]; + char form[] = "RANDOM "; + char random[8]; + + while(num >= sizeof(random)) + { + randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, + exit_data, form, random); + if (ret_code) + return 0; + num -= sizeof(random); + memcpy(buf, random, sizeof(random)); + buf += sizeof(random); + } + + if (num) + { + randomNumberGenerate(&ret_code, &reason_code, NULL, NULL, + form, random); + if (ret_code) + return 0; + memcpy(buf, random, num); + } + + return 1; + } + +static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int index, + long argl, void *argp) + { + if (item) + OPENSSL_free(item); + } + +/* Goo to handle building as a dynamic engine */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_cswift_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + +#endif /* !NO_HW_4758_CCA */ +#endif /* !NO_HW */ diff --git a/crypto/engine/hw_4758_cca_err.c b/crypto/engine/hw_4758_cca_err.c new file mode 100644 index 0000000000..7ea5c63707 --- /dev/null +++ b/crypto/engine/hw_4758_cca_err.c @@ -0,0 +1,149 @@ +/* hw_4758_cca_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include "hw_4758_cca_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA CCA4758_str_functs[]= + { +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0), "IBM_4758_CCA_CTRL"}, +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0), "IBM_4758_CCA_FINISH"}, +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0), "IBM_4758_CCA_INIT"}, +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0), "IBM_4758_CCA_LOAD_PRIVKEY"}, +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0), "IBM_4758_CCA_LOAD_PUBKEY"}, +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0), "IBM_4758_CCA_SIGN"}, +{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0), "IBM_4758_CCA_VERIFY"}, +{0,NULL} + }; + +static ERR_STRING_DATA CCA4758_str_reasons[]= + { +{CCA4758_R_ALREADY_LOADED ,"already loaded"}, +{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD ,"asn1 oid unknown for md"}, +{CCA4758_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"}, +{CCA4758_R_DSO_FAILURE ,"dso failure"}, +{CCA4758_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, +{CCA4758_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, +{CCA4758_R_NOT_LOADED ,"not loaded"}, +{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, +{CCA4758_R_UNIT_FAILURE ,"unit failure"}, +{CCA4758_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, +{0,NULL} + }; + +#endif + +#ifdef CCA4758_LIB_NAME +static ERR_STRING_DATA CCA4758_lib_name[]= + { +{0 ,CCA4758_LIB_NAME}, +{0,NULL} + }; +#endif + + +static int CCA4758_lib_error_code=0; +static int CCA4758_error_init=1; + +static void ERR_load_CCA4758_strings(void) + { + if (CCA4758_lib_error_code == 0) + CCA4758_lib_error_code=ERR_get_next_error_library(); + + if (CCA4758_error_init) + { + CCA4758_error_init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs); + ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons); +#endif + +#ifdef CCA4758_LIB_NAME + CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0); + ERR_load_strings(0,CCA4758_lib_name); +#endif + } + } + +static void ERR_unload_CCA4758_strings(void) + { + if (CCA4758_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs); + ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons); +#endif + +#ifdef CCA4758_LIB_NAME + ERR_unload_strings(0,CCA4758_lib_name); +#endif + CCA4758_error_init=1; + } + } + +static void ERR_CCA4758_error(int function, int reason, char *file, int line) + { + if (CCA4758_lib_error_code == 0) + CCA4758_lib_error_code=ERR_get_next_error_library(); + ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line); + } diff --git a/crypto/engine/hw_4758_cca_err.h b/crypto/engine/hw_4758_cca_err.h new file mode 100644 index 0000000000..2fc563ab11 --- /dev/null +++ b/crypto/engine/hw_4758_cca_err.h @@ -0,0 +1,93 @@ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_CCA4758_ERR_H +#define HEADER_CCA4758_ERR_H + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +static void ERR_load_CCA4758_strings(void); +static void ERR_unload_CCA4758_strings(void); +static void ERR_CCA4758_error(int function, int reason, char *file, int line); +#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the CCA4758 functions. */ + +/* Function codes. */ +#define CCA4758_F_IBM_4758_CCA_CTRL 100 +#define CCA4758_F_IBM_4758_CCA_FINISH 101 +#define CCA4758_F_IBM_4758_CCA_INIT 102 +#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY 103 +#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY 104 +#define CCA4758_F_IBM_4758_CCA_SIGN 105 +#define CCA4758_F_IBM_4758_CCA_VERIFY 106 + +/* Reason codes. */ +#define CCA4758_R_ALREADY_LOADED 100 +#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101 +#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102 +#define CCA4758_R_DSO_FAILURE 103 +#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104 +#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105 +#define CCA4758_R_NOT_LOADED 106 +#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107 +#define CCA4758_R_UNIT_FAILURE 108 +#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/engine/vendor_defns/hw_4758_cca.h b/crypto/engine/vendor_defns/hw_4758_cca.h new file mode 100644 index 0000000000..296636e81a --- /dev/null +++ b/crypto/engine/vendor_defns/hw_4758_cca.h @@ -0,0 +1,149 @@ +/**********************************************************************/ +/* */ +/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */ +/* */ +/* Maurice Gittens */ +/* */ +/**********************************************************************/ + +#ifndef __HW_4758_CCA__ +#define __HW_4758_CCA__ + +/* + * Only WIN32 support for now + */ +#if defined(WIN32) + + #define CCA_LIB_NAME "CSUNSAPI" + + #define CSNDPKX "CSNDPKX_32" + #define CSNDKRR "CSNDKRR_32" + #define CSNDPKE "CSNDPKE_32" + #define CSNDPKD "CSNDPKD_32" + #define CSNDDSV "CSNDDSV_32" + #define CSNDDSG "CSNDDSG_32" + #define CSNBRNG "CSNBRNG_32" + + #define SECURITYAPI __stdcall +#else + /* Fixme!! + Find out the values of these constants for other platforms. + */ + #define CCA_LIB_NAME "CSUNSAPI" + + #define CSNDPKX "CSNDPKX" + #define CSNDKRR "CSNDKRR" + #define CSNDPKE "CSNDPKE" + #define CSNDPKD "CSNDPKD" + #define CSNDDSV "CSNDDSV" + #define CSNDDSG "CSNDDSG" + #define CSNBRNG "CSNBRNG" + + #define SECURITYAPI +#endif + +/* + * security API prototypes + */ + +/* PKA Key Record Read */ +typedef void (SECURITYAPI *F_KEYRECORDREAD) + (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); + +/* Random Number Generate */ +typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE) + (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * form, + unsigned char * random_number); + +/* Digital Signature Generate */ +typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE) + (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PKA_private_key_id_length, + unsigned char * PKA_private_key_id, + long * hash_length, + unsigned char * hash, + long * signature_field_length, + long * signature_bit_length, + unsigned char * signature_field); + +/* Digital Signature Verify */ +typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)( + long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PKA_public_key_id_length, + unsigned char * PKA_public_key_id, + long * hash_length, + unsigned char * hash, + long * signature_field_length, + unsigned char * signature_field); + +/* PKA Public Key Extract */ +typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)( + long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * source_key_identifier_length, + unsigned char * source_key_identifier, + long * target_key_token_length, + unsigned char * target_key_token); + +/* PKA Encrypt */ +typedef void (SECURITYAPI *F_PKAENCRYPT) + (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_value_length, + unsigned char * key_value, + long * data_struct_length, + unsigned char * data_struct, + long * RSA_public_key_length, + unsigned char * RSA_public_key, + long * RSA_encipher_length, + unsigned char * RSA_encipher ); + +/* PKA Decrypt */ +typedef void (SECURITYAPI *F_PKADECRYPT) + (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * enciphered_key_length, + unsigned char * enciphered_key, + long * data_struct_length, + unsigned char * data_struct, + long * RSA_private_key_length, + unsigned char * RSA_private_key, + long * key_value_length, + unsigned char * key_value ); + + +#endif From 59dbdb51dc41fb871f491e7d91bf6d8aae7078a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 28 Feb 2002 10:51:56 +0000 Subject: [PATCH 050/173] disable '#ifdef DEBUG' sections --- crypto/bio/bf_lbuf.c | 12 ++++++------ crypto/des/read_pwd.c | 2 +- crypto/x509v3/v3_utl.c | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index 7bcf8ed941..ec0f7eb0b7 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -200,7 +200,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl) } } -#ifdef DEBUG +#if 0 BIO_write(b->next_bio, "<*<", 3); #endif i=BIO_write(b->next_bio, @@ -210,13 +210,13 @@ BIO_write(b->next_bio, "<*<", 3); ctx->obuf_len = orig_olen; BIO_copy_next_retry(b); -#ifdef DEBUG +#if 0 BIO_write(b->next_bio, ">*>", 3); #endif if (i < 0) return((num > 0)?num:i); if (i == 0) return(num); } -#ifdef DEBUG +#if 0 BIO_write(b->next_bio, ">*>", 3); #endif if (i < ctx->obuf_len) @@ -229,20 +229,20 @@ BIO_write(b->next_bio, ">*>", 3); buffer if a NL was found and there is anything to write. */ if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { -#ifdef DEBUG +#if 0 BIO_write(b->next_bio, "<*<", 3); #endif i=BIO_write(b->next_bio,in,p - in); if (i <= 0) { BIO_copy_next_retry(b); -#ifdef DEBUG +#if 0 BIO_write(b->next_bio, ">*>", 3); #endif if (i < 0) return((num > 0)?num:i); if (i == 0) return(num); } -#ifdef DEBUG +#if 0 BIO_write(b->next_bio, ">*>", 3); #endif num+=i; diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index db623706a7..00000190f8 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -372,7 +372,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, error: fprintf(stderr,"\n"); -#ifdef DEBUG +#if 0 perror("fgets(tty)"); #endif /* What can we do if there is an error? */ diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 3e3d7ac916..283e943e46 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -269,7 +269,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) *p = 0; ntmp = strip_spaces(q); q = p + 1; -#ifdef DEBUG +#if 0 printf("%s\n", ntmp); #endif if(!ntmp) { @@ -285,7 +285,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) state = HDR_NAME; *p = 0; vtmp = strip_spaces(q); -#ifdef DEBUG +#if 0 printf("%s\n", ntmp); #endif if(!vtmp) { @@ -302,7 +302,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) if(state == HDR_VALUE) { vtmp = strip_spaces(q); -#ifdef DEBUG +#if 0 printf("%s=%s\n", ntmp, vtmp); #endif if(!vtmp) { @@ -312,7 +312,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) X509V3_add_value(ntmp, vtmp, &values); } else { ntmp = strip_spaces(q); -#ifdef DEBUG +#if 0 printf("%s\n", ntmp); #endif if(!ntmp) { From 023ec151df447fbb12bba8dddb0bf1396c44014e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 28 Feb 2002 10:52:56 +0000 Subject: [PATCH 051/173] Add 'void *' argument to app_verify_callback. Submitted by: D. K. Smetters Reviewed by: Bodo Moeller --- CHANGES | 16 ++++++++ demos/easy_tls/easy-tls.c | 6 +-- doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 40 ++++++++++---------- ssl/ssl.h | 8 ++-- ssl/ssl_cert.c | 4 ++ ssl/ssl_lib.c | 9 +---- ssl/ssltest.c | 36 ++++++++++++++++++ test/testssl | 3 ++ 8 files changed, 89 insertions(+), 33 deletions(-) diff --git a/CHANGES b/CHANGES index 223d889cc4..77185b700a 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,22 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Fix the 'app_verify_callback' interface so that the user-defined + argument is actually passed to the callback: In the + SSL_CTX_set_cert_verify_callback() prototype, the callback + declaration has been changed from + int (*cb)() + into + int (*cb)(X509_STORE_CTX *,void *); + in ssl_verify_cert_chain (ssl/ssl_cert.c), the call + i=s->ctx->app_verify_callback(&ctx) + has been changed into + i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). + + To update applications using SSL_CTX_set_cert_verify_callback(), + a dummy argument can be added to their callback functions. + [D. K. Smetters ] + +) Added the '4758cca' ENGINE to support IBM 4758 cards. [Maurice Gittens , touchups by Geoff Thorpe] diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index f79076a42b..25aedb94d9 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -1,7 +1,7 @@ /* -*- Mode: C; c-file-style: "bsd" -*- */ /* * easy-tls.c -- generic TLS proxy. - * $Id: easy-tls.c,v 1.2 2001/09/24 07:54:09 bodo Exp $ + * $Id: easy-tls.c,v 1.3 2002/02/28 10:52:01 bodo Exp $ */ /* (c) Copyright 1999 Bodo Moeller. All rights reserved. @@ -73,7 +73,7 @@ */ static char const rcsid[] = -"$Id: easy-tls.c,v 1.2 2001/09/24 07:54:09 bodo Exp $"; +"$Id: easy-tls.c,v 1.3 2002/02/28 10:52:01 bodo Exp $"; #include #include @@ -568,7 +568,7 @@ no_passphrase_callback(char *buf, int num, int w, void *arg) } static int -verify_dont_fail_cb(X509_STORE_CTX *c) +verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg) { int i; diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod index 723fc140d4..c0f4f85708 100644 --- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod @@ -8,38 +8,36 @@ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure #include - void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), - char *arg); - int (*callback)(); + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); =head1 DESCRIPTION SSL_CTX_set_cert_verify_callback() sets the verification callback function for -B. SSL objects, that are created from B inherit the setting valid at -the time, L is called. B is currently ignored. +I. SSL objects that are created from I inherit the setting valid at +the time when L is called. =head1 NOTES Whenever a certificate is verified during a SSL/TLS handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. -If a verification callback B is specified via +If a verification callback I is specified via SSL_CTX_set_cert_verify_callback(), the supplied callback function is called -instead. By setting B to NULL, the default behaviour is restored. +instead. By setting I to NULL, the default behaviour is restored. -When the verification must be performed, B will be called with -the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B -that can be specified when setting B are currently ignored. +When the verification must be performed, I will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument I is specified by the application when setting I. -B should return 1 to indicate verification success and 0 to -indicate verification failure. If SSL_VERIFY_PEER is set and B +I should return 1 to indicate verification success and 0 to +indicate verification failure. If SSL_VERIFY_PEER is set and I returns 0, the handshake will fail. As the verification procedure may allow to continue the connection in case of failure (by always returning 1) the verification result must be set in any case using the B -member of B, so that the calling application will be informed +member of I so that the calling application will be informed about the detailed result of the verification procedure! -Within B, B has access to the B +Within I, I has access to the I function set using L. =head1 WARNINGS @@ -56,12 +54,6 @@ the B function. =head1 BUGS -It is possible to specify arguments to be passed to the verification callback. -Currently they are however not passed but ignored. - -The B function is not specified via a prototype, so that no -type checking takes place. - =head1 RETURN VALUES SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. @@ -72,4 +64,12 @@ L, L, L, L +=head1 HISTORY + +Previous to OpenSSL 0.9.7, the I argument to B +was ignored, and I was called simply as + int (*callback)(X509_STORE_CTX *) +To compile software written for previous versions of OpenSSL, a dummy +argument will have to be added to I. + =cut diff --git a/ssl/ssl.h b/ssl/ssl.h index 05fa9eef34..af4a7e829e 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -607,8 +607,10 @@ struct ssl_ctx_st int references; /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback)(); - char *app_verify_arg; /* never used; should be void * */ + int (*app_verify_callback)(X509_STORE_CTX *, void *); + void *app_verify_arg; + /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored + * ('app_verify_callback' was called with just one argument) */ /* Default password callback. */ pem_password_cb *default_passwd_callback; @@ -1232,7 +1234,7 @@ int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); #ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); #endif diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index d78584715a..1a873d2cb7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -483,7 +483,11 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) +#if 1 /* new with OpenSSL 0.9.7 */ + i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); +#else i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ +#endif else { #ifndef OPENSSL_NO_X509_VERIFY diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index eaf1abdd1b..df307a80c5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1443,15 +1443,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) ctx->default_passwd_callback_userdata=u; } -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg) +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) { - /* now - * int (*cb)(X509_STORE_CTX *), - * but should be - * int (*cb)(X509_STORE_CTX *, void *arg) - */ ctx->app_verify_callback=cb; - ctx->app_verify_arg=arg; /* never used */ + ctx->app_verify_arg=arg; } void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 7d6b53eed1..2ef9ae7601 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -158,6 +158,10 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); static void free_tmp_rsa(void); #endif +static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg); +#define APP_CALLBACK "Test Callback Argument" +static char *app_verify_arg = APP_CALLBACK; + #ifndef OPENSSL_NO_DH static DH *get_dh512(void); static DH *get_dh1024(void); @@ -336,6 +340,7 @@ int main(int argc, char *argv[]) int tls1=0,ssl2=0,ssl3=0,ret=1; int client_auth=0; int server_auth=0,i; + int app_verify=0; char *server_cert=TEST_SERVER_CERT; char *server_key=NULL; char *client_cert=TEST_CLIENT_CERT; @@ -489,6 +494,10 @@ int main(int argc, char *argv[]) { comp = COMP_RLE; } + else if (strcmp(*argv,"-app_verify") == 0) + { + app_verify = 1; + } else { fprintf(stderr,"unknown option %s\n",*argv); @@ -640,12 +649,20 @@ bad: SSL_CTX_set_verify(s_ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); + if (app_verify) + { + SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg); + } } if (server_auth) { BIO_printf(bio_err,"server authentication\n"); SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, verify_callback); + if (app_verify) + { + SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg); + } } { @@ -1433,6 +1450,25 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) return(ok); } +static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) + { + char *s = NULL,buf[256]; + int ok=1; + + fprintf(stderr, "In app_verify_callback, allowing cert. "); + fprintf(stderr, "Arg is: %s\n", (char *)arg); + fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n", + (unsigned int)ctx, (unsigned int)ctx->cert); + if (ctx->cert) + s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); + if (s != NULL) + { + fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf); + } + + return(ok); + } + #ifndef OPENSSL_NO_RSA static RSA *rsa_tmp=NULL; diff --git a/test/testssl b/test/testssl index 3ca5c8010b..ba5e41c861 100644 --- a/test/testssl +++ b/test/testssl @@ -116,6 +116,9 @@ $ssltest -bio_pair -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 +echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify +$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 + ############################################################################# echo test tls1 with 1024bit anonymous DH, multiple handshakes From 0d22b5dace84489d0ade8c880570eff0092dfb1a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 11:29:55 +0000 Subject: [PATCH 052/173] Document the added modes for AES --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 77185b700a..4cd9fc1d69 100644 --- a/CHANGES +++ b/CHANGES @@ -75,6 +75,10 @@ always load it have also been added. [Steve Henson] + +) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. + Adjust NIDs and EVP layer. + [Stephen Sprunk and Richard Levitte] + +) Config modules support in openssl utility. Most commands now load modules from the config file, From 5c62f68e14f38101e2a1dd969b1d5f587a16bfdb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 11:36:38 +0000 Subject: [PATCH 053/173] Updated AEP engine, submitted by Diarmuid O'Neill --- crypto/engine/hw_aep.c | 56 +++++++++++++++++++++++++++++++++----- crypto/engine/hw_aep_err.c | 1 + crypto/engine/hw_aep_err.h | 1 + 3 files changed, 51 insertions(+), 7 deletions(-) diff --git a/crypto/engine/hw_aep.c b/crypto/engine/hw_aep.c index 1ec8eb3e6f..cefd3f006a 100644 --- a/crypto/engine/hw_aep.c +++ b/crypto/engine/hw_aep.c @@ -81,6 +81,8 @@ typedef int pid_t; #endif #define AEP_LIB_NAME "aep engine" +#define FAIL_TO_SW 0x10101010 + #include "hw_aep_err.c" static int aep_init(ENGINE *e); @@ -233,6 +235,8 @@ static AEP_U32 rand_block_bytes = 0; static const char *engine_aep_id = "aep"; static const char *engine_aep_name = "Aep hardware engine support"; +static int max_key_len = 2176; + /* This internal function is used by ENGINE_aep() and possibly by the * "dynamic" ENGINE support too */ @@ -557,15 +561,25 @@ static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { int to_return = 0; + int r_len = 0; AEP_CONNECTION_HNDL hConnection; AEP_RV rv; + + r_len = BN_num_bits(m); + + /* Perform in software if modulus is too large for hardware. */ + + if (r_len > max_key_len){ + AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + return BN_mod_exp(r, a, p, m, ctx); + } /*Grab a connection from the pool*/ rv = aep_get_connection(&hConnection); if (rv != AEP_R_OK) { AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED); - goto err; + return BN_mod_exp(r, a, p, m, ctx); } /*To the card with the mod exp*/ @@ -574,8 +588,8 @@ static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (rv != AEP_R_OK) { AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED); - rv = aep_return_connection(hConnection); - goto err; + rv = aep_close_connection(hConnection); + return BN_mod_exp(r, a, p, m, ctx); } /*Return the connection to the pool*/ @@ -603,7 +617,7 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (rv != AEP_R_OK) { AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED); - goto err; + return FAIL_TO_SW; } /*To the card with the mod exp*/ @@ -612,8 +626,8 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (rv != AEP_R_OK) { AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED); - rv = aep_return_connection(hConnection); - goto err; + rv = aep_close_connection(hConnection); + return FAIL_TO_SW; } /*Return the connection to the pool*/ @@ -730,7 +744,13 @@ static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx); - if (rv != AEP_R_OK) + + if (rv == FAIL_TO_SW){ + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + to_return = (*meth->rsa_mod_exp)(r0, I, rsa); + goto err; + } + else if (rv != AEP_R_OK) goto err; } else @@ -930,6 +950,28 @@ static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection) return AEP_R_OK; } +static int aep_close_connection(unsigned int hConnection) + { + int count; + + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + + /*Find the connection item that matches this connection handle*/ + for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) + { + if (aep_app_conn_table[count].conn_hndl == hConnection) + { + aep_app_conn_table[count].conn_state = NotConnected; + close(aep_app_conn_table[count].conn_hndl); + break; + } + } + + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + + return AEP_R_OK; + } + static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) { int count; diff --git a/crypto/engine/hw_aep_err.c b/crypto/engine/hw_aep_err.c index 246d401b87..092f532946 100644 --- a/crypto/engine/hw_aep_err.c +++ b/crypto/engine/hw_aep_err.c @@ -94,6 +94,7 @@ static ERR_STRING_DATA AEPHK_str_reasons[]= {AEPHK_R_OK ,"ok"}, {AEPHK_R_RETURN_CONNECTION_FAILED ,"return connection failed"}, {AEPHK_R_SETBNCALLBACK_FAILURE ,"setbncallback failure"}, +{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, {AEPHK_R_UNIT_FAILURE ,"unit failure"}, {0,NULL} }; diff --git a/crypto/engine/hw_aep_err.h b/crypto/engine/hw_aep_err.h index f6759f6c76..8fe4cf921f 100644 --- a/crypto/engine/hw_aep_err.h +++ b/crypto/engine/hw_aep_err.h @@ -92,6 +92,7 @@ static void ERR_AEPHK_error(int function, int reason, char *file, int line); #define AEPHK_R_OK 112 #define AEPHK_R_RETURN_CONNECTION_FAILED 113 #define AEPHK_R_SETBNCALLBACK_FAILURE 114 +#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116 #define AEPHK_R_UNIT_FAILURE 115 #ifdef __cplusplus From 26414ee013170f2d8e42b1995dbb30c03e7ed16c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 12:42:19 +0000 Subject: [PATCH 054/173] Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated --- STATUS | 5 +---- apps/ca.c | 8 ++++++++ crypto/des/des.c | 3 +++ crypto/evp/evp_key.c | 3 +++ crypto/x509/x509_obj.c | 1 + ssl/kssl.c | 2 ++ 6 files changed, 18 insertions(+), 4 deletions(-) diff --git a/STATUS b/STATUS index 67ecd83a98..542174cdf2 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/21 17:23:04 $ + ______________ $Date: 2002/02/28 12:42:00 $ DEVELOPMENT STATE @@ -63,9 +63,6 @@ o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file - o Whenever strncpy is used, make sure the resulting string is NULL-terminated - or an error is reported - o "OpenSSL STATUS" is never up-to-date. OPEN ISSUES diff --git a/apps/ca.c b/apps/ca.c index 182c29e8c6..f368d39b97 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -571,6 +571,7 @@ bad: #else strncpy(buf[0],X509_get_default_cert_area(), sizeof(buf[0])-2-sizeof(CONFIG_FILE)); + buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0'; strcat(buf[0],"/"); #endif strcat(buf[0],CONFIG_FILE); @@ -1277,6 +1278,7 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); strncpy(buf[0],serialfile,BSIZE-4); + buf[0][BSIZE-4]='\0'; #ifdef OPENSSL_SYS_VMS strcat(buf[0],"-new"); @@ -1287,6 +1289,7 @@ bad: if (!save_serial(buf[0],serial)) goto err; strncpy(buf[1],dbfile,BSIZE-4); + buf[1][BSIZE-4]='\0'; #ifdef OPENSSL_SYS_VMS strcat(buf[1],"-new"); @@ -1317,6 +1320,7 @@ bad: p=(char *)x->cert_info->serialNumber->data; strncpy(buf[2],outdir,BSIZE-(j*2)-6); + buf[2][BSIZE-(j*2)-6]='\0'; #ifndef OPENSSL_SYS_VMS strcat(buf[2],"/"); @@ -1354,6 +1358,7 @@ bad: { /* Rename the database and the serial file */ strncpy(buf[2],serialfile,BSIZE-4); + buf[2][BSIZE-4]='\0'; #ifdef OPENSSL_SYS_VMS strcat(buf[2],"-old"); @@ -1382,6 +1387,7 @@ bad: } strncpy(buf[2],dbfile,BSIZE-4); + buf[2][BSIZE-4]='\0'; #ifdef OPENSSL_SYS_VMS strcat(buf[2],"-old"); @@ -1554,6 +1560,7 @@ bad: X509_free(revcert); strncpy(buf[0],dbfile,BSIZE-4); + buf[0][BSIZE-4]='\0'; #ifndef OPENSSL_SYS_VMS strcat(buf[0],".new"); #else @@ -1568,6 +1575,7 @@ bad: j=TXT_DB_write(out,db); if (j <= 0) goto err; strncpy(buf[1],dbfile,BSIZE-4); + buf[1][BSIZE-4]='\0'; #ifndef OPENSSL_SYS_VMS strcat(buf[1],".old"); #else diff --git a/crypto/des/des.c b/crypto/des/des.c index a03ce161af..d8c846b23d 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -153,12 +153,14 @@ int main(int argc, char **argv) case 'c': cflag=1; strncpy(cksumname,p,200); + cksumname[sizeof(cksumname)-1]='\0'; p+=strlen(cksumname); break; case 'C': cflag=1; longk=1; strncpy(cksumname,p,200); + cksumname[sizeof(cksumname)-1]='\0'; p+=strlen(cksumname); break; case 'e': @@ -190,6 +192,7 @@ int main(int argc, char **argv) case 'u': uflag=1; strncpy(uuname,p,200); + uuname[sizeof(uuname)-1]='\0'; p+=strlen(uuname); break; case 'h': diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 9d9b0af8de..4271393069 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -71,7 +71,10 @@ void EVP_set_pw_prompt(char *prompt) if (prompt == NULL) prompt_string[0]='\0'; else + { strncpy(prompt_string,prompt,79); + prompt_string[79]='\0'; + } } char *EVP_get_pw_prompt(void) diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index f0271fdfa1..1e718f76eb 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -94,6 +94,7 @@ int i; OPENSSL_free(b); } strncpy(buf,"NO X509_NAME",len); + buf[len-1]='\0'; return buf; } diff --git a/ssl/kssl.c b/ssl/kssl.c index 49b749b054..edc108b3de 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1597,10 +1597,12 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, else { strncpy(*princ, entity->data, entity->length); + (*princ)[entity->length]='\0'; if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); + (*princ)[entity->length+1+realm->length]='\0'; } } From 7d68189d8a700fe16b1ac795a4f79fe2862d1e12 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 12:58:43 +0000 Subject: [PATCH 055/173] Make sure aep_close_connection() is declared and has a prototype that's consistent with the rest of the AEP functions --- crypto/engine/hw_aep.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/engine/hw_aep.c b/crypto/engine/hw_aep.c index cefd3f006a..f25013f787 100644 --- a/crypto/engine/hw_aep.c +++ b/crypto/engine/hw_aep.c @@ -92,6 +92,7 @@ static int aep_destroy(ENGINE *e); static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection); static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection); +static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection); static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use); /* BIGNUM stuff */ @@ -950,7 +951,7 @@ static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection) return AEP_R_OK; } -static int aep_close_connection(unsigned int hConnection) +static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection) { int count; From 87ebdd8a718adec7efc8ae7c31025db1d3959ac2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 13:17:40 +0000 Subject: [PATCH 056/173] VMS addaptation, including a few more long names that needed hacking. --- crypto/crypto-lib.com | 11 ++++++----- crypto/evp/evp.h | 2 ++ crypto/symhacks.h | 12 ++++++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index e4e4fd4c54..ec6862e3c2 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -187,7 +187,8 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "enc_read,enc_writ,ofb64enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - "des_enc,fcrypt_b,"+ - - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,ede_cbcm_enc,des_old" + "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ + "ede_cbcm_enc,des_old,read2pwd" $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" $ LIB_RC4 = "rc4_skey,rc4_enc" $ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64" @@ -214,8 +215,8 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "tb_rsa,tb_dsa,tb_dh,tb_rand,tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,"+ - "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ - - "hw_openbsd_dev_crypto" -$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc" + "hw_openbsd_dev_crypto,hw_aep,hw_sureware,hw_4758_cca" +$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - @@ -274,8 +275,8 @@ $ LIB_COMP = "comp_lib,"+ - "c_rle,c_zlib" $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" -$ LIB_UI_COMPAT = "ui_compat" -$ LIB_UI = "ui_err,ui_lib,ui_openssl,"+LIB_UI_COMPAT +$ LIB_UI_COMPAT = ",ui_compat" +$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT $ LIB_KRB5 = "krb5_asn" $! $! Setup exceptional compilations diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 8d99c29f5f..d6494ed06a 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -69,6 +69,8 @@ #include +#include + #ifndef OPENSSL_NO_BIO #include #endif diff --git a/crypto/symhacks.h b/crypto/symhacks.h index d1aff2ae32..de0f452b47 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -182,6 +182,18 @@ #undef OCSP_SINGLERESP_get_ext_by_critical #define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit +/* Hack some long DES names */ +#undef _ossl_old_des_ede3_cfb64_encrypt +#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt +#undef _ossl_old_des_ede3_ofb64_encrypt +#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt + +/* Hack some long EVP names */ +#undef OPENSSL_add_all_algorithms_noconf +#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf +#undef OPENSSL_add_all_algorithms_conf +#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf + /* Hack some long EC names */ #undef EC_POINT_set_Jprojective_coordinates_GFp #define EC_POINT_set_Jprojective_coordinates_GFp \ From 16b0384bd2ae0761dc30b1881cda04a16052f999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 28 Feb 2002 14:05:13 +0000 Subject: [PATCH 057/173] use ERR_peek_last_error() instead of ERR_peek_error() to ignore any other errors that may be left in the error queue Submitted by: Jeffrey Altman --- crypto/pem/pem_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 7fc5e5c4c0..dba1c430da 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -111,7 +111,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe i=PEM_read_bio(bp,&name,&header,&data,&len); if (i == 0) { - error=ERR_GET_REASON(ERR_peek_error()); + error=ERR_GET_REASON(ERR_peek_last_error()); if (error == PEM_R_NO_START_LINE) { ERR_clear_error(); From 9437fef8cc7fa6acdd0c7c85cf2a50f50d74ba54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 28 Feb 2002 14:07:37 +0000 Subject: [PATCH 058/173] use ERR_peek_last_error() instead of ERR_peek_error() --- ssl/ssl_rsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index b15dd506c9..1cf8e20934 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -800,9 +800,9 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) * by SSL_CTX_use_certificate). */ } /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_error(); + err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - (void) ERR_get_error(); + (void)ERR_get_error(); else ret = 0; /* some real error */ } From 4bf4bc784f12bcdc3a3e772f85f6d33f5eccdab3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 20:29:20 +0000 Subject: [PATCH 059/173] make update --- crypto/engine/Makefile.ssl | 19 +++++ util/libeay.num | 153 +++++++++++++++++++------------------ 2 files changed, 98 insertions(+), 74 deletions(-) diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 82432bd037..8a97b62784 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -252,6 +252,25 @@ eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_table.o: eng_int.h eng_table.c +hw_4758_cca.o: ../../e_os.h ../../include/openssl/asn1.h +hw_4758_cca.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +hw_4758_cca.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h +hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +hw_4758_cca.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hw_4758_cca.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hw_4758_cca.o: ../../include/openssl/objects.h +hw_4758_cca.o: ../../include/openssl/opensslconf.h +hw_4758_cca.o: ../../include/openssl/opensslv.h +hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +hw_4758_cca.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_4758_cca.c +hw_4758_cca.o: hw_4758_cca_err.c hw_4758_cca_err.h vendor_defns/hw_4758_cca.h hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h hw_aep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/util/libeay.num b/util/libeay.num index 8999547a11..7ce301bc66 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2256,7 +2256,8 @@ ASN1_TIME_check 2782 EXIST::FUNCTION: UI_get0_user_data 2783 EXIST::FUNCTION: HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC DSA_up_ref 2785 EXIST::FUNCTION:DSA -_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST::FUNCTION:DES +_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES +_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ASN1_tag2bit 2788 EXIST::FUNCTION: @@ -2526,7 +2527,8 @@ ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: -_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST::FUNCTION:DES +_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES +_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES UI_method_get_reader 3013 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION: ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2762,79 +2764,82 @@ UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: ENGINE_load_aep 3210 EXIST::FUNCTION: ENGINE_load_sureware 3211 EXIST::FUNCTION: -OPENSSL_add_all_algorithms_noconf 3212 EXIST::FUNCTION: -OPENSSL_add_all_algorithms_conf 3213 EXIST::FUNCTION: +OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: +OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: +OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: +OPENSSL_add_all_algo_conf 3213 EXIST:VMS:FUNCTION: OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -EC_GROUP_new_by_name 3218 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY 3219 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAPrivateKey 3220 EXIST::FUNCTION:ECDSA -ECDSA_SIG_new 3221 EXIST::FUNCTION:ECDSA -ECDSA_verify 3222 EXIST::FUNCTION:ECDSA -i2d_ECDSAParameters 3223 EXIST::FUNCTION:ECDSA -i2d_ECDSAPrivateKey_bio 3224 EXIST::FUNCTION:BIO,ECDSA -PEM_write_bio_ECDSAParameters 3225 EXIST::FUNCTION:ECDSA -ECDSAParameters_print_fp 3226 EXIST::FUNCTION:ECDSA,FP_API -ENGINE_set_default_ECDSA 3227 EXIST::FUNCTION: -PEM_read_bio_ECDSA_PUBKEY 3228 EXIST::FUNCTION:ECDSA -ECDSA_check_key 3229 EXIST::FUNCTION:ECDSA -ECDSA_new_method 3230 EXIST::FUNCTION:ECDSA -d2i_ECDSAPrivateKey_bio 3231 EXIST::FUNCTION:BIO,ECDSA -i2d_ECDSA_PUBKEY 3232 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_fp 3233 EXIST::FUNCTION:ECDSA,FP_API -ENGINE_unregister_ECDSA 3234 EXIST::FUNCTION: -ECDSA_free 3235 EXIST::FUNCTION:ECDSA -ECDSAParameters_print 3236 EXIST::FUNCTION:BIO,ECDSA -PEM_write_bio_ECDSA_PUBKEY 3237 EXIST::FUNCTION:ECDSA -ECDSA_set_method 3238 EXIST::FUNCTION:ECDSA -ECDSA_print 3239 EXIST::FUNCTION:BIO,ECDSA -EVP_PKEY_get1_ECDSA 3240 EXIST::FUNCTION:ECDSA -ECDSA_SIG_free 3241 EXIST::FUNCTION:ECDSA -ECDSA_get_default_openssl_method 3242 EXIST::FUNCTION:ECDSA -ENGINE_get_default_ECDSA 3243 EXIST::FUNCTION: -PEM_write_ECDSAPrivateKey 3244 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_sign_setup 3245 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3246 EXIST::FUNCTION: -d2i_ECDSA_PUBKEY_bio 3247 EXIST::FUNCTION:BIO,ECDSA -ECDSA_sign 3248 EXIST::FUNCTION:ECDSA -ENGINE_register_ECDSA 3249 EXIST::FUNCTION: -d2i_ECDSAPrivateKey_fp 3250 EXIST::FUNCTION:ECDSA,FP_API -ECDSA_print_fp 3251 EXIST::FUNCTION:ECDSA,FP_API -i2d_ECDSAPrivateKey 3252 EXIST::FUNCTION:ECDSA -d2i_ECDSAParameters 3253 EXIST::FUNCTION:ECDSA -d2i_ECDSAPublicKey 3254 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECDSAPrivateKey 3255 EXIST::FUNCTION:ECDSA -d2i_ECDSA_SIG 3256 EXIST::FUNCTION:ECDSA -ECDSA_size 3257 EXIST::FUNCTION:ECDSA -EC_GROUP_set_nid 3258 EXIST::FUNCTION:EC -EVP_PKEY_set1_ECDSA 3259 EXIST::FUNCTION:ECDSA -EC_GROUP_get_nid 3260 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY_fp 3261 EXIST::FUNCTION:ECDSA,FP_API -ECDSA_OpenSSL 3262 EXIST::FUNCTION:ECDSA -ECDSA_get_parameter_flags 3263 EXIST::FUNCTION:ECDSA -PEM_read_ECDSAParameters 3264 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_get_ex_data 3265 EXIST::FUNCTION:ECDSA -ECDSA_do_verify 3266 EXIST::FUNCTION:ECDSA -ECDSA_do_sign 3267 EXIST::FUNCTION:ECDSA -ECDSA_set_parameter_flags 3268 EXIST::FUNCTION:ECDSA -i2d_ECDSA_SIG 3269 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAParameters 3270 EXIST::FUNCTION:ECDSA -EVP_ecdsa 3271 EXIST::FUNCTION:SHA -ECDSA_set_default_method 3272 EXIST::FUNCTION:ECDSA -ENGINE_set_ECDSA 3273 EXIST::FUNCTION: -ECDSA_get_ex_new_index 3274 EXIST::FUNCTION:ECDSA -i2d_ECDSAPublicKey 3275 EXIST::FUNCTION:ECDSA -PEM_write_ECDSA_PUBKEY 3276 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_set_ex_data 3277 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_bio 3278 EXIST::FUNCTION:BIO,ECDSA -d2i_ECDSAPrivateKey 3279 EXIST::FUNCTION:ECDSA -EC_GROUP_new_by_nid 3280 EXIST::FUNCTION:EC -PEM_read_ECDSA_PUBKEY 3281 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_up_ref 3282 EXIST::FUNCTION:ECDSA -ENGINE_register_all_ECDSA 3283 EXIST::FUNCTION: -ECDSA_generate_key 3284 EXIST::FUNCTION:ECDSA -PEM_write_ECDSAParameters 3285 EXIST:!WIN16:FUNCTION:ECDSA -i2d_ECDSAPrivateKey_fp 3286 EXIST::FUNCTION:ECDSA,FP_API -PEM_read_ECDSAPrivateKey 3287 EXIST:!WIN16:FUNCTION:ECDSA +ENGINE_load_4758cca 3218 EXIST::FUNCTION: +EC_GROUP_new_by_name 3219 EXIST::FUNCTION:EC +d2i_ECDSA_PUBKEY 3220 EXIST::FUNCTION:ECDSA +PEM_read_bio_ECDSAPrivateKey 3221 EXIST::FUNCTION:ECDSA +ECDSA_SIG_new 3222 EXIST::FUNCTION:ECDSA +ECDSA_verify 3223 EXIST::FUNCTION:ECDSA +i2d_ECDSAParameters 3224 EXIST::FUNCTION:ECDSA +i2d_ECDSAPrivateKey_bio 3225 EXIST::FUNCTION:BIO,ECDSA +PEM_write_bio_ECDSAParameters 3226 EXIST::FUNCTION:ECDSA +ECDSAParameters_print_fp 3227 EXIST::FUNCTION:ECDSA,FP_API +ENGINE_set_default_ECDSA 3228 EXIST::FUNCTION: +PEM_read_bio_ECDSA_PUBKEY 3229 EXIST::FUNCTION:ECDSA +ECDSA_check_key 3230 EXIST::FUNCTION:ECDSA +ECDSA_new_method 3231 EXIST::FUNCTION:ECDSA +d2i_ECDSAPrivateKey_bio 3232 EXIST::FUNCTION:BIO,ECDSA +i2d_ECDSA_PUBKEY 3233 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_fp 3234 EXIST::FUNCTION:ECDSA,FP_API +ENGINE_unregister_ECDSA 3235 EXIST::FUNCTION: +ECDSA_free 3236 EXIST::FUNCTION:ECDSA +ECDSAParameters_print 3237 EXIST::FUNCTION:BIO,ECDSA +PEM_write_bio_ECDSA_PUBKEY 3238 EXIST::FUNCTION:ECDSA +ECDSA_set_method 3239 EXIST::FUNCTION:ECDSA +ECDSA_print 3240 EXIST::FUNCTION:BIO,ECDSA +EVP_PKEY_get1_ECDSA 3241 EXIST::FUNCTION:ECDSA +ECDSA_SIG_free 3242 EXIST::FUNCTION:ECDSA +ECDSA_get_default_openssl_method 3243 EXIST::FUNCTION:ECDSA +ENGINE_get_default_ECDSA 3244 EXIST::FUNCTION: +PEM_write_ECDSAPrivateKey 3245 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_sign_setup 3246 EXIST::FUNCTION:ECDSA +ENGINE_get_ECDSA 3247 EXIST::FUNCTION: +d2i_ECDSA_PUBKEY_bio 3248 EXIST::FUNCTION:BIO,ECDSA +ECDSA_sign 3249 EXIST::FUNCTION:ECDSA +ENGINE_register_ECDSA 3250 EXIST::FUNCTION: +d2i_ECDSAPrivateKey_fp 3251 EXIST::FUNCTION:ECDSA,FP_API +ECDSA_print_fp 3252 EXIST::FUNCTION:ECDSA,FP_API +i2d_ECDSAPrivateKey 3253 EXIST::FUNCTION:ECDSA +d2i_ECDSAParameters 3254 EXIST::FUNCTION:ECDSA +d2i_ECDSAPublicKey 3255 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECDSAPrivateKey 3256 EXIST::FUNCTION:ECDSA +d2i_ECDSA_SIG 3257 EXIST::FUNCTION:ECDSA +ECDSA_size 3258 EXIST::FUNCTION:ECDSA +EC_GROUP_set_nid 3259 EXIST::FUNCTION:EC +EVP_PKEY_set1_ECDSA 3260 EXIST::FUNCTION:ECDSA +EC_GROUP_get_nid 3261 EXIST::FUNCTION:EC +d2i_ECDSA_PUBKEY_fp 3262 EXIST::FUNCTION:ECDSA,FP_API +ECDSA_OpenSSL 3263 EXIST::FUNCTION:ECDSA +ECDSA_get_parameter_flags 3264 EXIST::FUNCTION:ECDSA +PEM_read_ECDSAParameters 3265 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_get_ex_data 3266 EXIST::FUNCTION:ECDSA +ECDSA_do_verify 3267 EXIST::FUNCTION:ECDSA +ECDSA_do_sign 3268 EXIST::FUNCTION:ECDSA +ECDSA_set_parameter_flags 3269 EXIST::FUNCTION:ECDSA +i2d_ECDSA_SIG 3270 EXIST::FUNCTION:ECDSA +PEM_read_bio_ECDSAParameters 3271 EXIST::FUNCTION:ECDSA +EVP_ecdsa 3272 EXIST::FUNCTION:SHA +ECDSA_set_default_method 3273 EXIST::FUNCTION:ECDSA +ENGINE_set_ECDSA 3274 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3275 EXIST::FUNCTION:ECDSA +i2d_ECDSAPublicKey 3276 EXIST::FUNCTION:ECDSA +PEM_write_ECDSA_PUBKEY 3277 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_set_ex_data 3278 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_bio 3279 EXIST::FUNCTION:BIO,ECDSA +d2i_ECDSAPrivateKey 3280 EXIST::FUNCTION:ECDSA +EC_GROUP_new_by_nid 3281 EXIST::FUNCTION:EC +PEM_read_ECDSA_PUBKEY 3282 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_up_ref 3283 EXIST::FUNCTION:ECDSA +ENGINE_register_all_ECDSA 3284 EXIST::FUNCTION: +ECDSA_generate_key 3285 EXIST::FUNCTION:ECDSA +PEM_write_ECDSAParameters 3286 EXIST:!WIN16:FUNCTION:ECDSA +i2d_ECDSAPrivateKey_fp 3287 EXIST::FUNCTION:ECDSA,FP_API +PEM_read_ECDSAPrivateKey 3288 EXIST:!WIN16:FUNCTION:ECDSA From a0ecb9b8fc12c1ee12c5f42b5ab7c1ca7a97bfaa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Feb 2002 22:07:50 +0000 Subject: [PATCH 060/173] Remove the perl/ subdirectory. It hasn't been worked on for ages, is very broken, and there are working modules in CPAN, which makes our module even more moot. --- STATUS | 18 +- perl/MANIFEST | 17 -- perl/Makefile.PL | 45 ---- perl/OpenSSL.pm | 90 ------- perl/OpenSSL.xs | 109 -------- perl/README.1ST | 4 - perl/openssl.h | 96 ------- perl/openssl_bio.xs | 450 ------------------------------- perl/openssl_bn.xs | 593 ----------------------------------------- perl/openssl_cipher.xs | 154 ----------- perl/openssl_digest.xs | 85 ------ perl/openssl_err.xs | 47 ---- perl/openssl_ssl.xs | 483 --------------------------------- perl/openssl_x509.xs | 75 ------ perl/t/01-use.t | 13 - perl/t/02-version.t | 10 - perl/t/03-bio.t | 16 -- perl/typemap | 96 ------- 18 files changed, 1 insertion(+), 2400 deletions(-) delete mode 100644 perl/MANIFEST delete mode 100644 perl/Makefile.PL delete mode 100644 perl/OpenSSL.pm delete mode 100644 perl/OpenSSL.xs delete mode 100644 perl/README.1ST delete mode 100644 perl/openssl.h delete mode 100644 perl/openssl_bio.xs delete mode 100644 perl/openssl_bn.xs delete mode 100644 perl/openssl_cipher.xs delete mode 100644 perl/openssl_digest.xs delete mode 100644 perl/openssl_err.xs delete mode 100644 perl/openssl_ssl.xs delete mode 100644 perl/openssl_x509.xs delete mode 100644 perl/t/01-use.t delete mode 100644 perl/t/02-version.t delete mode 100644 perl/t/03-bio.t delete mode 100644 perl/typemap diff --git a/STATUS b/STATUS index 542174cdf2..fcb162cada 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/28 12:42:00 $ + ______________ $Date: 2002/02/28 22:07:50 $ DEVELOPMENT STATE @@ -91,22 +91,6 @@ which apparently is not flexible enough to generate libcrypto) - - o The perl/ stuff needs a major overhaul. Currently it's - totally obsolete. Either we clean it up and enhance it to be up-to-date - with the C code or we also could replace it with the really nice - Net::SSLeay package we can find under - http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a - longer time and it works fine and is a nice Perl module. Best would be - to convince the author to work for the OpenSSL project and create a - Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for - us. - - Status: Ralf thinks we should both contact the author of Net::SSLeay - and look how much effort it is to bring Eric's perl/ stuff up - to date. - Paul +1 - WISHES o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?] diff --git a/perl/MANIFEST b/perl/MANIFEST deleted file mode 100644 index 80c900769d..0000000000 --- a/perl/MANIFEST +++ /dev/null @@ -1,17 +0,0 @@ -README.1ST -MANIFEST -Makefile.PL -typemap -OpenSSL.pm -OpenSSL.xs -openssl.h -openssl_bio.xs -openssl_bn.xs -openssl_cipher.xs -openssl_digest.xs -openssl_err.xs -openssl_ssl.xs -openssl_x509.xs -t/01-use.t -t/02-version.t -t/03-bio.t diff --git a/perl/Makefile.PL b/perl/Makefile.PL deleted file mode 100644 index 2a67ad061d..0000000000 --- a/perl/Makefile.PL +++ /dev/null @@ -1,45 +0,0 @@ -## -## Makefile.PL -- Perl MakeMaker specification -## - -open(IN,"<../Makefile.ssl") || die "unable to open Makefile.ssl!\n"; -while() { - $V=$1 if (/^VERSION=(.*)$/); -} -close(IN); -print "Configuring companion Perl module for OpenSSL $V\n"; - -use ExtUtils::MakeMaker; - -WriteMakefile( - 'OPTIMIZE' => '', - 'DISTNAME' => "openssl-$V", - 'NAME' => 'OpenSSL', - 'VERSION_FROM' => 'OpenSSL.pm', - 'LIBS' => ( $^O eq 'MSWin32' - ? [ '-L../out32dll -lssleay32 -llibeay32' ] - : [ '-L.. -lssl -lcrypto' ] ), - 'DEFINE' => '', - 'INC' => '-I../include', - 'H' => ['openssl.h'], - 'OBJECT' => - 'OpenSSL.o ' . - 'openssl_bio.o ' . - 'openssl_bn.o ' . - 'openssl_cipher.o ' . - 'openssl_digest.o ' . - 'openssl_err.o ' . - 'openssl_ssl.o ' . - 'openssl_x509.o ', - 'XS' => { - 'OpenSSL.xs' => 'OpenSSL.c', - 'openssl_bio.xs' => 'openssl_bio.c', - 'openssl_bn.xs' => 'openssl_bn.c', - 'openssl_cipher.xs' => 'openssl_cipher.c', - 'openssl_digest.xs' => 'openssl_digest.c', - 'openssl_err.xs' => 'openssl_err.c', - 'openssl_ssl.xs' => 'openssl_ssl.c', - 'openssl_x509.xs' => 'openssl_x509.c', - }, -); - diff --git a/perl/OpenSSL.pm b/perl/OpenSSL.pm deleted file mode 100644 index ae7265a21d..0000000000 --- a/perl/OpenSSL.pm +++ /dev/null @@ -1,90 +0,0 @@ -## -## OpenSSL.pm -## - -package OpenSSL; - -require 5.000; -use Exporter; -use DynaLoader; - -@ISA = qw(Exporter DynaLoader); -@EXPORT = qw(); - -$VERSION = '0.94'; -bootstrap OpenSSL; - -@OpenSSL::BN::ISA = qw(OpenSSL::ERR); -@OpenSSL::MD::ISA = qw(OpenSSL::ERR); -@OpenSSL::Cipher::ISA = qw(OpenSSL::ERR); -@OpenSSL::SSL::CTX::ISA = qw(OpenSSL::ERR); -@OpenSSL::BIO::ISA = qw(OpenSSL::ERR); -@OpenSSL::SSL::ISA = qw(OpenSSL::ERR); - -@BN::ISA = qw(OpenSSL::BN); -@MD::ISA = qw(OpenSSL::MD); -@Cipher::ISA = qw(OpenSSL::Cipher); -@SSL::ISA = qw(OpenSSL::SSL); -@SSL::CTX::ISA = qw(OpenSSL::SSL::CTX); -@BIO::ISA = qw(OpenSSL::BIO); - -@OpenSSL::MD::names = qw( - md2 md5 sha sha1 ripemd160 mdc2 -); - -@OpenSSL::Cipher::names = qw( - des-ecb des-cfb des-ofb des-cbc - des-ede des-ede-cfb des-ede-ofb des-ede-cbc - des-ede3 des-ede3-cfb des-ede3-ofb des-ede3-cbc - desx-cbc rc4 rc4-40 - idea-ecb idea-cfb idea-ofb idea-cbc - rc2-ecb rc2-cbc rc2-40-cbc rc2-cfb rc2-ofb - bf-ecb bf-cfb bf-ofb bf-cbc - cast5-ecb cast5-cfb cast5-ofb cast5-cbc - rc5-ecb rc5-cfb rc5-ofb rc5-cbc -); - -sub OpenSSL::SSL::CTX::new_ssl { - OpenSSL::SSL::new($_[0]); -} - -sub OpenSSL::ERR::error { - my($o) = @_; - my($s, $ret); - - while (($s = $o->get_error()) != 0) { - $ret.=$s."\n"; - } - return($ret); -} - -@OpenSSL::Cipher::aliases = qw( - des desx des3 idea rc2 bf cast -); - -package OpenSSL::BN; - -sub bnfix { - (ref($_[0]) ne "OpenSSL::BN") ? OpenSSL::BN::dec2bn($_[0]) : $_[0]; -} - -use overload -"=" => sub { dup($_[0]); }, -"+" => sub { add($_[0],$_[1]); }, -"-" => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; OpenSSL::BN::sub($_[0],$_[1]); }, -"*" => sub { mul($_[0],$_[1]); }, -"**" => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; OpenSSL::BN::exp($_[0],$_[1]); }, -"/" => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; (div($_[0],$_[1]))[0]; }, -"%" => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; mod($_[0],$_[1]); }, -"<<" => sub { lshift($_[0],$_[1]); }, -">>" => sub { rshift($_[0],$_[1]); }, -"<=>" => sub { OpenSSL::BN::cmp($_[0],$_[1]); }, -'""' => sub { bn2dec($_[0]); }, -'0+' => sub { dec2bn($_[0]); }, -"bool" => sub { ref($_[0]) eq "OpenSSL::BN"; }; - -sub OpenSSL::BIO::do_accept { - OpenSSL::BIO::do_handshake(@_); -} - -1; diff --git a/perl/OpenSSL.xs b/perl/OpenSSL.xs deleted file mode 100644 index 6ef66ccc1e..0000000000 --- a/perl/OpenSSL.xs +++ /dev/null @@ -1,109 +0,0 @@ -/* -** OpenSSL.xs -*/ - -#include "openssl.h" - -SV * -new_ref(type, obj, mort) - char *type; - char *obj; -{ - SV *ret; - - if (mort) - ret = sv_newmortal(); - else - ret = newSViv(0); -#ifdef DEBUG - printf(">new_ref %d\n",type); -#endif - sv_setref_pv(ret, type, (void *)obj); - return(ret); -} - -int -ex_new(obj, data, ad, idx, argl, argp) - char *obj; - SV *data; - CRYPTO_EX_DATA *ad; - int idx; - long argl; - char *argp; -{ - SV *sv; - -#ifdef DEBUG - printf("ex_new %08X %s\n",obj,argp); -#endif - sv = sv_newmortal(); - sv_setref_pv(sv, argp, (void *)obj); -#ifdef DEBUG - printf("%d>new_ref '%s'\n", sv, argp); -#endif - CRYPTO_set_ex_data(ad, idx, (char *)sv); - return(1); -} - -void -ex_cleanup(obj, data, ad, idx, argl, argp) - char *obj; - SV *data; - CRYPTO_EX_DATA *ad; - int idx; - long argl; - char *argp; -{ - pr_name("ex_cleanup"); -#ifdef DEBUG - printf("ex_cleanup %08X %s\n", obj, argp); -#endif - if (data != NULL) - SvREFCNT_dec((SV *)data); -} - -MODULE = OpenSSL PACKAGE = OpenSSL - -PROTOTYPES: ENABLE - -BOOT: - boot_bio(); - boot_cipher(); - boot_digest(); - boot_err(); - boot_ssl(); - - /* */ - /* The next macro is the completely correct way to call a C */ - /* function that uses perl calling conventions but is not */ - /* registered with perl. */ - /* */ - /* The second macro seems to work for this context. (We just */ - /* need a mark for the called function since we don't have */ - /* any local variables and what-not.) */ - /* */ - /* Unfortunately, we need to do this because these boot_* */ - /* functions are auto-generated by xsubpp and are normally */ - /* called from DyncLoader, but we're pulling them in here. */ - /* */ -#define FULL_callBootFunc(func) { \ - dSP; \ - ENTER; \ - SAVETMPS; \ - PUSHMARK(SP); \ - func(); \ - FREETMPS; \ - LEAVE; \ - } -#define callBootFunc(func) { \ - PUSHMARK(SP); \ - func(); \ - } - callBootFunc(boot_OpenSSL__BN); - callBootFunc(boot_OpenSSL__BIO); - callBootFunc(boot_OpenSSL__Cipher); - callBootFunc(boot_OpenSSL__MD); - callBootFunc(boot_OpenSSL__ERR); - callBootFunc(boot_OpenSSL__SSL); - callBootFunc(boot_OpenSSL__X509); - diff --git a/perl/README.1ST b/perl/README.1ST deleted file mode 100644 index 7b5a1aa5e9..0000000000 --- a/perl/README.1ST +++ /dev/null @@ -1,4 +0,0 @@ - - WARNING, this Perl interface to OpenSSL is horrible incomplete. - Don't expect it to be really useable!! - diff --git a/perl/openssl.h b/perl/openssl.h deleted file mode 100644 index 2712324a30..0000000000 --- a/perl/openssl.h +++ /dev/null @@ -1,96 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "EXTERN.h" -#include "perl.h" -#include "XSUB.h" - -#ifdef __cplusplus -} -#endif - -typedef struct datum_st { - char *dptr; - int dsize; -} datum; - -#include -#include -#include -#include -#include -#include -#include - -#ifdef DEBUG -#define pr_name(name) printf("%s\n",name) -#define pr_name_d(name,p2) printf("%s %d\n",name,p2) -#define pr_name_dd(name,p2,p3) printf("%s %d %d\n",name,p2,p3) -#else -#define pr_name(name) -#define pr_name_d(name,p2) -#define pr_name_dd(name,p2,p3) -#endif - -SV *new_ref(char *type, char *obj, int mort); -int ex_new(char *obj, SV *data, CRYPTO_EX_DATA *ad, int idx, long argl, char *argp); -void ex_cleanup(char *obj, SV *data, CRYPTO_EX_DATA *ad, int idx, long argl, char *argp); - diff --git a/perl/openssl_bio.xs b/perl/openssl_bio.xs deleted file mode 100644 index 5628300d0b..0000000000 --- a/perl/openssl_bio.xs +++ /dev/null @@ -1,450 +0,0 @@ - -#include "openssl.h" - -static int p5_bio_ex_bio_ptr = 0; -static int p5_bio_ex_bio_callback = 0; -static int p5_bio_ex_bio_callback_data = 0; - -static long -p5_bio_callback(bio,state,parg,cmd,larg,ret) - BIO *bio; - int state; - char *parg; - int cmd; - long larg; - int ret; -{ - int i; - SV *me,*cb; - - me = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr); - cb = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_callback); - if (cb != NULL) { - dSP; - - ENTER; - SAVETMPS; - - PUSHMARK(sp); - XPUSHs(sv_2mortal(newSVsv(me))); - XPUSHs(sv_2mortal(newSViv(state))); - XPUSHs(sv_2mortal(newSViv(cmd))); - if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE)) - XPUSHs(sv_2mortal(newSVpv(parg,larg))); - else - XPUSHs(&PL_sv_undef); - /* ptr one */ - XPUSHs(sv_2mortal(newSViv(larg))); - XPUSHs(sv_2mortal(newSViv(ret))); - PUTBACK; - - i = perl_call_sv(cb,G_SCALAR); - - SPAGAIN; - if (i == 1) - ret = POPi; - else - ret = 1; - PUTBACK; - FREETMPS; - LEAVE; - } - else { - croak("Internal error in p5_bio_callback"); - } - return(ret); -} - -int -boot_bio(void) -{ - p5_bio_ex_bio_ptr = BIO_get_ex_new_index(0, "OpenSSL::BIO", ex_new, NULL, ex_cleanup); - p5_bio_ex_bio_callback = BIO_get_ex_new_index(0, "bio_callback", NULL, NULL, ex_cleanup); - p5_bio_ex_bio_callback_data = BIO_get_ex_new_index(0, "bio_callback_data", NULL, NULL, ex_cleanup); - return(1); -} - -MODULE = OpenSSL::BIO PACKAGE = OpenSSL::BIO PREFIX = p5_BIO_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -void -p5_BIO_new_buffer_ssl_connect(...) - PROTOTYPE: ;$ - PREINIT: - SSL_CTX *ctx; - BIO *bio; - SV *arg; - PPCODE: - if (items == 1) - arg = ST(0); - else if (items == 2) - arg = ST(1); - else - arg = NULL; - if ((arg == NULL) || !(sv_derived_from(arg,"OpenSSL::SSL::CTX"))) - croak("Usage: OpenSSL::BIO::new_buffer_ssl_connect(SSL_CTX)"); - else { - IV tmp = SvIV((SV *)SvRV(arg)); - ctx = (SSL_CTX *)tmp; - } - EXTEND(sp, 1); - bio = BIO_new_buffer_ssl_connect(ctx); - arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr); - PUSHs(arg); - -void -p5_BIO_new_ssl_connect(...) - PROTOTYPE: ;$ - PREINIT: - SSL_CTX *ctx; - BIO *bio; - SV *arg; - PPCODE: - if (items == 1) - arg = ST(0); - else if (items == 2) - arg = ST(1); - else - arg = NULL; - if ((arg == NULL) || !(sv_derived_from(arg,"OpenSSL::SSL::CTX"))) - croak("Usage: OpenSSL::BIO::new_ssl_connect(SSL_CTX)"); - else { - IV tmp = SvIV((SV *)SvRV(arg)); - ctx = (SSL_CTX *)tmp; - } - EXTEND(sp,1); - bio = BIO_new_ssl_connect(ctx); - arg = (SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr); - PUSHs(arg); - -void -p5_BIO_new(...) - PROTOTYPE: ;$ - PREINIT: - BIO *bio; - char *type; - SV *arg; - PPCODE: - pr_name("p5_BIO_new"); - if ((items == 1) && SvPOK(ST(0))) - type = SvPV_nolen(ST(0)); - else if ((items == 2) && SvPOK(ST(1))) - type = SvPV_nolen(ST(1)); - else - croak("Usage: OpenSSL::BIO::new(type)"); - EXTEND(sp,1); - if (strcmp(type, "mem") == 0) - bio=BIO_new(BIO_s_mem()); - else if (strcmp(type, "socket") == 0) - bio=BIO_new(BIO_s_socket()); - else if (strcmp(type, "connect") == 0) - bio=BIO_new(BIO_s_connect()); - else if (strcmp(type, "accept") == 0) - bio=BIO_new(BIO_s_accept()); - else if (strcmp(type, "fd") == 0) - bio=BIO_new(BIO_s_fd()); - else if (strcmp(type, "file") == 0) - bio=BIO_new(BIO_s_file()); - else if (strcmp(type, "null") == 0) - bio=BIO_new(BIO_s_null()); - else if (strcmp(type, "ssl") == 0) - bio=BIO_new(BIO_f_ssl()); - else if (strcmp(type, "buffer") == 0) - bio=BIO_new(BIO_f_buffer()); - else - croak("unknown BIO type"); - arg = (SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr); - PUSHs(arg); - -int -p5_BIO_hostname(bio, name) - BIO *bio; - char *name; - PROTOTYPE: $$ - CODE: - RETVAL = BIO_set_conn_hostname(bio, name); - OUTPUT: - RETVAL - -int -p5_BIO_set_accept_port(bio, str) - BIO *bio; - char *str; - PROTOTYPE: $$ - CODE: - RETVAL = BIO_set_accept_port(bio, str); - OUTPUT: - RETVAL - -int -p5_BIO_do_handshake(bio) - BIO *bio; - PROTOTYPE: $ - CODE: - RETVAL = BIO_do_handshake(bio); - OUTPUT: - RETVAL - -BIO * -p5_BIO_push(b, bio) - BIO *b; - BIO *bio; - PROTOTYPE: $$ - CODE: - /* This reference will be reduced when the reference is - * let go, and then when the BIO_free_all() is called - * inside the OpenSSL library by the BIO with this - * pushed into */ - bio->references++; - RETVAL = BIO_push(b, bio); - OUTPUT: - RETVAL - -void -p5_BIO_pop(b) - BIO *b - PROTOTYPE: $ - PREINIT: - BIO *bio; - char *type; - SV *arg; - PPCODE: - bio = BIO_pop(b); - if (bio != NULL) { - /* This BIO will either be one created in the - * perl library, in which case it will have a perl - * SV, otherwise it will have been created internally, - * inside OpenSSL. For the 'pushed in', it needs - * the reference count decremented. */ - arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr); - if (arg == NULL) { - arg = new_ref("OpenSSL::BIO",(char *)bio,0); - BIO_set_ex_data(bio, p5_bio_ex_bio_ptr, (char *)arg); - PUSHs(arg); - } - else { - /* it was pushed in */ - SvREFCNT_inc(arg); - PUSHs(arg); - } - } - -int -p5_BIO_sysread(bio, in, num, ...) - BIO *bio; - SV *in; - int num; - PROTOTYPE: $$$; - PREINIT: - int i,n,olen; - int offset; - char *p; - CODE: - offset = 0; - if (!SvPOK(in)) - sv_setpvn(in, "", 0); - SvPV(in, olen); - if (items > 3) { - offset = SvIV(ST(3)); - if (offset < 0) { - if (-offset > olen) - croak("Offset outside string"); - offset+=olen; - } - } - if ((num+offset) > olen) { - SvGROW(in, num+offset+1); - p=SvPV(in, i); - memset(&(p[olen]), 0, (num+offset)-olen+1); - } - p = SvPV(in,n); - i = BIO_read(bio, p+offset, num); - RETVAL = i; - if (i <= 0) - i = 0; - SvCUR_set(in, offset+i); - OUTPUT: - RETVAL - -int -p5_BIO_syswrite(bio, in, ...) - BIO *bio; - SV *in; - PROTOTYPE: $$; - PREINIT: - char *ptr; - int len,in_len; - int offset=0; - int n; - CODE: - ptr = SvPV(in, in_len); - if (items > 2) { - len = SvOK(ST(2)) ? SvIV(ST(2)) : in_len; - if (items > 3) { - offset = SvIV(ST(3)); - if (offset < 0) { - if (-offset > in_len) - croak("Offset outside string"); - offset+=in_len; - } - else if ((offset >= in_len) && (in_len > 0)) - croak("Offset outside string"); - } - if (len >= (in_len-offset)) - len = in_len-offset; - } - else - len = in_len; - RETVAL = BIO_write(bio, ptr+offset, len); - OUTPUT: - RETVAL - -void -p5_BIO_getline(bio) - BIO *bio; - PROTOTYPE: $ - PREINIT: - int i; - char *p; - PPCODE: - pr_name("p5_BIO_gets"); - EXTEND(sp, 1); - PUSHs(sv_newmortal()); - sv_setpvn(ST(0), "", 0); - SvGROW(ST(0), 1024); - p=SvPV_nolen(ST(0)); - i = BIO_gets(bio, p, 1024); - if (i < 0) - i = 0; - SvCUR_set(ST(0), i); - -int -p5_BIO_flush(bio) - BIO *bio; - PROTOTYPE: $ - CODE: - RETVAL = BIO_flush(bio); - OUTPUT: - RETVAL - -char * -p5_BIO_type(bio) - BIO *bio; - PROTOTYPE: $ - CODE: - RETVAL = bio->method->name; - OUTPUT: - RETVAL - -void -p5_BIO_next_bio(b) - BIO *b - PROTOTYPE: $ - PREINIT: - BIO *bio; - char *type; - SV *arg; - PPCODE: - bio = b->next_bio; - if (bio != NULL) { - arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr); - if (arg == NULL) { - arg = new_ref("OpenSSL::BIO", (char *)bio, 0); - BIO_set_ex_data(bio, p5_bio_ex_bio_ptr, (char *)arg); - bio->references++; - PUSHs(arg); - } - else { - SvREFCNT_inc(arg); - PUSHs(arg); - } - } - -int -p5_BIO_puts(bio, in) - BIO *bio; - SV *in; - PROTOTYPE: $$ - PREINIT: - char *ptr; - CODE: - ptr = SvPV_nolen(in); - RETVAL = BIO_puts(bio, ptr); - OUTPUT: - RETVAL - -void -p5_BIO_set_callback(bio, cb,...) - BIO *bio; - SV *cb; - PROTOTYPE: $$; - PREINIT: - SV *arg = NULL; - SV *arg2 = NULL; - CODE: - if (items > 3) - croak("Usage: OpenSSL::BIO::set_callback(bio,callback[,arg]"); - if (items == 3) { - arg2 = sv_mortalcopy(ST(2)); - SvREFCNT_inc(arg2); - BIO_set_ex_data(bio, p5_bio_ex_bio_callback_data, (char *)arg2); - } - arg = sv_mortalcopy(ST(1)); - SvREFCNT_inc(arg); - BIO_set_ex_data(bio, p5_bio_ex_bio_callback, (char *)arg); - /* printf("%08lx < bio_ptr\n",BIO_get_ex_data(bio,p5_bio_ex_bio_ptr)); */ - BIO_set_callback(bio, p5_bio_callback); - -void -p5_BIO_DESTROY(bio) - BIO *bio - PROTOTYPE: $ - PREINIT: - SV *sv; - PPCODE: - pr_name_d("p5_BIO_DESTROY",bio->references); - /* printf("p5_BIO_DESTROY <%s> %d\n",bio->method->name,bio->references); */ - BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,NULL); - BIO_free_all(bio); - -int -p5_BIO_set_ssl(bio, ssl) - BIO *bio; - SSL *ssl; - PROTOTYPE: $$ - CODE: - pr_name("p5_BIO_set_ssl"); - ssl->references++; - RETVAL = BIO_set_ssl(bio, ssl, BIO_CLOSE); - OUTPUT: - RETVAL - -int -p5_BIO_number_read(bio) - BIO *bio; - PROTOTYPE: $ - CODE: - RETVAL = BIO_number_read(bio); - OUTPUT: - RETVAL - -int -p5_BIO_number_written(bio) - BIO *bio; - PROTOTYPE: $ - CODE: - RETVAL = BIO_number_written(bio); - OUTPUT: - RETVAL - -int -p5_BIO_references(bio) - BIO *bio; - PROTOTYPE: $ - CODE: - RETVAL = bio->references; - OUTPUT: - RETVAL - diff --git a/perl/openssl_bn.xs b/perl/openssl_bn.xs deleted file mode 100644 index 6817cfb740..0000000000 --- a/perl/openssl_bn.xs +++ /dev/null @@ -1,593 +0,0 @@ - -#include "openssl.h" - -int sv_to_BIGNUM(var,arg,name) -BIGNUM **var; -SV *arg; -char *name; - { - int ret=1; - - if (sv_derived_from(arg,"OpenSSL::BN")) - { - IV tmp = SvIV((SV*)SvRV(arg)); - *var = (BIGNUM *) tmp; - } - else if (SvIOK(arg)) { - SV *tmp=sv_newmortal(); - *var=BN_new(); - BN_set_word(*var,SvIV(arg)); - sv_setref_pv(tmp,"OpenSSL::BN",(void*)*var); - } - else if (SvPOK(arg)) { - char *ptr; - STRLEN len; - SV *tmp=sv_newmortal(); - *var=BN_new(); - sv_setref_pv(tmp,"OpenSSL::BN", (void*)*var); - ptr=SvPV(arg,len); - SvGROW(arg,len+1); - ptr[len]='\0'; - BN_dec2bn(var,ptr); - } - else - { - croak(name); - ret=0; - } - return(ret); - } - -typedef struct gpc_args_st { - SV *cb; - SV *arg; - } GPC_ARGS; - -static void generate_prime_callback(pos,num,arg) -int pos; -int num; -char *arg; - { - dSP ; - int i; - GPC_ARGS *a=(GPC_ARGS *)arg; - - ENTER ; - SAVETMPS ; - - PUSHMARK(sp); - XPUSHs(sv_2mortal(newSViv(pos))); - XPUSHs(sv_2mortal(newSViv(num))); - XPUSHs(sv_2mortal(newSVsv(a->arg))); - PUTBACK; - - i=perl_call_sv(a->cb,G_DISCARD); - - SPAGAIN; - - PUTBACK; - FREETMPS; - LEAVE; - } - -MODULE = OpenSSL::BN PACKAGE = OpenSSL::BN PREFIX = p5_BN_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -void -p5_BN_new(...) - PREINIT: - BIGNUM *bn; - SV *arg; - PPCODE: - pr_name("p5_BN_new"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - bn=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)bn); - -void -p5_BN_dup(a) - BIGNUM *a; - PREINIT: - BIGNUM *bn; - PPCODE: - pr_name("p5_BN_dup"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - bn=BN_dup(a); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)bn); - -void -p5_BN_rand(bits,...) - int bits; - PREINIT: - int top=1; - int bottom=0; - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_rand"); - if ((items < 1) || (items > 3)) - croak("Usage: OpenSSL::BN::rand(bits[,top_bit][,bottombit]"); - if (items >= 2) top=(int)SvIV(ST(0)); - if (items >= 3) bottom=(int)SvIV(ST(1)); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - BN_rand(ret,bits,top,bottom); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - -void -p5_BN_bin2bn(a) - datum a; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_bin2bn"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_bin2bn(a.dptr,a.dsize,NULL); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - -void -p5_BN_bn2bin(a) - BIGNUM *a; - PREINIT: - int i; - PPCODE: - pr_name("p5_BN_bn2bin"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - i=BN_num_bytes(a)+2; - sv_setpvn(ST(0),"",1); - SvGROW(ST(0),i+1); - SvCUR_set(ST(0),BN_bn2bin(a,SvPV_nolen(ST(0)))); - -void -p5_BN_mpi2bn(a) - datum a; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_mpi2bn"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_mpi2bn(a.dptr,a.dsize,NULL); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - -void -p5_BN_bn2mpi(a) - BIGNUM *a; - PREINIT: - int i; - PPCODE: - pr_name("p5_BN_bn2mpi"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - i=BN_bn2mpi(a,NULL); - sv_setpvn(ST(0),"",1); - SvGROW(ST(0),i+1); - SvCUR_set(ST(0),BN_bn2mpi(a,SvPV_nolen(ST(0)))); - -void -p5_BN_hex2bn(a) - datum a; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_hex2bn"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_hex2bn(&ret,a.dptr); - -void -p5_BN_dec2bn(a) - datum a; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_dec2bn"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_dec2bn(&ret,a.dptr); - -SV * -p5_BN_bn2hex(a) - BIGNUM *a; - PREINIT: - char *ptr; - int i; - CODE: - pr_name("p5_BN_bn2hex"); - ptr=BN_bn2hex(a); - RETVAL=newSVpv("",0); - i=strlen(ptr); - SvGROW(RETVAL,i+1); - memcpy(SvPV_nolen(RETVAL),ptr,i+1); - SvCUR_set(RETVAL,i); - OPENSSL_free(ptr); - OUTPUT: - RETVAL - -SV * -p5_BN_bn2dec(a) - BIGNUM *a; - PREINIT: - char *ptr; - int i; - CODE: - pr_name("p5_BN_bn2dec"); - ptr=BN_bn2dec(a); - RETVAL=newSVpv("",0); - i=strlen(ptr); - SvGROW(RETVAL,i+1); - memcpy(SvPV_nolen(RETVAL),ptr,i+1); - SvCUR_set(RETVAL,i); - OPENSSL_free(ptr); - OUTPUT: - RETVAL - -void -p5_BN_add(a,b) - BIGNUM *a; - BIGNUM *b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_add"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_add(ret,a,b); - -void -p5_BN_sub(a,b) - BIGNUM *a; - BIGNUM *b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_sub"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_sub(ret,a,b); - -void -p5_BN_mul(a,b) - BIGNUM *a; - BIGNUM *b; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_mul"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_mul(ret,a,b,ctx); - -void -p5_BN_div(a,b) - BIGNUM *a; - BIGNUM *b; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *div,*mod; - PPCODE: - pr_name("p5_BN_div"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,2); - PUSHs(sv_newmortal()); - PUSHs(sv_newmortal()); - div=BN_new(); - mod=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)div); - sv_setref_pv(ST(1), "OpenSSL::BN", (void*)mod); - BN_div(div,mod,a,b,ctx); - -void -p5_BN_mod(a,b) - BIGNUM *a; - BIGNUM *b; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *rem; - PPCODE: - pr_name("p5_BN_mod"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - rem=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)rem); - BN_mod(rem,a,b,ctx); - -void -p5_BN_exp(a,p) - BIGNUM *a; - BIGNUM *p; - PREINIT: - BIGNUM *ret; - static BN_CTX *ctx=NULL; - PPCODE: - pr_name("p5_BN_exp"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_exp(ret,a,p,ctx); - -void -p5_BN_mod_mul(a,b,c) - BIGNUM *a; - BIGNUM *b; - BIGNUM *c; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_mod_mul"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_mod_mul(ret,a,b,c,ctx); - -void -p5_BN_mod_exp(a,b,c) - BIGNUM *a; - BIGNUM *b; - BIGNUM *c; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_mod_exp"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_mod_exp(ret,a,b,c,ctx); - -void -p5_BN_generate_prime(...) - PREINIT: - int bits=512; - int strong=0; - BIGNUM *ret=NULL; - SV *callback=NULL; - SV *cb_arg=NULL; - GPC_ARGS arg; - dSP; - - PPCODE: - pr_name("p5_BN_generate_prime"); - if ((items < 0) || (items > 4)) - croak("Usage: OpenSSL::BN::generate_prime(a[,strong][,callback][,cb_arg]"); - if (items >= 1) bits=(int)SvIV(ST(0)); - if (items >= 2) strong=(int)SvIV(ST(1)); - if (items >= 3) callback=ST(2); - if (items == 4) cb_arg=ST(3); - - if (callback == NULL) - ret=BN_generate_prime(ret,bits,strong,NULL,NULL,NULL,NULL); - else - { - arg.cb=callback; - arg.arg=cb_arg; - - ret=BN_generate_prime(ret,bits,strong,NULL,NULL, - generate_prime_callback,(char *)&arg); - } - - SPAGAIN; - sp-=items; /* a bit evil that I do this */ - - EXTEND(sp,1); - PUSHs(sv_newmortal()); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - -void -p5_BN_is_prime(p,...) - BIGNUM *p; - PREINIT: - int nchecks=5,ret; - SV *callback=NULL; - SV *cb_arg=NULL; - GPC_ARGS arg; - dSP; - static BN_CTX *ctx=NULL; - PPCODE: - pr_name("p5_BN_is_prime"); - if ((items < 1) || (items > 4)) - croak("Usage: OpenSSL::BN::is_prime(a[,ncheck][,callback][,callback_arg]"); - if (ctx == NULL) ctx=BN_CTX_new(); - if (items >= 2) nchecks=(int)SvIV(ST(1)); - if (items >= 3) callback=ST(2); - if (items >= 4) cb_arg=ST(3); - arg.arg=cb_arg; - if (callback == NULL) - ret=BN_is_prime(p,nchecks,NULL,ctx,NULL); - else - { - arg.cb=callback; - arg.arg=cb_arg; - ret=BN_is_prime(p,nchecks,generate_prime_callback, - ctx,(char *)&arg); - } - SPAGAIN; - sp-=items; /* a bit evil */ - PUSHs(sv_2mortal(newSViv(ret))); - -int -p5_BN_num_bits(a) - BIGNUM *a; - CODE: - pr_name("p5_BN_num_bits"); - RETVAL=BN_num_bits(a); - OUTPUT: - RETVAL - -int -p5_BN_cmp(a,b) - BIGNUM *a; - BIGNUM *b; - CODE: - pr_name("p5_BN_cmp"); - RETVAL=BN_cmp(a,b); - OUTPUT: - RETVAL - -int -p5_BN_ucmp(a,b) - BIGNUM *a; - BIGNUM *b; - CODE: - pr_name("p5_BN_ucmp"); - RETVAL=BN_ucmp(a,b); - OUTPUT: - RETVAL - -int -p5_BN_is_bit_set(a,b) - BIGNUM *a; - int b; - CODE: - pr_name("p5_BN_is_bit_set"); - RETVAL=BN_is_bit_set(a,b); - OUTPUT: - RETVAL - -void -p5_BN_set_bit(a,b) - BIGNUM *a; - int b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_set_bit"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_dup(a); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_set_bit(ret,b); - -void -p5_BN_clear_bit(a,b) - BIGNUM *a; - int b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_clear_bit"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_dup(a); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_clear_bit(ret,b); - -void -p5_BN_lshift(a,b) - BIGNUM *a; - int b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_lshift"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - if (b == 1) - BN_lshift1(ret,a); - else - BN_lshift(ret,a,b); - -void -p5_BN_rshift(a,b) - BIGNUM *a; - int b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_rshift"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - if (b == 1) - BN_rshift1(ret,a); - else - BN_rshift(ret,a,b); - -void -p5_BN_mask_bits(a,b) - BIGNUM *a; - int b; - PREINIT: - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_mask_bits"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_dup(a); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_mask_bits(ret,b); - -void -p5_BN_clear(a) - BIGNUM *a; - PPCODE: - pr_name("p5_BN_clear"); - BN_clear(a); - -void -p5_BN_gcd(a,b) - BIGNUM *a; - BIGNUM *b; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_gcd"); - if (ctx == NULL) ctx=BN_CTX_new(); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ret=BN_new(); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - BN_gcd(ret,a,b,ctx); - -void -p5_BN_mod_inverse(a,mod) - BIGNUM *a; - BIGNUM *mod; - PREINIT: - static BN_CTX *ctx=NULL; - BIGNUM *ret; - PPCODE: - pr_name("p5_BN_mod_inverse"); - if (ctx == NULL) ctx=BN_CTX_new(); - ret=BN_mod_inverse(ret,a,mod,ctx); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret); - -void -p5_BN_DESTROY(bn) - BIGNUM *bn - CODE: - pr_name("p5_BN_DESTROY"); - BN_free(bn); - diff --git a/perl/openssl_cipher.xs b/perl/openssl_cipher.xs deleted file mode 100644 index 580620ffbc..0000000000 --- a/perl/openssl_cipher.xs +++ /dev/null @@ -1,154 +0,0 @@ - -#include "openssl.h" - -int boot_cipher() - { - SSLeay_add_all_ciphers(); - return(1); - } - -MODULE = OpenSSL::Cipher PACKAGE = OpenSSL::Cipher PREFIX = p5_EVP_C_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -void -p5_EVP_C_new(...) - PREINIT: - EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *c; - char *name; - PPCODE: - if ((items == 1) && SvPOK(ST(0))) - name=SvPV_nolen(ST(0)); - else if ((items == 2) && SvPOK(ST(1))) - name=SvPV_nolen(ST(1)); - else - croak("Usage: OpenSSL::Cipher::new(type)"); - PUSHs(sv_newmortal()); - c=EVP_get_cipherbyname(name); - if (c != NULL) - { - ctx=malloc(sizeof(EVP_CIPHER_CTX)); - EVP_EncryptInit(ctx,c,NULL,NULL); - sv_setref_pv(ST(0), "OpenSSL::Cipher", (void*)ctx); - } - -datum -p5_EVP_C_name(ctx) - EVP_CIPHER_CTX *ctx - CODE: - RETVAL.dptr=OBJ_nid2ln(EVP_CIPHER_CTX_nid(ctx)); - RETVAL.dsize=strlen(RETVAL.dptr); - OUTPUT: - RETVAL - -int -p5_EVP_C_key_length(ctx) - EVP_CIPHER_CTX *ctx - CODE: - RETVAL=EVP_CIPHER_CTX_key_length(ctx); - OUTPUT: - RETVAL - -int -p5_EVP_C_iv_length(ctx) - EVP_CIPHER_CTX *ctx - CODE: - RETVAL=EVP_CIPHER_CTX_iv_length(ctx); - OUTPUT: - RETVAL - -int -p5_EVP_C_block_size(ctx) - EVP_CIPHER_CTX *ctx - CODE: - RETVAL=EVP_CIPHER_CTX_block_size(ctx); - OUTPUT: - RETVAL - -void -p5_EVP_C_init(ctx,key,iv,enc) - EVP_CIPHER_CTX *ctx - datum key - datum iv - int enc - PREINIT: - char loc_iv[EVP_MAX_IV_LENGTH]; - char loc_key[EVP_MAX_KEY_LENGTH]; - char *ip=loc_iv,*kp=loc_key; - int i; - memset(loc_iv,0,EVP_MAX_IV_LENGTH); - memset(loc_key,0,EVP_MAX_KEY_LENGTH); - CODE: - i=key.dsize; - if (key.dsize > EVP_CIPHER_CTX_key_length(ctx)) - i=EVP_CIPHER_CTX_key_length(ctx); - if (i > 0) - { - memset(kp,0,EVP_MAX_KEY_LENGTH); - memcpy(kp,key.dptr,i); - } - else - kp=NULL; - i=iv.dsize; - if (iv.dsize > EVP_CIPHER_CTX_iv_length(ctx)) - i=EVP_CIPHER_CTX_iv_length(ctx); - if (i > 0) - { - memcpy(ip,iv.dptr,i); - memset(ip,0,EVP_MAX_IV_LENGTH); - } - else - ip=NULL; - EVP_CipherInit(ctx,EVP_CIPHER_CTX_cipher(ctx),kp,ip,enc); - memset(loc_key,0,sizeof(loc_key)); - memset(loc_iv,0,sizeof(loc_iv)); - -SV * -p5_EVP_C_cipher(ctx,in) - EVP_CIPHER_CTX *ctx; - datum in; - CODE: - RETVAL=newSVpv("",0); - SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1); - EVP_Cipher(ctx,SvPV_nolen(RETVAL),in.dptr,in.dsize); - SvCUR_set(RETVAL,in.dsize); - OUTPUT: - RETVAL - -SV * -p5_EVP_C_update(ctx, in) - EVP_CIPHER_CTX *ctx - datum in - PREINIT: - int i; - CODE: - RETVAL=newSVpv("",0); - SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1); - EVP_CipherUpdate(ctx,SvPV_nolen(RETVAL),&i,in.dptr,in.dsize); - SvCUR_set(RETVAL,i); - OUTPUT: - RETVAL - -SV * -p5_EVP_C_final(ctx) - EVP_CIPHER_CTX *ctx - PREINIT: - int i; - CODE: - RETVAL=newSVpv("",0); - SvGROW(RETVAL,EVP_CIPHER_CTX_block_size(ctx)+1); - if (!EVP_CipherFinal(ctx,SvPV_nolen(RETVAL),&i)) - sv_setpv(RETVAL,"BAD DECODE"); - else - SvCUR_set(RETVAL,i); - OUTPUT: - RETVAL - -void -p5_EVP_C_DESTROY(ctx) - EVP_CIPHER_CTX *ctx - CODE: - free((char *)ctx); - diff --git a/perl/openssl_digest.xs b/perl/openssl_digest.xs deleted file mode 100644 index 4f2f8938cf..0000000000 --- a/perl/openssl_digest.xs +++ /dev/null @@ -1,85 +0,0 @@ - -#include "openssl.h" - -int boot_digest() - { - SSLeay_add_all_digests(); - return(1); - } - -MODULE = OpenSSL::MD PACKAGE = OpenSSL::MD PREFIX = p5_EVP_MD_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -# OpenSSL::MD::new(name) name= md2, md5, sha, sha1, or mdc2 -# md->name() - returns the name -# md->init() - reinitalises the digest -# md->update(data) - adds more data to digest -# digest=md->final() - returns digest -# - -void -p5_EVP_MD_new(...) - PREINIT: - EVP_MD_CTX *ctx; - const EVP_MD *md; - char *name; - PPCODE: - if ((items == 1) && SvPOK(ST(0))) - name=SvPV_nolen(ST(0)); - else if ((items == 2) && SvPOK(ST(1))) - name=SvPV_nolen(ST(1)); - else - croak("Usage: OpenSSL::MD::new(type)"); - PUSHs(sv_newmortal()); - md=EVP_get_digestbyname(name); - if (md != NULL) - { - ctx=malloc(sizeof(EVP_MD_CTX)); - EVP_DigestInit(ctx,md); - sv_setref_pv(ST(0), "OpenSSL::MD", (void*)ctx); - } - -datum -p5_EVP_MD_name(ctx) - EVP_MD_CTX *ctx - CODE: - RETVAL.dptr=OBJ_nid2ln(EVP_MD_CTX_type(ctx)); - RETVAL.dsize=strlen(RETVAL.dptr); - - OUTPUT: - RETVAL - -void -p5_EVP_MD_init(ctx) - EVP_MD_CTX *ctx - CODE: - EVP_DigestInit(ctx,EVP_MD_CTX_type(ctx)); - -void -p5_EVP_MD_update(ctx, in) - EVP_MD_CTX *ctx - datum in - CODE: - EVP_DigestUpdate(ctx,in.dptr,in.dsize); - -datum -p5_EVP_MD_final(ctx) - EVP_MD_CTX *ctx - PREINIT: - char md[EVP_MAX_MD_SIZE]; - int len; - CODE: - EVP_DigestFinal(ctx,md,&len); - RETVAL.dptr=md; - RETVAL.dsize=len; - OUTPUT: - RETVAL - -void -p5_EVP_MD_DESTROY(ctx) - EVP_MD_CTX *ctx - CODE: - free((char *)ctx); - diff --git a/perl/openssl_err.xs b/perl/openssl_err.xs deleted file mode 100644 index 3a6f698f28..0000000000 --- a/perl/openssl_err.xs +++ /dev/null @@ -1,47 +0,0 @@ - -#include "openssl.h" - -int boot_err() - { - SSL_load_error_strings(); - return(1); - } - -MODULE = OpenSSL::ERR PACKAGE = OpenSSL::ERR PREFIX = p5_ERR_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -# md->error() - returns the last error in text or numeric context - -void -p5_ERR_get_error(...) - PPCODE: - char buf[512]; - unsigned long l; - - pr_name("p5_ERR_get_code"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - l=ERR_get_error(); - ERR_error_string(l,buf); - sv_setiv(ST(0),l); - sv_setpv(ST(0),buf); - SvIOK_on(ST(0)); - -void -p5_ERR_peek_error(...) - PPCODE: - char buf[512]; - unsigned long l; - - pr_name("p5_ERR_get_code"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - l=ERR_peek_error(); - ERR_error_string(l,buf); - sv_setiv(ST(0),l); - sv_setpv(ST(0),buf); - SvIOK_on(ST(0)); - - diff --git a/perl/openssl_ssl.xs b/perl/openssl_ssl.xs deleted file mode 100644 index 146c1ace8e..0000000000 --- a/perl/openssl_ssl.xs +++ /dev/null @@ -1,483 +0,0 @@ - -#include "openssl.h" - -static int p5_ssl_ex_ssl_ptr=0; -static int p5_ssl_ex_ssl_info_callback=0; -static int p5_ssl_ex_ssl_ctx_ptr=0; -static int p5_ssl_ctx_ex_ssl_info_callback=0; - -typedef struct ssl_ic_args_st { - SV *cb; - SV *arg; - } SSL_IC_ARGS; - -static void p5_ssl_info_callback(ssl,mode,ret) -SSL *ssl; -int mode; -int ret; - { - int i; - SV *me,*cb; - - me=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr); - cb=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_info_callback); - if (cb == NULL) - cb=(SV *)SSL_CTX_get_ex_data( - SSL_get_SSL_CTX(ssl),p5_ssl_ctx_ex_ssl_info_callback); - if (cb != NULL) - { - dSP; - - PUSHMARK(sp); - XPUSHs(me); - XPUSHs(sv_2mortal(newSViv(mode))); - XPUSHs(sv_2mortal(newSViv(ret))); - PUTBACK; - - i=perl_call_sv(cb,G_DISCARD); - } - else - { - croak("Internal error in SSL p5_ssl_info_callback"); - } - } - -int boot_ssl() - { - p5_ssl_ex_ssl_ptr= - SSL_get_ex_new_index(0,"OpenSSL::SSL",ex_new,NULL,ex_cleanup); - p5_ssl_ex_ssl_info_callback= - SSL_get_ex_new_index(0,"ssl_info_callback",NULL,NULL, - ex_cleanup); - p5_ssl_ex_ssl_ctx_ptr= - SSL_get_ex_new_index(0,"ssl_ctx_ptr",NULL,NULL, - ex_cleanup); - p5_ssl_ctx_ex_ssl_info_callback= - SSL_CTX_get_ex_new_index(0,"ssl_ctx_info_callback",NULL,NULL, - ex_cleanup); - return(1); - } - -MODULE = OpenSSL::SSL PACKAGE = OpenSSL::SSL::CTX PREFIX = p5_SSL_CTX_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -void -p5_SSL_CTX_new(...) - PREINIT: - SSL_METHOD *meth; - SSL_CTX *ctx; - char *method; - PPCODE: - pr_name("p5_SSL_CTX_new"); - if ((items == 1) && SvPOK(ST(0))) - method=SvPV_nolen(ST(0)); - else if ((items == 2) && SvPOK(ST(1))) - method=SvPV_nolen(ST(1)); - else - croak("Usage: OpenSSL::SSL::CTX::new(type)"); - - if (strcmp(method,"SSLv3") == 0) - meth=SSLv3_method(); - else if (strcmp(method,"SSLv3_client") == 0) - meth=SSLv3_client_method(); - else if (strcmp(method,"SSLv3_server") == 0) - meth=SSLv3_server_method(); - else if (strcmp(method,"SSLv23") == 0) - meth=SSLv23_method(); - else if (strcmp(method,"SSLv23_client") == 0) - meth=SSLv23_client_method(); - else if (strcmp(method,"SSLv23_server") == 0) - meth=SSLv23_server_method(); - else if (strcmp(method,"SSLv2") == 0) - meth=SSLv2_method(); - else if (strcmp(method,"SSLv2_client") == 0) - meth=SSLv2_client_method(); - else if (strcmp(method,"SSLv2_server") == 0) - meth=SSLv2_server_method(); - else if (strcmp(method,"TLSv1") == 0) - meth=TLSv1_method(); - else if (strcmp(method,"TLSv1_client") == 0) - meth=TLSv1_client_method(); - else if (strcmp(method,"TLSv1_server") == 0) - meth=TLSv1_server_method(); - else - { - croak("Not a valid SSL method name, should be 'SSLv[23] [client|server]'"); - } - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ctx=SSL_CTX_new(meth); - sv_setref_pv(ST(0), "OpenSSL::SSL::CTX", (void*)ctx); - -int -p5_SSL_CTX_use_PrivateKey_file(ctx,file,...) - SSL_CTX *ctx; - char *file; - PREINIT: - int i=SSL_FILETYPE_PEM; - char *ptr; - CODE: - pr_name("p5_SSL_CTX_use_PrivateKey_file"); - if (items > 3) - croak("OpenSSL::SSL::CTX::use_PrivateKey_file(ssl_ctx,file[,type])"); - if (items == 3) - { - ptr=SvPV_nolen(ST(2)); - if (strcmp(ptr,"der") == 0) - i=SSL_FILETYPE_ASN1; - else - i=SSL_FILETYPE_PEM; - } - RETVAL=SSL_CTX_use_RSAPrivateKey_file(ctx,file,i); - OUTPUT: - RETVAL - -int -p5_SSL_CTX_set_options(ctx,...) - SSL_CTX *ctx; - PREINIT: - int i; - char *ptr; - SV *sv; - CODE: - pr_name("p5_SSL_CTX_set_options"); - - for (i=1; ireferences); - SSL_CTX_free(ctx); - -MODULE = OpenSSL::SSL PACKAGE = OpenSSL::SSL PREFIX = p5_SSL_ - -void -p5_SSL_new(...) - PREINIT: - SV *sv_ctx; - SSL_CTX *ctx; - SSL *ssl; - SV *arg; - PPCODE: - pr_name("p5_SSL_new"); - if ((items != 1) && (items != 2)) - croak("Usage: OpenSSL::SSL::new(ssl_ctx)"); - if (sv_derived_from(ST(items-1),"OpenSSL::SSL::CTX")) - { - IV tmp = SvIV((SV*)SvRV(ST(items-1))); - ctx=(SSL_CTX *)tmp; - sv_ctx=ST(items-1); - } - else - croak("ssl_ctx is not of type OpenSSL::SSL::CTX"); - - EXTEND(sp,1); - PUSHs(sv_newmortal()); - ssl=SSL_new(ctx); - sv_setref_pv(ST(0), "OpenSSL::SSL", (void*)ssl); - - /* Now this is being a little hairy, we keep a pointer to - * our perl reference. We need to do a different one - * to the one we return because it will have its reference - * count dropped to 0 upon return and if we up its reference - * count, it will never be DESTROYED */ - arg=newSVsv(ST(0)); - SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ptr,(char *)arg); - SvREFCNT_inc(sv_ctx); - SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ctx_ptr,(char *)sv_ctx); - -int -p5_SSL_connect(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_connect(ssl); - OUTPUT: - RETVAL - -int -p5_SSL_accept(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_connect(ssl); - OUTPUT: - RETVAL - -int -p5_SSL_sysread(ssl,in,num, ...) - SSL *ssl; - SV *in; - int num; - PREINIT: - int i,n,olen; - int offset; - char *p; - CODE: - offset=0; - if (!SvPOK(in)) - sv_setpvn(in,"",0); - SvPV(in,olen); - if (items > 3) - { - offset=SvIV(ST(3)); - if (offset < 0) - { - if (-offset > olen) - croak("Offset outside string"); - offset+=olen; - } - } - if ((num+offset) > olen) - { - SvGROW(in,num+offset+1); - p=SvPV(in,i); - memset(&(p[olen]),0,(num+offset)-olen+1); - } - p=SvPV(in,n); - - i=SSL_read(ssl,p+offset,num); - RETVAL=i; - if (i <= 0) i=0; - SvCUR_set(in,offset+i); - OUTPUT: - RETVAL - -int -p5_SSL_syswrite(ssl,in, ...) - SSL *ssl; - SV *in; - PREINIT: - char *ptr; - int len,in_len; - int offset=0; - int n; - CODE: - ptr=SvPV(in,in_len); - if (items > 2) - { - len=SvOK(ST(2))?SvIV(ST(2)):in_len; - if (items > 3) - { - offset=SvIV(ST(3)); - if (offset < 0) - { - if (-offset > in_len) - croak("Offset outside string"); - offset+=in_len; - } - else if ((offset >= in_len) && (in_len > 0)) - croak("Offset outside string"); - } - if (len >= (in_len-offset)) - len=in_len-offset; - } - else - len=in_len; - - RETVAL=SSL_write(ssl,ptr+offset,len); - OUTPUT: - RETVAL - -void -p5_SSL_set_bio(ssl,bio) - SSL *ssl; - BIO *bio; - CODE: - bio->references++; - SSL_set_bio(ssl,bio,bio); - -int -p5_SSL_set_options(ssl,...) - SSL *ssl; - PREINIT: - int i; - char *ptr; - SV *sv; - CODE: - pr_name("p5_SSL_set_options"); - - for (i=1; ireferences,ssl->ctx->references); -#ifdef DEBUG - fprintf(stderr,"SSL_DESTROY %d\n",ssl->references); -#endif - SSL_free(ssl); - -int -p5_SSL_references(ssl) - SSL *ssl; - CODE: - RETVAL=ssl->references; - OUTPUT: - RETVAL - -int -p5_SSL_do_handshake(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_do_handshake(ssl); - OUTPUT: - RETVAL - -int -p5_SSL_renegotiate(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_renegotiate(ssl); - OUTPUT: - RETVAL - -int -p5_SSL_shutdown(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_shutdown(ssl); - OUTPUT: - RETVAL - -char * -p5_SSL_get_version(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_get_version(ssl); - OUTPUT: - RETVAL - -SSL_CIPHER * -p5_SSL_get_current_cipher(ssl) - SSL *ssl; - CODE: - RETVAL=SSL_get_current_cipher(ssl); - OUTPUT: - RETVAL - -X509 * -p5_SSL_get_peer_certificate(ssl) - SSL *ssl - CODE: - RETVAL=SSL_get_peer_certificate(ssl); - OUTPUT: - RETVAL - -MODULE = OpenSSL::SSL PACKAGE = OpenSSL::SSL::CIPHER PREFIX = p5_SSL_CIPHER_ - -int -p5_SSL_CIPHER_get_bits(sc) - SSL_CIPHER *sc - PREINIT: - int i,ret; - PPCODE: - EXTEND(sp,2); - PUSHs(sv_newmortal()); - PUSHs(sv_newmortal()); - ret=SSL_CIPHER_get_bits(sc,&i); - sv_setiv(ST(0),(IV)ret); - sv_setiv(ST(1),(IV)i); - -char * -p5_SSL_CIPHER_get_version(sc) - SSL_CIPHER *sc - CODE: - RETVAL=SSL_CIPHER_get_version(sc); - OUTPUT: - RETVAL - -char * -p5_SSL_CIPHER_get_name(sc) - SSL_CIPHER *sc - CODE: - RETVAL=SSL_CIPHER_get_name(sc); - OUTPUT: - RETVAL - -MODULE = OpenSSL::SSL PACKAGE = OpenSSL::BIO PREFIX = p5_BIO_ - -void -p5_BIO_get_ssl(bio) - BIO *bio; - PREINIT: - SSL *ssl; - SV *ret; - int i; - PPCODE: - if ((i=BIO_get_ssl(bio,&ssl)) > 0) - { - ret=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr); - ret=sv_mortalcopy(ret); - } - else - ret= &PL_sv_undef; - EXTEND(sp,1); - PUSHs(ret); - diff --git a/perl/openssl_x509.xs b/perl/openssl_x509.xs deleted file mode 100644 index 008d959c64..0000000000 --- a/perl/openssl_x509.xs +++ /dev/null @@ -1,75 +0,0 @@ - -#include "openssl.h" - -MODULE = OpenSSL::X509 PACKAGE = OpenSSL::X509 PREFIX = p5_X509_ - -PROTOTYPES: ENABLE -VERSIONCHECK: DISABLE - -void -p5_X509_new(void ) - PREINIT: - X509 *x509; - SV *arg; - PPCODE: - pr_name("p5_X509_new"); - EXTEND(sp,1); - PUSHs(sv_newmortal()); - x509=X509_new(); - sv_setref_pv(ST(0),"OpenSSL::X509",(void *)x509); - -char * -p5_X509_get_subject_name(x509) - X509 *x509; - PREINIT: - char *p; - X509_NAME *name; - char buf[1024]; - int i; - CODE: - name=X509_get_subject_name(x509); - X509_NAME_oneline(name,buf,sizeof(buf)); - p= &(buf[0]); - RETVAL=p; - OUTPUT: - RETVAL - -char * -p5_X509_get_issuer_name(x509) - X509 *x509; - PREINIT: - char *p; - X509_NAME *name; - char buf[1024]; - int i; - CODE: - name=X509_get_issuer_name(x509); - X509_NAME_oneline(name,buf,sizeof(buf)); - p= &(buf[0]); - RETVAL=p; - OUTPUT: - RETVAL - -int -p5_X509_get_version(x509) - X509 *x509; - CODE: - RETVAL=X509_get_version(x509); - OUTPUT: - RETVAL - -BIGNUM * -p5_X509_get_serialNumber(x509) - X509 *x509; - CODE: - RETVAL=ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); - OUTPUT: - RETVAL - -void -p5_X509_DESTROY(x509) - X509 *x509; - CODE: - pr_name("p5_X509_DESTROY"); - X509_free(x509); - diff --git a/perl/t/01-use.t b/perl/t/01-use.t deleted file mode 100644 index e24fd1f504..0000000000 --- a/perl/t/01-use.t +++ /dev/null @@ -1,13 +0,0 @@ - -BEGIN { - $| = 1; - print "1..1\n"; -} -END { - print "not ok 1\n" unless $loaded; -} -use OpenSSL; -$loaded = 1; -print "ok 1\n"; - - diff --git a/perl/t/02-version.t b/perl/t/02-version.t deleted file mode 100644 index 8b5f6a0c97..0000000000 --- a/perl/t/02-version.t +++ /dev/null @@ -1,10 +0,0 @@ - -print "1..1\n"; -use OpenSSL; -if ($OpenSSL::VERSION ne '') { - print "ok 1\n"; -} -else { - print "not ok 1\n"; -} - diff --git a/perl/t/03-bio.t b/perl/t/03-bio.t deleted file mode 100644 index e3ed7ed842..0000000000 --- a/perl/t/03-bio.t +++ /dev/null @@ -1,16 +0,0 @@ - -BEGIN { - $| = 1; - print "1..1\n"; -} -END { - print "not ok 1\n" unless $ok; -} - -use OpenSSL; -my $bio = OpenSSL::BIO::new("mem") || die; -undef $bio; - -$ok = 1; -print "ok 1\n"; - diff --git a/perl/typemap b/perl/typemap deleted file mode 100644 index f67b598adf..0000000000 --- a/perl/typemap +++ /dev/null @@ -1,96 +0,0 @@ - -datum T_DATUM -EVP_MD_CTX * T_MD_CTX -EVP_CIPHER_CTX * T_CIPHER_CTX -BIGNUM * T_BIGNUM -SSL_METHOD * T_SSL_METHOD -SSL_CTX * T_SSL_CTX -SSL_CIPHER * T_SSL_CIPHER -SSL * T_SSL -BIO * T_BIO -X509 * T_X509 - -INPUT -T_DATUM - $var.dptr=SvPV($arg,$var.dsize); -T_MD_CTX - if (sv_derived_from($arg, \"OpenSSL::MD\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (EVP_MD_CTX *) tmp; - } - else - croak(\"$var is not of type OpenSSL::MD\") -T_CIPHER_CTX - if (sv_derived_from($arg, \"OpenSSL::Cipher\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (EVP_CIPHER_CTX *) tmp; - } - else - croak(\"$var is not of type OpenSSL::Cipher\") -T_BIGNUM - sv_to_BIGNUM(&($var),$arg,\"$var is not of type OpenSSL::MD, int or string\") -T_SSL_METHOD - if (sv_derived_from($arg, \"OpenSSL::SSL::METHOD\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (SSL_METHOD *) tmp; - } - else - croak(\"$var is not of type OpenSSL::SSL::METHOD\") -T_SSL_CTX - if (sv_derived_from($arg, \"OpenSSL::SSL::CTX\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (SSL_CTX *) tmp; - } - else - croak(\"$var is not of type OpenSSL::SSL::CTX\") -T_SSL_CIPHER - if (sv_derived_from($arg, \"OpenSSL::SSL::CIPHER\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (SSL_CIPHER *) tmp; - } - else - croak(\"$var is not of type OpenSSL::SSL::CIPHER\") -T_SSL - if (sv_derived_from($arg, \"OpenSSL::SSL\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (SSL *) tmp; - } - else - croak(\"$var is not of type OpenSSL::SSL\") -T_BIO - if (sv_derived_from($arg, \"OpenSSL::BIO\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (BIO *) tmp; - } - else - croak(\"$var is not of type OpenSSL::BIO\") -T_X509 - if (sv_derived_from($arg, \"OpenSSL::X509\")) { - IV tmp = SvIV((SV*)SvRV($arg)); - $var = (X509 *) tmp; - } - else - croak(\"$var is not of type OpenSSL::X509\") -OUTPUT -T_DATUM - sv_setpvn($arg,$var.dptr,$var.dsize); -T_MD_CTX - sv_setref_pv($arg, \"OpenSSL::MD\", (void*)$var); -T_CIPHER_CTX - sv_setref_pv($arg, \"OpenSSL::Cipher\", (void*)$var); -T_BIGNUM - sv_setref_pv($arg, \"OpenSSL::BN\", (void*)$var); -T_SSL_METHOD - sv_setref_pv($arg, \"OpenSSL::SSL::METHOD\", (void*)$var); -T_SSL_CTX - sv_setref_pv($arg, \"OpenSSL::SSL::CTX\", (void*)$var); -T_SSL_CIPHER - sv_setref_pv($arg, \"OpenSSL::SSL::CIPHER\", (void*)$var); -T_SSL - sv_setref_pv($arg, \"OpenSSL::SSL\", (void*)$var); -T_BIO - sv_setref_pv($arg, \"OpenSSL::BIO\", (void*)$var); -T_X509 - sv_setref_pv($arg, \"OpenSSL::X509\", (void*)$var); - - From e0a6cdcf304650b99de44c905bb514f739c9805e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 3 Mar 2002 01:25:21 +0000 Subject: [PATCH 061/173] This change was only made in 0.9.7-stable. Synchronise --- Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index 999707794d..9f51a25f48 100755 --- a/Configure +++ b/Configure @@ -518,6 +518,7 @@ my %table=( "OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-hppa","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", From c8cd7d9e0f8383317cdf66b4ea73a788a519d5f8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 3 Mar 2002 17:08:20 +0000 Subject: [PATCH 062/173] Fix warnings about signed/unsigned mismatch and global shadowing (random, index) in hw_4758_cca.c --- crypto/engine/hw_4758_cca.c | 62 ++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/crypto/engine/hw_4758_cca.c b/crypto/engine/hw_4758_cca.c index 3d01cafec4..a42baf0a54 100644 --- a/crypto/engine/hw_4758_cca.c +++ b/crypto/engine/hw_4758_cca.c @@ -97,9 +97,9 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*, static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*, UI_METHOD *ui_method, void *callback_data); -static int getModulusAndExponent(const char *token, long *exponentLength, - char *exponent, long *modulusLength, - long *modulusFieldLength, char *modulus); +static int getModulusAndExponent(const unsigned char *token, long *exponentLength, + unsigned char *exponent, long *modulusLength, + long *modulusFieldLength, unsigned char *modulus); #endif /* RAND number functions */ @@ -108,7 +108,7 @@ static int cca_get_random_bytes(unsigned char*, int ); static int cca_random_status(void); static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int index,long argl, void *argp); + int idx,long argl, void *argp); /* Function pointers for CCA verbs */ /*---------------------------------*/ @@ -359,8 +359,8 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, { RSA *rtmp = NULL; EVP_PKEY *res = NULL; - char* keyToken = NULL; - char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE]; + unsigned char* keyToken = NULL; + unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE]; long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; long returnCode; @@ -369,12 +369,12 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, long ruleArrayLength = 0; unsigned char exitData[8]; unsigned char ruleArray[8]; - char keyLabel[64]; + unsigned char keyLabel[64]; long keyLabelLength = strlen(key_id); - char modulus[256]; + unsigned char modulus[256]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; - char exponent[256]; + unsigned char exponent[256]; long exponentLength = sizeof(exponent); if (keyLabelLength > sizeof(keyLabel)) @@ -453,7 +453,7 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, { RSA *rtmp = NULL; EVP_PKEY *res = NULL; - char* keyToken = NULL; + unsigned char* keyToken = NULL; long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; long returnCode; long reasonCode; @@ -461,12 +461,12 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, long ruleArrayLength = 0; unsigned char exitData[8]; unsigned char ruleArray[8]; - char keyLabel[64]; + unsigned char keyLabel[64]; long keyLabelLength = strlen(key_id); - char modulus[512]; + unsigned char modulus[512]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; - char exponent[512]; + unsigned char exponent[512]; long exponentLength = sizeof(exponent); if (keyLabelLength > sizeof(keyLabel)) @@ -598,7 +598,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); long length = SSL_SIG_LEN; long keyLength ; - char *hashBuffer = NULL; + unsigned char *hashBuffer = NULL; X509_SIG sig; ASN1_TYPE parameter; X509_ALGOR algorithm; @@ -656,7 +656,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, return 0; } - hashBuffer = (char*)m; + hashBuffer = (unsigned char *)m; length = m_len; break; case NID_md5 : @@ -719,7 +719,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, long outputLength=256; long outputBitLength; long keyTokenLength; - char *hashBuffer = NULL; + unsigned char *hashBuffer = NULL; unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); long length = SSL_SIG_LEN; long keyLength ; @@ -779,7 +779,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); return 0; } - hashBuffer = (char*)m; + hashBuffer = (unsigned char*)m; length = m_len; break; case NID_md5 : @@ -830,9 +830,9 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, return ((returnCode || reasonCode) ? 0 : 1); } -static int getModulusAndExponent(const char*token, long *exponentLength, - char *exponent, long *modulusLength, long *modulusFieldLength, - char *modulus) +static int getModulusAndExponent(const unsigned char*token, long *exponentLength, + unsigned char *exponent, long *modulusLength, long *modulusFieldLength, + unsigned char *modulus) { unsigned long len; @@ -898,34 +898,34 @@ static int cca_get_random_bytes(unsigned char* buf, int num) long ret_code; long reason_code; long exit_data_length; - char exit_data[4]; - char form[] = "RANDOM "; - char random[8]; + unsigned char exit_data[4]; + unsigned char form[] = "RANDOM "; + unsigned char rand_buf[8]; - while(num >= sizeof(random)) + while(num >= sizeof(rand_buf)) { randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, - exit_data, form, random); + exit_data, form, rand_buf); if (ret_code) return 0; - num -= sizeof(random); - memcpy(buf, random, sizeof(random)); - buf += sizeof(random); + num -= sizeof(rand_buf); + memcpy(buf, rand_buf, sizeof(rand_buf)); + buf += sizeof(rand_buf); } if (num) { randomNumberGenerate(&ret_code, &reason_code, NULL, NULL, - form, random); + form, rand_buf); if (ret_code) return 0; - memcpy(buf, random, num); + memcpy(buf, rand_buf, num); } return 1; } -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int index, +static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { if (item) From 5c5143de487d4dfee6037f376a863f847b30af87 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 4 Mar 2002 15:58:38 +0000 Subject: [PATCH 063/173] Make it so one can select tests from within the test directory --- test/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 6a48b0b736..3e9ceac6cf 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -94,7 +94,7 @@ HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) top: - (cd ..; $(MAKE) DIRS=$(DIR) all) + (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all) all: exe From 3bac6d947949153efdb0c0864743dbcfdbec5ab9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 4 Mar 2002 16:08:13 +0000 Subject: [PATCH 064/173] Rename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain linkage clashes. --- crypto/des/asm/crypt586.pl | 8 +++--- crypto/des/asm/des-586.pl | 12 ++++----- crypto/des/asm/des686.pl | 10 ++++---- crypto/des/des_enc.c | 8 +++--- crypto/des/des_locl.h | 50 +++++++++++++++++++------------------- crypto/des/fcrypt_b.c | 2 +- crypto/des/spr.h | 2 +- 7 files changed, 46 insertions(+), 46 deletions(-) diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl index 197c413ea6..3d41d82f69 100644 --- a/crypto/des/asm/crypt586.pl +++ b/crypto/des/asm/crypt586.pl @@ -14,7 +14,7 @@ require "x86asm.pl"; $L="edi"; $R="esi"; -&external_label("des_SPtrans"); +&external_label("DES_SPtrans"); &fcrypt_body("fcrypt_body"); &asm_finish(); @@ -22,7 +22,7 @@ sub fcrypt_body { local($name,$do_ip)=@_; - &function_begin($name,"EXTRN _des_SPtrans:DWORD"); + &function_begin($name,"EXTRN _DES_SPtrans:DWORD"); &comment(""); &comment("Load the 2 words"); @@ -39,11 +39,11 @@ sub fcrypt_body { &comment(""); &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); } &mov("ebx", &swtmp(0)); &mov("eax", $L); diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl index 28b877a167..0d08e8a3a9 100644 --- a/crypto/des/asm/des-586.pl +++ b/crypto/des/asm/des-586.pl @@ -19,7 +19,7 @@ require "desboth.pl"; $L="edi"; $R="esi"; -&external_label("des_SPtrans"); +&external_label("DES_SPtrans"); &DES_encrypt("DES_encrypt1",1); &DES_encrypt("DES_encrypt2",0); &DES_encrypt3("DES_encrypt3",1); @@ -33,7 +33,7 @@ sub DES_encrypt { local($name,$do_ip)=@_; - &function_begin_B($name,"EXTRN _des_SPtrans:DWORD"); + &function_begin_B($name,"EXTRN _DES_SPtrans:DWORD"); &push("esi"); &push("edi"); @@ -80,11 +80,11 @@ sub DES_encrypt { &comment(""); &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); } &jmp(&label("end")); @@ -94,10 +94,10 @@ sub DES_encrypt { &comment(""); &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); } &set_label("end"); diff --git a/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl index f6dbab3315..d3ad5d5edd 100644 --- a/crypto/des/asm/des686.pl +++ b/crypto/des/asm/des686.pl @@ -58,7 +58,7 @@ sub DES_encrypt { local($name,$do_ip)=@_; - &function_begin($name,"EXTRN _des_SPtrans:DWORD"); + &function_begin($name,"EXTRN _DES_SPtrans:DWORD"); &comment(""); &comment("Load the 2 words"); @@ -94,11 +94,11 @@ sub DES_encrypt { &comment(""); &comment("Round $i"); - &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); + &D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); &comment(""); &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); + &D_ENCRYPT($R,$L,($i+1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); } &jmp(&label("end")); @@ -108,10 +108,10 @@ sub DES_encrypt { &comment(""); &comment("Round $i"); - &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); + &D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); &comment(""); &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); + &D_ENCRYPT($R,$L,($i-1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); } &set_label("end"); diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c index dfabd49198..1c37ab96d3 100644 --- a/crypto/des/des_enc.c +++ b/crypto/des/des_enc.c @@ -62,7 +62,7 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { register DES_LONG l,r,t,u; #ifdef DES_PTR - register const unsigned char *des_SP=(const unsigned char *)des_SPtrans; + register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; #endif #ifndef DES_UNROLL register int i; @@ -75,7 +75,7 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) IP(r,l); /* Things have been modified so that the initial rotate is * done outside the loop. This required the - * des_SPtrans values in sp.h to be rotated 1 bit to the right. + * DES_SPtrans values in sp.h to be rotated 1 bit to the right. * One perl script later and things have a 5% speed up on a sparc2. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> * for pointing this out. */ @@ -160,7 +160,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) { register DES_LONG l,r,t,u; #ifdef DES_PTR - register const unsigned char *des_SP=(const unsigned char *)des_SPtrans; + register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; #endif #ifndef DES_UNROLL register int i; @@ -172,7 +172,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) /* Things have been modified so that the initial rotate is * done outside the loop. This required the - * des_SPtrans values in sp.h to be rotated 1 bit to the right. + * DES_SPtrans values in sp.h to be rotated 1 bit to the right. * One perl script later and things have a 5% speed up on a sparc2. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> * for pointing this out. */ diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h index 9a3ef9c9cd..70e833be3f 100644 --- a/crypto/des/des_locl.h +++ b/crypto/des/des_locl.h @@ -283,24 +283,24 @@ u1=(int)u&0x3f; \ u2&=0x3f; \ u>>=16L; \ - LL^=des_SPtrans[0][u1]; \ - LL^=des_SPtrans[2][u2]; \ + LL^=DES_SPtrans[0][u1]; \ + LL^=DES_SPtrans[2][u2]; \ u3=(int)u>>8L; \ u1=(int)u&0x3f; \ u3&=0x3f; \ - LL^=des_SPtrans[4][u1]; \ - LL^=des_SPtrans[6][u3]; \ + LL^=DES_SPtrans[4][u1]; \ + LL^=DES_SPtrans[6][u3]; \ u2=(int)t>>8L; \ u1=(int)t&0x3f; \ u2&=0x3f; \ t>>=16L; \ - LL^=des_SPtrans[1][u1]; \ - LL^=des_SPtrans[3][u2]; \ + LL^=DES_SPtrans[1][u1]; \ + LL^=DES_SPtrans[3][u2]; \ u3=(int)t>>8L; \ u1=(int)t&0x3f; \ u3&=0x3f; \ - LL^=des_SPtrans[5][u1]; \ - LL^=des_SPtrans[7][u3]; } + LL^=DES_SPtrans[5][u1]; \ + LL^=DES_SPtrans[7][u3]; } #endif #ifdef DES_RISC2 #define D_ENCRYPT(LL,R,S) {\ @@ -311,25 +311,25 @@ u2=(int)u>>8L; \ u1=(int)u&0x3f; \ u2&=0x3f; \ - LL^=des_SPtrans[0][u1]; \ - LL^=des_SPtrans[2][u2]; \ + LL^=DES_SPtrans[0][u1]; \ + LL^=DES_SPtrans[2][u2]; \ s1=(int)u>>16L; \ s2=(int)u>>24L; \ s1&=0x3f; \ s2&=0x3f; \ - LL^=des_SPtrans[4][s1]; \ - LL^=des_SPtrans[6][s2]; \ + LL^=DES_SPtrans[4][s1]; \ + LL^=DES_SPtrans[6][s2]; \ u2=(int)t>>8L; \ u1=(int)t&0x3f; \ u2&=0x3f; \ - LL^=des_SPtrans[1][u1]; \ - LL^=des_SPtrans[3][u2]; \ + LL^=DES_SPtrans[1][u1]; \ + LL^=DES_SPtrans[3][u2]; \ s1=(int)t>>16; \ s2=(int)t>>24L; \ s1&=0x3f; \ s2&=0x3f; \ - LL^=des_SPtrans[5][s1]; \ - LL^=des_SPtrans[7][s2]; } + LL^=DES_SPtrans[5][s1]; \ + LL^=DES_SPtrans[7][s2]; } #endif #else @@ -338,14 +338,14 @@ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ t=ROTATE(t,4); \ LL^=\ - des_SPtrans[0][(u>> 2L)&0x3f]^ \ - des_SPtrans[2][(u>>10L)&0x3f]^ \ - des_SPtrans[4][(u>>18L)&0x3f]^ \ - des_SPtrans[6][(u>>26L)&0x3f]^ \ - des_SPtrans[1][(t>> 2L)&0x3f]^ \ - des_SPtrans[3][(t>>10L)&0x3f]^ \ - des_SPtrans[5][(t>>18L)&0x3f]^ \ - des_SPtrans[7][(t>>26L)&0x3f]; } + DES_SPtrans[0][(u>> 2L)&0x3f]^ \ + DES_SPtrans[2][(u>>10L)&0x3f]^ \ + DES_SPtrans[4][(u>>18L)&0x3f]^ \ + DES_SPtrans[6][(u>>26L)&0x3f]^ \ + DES_SPtrans[1][(t>> 2L)&0x3f]^ \ + DES_SPtrans[3][(t>>10L)&0x3f]^ \ + DES_SPtrans[5][(t>>18L)&0x3f]^ \ + DES_SPtrans[7][(t>>26L)&0x3f]; } #endif #endif @@ -410,7 +410,7 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } -OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64]; +OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64]; void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, DES_LONG Eswap0, DES_LONG Eswap1); diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c index 8b6b0e8856..1390138787 100644 --- a/crypto/des/fcrypt_b.c +++ b/crypto/des/fcrypt_b.c @@ -82,7 +82,7 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, { register DES_LONG l,r,t,u; #ifdef DES_PTR - register const unsigned char *des_SP=(const unsigned char *)des_SPtrans; + register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; #endif register DES_LONG *s; register int j; diff --git a/crypto/des/spr.h b/crypto/des/spr.h index b8fbdcf8d3..b91936a5a5 100644 --- a/crypto/des/spr.h +++ b/crypto/des/spr.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -OPENSSL_GLOBAL const DES_LONG des_SPtrans[8][64]={ +OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={ { /* nibble 0 */ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, From a08ee55e2d265f3c73964baef8cefc5ecbe79a02 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 4 Mar 2002 18:07:59 +0000 Subject: [PATCH 065/173] Typo. In DCL, the continuation character is a dash at the end of the line, which I forgot when spliting one. --- crypto/crypto-lib.com | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index ec6862e3c2..6edf5c2532 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -187,7 +187,7 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "enc_read,enc_writ,ofb64enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - "des_enc,fcrypt_b,"+ - - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ + "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ - "ede_cbcm_enc,des_old,read2pwd" $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" $ LIB_RC4 = "rc4_skey,rc4_enc" From 93683c3cf8a11c8f0afca499f392f510668f20ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 09:07:16 +0000 Subject: [PATCH 066/173] '#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change --- demos/easy_tls/easy-tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 25aedb94d9..9cd8314c3e 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -1,7 +1,7 @@ /* -*- Mode: C; c-file-style: "bsd" -*- */ /* * easy-tls.c -- generic TLS proxy. - * $Id: easy-tls.c,v 1.3 2002/02/28 10:52:01 bodo Exp $ + * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $ */ /* (c) Copyright 1999 Bodo Moeller. All rights reserved. @@ -73,7 +73,7 @@ */ static char const rcsid[] = -"$Id: easy-tls.c,v 1.3 2002/02/28 10:52:01 bodo Exp $"; +"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $"; #include #include @@ -567,8 +567,13 @@ no_passphrase_callback(char *buf, int num, int w, void *arg) return -1; } +#if OPENSSL_VERSION_NUMBER >= 0x00907000L static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg) +#else +static int +verify_dont_fail_cb(X509_STORE_CTX *c) +#endif { int i; From b44e425f391a7a0be6f03caaf7eb5664b77bb2e8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 5 Mar 2002 09:43:18 +0000 Subject: [PATCH 067/173] New configuration targets for OpenBSD, handed to me by Bob Beck --- Configure | 16 +++++++++++----- config | 10 +++++++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/Configure b/Configure index 9f51a25f48..39bbe88f6a 100755 --- a/Configure +++ b/Configure @@ -514,11 +514,17 @@ my %table=( ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", # Some OpenBSD from Bob Beck -"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-hppa","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-alpha", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-m88k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-mips", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-powerpc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenBSD-hppa", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", diff --git a/config b/config index 3c7c4adb2e..d1ca5452da 100755 --- a/config +++ b/config @@ -613,9 +613,17 @@ EOF *86*-*-netbsd) OUT="NetBSD-x86" ;; sun3*-*-netbsd) OUT="NetBSD-m68" ;; *-*-netbsd) OUT="NetBSD-sparc" ;; - *86*-*-openbsd) OUT="OpenBSD-x86" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; + *86*-*-openbsd) OUT="OpenBSD-i386" ;; + m68k*-*-openbsd) OUT="OpenBSD-m68k" ;; + m88k*-*-openbsd) OUT="OpenBSD-m88k" ;; + mips*-*-openbsd) OUT="OpenBSD-mips" ;; pmax*-*-openbsd) OUT="OpenBSD-mips" ;; + powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;; + sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;; + sparc*-*-openbsd) OUT="OpenBSD-sparc" ;; + vax*-*-openbsd) OUT="OpenBSD-vax" ;; + hppa*-*-openbsd) OUT="OpenBSD-hppa" ;; *-*-openbsd) OUT="OpenBSD" ;; *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;; *-*-osf) OUT="alphaold-cc" ;; From 49f1597de2a849938cac32d71f2d4844b45511f7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 5 Mar 2002 11:26:03 +0000 Subject: [PATCH 068/173] Provide a pre 0.9.7 compatibility mapping if OPENSSL_DES_PRE_0_9_7_COMPATIBILITY is defined. NOT AT ALL TESTED YET! Add a comment as to the libdes compatibility. --- crypto/des/des_old.h | 207 +++++++++++++++++++++++++++++++------------ 1 file changed, 150 insertions(+), 57 deletions(-) diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 9807415daa..1af7189211 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -96,19 +96,111 @@ extern "C" { #endif -typedef unsigned char des_cblock[8]; -typedef struct des_ks_struct +typedef unsigned char _ossl_old_des_cblock[8]; +typedef struct _ossl_old_des_ks_struct { union { - des_cblock _; + _ossl_old_des_des_cblock _; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG pad[2]; } ks; - } des_key_schedule[16]; + } _ossl_old_des_key_schedule[16]; -/* Map all function names to _ossl_old_des_* form, so we avoid all +#ifdef OPENSSL_DES_PRE_0_9_7_COMPATIBILITY +#define des_cblock DES_cblock +#define des_key_schedule DES_key_schedule +#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) +#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) +#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) +#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) +#define des_options()\ + DES_options() +#define des_cbc_cksum(i,o,l,k,iv)\ + DES_cbc_cksum((i),(o),(l),(k),(iv)) +#define des_cbc_encrypt(i,o,l,k,iv,e)\ + DES_cbc_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_ncbc_encrypt(i,o,l,k,iv,e)\ + DES_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ + DES_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) +#define des_cfb_encrypt(i,o,l,k,iv,e)\ + DES_cfb_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_ecb_encrypt(i,o,k,e)\ + DES_ecb_encrypt((i),(o),(k),(e)) +#define des_encrypt(d,k,e)\ + DES_encrypt((d),(k),(e)) +#define des_encrypt2(d,k,e)\ + DES_encrypt2((d),(k),(e)) +#define des_encrypt3(d,k1,k2,k3)\ + DES_encrypt3((d),(k1),(k2),(k3)) +#define des_decrypt3(d,k1,k2,k3)\ + DES_decrypt3((d),(k1),(k2),(k3)) +#define des_xwhite_in2out(k,i,o)\ + DES_xwhite_in2out((k),(i),(o)) +#define des_enc_read(f,b,l,k,iv)\ + DES_enc_read((f),(b),(l),(k),(iv)) +#define des_enc_write(f,b,l,k,iv)\ + DES_enc_write((f),(b),(l),(k),(iv)) +#define des_fcrypt(b,s,r)\ + DES_fcrypt((b),(s),(r)) +#define des_crypt(b,s)\ + DES_crypt((b),(s)) +#define des_ofb_encrypt(i,o,n,l,k,iv)\ + DES_ofb_encrypt((i),(o),(n),(l),(k),(iv)) +#define des_pcbc_encrypt(i,o,l,k,iv,e)\ + DES_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_quad_cksum(i,o,l,c,s)\ + DES_quad_cksum((i),(o),(l),(c),(s)) +#define des_random_seed(k)\ + DES_random_seed((k)) +#define des_random_key(r)\ + DES_random_key((r)) +#define des_read_password(k,p,v) \ + DES_read_password((k),(p),(v)) +#define des_read_2passwords(k1,k2,p,v) \ + DES_read_2passwords((k1),(k2),(p),(v)) +#define des_set_odd_parity(k)\ + DES_set_odd_parity((k)) +#define des_is_weak_key(k)\ + DES_is_weak_key((k)) +#define des_set_key(k,ks)\ + DES_set_key((k),(ks)) +#define des_key_sched(k,ks)\ + DES_key_sched((k),(ks)) +#define des_string_to_key(s,k)\ + DES_string_to_key((s),(k)) +#define des_string_to_2keys(s,k1,k2)\ + DES_string_to_2keys((s),(k1),(k2)) +#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ + DES_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) +#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ + DES_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) + + +#define des_ecb2_encrypt(i,o,k1,k2,e) \ + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +#define des_check_key DES_check_key +#define des_rw_mode DES_rw_mode +#else /* libdes compatibility */ +/* Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with libdes */ +#define des_cblock _ossl_old_des_cblock +#define des_key_schedule _ossl_old_des_key_schedule #define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ @@ -197,76 +289,77 @@ typedef struct des_ks_struct #define des_check_key DES_check_key #define des_rw_mode DES_rw_mode +#endif const char *_ossl_old_des_options(void); -void _ossl_old_des_ecb3_encrypt(des_cblock *input,des_cblock *output, - des_key_schedule ks1,des_key_schedule ks2, - des_key_schedule ks3, int enc); -DES_LONG _ossl_old_des_cbc_cksum(des_cblock *input,des_cblock *output, - long length,des_key_schedule schedule,des_cblock *ivec); -void _ossl_old_des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc); -void _ossl_old_des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc); -void _ossl_old_des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec, - des_cblock *inw,des_cblock *outw,int enc); +void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, int enc); +DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); +void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec, + _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc); void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, - long length,des_key_schedule schedule,des_cblock *ivec,int enc); -void _ossl_old_des_ecb_encrypt(des_cblock *input,des_cblock *output, - des_key_schedule ks,int enc); -void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); -void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); -void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3); -void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3); -void _ossl_old_des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int enc); + long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + _ossl_old_des_key_schedule ks,int enc); +void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); +void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); +void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); +void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); +void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, + long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc); void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num, int enc); + long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc); void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num); + long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); -void _ossl_old_des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white), - des_cblock (*out_white)); +void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), + _ossl_old_des_cblock (*out_white)); -int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, - des_cblock *iv); -int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched, - des_cblock *iv); +int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, + _ossl_old_des_cblock *iv); +int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, + _ossl_old_des_cblock *iv); char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); char *_ossl_old_des_crypt(const char *buf,const char *salt); #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) char *_ossl_old_crypt(const char *buf,const char *salt); #endif void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, - int numbits,long length,des_key_schedule schedule,des_cblock *ivec); -void _ossl_old_des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc); -DES_LONG _ossl_old_des_quad_cksum(des_cblock *input,des_cblock *output, - long length,int out_count,des_cblock *seed); -void _ossl_old_des_random_seed(des_cblock key); -void _ossl_old_des_random_key(des_cblock ret); -int _ossl_old_des_read_password(des_cblock *key,const char *prompt,int verify); -int _ossl_old_des_read_2passwords(des_cblock *key1,des_cblock *key2, + int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); +void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + long length,int out_count,_ossl_old_des_cblock *seed); +void _ossl_old_des_random_seed(_ossl_old_des_cblock key); +void _ossl_old_des_random_key(_ossl_old_des_cblock ret); +int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify); +int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2, const char *prompt,int verify); -void _ossl_old_des_set_odd_parity(des_cblock *key); -int _ossl_old_des_is_weak_key(des_cblock *key); -int _ossl_old_des_set_key(des_cblock *key,des_key_schedule schedule); -int _ossl_old_des_key_sched(des_cblock *key,des_key_schedule schedule); -void _ossl_old_des_string_to_key(char *str,des_cblock *key); -void _ossl_old_des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); +void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); +int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); +int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); +int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); +void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key); +void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2); void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, des_cblock *ivec, int *num, int enc); + _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc); void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, des_cblock *ivec, int *num); + _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num); /* The following definitions provide compatibility with the MIT Kerberos - * library. The des_key_schedule structure is not binary compatible. */ + * library. The _ossl_old_des_key_schedule structure is not binary compatible. */ #define _KERBEROS_DES_H From f070480275d5638948465e68fd46ce4692a6e28a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 12:37:35 +0000 Subject: [PATCH 069/173] disable '#ifdef DEBUG' code --- crypto/lhash/lh_stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index bdfbc8eaea..39ea2885f4 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -88,7 +88,7 @@ void lh_stats(LHASH *lh, FILE *out) fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); -#ifdef DEBUG +#if 0 fprintf(out,"p = %u\n",lh->p); fprintf(out,"pmax = %u\n",lh->pmax); fprintf(out,"up_load = %lu\n",lh->up_load); @@ -213,7 +213,7 @@ void lh_stats_bio(const LHASH *lh, BIO *out) BIO_puts(out,buf); sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); BIO_puts(out,buf); -#ifdef DEBUG +#if 0 sprintf(buf,"p = %u\n",lh->p); BIO_puts(out,buf); sprintf(buf,"pmax = %u\n",lh->pmax); From 2d9b1b3ffaec2cb482ae74899f2588ef0ddf97c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 12:39:19 +0000 Subject: [PATCH 070/173] more X9.62 OIDs Submitted by: Nils Larsch --- CHANGES | 3 + crypto/objects/obj_dat.h | 131 +++++++++++++++++++++++++++++++++++-- crypto/objects/obj_mac.h | 96 +++++++++++++++++++++++++++ crypto/objects/obj_mac.num | 24 +++++++ crypto/objects/objects.txt | 26 +++++++- 5 files changed, 273 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 4cd9fc1d69..5cb5422661 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] + *) Add more X9.62 OIDs. + [Nils Larsch ] + *) Add ECDSA in new directory crypto/ecdsa/. Add applications 'openssl ecdsaparam' and 'openssl ecdsa' diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index b095fd3148..81a5845d02 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 503 -#define NUM_SN 501 -#define NUM_LN 501 -#define NUM_OBJ 475 +#define NUM_NID 527 +#define NUM_SN 525 +#define NUM_LN 525 +#define NUM_OBJ 499 -static unsigned char lvalues[3837]={ +static unsigned char lvalues[4032]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -543,6 +543,30 @@ static unsigned char lvalues[3837]={ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3806] OBJ_dITRedirect */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3816] OBJ_audio */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3826] OBJ_documentPublisher */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [3836] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [3844] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [3853] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [3862] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [3871] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [3879] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [3887] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [3895] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [3903] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [3911] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [3919] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [3927] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [3935] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [3943] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [3951] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [3959] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [3967] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [3975] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [3983] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [3991] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [3999] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4007] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4015] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4023] OBJ_X9_62_c2tnb431r1 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1315,6 +1339,31 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"audio","audio",NID_audio,10,&(lvalues[3816]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, &(lvalues[3826]),0}, +{"id-characteristic-two-basis","id-characteristic-two-basis", + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[3836]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[3844]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[3853]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[3862]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[3871]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[3879]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[3887]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[3895]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[3903]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[3911]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[3919]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[3927]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[3935]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[3943]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[3951]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[3959]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[3967]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[3975]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[3983]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[3991]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[3999]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4007]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4015]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4023]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1468,6 +1517,26 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[365]),/* "basicOCSPResponse" */ &(nid_objs[285]),/* "biometricInfo" */ &(nid_objs[494]),/* "buildingName" */ +&(nid_objs[514]),/* "c2onb191v4" */ +&(nid_objs[515]),/* "c2onb191v5" */ +&(nid_objs[520]),/* "c2onb239v4" */ +&(nid_objs[521]),/* "c2onb239v5" */ +&(nid_objs[507]),/* "c2pnb163v1" */ +&(nid_objs[508]),/* "c2pnb163v2" */ +&(nid_objs[509]),/* "c2pnb163v3" */ +&(nid_objs[510]),/* "c2pnb176v1" */ +&(nid_objs[516]),/* "c2pnb208w1" */ +&(nid_objs[522]),/* "c2pnb272w1" */ +&(nid_objs[523]),/* "c2pnb304w1" */ +&(nid_objs[525]),/* "c2pnb368w1" */ +&(nid_objs[511]),/* "c2tnb191v1" */ +&(nid_objs[512]),/* "c2tnb191v2" */ +&(nid_objs[513]),/* "c2tnb191v3" */ +&(nid_objs[517]),/* "c2tnb239v1" */ +&(nid_objs[518]),/* "c2tnb239v2" */ +&(nid_objs[519]),/* "c2tnb239v3" */ +&(nid_objs[524]),/* "c2tnb359v1" */ +&(nid_objs[526]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[179]),/* "caIssuers" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ @@ -1541,6 +1610,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[362]),/* "id-cct-PKIResponse" */ &(nid_objs[360]),/* "id-cct-crs" */ &(nid_objs[81]),/* "id-ce" */ +&(nid_objs[503]),/* "id-characteristic-two-basis" */ &(nid_objs[263]),/* "id-cmc" */ &(nid_objs[334]),/* "id-cmc-addExtensions" */ &(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ @@ -1732,6 +1802,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[73]),/* "nsRevocationUrl" */ &(nid_objs[139]),/* "nsSGC" */ &(nid_objs[77]),/* "nsSslServerName" */ +&(nid_objs[504]),/* "onBasis" */ &(nid_objs[491]),/* "organizationalStatus" */ &(nid_objs[475]),/* "otherMailbox" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ @@ -1764,6 +1835,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ +&(nid_objs[506]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ &(nid_objs[410]),/* "prime192v2" */ @@ -1810,6 +1882,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[133]),/* "timeStamping" */ +&(nid_objs[505]),/* "tpBasis" */ &(nid_objs[375]),/* "trustRoot" */ &(nid_objs[436]),/* "ucl" */ &(nid_objs[102]),/* "uniqueIdentifier" */ @@ -1943,6 +2016,26 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[92]),/* "bf-ecb" */ &(nid_objs[94]),/* "bf-ofb" */ &(nid_objs[494]),/* "buildingName" */ +&(nid_objs[514]),/* "c2onb191v4" */ +&(nid_objs[515]),/* "c2onb191v5" */ +&(nid_objs[520]),/* "c2onb239v4" */ +&(nid_objs[521]),/* "c2onb239v5" */ +&(nid_objs[507]),/* "c2pnb163v1" */ +&(nid_objs[508]),/* "c2pnb163v2" */ +&(nid_objs[509]),/* "c2pnb163v3" */ +&(nid_objs[510]),/* "c2pnb176v1" */ +&(nid_objs[516]),/* "c2pnb208w1" */ +&(nid_objs[522]),/* "c2pnb272w1" */ +&(nid_objs[523]),/* "c2pnb304w1" */ +&(nid_objs[525]),/* "c2pnb368w1" */ +&(nid_objs[511]),/* "c2tnb191v1" */ +&(nid_objs[512]),/* "c2tnb191v2" */ +&(nid_objs[513]),/* "c2tnb191v3" */ +&(nid_objs[517]),/* "c2tnb239v1" */ +&(nid_objs[518]),/* "c2tnb239v2" */ +&(nid_objs[519]),/* "c2tnb239v3" */ +&(nid_objs[524]),/* "c2tnb359v1" */ +&(nid_objs[526]),/* "c2tnb431r1" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[108]),/* "cast5-cbc" */ @@ -2031,6 +2124,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[362]),/* "id-cct-PKIResponse" */ &(nid_objs[360]),/* "id-cct-crs" */ &(nid_objs[81]),/* "id-ce" */ +&(nid_objs[503]),/* "id-characteristic-two-basis" */ &(nid_objs[263]),/* "id-cmc" */ &(nid_objs[334]),/* "id-cmc-addExtensions" */ &(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ @@ -2209,6 +2303,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[488]),/* "mobileTelephoneNumber" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ +&(nid_objs[504]),/* "onBasis" */ &(nid_objs[379]),/* "org" */ &(nid_objs[17]),/* "organizationName" */ &(nid_objs[491]),/* "organizationalStatus" */ @@ -2254,6 +2349,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[22]),/* "pkcs7-signedData" */ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ +&(nid_objs[506]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ &(nid_objs[410]),/* "prime192v2" */ @@ -2312,6 +2408,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[106]),/* "title" */ +&(nid_objs[505]),/* "tpBasis" */ &(nid_objs[436]),/* "ucl" */ &(nid_objs[ 0]),/* "undefined" */ &(nid_objs[102]),/* "uniqueIdentifier" */ @@ -2454,6 +2551,27 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ &(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ &(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +&(nid_objs[503]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ +&(nid_objs[507]),/* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ +&(nid_objs[508]),/* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ +&(nid_objs[509]),/* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ +&(nid_objs[510]),/* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ +&(nid_objs[511]),/* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ +&(nid_objs[512]),/* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ +&(nid_objs[513]),/* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ +&(nid_objs[514]),/* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ +&(nid_objs[515]),/* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ +&(nid_objs[516]),/* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ +&(nid_objs[517]),/* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ +&(nid_objs[518]),/* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ +&(nid_objs[519]),/* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ +&(nid_objs[520]),/* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ +&(nid_objs[521]),/* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ +&(nid_objs[522]),/* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ +&(nid_objs[523]),/* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ +&(nid_objs[524]),/* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ +&(nid_objs[525]),/* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ +&(nid_objs[526]),/* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ &(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ &(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ &(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ @@ -2605,6 +2723,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[188]),/* OBJ_SMIME 1 2 840 113549 1 9 16 */ &(nid_objs[156]),/* OBJ_friendlyName 1 2 840 113549 1 9 20 */ &(nid_objs[157]),/* OBJ_localKeyID 1 2 840 113549 1 9 21 */ +&(nid_objs[504]),/* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ +&(nid_objs[505]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ +&(nid_objs[506]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ &(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ &(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ &(nid_objs[315]),/* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 9f11fd463f..ba506b1b2a 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -136,6 +136,22 @@ #define NID_X9_62_characteristic_two_field 407 #define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 503 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 504 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 505 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 506 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + #define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L #define SN_X9_62_id_ecPublicKey "id-ecPublicKey" @@ -146,6 +162,86 @@ #define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 507 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 508 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 509 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 510 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 511 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 512 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 513 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 514 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 515 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 516 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 517 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 518 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 519 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 520 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 521 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 522 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 523 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 524 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 525 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 526 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + #define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L #define SN_X9_62_prime192v1 "prime192v1" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 52c75f7411..1d1fee0683 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -500,3 +500,27 @@ personalSignature 499 dITRedirect 500 audio 501 documentPublisher 502 +X9_62_id_characteristic_two_basis 503 +X9_62_onBasis 504 +X9_62_tpBasis 505 +X9_62_ppBasis 506 +X9_62_c2pnb163v1 507 +X9_62_c2pnb163v2 508 +X9_62_c2pnb163v3 509 +X9_62_c2pnb176v1 510 +X9_62_c2tnb191v1 511 +X9_62_c2tnb191v2 512 +X9_62_c2tnb191v3 513 +X9_62_c2onb191v4 514 +X9_62_c2onb191v5 515 +X9_62_c2pnb208w1 516 +X9_62_c2tnb239v1 517 +X9_62_c2tnb239v2 518 +X9_62_c2tnb239v3 519 +X9_62_c2onb239v4 520 +X9_62_c2onb239v5 521 +X9_62_c2pnb272w1 522 +X9_62_c2pnb304w1 523 +X9_62_c2tnb359v1 524 +X9_62_c2pnb368w1 525 +X9_62_c2tnb431r1 526 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 9a969ccd32..f116c0af1b 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -24,12 +24,34 @@ ISO-US 10045 : ansi-X9-62 : ANSI X9.62 !Alias id-fieldType ansi-X9-62 1 X9-62_id-fieldType 1 : prime-field X9-62_id-fieldType 2 : characteristic-two-field -# ... characteristic-two-field OID subtree +X9-62_characteristic-two-field 3 : id-characteristic-two-basis +X9-62_id-characteristic-two-basis 1 : onBasis +X9-62_id-characteristic-two-basis 2 : tpBasis +X9-62_id-characteristic-two-basis 3 : ppBasis !Alias id-publicKeyType ansi-X9-62 2 X9-62_id-publicKeyType 1 : id-ecPublicKey !Alias ellipticCurve ansi-X9-62 3 !Alias c-TwoCurve X9-62_ellipticCurve 0 -# ... characteristic 2 curve OIDs +X9-62_c-TwoCurve 1 : c2pnb163v1 +X9-62_c-TwoCurve 2 : c2pnb163v2 +X9-62_c-TwoCurve 3 : c2pnb163v3 +X9-62_c-TwoCurve 4 : c2pnb176v1 +X9-62_c-TwoCurve 5 : c2tnb191v1 +X9-62_c-TwoCurve 6 : c2tnb191v2 +X9-62_c-TwoCurve 7 : c2tnb191v3 +X9-62_c-TwoCurve 8 : c2onb191v4 +X9-62_c-TwoCurve 9 : c2onb191v5 +X9-62_c-TwoCurve 10 : c2pnb208w1 +X9-62_c-TwoCurve 11 : c2tnb239v1 +X9-62_c-TwoCurve 12 : c2tnb239v2 +X9-62_c-TwoCurve 13 : c2tnb239v3 +X9-62_c-TwoCurve 14 : c2onb239v4 +X9-62_c-TwoCurve 15 : c2onb239v5 +X9-62_c-TwoCurve 16 : c2pnb272w1 +X9-62_c-TwoCurve 17 : c2pnb304w1 +X9-62_c-TwoCurve 18 : c2tnb359v1 +X9-62_c-TwoCurve 19 : c2pnb368w1 +X9-62_c-TwoCurve 20 : c2tnb431r1 !Alias primeCurve X9-62_ellipticCurve 1 X9-62_primeCurve 1 : prime192v1 X9-62_primeCurve 2 : prime192v2 From 2c2f9e2cc32b8970f5839c51038572926b4a096f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 5 Mar 2002 13:48:51 +0000 Subject: [PATCH 071/173] Make sure the type accessed by the LONG and ZLONG ASN1 type is really a long, to avoid problems on platforms where sizeof(int) != sizeof(long). --- crypto/dh/dh.h | 2 +- crypto/dsa/dsa.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 1152fbb2d3..9bc1d319f9 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -101,7 +101,7 @@ struct dh_st int version; BIGNUM *p; BIGNUM *g; - int length; /* optional */ + long length; /* optional */ BIGNUM *pub_key; /* g^x */ BIGNUM *priv_key; /* x */ diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 377a76799b..1ddc37f9fb 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -117,7 +117,7 @@ struct dsa_st /* This first variable is used to pick up errors where * a DSA is passed instead of of a EVP_PKEY */ int pad; - int version; + long version; int write_params; BIGNUM *p; BIGNUM *q; /* == 20 */ From 2b3aeffbbdc56b200a2024f1967af678c88d8896 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 14:56:17 +0000 Subject: [PATCH 072/173] fix 'ecdsaparam -C' output Submitted by: Nils Larsch --- apps/ecdsaparam.c | 53 ++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index 8594d8f8e7..8dd30a02aa 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -470,39 +470,30 @@ bad: } printf("\n\t};\n\n"); - /* FIXME: - * the generated code does not make much sense - * - * TODO: - * use EC_GROUP_new_curve_GFp instead of using EC_GFp_mont_method directly - */ - - printf("ECDSA *get_ecdsa%d()\n\t{\n",bits_p); - printf("\tint ok=1;\n"); + printf("ECDSA *get_ecdsa%d(void)\n\t{\n",bits_p); printf("\tECDSA *ecdsa=NULL;\n"); printf("\tEC_POINT *point=NULL;\n"); - printf("\tBIGNUM *tmp_1=NULL,*tmp_2=NULL,*tmp_3=NULL;\n"); - printf("\tBN_CTX *ctx=NULL;\n\n"); - printf("\tecdsa=ECDSA_new();\n"); - printf("\ttmp_1=BN_new();\n"); - printf("\ttmp_2=BN_new();\n"); - printf("\ttmp_3=BN_new();\n"); - printf("\tctx=BN_CTX_new();\n"); - printf("\tif (!ecdsa || !tmp_1 || !tmp_2 || !tmp_3 || !ctx) ok=0;\n"); - printf("\tif (ok && !ecdsa->group=EC_GROUP_new(EC_GFp_mont_method())) == NULL) ok=0;"); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_p,sizeof(ecdsa%d_p),tmp_1)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_a,sizeof(ecdsa%d_a),tmp_2)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_b,sizeof(ecdsa%d_b),tmp_3)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && !EC_GROUP_set_curve_GFp(ecdsa->group,tmp_1,tmp_2,tmp_3,ctx)) ok=0;\n"); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_x,sizeof(ecdsa%d_p),tmp_1)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_y,sizeof(ecdsa%d_a),tmp_2)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && (point = EC_POINT_new(ecdsa->group)) == NULL) ok=0;\n"); - printf("\tif (ok && !EC_POINT_set_affine_coordinates_GFp(ecdsa->group,point,tmp_1,tmp_2,ctx)) ok=0:\n"); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_o,sizeof(ecdsa%d_b),tmp_1)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && !BN_bin2bn(ecdsa%d_c,sizeof(ecdsa%d_b),tmp_2)) ok=0;\n", bits_p, bits_p); - printf("\tif (ok && !EC_GROUP_set_generator(ecdsa->group,point,tmp_1,tmp_2)) ok=0;\n"); - printf("\tif ((ecdsa->group == NULL) || (ecdsa->pub_key == NULL) || (ecdsa->priv_key == NULL))\n"); - printf("\t\t{ ECDSA_free(ecdsa); return(NULL); }\n"); + printf("\tBIGNUM *tmp_1=NULL,*tmp_2=NULL,*tmp_3=NULL;\n\n"); + printf("\tif ((ecdsa=ECDSA_new()) == NULL)\n"); + printf("\t\treturn(NULL);\n"); + printf("\t/* first : generate EC_GROUP-structure */\n"); + printf("\ttmp_1 = BN_bin2bn(ecdsa%d_p, sizeof(ecdsa%d_p), NULL);\n", bits_p, bits_p); + printf("\ttmp_2 = BN_bin2bn(ecdsa%d_a, sizeof(ecdsa%d_a), NULL);\n", bits_p, bits_p); + printf("\ttmp_3 = BN_bin2bn(ecdsa%d_b, sizeof(ecdsa%d_b), NULL);\n", bits_p, bits_p); + printf("\tecdsa->group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL);\n"); + printf("\t/* second : set coordinates of the generating point */\n"); + printf("\tBN_bin2bn(ecdsa%d_x, sizeof(ecdsa%d_x), tmp_1);\n", bits_p, bits_p); + printf("\tBN_bin2bn(ecdsa%d_y, sizeof(ecdsa%d_y), tmp_2);\n", bits_p, bits_p); + printf("\tif ((point = EC_POINT_new(ecdsa->group)) == NULL)\n"); + printf("\t{\n\t\tECDSA_free(ecdsa); BN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); + printf("\t\treturn(NULL);\n\t}\n"); + printf("\tEC_POINT_set_affine_coordinates_GFp(ecdsa->group, point, tmp_1, tmp_2, NULL);\n"); + printf("\t/* and finally : insert the generating point and its order in the EC_GROUP-structure */\n"); + printf("\tBN_bin2bn(ecdsa%d_o, sizeof(ecdsa%d_o), tmp_1);\n", bits_p, bits_p); + printf("\tBN_bin2bn(ecdsa%d_c, sizeof(ecdsa%d_c), tmp_2);\n", bits_p, bits_p); + printf("\tEC_GROUP_set_generator(ecdsa->group, point, tmp_1, tmp_2);\n"); + printf("\tBN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); + printf("\tEC_POINT_free(point);\n"); printf("\treturn(ecdsa);\n\t}\n"); } From 8ecf5104b37308faa80c7bd9fdf555c9be668db9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 14:58:53 +0000 Subject: [PATCH 073/173] typo --- crypto/des/des_old.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 1af7189211..1eb25bd3e6 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -100,7 +100,7 @@ typedef unsigned char _ossl_old_des_cblock[8]; typedef struct _ossl_old_des_ks_struct { union { - _ossl_old_des_des_cblock _; + _ossl_old_des_cblock _; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG pad[2]; From 87a4b4d1f41a3e653b3a020df1975c7dbbe5478f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 15:05:00 +0000 Subject: [PATCH 074/173] fix printf call --- apps/speed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/speed.c b/apps/speed.c index 1c2b4eeda2..b451a49af3 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1625,7 +1625,7 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", HZ); + printf("HZ=%g", (double)HZ); # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif From 870694b3da75d0757b400e802caea9d98510b8a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 15:17:17 +0000 Subject: [PATCH 075/173] fix 'ecdsaparam -C' --- apps/ecdsaparam.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index 8dd30a02aa..cf293eae20 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -378,7 +378,7 @@ bad: } if (C) - { /* TODO : characteristic two */ + { /* TODO : characteristic two */ int l, len, bits_p; if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL || (tmp_3 = BN_new()) == NULL || (tmp_4 = BN_new()) == NULL || @@ -414,7 +414,7 @@ bad: if ((i%12) == 0) printf("\n\t"); printf("0x%02X,",data[i]); } - printf("\n\t};\n"); + printf("\n\t};\n\n"); l = BN_bn2bin(tmp_2, data); printf("static unsigned char ecdsa%d_a[]={",bits_p); @@ -434,34 +434,34 @@ bad: } printf("\n\t};\n\n"); - l = BN_bn2bin(tmp_3, data); + l = BN_bn2bin(tmp_4, data); printf("static unsigned char ecdsa%d_x[]={", bits_p); for (i=0; igroup = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL);\n"); - printf("\t/* second : set coordinates of the generating point */\n"); + printf("\tecdsa->group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL);\n\n"); + printf("\t/* build generator */\n"); printf("\tBN_bin2bn(ecdsa%d_x, sizeof(ecdsa%d_x), tmp_1);\n", bits_p, bits_p); printf("\tBN_bin2bn(ecdsa%d_y, sizeof(ecdsa%d_y), tmp_2);\n", bits_p, bits_p); printf("\tif ((point = EC_POINT_new(ecdsa->group)) == NULL)\n"); - printf("\t{\n\t\tECDSA_free(ecdsa); BN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); - printf("\t\treturn(NULL);\n\t}\n"); + printf("\t\t{\n\t\tECDSA_free(ecdsa); BN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); + printf("\t\treturn(NULL);\n\t\t}\n"); printf("\tEC_POINT_set_affine_coordinates_GFp(ecdsa->group, point, tmp_1, tmp_2, NULL);\n"); - printf("\t/* and finally : insert the generating point and its order in the EC_GROUP-structure */\n"); + printf("\t/* set generator, order and cofactor */\n"); printf("\tBN_bin2bn(ecdsa%d_o, sizeof(ecdsa%d_o), tmp_1);\n", bits_p, bits_p); printf("\tBN_bin2bn(ecdsa%d_c, sizeof(ecdsa%d_c), tmp_2);\n", bits_p, bits_p); printf("\tEC_GROUP_set_generator(ecdsa->group, point, tmp_1, tmp_2);\n"); printf("\tBN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); - printf("\tEC_POINT_free(point);\n"); + printf("\tEC_POINT_free(point);\n\n"); printf("\treturn(ecdsa);\n\t}\n"); } From 2c17323e156de12e63a68311d611262c977e7fce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 5 Mar 2002 15:29:30 +0000 Subject: [PATCH 076/173] Rephrase statement on the security of two-key 3DES. [Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776. Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A known-plaintext attack on two-key triple encryption", EUROCRYPT '90.] --- doc/crypto/des_modes.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod index 36b77c454d..da75e8007d 100644 --- a/doc/crypto/des_modes.pod +++ b/doc/crypto/des_modes.pod @@ -204,8 +204,8 @@ just one key. =item * If the first and last key are the same, the key length is 112 bits. -There are attacks that could reduce the key space to 55 bit's but it -requires 2^56 blocks of memory. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. =item * From a01273bae38b4eb00e9838025c1a6d7ac0482160 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 6 Mar 2002 06:25:31 +0000 Subject: [PATCH 077/173] OpenSSL currently fails on certain pure 64-bit architectures. This is a showstopper --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index fcb162cada..18353c0aa6 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/02/28 22:07:50 $ + ______________ $Date: 2002/03/06 06:25:31 $ DEVELOPMENT STATE @@ -26,6 +26,7 @@ alpha-cc (Tru64 version 4.0) works linux-alpha+bwx-gcc doesn't work. Reported by Sean O'Riordain + OpenBSD-sparc64 doesn't work. BN_mod_mul breaks. Needs checked on [add platforms here] From 45fb737950e90762f480ed13f79ea5ff5588f73a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 6 Mar 2002 09:46:17 +0000 Subject: [PATCH 078/173] reference counting for EC_GROUP structures is not needed (at the moment at least), so remove it --- CHANGES | 3 --- crypto/ec/ec_lcl.h | 1 - crypto/ec/ec_lib.c | 22 ++++------------------ 3 files changed, 4 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index 5cb5422661..1b3bcb54b5 100644 --- a/CHANGES +++ b/CHANGES @@ -22,9 +22,6 @@ extracted before the specific public key. [Nils Larsch ] - *) Add reference counting for EC_GROUP objects. - [Nils Larsch ] - *) Include some named elliptic curves. These can be obtained from the new functions EC_GROUP_new_by_nid() diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 9603e74e7d..b93825524f 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -166,7 +166,6 @@ struct ec_group_st { EC_POINT *generator; /* optional */ BIGNUM order, cofactor; - int references; int nid; void *field_data1; /* method-specific (e.g., Montgomery structure) */ diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 2b1e49182e..3e372dbed3 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -96,8 +96,6 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->nid = 0; - ret->references = 1; - if (!meth->group_init(ret)) { OPENSSL_free(ret); @@ -110,12 +108,6 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) void EC_GROUP_free(EC_GROUP *group) { - int i; - - i = CRYPTO_add(&group->references, -1, CRYPTO_LOCK_EC); - if (i > 0) - return; - if (group->meth->group_finish != 0) group->meth->group_finish(group); @@ -127,12 +119,6 @@ void EC_GROUP_free(EC_GROUP *group) void EC_GROUP_clear_free(EC_GROUP *group) { - int i; - - i = CRYPTO_add(&group->references, -1, CRYPTO_LOCK_EC); - if (i > 0) - return; - if (group->meth->group_clear_finish != 0) group->meth->group_clear_finish(group); else if (group->meth != NULL && group->meth->group_finish != 0) @@ -314,14 +300,14 @@ void EC_GROUP_clear_free_extra_data(EC_GROUP *group) } void EC_GROUP_set_nid(EC_GROUP *group, int nid) -{ + { group->nid = nid; -} + } int EC_GROUP_get_nid(const EC_GROUP *group) -{ + { return group->nid; -} + } From 36c194638e86cd46d5da2b3efbe9ae5354e19096 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 6 Mar 2002 13:47:32 +0000 Subject: [PATCH 079/173] add SECG OIDs Submitted by: Nils Larsch --- CHANGES | 2 +- apps/ecdsaparam.c | 30 ++++++ crypto/ec/ec.h | 30 ++++-- crypto/objects/obj_dat.h | 186 ++++++++++++++++++++++++++++++++++++- crypto/objects/obj_mac.h | 142 ++++++++++++++++++++++++++++ crypto/objects/obj_mac.num | 35 +++++++ crypto/objects/objects.txt | 45 ++++++++- 7 files changed, 454 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index 1b3bcb54b5..054106296f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,7 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] - *) Add more X9.62 OIDs. + *) Add OIDs from X9.62 and SECG. [Nils Larsch ] *) Add ECDSA in new directory crypto/ecdsa/. diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index cf293eae20..4b171c4f67 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -257,6 +257,36 @@ int MAIN(int argc, char **argv) curve_type = EC_GROUP_X9_62_PRIME_239V3; else if (strcmp(*argv, "-X9_62_256v1") == 0) curve_type = EC_GROUP_X9_62_PRIME_256V1; + else if (strcmp(*argv, "-SECG_PRIME_112R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_112R1; + else if (strcmp(*argv, "-SECG_PRIME_112R2") == 0) + curve_type = EC_GROUP_SECG_PRIME_112R2; + else if (strcmp(*argv, "-SECG_PRIME_128R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_128R1; + else if (strcmp(*argv, "-SECG_PRIME_128R2") == 0) + curve_type = EC_GROUP_SECG_PRIME_128R2; + else if (strcmp(*argv, "-SECG_PRIME_160K1") == 0) + curve_type = EC_GROUP_SECG_PRIME_160K1; + else if (strcmp(*argv, "-SECG_PRIME_160R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_160R1; + else if (strcmp(*argv, "-SECG_PRIME_160R2") == 0) + curve_type = EC_GROUP_SECG_PRIME_160R2; + else if (strcmp(*argv, "-SECG_PRIME_192K1") == 0) + curve_type = EC_GROUP_SECG_PRIME_192K1; + else if (strcmp(*argv, "-SECG_PRIME_192R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_192R1; + else if (strcmp(*argv, "-SECG_PRIME_224K1") == 0) + curve_type = EC_GROUP_SECG_PRIME_224K1; + else if (strcmp(*argv, "-SECG_PRIME_224R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_224R1; + else if (strcmp(*argv, "-SECG_PRIME_256K1") == 0) + curve_type = EC_GROUP_SECG_PRIME_256K1; + else if (strcmp(*argv, "-SECG_PRIME_256R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_256R1; + else if (strcmp(*argv, "-SECG_PRIME_384R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_384R1; + else if (strcmp(*argv, "-SECG_PRIME_521R1") == 0) + curve_type = EC_GROUP_SECG_PRIME_521R1; else if (strcmp(*argv, "-noout") == 0) noout=1; else diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 1a4569311e..de831e2ce7 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -134,14 +134,13 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM * generator and order */ EC_GROUP *EC_GROUP_new_by_nid(const int nid); EC_GROUP *EC_GROUP_new_by_name(int name); -/* Currently valid arguments to EC_GROUP_new_by_name() - * (unfortunately some curves have no OIDs [and no NIDs]): */ +/* Currently valid arguments to EC_GROUP_new_by_name() */ #define EC_GROUP_NO_CURVE 0 -#define EC_GROUP_NIST_PRIME_192 1 -#define EC_GROUP_NIST_PRIME_224 2 -#define EC_GROUP_NIST_PRIME_256 3 -#define EC_GROUP_NIST_PRIME_384 4 -#define EC_GROUP_NIST_PRIME_521 5 +#define EC_GROUP_NIST_PRIME_192 NID_secp192r1 +#define EC_GROUP_NIST_PRIME_224 NID_secp224r1 +#define EC_GROUP_NIST_PRIME_256 NID_secp256r1 +#define EC_GROUP_NIST_PRIME_384 NID_secp384r1 +#define EC_GROUP_NIST_PRIME_521 NID_secp521r1 #define EC_GROUP_X9_62_PRIME_192V1 NID_X9_62_prime192v1 #define EC_GROUP_X9_62_PRIME_192V2 NID_X9_62_prime192v2 #define EC_GROUP_X9_62_PRIME_192V3 NID_X9_62_prime192v3 @@ -149,8 +148,21 @@ EC_GROUP *EC_GROUP_new_by_name(int name); #define EC_GROUP_X9_62_PRIME_239V2 NID_X9_62_prime239v2 #define EC_GROUP_X9_62_PRIME_239V3 NID_X9_62_prime239v3 #define EC_GROUP_X9_62_PRIME_256V1 NID_X9_62_prime256v1 - - +#define EC_GROUP_SECG_PRIME_112R1 NID_secp112r1 +#define EC_GROUP_SECG_PRIME_112R2 NID_secp112r2 +#define EC_GROUP_SECG_PRIME_128R1 NID_secp128r1 +#define EC_GROUP_SECG_PRIME_128R2 NID_secp128r2 +#define EC_GROUP_SECG_PRIME_160K1 NID_secp160k1 +#define EC_GROUP_SECG_PRIME_160R1 NID_secp160r1 +#define EC_GROUP_SECG_PRIME_160R2 NID_secp160r2 +#define EC_GROUP_SECG_PRIME_192K1 NID_secp192k1 +#define EC_GROUP_SECG_PRIME_192R1 NID_secp192r1 +#define EC_GROUP_SECG_PRIME_224K1 NID_secp224k1 +#define EC_GROUP_SECG_PRIME_224R1 NID_secp224r1 +#define EC_GROUP_SECG_PRIME_256K1 NID_secp256k1 +#define EC_GROUP_SECG_PRIME_256R1 NID_secp256r1 +#define EC_GROUP_SECG_PRIME_384R1 NID_secp384r1 +#define EC_GROUP_SECG_PRIME_521R1 NID_secp521r1 EC_POINT *EC_POINT_new(const EC_GROUP *); void EC_POINT_free(EC_POINT *); diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 81a5845d02..1aeeb763ca 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 527 -#define NUM_SN 525 -#define NUM_LN 525 -#define NUM_OBJ 499 +#define NUM_NID 562 +#define NUM_SN 560 +#define NUM_LN 560 +#define NUM_OBJ 534 -static unsigned char lvalues[4032]={ +static unsigned char lvalues[4193]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -567,6 +567,41 @@ static unsigned char lvalues[4032]={ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4007] OBJ_X9_62_c2tnb359v1 */ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4015] OBJ_X9_62_c2pnb368w1 */ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4023] OBJ_X9_62_c2tnb431r1 */ +0x2B, /* [4031] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4032] OBJ_certicom_arc */ +0x2B,0x81,0x04,0x00,0x06, /* [4035] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4040] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4045] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4050] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4055] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4060] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4065] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4070] OBJ_secp192k1 */ +0x00, /* [4075] OBJ_secp192r1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4076] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4081] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4086] OBJ_secp256k1 */ +0x00, /* [4091] OBJ_secp256r1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4092] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4097] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4102] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4107] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4112] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4117] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4122] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4127] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4132] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4137] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4142] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4147] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4152] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4157] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4162] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4167] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4172] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4177] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4182] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4187] OBJ_sect571r1 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1364,6 +1399,42 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4007]),0}, {"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4015]),0}, {"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4023]),0}, +{"identified-organization","identified-organization", + NID_identified_organization,1,&(lvalues[4031]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4032]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4035]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4040]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4045]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4050]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4055]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4060]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4065]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4070]),0}, +{"secp192r1","secp192r1",NID_secp192r1,1,&(lvalues[4075]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4076]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4081]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4086]),0}, +{"secp256r1","secp256r1",NID_secp256r1,1,&(lvalues[4091]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4092]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4097]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4102]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4107]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4112]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4117]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4122]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4127]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4132]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4137]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4142]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4147]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4152]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4157]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4162]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4167]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4172]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4177]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4182]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4187]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1541,6 +1612,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[179]),/* "caIssuers" */ &(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ &(nid_objs[152]),/* "certBag" */ +&(nid_objs[528]),/* "certicom-arc" */ &(nid_objs[89]),/* "certificatePolicies" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ @@ -1760,6 +1832,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[194]),/* "id-smime-spq" */ &(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ +&(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ @@ -1863,8 +1936,41 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[290]),/* "sbqp-ipAddrBlock" */ &(nid_objs[292]),/* "sbqp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ +&(nid_objs[529]),/* "secp112r1" */ +&(nid_objs[530]),/* "secp112r2" */ +&(nid_objs[531]),/* "secp128r1" */ +&(nid_objs[532]),/* "secp128r2" */ +&(nid_objs[533]),/* "secp160k1" */ +&(nid_objs[534]),/* "secp160r1" */ +&(nid_objs[535]),/* "secp160r2" */ +&(nid_objs[536]),/* "secp192k1" */ +&(nid_objs[537]),/* "secp192r1" */ +&(nid_objs[538]),/* "secp224k1" */ +&(nid_objs[539]),/* "secp224r1" */ +&(nid_objs[540]),/* "secp256k1" */ +&(nid_objs[541]),/* "secp256r1" */ +&(nid_objs[542]),/* "secp384r1" */ +&(nid_objs[543]),/* "secp521r1" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[474]),/* "secretary" */ +&(nid_objs[544]),/* "sect113r1" */ +&(nid_objs[545]),/* "sect113r2" */ +&(nid_objs[546]),/* "sect131r1" */ +&(nid_objs[547]),/* "sect131r2" */ +&(nid_objs[548]),/* "sect163k1" */ +&(nid_objs[549]),/* "sect163r1" */ +&(nid_objs[550]),/* "sect163r2" */ +&(nid_objs[551]),/* "sect193r1" */ +&(nid_objs[552]),/* "sect193r2" */ +&(nid_objs[553]),/* "sect233k1" */ +&(nid_objs[554]),/* "sect233r1" */ +&(nid_objs[555]),/* "sect239k1" */ +&(nid_objs[556]),/* "sect283k1" */ +&(nid_objs[557]),/* "sect283r1" */ +&(nid_objs[558]),/* "sect409k1" */ +&(nid_objs[559]),/* "sect409r1" */ +&(nid_objs[560]),/* "sect571k1" */ +&(nid_objs[561]),/* "sect571r1" */ &(nid_objs[386]),/* "security" */ &(nid_objs[394]),/* "selected-attribute-types" */ &(nid_objs[129]),/* "serverAuth" */ @@ -2044,6 +2150,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[111]),/* "cast5-ofb" */ &(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ +&(nid_objs[528]),/* "certicom-arc" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ &(nid_objs[395]),/* "clearance" */ @@ -2276,6 +2383,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[35]),/* "idea-cfb" */ &(nid_objs[36]),/* "idea-ecb" */ &(nid_objs[46]),/* "idea-ofb" */ +&(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ &(nid_objs[181]),/* "iso" */ @@ -2390,8 +2498,41 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[290]),/* "sbqp-ipAddrBlock" */ &(nid_objs[292]),/* "sbqp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ +&(nid_objs[529]),/* "secp112r1" */ +&(nid_objs[530]),/* "secp112r2" */ +&(nid_objs[531]),/* "secp128r1" */ +&(nid_objs[532]),/* "secp128r2" */ +&(nid_objs[533]),/* "secp160k1" */ +&(nid_objs[534]),/* "secp160r1" */ +&(nid_objs[535]),/* "secp160r2" */ +&(nid_objs[536]),/* "secp192k1" */ +&(nid_objs[537]),/* "secp192r1" */ +&(nid_objs[538]),/* "secp224k1" */ +&(nid_objs[539]),/* "secp224r1" */ +&(nid_objs[540]),/* "secp256k1" */ +&(nid_objs[541]),/* "secp256r1" */ +&(nid_objs[542]),/* "secp384r1" */ +&(nid_objs[543]),/* "secp521r1" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[474]),/* "secretary" */ +&(nid_objs[544]),/* "sect113r1" */ +&(nid_objs[545]),/* "sect113r2" */ +&(nid_objs[546]),/* "sect131r1" */ +&(nid_objs[547]),/* "sect131r2" */ +&(nid_objs[548]),/* "sect163k1" */ +&(nid_objs[549]),/* "sect163r1" */ +&(nid_objs[550]),/* "sect163r2" */ +&(nid_objs[551]),/* "sect193r1" */ +&(nid_objs[552]),/* "sect193r2" */ +&(nid_objs[553]),/* "sect233k1" */ +&(nid_objs[554]),/* "sect233r1" */ +&(nid_objs[555]),/* "sect239k1" */ +&(nid_objs[556]),/* "sect283k1" */ +&(nid_objs[557]),/* "sect283r1" */ +&(nid_objs[558]),/* "sect409k1" */ +&(nid_objs[559]),/* "sect409r1" */ +&(nid_objs[560]),/* "sect571k1" */ +&(nid_objs[561]),/* "sect571r1" */ &(nid_objs[105]),/* "serialNumber" */ &(nid_objs[41]),/* "sha" */ &(nid_objs[64]),/* "sha1" */ @@ -2425,11 +2566,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ &(nid_objs[404]),/* OBJ_ccitt 0 */ +&(nid_objs[541]),/* OBJ_secp256r1 OBJ_X9_62_prime256v1 */ +&(nid_objs[537]),/* OBJ_secp192r1 OBJ_X9_62_prime192v1 */ &(nid_objs[389]),/* OBJ_Enterprises 1 */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ &(nid_objs[379]),/* OBJ_org 1 3 */ +&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ @@ -2439,6 +2583,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[435]),/* OBJ_pss 0 9 2342 */ &(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ &(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ +&(nid_objs[528]),/* OBJ_certicom_arc 1 3 132 */ &(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */ &(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ &(nid_objs[100]),/* OBJ_surname 2 5 4 4 */ @@ -2505,6 +2650,37 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ &(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ &(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ +&(nid_objs[548]),/* OBJ_sect163k1 1 3 132 0 1 */ +&(nid_objs[549]),/* OBJ_sect163r1 1 3 132 0 2 */ +&(nid_objs[555]),/* OBJ_sect239k1 1 3 132 0 3 */ +&(nid_objs[544]),/* OBJ_sect113r1 1 3 132 0 4 */ +&(nid_objs[545]),/* OBJ_sect113r2 1 3 132 0 5 */ +&(nid_objs[529]),/* OBJ_secp112r1 1 3 132 0 6 */ +&(nid_objs[530]),/* OBJ_secp112r2 1 3 132 0 7 */ +&(nid_objs[534]),/* OBJ_secp160r1 1 3 132 0 8 */ +&(nid_objs[533]),/* OBJ_secp160k1 1 3 132 0 9 */ +&(nid_objs[540]),/* OBJ_secp256k1 1 3 132 0 10 */ +&(nid_objs[550]),/* OBJ_sect163r2 1 3 132 0 15 */ +&(nid_objs[556]),/* OBJ_sect283k1 1 3 132 0 16 */ +&(nid_objs[557]),/* OBJ_sect283r1 1 3 132 0 17 */ +&(nid_objs[546]),/* OBJ_sect131r1 1 3 132 0 22 */ +&(nid_objs[547]),/* OBJ_sect131r2 1 3 132 0 23 */ +&(nid_objs[551]),/* OBJ_sect193r1 1 3 132 0 24 */ +&(nid_objs[552]),/* OBJ_sect193r2 1 3 132 0 25 */ +&(nid_objs[553]),/* OBJ_sect233k1 1 3 132 0 26 */ +&(nid_objs[554]),/* OBJ_sect233r1 1 3 132 0 27 */ +&(nid_objs[531]),/* OBJ_secp128r1 1 3 132 0 28 */ +&(nid_objs[532]),/* OBJ_secp128r2 1 3 132 0 29 */ +&(nid_objs[535]),/* OBJ_secp160r2 1 3 132 0 30 */ +&(nid_objs[536]),/* OBJ_secp192k1 1 3 132 0 31 */ +&(nid_objs[538]),/* OBJ_secp224k1 1 3 132 0 32 */ +&(nid_objs[539]),/* OBJ_secp224r1 1 3 132 0 33 */ +&(nid_objs[542]),/* OBJ_secp384r1 1 3 132 0 34 */ +&(nid_objs[543]),/* OBJ_secp521r1 1 3 132 0 35 */ +&(nid_objs[558]),/* OBJ_sect409k1 1 3 132 0 36 */ +&(nid_objs[559]),/* OBJ_sect409r1 1 3 132 0 37 */ +&(nid_objs[560]),/* OBJ_sect571k1 1 3 132 0 38 */ +&(nid_objs[561]),/* OBJ_sect571r1 1 3 132 0 39 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ &(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index ba506b1b2a..dc3a4ce3b9 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -87,6 +87,14 @@ #define NID_member_body 182 #define OBJ_member_body OBJ_iso,2L +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 527 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 528 +#define OBJ_certicom_arc OBJ_identified_organization,132L + #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" #define NID_selected_attribute_types 394 @@ -278,6 +286,140 @@ #define NID_ecdsa_with_SHA1 416 #define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 529 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 530 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 531 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 532 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 533 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 534 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 535 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 536 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp192r1 "secp192r1" +#define NID_secp192r1 537 +#define OBJ_secp192r1 OBJ_X9_62_prime192v1 + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 538 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 539 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 540 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp256r1 "secp256r1" +#define NID_secp256r1 541 +#define OBJ_secp256r1 OBJ_X9_62_prime256v1 + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 542 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 543 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 544 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 545 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 546 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 547 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 548 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 549 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 550 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 551 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 552 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 553 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 554 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 555 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 556 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 557 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 558 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 559 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 560 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 561 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + #define SN_cast5_cbc "CAST5-CBC" #define LN_cast5_cbc "cast5-cbc" #define NID_cast5_cbc 108 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 1d1fee0683..8bad61f26d 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -524,3 +524,38 @@ X9_62_c2pnb304w1 523 X9_62_c2tnb359v1 524 X9_62_c2pnb368w1 525 X9_62_c2tnb431r1 526 +identified_organization 527 +certicom_arc 528 +secp112r1 529 +secp112r2 530 +secp128r1 531 +secp128r2 532 +secp160k1 533 +secp160r1 534 +secp160r2 535 +secp192k1 536 +secp192r1 537 +secp224k1 538 +secp224r1 539 +secp256k1 540 +secp256r1 541 +secp384r1 542 +secp521r1 543 +sect113r1 544 +sect113r2 545 +sect131r1 546 +sect131r2 547 +sect163k1 548 +sect163r1 549 +sect163r2 550 +sect193r1 551 +sect193r2 552 +sect233k1 553 +sect233r1 554 +sect239k1 555 +sect283k1 556 +sect283r1 557 +sect409k1 558 +sect409r1 559 +sect571k1 560 +sect571r1 561 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index f116c0af1b..05c4d29afc 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -6,6 +6,10 @@ iso 2 : member-body : ISO Member Body +iso 3 : identified-organization + +identified-organization 132 : certicom-arc + joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -64,7 +68,46 @@ X9-62_primeCurve 7 : prime256v1 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 - +# the following AsnOId are from the document +# "SEC 2: Recommended Elliptic Curve Domain Parameters" +# from the Standarts for Efficient Cryptography Group +# ( for more informations see : http://www.secg.org ) +!Alias secg_ellipticCurve certicom-arc 0 +# secg prime curves oids +secg-ellipticCurve 6 : secp112r1 +secg-ellipticCurve 7 : secp112r2 +secg-ellipticCurve 28 : secp128r1 +secg-ellipticCurve 29 : secp128r2 +secg-ellipticCurve 9 : secp160k1 +secg-ellipticCurve 8 : secp160r1 +secg-ellipticCurve 30 : secp160r2 +secg-ellipticCurve 31 : secp192k1 +X9_62_prime192v1 : secp192r1 +secg-ellipticCurve 32 : secp224k1 +secg-ellipticCurve 33 : secp224r1 +secg-ellipticCurve 10 : secp256k1 +X9_62_prime256v1 : secp256r1 +secg-ellipticCurve 34 : secp384r1 +secg-ellipticCurve 35 : secp521r1 +# secg characteristic two curves oids +secg-ellipticCurve 4 : sect113r1 +secg-ellipticCurve 5 : sect113r2 +secg-ellipticCurve 22 : sect131r1 +secg-ellipticCurve 23 : sect131r2 +secg-ellipticCurve 1 : sect163k1 +secg-ellipticCurve 2 : sect163r1 +secg-ellipticCurve 15 : sect163r2 +secg-ellipticCurve 24 : sect193r1 +secg-ellipticCurve 25 : sect193r2 +secg-ellipticCurve 26 : sect233k1 +secg-ellipticCurve 27 : sect233r1 +secg-ellipticCurve 3 : sect239k1 +secg-ellipticCurve 16 : sect283k1 +secg-ellipticCurve 17 : sect283r1 +secg-ellipticCurve 36 : sect409k1 +secg-ellipticCurve 37 : sect409r1 +secg-ellipticCurve 38 : sect571k1 +secg-ellipticCurve 39 : sect571r1 ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc : CAST5-ECB : cast5-ecb From 0dc092334bc785b6fb0c8b568acba3db665b7e22 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 6 Mar 2002 14:15:13 +0000 Subject: [PATCH 080/173] ENGINE module additions. Add "init" command to control ENGINE initialization. Call ENGINE_finish on initialized ENGINEs on exit. Reorder shutdown in apps.c: modules should be shut down first. Add test private key loader to openssl ENGINE: this just loads a private key in PEM format. Fix print format for dh length parameter. --- CHANGES | 8 ++++++ apps/apps.h | 8 +++--- apps/dhparam.c | 2 +- crypto/engine/eng_cnf.c | 52 +++++++++++++++++++++++++++++++++++-- crypto/engine/eng_err.c | 1 + crypto/engine/eng_openssl.c | 28 ++++++++++++++++++++ crypto/engine/engine.h | 1 + 7 files changed, 93 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 054106296f..761cd4596c 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,14 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Add an "init" command to the ENGINE config module and auto initialize + ENGINEs. Without any "init" command the ENGINE will be initialized + after all ctrl commands have been executed on it. If init=1 the + ENGINE is initailized at that point (ctrls before that point are run + on the uninitialized ENGINE and after on the initialized one). If + init=0 then the ENGINE will not be iniatialized at all. + [Steve Henson] + +) Fix the 'app_verify_callback' interface so that the user-defined argument is actually passed to the callback: In the SSL_CTX_set_cert_verify_callback() prototype, the callback diff --git a/apps/apps.h b/apps/apps.h index 24aa447117..a05ba712be 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -195,10 +195,10 @@ extern BIO *bio_err; setup_ui_method(); } while(0) # endif # define apps_shutdown() \ - do { destroy_ui_method(); EVP_cleanup(); \ - ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); \ - ERR_remove_state(0); ERR_free_strings(); \ - CONF_modules_unload(1); } while(0) + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) #endif typedef struct args_st diff --git a/apps/dhparam.c b/apps/dhparam.c index f1664a59b7..ea15ef3236 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -490,7 +490,7 @@ bad: printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); printf("\t\t{ DH_free(dh); return(NULL); }\n"); if (dh->length) - printf("\tdh->length = %d;\n", dh->length); + printf("\tdh->length = %ld;\n", dh->length); printf("\treturn(dh);\n\t}\n"); OPENSSL_free(data); } diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index d8d3092f0d..8c0ae8a1ad 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -75,10 +75,28 @@ static char *skip_dot(char *name) return name; } +static STACK_OF(ENGINE) *initialized_engines = NULL; + +static int int_engine_init(ENGINE *e) + { + if (!ENGINE_init(e)) + return 0; + if (!initialized_engines) + initialized_engines = sk_ENGINE_new_null(); + if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) + { + ENGINE_finish(e); + return 0; + } + return 1; + } + + int int_engine_configure(char *name, char *value, const CONF *cnf) { int i; int ret = 0; + long do_init = -1; STACK_OF(CONF_VALUE) *ecmds; CONF_VALUE *ecmd; char *ctrlname, *ctrlvalue; @@ -140,7 +158,22 @@ int int_engine_configure(char *name, char *value, const CONF *cnf) */ if (!strcmp(ctrlvalue, "EMPTY")) ctrlvalue = NULL; - if (!strcmp(ctrlname, "default_algorithms")) + else if (!strcmp(ctrlname, "init")) + { + if (!NCONF_get_number_e(cnf, value, "init", &do_init)) + goto err; + if (do_init == 1) + { + if (!int_engine_init(e)) + goto err; + } + else if (do_init != 0) + { + ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE); + goto err; + } + } + else if (!strcmp(ctrlname, "default_algorithms")) { if (!ENGINE_set_default_string(e, ctrlvalue)) goto err; @@ -151,7 +184,10 @@ int int_engine_configure(char *name, char *value, const CONF *cnf) } + } + if (e && (do_init == -1) && !int_engine_init(e)) + goto err; ret = 1; err: if (e) @@ -188,7 +224,19 @@ static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) return 1; } +static void int_engine_module_finish(CONF_IMODULE *md) + { + ENGINE *e; + while ((e = sk_ENGINE_pop(initialized_engines))) + ENGINE_finish(e); + sk_ENGINE_free(initialized_engines); + initialized_engines = NULL; + } + + void ENGINE_add_conf_module(void) { - CONF_module_add("engines", int_engine_module_init, 0); + CONF_module_add("engines", + int_engine_module_init, + int_engine_module_finish); } diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index fa59c8727c..f6c5630395 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -129,6 +129,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, {ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, {ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, +{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"}, {ENGINE_R_INVALID_STRING ,"invalid string"}, {ENGINE_R_NOT_INITIALISED ,"not initialised"}, {ENGINE_R_NOT_LOADED ,"not loaded"}, diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 97642ae230..e9d976f46b 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -62,11 +62,13 @@ #include "cryptlib.h" #include #include +#include /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no * longer automatic in ENGINE_load_builtin_engines(). */ #define TEST_ENG_OPENSSL_RC4 +#define TEST_ENG_OPENSSL_PKEY /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ #define TEST_ENG_OPENSSL_RC4_P_INIT /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ @@ -85,6 +87,11 @@ static int openssl_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); #endif +#ifdef TEST_ENG_OPENSSL_PKEY +static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +#endif + /* The constants used when creating the ENGINE */ static const char *engine_openssl_id = "openssl"; static const char *engine_openssl_name = "Software engine support"; @@ -95,6 +102,7 @@ static int bind_helper(ENGINE *e) { if(!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) +#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS #ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) #endif @@ -110,6 +118,10 @@ static int bind_helper(ENGINE *e) #endif #ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) +#endif +#endif +#ifdef TEST_ENG_OPENSSL_PKEY + || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif ) return 0; @@ -317,3 +329,19 @@ static int openssl_digests(ENGINE *e, const EVP_MD **digest, return 1; } #endif + +#ifdef TEST_ENG_OPENSSL_PKEY +static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + BIO *in; + EVP_PKEY *key; + fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); + in = BIO_new_file(key_id, "r"); + if (!in) + return NULL; + key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); + BIO_free(in); + return key; + } +#endif diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 3a9ad0fe93..6c8b0437f8 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -707,6 +707,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_INVALID_ARGUMENT 143 #define ENGINE_R_INVALID_CMD_NAME 137 #define ENGINE_R_INVALID_CMD_NUMBER 138 +#define ENGINE_R_INVALID_INIT_VALUE 151 #define ENGINE_R_INVALID_STRING 150 #define ENGINE_R_NOT_INITIALISED 117 #define ENGINE_R_NOT_LOADED 112 From 9bc448546e59e420fe74a8e8703f13e95b9481d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 7 Mar 2002 12:14:03 +0000 Subject: [PATCH 081/173] Add more curves. Submitted by: Nils Larsch Remove unnecessary 'const'. --- CHANGES | 7 +- crypto/ec/ec.h | 2 +- crypto/ec/ec_curve.c | 345 +++++++++++++++++++++++++------------------ crypto/ecdsa/ecdsa.h | 4 +- 4 files changed, 206 insertions(+), 152 deletions(-) diff --git a/CHANGES b/CHANGES index 761cd4596c..7a56deb3b8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,9 +4,6 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] - *) Add OIDs from X9.62 and SECG. - [Nils Larsch ] - *) Add ECDSA in new directory crypto/ecdsa/. Add applications 'openssl ecdsaparam' and 'openssl ecdsa' @@ -22,8 +19,8 @@ extracted before the specific public key. [Nils Larsch ] - *) Include some named elliptic curves. These can be obtained from - the new functions + *) Include some named elliptic curves, and add OIDs from X9.62 and SECG. + The curves can be obtained from the new functions EC_GROUP_new_by_nid() EC_GROUP_new_by_name() Also add a 'nid' field to EC_GROUP objects, which can be accessed diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index de831e2ce7..192ef13f01 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -132,7 +132,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM /* EC_GROUP_new_by_nid() and EC_GROUP_new_by_name() also set * generator and order */ -EC_GROUP *EC_GROUP_new_by_nid(const int nid); +EC_GROUP *EC_GROUP_new_by_nid(int nid); EC_GROUP *EC_GROUP_new_by_name(int name); /* Currently valid arguments to EC_GROUP_new_by_name() */ #define EC_GROUP_NO_CURVE 0 diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index a1388b472f..3d71da4754 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -59,9 +59,141 @@ #include #include +/* #define _EC_GROUP_EXAMPLE_PRIME_CURVE \ + * "the prime number p", "a", "b", "the compressed base point", "y-bit", "order", "cofacor" + */ +/* the nist prime curves */ +#define _EC_GROUP_NIST_PRIME_192 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\ + "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",\ + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",1,\ + "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1 +#define _EC_GROUP_NIST_PRIME_224 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",\ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",\ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",0,\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1 +#define _EC_GROUP_NIST_PRIME_384 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",\ + "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",\ + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",1,\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",1 +#define _EC_GROUP_NIST_PRIME_521 \ + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",\ + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",\ + "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"\ + "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",\ + "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"\ + "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",0,\ + "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\ + "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1 +/* the x9.62 prime curves ( minus the nist prime curves ) */ +#define _EC_GROUP_X9_62_PRIME_192V2 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\ + "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",\ + "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",1,\ + "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1 +#define _EC_GROUP_X9_62_PRIME_192V3 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\ + "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",\ + "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",0,\ + "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1 +#define _EC_GROUP_X9_62_PRIME_239V1 \ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",\ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",\ + "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",\ + "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",0,\ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1 +#define _EC_GROUP_X9_62_PRIME_239V2 \ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",\ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",\ + "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",\ + "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",0,\ + "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1 +#define _EC_GROUP_X9_62_PRIME_239V3 \ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",\ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",\ + "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",\ + "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",1,\ + "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1 +#define _EC_GROUP_X9_62_PRIME_256V1 \ + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",\ + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",\ + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",\ + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",1,\ + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1 +/* the secg prime curves ( minus the nist and x9.62 prime curves ) */ +#define _EC_GROUP_SECG_PRIME_112R1 \ + "DB7C2ABF62E35E668076BEAD208B",\ + "DB7C2ABF62E35E668076BEAD2088",\ + "659EF8BA043916EEDE8911702B22",\ + "09487239995A5EE76B55F9C2F098",0,\ + "DB7C2ABF62E35E7628DFAC6561C5",1 +#define _EC_GROUP_SECG_PRIME_112R2 \ + "DB7C2ABF62E35E668076BEAD208B",\ + "6127C24C05F38A0AAAF65C0EF02C",\ + "51DEF1815DB5ED74FCC34C85D709",\ + "4BA30AB5E892B4E1649DD0928643",1,\ + "36DF0AAFD8B8D7597CA10520D04B",4 +#define _EC_GROUP_SECG_PRIME_128R1 \ + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",\ + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",\ + "E87579C11079F43DD824993C2CEE5ED3",\ + "161FF7528B899B2D0C28607CA52C5B86",1,\ + "FFFFFFFE0000000075A30D1B9038A115",1 +#define _EC_GROUP_SECG_PRIME_128R2 \ + "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",\ + "D6031998D1B3BBFEBF59CC9BBFF9AEE1",\ + "5EEEFCA380D02919DC2C6558BB6D8A5D",\ + "7B6AA5D85E572983E6FB32A7CDEBC140",0,\ + "3FFFFFFF 7FFFFFFF BE002472 0613B5A3",4 +#define _EC_GROUP_SECG_PRIME_160K1 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",\ + "0",\ + "7",\ + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",0,\ + "0100000000000000000001B8FA16DFAB9ACA16B6B3",1 +#define _EC_GROUP_SECG_PRIME_160R1 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",\ + "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",\ + "4A96B5688EF573284664698968C38BB913CBFC82",0,\ + "0100000000000000000001F4C8F927AED3CA752257",1 +#define _EC_GROUP_SECG_PRIME_160R2 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",\ + "B4E134D3FB59EB8BAB57274904664D5AF50388BA",\ + "52DCB034293A117E1F4FF11B30F7199D3144CE6D",0,\ + "0100000000000000000000351EE786A818F3A1A16B",1 +#define _EC_GROUP_SECG_PRIME_192K1 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",\ + "0",\ + "3",\ + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",1,\ + "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1 +#define _EC_GROUP_SECG_PRIME_224K1 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",\ + "0",\ + "5",\ + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",1,\ + "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1 +#define _EC_GROUP_SECG_PRIME_256K1 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",\ + "0",\ + "7",\ + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",0,\ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1 + static EC_GROUP *ec_group_new_GFp_from_hex(const char *prime_in, const char *a_in, const char *b_in, - const char *x_in, const int y_bit, const char *order_in) + const char *x_in, const int y_bit, const char *order_in, const BN_ULONG cofac_in) { EC_GROUP *group=NULL; EC_POINT *P=NULL; @@ -83,7 +215,8 @@ static EC_GROUP *ec_group_new_GFp_from_hex(const char *prime_in, if (!BN_hex2bn(&x, x_in)) goto bn_err; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, y_bit, ctx)) goto err; if (!BN_hex2bn(&order, order_in)) goto bn_err; - if (!EC_GROUP_set_generator(group, P, order, BN_value_one())) goto err; + if (!BN_set_word(x, cofac_in)) goto bn_err; + if (!EC_GROUP_set_generator(group, P, order, x)) goto err; ok=1; bn_err: if (!ok) @@ -111,168 +244,92 @@ EC_GROUP *EC_GROUP_new_by_name(int name) { case EC_GROUP_NO_CURVE: return NULL; + /* some nist curves */ + case EC_GROUP_NIST_PRIME_224: /* EC_GROUP_NIST_PRIME_224 == EC_GROUP_SECG_PRIME_224R1 */ + ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_224); + break; - case EC_GROUP_NIST_PRIME_224: - return ec_group_new_GFp_from_hex( - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",0, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"); + case EC_GROUP_NIST_PRIME_384: /* EC_GROUP_NIST_PRIME_384 == EC_GROUP_SECG_PRIME_384R1 */ + ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_384); + break; - case EC_GROUP_NIST_PRIME_384: - return ec_group_new_GFp_from_hex( - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",1, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"); - - case EC_GROUP_NIST_PRIME_521: - return ec_group_new_GFp_from_hex( - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" - "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" - "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",0, - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"); - - case EC_GROUP_NIST_PRIME_192: + case EC_GROUP_NIST_PRIME_521: /* EC_GROUP_NIST_PRIME_521 == EC_GROUP_SECG_PRIME_521R1 */ + ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_521); + break; + /* x9.62 prime curves */ + case EC_GROUP_NIST_PRIME_192: /* EC_GROUP_NIST_PRIME_192 == EC_GROUP_SECG_PRIME_192R1 */ case EC_GROUP_X9_62_PRIME_192V1: - ret = ec_group_new_GFp_from_hex( - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",1, - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"); - EC_GROUP_set_nid(ret, NID_X9_62_prime192v1); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_192); + break; case EC_GROUP_X9_62_PRIME_192V2: - ret = ec_group_new_GFp_from_hex( - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", - "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",1, - "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31"); - EC_GROUP_set_nid(ret, NID_X9_62_prime192v2); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_192V2); + break; case EC_GROUP_X9_62_PRIME_192V3: - ret = ec_group_new_GFp_from_hex( - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", - "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",0, - "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13"); - EC_GROUP_set_nid(ret, NID_X9_62_prime192v3); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_192V3); + break; case EC_GROUP_X9_62_PRIME_239V1: - ret = ec_group_new_GFp_from_hex( - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", - "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",0, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B"); - EC_GROUP_set_nid(ret, NID_X9_62_prime239v1); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V1); + break; case EC_GROUP_X9_62_PRIME_239V2: - ret = ec_group_new_GFp_from_hex( - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", - "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",0, - "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063"); - EC_GROUP_set_nid(ret, NID_X9_62_prime239v2); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V2); + break; case EC_GROUP_X9_62_PRIME_239V3: - ret = ec_group_new_GFp_from_hex( - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", - "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",1, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551"); - EC_GROUP_set_nid(ret, NID_X9_62_prime239v3); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V3); + break; - case EC_GROUP_NIST_PRIME_256: + case EC_GROUP_NIST_PRIME_256: /* EC_GROUP_NIST_PRIME_256 == EC_GROUP_SECG_PRIME_256R1 */ case EC_GROUP_X9_62_PRIME_256V1: - ret = ec_group_new_GFp_from_hex( - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",1, - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); - EC_GROUP_set_nid(ret, NID_X9_62_prime256v1); - return ret; + ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_256V1); + break; + /* the remaining secg curves */ + case EC_GROUP_SECG_PRIME_112R1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_112R1); + break; + case EC_GROUP_SECG_PRIME_112R2: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_112R2); + break; + case EC_GROUP_SECG_PRIME_128R1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_128R1); + break; + case EC_GROUP_SECG_PRIME_128R2: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_128R2); + break; + case EC_GROUP_SECG_PRIME_160K1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_160K1); + break; + case EC_GROUP_SECG_PRIME_160R1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_160R1); + break; + case EC_GROUP_SECG_PRIME_160R2: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_160R2); + break; + case EC_GROUP_SECG_PRIME_192K1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_192K1); + break; + case EC_GROUP_SECG_PRIME_224K1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_224K1); + break; + case EC_GROUP_SECG_PRIME_256K1: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_256K1); + break; + } - - ECerr(EC_F_EC_GROUP_NEW_BY_NAME, EC_R_UNKNOWN_GROUP); - return NULL; - } - - -EC_GROUP *EC_GROUP_new_by_nid(const int nid) - { - switch(nid) + if (ret == NULL) { - case NID_X9_62_prime192v1: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_192V1); - case NID_X9_62_prime192v2: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_192V2); - case NID_X9_62_prime192v3: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_192V3); - case NID_X9_62_prime239v1: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_239V1); - case NID_X9_62_prime239v2: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_239V2); - case NID_X9_62_prime239v3: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_239V3); - case NID_X9_62_prime256v1: - return EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_256V1); + ECerr(EC_F_EC_GROUP_NEW_BY_NAME, EC_R_UNKNOWN_GROUP); + return NULL; } - ECerr(EC_F_EC_GROUP_NEW_BY_NID, EC_R_UNKNOWN_NID); - return NULL; + EC_GROUP_set_nid(ret, name); + return ret; } -#if 0 -int EC_GROUP_group2nid(const EC_GROUP *group) +EC_GROUP *EC_GROUP_new_by_nid(int nid) { - return EC_GROUP_get_nid(group); - -#if 0 -/* TODO: a real compare function for EC_GROUPs */ -#define EC_GROUP_cmp(a,b) ((a) != (b)) - - if (group == NULL) - { - ECerr(EC_F_EC_GROUP_GROUP2NID, EC_R_MISSING_PARAMETERS); - return 0; - } - if (!EC_GROUP_cmp(group, EC_GROUP_GET_X9_62_192V1_GROUP())) - return NID_X9_62_prime192v1; - else if (!EC_GROUP_cmp(group, EC_GROUP_get_x9_62_192v2_group())) - return NID_X9_62_prime192v2; - else if (!EC_GROUP_cmp(group, EC_GROUP_get_x9_62_192v3_group())) - return NID_X9_62_prime192v3; - else if (!EC_GROUP_cmp(group, EC_GROUP_get_x9_62_239v1_group())) - return NID_X9_62_prime239v1; - else if (!EC_GROUP_cmp(group, EC_GROUP_get_x9_62_239v2_group())) - return NID_X9_62_prime239v2; - else if (!EC_GROUP_cmp(group, EC_GROUP_get_x9_62_239v3_group())) - return NID_X9_62_prime239v3; - else if (!EC_GROUP_cmp(group, EC_GROUP_get_x9_62_256v1_group())) - return NID_X9_62_prime256v1; - ECerr(EC_F_EC_GROUP_GROUP2NID, EC_R_UNKNOWN_GROUP); - return 0; -#endif + return EC_GROUP_new_by_name(nid); } -#endif diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index ca1ca64aac..cdd6254883 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -126,8 +126,8 @@ void ECDSA_SIG_free(ECDSA_SIG *a); int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long length); -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, const int dgst_len, ECDSA *ecdsa); -int ECDSA_do_verify(const unsigned char *dgst, const int dgst_len, ECDSA_SIG *sig, ECDSA* ecdsa); +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa); +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECDSA* ecdsa); int ECDSA_generate_key(ECDSA *ecdsa); int ECDSA_check_key(ECDSA *ecdsa); From 709c51c424110bc846feda89ab5914c27c16354f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 7 Mar 2002 12:21:31 +0000 Subject: [PATCH 082/173] fix spacing --- crypto/ec/ec_curve.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 3d71da4754..518cbfbc78 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -92,7 +92,7 @@ "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",0,\ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"\ "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1 -/* the x9.62 prime curves ( minus the nist prime curves ) */ +/* the x9.62 prime curves (minus the nist prime curves) */ #define _EC_GROUP_X9_62_PRIME_192V2 \ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",\ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",\ @@ -129,7 +129,7 @@ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",\ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",1,\ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1 -/* the secg prime curves ( minus the nist and x9.62 prime curves ) */ +/* the secg prime curves (minus the nist and x9.62 prime curves) */ #define _EC_GROUP_SECG_PRIME_112R1 \ "DB7C2ABF62E35E668076BEAD208B",\ "DB7C2ABF62E35E668076BEAD2088",\ From 006fcc22a860078f765760d1c825d75746d34851 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Mar 2002 15:41:36 +0000 Subject: [PATCH 083/173] Change des_old.c to use types prefixed with _ossl_old_des_. --- crypto/des/des_old.c | 76 ++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index e6cc1ce22d..e1c82da9b4 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -80,7 +80,7 @@ const char *_ossl_old_des_options(void) { return DES_options(); } -void _ossl_old_des_ecb3_encrypt(des_cblock *input,des_cblock *output, +void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc) { @@ -88,38 +88,38 @@ void _ossl_old_des_ecb3_encrypt(des_cblock *input,des_cblock *output, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, enc); } -DES_LONG _ossl_old_des_cbc_cksum(des_cblock *input,des_cblock *output, - long length,des_key_schedule schedule,des_cblock *ivec) +DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) { return DES_cbc_cksum((unsigned char *)input, output, length, (DES_key_schedule *)schedule, ivec); } -void _ossl_old_des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc) +void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) { DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, length, (DES_key_schedule *)schedule, ivec, enc); } -void _ossl_old_des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc) +void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) { DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, length, (DES_key_schedule *)schedule, ivec, enc); } -void _ossl_old_des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec, - des_cblock *inw,des_cblock *outw,int enc) +void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + des_key_schedule schedule,_ossl_old_des_cblock *ivec, + _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc) { DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, length, (DES_key_schedule *)schedule, ivec, inw, outw, enc); } void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, - long length,des_key_schedule schedule,des_cblock *ivec,int enc) + long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) { DES_cfb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, ivec, enc); } -void _ossl_old_des_ecb_encrypt(des_cblock *input,des_cblock *output, +void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, des_key_schedule ks,int enc) { DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); @@ -144,9 +144,9 @@ void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, (DES_key_schedule *)ks3); } -void _ossl_old_des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, +void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int enc) + des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc) { DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, @@ -154,7 +154,7 @@ void _ossl_old_des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, } void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num, int enc) + des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc) { DES_ede3_cfb64_encrypt(in, out, length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, @@ -162,26 +162,26 @@ void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, } void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num) + des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num) { DES_ede3_ofb64_encrypt(in, out, length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, ivec, num); } -void _ossl_old_des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white), - des_cblock (*out_white)) +void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), + _ossl_old_des_cblock (*out_white)) { DES_xwhite_in2out(des_key, in_white, out_white); } int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, - des_cblock *iv) + _ossl_old_des_cblock *iv) { return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); } int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched, - des_cblock *iv) + _ossl_old_des_cblock *iv) { return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); } @@ -198,73 +198,73 @@ char *_ossl_old_crypt(const char *buf,const char *salt) return DES_crypt(buf, salt); } void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, - int numbits,long length,des_key_schedule schedule,des_cblock *ivec) + int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) { DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, ivec); } -void _ossl_old_des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc) +void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) { DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, length, (DES_key_schedule *)schedule, ivec, enc); } -DES_LONG _ossl_old_des_quad_cksum(des_cblock *input,des_cblock *output, - long length,int out_count,des_cblock *seed) +DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + long length,int out_count,_ossl_old_des_cblock *seed) { return DES_quad_cksum((unsigned char *)input, output, length, out_count, seed); } -void _ossl_old_des_random_seed(des_cblock key) +void _ossl_old_des_random_seed(_ossl_old_des_cblock key) { - RAND_seed(key, sizeof(des_cblock)); + RAND_seed(key, sizeof(_ossl_old_des_cblock)); } -void _ossl_old_des_random_key(des_cblock ret) +void _ossl_old_des_random_key(_ossl_old_des_cblock ret) { DES_random_key((DES_cblock *)ret); } -int _ossl_old_des_read_password(des_cblock *key, const char *prompt, +int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, int verify) { return DES_read_password(key, prompt, verify); } -int _ossl_old_des_read_2passwords(des_cblock *key1, des_cblock *key2, +int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2, const char *prompt, int verify) { return DES_read_2passwords(key1, key2, prompt, verify); } -void _ossl_old_des_set_odd_parity(des_cblock *key) +void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) { DES_set_odd_parity(key); } -int _ossl_old_des_is_weak_key(des_cblock *key) +int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) { return DES_is_weak_key(key); } -int _ossl_old_des_set_key(des_cblock *key,des_key_schedule schedule) +int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule) { return DES_set_key(key, (DES_key_schedule *)schedule); } -int _ossl_old_des_key_sched(des_cblock *key,des_key_schedule schedule) +int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule) { return DES_key_sched(key, (DES_key_schedule *)schedule); } -void _ossl_old_des_string_to_key(char *str,des_cblock *key) +void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key) { DES_string_to_key(str, key); } -void _ossl_old_des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2) +void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2) { DES_string_to_2keys(str, key1, key2); } void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, des_cblock *ivec, int *num, int enc) + des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc) { DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, ivec, num, enc); } void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, des_cblock *ivec, int *num) + des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num) { DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, ivec, num); From 274a2c997036e44557aea50331632f8f14bb832d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Mar 2002 17:13:30 +0000 Subject: [PATCH 084/173] When closing, do not use close(). Also, if the closing call fails, do not return immediately since that leaves a locked lock. --- crypto/engine/hw_aep.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/crypto/engine/hw_aep.c b/crypto/engine/hw_aep.c index f25013f787..b51824f0f9 100644 --- a/crypto/engine/hw_aep.c +++ b/crypto/engine/hw_aep.c @@ -954,6 +954,7 @@ static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection) static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection) { int count; + AEP_RV rv = AEP_R_OK; CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); @@ -962,21 +963,24 @@ static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection) { if (aep_app_conn_table[count].conn_hndl == hConnection) { + rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl); + if (rv != AEP_R_OK) + goto end; aep_app_conn_table[count].conn_state = NotConnected; - close(aep_app_conn_table[count].conn_hndl); + aep_app_conn_table[count].conn_hndl = 0; break; } } + end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - - return AEP_R_OK; + return rv; } static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) { int count; - AEP_RV rv; + AEP_RV rv = AEP_R_OK; *in_use = 0; if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); @@ -987,7 +991,7 @@ static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) case Connected: rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl); if (rv != AEP_R_OK) - return rv; + goto end; aep_app_conn_table[count].conn_state = NotConnected; aep_app_conn_table[count].conn_hndl = 0; break; @@ -998,8 +1002,9 @@ static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) break; } } + end: if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return AEP_R_OK; + return rv; } /*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums. From 931627e6a0560112555b200c75594ee71e50ddb4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Mar 2002 19:38:59 +0000 Subject: [PATCH 085/173] Synchronise the AEP engine in all branches. For 0.9.6-stable [engine], implement software fallback --- crypto/engine/hw_aep.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/crypto/engine/hw_aep.c b/crypto/engine/hw_aep.c index b51824f0f9..cf4507cff1 100644 --- a/crypto/engine/hw_aep.c +++ b/crypto/engine/hw_aep.c @@ -137,8 +137,8 @@ static int aep_rand_status(void); #endif /* Bignum conversion stuff */ -static AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize); -static AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, +static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize); +static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum); static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum); @@ -650,9 +650,6 @@ static int aep_rand(unsigned char *buf,int len ) AEP_RV rv = AEP_R_OK; AEP_CONNECTION_HNDL hConnection; - int to_return = 0; - - CRYPTO_w_lock(CRYPTO_LOCK_RAND); /*Can the request be serviced with what's already in the buffer?*/ @@ -1010,7 +1007,7 @@ static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) /*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums. Note only 32bit Openssl build support*/ -static AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize) +static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize) { BIGNUM* bn; @@ -1028,7 +1025,7 @@ static AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize) return AEP_R_OK; } -static AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, +static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum) { BIGNUM* bn; @@ -1050,8 +1047,8 @@ static AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, { buf = (unsigned char*)&bn->d[i]; - *((AEP_U32*)AEP_BigNum) = - (AEP_U32) ((unsigned) buf[1] << 8 | buf[0]) | + *((AEP_U32*)AEP_BigNum) = (AEP_U32) + ((unsigned) buf[1] << 8 | buf[0]) | ((unsigned) buf[3] << 8 | buf[2]) << 16; AEP_BigNum += 4; From 4882171df5ba7cb8735b685478a008df25eef47a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 8 Mar 2002 11:10:40 +0000 Subject: [PATCH 086/173] EC curve stuff Submitted by: Nils Larsch --- apps/ecdsaparam.c | 112 +++++++++++++++++++++++++++++-------------- crypto/asn1/t_pkey.c | 14 ++++-- crypto/ec/ec_curve.c | 2 +- 3 files changed, 87 insertions(+), 41 deletions(-) diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index 4b171c4f67..199a363644 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -149,6 +149,21 @@ * -X9_62_239v2 - use the X9_62 239v2 example curve over a 239 bit prime field * -X9_62_239v3 - use the X9_62 239v3 example curve over a 239 bit prime field * -X9_62_256v1 - use the X9_62 239v1 example curve over a 256 bit prime field + * -SECG_PRIME_112R1 - use the SECG 112r1 recommeded curve over a 112 bit prime field + * -SECG_PRIME_112R2 - use the SECG 112r2 recommeded curve over a 112 bit prime field + * -SECG_PRIME_128R1 - use the SECG 128r1 recommeded curve over a 128 bit prime field + * -SECG_PRIME_128R2 - use the SECG 128r2 recommeded curve over a 128 bit prime field + * -SECG_PRIME_160K1 - use the SECG 160k1 recommeded curve over a 160 bit prime field + * -SECG_PRIME_160R1 - use the SECG 160r1 recommeded curve over a 160 bit prime field + * -SECG_PRIME_160R2 - use the SECG 160r2 recommeded curve over a 160 bit prime field + * -SECG_PRIME_192K1 - use the SECG 192k1 recommeded curve over a 192 bit prime field + * -SECG_PRIME_192R1 - use the SECG 192r1 recommeded curve over a 192 bit prime field + * -SECG_PRIME_224K1 - use the SECG 224k1 recommeded curve over a 224 bit prime field + * -SECG_PRIME_224R1 - use the SECG 224r1 recommeded curve over a 224 bit prime field + * -SECG_PRIME_256K1 - use the SECG 256k1 recommeded curve over a 256 bit prime field + * -SECG_PRIME_256R1 - use the SECG 256r1 recommeded curve over a 256 bit prime field + * -SECG_PRIME_384R1 - use the SECG 384r1 recommeded curve over a 384 bit prime field + * -SECG_PRIME_521R1 - use the SECG 521r1 recommeded curve over a 521 bit prime field */ int MAIN(int, char **); @@ -304,28 +319,43 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] [bits] outfile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); - BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -text print the key in text\n"); - BIO_printf(bio_err," -C Output C code\n"); - BIO_printf(bio_err," -noout no output\n"); - BIO_printf(bio_err," -rand files to use for random number input\n"); - BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); - BIO_printf(bio_err," -named_curve use the curve oid instead of the parameters\n"); - BIO_printf(bio_err," -NIST_192 use the NIST recommeded curve parameters over a 192 bit prime field\n"); - BIO_printf(bio_err," -NIST_224 use the NIST recommeded curve parameters over a 224 bit prime field\n"); - BIO_printf(bio_err," -NIST_256 use the NIST recommeded curve parameters over a 256 bit prime field\n"); - BIO_printf(bio_err," -NIST_384 use the NIST recommeded curve parameters over a 384 bit prime field\n"); - BIO_printf(bio_err," -NIST_521 use the NIST recommeded curve parameters over a 521 bit prime field\n"); - BIO_printf(bio_err," -X9_62_192v1 use the X9_62 192v1 example curve over a 192 bit prime field\n"); - BIO_printf(bio_err," -X9_62_192v2 use the X9_62 192v2 example curve over a 192 bit prime field\n"); - BIO_printf(bio_err," -X9_62_192v3 use the X9_62 192v3 example curve over a 192 bit prime field\n"); - BIO_printf(bio_err," -X9_62_239v1 use the X9_62 239v1 example curve over a 239 bit prime field\n"); - BIO_printf(bio_err," -X9_62_239v2 use the X9_62 239v2 example curve over a 239 bit prime field\n"); - BIO_printf(bio_err," -X9_62_239v3 use the X9_62 239v3 example curve over a 239 bit prime field\n"); - BIO_printf(bio_err," -X9_62_256v1 use the X9_62 239v1 example curve over a 256 bit prime field\n"); + BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -rand files to use for random number input\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err," -named_curve use the curve oid instead of the parameters\n"); + BIO_printf(bio_err," -NIST_192 use the NIST recommeded curve parameters over a 192 bit prime field\n"); + BIO_printf(bio_err," -NIST_224 use the NIST recommeded curve parameters over a 224 bit prime field\n"); + BIO_printf(bio_err," -NIST_256 use the NIST recommeded curve parameters over a 256 bit prime field\n"); + BIO_printf(bio_err," -NIST_384 use the NIST recommeded curve parameters over a 384 bit prime field\n"); + BIO_printf(bio_err," -NIST_521 use the NIST recommeded curve parameters over a 521 bit prime field\n"); + BIO_printf(bio_err," -X9_62_192v1 use the X9_62 192v1 example curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -X9_62_192v2 use the X9_62 192v2 example curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -X9_62_192v3 use the X9_62 192v3 example curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -X9_62_239v1 use the X9_62 239v1 example curve over a 239 bit prime field\n"); + BIO_printf(bio_err," -X9_62_239v2 use the X9_62 239v2 example curve over a 239 bit prime field\n"); + BIO_printf(bio_err," -X9_62_239v3 use the X9_62 239v3 example curve over a 239 bit prime field\n"); + BIO_printf(bio_err," -X9_62_256v1 use the X9_62 239v1 example curve over a 256 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_112R1 use the SECG 112r1 recommeded curve over a 112 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_112R2 use the SECG 112r2 recommeded curve over a 112 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_128R1 use the SECG 128r1 recommeded curve over a 128 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_128R2 use the SECG 128r2 recommeded curve over a 128 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_160K1 use the SECG 160k1 recommeded curve over a 160 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_160R1 use the SECG 160r1 recommeded curve over a 160 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_160R2 use the SECG 160r2 recommeded curve over a 160 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_192K1 use the SECG 192k1 recommeded curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_192R1 use the SECG 192r1 recommeded curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_224K1 use the SECG 224k1 recommeded curve over a 224 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_224R1 use the SECG 224r1 recommeded curve over a 224 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_256K1 use the SECG 256k1 recommeded curve over a 256 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_256R1 use the SECG 256r1 recommeded curve over a 256 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_384R1 use the SECG 384r1 recommeded curve over a 384 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_521R1 use the SECG 521r1 recommeded curve over a 521 bit prime field\n"); goto end; } @@ -505,29 +535,37 @@ bad: */ printf("ECDSA *get_ecdsa%d(void)\n\t{\n",bits_p); + printf("\tint ok=0;\n"); printf("\tECDSA *ecdsa=NULL;\n"); printf("\tEC_POINT *point=NULL;\n"); printf("\tBIGNUM *tmp_1=NULL,*tmp_2=NULL,*tmp_3=NULL;\n\n"); printf("\tif ((ecdsa=ECDSA_new()) == NULL)\n"); printf("\t\treturn(NULL);\n\n"); printf("\t/* generate EC_GROUP structure */\n"); - printf("\ttmp_1 = BN_bin2bn(ecdsa%d_p, sizeof(ecdsa%d_p), NULL);\n", bits_p, bits_p); - printf("\ttmp_2 = BN_bin2bn(ecdsa%d_a, sizeof(ecdsa%d_a), NULL);\n", bits_p, bits_p); - printf("\ttmp_3 = BN_bin2bn(ecdsa%d_b, sizeof(ecdsa%d_b), NULL);\n", bits_p, bits_p); - printf("\tecdsa->group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL);\n\n"); + printf("\tif ((tmp_1 = BN_bin2bn(ecdsa%d_p, sizeof(ecdsa%d_p), NULL)) == NULL) goto err;\n", bits_p, bits_p); + printf("\tif ((tmp_2 = BN_bin2bn(ecdsa%d_a, sizeof(ecdsa%d_a), NULL)) == NULL) goto err;\n", bits_p, bits_p); + printf("\tif ((tmp_3 = BN_bin2bn(ecdsa%d_b, sizeof(ecdsa%d_b), NULL)) == NULL) goto err;\n", bits_p, bits_p); + printf("\tif ((ecdsa->group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL) goto err;\n\n"); printf("\t/* build generator */\n"); - printf("\tBN_bin2bn(ecdsa%d_x, sizeof(ecdsa%d_x), tmp_1);\n", bits_p, bits_p); - printf("\tBN_bin2bn(ecdsa%d_y, sizeof(ecdsa%d_y), tmp_2);\n", bits_p, bits_p); - printf("\tif ((point = EC_POINT_new(ecdsa->group)) == NULL)\n"); - printf("\t\t{\n\t\tECDSA_free(ecdsa); BN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); - printf("\t\treturn(NULL);\n\t\t}\n"); - printf("\tEC_POINT_set_affine_coordinates_GFp(ecdsa->group, point, tmp_1, tmp_2, NULL);\n"); + printf("\tif (!BN_bin2bn(ecdsa%d_x, sizeof(ecdsa%d_x), tmp_1)) goto err;\n", bits_p, bits_p); + printf("\tif (!BN_bin2bn(ecdsa%d_y, sizeof(ecdsa%d_y), tmp_2)) goto err;\n", bits_p, bits_p); + printf("\tif ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err;\n"); + printf("\tif (!EC_POINT_set_affine_coordinates_GFp(ecdsa->group, point, tmp_1, tmp_2, NULL)) goto err;\n"); printf("\t/* set generator, order and cofactor */\n"); - printf("\tBN_bin2bn(ecdsa%d_o, sizeof(ecdsa%d_o), tmp_1);\n", bits_p, bits_p); - printf("\tBN_bin2bn(ecdsa%d_c, sizeof(ecdsa%d_c), tmp_2);\n", bits_p, bits_p); - printf("\tEC_GROUP_set_generator(ecdsa->group, point, tmp_1, tmp_2);\n"); - printf("\tBN_free(tmp_1); BN_free(tmp_2); BN_free(tmp_3);\n"); - printf("\tEC_POINT_free(point);\n\n"); + printf("\tif (!BN_bin2bn(ecdsa%d_o, sizeof(ecdsa%d_o), tmp_1)) goto err;\n", bits_p, bits_p); + printf("\tif (!BN_bin2bn(ecdsa%d_c, sizeof(ecdsa%d_c), tmp_2)) goto err;\n", bits_p, bits_p); + printf("\tif (!EC_GROUP_set_generator(ecdsa->group, point, tmp_1, tmp_2)) goto err;\n"); + printf("\n\tok=1;\n"); + printf("err:\n"); + printf("\tif (tmp_1) BN_free(tmp_1);\n"); + printf("\tif (tmp_2) BN_free(tmp_2);\n"); + printf("\tif (tmp_3) BN_free(tmp_3);\n"); + printf("\tif (point) EC_POINT_free(point);\n"); + printf("\tif (!ok)\n"); + printf("\t\t{\n"); + printf("\t\tECDSA_free(ecdsa);\n"); + printf("\t\tecdsa = NULL;\n"); + printf("\t\t}\n"); printf("\treturn(ecdsa);\n\t}\n"); } diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index ff644450a4..f169e26252 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -519,7 +519,8 @@ int ECDSAParameters_print(BIO *bp, const ECDSA *x) unsigned char *buffer=NULL; int buf_len; int reason=ERR_R_EC_LIB, i, ret=0; - BIGNUM *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL, *tmp_4=NULL; + BIGNUM *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL, *tmp_4=NULL, + *tmp_5=NULL, *tmp_6=NULL; BN_CTX *ctx=NULL; EC_POINT *point=NULL; @@ -530,13 +531,16 @@ int ECDSAParameters_print(BIO *bp, const ECDSA *x) goto err; } if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL || - (tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL) + (tmp_3 = BN_new()) == NULL || (tmp_5 = BN_new()) == NULL || + (tmp_6 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL) { reason = ERR_R_MALLOC_FAILURE; goto err; } if (!EC_GROUP_get_curve_GFp(x->group, tmp_1, tmp_2, tmp_3, ctx)) goto err; if ((point = EC_GROUP_get0_generator(x->group)) == NULL) goto err; + if (!EC_GROUP_get_order(x->group, tmp_5, ctx)) goto err; + if (!EC_GROUP_get_cofactor(x->group, tmp_6, ctx)) goto err; buf_len = EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx); if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) { @@ -565,13 +569,17 @@ int ECDSAParameters_print(BIO *bp, const ECDSA *x) if (!print(bp, "Prime p:", tmp_1, buffer, 4)) goto err; if (!print(bp, "Curve a:", tmp_2, buffer, 4)) goto err; if (!print(bp, "Curve b:", tmp_3, buffer, 4)) goto err; - if (!print(bp, "Generator ( compressed ) :", tmp_4, buffer, 4)) goto err; + if (!print(bp, "Generator (compressed):", tmp_4, buffer, 4)) goto err; + if (!print(bp, "Order:", tmp_5, buffer, 4)) goto err; + if (!print(bp, "Cofactor:", tmp_6, buffer, 4)) goto err; ret=1; err: if (tmp_1) BN_free(tmp_1); if (tmp_2) BN_free(tmp_2); if (tmp_3) BN_free(tmp_3); if (tmp_4) BN_free(tmp_4); + if (tmp_5) BN_free(tmp_5); + if (tmp_6) BN_free(tmp_6); if (ctx) BN_CTX_free(ctx); if (buffer) OPENSSL_free(buffer); ECDSAerr(ECDSA_F_ECDSAPARAMETERS_PRINT, reason); diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 518cbfbc78..8e1f038c3d 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -153,7 +153,7 @@ "D6031998D1B3BBFEBF59CC9BBFF9AEE1",\ "5EEEFCA380D02919DC2C6558BB6D8A5D",\ "7B6AA5D85E572983E6FB32A7CDEBC140",0,\ - "3FFFFFFF 7FFFFFFF BE002472 0613B5A3",4 + "3FFFFFFF7FFFFFFFBE0024720613B5A3",4 #define _EC_GROUP_SECG_PRIME_160K1 \ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",\ "0",\ From 26e123738028da5e767cbf7e71c6af114cab6ec3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 8 Mar 2002 19:11:15 +0000 Subject: [PATCH 087/173] Fix the Win32_rename() function so it correctly returns an error code. Use the same code in Win9X and NT. Fix some ca.c options so they work under Win32: unlink/rename wont work under Win32 unless the file is closed. --- apps/apps.c | 17 +++++++---------- apps/ca.c | 4 ++++ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 8c9726ebd7..f0c280c38d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -333,16 +333,13 @@ void program_name(char *in, char *out, int size) #ifdef OPENSSL_SYS_WIN32 int WIN32_rename(char *from, char *to) { -#ifdef OPENSSL_SYS_WINNT - int ret; -/* Note: MoveFileEx() doesn't work under Win95, Win98 */ - - ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED); - return(ret?0:-1); -#else - unlink(to); - return MoveFile(from, to); -#endif + /* Windows rename gives an error if 'to' exists, so delete it + * first and ignore file not found errror + */ + if((remove(to) != 0) && (errno != ENOENT)) + return -1; +#undef rename + return rename(from, to); } #endif diff --git a/apps/ca.c b/apps/ca.c index f368d39b97..5839777189 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1581,6 +1581,10 @@ bad: #else strcat(buf[1],"-old"); #endif + BIO_free(in); + in = NULL; + BIO_free(out); + out = NULL; if (rename(dbfile,buf[1]) < 0) { BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); From 0c372b94f77bebed947b6a5d217a141a3259b3ed Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 9 Mar 2002 18:25:03 +0000 Subject: [PATCH 088/173] Make {RSA,DSA,DH}_new_method obtain and release an ENGINE functional reference in all cases. --- crypto/dh/dh.h | 2 +- crypto/dh/dh_err.c | 2 +- crypto/dh/dh_lib.c | 19 +++++++++++++++---- crypto/dsa/dsa.h | 2 +- crypto/dsa/dsa_err.c | 2 +- crypto/dsa/dsa_lib.c | 19 +++++++++++++++---- crypto/rsa/rsa_lib.c | 15 +++++++++++++-- 7 files changed, 47 insertions(+), 14 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 9bc1d319f9..15cf70de0b 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -195,7 +195,7 @@ void ERR_load_DH_strings(void); #define DH_F_DH_COMPUTE_KEY 102 #define DH_F_DH_GENERATE_KEY 103 #define DH_F_DH_GENERATE_PARAMETERS 104 -#define DH_F_DH_NEW 105 +#define DH_F_DH_NEW_METHOD 105 /* Reason codes. */ #define DH_R_NO_PRIVATE_VALUE 100 diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 86764a3e84..225779336c 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -71,7 +71,7 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, -{ERR_PACK(0,DH_F_DH_NEW,0), "DH_new"}, +{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"}, {0,NULL} }; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 367c19dfe9..7adf48e6a2 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -107,20 +107,29 @@ DH *DH_new_method(ENGINE *engine) ret=(DH *)OPENSSL_malloc(sizeof(DH)); if (ret == NULL) { - DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE); + DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); return(NULL); } ret->meth = DH_get_default_method(); - ret->engine = engine; - if(!ret->engine) + if (engine) + { + if (!ENGINE_init(engine)) + { + DSAerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } + else ret->engine = ENGINE_get_default_DH(); if(ret->engine) { ret->meth = ENGINE_get_DH(ret->engine); if(!ret->meth) { - DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB); + DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; @@ -145,6 +154,8 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + if (ret->engine) + ENGINE_finish(ret->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 1ddc37f9fb..9b3baadf2c 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -230,7 +230,7 @@ void ERR_load_DSA_strings(void); #define DSA_F_DSAPARAMS_PRINT_FP 101 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 -#define DSA_F_DSA_NEW 103 +#define DSA_F_DSA_NEW_METHOD 103 #define DSA_F_DSA_PRINT 104 #define DSA_F_DSA_PRINT_FP 105 #define DSA_F_DSA_SIGN 106 diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 2956c36d63..79aa4ff526 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -71,7 +71,7 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, {ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, {ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, -{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, +{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, {ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, {ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 900e0098fa..da2cdfa3d6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -110,19 +110,28 @@ DSA *DSA_new_method(ENGINE *engine) ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); if (ret == NULL) { - DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); + DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); return(NULL); } ret->meth = DSA_get_default_method(); - ret->engine = engine; - if(!ret->engine) + if (engine) + { + if (!ENGINE_init(engine)) + { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } + else ret->engine = ENGINE_get_default_DSA(); if(ret->engine) { ret->meth = ENGINE_get_DSA(ret->engine); if(!ret->meth) { - DSAerr(DSA_F_DSA_NEW, + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); @@ -149,6 +158,8 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + if (ret->engine) + ENGINE_finish(ret->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 3856ea5da7..93235744f7 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -130,8 +130,17 @@ RSA *RSA_new_method(ENGINE *engine) } ret->meth = RSA_get_default_method(); - ret->engine = engine; - if(!ret->engine) + if (engine) + { + if (!ENGINE_init(engine)) + { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } + else ret->engine = ENGINE_get_default_RSA(); if(ret->engine) { @@ -166,6 +175,8 @@ RSA *RSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + if (ret->engine) + ENGINE_finish(ret->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; From bf6a9e66d6b339770dcc8733f97fd6eb10d58d6c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 9 Mar 2002 18:58:05 +0000 Subject: [PATCH 089/173] Make ciphers and digests obtain an ENGINE functional reference if impl is explicitly supplied. --- crypto/evp/digest.c | 10 +++++++++- crypto/evp/evp_enc.c | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 12c6cec5d8..a969ac69ed 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -152,7 +152,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) * ENGINE and EVP_MD could be used). */ if(ctx->engine) ENGINE_finish(ctx->engine); - if(!impl) + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); if(impl) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 9c65a553d3..22a7b745c1 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -100,7 +100,15 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp * ENGINE and EVP_CIPHER could be used). */ if(ctx->engine) ENGINE_finish(ctx->engine); - if(!impl) + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_cipher_engine(cipher->nid); if(impl) From b9b43196e127545daaf55d49d81d32ab7c18b3f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 11 Mar 2002 09:36:04 +0000 Subject: [PATCH 090/173] asm/mips3.o problems --- STATUS | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 18353c0aa6..7853d9ff50 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/03/06 06:25:31 $ + ______________ $Date: 2002/03/11 09:36:04 $ DEVELOPMENT STATE @@ -21,6 +21,7 @@ o BIGNUM library failures on 64-bit platforms (0.9.7-dev): - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc + and other 64-bit platforms Checked on Result alpha-cc (Tru64 version 4.0) works @@ -31,6 +32,9 @@ Needs checked on [add platforms here] + - BN_mod_mul verification fails for mips3-sgi-irix + unless configured with no-asm + AVAILABLE PATCHES o From 0b4c91c0fcabd68dfd227e359ed471b5f6c27737 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 12 Mar 2002 02:59:37 +0000 Subject: [PATCH 091/173] Fix various warnings when compiling with KRB5 code. --- crypto/asn1/asn1.h | 2 ++ crypto/stack/safestack.h | 20 ++++++++++++++++++++ ssl/kssl.c | 23 +++++++++++------------ ssl/s3_srvr.c | 8 ++++---- 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 170a2aa276..dfd2244b2d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -440,6 +440,8 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); DECLARE_STACK_OF(ASN1_INTEGER) DECLARE_ASN1_SET_OF(ASN1_INTEGER) +DECLARE_STACK_OF(ASN1_GENERALSTRING) + typedef struct asn1_type_st { int type; diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index b931414560..ed9ed2c23a 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -224,6 +224,26 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) +#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) +#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) +#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) +#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) +#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) +#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) +#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) +#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) +#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) +#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) + #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) diff --git a/ssl/kssl.c b/ssl/kssl.c index edc108b3de..04fe2449b2 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -793,7 +793,7 @@ char ** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. ** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. */ -EVP_CIPHER * +const EVP_CIPHER * kssl_map_enc(krb5_enctype enctype) { switch (enctype) @@ -803,14 +803,14 @@ kssl_map_enc(krb5_enctype enctype) case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES_CBC_RAW: - return (EVP_CIPHER *) EVP_des_cbc(); + return EVP_des_cbc(); break; case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ case ENCTYPE_DES3_CBC_SHA: case ENCTYPE_DES3_CBC_RAW: - return (EVP_CIPHER *) EVP_des_ede3_cbc(); + return EVP_des_ede3_cbc(); break; - default: return (EVP_CIPHER *) NULL; + default: return NULL; break; } } @@ -1221,8 +1221,7 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context, if (asn1ticket == NULL || asn1ticket->realm == NULL || asn1ticket->sname == NULL || - asn1ticket->sname->namestring == NULL || - asn1ticket->sname->namestring->num < 2) + sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) { BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "Null field in asn1ticket.\n"); @@ -1238,14 +1237,14 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context, return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ } - gstr_svc = (ASN1_GENERALSTRING*)asn1ticket->sname->namestring->data[0]; - gstr_host = (ASN1_GENERALSTRING*)asn1ticket->sname->namestring->data[1]; + gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0); + gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1); if ((krb5rc = kssl_build_principal_2(krb5context, &new5ticket->server, - asn1ticket->realm->length, asn1ticket->realm->data, - gstr_svc->length, gstr_svc->data, - gstr_host->length, gstr_host->data)) != 0) + asn1ticket->realm->length, (char *)asn1ticket->realm->data, + gstr_svc->length, (char *)gstr_svc->data, + gstr_host->length, (char *)gstr_host->data)) != 0) { free(new5ticket); BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, @@ -1965,7 +1964,7 @@ krb5_error_code kssl_check_authent( KRB5_AUTHENTBODY *auth = NULL; krb5_enctype enctype; EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; + const EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char *p, *unenc_authent; int padl, outl, unencbufsize; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cc2a773a3c..b0c587172b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1561,17 +1561,17 @@ static int ssl3_get_client_key_exchange(SSL *s) n2s(p,i); enc_ticket.length = i; - enc_ticket.data = p; + enc_ticket.data = (char *)p; p+=enc_ticket.length; n2s(p,i); authenticator.length = i; - authenticator.data = p; + authenticator.data = (char *)p; p+=authenticator.length; n2s(p,i); enc_pms.length = i; - enc_pms.data = p; + enc_pms.data = (char *)p; p+=enc_pms.length; if ((unsigned long)n != enc_ticket.length + authenticator.length + @@ -1636,7 +1636,7 @@ static int ssl3_get_client_key_exchange(SSL *s) goto err; } if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl, - enc_pms.data, enc_pms.length)) + (unsigned char *)enc_pms.data, enc_pms.length)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); From 98fa4fe8c54a0f717829e894e8c8528c4a8dd4fe Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 12 Mar 2002 13:32:35 +0000 Subject: [PATCH 092/173] Fix ASN1 additions for KRB5 --- ssl/ssl.h | 1 + ssl/ssl_asn1.c | 45 +++++++++++++++++++++++++++++---------------- ssl/ssl_txt.c | 4 ++-- 3 files changed, 32 insertions(+), 18 deletions(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index af4a7e829e..27d3564630 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -358,6 +358,7 @@ typedef struct ssl_method_st * Cipher OCTET_STRING, -- the 3 byte cipher ID * Session_ID OCTET_STRING, -- the Session ID * Master_key OCTET_STRING, -- the master key + * KRB5_principal OCTET_STRING -- optional Kerberos principal * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index d0487e5af5..c5eeeb6bc5 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -146,9 +146,12 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.key_arg.data=in->key_arg; #ifndef OPENSSL_NO_KRB5 - a.krb5_princ.length=in->krb5_client_princ_len; - a.krb5_princ.type=V_ASN1_OCTET_STRING; - a.krb5_princ.data=in->krb5_client_princ; + if (in->krb5_client_princ_len) + { + a.krb5_princ.length=in->krb5_client_princ_len; + a.krb5_princ.type=V_ASN1_OCTET_STRING; + a.krb5_princ.data=in->krb5_client_princ; + } #endif /* OPENSSL_NO_KRB5 */ if (in->time != 0L) @@ -182,7 +185,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); #ifndef OPENSSL_NO_KRB5 - M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); + if (in->krb5_client_princ_len) + M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); #endif /* OPENSSL_NO_KRB5 */ if (in->key_arg_length > 0) M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); @@ -204,7 +208,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); #ifndef OPENSSL_NO_KRB5 - M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); + if (in->krb5_client_princ_len) + M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); #endif /* OPENSSL_NO_KRB5 */ if (in->key_arg_length > 0) M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); @@ -301,6 +306,25 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, memcpy(ret->master_key,os.data,ret->master_key_length); os.length=0; + +#ifndef OPENSSL_NO_KRB5 + os.length=0; + M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); + if (os.data) + { + if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) + ret->krb5_client_princ_len=0; + else + ret->krb5_client_princ_len=os.length; + memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); + OPENSSL_free(os.data); + os.data = NULL; + os.length = 0; + } + else + ret->krb5_client_princ_len=0; +#endif /* OPENSSL_NO_KRB5 */ + M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); if (os.length > SSL_MAX_KEY_ARG_LENGTH) ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; @@ -309,17 +333,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, memcpy(ret->key_arg,os.data,ret->key_arg_length); if (os.data != NULL) OPENSSL_free(os.data); -#ifndef OPENSSL_NO_KRB5 - os.length=0; - M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); - if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) - ret->krb5_client_princ_len=0; - else - ret->krb5_client_princ_len=os.length; - memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); - if (os.data != NULL) OPENSSL_free(os.data); -#endif /* OPENSSL_NO_KRB5 */ - ai.length=0; M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); if (ai.data != NULL) diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 77e881d061..40b76b1b26 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -140,7 +140,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; } #ifndef OPENSSL_NO_KRB5 - if (BIO_puts(bp,"/n Krb5 Principal: ") <= 0) goto err; + if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; if (x->krb5_client_princ_len == 0) { if (BIO_puts(bp,"None") <= 0) goto err; @@ -148,7 +148,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) else for (i=0; ikrb5_client_princ_len; i++) { - if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; + if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; } #endif /* OPENSSL_NO_KRB5 */ if (x->compress_meth != 0) From cbc9d9713d943c8904100726709871a54a70fc73 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 12 Mar 2002 19:37:18 +0000 Subject: [PATCH 093/173] Fix Kerberos warnings with VC++. --- ssl/kssl.c | 17 +++++++++++++---- ssl/s3_srvr.c | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ssl/kssl.c b/ssl/kssl.c index 04fe2449b2..a3a0596bfd 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -128,9 +128,19 @@ #define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part #define krb5_timeofday kssl_krb5_timeofday #define krb5_rc_default kssl_krb5_rc_default + +#ifndef krb5_rc_initialize #define krb5_rc_initialize kssl_krb5_rc_initialize +#endif + +#ifndef krb5_rc_get_lifespan #define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan +#endif + +#ifndef krb5_rc_destroy #define krb5_rc_destroy kssl_krb5_rc_destroy +#endif + #define valid_cksumtype kssl_valid_cksumtype #define krb5_checksum_size kssl_krb5_checksum_size #define krb5_kt_free_entry kssl_krb5_kt_free_entry @@ -933,7 +943,7 @@ kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) void print_krb5_data(char *label, krb5_data *kdata) { - unsigned int i; + int i; printf("%s[%d] ", label, kdata->length); for (i=0; i < kdata->length; i++) @@ -978,7 +988,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata) void print_krb5_keyblock(char *label, krb5_keyblock *keyblk) { - unsigned int i; + int i; if (keyblk == NULL) { @@ -1010,8 +1020,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) void print_krb5_princ(char *label, krb5_principal_data *princ) { - unsigned int ui, uj; - int i; + int i, ui, uj; printf("%s principal Realm: ", label); if (princ == NULL) return; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index b0c587172b..61ed0ad10e 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1574,7 +1574,7 @@ static int ssl3_get_client_key_exchange(SSL *s) enc_pms.data = (char *)p; p+=enc_pms.length; - if ((unsigned long)n != enc_ticket.length + authenticator.length + + if (n != enc_ticket.length + authenticator.length + enc_pms.length + 6) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, From 497810cae78a5beb8560a851f9a6800dfbbc0cbb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 13 Mar 2002 13:59:38 +0000 Subject: [PATCH 094/173] Undo previous patch: avoid warnings by #undef'ing duplicate definitions. Suggested by "Kenneth R. Robinette" --- ssl/kssl.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/ssl/kssl.c b/ssl/kssl.c index a3a0596bfd..dc54035d2f 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -129,17 +129,20 @@ #define krb5_timeofday kssl_krb5_timeofday #define krb5_rc_default kssl_krb5_rc_default -#ifndef krb5_rc_initialize +#ifdef krb5_rc_initialize +#undef krb5_rc_initialize +#endif #define krb5_rc_initialize kssl_krb5_rc_initialize -#endif -#ifndef krb5_rc_get_lifespan +#ifdef krb5_rc_get_lifespan +#undef krb5_rc_get_lifespan +#endif #define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan -#endif -#ifndef krb5_rc_destroy -#define krb5_rc_destroy kssl_krb5_rc_destroy +#ifdef krb5_rc_destroy +#undef krb5_rc_destroy #endif +#define krb5_rc_destroy kssl_krb5_rc_destroy #define valid_cksumtype kssl_valid_cksumtype #define krb5_checksum_size kssl_krb5_checksum_size From 234c73767daf1dfadbdbff3f884d7cfffff2846c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 14 Mar 2002 09:48:54 +0000 Subject: [PATCH 095/173] use BIO_nwrite() more properly to demonstrate the general idea of BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not in general) --- ssl/ssltest.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 2ef9ae7601..f98202945e 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1053,10 +1053,10 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (num > 1) --num; /* test restartability even more thoroughly */ - r = BIO_nwrite(io1, &dataptr, (int)num); + r = BIO_nwrite0(io1, &dataptr); assert(r > 0); - assert(r <= (int)num); - num = r; + if (r < num) + num = r; r = BIO_read(io2, dataptr, (int)num); if (r != (int)num) /* can't happen */ { @@ -1065,6 +1065,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, goto err; } progress = 1; + r = BIO_nwrite(io1, &dataptr, (int)num); + if (r != (int)num) /* can't happen */ + { + fprintf(stderr, "ERROR: BIO_nwrite() did not accept " + "BIO_nwrite0() bytes"); + goto err; + } if (debug) printf((io2 == client_io) ? From 690ecff7953193cc8e66b588216805f3014df778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 14 Mar 2002 09:52:03 +0000 Subject: [PATCH 096/173] Fixes for 'no-hw' combined with 'no-SOME_CIPHER'. Fix dsaparam usage output. Submitted by: Nils Larsch --- apps/apps.c | 8 ++++---- apps/dsaparam.c | 1 + apps/pkcs8.c | 2 +- apps/speed.c | 3 +-- crypto/asn1/x_pubkey.c | 4 +++- crypto/ecdsa/ecdsatest.c | 15 ++++++++------- crypto/engine/engine.h | 2 +- crypto/engine/hw_4758_cca.c | 8 ++++---- crypto/engine/hw_sureware.c | 8 ++++---- crypto/evp/evp_pkey.c | 10 ++++++---- 10 files changed, 33 insertions(+), 28 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index f0c280c38d..e797796e30 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -147,7 +147,7 @@ static UI_METHOD *ui_method = NULL; static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) /* Looks like this stuff is worth moving into separate function */ static EVP_PKEY * load_netscape_key(BIO *err, BIO *key, const char *file, @@ -832,7 +832,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, pkey=PEM_read_bio_PrivateKey(key,NULL, (pem_password_cb *)password_callback, &cb_data); } -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) pkey = load_netscape_key(err, key, file, key_descrip, format); #endif @@ -901,7 +901,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, pkey=PEM_read_bio_PUBKEY(key,NULL, (pem_password_cb *)password_callback, &cb_data); } -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) pkey = load_netscape_key(err, key, file, key_descrip, format); #endif @@ -917,7 +917,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, return(pkey); } -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) EVP_PKEY * load_netscape_key(BIO *err, BIO *key, const char *file, const char *key_descrip, int format) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index d54c77d93e..c6ecc48904 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -189,6 +189,7 @@ bad: BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," number number of bits to use for generating private key\n"); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index ea8c04dffa..ba91caee6b 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -83,7 +83,7 @@ int MAIN(int argc, char **argv) int nocrypt = 0; X509_SIG *p8; PKCS8_PRIV_KEY_INFO *p8inf; - EVP_PKEY *pkey; + EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; char *engine=NULL; diff --git a/apps/speed.c b/apps/speed.c index b451a49af3..e817a0df15 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -372,11 +372,10 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; unsigned char *buf=NULL,*buf2=NULL; int mret=1; - long count=0,save_count=0; + long count=0,save_count=0, rsa_count; int i,j,k; #ifndef OPENSSL_NO_RSA unsigned rsa_num; - long rsa_count; #endif unsigned char md[EVP_MAX_MD_SIZE]; #ifndef OPENSSL_NO_MD2 diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 227b0ce046..f6f2a0daca 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -212,7 +212,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) long j; int type; unsigned char *p; -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) const unsigned char *cp; X509_ALGOR *a; #endif @@ -237,7 +237,9 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) /* the parameters must be extracted before the public key (ECDSA!) */ +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) a=key->algor; +#endif if (0) ; diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 02f9df923f..18b0ce18b3 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -56,13 +56,6 @@ #include #include #include -#include -#include -#include -#include -#include -#include -#include #ifdef CLOCKS_PER_SEC /* "To determine the time in seconds, the value returned @@ -81,6 +74,14 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; } #else +#include +#include +#include +#include +#include +#include +#include + static BIO *bio_err=NULL; static const char rnd_seed[] = "string to make the random number generator think it has entropy"; diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 6c8b0437f8..1cd27f8422 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -92,7 +92,7 @@ typedef void DSA_METHOD; #ifdef OPENSSL_NO_DH typedef void DH_METHOD; #endif -#ifdef OPENSS_NO_ECDSA +#ifdef OPENSSL_NO_ECDSA typedef void ECDSA_METHOD; #endif diff --git a/crypto/engine/hw_4758_cca.c b/crypto/engine/hw_4758_cca.c index a42baf0a54..959d8f1a61 100644 --- a/crypto/engine/hw_4758_cca.c +++ b/crypto/engine/hw_4758_cca.c @@ -62,8 +62,8 @@ #include #include -#ifndef NO_HW -#ifndef NO_HW_4758_CCA +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_4758_CCA #ifdef FLAT_INC #include "hw_4758_cca.h" @@ -946,5 +946,5 @@ IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ -#endif /* !NO_HW_4758_CCA */ -#endif /* !NO_HW */ +#endif /* !OPENSSL_NO_HW_4758_CCA */ +#endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_sureware.c b/crypto/engine/hw_sureware.c index 3d2ff36033..8ef473c8d3 100644 --- a/crypto/engine/hw_sureware.c +++ b/crypto/engine/hw_sureware.c @@ -59,8 +59,8 @@ #include "engine.h" #include -#ifndef NO_HW -#ifndef NO_HW_SUREWARE +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_SUREWARE #ifdef FLAT_INC #include "sureware.h" @@ -962,5 +962,5 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } return ret; } -#endif /* !NO_HW_SureWare */ -#endif /* !NO_HW */ +#endif /* !OPENSSL_NO_HW_SureWare */ +#endif /* !OPENSSL_NO_HW */ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 15d4d66721..3577837fa9 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -83,7 +83,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #ifndef OPENSSL_NO_ECDSA ECDSA *ecdsa = NULL; #endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) ASN1_INTEGER *privkey; ASN1_TYPE *t1, *t2, *param = NULL; STACK_OF(ASN1_TYPE) *n_stack = NULL; @@ -92,9 +92,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif X509_ALGOR *a; unsigned char *p; -#ifndef OPENSSL_NO_RSA const unsigned char *cp; -#endif int pkeylen; int nid; char obj_tmp[80]; @@ -126,7 +124,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign_RSA (pkey, rsa); break; #endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) case NID_ecdsa_with_SHA1: case NID_dsa: /* PKCS#8 DSA/ECDSA is weird: you just get a private key integer @@ -279,8 +277,12 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) err: if (ctx) BN_CTX_free(ctx); sk_ASN1_TYPE_pop_free(n_stack, ASN1_TYPE_free); +#ifndef OPENSSL_NO_DSA if (dsa) DSA_free(dsa); +#endif +#ifndef OPENSSL_NO_ECDSA if (ecdsa) ECDSA_free(ecdsa); +#endif if (pkey) EVP_PKEY_free(pkey); return NULL; break; From 1d2845352926df66db5798cfebf3784f6af59b8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 14 Mar 2002 13:18:57 +0000 Subject: [PATCH 097/173] add OIDs for WAP/TLS curves --- crypto/objects/obj_dat.h | 46 +++++++++++++++++++++++++++++++++----- crypto/objects/obj_mac.h | 26 +++++++++++++++++++++ crypto/objects/obj_mac.num | 6 +++++ crypto/objects/objects.txt | 21 ++++++++++++----- 4 files changed, 87 insertions(+), 12 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 1aeeb763ca..1fe83801ff 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 562 -#define NUM_SN 560 -#define NUM_LN 560 -#define NUM_OBJ 534 +#define NUM_NID 568 +#define NUM_SN 566 +#define NUM_LN 566 +#define NUM_OBJ 540 -static unsigned char lvalues[4193]={ +static unsigned char lvalues[4218]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -602,6 +602,12 @@ static unsigned char lvalues[4193]={ 0x2B,0x81,0x04,0x00,0x25, /* [4177] OBJ_sect409r1 */ 0x2B,0x81,0x04,0x00,0x26, /* [4182] OBJ_sect571k1 */ 0x2B,0x81,0x04,0x00,0x27, /* [4187] OBJ_sect571r1 */ +0x67,0x2B, /* [4192] OBJ_wap */ +0x67,0x2B,0x0D, /* [4194] OBJ_wap_wsg */ +0x67,0x2B,0x0D,0x04,0x01, /* [4197] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4202] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4207] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4212] OBJ_wap_wsg_idm_ecid_wtls9 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1435,6 +1441,16 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4177]),0}, {"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4182]),0}, {"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4187]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4192]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4194]),0}, +{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4197]),0}, +{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4202]),0}, +{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4207]),0}, +{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4212]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1996,6 +2012,12 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[49]),/* "unstructuredName" */ &(nid_objs[465]),/* "userClass" */ &(nid_objs[373]),/* "valid" */ +&(nid_objs[562]),/* "wap" */ +&(nid_objs[563]),/* "wap-wsg" */ +&(nid_objs[564]),/* "wap-wsg-idm-ecid-wtls1" */ +&(nid_objs[565]),/* "wap-wsg-idm-ecid-wtls6" */ +&(nid_objs[566]),/* "wap-wsg-idm-ecid-wtls8" */ +&(nid_objs[567]),/* "wap-wsg-idm-ecid-wtls9" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ }; @@ -2558,6 +2580,12 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[465]),/* "userClass" */ &(nid_objs[458]),/* "userId" */ &(nid_objs[373]),/* "valid" */ +&(nid_objs[562]),/* "wap" */ +&(nid_objs[563]),/* "wap-wsg" */ +&(nid_objs[564]),/* "wap-wsg-idm-ecid-wtls1" */ +&(nid_objs[565]),/* "wap-wsg-idm-ecid-wtls6" */ +&(nid_objs[566]),/* "wap-wsg-idm-ecid-wtls8" */ +&(nid_objs[567]),/* "wap-wsg-idm-ecid-wtls9" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ &(nid_objs[125]),/* "zlib compression" */ @@ -2572,14 +2600,15 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[527]),/* OBJ_identified_organization 1 3 */ +&(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ &(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ +&(nid_objs[562]),/* OBJ_wap 2 23 43 */ &(nid_objs[435]),/* OBJ_pss 0 9 2342 */ &(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ &(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ @@ -2619,6 +2648,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ +&(nid_objs[563]),/* OBJ_wap_wsg 2 23 43 13 */ &(nid_objs[390]),/* OBJ_dcObject 1466 344 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ @@ -2681,6 +2711,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[559]),/* OBJ_sect409r1 1 3 132 0 37 */ &(nid_objs[560]),/* OBJ_sect571k1 1 3 132 0 38 */ &(nid_objs[561]),/* OBJ_sect571r1 1 3 132 0 39 */ +&(nid_objs[564]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 13 4 1 */ +&(nid_objs[565]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 13 4 6 */ +&(nid_objs[566]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 13 4 8 */ +&(nid_objs[567]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 13 4 9 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ &(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index dc3a4ce3b9..8c761734ff 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -95,6 +95,14 @@ #define NID_certicom_arc 528 #define OBJ_certicom_arc OBJ_identified_organization,132L +#define SN_wap "wap" +#define NID_wap 562 +#define OBJ_wap OBJ_joint_iso_ccitt,23L,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 563 +#define OBJ_wap_wsg OBJ_wap,13L + #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" #define NID_selected_attribute_types 394 @@ -420,6 +428,24 @@ #define NID_sect571r1 561 #define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 564 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 565 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 566 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 567 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + #define SN_cast5_cbc "CAST5-CBC" #define LN_cast5_cbc "cast5-cbc" #define NID_cast5_cbc 108 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 8bad61f26d..1a9c833f79 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -559,3 +559,9 @@ sect409k1 558 sect409r1 559 sect571k1 560 sect571r1 561 +wap 562 +wap_wsg 563 +wap_wsg_idm_ecid_wtls1 564 +wap_wsg_idm_ecid_wtls6 565 +wap_wsg_idm_ecid_wtls8 566 +wap_wsg_idm_ecid_wtls9 567 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 05c4d29afc..a26147728a 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -10,6 +10,9 @@ iso 3 : identified-organization identified-organization 132 : certicom-arc +joint-iso-ccitt 23 43 : wap +wap 13 : wap-wsg + joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -68,12 +71,10 @@ X9-62_primeCurve 7 : prime256v1 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 -# the following AsnOId are from the document -# "SEC 2: Recommended Elliptic Curve Domain Parameters" -# from the Standarts for Efficient Cryptography Group -# ( for more informations see : http://www.secg.org ) +# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" +# (http://www.secg.org/) !Alias secg_ellipticCurve certicom-arc 0 -# secg prime curves oids +# SECG prime curves OIDs secg-ellipticCurve 6 : secp112r1 secg-ellipticCurve 7 : secp112r2 secg-ellipticCurve 28 : secp128r1 @@ -89,7 +90,7 @@ secg-ellipticCurve 10 : secp256k1 X9_62_prime256v1 : secp256r1 secg-ellipticCurve 34 : secp384r1 secg-ellipticCurve 35 : secp521r1 -# secg characteristic two curves oids +# SECG characteristic two curves OIDs secg-ellipticCurve 4 : sect113r1 secg-ellipticCurve 5 : sect113r2 secg-ellipticCurve 22 : sect131r1 @@ -109,6 +110,14 @@ secg-ellipticCurve 37 : sect409r1 secg-ellipticCurve 38 : sect571k1 secg-ellipticCurve 39 : sect571r1 +# WAP/TLS curve OIDs (http://www.wapforum.org/) +!Alias wap-wsg-idm-ecid wap-wsg 4 +wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1 +wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6 +wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8 +wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9 + + ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc : CAST5-ECB : cast5-ecb !Cname cast5-cfb64 From de941e289e5d320d2e3258b0ebf71562830aaabc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Mar 2002 18:22:23 +0000 Subject: [PATCH 098/173] Initialize cipher context in KRB5 ("D. Russell" ) Allow HMAC functions to use an alternative ENGINE. --- apps/speed.c | 8 ++++---- crypto/evp/p5_crpt2.c | 2 +- crypto/hmac/hmac.c | 10 +++++----- crypto/hmac/hmac.h | 2 +- crypto/pkcs12/p12_mutl.c | 8 ++++---- ssl/s3_clnt.c | 2 ++ ssl/s3_srvr.c | 2 ++ ssl/t1_enc.c | 10 +++++----- 8 files changed, 24 insertions(+), 20 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index e817a0df15..95979e509f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1138,7 +1138,7 @@ int MAIN(int argc, char **argv) HMAC_CTX_init(&hctx); HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", - 16,EVP_md5()); + 16,EVP_md5(), NULL); for (j=0; j> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1()); + HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); HMAC_Update(&hctx, salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 3fff7b1af3..da363b7950 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -61,7 +61,7 @@ #include void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md) + const EVP_MD *md, ENGINE *impl) { int i,j,reset=0; unsigned char pad[HMAC_MAX_MD_CBLOCK]; @@ -80,7 +80,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, j=EVP_MD_block_size(md); if (j < len) { - EVP_DigestInit_ex(&ctx->md_ctx,md, NULL); + EVP_DigestInit_ex(&ctx->md_ctx,md, impl); EVP_DigestUpdate(&ctx->md_ctx,key,len); EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, &ctx->key_length); @@ -99,12 +99,12 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->i_ctx,md, NULL); + EVP_DigestInit_ex(&ctx->i_ctx,md, impl); EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->o_ctx,md, NULL); + EVP_DigestInit_ex(&ctx->o_ctx,md, impl); EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); } EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); @@ -115,7 +115,7 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, { if(key && md) HMAC_CTX_init(ctx); - HMAC_Init_ex(ctx,key,len,md); + HMAC_Init_ex(ctx,key,len,md, NULL); } void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 58ac3d0993..0364a1fcbd 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -91,7 +91,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md); + const EVP_MD *md, ENGINE *impl); void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index b6a10de70c..0fb67f74b8 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -87,11 +87,11 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, return 0; } HMAC_CTX_init(&hmac); - HMAC_Init_ex (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); - HMAC_Update (&hmac, p12->authsafes->d.data->data, + HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); + HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); - HMAC_Final (&hmac, mac, maclen); - HMAC_CTX_cleanup (&hmac); + HMAC_Final(&hmac, mac, maclen); + HMAC_CTX_cleanup(&hmac); return 1; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 62571ef5d1..e5853ede95 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1494,6 +1494,8 @@ static int ssl3_send_client_key_exchange(SSL *s) + EVP_MAX_IV_LENGTH]; int padl, outl = sizeof(epms); + EVP_CIPHER_CTX_init(&ciph_ctx); + #ifdef KSSL_DEBUG printf("ssl3_send_client_key_exchange(%lx & %lx)\n", l, SSL_kKRB5); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 61ed0ad10e..d6247a64ea 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1557,6 +1557,8 @@ static int ssl3_get_client_key_exchange(SSL *s) krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + EVP_CIPHER_CTX_init(&ciph_ctx); + if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); n2s(p,i); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0548533354..8b7844ceee 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -78,16 +78,16 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); - HMAC_Init_ex(&ctx,sec,sec_len,md); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md); + HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); + HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); n=0; for (;;) { - HMAC_Init_ex(&ctx,NULL,0,NULL); /* re-init */ - HMAC_Init_ex(&ctx_tmp,NULL,0,NULL); /* re-init */ + HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ + HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); @@ -652,7 +652,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash); + HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); HMAC_Update(&hmac,seq,8); HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); From bfaa8a89e1b81fec52cc3fe15d507d838faac467 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 14 Mar 2002 18:53:15 +0000 Subject: [PATCH 099/173] Add missing strength entries. --- CHANGES | 3 +++ ssl/s3_lib.c | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 7a56deb3b8..64ff6e2251 100644 --- a/CHANGES +++ b/CHANGES @@ -40,6 +40,9 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Some of the ciphers missed the strength entry (SSL_LOW etc). + [Ben Laurie, Lutz Jaenicke] + +) Add an "init" command to the ENGINE config module and auto initialize ENGINEs. Without any "init" command the ENGINE will be initialized after all ctrl commands have been executed on it. If init=1 the diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9a8cf1042d..31994985c9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -170,7 +170,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, @@ -196,7 +196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -209,7 +209,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, @@ -518,7 +518,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA, SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, @@ -703,7 +703,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, From 304d90425f88129911ec256fd840265fda97e9f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 15 Mar 2002 10:52:32 +0000 Subject: [PATCH 100/173] fix ssl3_pending --- CHANGES | 5 +++++ LICENSE | 2 +- ssl/s3_lib.c | 5 ++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 64ff6e2251..ba42e28efd 100644 --- a/CHANGES +++ b/CHANGES @@ -40,6 +40,11 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from + returning non-zero before the data has been completely received + when using non-blocking I/O. + [Bodo Moeller; problem pointed out by John Hughes] + *) Some of the ciphers missed the strength entry (SSL_LOW etc). [Ben Laurie, Lutz Jaenicke] diff --git a/LICENSE b/LICENSE index 3fd259ac32..7b93e0dbce 100644 --- a/LICENSE +++ b/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 31994985c9..4ccc70b061 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -943,6 +943,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u) int ssl3_pending(SSL *s) { + if (s->rstate == SSL_ST_READ_BODY) + return 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; } From c46acbacde2b6976b91971669a8e759837123af3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 15 Mar 2002 16:46:41 +0000 Subject: [PATCH 101/173] Rename 'cray-t90-cc' into 'cray-j90'. Add to 'config'. --- Configure | 7 +- TABLE | 210 ++++++++++++++++++++++++++++++++++++++++++++++++------ config | 9 +++ 3 files changed, 203 insertions(+), 23 deletions(-) diff --git a/Configure b/Configure index 39bbe88f6a..8a7f7d9908 100755 --- a/Configure +++ b/Configure @@ -434,7 +434,7 @@ my %table=( "aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", # -# Cray T90 (SDSC) +# Cray T90 and similar (SDSC) # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT # defined. The T90 ints and longs are 8 bytes long, and apparently the # B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and @@ -444,7 +444,10 @@ my %table=( #'Taking the address of a bit field is not allowed. ' #'An expression with bit field exists as the operand of "sizeof" ' # (written by Wayne Schroeder ) -"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", +# +# j90 is considered the base machine type for unicos machines, +# so this configuration is now called "cray-j90" ... +"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", # # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) diff --git a/TABLE b/TABLE index 6ba53ec53e..d13c723807 100644 --- a/TABLE +++ b/TABLE @@ -367,7 +367,7 @@ $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL $bn_obj = $des_obj = $bf_obj = @@ -408,14 +408,62 @@ $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = -*** OpenBSD-mips +*** OpenBSD-hppa $cc = gcc -$cflags = -O2 -DL_ENDIAN +$cflags = -DTERMIOS -O3 -fomit-frame-pointer $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR -$bn_ops = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$shared_extension = +$ranlib = + +*** OpenBSD-i386 +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-out.o asm/co86-out.o +$des_obj = asm/dx86-out.o asm/yx86-out.o +$bf_obj = asm/bx86-out.o +$md5_obj = asm/mx86-out.o +$sha1_obj = asm/sx86-out.o +$cast_obj = asm/cx86-out.o +$rc4_obj = asm/rx86-out.o +$rmd160_obj = asm/rm86-out.o +$rc5_obj = asm/r586-out.o +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + +*** OpenBSD-m68k +$cc = gcc +$cflags = -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL $bn_obj = $des_obj = $bf_obj = @@ -432,23 +480,143 @@ $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = -*** OpenBSD-x86 +*** OpenBSD-m88k $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 +$cflags = -DTERMIOS -O3 -fomit-frame-pointer $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-out.o asm/co86-out.o -$des_obj = asm/dx86-out.o asm/yx86-out.o -$bf_obj = asm/bx86-out.o -$md5_obj = asm/mx86-out.o -$sha1_obj = asm/sx86-out.o -$cast_obj = asm/cx86-out.o -$rc4_obj = asm/rx86-out.o -$rmd160_obj = asm/rm86-out.o -$rc5_obj = asm/r586-out.o +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + +*** OpenBSD-mips +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2 +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + +*** OpenBSD-powerpc +$cc = gcc +$cflags = -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + +*** OpenBSD-sparc +$cc = gcc +$cflags = -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + +*** OpenBSD-sparc64 +$cc = gcc +$cflags = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + +*** OpenBSD-vax +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = $dso_scheme = dlfcn $shared_target= bsd-gcc-shared $shared_cflag = -fPIC @@ -1056,14 +1224,14 @@ $shared_ldflag = $shared_extension = $ranlib = -*** cray-t3e +*** cray-j90 $cc = cc $cflags = -DBIT_FIELD_LIMITS -DTERMIOS $unistd = $thread_cflag = (unknown) $sys_id = CRAY $lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT +$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT $bn_obj = $des_obj = $bf_obj = @@ -1080,14 +1248,14 @@ $shared_ldflag = $shared_extension = $ranlib = -*** cray-t90-cc +*** cray-t3e $cc = cc $cflags = -DBIT_FIELD_LIMITS -DTERMIOS $unistd = $thread_cflag = (unknown) $sys_id = CRAY $lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT $bn_obj = $des_obj = $bf_obj = diff --git a/config b/config index d1ca5452da..df973edddc 100755 --- a/config +++ b/config @@ -344,6 +344,13 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in exit 0 ;; + *"CRAY T3E") + echo "t3e-cray-unicosmk"; exit 0; + ;; + + *CRAY*) + echo "j90-cray-unicos"; exit 0; + ;; esac # @@ -688,6 +695,8 @@ EOF mips-sony-newsos4) OUT="newsos4-gcc" ;; *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;; *-*-cygwin) OUT="Cygwin" ;; + t3e-cray-unicosmk) OUT="cray-t3e" ;; + j90-cray-unicos) OUT="cray-j90" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac From 3e268d2717df4f74acddccf2ffe954f63b54b8a0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 16 Mar 2002 23:20:05 +0000 Subject: [PATCH 102/173] Ensure EVP_CipherInit() uses the correct encode/decode parameter if enc == -1 [Reported by Markus Friedl ] Fix typo in dh_lib.c (use of DSAerr instead of DHerr). --- crypto/dh/dh_lib.c | 2 +- crypto/evp/evp_enc.c | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7adf48e6a2..ba5fd41057 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -116,7 +116,7 @@ DH *DH_new_method(ENGINE *engine) { if (!ENGINE_init(engine)) { - DSAerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 22a7b745c1..d28a7d266e 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -85,7 +85,14 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { - if(enc && (enc != -1)) enc = 1; + if (enc == -1) + enc = ctx->encrypt; + else + { + if (enc) + enc = 1; + ctx->encrypt = enc; + } /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -184,7 +191,6 @@ skip_to_init: if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } - if(enc != -1) ctx->encrypt=enc; ctx->buf_len=0; ctx->final_used=0; ctx->block_mask=ctx->cipher->block_size-1; From e79ec456beacdc1d8b463d90661fc872e7cf836a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 18 Mar 2002 13:05:20 +0000 Subject: [PATCH 103/173] fix #include position Submitted by: Nils Larsch --- crypto/ripemd/rmdtest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index 19e9741db2..be1fb8b1f6 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -59,7 +59,6 @@ #include #include #include -#include #ifdef OPENSSL_NO_RIPEMD int main(int argc, char *argv[]) @@ -68,6 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else +#include #include #ifdef CHARSET_EBCDIC From af28dd6c75cc7abaec8b5df7555f07d143d3a6d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 18 Mar 2002 13:10:45 +0000 Subject: [PATCH 104/173] Fix bugs and typos. Add some WTLS curves. New function EC_GROUP_check() (this will probably be implemented differently soon). Submitted by: Nils Larsch Reviewed by: Bodo Moeller --- CHANGES | 5 +- apps/ecdsaparam.c | 114 +++++++++++++++++++++++++--------------- apps/speed.c | 5 +- crypto/conf/conf_mod.c | 2 +- crypto/ec/ec.h | 15 +++++- crypto/ec/ec_curve.c | 31 ++++++++++- crypto/ec/ec_err.c | 8 ++- crypto/ec/ec_lcl.h | 4 ++ crypto/ec/ec_lib.c | 34 ++++++++---- crypto/ec/ecp_mont.c | 1 + crypto/ec/ecp_nist.c | 1 + crypto/ec/ecp_recp.c | 1 + crypto/ec/ecp_smpl.c | 109 +++++++++++++++++++++++++++++++++++++- crypto/ecdsa/ecs_asn1.c | 48 ++++++++++------- 14 files changed, 297 insertions(+), 81 deletions(-) diff --git a/CHANGES b/CHANGES index ba42e28efd..bba9929d66 100644 --- a/CHANGES +++ b/CHANGES @@ -19,8 +19,9 @@ extracted before the specific public key. [Nils Larsch ] - *) Include some named elliptic curves, and add OIDs from X9.62 and SECG. - The curves can be obtained from the new functions + *) Include some named elliptic curves, and add OIDs from X9.62, + SECG, and WAP/WTLS. The curves can be obtained from the new + functions EC_GROUP_new_by_nid() EC_GROUP_new_by_name() Also add a 'nid' field to EC_GROUP objects, which can be accessed diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c index 199a363644..10715add80 100644 --- a/apps/ecdsaparam.c +++ b/apps/ecdsaparam.c @@ -133,15 +133,16 @@ * -out arg - output file - default stdout * -noout * -text + * -check - validate the ec parameters * -C * -noout * -genkey - generate a private public keypair based on the supplied curve * -named_curve - use the curve oid instead of the parameters - * -NIST_192 - use the NIST recommeded curve parameters over a 192 bit prime field - * -NIST_224 - use the NIST recommeded curve parameters over a 224 bit prime field - * -NIST_256 - use the NIST recommeded curve parameters over a 256 bit prime field - * -NIST_384 - use the NIST recommeded curve parameters over a 384 bit prime field - * -NIST_521 - use the NIST recommeded curve parameters over a 521 bit prime field + * -NIST_192 - use the NIST recommended curve parameters over a 192 bit prime field + * -NIST_224 - use the NIST recommended curve parameters over a 224 bit prime field + * -NIST_256 - use the NIST recommended curve parameters over a 256 bit prime field + * -NIST_384 - use the NIST recommended curve parameters over a 384 bit prime field + * -NIST_521 - use the NIST recommended curve parameters over a 521 bit prime field * -X9_62_192v1 - use the X9_62 192v1 example curve over a 192 bit prime field * -X9_62_192v2 - use the X9_62 192v2 example curve over a 192 bit prime field * -X9_62_192v3 - use the X9_62 192v3 example curve over a 192 bit prime field @@ -149,21 +150,24 @@ * -X9_62_239v2 - use the X9_62 239v2 example curve over a 239 bit prime field * -X9_62_239v3 - use the X9_62 239v3 example curve over a 239 bit prime field * -X9_62_256v1 - use the X9_62 239v1 example curve over a 256 bit prime field - * -SECG_PRIME_112R1 - use the SECG 112r1 recommeded curve over a 112 bit prime field - * -SECG_PRIME_112R2 - use the SECG 112r2 recommeded curve over a 112 bit prime field - * -SECG_PRIME_128R1 - use the SECG 128r1 recommeded curve over a 128 bit prime field - * -SECG_PRIME_128R2 - use the SECG 128r2 recommeded curve over a 128 bit prime field - * -SECG_PRIME_160K1 - use the SECG 160k1 recommeded curve over a 160 bit prime field - * -SECG_PRIME_160R1 - use the SECG 160r1 recommeded curve over a 160 bit prime field - * -SECG_PRIME_160R2 - use the SECG 160r2 recommeded curve over a 160 bit prime field - * -SECG_PRIME_192K1 - use the SECG 192k1 recommeded curve over a 192 bit prime field - * -SECG_PRIME_192R1 - use the SECG 192r1 recommeded curve over a 192 bit prime field - * -SECG_PRIME_224K1 - use the SECG 224k1 recommeded curve over a 224 bit prime field - * -SECG_PRIME_224R1 - use the SECG 224r1 recommeded curve over a 224 bit prime field - * -SECG_PRIME_256K1 - use the SECG 256k1 recommeded curve over a 256 bit prime field - * -SECG_PRIME_256R1 - use the SECG 256r1 recommeded curve over a 256 bit prime field - * -SECG_PRIME_384R1 - use the SECG 384r1 recommeded curve over a 384 bit prime field - * -SECG_PRIME_521R1 - use the SECG 521r1 recommeded curve over a 521 bit prime field + * -SECG_PRIME_112R1 - use the SECG 112r1 recommended curve over a 112 bit prime field + * -SECG_PRIME_112R2 - use the SECG 112r2 recommended curve over a 112 bit prime field + * -SECG_PRIME_128R1 - use the SECG 128r1 recommended curve over a 128 bit prime field + * -SECG_PRIME_128R2 - use the SECG 128r2 recommended curve over a 128 bit prime field + * -SECG_PRIME_160K1 - use the SECG 160k1 recommended curve over a 160 bit prime field + * -SECG_PRIME_160R1 - use the SECG 160r1 recommended curve over a 160 bit prime field + * -SECG_PRIME_160R2 - use the SECG 160r2 recommended curve over a 160 bit prime field + * -SECG_PRIME_192K1 - use the SECG 192k1 recommended curve over a 192 bit prime field + * -SECG_PRIME_192R1 - use the SECG 192r1 recommended curve over a 192 bit prime field + * -SECG_PRIME_224K1 - use the SECG 224k1 recommended curve over a 224 bit prime field + * -SECG_PRIME_224R1 - use the SECG 224r1 recommended curve over a 224 bit prime field + * -SECG_PRIME_256K1 - use the SECG 256k1 recommended curve over a 256 bit prime field + * -SECG_PRIME_256R1 - use the SECG 256r1 recommended curve over a 256 bit prime field + * -SECG_PRIME_384R1 - use the SECG 384r1 recommended curve over a 384 bit prime field + * -SECG_PRIME_521R1 - use the SECG 521r1 recommended curve over a 521 bit prime field + * -WTLS_6 - use the WAP/WTLS recommended curve number 6 over a 112 bit field + * -WTLS_8 - use the WAP/WTLS recommended curve number 8 over a 112 bit field + * -WTLS_9 - use the WAP/WTLS recommended curve number 9 over a 160 bit field */ int MAIN(int, char **); @@ -177,6 +181,7 @@ int MAIN(int argc, char **argv) int informat, outformat, noout = 0, C = 0, ret = 1; char *infile, *outfile, *prog, *inrand = NULL; int genkey = 0; + int check = 0; int need_rand = 0; char *engine=NULL; int curve_type = EC_GROUP_NO_CURVE; @@ -235,6 +240,8 @@ int MAIN(int argc, char **argv) text = 1; else if (strcmp(*argv,"-C") == 0) C = 1; + else if (strcmp(*argv,"-check") == 0) + check = 1; else if (strcmp(*argv,"-genkey") == 0) { genkey = 1; @@ -302,6 +309,12 @@ int MAIN(int argc, char **argv) curve_type = EC_GROUP_SECG_PRIME_384R1; else if (strcmp(*argv, "-SECG_PRIME_521R1") == 0) curve_type = EC_GROUP_SECG_PRIME_521R1; + else if (strcmp(*argv, "-WTLS_6") == 0) + curve_type = EC_GROUP_WTLS_6; + else if (strcmp(*argv, "-WTLS_8") == 0) + curve_type = EC_GROUP_WTLS_8; + else if (strcmp(*argv, "-WTLS_9") == 0) + curve_type = EC_GROUP_WTLS_9; else if (strcmp(*argv, "-noout") == 0) noout=1; else @@ -325,15 +338,16 @@ bad: BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -check validate the ec parameters\n"); BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -named_curve use the curve oid instead of the parameters\n"); - BIO_printf(bio_err," -NIST_192 use the NIST recommeded curve parameters over a 192 bit prime field\n"); - BIO_printf(bio_err," -NIST_224 use the NIST recommeded curve parameters over a 224 bit prime field\n"); - BIO_printf(bio_err," -NIST_256 use the NIST recommeded curve parameters over a 256 bit prime field\n"); - BIO_printf(bio_err," -NIST_384 use the NIST recommeded curve parameters over a 384 bit prime field\n"); - BIO_printf(bio_err," -NIST_521 use the NIST recommeded curve parameters over a 521 bit prime field\n"); + BIO_printf(bio_err," -NIST_192 use the NIST recommended curve parameters over a 192 bit prime field\n"); + BIO_printf(bio_err," -NIST_224 use the NIST recommended curve parameters over a 224 bit prime field\n"); + BIO_printf(bio_err," -NIST_256 use the NIST recommended curve parameters over a 256 bit prime field\n"); + BIO_printf(bio_err," -NIST_384 use the NIST recommended curve parameters over a 384 bit prime field\n"); + BIO_printf(bio_err," -NIST_521 use the NIST recommended curve parameters over a 521 bit prime field\n"); BIO_printf(bio_err," -X9_62_192v1 use the X9_62 192v1 example curve over a 192 bit prime field\n"); BIO_printf(bio_err," -X9_62_192v2 use the X9_62 192v2 example curve over a 192 bit prime field\n"); BIO_printf(bio_err," -X9_62_192v3 use the X9_62 192v3 example curve over a 192 bit prime field\n"); @@ -341,21 +355,24 @@ bad: BIO_printf(bio_err," -X9_62_239v2 use the X9_62 239v2 example curve over a 239 bit prime field\n"); BIO_printf(bio_err," -X9_62_239v3 use the X9_62 239v3 example curve over a 239 bit prime field\n"); BIO_printf(bio_err," -X9_62_256v1 use the X9_62 239v1 example curve over a 256 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_112R1 use the SECG 112r1 recommeded curve over a 112 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_112R2 use the SECG 112r2 recommeded curve over a 112 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_128R1 use the SECG 128r1 recommeded curve over a 128 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_128R2 use the SECG 128r2 recommeded curve over a 128 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_160K1 use the SECG 160k1 recommeded curve over a 160 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_160R1 use the SECG 160r1 recommeded curve over a 160 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_160R2 use the SECG 160r2 recommeded curve over a 160 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_192K1 use the SECG 192k1 recommeded curve over a 192 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_192R1 use the SECG 192r1 recommeded curve over a 192 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_224K1 use the SECG 224k1 recommeded curve over a 224 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_224R1 use the SECG 224r1 recommeded curve over a 224 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_256K1 use the SECG 256k1 recommeded curve over a 256 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_256R1 use the SECG 256r1 recommeded curve over a 256 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_384R1 use the SECG 384r1 recommeded curve over a 384 bit prime field\n"); - BIO_printf(bio_err," -SECG_PRIME_521R1 use the SECG 521r1 recommeded curve over a 521 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_112R1 use the SECG 112r1 recommended curve over a 112 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_112R2 use the SECG 112r2 recommended curve over a 112 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_128R1 use the SECG 128r1 recommended curve over a 128 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_128R2 use the SECG 128r2 recommended curve over a 128 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_160K1 use the SECG 160k1 recommended curve over a 160 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_160R1 use the SECG 160r1 recommended curve over a 160 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_160R2 use the SECG 160r2 recommended curve over a 160 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_192K1 use the SECG 192k1 recommended curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_192R1 use the SECG 192r1 recommended curve over a 192 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_224K1 use the SECG 224k1 recommended curve over a 224 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_224R1 use the SECG 224r1 recommended curve over a 224 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_256K1 use the SECG 256k1 recommended curve over a 256 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_256R1 use the SECG 256r1 recommended curve over a 256 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_384R1 use the SECG 384r1 recommended curve over a 384 bit prime field\n"); + BIO_printf(bio_err," -SECG_PRIME_521R1 use the SECG 521r1 recommended curve over a 521 bit prime field\n"); + BIO_printf(bio_err," -WTLS_6 use the WAP/WTLS recommended curve number 6 over a 112 bit field\n"); + BIO_printf(bio_err," -WTLS_8 use the WAP/WTLS recommended curve number 8 over a 112 bit field\n"); + BIO_printf(bio_err," -WTLS_9 use the WAP/WTLS recommended curve number 9 over a 112 bit field\n"); goto end; } @@ -436,9 +453,24 @@ bad: { ECDSAParameters_print(out, ecdsa); } + + if (check) + { + if (ecdsa == NULL) + BIO_printf(bio_err, "no elliptic curve parameters\n"); + BIO_printf(bio_err, "checking elliptic curve parameters: "); + if (!EC_GROUP_check(ecdsa->group, NULL)) + { + BIO_printf(bio_err, "failed\n"); + ERR_print_errors(bio_err); + } + else + BIO_printf(bio_err, "ok\n"); + + } if (C) - { /* TODO : characteristic two */ + { /* TODO: characteristic two */ int l, len, bits_p; if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL || (tmp_3 = BN_new()) == NULL || (tmp_4 = BN_new()) == NULL || diff --git a/apps/speed.c b/apps/speed.c index 95979e509f..8b837e9964 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -372,8 +372,11 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; unsigned char *buf=NULL,*buf2=NULL; int mret=1; - long count=0,save_count=0, rsa_count; + long count=0,save_count=0; int i,j,k; +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) + long rsa_count; +#endif #ifndef OPENSSL_NO_RSA unsigned rsa_num; #endif diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 459a2d7df1..f92babc2e2 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -165,7 +165,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags) { - char *file; + char *file = NULL; CONF *conf = NULL; int ret = 0; conf = NCONF_new(NULL); diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 192ef13f01..f83bacc89b 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -1,6 +1,6 @@ /* crypto/ec/ec.h */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -125,6 +125,8 @@ EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); /* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp() * after choosing an appropriate EC_METHOD */ @@ -163,6 +165,11 @@ EC_GROUP *EC_GROUP_new_by_name(int name); #define EC_GROUP_SECG_PRIME_256R1 NID_secp256r1 #define EC_GROUP_SECG_PRIME_384R1 NID_secp384r1 #define EC_GROUP_SECG_PRIME_521R1 NID_secp521r1 +#define EC_GROUP_WTLS_6 NID_wap_wsg_idm_ecid_wtls6 +#define EC_GROUP_WTLS_7 NID_secp160r1 +#define EC_GROUP_WTLS_8 NID_wap_wsg_idm_ecid_wtls8 +#define EC_GROUP_WTLS_9 NID_wap_wsg_idm_ecid_wtls9 +#define EC_GROUP_WTLS_12 NID_secp224r1 EC_POINT *EC_POINT_new(const EC_GROUP *); void EC_POINT_free(EC_POINT *); @@ -220,6 +227,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 #define EC_F_EC_GFP_MONT_FIELD_MUL 131 #define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK 151 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 @@ -229,6 +237,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +#define EC_F_EC_GROUP_CHECK 150 #define EC_F_EC_GROUP_COPY 106 #define EC_F_EC_GROUP_GET0_GENERATOR 139 #define EC_F_EC_GROUP_GET_COFACTOR 140 @@ -266,6 +275,7 @@ void ERR_load_EC_strings(void); /* Reason codes. */ #define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_DISCRIMINANT_IS_ZERO 118 #define EC_R_INCOMPATIBLE_OBJECTS 101 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 @@ -273,13 +283,14 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_ENCODING 102 #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 -#define EC_R_MISSING_PARAMETERS 115 +#define EC_R_INVALID_GROUP_ORDER 119 #define EC_R_NOT_INITIALIZED 111 #define EC_R_NO_SUCH_EXTRA_DATA 105 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 #define EC_R_SLOT_FULL 108 #define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 122 #define EC_R_UNKNOWN_GROUP 116 #define EC_R_UNKNOWN_NID 117 #define EC_R_UNKNOWN_ORDER 114 diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 8e1f038c3d..132e631a4e 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -60,7 +60,7 @@ #include /* #define _EC_GROUP_EXAMPLE_PRIME_CURVE \ - * "the prime number p", "a", "b", "the compressed base point", "y-bit", "order", "cofacor" + * "the prime number p", "a", "b", "the compressed base point", "y-bit", "order", "cofactor" */ /* the nist prime curves */ #define _EC_GROUP_NIST_PRIME_192 \ @@ -190,6 +190,25 @@ "7",\ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",0,\ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1 +/* some wap/wtls curves */ +#define _EC_GROUP_WTLS_6 \ + "DB7C2ABF62E35E668076BEAD208B",\ + "DB7C2ABF62E35E668076BEAD2088",\ + "659EF8BA043916EEDE8911702B22",\ + "09487239995A5EE76B55F9C2F098",0,\ + "DB7C2ABF62E35E7628DFAC6561C5",1 +#define _EC_GROUP_WTLS_8 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFDE7",\ + "0",\ + "3",\ + "1",0,\ + "0100000000000001ECEA551AD837E9",1 +#define _EC_GROUP_WTLS_9 \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",\ + "0",\ + "3",\ + "1",0,\ + "0100000000000000000001CDC98AE0E2DE574ABF33",1 static EC_GROUP *ec_group_new_GFp_from_hex(const char *prime_in, const char *a_in, const char *b_in, @@ -317,6 +336,16 @@ EC_GROUP *EC_GROUP_new_by_name(int name) case EC_GROUP_SECG_PRIME_256K1: ret = ec_group_new_GFp_from_hex(_EC_GROUP_SECG_PRIME_256K1); break; + /* some wap/wtls curves */ + case EC_GROUP_WTLS_6: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_WTLS_6); + break; + case EC_GROUP_WTLS_8: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_WTLS_8); + break; + case EC_GROUP_WTLS_9: + ret = ec_group_new_GFp_from_hex(_EC_GROUP_WTLS_9); + break; } if (ret == NULL) diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 2199d92539..e78713bd0b 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,6 +71,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, +{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_CHECK,0), "ec_GFp_simple_group_check"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"}, @@ -80,6 +81,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"}, +{ERR_PACK(0,EC_F_EC_GROUP_CHECK,0), "EC_GROUP_check"}, {ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"}, {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, @@ -120,6 +122,7 @@ static ERR_STRING_DATA EC_str_functs[]= static ERR_STRING_DATA EC_str_reasons[]= { {EC_R_BUFFER_TOO_SMALL ,"buffer too small"}, +{EC_R_DISCRIMINANT_IS_ZERO ,"discriminant is zero"}, {EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, {EC_R_INVALID_ARGUMENT ,"invalid argument"}, {EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, @@ -127,13 +130,14 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_INVALID_ENCODING ,"invalid encoding"}, {EC_R_INVALID_FIELD ,"invalid field"}, {EC_R_INVALID_FORM ,"invalid form"}, -{EC_R_MISSING_PARAMETERS ,"missing parameters"}, +{EC_R_INVALID_GROUP_ORDER ,"invalid group order"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, {EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, {EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, {EC_R_SLOT_FULL ,"slot full"}, {EC_R_UNDEFINED_GENERATOR ,"undefined generator"}, +{EC_R_UNDEFINED_ORDER ,"undefined order"}, {EC_R_UNKNOWN_GROUP ,"unknown group"}, {EC_R_UNKNOWN_NID ,"unknown nid"}, {EC_R_UNKNOWN_ORDER ,"unknown order"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index b93825524f..87feb39dea 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -82,6 +82,9 @@ struct ec_method_st { int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *); int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + /* used by EC_GROUP_check: */ + int (*group_check)(const EC_GROUP *, BN_CTX *); + /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ int (*point_init)(EC_POINT *); void (*point_finish)(EC_POINT *); @@ -215,6 +218,7 @@ int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator, EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *); int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +int ec_GFp_simple_group_check(const EC_GROUP *, BN_CTX *); int ec_GFp_simple_point_init(EC_POINT *); void ec_GFp_simple_point_finish(EC_POINT *); void ec_GFp_simple_point_clear_finish(EC_POINT *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 3e372dbed3..1a6aceed82 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -237,6 +237,29 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) } +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->group_check == 0) + { + ECerr(EC_F_EC_GROUP_CHECK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_check(group, ctx); + } + + +void EC_GROUP_set_nid(EC_GROUP *group, int nid) + { + group->nid = nid; + } + + +int EC_GROUP_get_nid(const EC_GROUP *group) + { + return group->nid; + } + + /* this has 'package' visibility */ int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) @@ -299,17 +322,6 @@ void EC_GROUP_clear_free_extra_data(EC_GROUP *group) group->extra_data_clear_free_func = 0; } -void EC_GROUP_set_nid(EC_GROUP *group, int nid) - { - group->nid = nid; - } - -int EC_GROUP_get_nid(const EC_GROUP *group) - { - return group->nid; - } - - /* functions for EC_POINT objects */ diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 7b30d4c38a..1d02661555 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -71,6 +71,7 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, + ec_GFp_simple_group_check, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index ed07748675..4d92220670 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -69,6 +69,7 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, + ec_GFp_simple_group_check, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index fec843b5c8..b251c921ce 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -69,6 +69,7 @@ const EC_METHOD *EC_GFp_recp_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, + ec_GFp_simple_group_check, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 4666a052bf..8e062dc951 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -2,7 +2,7 @@ /* Includes code written by Lenka Fibikova * for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -73,6 +73,7 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, + ec_GFp_simple_group_check, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, @@ -338,6 +339,112 @@ int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN } +int ec_GFp_simple_group_check(const EC_GROUP *group, BN_CTX *ctx) + { + int ret = 0; + BIGNUM *a,*b,*order,*tmp_1,*tmp_2; + const BIGNUM *p = &group->field; + BN_CTX *new_ctx = NULL; + EC_POINT *point = NULL; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, ERR_R_MALLOC_FAILURE); + goto err; + } + } + BN_CTX_start(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + tmp_1 = BN_CTX_get(ctx); + tmp_2 = BN_CTX_get(ctx); + order = BN_CTX_get(ctx); + if (order == NULL) goto err; + + if (group->meth->field_decode) + { + if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; + if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; + } + else + { + if (!BN_copy(a, &group->a)) goto err; + if (!BN_copy(b, &group->b)) goto err; + } + + /* check the discriminant: + * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) + * 0 =< a, b < p */ + if (BN_is_zero(a)) + { + if (BN_is_zero(b)) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); + goto err; + } + } + else if (!BN_is_zero(b)) + { + if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err; + if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err; + if (!BN_lshift(tmp_1, tmp_2, 2)) goto err; + /* tmp_1 = 4*a^3 */ + + if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err; + if (!BN_mul_word(tmp_2, 27)) goto err; + /* tmp_2 = 27*b^2 */ + + if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err; + if (BN_is_zero(a)) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); + goto err; + } + } + + /* check the generator */ + if (group->generator == NULL) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); + goto err; + } + if (!ec_GFp_simple_is_on_curve(group, group->generator, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + + /* check the order of the generator */ + if ((point = EC_POINT_new(group)) == NULL) goto err; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; + if (BN_is_zero(order)) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_UNDEFINED_ORDER); + goto err; + } + + if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; + if (!EC_POINT_is_at_infinity(group, point)) + { + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); + goto err; + } + + ret = 1; + +err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + if (point) + EC_POINT_free(point); + return ret; + } + + int ec_GFp_simple_point_init(EC_POINT *point) { BN_init(&point->X); diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 6fa0b3fb7f..b537de6600 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -170,6 +170,7 @@ X9_62_CURVE *ECDSA_get_X9_62_CURVE(const ECDSA *ecdsa, X9_62_CURVE *curve) X9_62_CURVE *ret=NULL; BIGNUM *tmp1=NULL, *tmp2=NULL; unsigned char *buffer=NULL; + unsigned char char_buf = 0; if (!ecdsa || !ecdsa->group) OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS) @@ -189,29 +190,38 @@ X9_62_CURVE *ECDSA_get_X9_62_CURVE(const ECDSA *ecdsa, X9_62_CURVE *curve) if (!EC_GROUP_get_curve_GFp(ecdsa->group, NULL, tmp1, tmp2, NULL)) OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB) - if ((len1 = BN_num_bytes(tmp1)) == 0) - OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER_LENGTH) - if ((buffer = OPENSSL_malloc(len1)) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) - if ((len1 = BN_bn2bin(tmp1, buffer)) == 0) goto err; - if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) - if (!M_ASN1_OCTET_STRING_set(ret->a, buffer, len1)) + if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || + (ret->b = M_ASN1_OCTET_STRING_new()) == NULL ) OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) - if ((len2 = BN_num_bytes(tmp2)) == 0) - OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER_LENGTH) - if (len1 < len2) + len1 = BN_num_bytes(tmp1); + len2 = BN_num_bytes(tmp2); + + if ((buffer = OPENSSL_malloc(len1 > len2 ? len1 : len2)) == NULL) + OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) + + if (len1 == 0) /* => a == 0 */ { - OPENSSL_free(buffer); - if ((buffer = OPENSSL_malloc(len2)) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) + if (!M_ASN1_OCTET_STRING_set(ret->a, char_buf, 1)) + OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) + } + else + { + if ((len1 = BN_bn2bin(tmp1, buffer)) == 0) goto err; + if (!M_ASN1_OCTET_STRING_set(ret->a, buffer, len1)) + OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) + } + if (len2 == 0) /* => b == 0 */ + { + if (!M_ASN1_OCTET_STRING_set(ret->a, char_buf, 1)) + OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) + } + else + { + if ((len2 = BN_bn2bin(tmp2, buffer)) == 0) goto err; + if (!M_ASN1_OCTET_STRING_set(ret->b, buffer, len2)) + OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) } - if ((len2 = BN_bn2bin(tmp2, buffer)) == 0) goto err; - if ((ret->b = M_ASN1_OCTET_STRING_new()) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) - if (!M_ASN1_OCTET_STRING_set(ret->b, buffer, len2)) - OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) if (ecdsa->seed) { From 611ba3f4a1e2e7c418c102e286faacffef7783ec Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 19 Mar 2002 01:28:00 +0000 Subject: [PATCH 105/173] Initialize ciph_ctx in kssl.c --- ssl/kssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/kssl.c b/ssl/kssl.c index dc54035d2f..d3c7be7581 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1983,6 +1983,7 @@ krb5_error_code kssl_check_authent( struct tm tm_time, *tm_l, *tm_g; time_t now, tl, tg, tr, tz_offset; + EVP_CIPHER_CTX_init(&ciph_ctx); *atimep = 0; kssl_err_set(kssl_err, 0, ""); From 99d5b23023a9190f3cea08713e6ec0c7640e7650 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 19 Mar 2002 09:51:31 +0000 Subject: [PATCH 106/173] Fix typo. Submitted by: Nils Larsch --- crypto/ecdsa/ecs_asn1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index b537de6600..16f49f938b 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -202,7 +202,7 @@ X9_62_CURVE *ECDSA_get_X9_62_CURVE(const ECDSA *ecdsa, X9_62_CURVE *curve) if (len1 == 0) /* => a == 0 */ { - if (!M_ASN1_OCTET_STRING_set(ret->a, char_buf, 1)) + if (!M_ASN1_OCTET_STRING_set(ret->a, &char_buf, 1)) OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) } else @@ -213,7 +213,7 @@ X9_62_CURVE *ECDSA_get_X9_62_CURVE(const ECDSA *ecdsa, X9_62_CURVE *curve) } if (len2 == 0) /* => b == 0 */ { - if (!M_ASN1_OCTET_STRING_set(ret->a, char_buf, 1)) + if (!M_ASN1_OCTET_STRING_set(ret->a, &char_buf, 1)) OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) } else From 11c26ecf810bbeb0293921b86cd75f61809947b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 19 Mar 2002 16:42:09 +0000 Subject: [PATCH 107/173] Map new X509 verification errors to alert codes (Tom Wu ). --- CHANGES | 4 ++++ ssl/s3_both.c | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index bba9929d66..722c4d8854 100644 --- a/CHANGES +++ b/CHANGES @@ -41,6 +41,10 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Map new X509 verification errors to alerts. Discovered and submitted by + Tom Wu . + [Lutz Jaenicke] + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from returning non-zero before the data has been completely received when using non-blocking I/O. diff --git a/ssl/s3_both.c b/ssl/s3_both.c index c69e8d2308..89b54b71d3 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -548,6 +548,8 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_CERT_UNTRUSTED: + case X509_V_ERR_CERT_REJECTED: al=SSL_AD_BAD_CERTIFICATE; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: @@ -569,11 +571,16 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_CERT_CHAIN_TOO_LONG: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_CA: al=SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_APPLICATION_VERIFICATION: al=SSL_AD_HANDSHAKE_FAILURE; break; + case X509_V_ERR_INVALID_PURPOSE: + al=SSL_AD_UNSUPPORTED_CERTIFICATE; + break; default: al=SSL_AD_CERTIFICATE_UNKNOWN; break; From 17d6bb815813bab443a29cfd821d876afc9ecfef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 20 Mar 2002 10:18:07 +0000 Subject: [PATCH 108/173] New function EC_GROUP_check_discriminant(). Restructure implementation of EC_GROUP_check(). Submitted by: Nils Larsch --- crypto/ec/Makefile.ssl | 11 +++- crypto/ec/ec.h | 6 +- crypto/ec/ec_check.c | 122 +++++++++++++++++++++++++++++++++++++++++ crypto/ec/ec_err.c | 3 +- crypto/ec/ec_lcl.h | 4 +- crypto/ec/ec_lib.c | 8 +-- crypto/ec/ecp_mont.c | 2 +- crypto/ec/ecp_nist.c | 2 +- crypto/ec/ecp_recp.c | 2 +- crypto/ec/ecp_smpl.c | 50 ++--------------- 10 files changed, 152 insertions(+), 58 deletions(-) create mode 100644 crypto/ec/ec_check.c diff --git a/crypto/ec/Makefile.ssl b/crypto/ec/Makefile.ssl index 002841eff2..3b5ae19512 100644 --- a/crypto/ec/Makefile.ssl +++ b/crypto/ec/Makefile.ssl @@ -24,10 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_err.c ec_curve.c + ec_err.c ec_curve.c ec_check.c LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \ - ec_err.o ec_curve.o + ec_err.o ec_curve.o ec_check.o SRC= $(LIBSRC) @@ -82,6 +82,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +ec_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_check.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_check.o: ../../include/openssl/ec.h ../../include/openssl/err.h +ec_check.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +ec_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ec_check.o: ec_check.c ec_lcl.h ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h ec_curve.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ec_curve.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index f83bacc89b..a791125369 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -127,6 +127,9 @@ int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the + * elliptic curve is not zero, 0 otherwise */ +int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); /* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp() * after choosing an appropriate EC_METHOD */ @@ -227,7 +230,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 #define EC_F_EC_GFP_MONT_FIELD_MUL 131 #define EC_F_EC_GFP_MONT_FIELD_SQR 132 -#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK 151 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 152 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 @@ -238,6 +241,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 #define EC_F_EC_GROUP_CHECK 150 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 153 #define EC_F_EC_GROUP_COPY 106 #define EC_F_EC_GROUP_GET0_GENERATOR 139 #define EC_F_EC_GROUP_GET_COFACTOR 140 diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c new file mode 100644 index 0000000000..f22c5641a8 --- /dev/null +++ b/crypto/ec/ec_check.c @@ -0,0 +1,122 @@ +/* crypto/ec/ec_check.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ec_lcl.h" +#include + +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) + { + int ret = 0; + BIGNUM *order; + BN_CTX *new_ctx = NULL; + EC_POINT *point = NULL; + + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + { + ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); + goto err; + } + } + BN_CTX_start(ctx); + if ((order = BN_CTX_get(ctx)) == NULL) goto err; + + /* check the discriminant */ + if (!EC_GROUP_check_discriminant(group, ctx)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); + goto err; + } + + /* check the generator */ + if (group->generator == NULL) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); + goto err; + } + if (!EC_POINT_is_on_curve(group, group->generator, ctx)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + + /* check the order of the generator */ + if ((point = EC_POINT_new(group)) == NULL) goto err; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; + if (BN_is_zero(order)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); + goto err; + } + + if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; + if (!EC_POINT_is_at_infinity(group, point)) + { + ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); + goto err; + } + + ret = 1; + +err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); + if (point) + EC_POINT_free(point); + return ret; + } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index e78713bd0b..efdee969ce 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -71,7 +71,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, {ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_CHECK,0), "ec_GFp_simple_group_check"}, +{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,0), "ec_GFp_simple_group_check_discriminant"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"}, @@ -82,6 +82,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_GROUP_CHECK,0), "EC_GROUP_check"}, +{ERR_PACK(0,EC_F_EC_GROUP_CHECK_DISCRIMINANT,0), "EC_GROUP_check_discriminant"}, {ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"}, {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 87feb39dea..ece0de852c 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -83,7 +83,7 @@ struct ec_method_st { int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); /* used by EC_GROUP_check: */ - int (*group_check)(const EC_GROUP *, BN_CTX *); + int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ int (*point_init)(EC_POINT *); @@ -218,7 +218,7 @@ int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator, EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *); int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); -int ec_GFp_simple_group_check(const EC_GROUP *, BN_CTX *); +int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); int ec_GFp_simple_point_init(EC_POINT *); void ec_GFp_simple_point_finish(EC_POINT *); void ec_GFp_simple_point_clear_finish(EC_POINT *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 1a6aceed82..a5153cd4bf 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -237,14 +237,14 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) } -int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { - if (group->meth->group_check == 0) + if (group->meth->group_check_discriminant == 0) { - ECerr(EC_F_EC_GROUP_CHECK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return group->meth->group_check(group, ctx); + return group->meth->group_check_discriminant(group, ctx); } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 1d02661555..bad0a13614 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -71,7 +71,7 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_group_check, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 4d92220670..4e37c33cf3 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -69,7 +69,7 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_group_check, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index b251c921ce..54d3b83ec4 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -69,7 +69,7 @@ const EC_METHOD *EC_GFp_recp_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_group_check, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 8e062dc951..911a4e4760 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -73,7 +73,7 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_group_get0_generator, ec_GFp_simple_group_get_order, ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_group_check, + ec_GFp_simple_group_check_discriminant, ec_GFp_simple_point_init, ec_GFp_simple_point_finish, ec_GFp_simple_point_clear_finish, @@ -339,20 +339,19 @@ int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN } -int ec_GFp_simple_group_check(const EC_GROUP *group, BN_CTX *ctx) +int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { int ret = 0; BIGNUM *a,*b,*order,*tmp_1,*tmp_2; const BIGNUM *p = &group->field; BN_CTX *new_ctx = NULL; - EC_POINT *point = NULL; if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); goto err; } } @@ -380,11 +379,7 @@ int ec_GFp_simple_group_check(const EC_GROUP *group, BN_CTX *ctx) * 0 =< a, b < p */ if (BN_is_zero(a)) { - if (BN_is_zero(b)) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); - goto err; - } + if (BN_is_zero(b)) goto err; } else if (!BN_is_zero(b)) { @@ -398,49 +393,14 @@ int ec_GFp_simple_group_check(const EC_GROUP *group, BN_CTX *ctx) /* tmp_2 = 27*b^2 */ if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err; - if (BN_is_zero(a)) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); - goto err; - } + if (BN_is_zero(a)) goto err; } - - /* check the generator */ - if (group->generator == NULL) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); - goto err; - } - if (!ec_GFp_simple_is_on_curve(group, group->generator, ctx)) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - - /* check the order of the generator */ - if ((point = EC_POINT_new(group)) == NULL) goto err; - if (!EC_GROUP_get_order(group, order, ctx)) goto err; - if (BN_is_zero(order)) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_UNDEFINED_ORDER); - goto err; - } - - if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; - if (!EC_POINT_is_at_infinity(group, point)) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); - goto err; - } - ret = 1; err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (point) - EC_POINT_free(point); return ret; } From 82652aaf17819c6c1ecfc50602b4b54a19c566fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 20 Mar 2002 16:04:04 +0000 Subject: [PATCH 109/173] fix DH_generate_parameters for general 'generator' --- CHANGES | 19 +++++++++++++++++++ crypto/dh/dh.h | 1 + crypto/dh/dh_err.c | 3 ++- crypto/dh/dh_gen.c | 32 ++++++++++++++++++++++++-------- crypto/dh/dhtest.c | 12 ++++++++++++ 5 files changed, 58 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 722c4d8854..67aa57833b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] + *) Add a function EC_GROUP_check_discriminant() (defined via + EC_METHOD) that verifies that the curve discriminant is non-zero. + + Add a function EC_GROUP_check() that makes some sanity tests + on a EC_GROUP, its generator and order. This includes + EC_GROUP_check_discriminant(). + [Nils Larsch ] + *) Add ECDSA in new directory crypto/ecdsa/. Add applications 'openssl ecdsaparam' and 'openssl ecdsa' @@ -41,6 +49,17 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Fix DH_generate_parameters() so that it works for 'non-standard' + generators, i.e. generators other than 2 and 5. (Previously, the + code did not properly initialise the 'add' and 'rem' values to + BN_generate_prime().) + + In the new general case, we do not insist that 'generator' is + actually a primitive root: This requirement is rather pointless; + a generator of the order-q subgroup is just as good, if not + better. + [Bodo Moeller] + *) Map new X509 verification errors to alerts. Discovered and submitted by Tom Wu . [Lutz Jaenicke] diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 15cf70de0b..05851f8429 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -198,6 +198,7 @@ void ERR_load_DH_strings(void); #define DH_F_DH_NEW_METHOD 105 /* Reason codes. */ +#define DH_R_BAD_GENERATOR 101 #define DH_R_NO_PRIVATE_VALUE 100 #ifdef __cplusplus diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 225779336c..d837950aec 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -77,6 +77,7 @@ static ERR_STRING_DATA DH_str_functs[]= static ERR_STRING_DATA DH_str_reasons[]= { +{DH_R_BAD_GENERATOR ,"bad generator"}, {DH_R_NO_PRIVATE_VALUE ,"no private value"}, {0,NULL} }; diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 7a6a38fbb4..06f78b35ab 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -82,7 +82,10 @@ * Since DH should be using a safe prime (both p and q are prime), * this generator function can take a very very long time to run. */ - +/* Actually there is no reason to insist that 'generator' be a generator. + * It's just as OK (and in some sense better) to use a generator of the + * order-q subgroup. + */ DH *DH_generate_parameters(int prime_len, int generator, void (*callback)(int,int,void *), void *cb_arg) { @@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator, t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; + if (generator <= 1) + { + DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); + goto err; + } if (generator == DH_GENERATOR_2) { - BN_set_word(t1,24); - BN_set_word(t2,11); + if (!BN_set_word(t1,24)) goto err; + if (!BN_set_word(t2,11)) goto err; g=2; } -#ifdef undef /* does not work for safe primes */ +#if 0 /* does not work for safe primes */ else if (generator == DH_GENERATOR_3) { - BN_set_word(t1,12); - BN_set_word(t2,5); + if (!BN_set_word(t1,12)) goto err; + if (!BN_set_word(t2,5)) goto err; g=3; } #endif else if (generator == DH_GENERATOR_5) { - BN_set_word(t1,10); - BN_set_word(t2,3); + if (!BN_set_word(t1,10)) goto err; + if (!BN_set_word(t2,3)) goto err; /* BN_set_word(t3,7); just have to miss * out on these ones :-( */ g=5; } else + { + /* in the general case, don't worry if 'generator' is a + * generator or not: since we are using safe primes, + * it will generate either an order-q or an order-2q group, + * which both is OK */ + if (!BN_set_word(t1,2)) goto err; + if (!BN_set_word(t2,1)) goto err; g=generator; + } p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); if (p == NULL) goto err; diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 0176436a55..34894ced73 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -117,6 +117,16 @@ int main(int argc, char *argv[]) a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); if (a == NULL) goto err; + if (!DH_check(a, &i)) goto err; + if (i & DH_CHECK_P_NOT_PRIME) + BIO_puts(out, "p value is not prime\n"); + if (i & DH_CHECK_P_NOT_SAFE_PRIME) + BIO_puts(out, "p value is not a safe prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + BIO_puts(out, "unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + BIO_puts(out, "the g value is not a generator\n"); + BIO_puts(out,"\np ="); BN_print(out,a->p); BIO_puts(out,"\ng ="); @@ -175,6 +185,8 @@ int main(int argc, char *argv[]) else ret=0; err: + ERR_print_errors_fp(stderr); + if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if(b != NULL) DH_free(b); From be3d90de02138273d054bb9d6b4381754b34676d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 21 Mar 2002 19:08:35 +0000 Subject: [PATCH 110/173] Remove superflous (and buggy) statement . --- crypto/lhash/lh_test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c index 0758d88372..85700c859b 100644 --- a/crypto/lhash/lh_test.c +++ b/crypto/lhash/lh_test.c @@ -75,7 +75,6 @@ main() buf[0]='\0'; fgets(buf,256,stdin); if (buf[0] == '\0') break; - buf[255]='\0'; i=strlen(buf); p=OPENSSL_malloc(i+1); memcpy(p,buf,i+1); From 7e58aa7d71c08929f61d24e221174ed35c210795 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 21 Mar 2002 19:16:02 +0000 Subject: [PATCH 111/173] Fix buggy if-condition (thomas poindessous ). --- demos/maurice/example1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c index da2c6d31c5..1ef8299900 100644 --- a/demos/maurice/example1.c +++ b/demos/maurice/example1.c @@ -72,7 +72,7 @@ void main_encrypt(void) pubKey[0] = ReadPublicKey(PUBFILE); - if(!pubKey) + if(!pubKey[0]) { fprintf(stderr,"Error: can't load public key"); exit(1); From 125cc35b59597c7613cc1a0e8d396e7e86808cb0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Mar 2002 02:42:57 +0000 Subject: [PATCH 112/173] Merge in DES changed from 0.9.7-stable. --- apps/passwd.c | 4 ++-- apps/speed.c | 12 ++++++------ apps/version.c | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/passwd.c b/apps/passwd.c index 2023b76f5b..ad8e7b0349 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -16,7 +16,7 @@ #include #include #ifndef OPENSSL_NO_DES -# include +# include #endif #ifndef NO_MD5CRYPT_1 # include @@ -482,7 +482,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, /* now compute password hash */ #ifndef OPENSSL_NO_DES if (usecrypt) - hash = des_crypt(passwd, *salt_p); + hash = DES_crypt(passwd, *salt_p); #endif #ifndef NO_MD5CRYPT_1 if (use1 || useapr1) diff --git a/apps/speed.c b/apps/speed.c index 8b837e9964..fea0ffe2cf 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -131,7 +131,7 @@ #endif #ifndef OPENSSL_NO_DES -#include +#include #endif #ifndef OPENSSL_NO_AES #include @@ -439,9 +439,9 @@ int MAIN(int argc, char **argv) unsigned char iv[MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES DES_cblock *buf_as_des_cblock = NULL; - static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; + static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; + static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; DES_key_schedule sch; DES_key_schedule sch2; DES_key_schedule sch3; @@ -532,7 +532,7 @@ int MAIN(int argc, char **argv) goto end; } #ifndef OPENSSL_NO_DES - buf_as_des_cblock = (des_cblock *)buf; + buf_as_des_cblock = (DES_cblock *)buf; #endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { @@ -1603,7 +1603,7 @@ show_res: printf("%s ",RC4_options()); #endif #ifndef OPENSSL_NO_DES - printf("%s ",des_options()); + printf("%s ",DES_options()); #endif #ifndef OPENSSL_NO_AES printf("%s ",AES_options()); diff --git a/apps/version.c b/apps/version.c index 6baf679b77..0cbcb47f88 100644 --- a/apps/version.c +++ b/apps/version.c @@ -122,7 +122,7 @@ # include #endif #ifndef OPENSSL_NO_DES -# include +# include #endif #ifndef OPENSSL_NO_IDEA # include @@ -186,7 +186,7 @@ int MAIN(int argc, char **argv) printf("%s ",RC4_options()); #endif #ifndef OPENSSL_NO_DES - printf("%s ",des_options()); + printf("%s ",DES_options()); #endif #ifndef OPENSSL_NO_IDEA printf("%s ",idea_options()); From 2e63f3b733f383aacd21edbda778c56cf853da81 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Mar 2002 02:49:46 +0000 Subject: [PATCH 113/173] Merge in DES changed from 0.9.7-stable. --- crypto/des/des_old.c | 1 + crypto/des/des_old.h | 43 +++++++++++++------ crypto/des/destest.c | 99 +++++++++++++++++++++----------------------- 3 files changed, 79 insertions(+), 64 deletions(-) diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index e1c82da9b4..3cf9c9c8a2 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -72,6 +72,7 @@ * */ +#define OPENSSL_DES_LIBDES_COMPATIBILITY #include #include #include diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 1eb25bd3e6..80e0167b73 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -3,13 +3,29 @@ /* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * The function names in here are deprecated and are only present to - * provide an interface compatible with libdes. OpenSSL now provides - * functions where "des_" has been replaced with "DES_" in the names, - * to make it possible to make incompatible changes that are needed - * for C type security and other stuff. + * provide an interface compatible with openssl 0.9.6 and older as + * well as libdes. OpenSSL now provides functions where "des_" has + * been replaced with "DES_" in the names, to make it possible to + * make incompatible changes that are needed for C type security and + * other stuff. + * + * This include files has two compatibility modes: + * + * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API + * that is compatible with libdes and SSLeay. + * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an + * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. + * + * Note that these modes break earlier snapshots of OpenSSL, where + * libdes compatibility was the only available mode or (later on) the + * prefered compatibility mode. However, after much consideration + * (and more or less violent discussions with external parties), it + * was concluded that OpenSSL should be compatible with earlier versions + * of itself before anything else. Also, in all honesty, libdes is + * an old beast that shouldn't really be used any more. * * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will dissapear completely before + * des_ ones. The des_ functions will disappear completely before * OpenSSL 1.0! * * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING @@ -19,7 +35,7 @@ * project 2001. */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -107,15 +123,16 @@ typedef struct _ossl_old_des_ks_struct } ks; } _ossl_old_des_key_schedule[16]; -#ifdef OPENSSL_DES_PRE_0_9_7_COMPATIBILITY +#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY #define des_cblock DES_cblock +#define const_des_cblock const_DES_cblock #define des_key_schedule DES_key_schedule #define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ DES_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) #define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) #define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) #define des_options()\ @@ -128,8 +145,8 @@ typedef struct _ossl_old_des_ks_struct DES_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) #define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ DES_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -#define des_cfb_encrypt(i,o,l,k,iv,e)\ - DES_cfb_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ + DES_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) #define des_ecb_encrypt(i,o,k,e)\ DES_ecb_encrypt((i),(o),(k),(e)) #define des_encrypt(d,k,e)\ @@ -206,7 +223,7 @@ typedef struct _ossl_old_des_ks_struct #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) #define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) + _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) #define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) #define des_options()\ @@ -219,8 +236,8 @@ typedef struct _ossl_old_des_ks_struct _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) #define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -#define des_cfb_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_cfb_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ + _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) #define des_ecb_encrypt(i,o,k,e)\ _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) #define des_encrypt(d,k,e)\ diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 88fe32a622..79f9a4e8e4 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -83,11 +83,8 @@ int main(int argc, char *argv[]) } #else #include -#include -#if defined(PERL5) || defined(__FreeBSD__) -#define crypt(c,s) (DES_crypt((c),(s))) -#endif +#define crypt(c,s) (des_crypt((c),(s))) /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ @@ -333,8 +330,8 @@ static int ede_cfb64_test(unsigned char *cfb_cipher); int main(int argc, char *argv[]) { int i,j,err=0; - DES_cblock in,out,outin,iv3,iv2; - DES_key_schedule ks,ks2,ks3; + des_cblock in,out,outin,iv3,iv2; + des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; @@ -381,7 +378,7 @@ int main(int argc, char *argv[]) /* if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { - printf("DES_ede3_cbc_encrypt encrypt error\n"); + printf("des_ede3_cbc_encrypt encrypt error\n"); err=1; } */ @@ -392,7 +389,7 @@ int main(int argc, char *argv[]) { int n; - printf("DES_ede3_cbcm_encrypt decrypt error\n"); + printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_data[n]); printf("\n"); @@ -410,8 +407,8 @@ int main(int argc, char *argv[]) memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); - DES_ecb_encrypt(&in,&out,&ks,DES_ENCRYPT); - DES_ecb_encrypt(&out,&outin,&ks,DES_DECRYPT); + des_ecb_encrypt(&in,&out,&ks,DES_ENCRYPT); + des_ecb_encrypt(&out,&outin,&ks,DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { @@ -438,8 +435,8 @@ int main(int argc, char *argv[]) memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); - DES_ecb2_encrypt(&in,&out,&ks,&ks2,DES_ENCRYPT); - DES_ecb2_encrypt(&out,&outin,&ks,&ks2,DES_DECRYPT); + des_ecb2_encrypt(&in,&out,&ks,&ks2,DES_ENCRYPT); + des_ecb2_encrypt(&out,&outin,&ks,&ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { @@ -466,7 +463,7 @@ int main(int argc, char *argv[]) memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - DES_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, + des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) { @@ -475,7 +472,7 @@ int main(int argc, char *argv[]) } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - DES_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks, + des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) { @@ -493,19 +490,19 @@ int main(int argc, char *argv[]) memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - DES_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, + des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { - printf("DES_xcbc_encrypt encrypt error\n"); + printf("des_xcbc_encrypt encrypt error\n"); err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - DES_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks, + des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - printf("DES_xcbc_encrypt decrypt error\n"); + printf("des_xcbc_encrypt decrypt error\n"); err=1; } #endif @@ -532,16 +529,16 @@ int main(int argc, char *argv[]) /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - DES_ede3_cbc_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3, + des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3, DES_ENCRYPT); - DES_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,&ks,&ks2,&ks3, + des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,&ks,&ks2,&ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { int n; - printf("DES_ede3_cbc_encrypt encrypt error\n"); + printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_out[n]); printf("\n"); @@ -552,12 +549,12 @@ int main(int argc, char *argv[]) } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - DES_ede3_cbc_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,DES_DECRYPT); + des_ede3_cbc_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; - printf("DES_ede3_cbc_encrypt decrypt error\n"); + printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) printf(" %02x",cbc_data[n]); printf("\n"); @@ -576,14 +573,14 @@ int main(int argc, char *argv[]) } memset(cbc_out,0,40); memset(cbc_in,0,40); - DES_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, + des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, &cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } - DES_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,&cbc_iv, + des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,&cbc_iv, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { @@ -608,7 +605,7 @@ int main(int argc, char *argv[]) memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i Date: Fri, 22 Mar 2002 10:32:23 +0000 Subject: [PATCH 114/173] Merge changes from 0.9.7-stable --- crypto/des/des_old.h | 58 ++++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 23 deletions(-) diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 80e0167b73..75a346275a 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -128,49 +128,55 @@ typedef struct _ossl_old_des_ks_struct #define const_des_cblock const_DES_cblock #define des_key_schedule DES_key_schedule #define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - DES_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) + DES_ecb3_encrypt((i),(o),(&k1),(&k2),(&k3),(e)) #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) + DES_ede3_cbc_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv),(e)) +#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ + DES_ede3_cbcm_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv1),(iv2),(e)) #define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) + DES_ede3_cfb64_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv),(n),(e)) #define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) + DES_ede3_ofb64_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv),(n)) #define des_options()\ DES_options() #define des_cbc_cksum(i,o,l,k,iv)\ - DES_cbc_cksum((i),(o),(l),(k),(iv)) + DES_cbc_cksum((i),(o),(l),(&k),(iv)) #define des_cbc_encrypt(i,o,l,k,iv,e)\ - DES_cbc_encrypt((i),(o),(l),(k),(iv),(e)) + DES_cbc_encrypt((i),(o),(l),(&k),(iv),(e)) #define des_ncbc_encrypt(i,o,l,k,iv,e)\ - DES_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) + DES_ncbc_encrypt((i),(o),(l),(&k),(iv),(e)) #define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - DES_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) + DES_xcbc_encrypt((i),(o),(l),(&k),(iv),(inw),(outw),(e)) #define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - DES_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) + DES_cfb_encrypt((i),(o),(n),(l),(&k),(iv),(e)) #define des_ecb_encrypt(i,o,k,e)\ - DES_ecb_encrypt((i),(o),(k),(e)) -#define des_encrypt(d,k,e)\ - DES_encrypt((d),(k),(e)) + DES_ecb_encrypt((i),(o),(&k),(e)) +#define des_encrypt1(d,k,e)\ + DES_encrypt1((d),(&k),(e)) #define des_encrypt2(d,k,e)\ - DES_encrypt2((d),(k),(e)) + DES_encrypt2((d),(&k),(e)) #define des_encrypt3(d,k1,k2,k3)\ - DES_encrypt3((d),(k1),(k2),(k3)) + DES_encrypt3((d),(&k1),(&k2),(&k3)) #define des_decrypt3(d,k1,k2,k3)\ - DES_decrypt3((d),(k1),(k2),(k3)) + DES_decrypt3((d),(&k1),(&k2),(&k3)) #define des_xwhite_in2out(k,i,o)\ DES_xwhite_in2out((k),(i),(o)) #define des_enc_read(f,b,l,k,iv)\ - DES_enc_read((f),(b),(l),(k),(iv)) + DES_enc_read((f),(b),(l),(&k),(iv)) #define des_enc_write(f,b,l,k,iv)\ - DES_enc_write((f),(b),(l),(k),(iv)) + DES_enc_write((f),(b),(l),(&k),(iv)) #define des_fcrypt(b,s,r)\ DES_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ DES_crypt((b),(s)) +#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) +#define crypt(b,s)\ + DES_crypt((b),(s)) +#endif #define des_ofb_encrypt(i,o,n,l,k,iv)\ - DES_ofb_encrypt((i),(o),(n),(l),(k),(iv)) + DES_ofb_encrypt((i),(o),(n),(l),(&k),(iv)) #define des_pcbc_encrypt(i,o,l,k,iv,e)\ - DES_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) + DES_pcbc_encrypt((i),(o),(l),(&k),(iv),(e)) #define des_quad_cksum(i,o,l,c,s)\ DES_quad_cksum((i),(o),(l),(c),(s)) #define des_random_seed(k)\ @@ -183,20 +189,26 @@ typedef struct _ossl_old_des_ks_struct DES_read_2passwords((k1),(k2),(p),(v)) #define des_set_odd_parity(k)\ DES_set_odd_parity((k)) +#define des_check_key_parity(k)\ + DES_check_key_parity((k)) #define des_is_weak_key(k)\ DES_is_weak_key((k)) #define des_set_key(k,ks)\ - DES_set_key((k),(ks)) + DES_set_key((k),(&ks)) #define des_key_sched(k,ks)\ - DES_key_sched((k),(ks)) + DES_key_sched((k),(&ks)) +#define des_set_key_checked(k,ks)\ + DES_set_key_checked((k),(&ks)) +#define des_set_key_unchecked(k,ks)\ + DES_set_key_unchecked((k),(&ks)) #define des_string_to_key(s,k)\ DES_string_to_key((s),(k)) #define des_string_to_2keys(s,k1,k2)\ DES_string_to_2keys((s),(k1),(k2)) #define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - DES_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) + DES_cfb64_encrypt((i),(o),(l),(&ks),(iv),(n),(e)) #define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - DES_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) + DES_ofb64_encrypt((i),(o),(l),(&ks),(iv),(n)) #define des_ecb2_encrypt(i,o,k1,k2,e) \ From fe0f6623106c5c3337804226ede34c18e56b8b89 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Mar 2002 10:51:41 +0000 Subject: [PATCH 115/173] Merge changes from 0.9.7-stable --- crypto/des/destest.c | 72 +++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 79f9a4e8e4..58e8c35dcb 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -84,7 +84,9 @@ int main(int argc, char *argv[]) #else #include +#if defined(PERL5) || defined(__FreeBSD__) || defined(NeXT) #define crypt(c,s) (des_crypt((c),(s))) +#endif /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ @@ -407,8 +409,8 @@ int main(int argc, char *argv[]) memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); - des_ecb_encrypt(&in,&out,&ks,DES_ENCRYPT); - des_ecb_encrypt(&out,&outin,&ks,DES_DECRYPT); + des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT); + des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT); if (memcmp(out,cipher_data[i],8) != 0) { @@ -435,8 +437,8 @@ int main(int argc, char *argv[]) memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); - des_ecb2_encrypt(&in,&out,&ks,&ks2,DES_ENCRYPT); - des_ecb2_encrypt(&out,&outin,&ks,&ks2,DES_DECRYPT); + des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); + des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { @@ -463,7 +465,7 @@ int main(int argc, char *argv[]) memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, + des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) { @@ -472,7 +474,7 @@ int main(int argc, char *argv[]) } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks, + des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) { @@ -490,7 +492,7 @@ int main(int argc, char *argv[]) memset(cbc_out,0,40); memset(cbc_in,0,40); memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, + des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out,xcbc_ok,32) != 0) { @@ -498,7 +500,7 @@ int main(int argc, char *argv[]) err=1; } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks, + des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks, &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { @@ -529,9 +531,9 @@ int main(int argc, char *argv[]) /* i=((i+7)/8)*8; */ memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3, + des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3, DES_ENCRYPT); - des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,&ks,&ks2,&ks3, + des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3, &iv3,DES_ENCRYPT); if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) @@ -549,7 +551,7 @@ int main(int argc, char *argv[]) } memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - des_ede3_cbc_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,DES_DECRYPT); + des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { int n; @@ -573,14 +575,14 @@ int main(int argc, char *argv[]) } memset(cbc_out,0,40); memset(cbc_in,0,40); - des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks, + des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks, &cbc_iv,DES_ENCRYPT); if (memcmp(cbc_out,pcbc_ok,32) != 0) { printf("pcbc_encrypt encrypt error\n"); err=1; } - des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,&cbc_iv, + des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv, DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { @@ -606,7 +608,7 @@ int main(int argc, char *argv[]) memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); for (i=0; i Date: Fri, 22 Mar 2002 11:02:13 +0000 Subject: [PATCH 116/173] fix conditational compilation for OPENSSL_NO_... --- crypto/engine/hw_sureware.c | 65 ++++++++++++++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/crypto/engine/hw_sureware.c b/crypto/engine/hw_sureware.c index 8ef473c8d3..be1414fe12 100644 --- a/crypto/engine/hw_sureware.c +++ b/crypto/engine/hw_sureware.c @@ -101,6 +101,7 @@ static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int index_,long argl, void *argp); #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) @@ -125,6 +126,9 @@ static RSA_METHOD surewarehk_rsa = NULL, /* OpenSSL sign*/ NULL /* OpenSSL verify*/ }; +#endif + +#ifndef OPENSSL_NO_DH /* Our internal DH_METHOD that we provide pointers to */ /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, @@ -132,6 +136,7 @@ static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, { return surewarehk_modexp(r, a, p, m, ctx); } + static DH_METHOD surewarehk_dh = { "SureWare DH method", @@ -143,6 +148,8 @@ static DH_METHOD surewarehk_dh = 0, /* flags*/ NULL }; +#endif + static RAND_METHOD surewarehk_rand = { /* "SureWare RAND method", */ @@ -153,6 +160,8 @@ static RAND_METHOD surewarehk_rand = surewarehk_rand_bytes, NULL,/*rand_status*/ }; + +#ifndef OPENSSL_NO_DSA /* DSA stuff */ static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, @@ -187,6 +196,7 @@ static DSA_METHOD surewarehk_dsa = 0, NULL, }; +#endif static const char *engine_sureware_id = "sureware"; static const char *engine_sureware_name = "SureWare hardware engine support"; @@ -197,9 +207,15 @@ static const char *engine_sureware_name = "SureWare hardware engine support"; * (indeed - the lock will already be held by our caller!!!) */ static int bind_sureware(ENGINE *e) { +#ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DSA const DSA_METHOD *meth2; +#endif +#ifndef OPENSSL_NO_DH const DH_METHOD *meth3; +#endif if(!ENGINE_set_id(e, engine_sureware_id) || !ENGINE_set_name(e, engine_sureware_name) || @@ -221,6 +237,7 @@ static int bind_sureware(ENGINE *e) !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) return 0; +#ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or @@ -234,6 +251,9 @@ static int bind_sureware(ENGINE *e) surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; } +#endif + +#ifndef OPENSSL_NO_DSA /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish * bits. */ meth2 = DSA_OpenSSL(); @@ -241,6 +261,9 @@ static int bind_sureware(ENGINE *e) { surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; } +#endif + +#ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); if (meth3) @@ -248,6 +271,7 @@ static int bind_sureware(ENGINE *e) surewarehk_dh.generate_key = meth3->generate_key; surewarehk_dh.compute_key = meth3->compute_key; } +#endif /* Ensure the sureware error handling is set up */ ERR_load_SUREWARE_strings(); @@ -296,8 +320,12 @@ void ENGINE_load_sureware(void) * operating with global locks, so this should be thread-safe * implicitly. */ static DSO *surewarehk_dso = NULL; +#ifndef OPENSSL_NO_RSA static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +#endif +#ifndef OPENSSL_NO_DSA static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +#endif /* These are the function pointers that are (un)set when the library has * successfully (un)loaded. */ @@ -466,14 +494,19 @@ static int surewarehk_init(ENGINE *e) surewarehk_load_privkey(e,NULL,NULL,NULL); /* Everything's fine. */ +#ifndef OPENSSL_NO_RSA if (rsaHndidx == -1) rsaHndidx = RSA_get_ex_new_index(0, "SureWareHook RSA key handle", NULL, NULL, surewarehk_ex_free); +#endif +#ifndef OPENSSL_NO_DSA if (dsaHndidx == -1) dsaHndidx = DSA_get_ex_new_index(0, "SureWareHook DSA key handle", NULL, NULL, surewarehk_ex_free); +#endif + return 1; err: if(surewarehk_dso) @@ -530,6 +563,7 @@ static int surewarehk_finish(ENGINE *e) p_surewarehk_Mod_Exp = NULL; return to_return; } + static void surewarehk_error_handling(char *const msg,int func,int ret) { switch (ret) @@ -563,6 +597,7 @@ static void surewarehk_error_handling(char *const msg,int func,int ret) } } } + static int surewarehk_rand_bytes(unsigned char *buf, int num) { int ret=0; @@ -593,15 +628,21 @@ static void surewarehk_rand_seed(const void *buf, int num) surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret); } } + static void surewarehk_rand_add(const void *buf, int num, double entropy) { surewarehk_rand_seed(buf,num); } + static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype) { EVP_PKEY *res = NULL; +#ifndef OPENSSL_NO_RSA RSA *rsatmp = NULL; +#endif +#ifndef OPENSSL_NO_DSA DSA *dsatmp=NULL; +#endif char msg[64]="sureware_load_public"; int ret=0; if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) @@ -611,6 +652,7 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un } switch (keytype) { +#ifndef OPENSSL_NO_RSA case 1: /*RSA*/ /* set private external reference */ rsatmp = RSA_new_method(e); @@ -641,6 +683,9 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un res = EVP_PKEY_new(); EVP_PKEY_assign_RSA(res, rsatmp); break; +#endif + +#ifndef OPENSSL_NO_DSA case 2:/*DSA*/ /* set private/public external reference */ dsatmp = DSA_new_method(e); @@ -688,6 +733,8 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un res = EVP_PKEY_new(); EVP_PKEY_assign_DSA(res, dsatmp); break; +#endif + default: SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY); goto err; @@ -696,12 +743,17 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un err: if (res) EVP_PKEY_free(res); +#ifndef OPENSSL_NO_RSA if (rsatmp) RSA_free(rsatmp); +#endif +#ifndef OPENSSL_NO_DSA if (dsatmp) DSA_free(dsatmp); +#endif return NULL; } + static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data) { @@ -729,6 +781,7 @@ static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, } return res; } + static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data) { @@ -770,6 +823,7 @@ static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, else p_surewarehk_Free((char *)item,0); } + #if 0 /* not currently used (bug?) */ /* This cleans up an DH KM key (destroys the key into hardware), @@ -785,9 +839,11 @@ static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, p_surewarehk_Free((char *)item,1); } #endif + /* * return number of decrypted bytes */ +#ifndef OPENSSL_NO_RSA static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding) { @@ -829,7 +885,7 @@ static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned c memcpy(buf,to,tlen);/* transfert to into buf */ switch (padding) /* check padding in software */ { -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0); break; @@ -855,6 +911,7 @@ err: } return ret; } + /* * Does what OpenSSL rsa_priv_enc does. */ @@ -888,6 +945,10 @@ static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char } return ret==1 ? tlen : ret; } + +#endif + +#ifndef OPENSSL_NO_DSA /* DSA sign and verify */ static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa) { @@ -934,6 +995,8 @@ err: } return psign; } +#endif + static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { From 1afa967909285e9349e019453a93419e5e70ebed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 25 Mar 2002 17:12:24 +0000 Subject: [PATCH 117/173] Fix typo (Craig Davison ). --- INSTALL.W32 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 633ebd7c65..0d71a46bdf 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -81,7 +81,7 @@ There are various changes you can make to the Win32 compile environment. By default the library is not compiled with debugging symbols. If you add 'debug' - to the mk1mk.pl lines in the do_* batch file then debugging symbols will be + to the mk1mf.pl lines in the do_* batch file then debugging symbols will be compiled in. The default Win32 environment is to leave out any Windows NT specific From d5c21afd4b0bcdb5da85bca74e6ea3e9ca00ac47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 25 Mar 2002 23:15:21 +0000 Subject: [PATCH 118/173] add missing declaration Submitted by: Nils Larsch --- crypto/bn/bn_lcl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 73792f1220..8a4dba375a 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -428,6 +428,8 @@ void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, BN_ULONG *t); void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, BN_ULONG *t); +BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl); BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); From e8e7fbdb16b9d01f5a173eab9d1b9ec37c7ff51e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 25 Mar 2002 23:18:11 +0000 Subject: [PATCH 119/173] fix memory leak Submitted by: Nils Larsch --- crypto/engine/enginetest.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c index 598cb31a6f..87fa8c57b7 100644 --- a/crypto/engine/enginetest.c +++ b/crypto/engine/enginetest.c @@ -79,6 +79,9 @@ static void display_engine_list() h = ENGINE_get_next(h); } printf("end of list\n"); + /* ENGINE_get_first() increases the struct_ref counter, so we + must call ENGINE_free() to decrease it again */ + ENGINE_free(h); } int main(int argc, char *argv[]) @@ -94,6 +97,18 @@ int main(int argc, char *argv[]) ENGINE *new_h3 = NULL; ENGINE *new_h4 = NULL; + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) + { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } + else + { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); memset(block, 0, 512 * sizeof(ENGINE *)); @@ -127,6 +142,8 @@ int main(int argc, char *argv[]) printf("Remove failed!\n"); goto end; } + if (ptr) + ENGINE_free(ptr); display_engine_list(); if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) { @@ -181,6 +198,8 @@ int main(int argc, char *argv[]) if(!ENGINE_remove(ptr)) printf("Remove failed!i - probably no hardware " "support present.\n"); + if (ptr) + ENGINE_free(ptr); display_engine_list(); if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) { @@ -226,6 +245,7 @@ cleanup_loop: printf("\nRemove failed!\n"); goto end; } + ENGINE_free(ptr); printf("."); fflush(stdout); } for(loop = 0; loop < 512; loop++) @@ -245,5 +265,10 @@ end: for(loop = 0; loop < 512; loop++) if(block[loop]) ENGINE_free(block[loop]); + ENGINE_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + ERR_remove_state(0); + CRYPTO_mem_leaks_fp(stderr); return to_return; } From af1cb47e65499c23f2dc152d6b26a55e11d5af2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 25 Mar 2002 23:41:32 +0000 Subject: [PATCH 120/173] fix warnings Submitted by: Nils Larsch --- crypto/ecdsa/ecdsa.h | 5 ++-- crypto/ecdsa/ecs_asn1.c | 11 ++++++++ crypto/ecdsa/ecs_gen.c | 58 +++-------------------------------------- 3 files changed, 17 insertions(+), 57 deletions(-) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index cdd6254883..5250e15fee 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -134,10 +134,10 @@ int ECDSA_check_key(ECDSA *ecdsa); const ECDSA_METHOD *ECDSA_OpenSSL(void); void ECDSA_set_default_method(const ECDSA_METHOD *); -const ECDSA_METHOD *ECDSA_get_default_openssl_method(void); +const ECDSA_METHOD *ECDSA_get_default_method(void); int ECDSA_set_method(ECDSA *, const ECDSA_METHOD *); -ECDSA *ECDSA_new(); +ECDSA *ECDSA_new(void); ECDSA *ECDSA_new_method(ENGINE *engine); int ECDSA_size(const ECDSA *); int ECDSA_sign_setup(ECDSA *ecdsa, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); @@ -190,6 +190,7 @@ int i2d_ECDSAPublicKey(ECDSA *a, unsigned char **out); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_ECDSA_strings(void); /* Error codes for the ECDSA functions. */ diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 16f49f938b..8c47a14da6 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -73,6 +73,8 @@ ASN1_SEQUENCE(X9_62_FIELDID) = { ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY) } ASN1_SEQUENCE_END(X9_62_FIELDID) +DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID) IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID) ASN1_SEQUENCE(X9_62_CURVE) = { @@ -81,6 +83,8 @@ ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(X9_62_CURVE) +DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE) IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE) ASN1_SEQUENCE(X9_62_EC_PARAMETERS) = { @@ -92,6 +96,8 @@ ASN1_SEQUENCE(X9_62_EC_PARAMETERS) = { ASN1_SIMPLE(X9_62_EC_PARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(X9_62_EC_PARAMETERS) +DECLARE_ASN1_FUNCTIONS_const(X9_62_EC_PARAMETERS) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_EC_PARAMETERS, X9_62_EC_PARAMETERS) IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_EC_PARAMETERS) ASN1_CHOICE(EC_PARAMETERS) = { @@ -100,6 +106,8 @@ ASN1_CHOICE(EC_PARAMETERS) = { ASN1_SIMPLE(EC_PARAMETERS, value.implicitlyCA, ASN1_NULL) } ASN1_CHOICE_END(EC_PARAMETERS) +DECLARE_ASN1_FUNCTIONS_const(EC_PARAMETERS) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PARAMETERS, EC_PARAMETERS) IMPLEMENT_ASN1_FUNCTIONS_const(EC_PARAMETERS) ASN1_SEQUENCE(ECDSAPrivateKey) = { @@ -109,6 +117,8 @@ ASN1_SEQUENCE(ECDSAPrivateKey) = { ASN1_SIMPLE(ECDSAPrivateKey, priv_key, BIGNUM) } ASN1_SEQUENCE_END(ECDSAPrivateKey) +DECLARE_ASN1_FUNCTIONS_const(ECDSAPrivateKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPrivateKey) IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(ECDSAPrivateKey, ECDSAPrivateKey, ECDSAPrivateKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPrivateKey, ecdsaPrivateKey) @@ -122,6 +132,7 @@ ASN1_CHOICE(ECDSAPublicKey) = { ASN1_EX_COMBINE(0, 0, ecdsa_pub_internal) } ASN1_CHOICE_END_selector(ECDSAPrivateKey, ECDSAPublicKey, write_params) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPublicKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPublicKey, ecdsaPublicKey) diff --git a/crypto/ecdsa/ecs_gen.c b/crypto/ecdsa/ecs_gen.c index 0e2ade7694..a21cd69406 100644 --- a/crypto/ecdsa/ecs_gen.c +++ b/crypto/ecdsa/ecs_gen.c @@ -52,62 +52,9 @@ * Hudson (tjh@cryptsoft.com). * */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] +/* TODO: implementation of ecdsa parameter generation */ +#if 0 #include #include #include "cryptlib.h" @@ -131,3 +78,4 @@ ECDSA *ECDSA_generate_parameters(int bits, #ifdef __cplusplus } #endif +#endif From 003144a8e8ed5c6c4aaee6e227773bb3d6bc0f9d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 26 Mar 2002 12:44:35 +0000 Subject: [PATCH 121/173] Make the change to strong keys in the string to key(s) functions experimental in the main trunk as well --- crypto/des/str2key.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index 70f1d83e07..36c3f81d99 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -86,9 +86,13 @@ void DES_string_to_key(const char *str, DES_cblock *key) } #endif DES_set_odd_parity(key); +#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY if(DES_is_weak_key(key)) (*key)[7] ^= 0xF0; DES_set_key(key,&ks); +#else + DES_set_key_unchecked(key,&ks); +#endif DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); memset(&ks,0,sizeof(ks)); DES_set_odd_parity(key); @@ -147,13 +151,21 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) #endif DES_set_odd_parity(key1); DES_set_odd_parity(key2); +#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY if(DES_is_weak_key(key1)) (*key1)[7] ^= 0xF0; DES_set_key(key1,&ks); +#else + DES_set_key_unchecked(key1,&ks); +#endif DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1); +#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY if(DES_is_weak_key(key2)) (*key2)[7] ^= 0xF0; DES_set_key(key2,&ks); +#else + DES_set_key_unchecked(key2,&ks); +#endif DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); memset(&ks,0,sizeof(ks)); DES_set_odd_parity(key1); From c7b41e67f0d7cccb4a88c7f19b76043f96232eee Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 26 Mar 2002 13:54:15 +0000 Subject: [PATCH 122/173] Correct the mapping for des_read_pw() --- crypto/ui/ui_compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ui/ui_compat.h b/crypto/ui/ui_compat.h index f33023718a..b35c9bb7fd 100644 --- a/crypto/ui/ui_compat.h +++ b/crypto/ui/ui_compat.h @@ -72,7 +72,7 @@ extern "C" { #define des_read_pw_string(b,l,p,v) \ _ossl_old_des_read_pw_string((b),(l),(p),(v)) #define des_read_pw(b,bf,s,p,v) \ - _ossl_old_des_read_pw_string((b),(bf),(s),(p),(v)) + _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify); int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); From 401cd0af0f0bb97912a7f0f90c96e8e73fcb4681 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 26 Mar 2002 13:59:22 +0000 Subject: [PATCH 123/173] Add the mapping of des_random_seed() for 0.9.6 compatibility. Make sure DES_cblock is defined at all times (meaning one shouldn't include openssl/des_old.h directly any more). --- crypto/crypto-lib.com | 2 +- crypto/des/Makefile.ssl | 5 ++-- crypto/des/des.h | 8 +++--- crypto/des/des_old.c | 1 - crypto/des/des_old.h | 58 +++++++++++++++++++++++------------------ 5 files changed, 40 insertions(+), 34 deletions(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 6edf5c2532..ca0247be00 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -188,7 +188,7 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - "des_enc,fcrypt_b,"+ - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ - - "ede_cbcm_enc,des_old,read2pwd" + "ede_cbcm_enc,des_old,des_old2,read2pwd" $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" $ LIB_RC4 = "rc4_skey,rc4_enc" $ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64" diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index df2b5d4435..c92a0f3db5 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -34,7 +34,8 @@ LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ des_enc.c fcrypt_b.c \ xcbc_enc.c \ - str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c read2pwd.c + str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ + read2pwd.c LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ @@ -42,7 +43,7 @@ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ ${DES_ENC} \ fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \ - ede_cbcm_enc.o des_old.o read2pwd.o + ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o SRC= $(LIBSRC) diff --git a/crypto/des/des.h b/crypto/des/des.h index 6e4cdbd904..a36a8e68a4 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -66,10 +66,6 @@ #include /* DES_LONG */ #include /* OPENSSL_EXTERN */ -#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT -# include -#endif - #ifdef OPENSSL_BUILD_SHLIBCRYPTO # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT @@ -95,6 +91,10 @@ typedef struct DES_ks } ks[16]; } DES_key_schedule; +#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT +# include +#endif + #define DES_KEY_SZ (sizeof(DES_cblock)) #define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index 3cf9c9c8a2..7e4cd7180d 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -73,7 +73,6 @@ */ #define OPENSSL_DES_LIBDES_COMPATIBILITY -#include #include #include diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 75a346275a..3778f93c15 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -95,6 +95,10 @@ #error DES is disabled. #endif +#ifndef HEADER_DES_H +#error You must include des.h, not des_old.h directly. +#endif + #ifdef _KERBEROS_DES_H #error replaces . #endif @@ -128,43 +132,43 @@ typedef struct _ossl_old_des_ks_struct #define const_des_cblock const_DES_cblock #define des_key_schedule DES_key_schedule #define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - DES_ecb3_encrypt((i),(o),(&k1),(&k2),(&k3),(e)) + DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - DES_ede3_cbc_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv),(e)) + DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) #define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ - DES_ede3_cbcm_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv1),(iv2),(e)) + DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) #define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - DES_ede3_cfb64_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv),(n),(e)) + DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) #define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - DES_ede3_ofb64_encrypt((i),(o),(l),(&k1),(&k2),(&k3),(iv),(n)) + DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) #define des_options()\ DES_options() #define des_cbc_cksum(i,o,l,k,iv)\ - DES_cbc_cksum((i),(o),(l),(&k),(iv)) + DES_cbc_cksum((i),(o),(l),&(k),(iv)) #define des_cbc_encrypt(i,o,l,k,iv,e)\ - DES_cbc_encrypt((i),(o),(l),(&k),(iv),(e)) + DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) #define des_ncbc_encrypt(i,o,l,k,iv,e)\ - DES_ncbc_encrypt((i),(o),(l),(&k),(iv),(e)) + DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) #define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - DES_xcbc_encrypt((i),(o),(l),(&k),(iv),(inw),(outw),(e)) + DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) #define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - DES_cfb_encrypt((i),(o),(n),(l),(&k),(iv),(e)) + DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) #define des_ecb_encrypt(i,o,k,e)\ - DES_ecb_encrypt((i),(o),(&k),(e)) + DES_ecb_encrypt((i),(o),&(k),(e)) #define des_encrypt1(d,k,e)\ - DES_encrypt1((d),(&k),(e)) + DES_encrypt1((d),&(k),(e)) #define des_encrypt2(d,k,e)\ - DES_encrypt2((d),(&k),(e)) + DES_encrypt2((d),&(k),(e)) #define des_encrypt3(d,k1,k2,k3)\ - DES_encrypt3((d),(&k1),(&k2),(&k3)) + DES_encrypt3((d),&(k1),&(k2),&(k3)) #define des_decrypt3(d,k1,k2,k3)\ - DES_decrypt3((d),(&k1),(&k2),(&k3)) + DES_decrypt3((d),&(k1),&(k2),&(k3)) #define des_xwhite_in2out(k,i,o)\ DES_xwhite_in2out((k),(i),(o)) #define des_enc_read(f,b,l,k,iv)\ - DES_enc_read((f),(b),(l),(&k),(iv)) + DES_enc_read((f),(b),(l),&(k),(iv)) #define des_enc_write(f,b,l,k,iv)\ - DES_enc_write((f),(b),(l),(&k),(iv)) + DES_enc_write((f),(b),(l),&(k),(iv)) #define des_fcrypt(b,s,r)\ DES_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ @@ -174,13 +178,13 @@ typedef struct _ossl_old_des_ks_struct DES_crypt((b),(s)) #endif #define des_ofb_encrypt(i,o,n,l,k,iv)\ - DES_ofb_encrypt((i),(o),(n),(l),(&k),(iv)) + DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) #define des_pcbc_encrypt(i,o,l,k,iv,e)\ - DES_pcbc_encrypt((i),(o),(l),(&k),(iv),(e)) + DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) #define des_quad_cksum(i,o,l,c,s)\ DES_quad_cksum((i),(o),(l),(c),(s)) #define des_random_seed(k)\ - DES_random_seed((k)) + _ossl_096_des_random_seed((k)) #define des_random_key(r)\ DES_random_key((r)) #define des_read_password(k,p,v) \ @@ -194,21 +198,21 @@ typedef struct _ossl_old_des_ks_struct #define des_is_weak_key(k)\ DES_is_weak_key((k)) #define des_set_key(k,ks)\ - DES_set_key((k),(&ks)) + DES_set_key((k),&(ks)) #define des_key_sched(k,ks)\ - DES_key_sched((k),(&ks)) + DES_key_sched((k),&(ks)) #define des_set_key_checked(k,ks)\ - DES_set_key_checked((k),(&ks)) + DES_set_key_checked((k),&(ks)) #define des_set_key_unchecked(k,ks)\ - DES_set_key_unchecked((k),(&ks)) + DES_set_key_unchecked((k),&(ks)) #define des_string_to_key(s,k)\ DES_string_to_key((s),(k)) #define des_string_to_2keys(s,k1,k2)\ DES_string_to_2keys((s),(k1),(k2)) #define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - DES_cfb64_encrypt((i),(o),(l),(&ks),(iv),(n),(e)) + DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) #define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - DES_ofb64_encrypt((i),(o),(l),(&ks),(iv),(n)) + DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) #define des_ecb2_encrypt(i,o,k1,k2,e) \ @@ -387,6 +391,8 @@ void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long len void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num); +void _ossl_096_des_random_seed(des_cblock *key); + /* The following definitions provide compatibility with the MIT Kerberos * library. The _ossl_old_des_key_schedule structure is not binary compatible. */ From 0d81c69b8ebfe1d0852a5f5a80fd6eff69479665 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 26 Mar 2002 14:28:04 +0000 Subject: [PATCH 124/173] Add the possibility to enable olde des support, not just disable it, for future support. Redocument --- CHANGES | 27 +++++++++++++++++++-------- crypto/des/des.h | 6 ++++++ 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 67aa57833b..3da1e630e3 100644 --- a/CHANGES +++ b/CHANGES @@ -399,19 +399,30 @@ +) Change all functions with names starting with des_ to be starting with DES_ instead. Add wrappers that are compatible with libdes, but are named _ossl_old_des_*. Finally, add macros that map the - des_* symbols to the corresponding _ossl_old_des_*. + des_* symbols to the corresponding _ossl_old_des_* if libdes + compatibility is desired. If OpenSSL 0.9.6c compatibility is + desired, the des_* symbols will be mapped to DES_*, with one + exception. - All this is done because there are increasing clashes with libdes - and other DES libraries that are currently used by other projects. - The old libdes interface (including crypt()) is provided if - is included. For now, this automatically - happens in unless OPENSSL_DISABLE_OLD_DES_SUPPORT is - defined. Note that crypt() is no longer declared in . + Since we provide two compatibility mappings, the user needs to + define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes + compatibility is desired. The default (i.e., when that macro + isn't defined) is OpenSSL 0.9.6c compatibility. + + There are also macros that enable and disable the support of old + des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT + and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those + are defined, the default will apply: to support the old des routines. + + In either case, one must include openssl/des.h to get the correct + definitions. Do not try to just include openssl/des_old.h, that + won't work. NOTE: This is a major break of an old API into a new one. Software authors are encouraged to switch to the DES_ style functions. Some time in the future, des_old.h and the libdes compatibility functions - will be completely removed. + will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the + default), and then completely removed. [Richard Levitte] *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() diff --git a/crypto/des/des.h b/crypto/des/des.h index a36a8e68a4..4cb9d84fdf 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -92,6 +92,12 @@ typedef struct DES_ks } DES_key_schedule; #ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT +# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT +# define OPENSSL_ENABLE_OLD_DES_SUPPORT +# endif +#endif + +#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT # include #endif From d7a9bb0a2a9ef5999bbe70be3db2937a293a331c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 26 Mar 2002 16:42:38 +0000 Subject: [PATCH 125/173] A forgotten file --- crypto/des/des_old2.c | 82 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 crypto/des/des_old2.c diff --git a/crypto/des/des_old2.c b/crypto/des/des_old2.c new file mode 100644 index 0000000000..c8fa3ee135 --- /dev/null +++ b/crypto/des/des_old2.c @@ -0,0 +1,82 @@ +/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * The function names in here are deprecated and are only present to + * provide an interface compatible with OpenSSL 0.9.6c. OpenSSL now + * provides functions where "des_" has been replaced with "DES_" in + * the names, to make it possible to make incompatible changes that + * are needed for C type security and other stuff. + * + * Please consider starting to use the DES_ functions rather than the + * des_ ones. The des_ functions will dissapear completely before + * OpenSSL 1.0! + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#undef OPENSSL_DES_LIBDES_COMPATIBILITY +#include +#include + +void _ossl_096_des_random_seed(DES_cblock *key) + { + RAND_seed(key, sizeof(DES_cblock)); + } From ffbe98b7630d604263cfb1118c67ca2617a8e222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 26 Mar 2002 17:18:48 +0000 Subject: [PATCH 126/173] Make short names of objects RFC2256-compliant. --- CHANGES | 5 +++++ crypto/objects/obj_dat.h | 8 ++++---- crypto/objects/obj_mac.h | 3 +-- crypto/objects/objects.txt | 4 ++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 3da1e630e3..4845329aa5 100644 --- a/CHANGES +++ b/CHANGES @@ -49,6 +49,11 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Make object definitions compliant to LDAP (RFC2256): SN is the short + form for "surname", serialNumber has no short form (Michael Bell + ). + [Lutu Jaenicke] + *) Fix DH_generate_parameters() so that it works for 'non-standard' generators, i.e. generators other than 2 and 5. (Previously, the code did not properly initialise the 'add' and 'rem' values to diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 1fe83801ff..c749abe340 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -749,14 +749,14 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RC4-40","rc4-40",NID_rc4_40,0,NULL}, {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL}, {"G","givenName",NID_givenName,3,&(lvalues[535]),0}, -{"S","surname",NID_surname,3,&(lvalues[538]),0}, +{"SN","surname",NID_surname,3,&(lvalues[538]),0}, {"I","initials",NID_initials,3,&(lvalues[541]),0}, {"uniqueIdentifier","uniqueIdentifier",NID_uniqueIdentifier,3, &(lvalues[544]),0}, {"crlDistributionPoints","X509v3 CRL Distribution Points", NID_crl_distribution_points,3,&(lvalues[547]),0}, {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0}, -{"SN","serialNumber",NID_serialNumber,3,&(lvalues[555]),0}, +{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[555]),0}, {"T","title",NID_title,3,&(lvalues[558]),0}, {"D","description",NID_description,3,&(lvalues[561]),0}, {"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[564]),0}, @@ -1567,12 +1567,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[42]),/* "RSA-SHA" */ &(nid_objs[65]),/* "RSA-SHA1" */ &(nid_objs[115]),/* "RSA-SHA1-2" */ -&(nid_objs[100]),/* "S" */ &(nid_objs[41]),/* "SHA" */ &(nid_objs[64]),/* "SHA1" */ &(nid_objs[188]),/* "SMIME" */ &(nid_objs[167]),/* "SMIME-CAPS" */ -&(nid_objs[105]),/* "SN" */ +&(nid_objs[100]),/* "SN" */ &(nid_objs[16]),/* "ST" */ &(nid_objs[143]),/* "SXNetID" */ &(nid_objs[106]),/* "T" */ @@ -1989,6 +1988,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[561]),/* "sect571r1" */ &(nid_objs[386]),/* "security" */ &(nid_objs[394]),/* "selected-attribute-types" */ +&(nid_objs[105]),/* "serialNumber" */ &(nid_objs[129]),/* "serverAuth" */ &(nid_objs[371]),/* "serviceLocator" */ &(nid_objs[52]),/* "signingTime" */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 8c761734ff..46b2b9bf66 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1850,12 +1850,11 @@ #define NID_commonName 13 #define OBJ_commonName OBJ_X509,3L -#define SN_surname "S" +#define SN_surname "SN" #define LN_surname "surname" #define NID_surname 100 #define OBJ_surname OBJ_X509,4L -#define SN_serialNumber "SN" #define LN_serialNumber "serialNumber" #define NID_serialNumber 105 #define OBJ_serialNumber OBJ_X509,5L diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a26147728a..1fdc934fc5 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -601,8 +601,8 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA X500 4 : X509 X509 3 : CN : commonName -X509 4 : S : surname -X509 5 : SN : serialNumber +X509 4 : SN : surname +X509 5 : : serialNumber X509 6 : C : countryName X509 7 : L : localityName X509 8 : ST : stateOrProvinceName From ddab25a90dd4bdddf0da1eb288af58ff16a74630 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 29 Mar 2002 23:48:55 +0000 Subject: [PATCH 127/173] Fix of mixup bwtween SOMAXCONN and SO_MAXCONN. Furthermore, make SO_MAXCONN the first choice, since that's the standard (as far as I know). --- crypto/bio/b_sock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 6d77b9d8d4..dcaef68ea7 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -72,9 +72,9 @@ #endif #ifdef SO_MAXCONN -#define MAX_LISTEN SOMAXCONN -#elif defined(SO_MAXCONN) #define MAX_LISTEN SO_MAXCONN +#elif defined(SOMAXCONN) +#define MAX_LISTEN SOMAXCONN #else #define MAX_LISTEN 32 #endif From a096e9b71918b5cc7eb6323066e6c0bd3e2aed2c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 3 Apr 2002 14:47:38 +0000 Subject: [PATCH 128/173] Cast the pointers to the BIGNUM data to unsigned long *. This would be harmful if we didn't also pass the exact number of bytes of that data --- crypto/engine/hw_sureware.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/crypto/engine/hw_sureware.c b/crypto/engine/hw_sureware.c index be1414fe12..c3bef29e83 100644 --- a/crypto/engine/hw_sureware.c +++ b/crypto/engine/hw_sureware.c @@ -667,7 +667,9 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG))) goto err; - ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,rsatmp->n->d, rsatmp->e->d); + ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el, + (unsigned long *)rsatmp->n->d, + (unsigned long *)rsatmp->e->d); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret); if (ret!=1) { @@ -708,10 +710,10 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un goto err; ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el, - dsatmp->pub_key->d, - dsatmp->p->d, - dsatmp->q->d, - dsatmp->g->d); + (unsigned long *)dsatmp->pub_key->d, + (unsigned long *)dsatmp->p->d, + (unsigned long *)dsatmp->q->d, + (unsigned long *)dsatmp->g->d); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret); if (ret!=1) { @@ -979,7 +981,10 @@ static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) || !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG)) goto err; - ret=p_surewarehk_Dsa_Sign(msg,flen,from,psign->r->d,psign->s->d,hptr); + ret=p_surewarehk_Dsa_Sign(msg,flen,from, + (unsigned long *)psign->r->d, + (unsigned long *)psign->s->d, + hptr); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret); } psign->r->top=20/sizeof(BN_ULONG); @@ -1012,8 +1017,14 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (r && r->dmax==m->top) { /* do it*/ - ret=p_surewarehk_Mod_Exp(msg,m->top*sizeof(BN_ULONG),m->d,p->top*sizeof(BN_ULONG), - p->d,a->top*sizeof(BN_ULONG),a->d,r->d); + ret=p_surewarehk_Mod_Exp(msg, + m->top*sizeof(BN_ULONG), + (unsigned long *)m->d, + p->top*sizeof(BN_ULONG), + (unsigned long *)p->d, + a->top*sizeof(BN_ULONG), + (unsigned long *)a->d, + r->d); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret); if (ret==1) { From bbd79bdf03622248f85469861e4de528db4228c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 3 Apr 2002 15:01:28 +0000 Subject: [PATCH 129/173] Forgot one of the casts --- crypto/engine/hw_sureware.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/hw_sureware.c b/crypto/engine/hw_sureware.c index c3bef29e83..73a274cd48 100644 --- a/crypto/engine/hw_sureware.c +++ b/crypto/engine/hw_sureware.c @@ -1024,7 +1024,7 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, (unsigned long *)p->d, a->top*sizeof(BN_ULONG), (unsigned long *)a->d, - r->d); + (unsigned long *)r->d); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret); if (ret==1) { From 4825092bbe7e23e26769f0cadba70fe508b8a047 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 4 Apr 2002 17:48:37 +0000 Subject: [PATCH 130/173] Fix buggy object definitions (Svenning Sorensen ). --- CHANGES | 7 +++++++ crypto/objects/obj_mac.h | 4 ++-- crypto/objects/objects.pl | 2 ++ crypto/objects/objects.txt | 4 ++-- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 4845329aa5..a6c588a780 100644 --- a/CHANGES +++ b/CHANGES @@ -49,6 +49,13 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Fix object definitions for Private and Enterprise: they were not + recognized in their shortname (=lowercase) representation. Extend + obj_dat.pl to issue an error when using undefined keywords instead + of silently ignoring the problem (Svenning Sorensen + ). + [Lutz Jaenicke] + +) Make object definitions compliant to LDAP (RFC2256): SN is the short form for "surname", serialNumber has no short form (Michael Bell ). diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 46b2b9bf66..9bfb8b2c41 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2152,12 +2152,12 @@ #define SN_Enterprises "enterprises" #define LN_Enterprises "Enterprises" #define NID_Enterprises 389 -#define OBJ_Enterprises OBJ_private,1L +#define OBJ_Enterprises OBJ_Private,1L #define SN_dcObject "dcobject" #define LN_dcObject "dcObject" #define NID_dcObject 390 -#define OBJ_dcObject OBJ_enterprises,1466L,344L +#define OBJ_dcObject OBJ_Enterprises,1466L,344L #define SN_rle_compression "RLE" #define LN_rle_compression "run length compression" diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 3a1da4919d..76c06cc8f9 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -210,6 +210,8 @@ sub process_oid if (!($a[0] =~ /^[0-9]+$/)) { $a[0] =~ s/-/_/g; + if (!defined($obj{$a[0]})) + { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; } $pref_oid = "OBJ_" . $a[0]; $pref_sep = ","; shift @a; diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 1fdc934fc5..a83007034f 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -699,10 +699,10 @@ internet 5 : security : Security internet 6 : snmpv2 : SNMPv2 internet 7 : mail : Mail -private 1 : enterprises : Enterprises +Private 1 : enterprises : Enterprises # RFC 2247 -enterprises 1466 344 : dcobject : dcObject +Enterprises 1466 344 : dcobject : dcObject # What the hell are these OIDs, really? !Cname rle-compression From 83d092f7853e8abcc824bb68269235640a06a1d6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 09:42:19 +0000 Subject: [PATCH 131/173] Make shared libraries resolve global symbols within themselves first. Currently only on GNUish linkers... Submitted by Steven Bade --- Makefile.org | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile.org b/Makefile.org index 81d2a5eb9c..736a178772 100644 --- a/Makefile.org +++ b/Makefile.org @@ -266,6 +266,7 @@ do_gnu-shared: ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -l$$i"; \ @@ -292,6 +293,7 @@ do_darwin-shared: do_cygwin-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -o cyg$$i.dll \ + -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--out-implib,lib$$i.dll.a \ -Wl,--no-whole-archive $$libs ) || exit 1; \ From 1fc02dcf6ad5052b5470f53006fbc16790f2094a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 11:35:49 +0000 Subject: [PATCH 132/173] Use recv() and send() for socket communication on VMS instead of read() and write(). The reason is that read() and write() make additional record level locking which causes hangs of Compaq Secure Web Server (Apache) with SSL. Submitted by Compaq. --- e_os.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/e_os.h b/e_os.h index 0bb2bfa693..4436495c69 100644 --- a/e_os.h +++ b/e_os.h @@ -160,6 +160,13 @@ extern "C" { #define closesocket(s) MacSocket_close(s) #define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) #define writesocket(s,b,n) MacSocket_send((s),(b),(n)) +#elif defined(VMS) +#define get_last_socket_error() errno +#define clear_socket_error() errno=0 +#define ioctlsocket(a,b,c) ioctl(a,b,c) +#define closesocket(s) close(s) +#define readsocket(s,b,n) recv((s),(b),(n),0) +#define writesocket(s,b,n) send((s),(b),(n),0) #else #define get_last_socket_error() errno #define clear_socket_error() errno=0 From d8425465a3dbcb42f867b9b6402a26b03b9e49d3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 11:37:18 +0000 Subject: [PATCH 133/173] Recognise DEC C++ as equivalent to DEC C for the definitions of OPENSSL_EXTERN and OPENSSL_GLOBAL. Submitted by Compaq. --- e_os2.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/e_os2.h b/e_os2.h index ea92ff578a..9c4a541728 100644 --- a/e_os2.h +++ b/e_os2.h @@ -131,6 +131,9 @@ extern "C" { # define OPENSSL_SYS_VMS # if defined(__DECC) # define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX # else # define OPENSSL_SYS_VMS_NODECC # endif From 10189984f9bd9b99652336f2255da5a7479eb7e6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 11:58:04 +0000 Subject: [PATCH 134/173] Oops, the system macro for VMS is OPENSSL_SYS_VMS, not VMS --- e_os.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e_os.h b/e_os.h index 4436495c69..28bef94bbd 100644 --- a/e_os.h +++ b/e_os.h @@ -160,7 +160,7 @@ extern "C" { #define closesocket(s) MacSocket_close(s) #define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) #define writesocket(s,b,n) MacSocket_send((s),(b),(n)) -#elif defined(VMS) +#elif defined(OPENSSL_SYS_VMS) #define get_last_socket_error() errno #define clear_socket_error() errno=0 #define ioctlsocket(a,b,c) ioctl(a,b,c) From dfee50ecd90ff71e8ba326d31394300af64942e8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 19:00:50 +0000 Subject: [PATCH 135/173] Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq. --- apps/dgst.c | 4 ++-- apps/enc.c | 4 ++-- apps/openssl.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/dgst.c b/apps/dgst.c index c3e37be41f..0620b32bb4 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -88,8 +88,8 @@ int MAIN(int argc, char **argv) BIO *bmd=NULL; BIO *out = NULL; const char *name; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; +#define PROG_NAME_SIZE 39 + char pname[PROG_NAME_SIZE+1]; int separator=0; int debug=0; int keyform=FORMAT_PEM; diff --git a/apps/enc.c b/apps/enc.c index d01060f226..2c3af75170 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -117,8 +117,8 @@ int MAIN(int argc, char **argv) const EVP_CIPHER *cipher=NULL,*c; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; +#define PROG_NAME_SIZE 39 + char pname[PROG_NAME_SIZE+1]; char *engine = NULL; apps_startup(); diff --git a/apps/openssl.c b/apps/openssl.c index a344011778..c17458ef7c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -215,8 +215,8 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) int main(int Argc, char *Argv[]) { ARGS arg; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; +#define PROG_NAME_SIZE 39 + char pname[PROG_NAME_SIZE+1]; FUNCTION f,*fp; MS_STATIC char *prompt,buf[1024],config_name[256]; int n,i,ret=0; From a18894d159651891d11155af2feaadb18b4f256c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 19:16:12 +0000 Subject: [PATCH 136/173] make update (libeay.num has been edited to match 0.9.7-stable) --- apps/Makefile.ssl | 63 ++-- crypto/des/Makefile.ssl | 8 + crypto/ecdsa/Makefile.ssl | 13 +- crypto/engine/Makefile.ssl | 13 +- crypto/objects/obj_dat.h | 724 ++++++++++++++++++------------------- util/libeay.num | 145 ++++---- 6 files changed, 486 insertions(+), 480 deletions(-) diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 33f539c64c..2d912fb524 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -564,21 +564,22 @@ openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h passwd.o: ../include/openssl/bio.h ../include/openssl/bn.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h -passwd.o: ../include/openssl/crypto.h ../include/openssl/des_old.h -passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h -passwd.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -passwd.o: ../include/openssl/err.h ../include/openssl/evp.h -passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h -passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -passwd.o: ../include/openssl/rand.h ../include/openssl/rsa.h -passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h -passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c +passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h +passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h +passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +passwd.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h +passwd.o: ../include/openssl/engine.h ../include/openssl/err.h +passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h +passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h +passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +passwd.o: passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h pkcs12.o: ../include/openssl/bio.h ../include/openssl/bn.h pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -908,22 +909,22 @@ version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h version.o: ../include/openssl/bn.h ../include/openssl/buffer.h version.o: ../include/openssl/conf.h ../include/openssl/crypto.h -version.o: ../include/openssl/des_old.h ../include/openssl/dh.h -version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -version.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -version.o: ../include/openssl/engine.h ../include/openssl/err.h -version.o: ../include/openssl/evp.h ../include/openssl/idea.h -version.o: ../include/openssl/lhash.h ../include/openssl/md2.h -version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -version.o: ../include/openssl/rand.h ../include/openssl/rc4.h -version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -version.o: ../include/openssl/sha.h ../include/openssl/stack.h -version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -version.o: version.c +version.o: ../include/openssl/des.h ../include/openssl/des_old.h +version.o: ../include/openssl/dh.h ../include/openssl/dsa.h +version.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +version.o: ../include/openssl/err.h ../include/openssl/evp.h +version.o: ../include/openssl/idea.h ../include/openssl/lhash.h +version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h +version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h +version.o: ../include/openssl/safestack.h ../include/openssl/sha.h +version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +version.o: ../include/openssl/x509_vfy.h apps.h version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h x509.o: ../include/openssl/bio.h ../include/openssl/bn.h x509.o: ../include/openssl/buffer.h ../include/openssl/conf.h diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index c92a0f3db5..c1080b000f 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -188,6 +188,14 @@ des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h des_old.o: ../../include/openssl/ui_compat.h des_old.c +des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +des_old2.o: ../../include/openssl/opensslconf.h +des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +des_old2.o: des_old2.c ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h ecb3_enc.o: ../../include/openssl/opensslconf.h diff --git a/crypto/ecdsa/Makefile.ssl b/crypto/ecdsa/Makefile.ssl index d0166d02f1..f43258d693 100644 --- a/crypto/ecdsa/Makefile.ssl +++ b/crypto/ecdsa/Makefile.ssl @@ -102,18 +102,7 @@ ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_err.o: ecs_err.c -ecs_gen.o: ../../e_os.h ../../include/openssl/asn1.h -ecs_gen.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -ecs_gen.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ecs_gen.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_gen.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ecs_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -ecs_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ecs_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h ecs_gen.c +ecs_gen.o: ecs_gen.c ecs_key.o: ../../e_os.h ../../include/openssl/asn1.h ecs_key.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h ecs_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 8a97b62784..082668ad45 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -220,11 +220,14 @@ eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eng_openssl.o: ../../include/openssl/objects.h eng_openssl.o: ../../include/openssl/opensslconf.h eng_openssl.o: ../../include/openssl/opensslv.h -eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rsa.h -eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_openssl.o: ../../include/openssl/ui.h ../cryptlib.h eng_openssl.c +eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h +eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_openssl.o: ../cryptlib.h eng_openssl.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h eng_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index c749abe340..32abfb43bc 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -67,7 +67,7 @@ #define NUM_LN 566 #define NUM_OBJ 540 -static unsigned char lvalues[4218]={ +static unsigned char lvalues[4228]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -429,185 +429,185 @@ static unsigned char lvalues[4218]={ 0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ 0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ 0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ -0x01, /* [2863] OBJ_Enterprises */ -0xBA,0x82,0x58, /* [2864] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2867] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2877] OBJ_Domain */ -0x50, /* [2887] OBJ_joint_iso_ccitt */ -0x55,0x01,0x05, /* [2888] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2891] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2895] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2904] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2912] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2920] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2928] OBJ_role */ -0x55,0x1D,0x24, /* [2931] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2934] OBJ_target_information */ -0x55,0x1D,0x38, /* [2937] OBJ_no_rev_avail */ -0x00, /* [2940] OBJ_ccitt */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2941] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2946] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2953] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2960] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2967] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2975] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2983] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2991] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [2999] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3007] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3015] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3023] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3030] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3039] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3048] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3057] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3066] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3075] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3084] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3093] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3102] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3111] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3120] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3129] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3138] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3147] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3150] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3157] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3164] OBJ_hold_instruction_reject */ -0x09, /* [3171] OBJ_data */ -0x09,0x92,0x26, /* [3172] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3175] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3182] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3190] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3199] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3208] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3217] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3226] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3236] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3246] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3256] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3266] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3276] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3286] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3296] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3306] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3316] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3326] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3336] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3346] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3356] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3366] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3376] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3386] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3396] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3406] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3416] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3426] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3436] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3446] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3456] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3466] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3476] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3486] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3496] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3506] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3516] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3526] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3536] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3546] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3556] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3566] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3576] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3586] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3596] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3606] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3616] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3626] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3636] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3646] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3656] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3666] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3676] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3686] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3696] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3706] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3716] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3726] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3736] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3746] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3756] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3766] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3776] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3786] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3796] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3806] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3816] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3826] OBJ_documentPublisher */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [3836] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [3844] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [3853] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [3862] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [3871] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [3879] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [3887] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [3895] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [3903] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [3911] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [3919] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [3927] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [3935] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [3943] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [3951] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [3959] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [3967] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [3975] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [3983] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [3991] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [3999] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4007] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4015] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4023] OBJ_X9_62_c2tnb431r1 */ -0x2B, /* [4031] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4032] OBJ_certicom_arc */ -0x2B,0x81,0x04,0x00,0x06, /* [4035] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4040] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4045] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4050] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4055] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4060] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4065] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4070] OBJ_secp192k1 */ -0x00, /* [4075] OBJ_secp192r1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4076] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4081] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4086] OBJ_secp256k1 */ -0x00, /* [4091] OBJ_secp256r1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4092] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4097] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4102] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4107] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4112] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4117] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4122] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4127] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4132] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4137] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4142] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4147] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4152] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4157] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4162] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4167] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4172] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4177] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4182] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4187] OBJ_sect571r1 */ -0x67,0x2B, /* [4192] OBJ_wap */ -0x67,0x2B,0x0D, /* [4194] OBJ_wap_wsg */ -0x67,0x2B,0x0D,0x04,0x01, /* [4197] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4202] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4207] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4212] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ +0x50, /* [2897] OBJ_joint_iso_ccitt */ +0x55,0x01,0x05, /* [2898] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2901] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2905] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2914] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2922] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2930] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2938] OBJ_role */ +0x55,0x1D,0x24, /* [2941] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2944] OBJ_target_information */ +0x55,0x1D,0x38, /* [2947] OBJ_no_rev_avail */ +0x00, /* [2950] OBJ_ccitt */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2951] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2956] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2963] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2970] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2977] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2985] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2993] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3001] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3009] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3017] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3025] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3033] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3040] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3049] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3058] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3067] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3076] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3085] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3094] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3103] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3112] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3121] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3130] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3139] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3148] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3157] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3160] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3167] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3174] OBJ_hold_instruction_reject */ +0x09, /* [3181] OBJ_data */ +0x09,0x92,0x26, /* [3182] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3185] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3192] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3200] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3209] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3218] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3227] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3236] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3246] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3256] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3266] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3276] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3286] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3296] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3306] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3316] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3326] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3336] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3346] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3356] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3366] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3376] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3386] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3396] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3406] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3416] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3426] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3436] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3446] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3456] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3466] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3476] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3486] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3496] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3506] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3516] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3526] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3536] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3546] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3556] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3566] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3576] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3586] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3596] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3606] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3616] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3626] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3636] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3646] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3656] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3666] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3676] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3686] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3696] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3706] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3716] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3726] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3736] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3746] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3756] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3766] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3776] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3786] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3796] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3806] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3816] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3826] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3836] OBJ_documentPublisher */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [3846] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [3854] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [3863] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [3872] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [3881] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [3889] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [3897] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [3905] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [3913] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [3921] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [3929] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [3937] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [3945] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [3953] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [3961] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [3969] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [3977] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [3985] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [3993] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4001] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4009] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4017] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4025] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4033] OBJ_X9_62_c2tnb431r1 */ +0x2B, /* [4041] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4042] OBJ_certicom_arc */ +0x2B,0x81,0x04,0x00,0x06, /* [4045] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4050] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4055] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4060] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4065] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4070] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4075] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4080] OBJ_secp192k1 */ +0x00, /* [4085] OBJ_secp192r1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4086] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4091] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4096] OBJ_secp256k1 */ +0x00, /* [4101] OBJ_secp256r1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4102] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4107] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4112] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4117] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4122] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4127] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4132] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4137] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4142] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4147] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4152] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4157] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4162] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4167] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4172] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4177] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4182] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4187] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4192] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4197] OBJ_sect571r1 */ +0x67,0x2B, /* [4202] OBJ_wap */ +0x67,0x2B,0x0D, /* [4204] OBJ_wap_wsg */ +0x67,0x2B,0x0D,0x04,0x01, /* [4207] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4212] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4217] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4222] OBJ_wap_wsg_idm_ecid_wtls9 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1216,241 +1216,241 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"security","Security",NID_Security,4,&(lvalues[2851]),0}, {"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, {"mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, -{"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2863]),0}, -{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2864]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2867]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2877]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, {"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, - &(lvalues[2887]),0}, + &(lvalues[2897]),0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2888]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2891]),0}, + NID_selected_attribute_types,3,&(lvalues[2898]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2901]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2895]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2904]),0}, + &(lvalues[2905]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2914]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2912]),0}, + &(lvalues[2922]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2920]),0}, -{"role","role",NID_role,3,&(lvalues[2928]),0}, + &(lvalues[2930]),0}, +{"role","role",NID_role,3,&(lvalues[2938]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2931]),0}, + NID_policy_constraints,3,&(lvalues[2941]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2934]),0}, + &(lvalues[2944]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2937]),0}, -{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2940]),0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2941]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2946]),0}, + &(lvalues[2947]),0}, +{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2950]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2951]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2956]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2953]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2963]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2960]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2967]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2975]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2983]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2991]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[2999]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3007]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3015]),0}, + &(lvalues[2970]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2977]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2985]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2993]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3001]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3009]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3017]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3025]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3023]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3030]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3039]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3048]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3057]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3066]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3075]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3084]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3093]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3102]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3111]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3120]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3129]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3138]),0}, + &(lvalues[3033]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3040]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3049]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3058]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3067]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3076]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3085]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3094]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3103]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3112]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3121]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3130]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3139]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3148]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3147]),0}, + NID_hold_instruction_code,3,&(lvalues[3157]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3150]),0}, + NID_hold_instruction_none,7,&(lvalues[3160]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3157]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3167]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3164]),0}, -{"data","data",NID_data,1,&(lvalues[3171]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3172]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3175]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3182]),0}, + NID_hold_instruction_reject,7,&(lvalues[3174]),0}, +{"data","data",NID_data,1,&(lvalues[3181]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3182]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3185]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3192]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3190]),0}, + &(lvalues[3200]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3199]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3209]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3208]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3217]),0}, + &(lvalues[3218]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3227]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3226]),0}, + &(lvalues[3236]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3236]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3246]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3256]),0}, -{"account","account",NID_account,10,&(lvalues[3266]),0}, -{"document","document",NID_document,10,&(lvalues[3276]),0}, -{"room","room",NID_room,10,&(lvalues[3286]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3246]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3256]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3266]),0}, +{"account","account",NID_account,10,&(lvalues[3276]),0}, +{"document","document",NID_document,10,&(lvalues[3286]),0}, +{"room","room",NID_room,10,&(lvalues[3296]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3296]),0}, -{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, &(lvalues[3306]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3316]),0}, +{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, + &(lvalues[3316]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3326]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3326]),0}, + 10,&(lvalues[3336]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3336]),0}, + &(lvalues[3346]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3346]),0}, + NID_simpleSecurityObject,10,&(lvalues[3356]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3356]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3366]),0}, + &(lvalues[3366]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3376]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3376]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3386]),0}, + 10,&(lvalues[3386]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3396]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3396]),0}, -{"rfc822Mailbox","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3406]),0}, -{"info","info",NID_info,10,&(lvalues[3416]),0}, + NID_textEncodedORAddress,10,&(lvalues[3406]),0}, +{"rfc822Mailbox","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3416]),0}, +{"info","info",NID_info,10,&(lvalues[3426]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3426]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3436]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3446]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3456]),0}, -{"host","host",NID_host,10,&(lvalues[3466]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3476]),0}, + &(lvalues[3436]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3446]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3456]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3466]),0}, +{"host","host",NID_host,10,&(lvalues[3476]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3486]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3486]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3496]),0}, + &(lvalues[3496]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3506]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3506]),0}, -{"documentAuthor","documentAuthor",NID_documentAuthor,10, &(lvalues[3516]),0}, -{"documentLocation","documentLocation",NID_documentLocation,10, +{"documentAuthor","documentAuthor",NID_documentAuthor,10, &(lvalues[3526]),0}, +{"documentLocation","documentLocation",NID_documentLocation,10, + &(lvalues[3536]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3536]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3546]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3556]),0}, + 10,&(lvalues[3546]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3556]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3566]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3566]),0}, -{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, &(lvalues[3576]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3586]),0}, +{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, + &(lvalues[3586]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3596]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3596]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3606]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3616]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3626]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3636]),0}, + NID_pilotAttributeType27,10,&(lvalues[3606]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3616]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3626]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3636]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3646]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3646]),0}, -{"associatedName","associatedName",NID_associatedName,10, &(lvalues[3656]),0}, -{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, +{"associatedName","associatedName",NID_associatedName,10, &(lvalues[3666]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3676]),0}, +{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, + &(lvalues[3676]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3686]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3686]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3696]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3696]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3706]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3706]),0}, + 10,&(lvalues[3716]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3716]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3726]),0}, + NID_organizationalStatus,10,&(lvalues[3726]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3736]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3736]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3746]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3756]),0}, + NID_mailPreferenceOption,10,&(lvalues[3746]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3756]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3766]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3766]),0}, + &(lvalues[3776]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3776]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3786]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3786]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3796]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3796]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3806]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3816]),0}, + &(lvalues[3806]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3816]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3826]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3826]),0}, + &(lvalues[3836]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[3836]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[3844]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[3853]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[3862]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[3871]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[3879]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[3887]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[3895]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[3903]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[3911]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[3919]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[3927]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[3935]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[3943]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[3951]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[3959]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[3967]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[3975]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[3983]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[3991]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[3999]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4007]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4015]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4023]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[3846]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[3854]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[3863]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[3872]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[3881]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[3889]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[3897]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[3905]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[3913]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[3921]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[3929]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[3937]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[3945]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[3953]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[3961]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[3969]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[3977]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[3985]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[3993]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4001]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4009]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4017]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4025]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4033]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4031]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4032]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4035]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4040]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4045]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4050]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4055]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4060]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4065]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4070]),0}, -{"secp192r1","secp192r1",NID_secp192r1,1,&(lvalues[4075]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4076]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4081]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4086]),0}, -{"secp256r1","secp256r1",NID_secp256r1,1,&(lvalues[4091]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4092]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4097]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4102]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4107]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4112]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4117]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4122]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4127]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4132]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4137]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4142]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4147]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4152]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4157]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4162]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4167]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4172]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4177]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4182]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4187]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4192]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4194]),0}, + NID_identified_organization,1,&(lvalues[4041]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4042]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4045]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4050]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4055]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4060]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4065]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4070]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4075]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4080]),0}, +{"secp192r1","secp192r1",NID_secp192r1,1,&(lvalues[4085]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4086]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4091]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4096]),0}, +{"secp256r1","secp256r1",NID_secp256r1,1,&(lvalues[4101]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4102]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4107]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4112]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4117]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4122]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4127]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4132]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4137]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4142]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4147]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4152]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4157]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4162]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4167]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4172]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4177]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4182]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4187]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4192]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4197]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4202]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4204]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4197]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4207]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4202]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4212]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4207]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4217]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4212]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4222]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2593,10 +2593,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[404]),/* OBJ_ccitt 0 */ &(nid_objs[541]),/* OBJ_secp256r1 OBJ_X9_62_prime256v1 */ +&(nid_objs[404]),/* OBJ_ccitt 0 */ &(nid_objs[537]),/* OBJ_secp192r1 OBJ_X9_62_prime192v1 */ -&(nid_objs[389]),/* OBJ_Enterprises 1 */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ @@ -2649,7 +2648,6 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ &(nid_objs[563]),/* OBJ_wap_wsg 2 23 43 13 */ -&(nid_objs[390]),/* OBJ_dcObject 1466 344 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ &(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ @@ -2664,6 +2662,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ &(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ &(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ +&(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ &(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ &(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ &(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ @@ -2937,6 +2936,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[505]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ &(nid_objs[506]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ &(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ +&(nid_objs[390]),/* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ &(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ &(nid_objs[315]),/* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ &(nid_objs[316]),/* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ diff --git a/util/libeay.num b/util/libeay.num index 7ce301bc66..5bb4153c07 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2773,73 +2773,78 @@ AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES ENGINE_load_4758cca 3218 EXIST::FUNCTION: -EC_GROUP_new_by_name 3219 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY 3220 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAPrivateKey 3221 EXIST::FUNCTION:ECDSA -ECDSA_SIG_new 3222 EXIST::FUNCTION:ECDSA -ECDSA_verify 3223 EXIST::FUNCTION:ECDSA -i2d_ECDSAParameters 3224 EXIST::FUNCTION:ECDSA -i2d_ECDSAPrivateKey_bio 3225 EXIST::FUNCTION:BIO,ECDSA -PEM_write_bio_ECDSAParameters 3226 EXIST::FUNCTION:ECDSA -ECDSAParameters_print_fp 3227 EXIST::FUNCTION:ECDSA,FP_API -ENGINE_set_default_ECDSA 3228 EXIST::FUNCTION: -PEM_read_bio_ECDSA_PUBKEY 3229 EXIST::FUNCTION:ECDSA -ECDSA_check_key 3230 EXIST::FUNCTION:ECDSA -ECDSA_new_method 3231 EXIST::FUNCTION:ECDSA -d2i_ECDSAPrivateKey_bio 3232 EXIST::FUNCTION:BIO,ECDSA -i2d_ECDSA_PUBKEY 3233 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_fp 3234 EXIST::FUNCTION:ECDSA,FP_API -ENGINE_unregister_ECDSA 3235 EXIST::FUNCTION: -ECDSA_free 3236 EXIST::FUNCTION:ECDSA -ECDSAParameters_print 3237 EXIST::FUNCTION:BIO,ECDSA -PEM_write_bio_ECDSA_PUBKEY 3238 EXIST::FUNCTION:ECDSA -ECDSA_set_method 3239 EXIST::FUNCTION:ECDSA -ECDSA_print 3240 EXIST::FUNCTION:BIO,ECDSA -EVP_PKEY_get1_ECDSA 3241 EXIST::FUNCTION:ECDSA -ECDSA_SIG_free 3242 EXIST::FUNCTION:ECDSA -ECDSA_get_default_openssl_method 3243 EXIST::FUNCTION:ECDSA -ENGINE_get_default_ECDSA 3244 EXIST::FUNCTION: -PEM_write_ECDSAPrivateKey 3245 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_sign_setup 3246 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3247 EXIST::FUNCTION: -d2i_ECDSA_PUBKEY_bio 3248 EXIST::FUNCTION:BIO,ECDSA -ECDSA_sign 3249 EXIST::FUNCTION:ECDSA -ENGINE_register_ECDSA 3250 EXIST::FUNCTION: -d2i_ECDSAPrivateKey_fp 3251 EXIST::FUNCTION:ECDSA,FP_API -ECDSA_print_fp 3252 EXIST::FUNCTION:ECDSA,FP_API -i2d_ECDSAPrivateKey 3253 EXIST::FUNCTION:ECDSA -d2i_ECDSAParameters 3254 EXIST::FUNCTION:ECDSA -d2i_ECDSAPublicKey 3255 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECDSAPrivateKey 3256 EXIST::FUNCTION:ECDSA -d2i_ECDSA_SIG 3257 EXIST::FUNCTION:ECDSA -ECDSA_size 3258 EXIST::FUNCTION:ECDSA -EC_GROUP_set_nid 3259 EXIST::FUNCTION:EC -EVP_PKEY_set1_ECDSA 3260 EXIST::FUNCTION:ECDSA -EC_GROUP_get_nid 3261 EXIST::FUNCTION:EC -d2i_ECDSA_PUBKEY_fp 3262 EXIST::FUNCTION:ECDSA,FP_API -ECDSA_OpenSSL 3263 EXIST::FUNCTION:ECDSA -ECDSA_get_parameter_flags 3264 EXIST::FUNCTION:ECDSA -PEM_read_ECDSAParameters 3265 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_get_ex_data 3266 EXIST::FUNCTION:ECDSA -ECDSA_do_verify 3267 EXIST::FUNCTION:ECDSA -ECDSA_do_sign 3268 EXIST::FUNCTION:ECDSA -ECDSA_set_parameter_flags 3269 EXIST::FUNCTION:ECDSA -i2d_ECDSA_SIG 3270 EXIST::FUNCTION:ECDSA -PEM_read_bio_ECDSAParameters 3271 EXIST::FUNCTION:ECDSA -EVP_ecdsa 3272 EXIST::FUNCTION:SHA -ECDSA_set_default_method 3273 EXIST::FUNCTION:ECDSA -ENGINE_set_ECDSA 3274 EXIST::FUNCTION: -ECDSA_get_ex_new_index 3275 EXIST::FUNCTION:ECDSA -i2d_ECDSAPublicKey 3276 EXIST::FUNCTION:ECDSA -PEM_write_ECDSA_PUBKEY 3277 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_set_ex_data 3278 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_bio 3279 EXIST::FUNCTION:BIO,ECDSA -d2i_ECDSAPrivateKey 3280 EXIST::FUNCTION:ECDSA -EC_GROUP_new_by_nid 3281 EXIST::FUNCTION:EC -PEM_read_ECDSA_PUBKEY 3282 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_up_ref 3283 EXIST::FUNCTION:ECDSA -ENGINE_register_all_ECDSA 3284 EXIST::FUNCTION: -ECDSA_generate_key 3285 EXIST::FUNCTION:ECDSA -PEM_write_ECDSAParameters 3286 EXIST:!WIN16:FUNCTION:ECDSA -i2d_ECDSAPrivateKey_fp 3287 EXIST::FUNCTION:ECDSA,FP_API -PEM_read_ECDSAPrivateKey 3288 EXIST:!WIN16:FUNCTION:ECDSA +_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES +EC_GROUP_new_by_name 3220 EXIST::FUNCTION:EC +d2i_ECDSA_PUBKEY 3221 EXIST::FUNCTION:ECDSA +PEM_read_bio_ECDSAPrivateKey 3222 EXIST::FUNCTION:ECDSA +ECDSA_SIG_new 3223 EXIST::FUNCTION:ECDSA +ECDSA_verify 3224 EXIST::FUNCTION:ECDSA +i2d_ECDSAParameters 3225 EXIST::FUNCTION:ECDSA +i2d_ECDSAPrivateKey_bio 3226 EXIST::FUNCTION:BIO,ECDSA +PEM_write_bio_ECDSAParameters 3227 EXIST::FUNCTION:ECDSA +ECDSAParameters_print_fp 3228 EXIST::FUNCTION:ECDSA,FP_API +EC_GROUP_check 3229 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3230 EXIST::FUNCTION: +PEM_read_bio_ECDSA_PUBKEY 3231 EXIST::FUNCTION:ECDSA +ECDSA_check_key 3232 EXIST::FUNCTION:ECDSA +ECDSA_new_method 3233 EXIST::FUNCTION:ECDSA +d2i_ECDSAPrivateKey_bio 3234 EXIST::FUNCTION:BIO,ECDSA +i2d_ECDSA_PUBKEY 3235 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_fp 3236 EXIST::FUNCTION:ECDSA,FP_API +ENGINE_unregister_ECDSA 3237 EXIST::FUNCTION: +ECDSA_free 3238 EXIST::FUNCTION:ECDSA +ECDSAParameters_print 3239 EXIST::FUNCTION:BIO,ECDSA +PEM_write_bio_ECDSA_PUBKEY 3240 EXIST::FUNCTION:ECDSA +ECDSA_set_method 3241 EXIST::FUNCTION:ECDSA +ECDSA_print 3242 EXIST::FUNCTION:BIO,ECDSA +EVP_PKEY_get1_ECDSA 3243 EXIST::FUNCTION:ECDSA +ECDSA_SIG_free 3244 EXIST::FUNCTION:ECDSA +ENGINE_get_default_ECDSA 3245 EXIST::FUNCTION: +PEM_write_ECDSAPrivateKey 3246 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_sign_setup 3247 EXIST::FUNCTION:ECDSA +ENGINE_get_ECDSA 3248 EXIST::FUNCTION: +ECDSA_get_default_method 3249 EXIST::FUNCTION:ECDSA +d2i_ECDSA_PUBKEY_bio 3250 EXIST::FUNCTION:BIO,ECDSA +ECDSA_sign 3251 EXIST::FUNCTION:ECDSA +ENGINE_register_ECDSA 3252 EXIST::FUNCTION: +d2i_ECDSAPrivateKey_fp 3253 EXIST::FUNCTION:ECDSA,FP_API +ECDSA_print_fp 3254 EXIST::FUNCTION:ECDSA,FP_API +i2d_ECDSAPrivateKey 3255 EXIST::FUNCTION:ECDSA +d2i_ECDSAParameters 3256 EXIST::FUNCTION:ECDSA +d2i_ECDSAPublicKey 3257 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECDSAPrivateKey 3258 EXIST::FUNCTION:ECDSA +ERR_load_ECDSA_strings 3259 EXIST::FUNCTION:ECDSA +d2i_ECDSA_SIG 3260 EXIST::FUNCTION:ECDSA +ECDSA_size 3261 EXIST::FUNCTION:ECDSA +EC_GROUP_set_nid 3262 EXIST::FUNCTION:EC +EVP_PKEY_set1_ECDSA 3263 EXIST::FUNCTION:ECDSA +EC_GROUP_get_nid 3264 EXIST::FUNCTION:EC +d2i_ECDSA_PUBKEY_fp 3265 EXIST::FUNCTION:ECDSA,FP_API +ECDSA_OpenSSL 3266 EXIST::FUNCTION:ECDSA +ECDSA_get_parameter_flags 3267 EXIST::FUNCTION:ECDSA +PEM_read_ECDSAParameters 3268 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_get_ex_data 3269 EXIST::FUNCTION:ECDSA +ECDSA_do_verify 3270 EXIST::FUNCTION:ECDSA +ECDSA_do_sign 3271 EXIST::FUNCTION:ECDSA +ECDSA_set_parameter_flags 3272 EXIST::FUNCTION:ECDSA +i2d_ECDSA_SIG 3273 EXIST::FUNCTION:ECDSA +PEM_read_bio_ECDSAParameters 3274 EXIST::FUNCTION:ECDSA +ECDSA_new 3275 EXIST::FUNCTION:ECDSA +EVP_ecdsa 3276 EXIST::FUNCTION:SHA +ECDSA_set_default_method 3277 EXIST::FUNCTION:ECDSA +ENGINE_set_ECDSA 3278 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3279 EXIST::FUNCTION:ECDSA +i2d_ECDSAPublicKey 3280 EXIST::FUNCTION:ECDSA +PEM_write_ECDSA_PUBKEY 3281 EXIST:!WIN16:FUNCTION:ECDSA +EC_GROUP_check_discriminant 3282 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3283 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_bio 3284 EXIST::FUNCTION:BIO,ECDSA +d2i_ECDSAPrivateKey 3285 EXIST::FUNCTION:ECDSA +EC_GROUP_new_by_nid 3286 EXIST::FUNCTION:EC +PEM_read_ECDSA_PUBKEY 3287 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_up_ref 3288 EXIST::FUNCTION:ECDSA +ENGINE_register_all_ECDSA 3289 EXIST::FUNCTION: +ECDSA_generate_key 3290 EXIST::FUNCTION:ECDSA +PEM_write_ECDSAParameters 3291 EXIST:!WIN16:FUNCTION:ECDSA +i2d_ECDSAPrivateKey_fp 3292 EXIST::FUNCTION:ECDSA,FP_API +PEM_read_ECDSAPrivateKey 3293 EXIST:!WIN16:FUNCTION:ECDSA From d16e1131b4556203b17bd05df93218b2dbb0ccb2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 6 Apr 2002 20:22:48 +0000 Subject: [PATCH 137/173] Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq. --- demos/b64.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/demos/b64.c b/demos/b64.c index 8e248e7e72..113da89baf 100644 --- a/demos/b64.c +++ b/demos/b64.c @@ -91,8 +91,8 @@ char **argv; EVP_CIPHER *cipher=NULL,*c; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; +#define PROG_NAME_SIZE 39 + char pname[PROG_NAME_SIZE+1]; apps_startup(); From 4e9ef338fc0b0523ecfe37e4d7c65ddf99584afa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sun, 7 Apr 2002 13:33:16 +0000 Subject: [PATCH 138/173] error reported by Karsten Braaten --- doc/crypto/BN_bn2bin.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index c12af9c9f9..b62d1af0ff 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -49,7 +49,7 @@ with a leading '-' for negative numbers, to the B or B B. BN_bn2mpi() and BN_mpi2bn() convert Bs from and to a format -that consists of the number's length in bytes represented as a 3-byte +that consists of the number's length in bytes represented as a 4-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the MSB set is prefixed with null byte). From 0ae1661ba2d85ca8f487d0de1fa7b6799dc1a588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 8 Apr 2002 15:49:53 +0000 Subject: [PATCH 139/173] Apply OID fixes for elliptic curves as supplied by Nils Larsch . --- crypto/ec/ec.h | 8 +-- crypto/ec/ec_curve.c | 6 +- crypto/objects/obj_dat.h | 136 +++++++++++++++++-------------------- crypto/objects/obj_mac.h | 8 --- crypto/objects/objects.txt | 2 - 5 files changed, 70 insertions(+), 90 deletions(-) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index a791125369..05b454c921 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -141,9 +141,9 @@ EC_GROUP *EC_GROUP_new_by_nid(int nid); EC_GROUP *EC_GROUP_new_by_name(int name); /* Currently valid arguments to EC_GROUP_new_by_name() */ #define EC_GROUP_NO_CURVE 0 -#define EC_GROUP_NIST_PRIME_192 NID_secp192r1 +#define EC_GROUP_NIST_PRIME_192 NID_X9_62_prime192v1 #define EC_GROUP_NIST_PRIME_224 NID_secp224r1 -#define EC_GROUP_NIST_PRIME_256 NID_secp256r1 +#define EC_GROUP_NIST_PRIME_256 NID_X9_62_prime256v1 #define EC_GROUP_NIST_PRIME_384 NID_secp384r1 #define EC_GROUP_NIST_PRIME_521 NID_secp521r1 #define EC_GROUP_X9_62_PRIME_192V1 NID_X9_62_prime192v1 @@ -161,11 +161,11 @@ EC_GROUP *EC_GROUP_new_by_name(int name); #define EC_GROUP_SECG_PRIME_160R1 NID_secp160r1 #define EC_GROUP_SECG_PRIME_160R2 NID_secp160r2 #define EC_GROUP_SECG_PRIME_192K1 NID_secp192k1 -#define EC_GROUP_SECG_PRIME_192R1 NID_secp192r1 +#define EC_GROUP_SECG_PRIME_192R1 NID_X9_62_prime192v1 #define EC_GROUP_SECG_PRIME_224K1 NID_secp224k1 #define EC_GROUP_SECG_PRIME_224R1 NID_secp224r1 #define EC_GROUP_SECG_PRIME_256K1 NID_secp256k1 -#define EC_GROUP_SECG_PRIME_256R1 NID_secp256r1 +#define EC_GROUP_SECG_PRIME_256R1 NID_X9_62_prime256v1 #define EC_GROUP_SECG_PRIME_384R1 NID_secp384r1 #define EC_GROUP_SECG_PRIME_521R1 NID_secp521r1 #define EC_GROUP_WTLS_6 NID_wap_wsg_idm_ecid_wtls6 diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 132e631a4e..a2fed3d603 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -276,8 +276,7 @@ EC_GROUP *EC_GROUP_new_by_name(int name) ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_521); break; /* x9.62 prime curves */ - case EC_GROUP_NIST_PRIME_192: /* EC_GROUP_NIST_PRIME_192 == EC_GROUP_SECG_PRIME_192R1 */ - case EC_GROUP_X9_62_PRIME_192V1: + case EC_GROUP_X9_62_PRIME_192V1: /* == EC_GROUP_NIST_PRIME_192 == EC_GROUP_SECG_PRIME_192R1 */ ret = ec_group_new_GFp_from_hex(_EC_GROUP_NIST_PRIME_192); break; @@ -301,8 +300,7 @@ EC_GROUP *EC_GROUP_new_by_name(int name) ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_239V3); break; - case EC_GROUP_NIST_PRIME_256: /* EC_GROUP_NIST_PRIME_256 == EC_GROUP_SECG_PRIME_256R1 */ - case EC_GROUP_X9_62_PRIME_256V1: + case EC_GROUP_X9_62_PRIME_256V1: /* == EC_GROUP_NIST_PRIME_256 == EC_GROUP_SECG_PRIME_256R1 */ ret = ec_group_new_GFp_from_hex(_EC_GROUP_X9_62_PRIME_256V1); break; /* the remaining secg curves */ diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 32abfb43bc..a1249a2e99 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -63,11 +63,11 @@ */ #define NUM_NID 568 -#define NUM_SN 566 -#define NUM_LN 566 -#define NUM_OBJ 540 +#define NUM_SN 564 +#define NUM_LN 564 +#define NUM_OBJ 538 -static unsigned char lvalues[4228]={ +static unsigned char lvalues[4226]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -577,37 +577,35 @@ static unsigned char lvalues[4228]={ 0x2B,0x81,0x04,0x00,0x08, /* [4070] OBJ_secp160r1 */ 0x2B,0x81,0x04,0x00,0x1E, /* [4075] OBJ_secp160r2 */ 0x2B,0x81,0x04,0x00,0x1F, /* [4080] OBJ_secp192k1 */ -0x00, /* [4085] OBJ_secp192r1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4086] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4091] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4096] OBJ_secp256k1 */ -0x00, /* [4101] OBJ_secp256r1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4102] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4107] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4112] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4117] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4122] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4127] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4132] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4137] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4142] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4147] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4152] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4157] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4162] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4167] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4172] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4177] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4182] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4187] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4192] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4197] OBJ_sect571r1 */ -0x67,0x2B, /* [4202] OBJ_wap */ -0x67,0x2B,0x0D, /* [4204] OBJ_wap_wsg */ -0x67,0x2B,0x0D,0x04,0x01, /* [4207] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4212] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4217] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4222] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x2B,0x81,0x04,0x00,0x20, /* [4085] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4090] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4095] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4100] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4105] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4110] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4115] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4120] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4125] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4130] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4135] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4140] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4145] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4150] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4155] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4160] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4165] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4170] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4175] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4180] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4185] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4190] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4195] OBJ_sect571r1 */ +0x67,0x2B, /* [4200] OBJ_wap */ +0x67,0x2B,0x0D, /* [4202] OBJ_wap_wsg */ +0x67,0x2B,0x0D,0x04,0x01, /* [4205] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4210] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4215] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4220] OBJ_wap_wsg_idm_ecid_wtls9 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1416,41 +1414,41 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4070]),0}, {"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4075]),0}, {"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4080]),0}, -{"secp192r1","secp192r1",NID_secp192r1,1,&(lvalues[4085]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4086]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4091]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4096]),0}, -{"secp256r1","secp256r1",NID_secp256r1,1,&(lvalues[4101]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4102]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4107]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4112]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4117]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4122]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4127]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4132]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4137]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4142]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4147]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4152]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4157]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4162]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4167]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4172]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4177]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4182]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4187]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4192]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4197]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4202]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4204]),0}, +{NULL,NULL,NID_undef,0,NULL}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4085]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4090]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4095]),0}, +{NULL,NULL,NID_undef,0,NULL}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4100]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4105]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4110]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4115]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4120]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4125]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4130]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4135]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4140]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4145]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4150]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4155]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4160]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4165]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4170]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4175]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4180]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4185]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4190]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4195]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4200]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4202]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4207]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4205]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4212]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4210]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4217]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4215]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4222]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4220]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1959,11 +1957,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[534]),/* "secp160r1" */ &(nid_objs[535]),/* "secp160r2" */ &(nid_objs[536]),/* "secp192k1" */ -&(nid_objs[537]),/* "secp192r1" */ &(nid_objs[538]),/* "secp224k1" */ &(nid_objs[539]),/* "secp224r1" */ &(nid_objs[540]),/* "secp256k1" */ -&(nid_objs[541]),/* "secp256r1" */ &(nid_objs[542]),/* "secp384r1" */ &(nid_objs[543]),/* "secp521r1" */ &(nid_objs[154]),/* "secretBag" */ @@ -2528,11 +2524,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[534]),/* "secp160r1" */ &(nid_objs[535]),/* "secp160r2" */ &(nid_objs[536]),/* "secp192k1" */ -&(nid_objs[537]),/* "secp192r1" */ &(nid_objs[538]),/* "secp224k1" */ &(nid_objs[539]),/* "secp224r1" */ &(nid_objs[540]),/* "secp256k1" */ -&(nid_objs[541]),/* "secp256r1" */ &(nid_objs[542]),/* "secp384r1" */ &(nid_objs[543]),/* "secp521r1" */ &(nid_objs[154]),/* "secretBag" */ @@ -2593,9 +2587,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[541]),/* OBJ_secp256r1 OBJ_X9_62_prime256v1 */ &(nid_objs[404]),/* OBJ_ccitt 0 */ -&(nid_objs[537]),/* OBJ_secp192r1 OBJ_X9_62_prime192v1 */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 9bfb8b2c41..749bb0fc68 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -328,10 +328,6 @@ #define NID_secp192k1 536 #define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L -#define SN_secp192r1 "secp192r1" -#define NID_secp192r1 537 -#define OBJ_secp192r1 OBJ_X9_62_prime192v1 - #define SN_secp224k1 "secp224k1" #define NID_secp224k1 538 #define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L @@ -344,10 +340,6 @@ #define NID_secp256k1 540 #define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L -#define SN_secp256r1 "secp256r1" -#define NID_secp256r1 541 -#define OBJ_secp256r1 OBJ_X9_62_prime256v1 - #define SN_secp384r1 "secp384r1" #define NID_secp384r1 542 #define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a83007034f..ee892f9f64 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -83,11 +83,9 @@ secg-ellipticCurve 9 : secp160k1 secg-ellipticCurve 8 : secp160r1 secg-ellipticCurve 30 : secp160r2 secg-ellipticCurve 31 : secp192k1 -X9_62_prime192v1 : secp192r1 secg-ellipticCurve 32 : secp224k1 secg-ellipticCurve 33 : secp224r1 secg-ellipticCurve 10 : secp256k1 -X9_62_prime256v1 : secp256r1 secg-ellipticCurve 34 : secp384r1 secg-ellipticCurve 35 : secp521r1 # SECG characteristic two curves OIDs From 4f4b192402ce084c3cab202720bf59c9cde9904c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 9 Apr 2002 11:54:24 +0000 Subject: [PATCH 140/173] add usage examples --- CHANGES | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a6c588a780..ca05c92379 100644 --- a/CHANGES +++ b/CHANGES @@ -732,13 +732,30 @@ +) Rationalise EVP so it can be extended: don't include a union of cipher/digest structures, add init/cleanup functions. This also reduces the number of header dependencies. + Usage example: + + EVP_MD_CTX md; + + EVP_MD_CTX_init(&md); /* new function call */ + EVP_DigestInit(&md, EVP_sha1()); + EVP_DigestUpdate(&md, in, len); + EVP_DigestFinal(&md, out, NULL); + EVP_MD_CTX_cleanup(&md); /* new function call */ + [Ben Laurie] +) Make DES key schedule conform to the usual scheme, as well as correcting its structure. This means that calls to DES functions now have to pass a pointer to a des_key_schedule instead of a plain des_key_schedule (which was actually always a pointer - anyway). + anyway): E.g., + + des_key_schedule ks; + + des_set_key_checked(..., &ks); + des_ncbc_encrypt(..., &ks, ...); + + (Note that a later change renames 'des_...' into 'DES_...'.) [Ben Laurie] *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). From d0561b5c2da1404f542743054c2fa45affce7042 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 9 Apr 2002 12:01:21 +0000 Subject: [PATCH 141/173] fix ECDSA handling Submitted by: Nils Larsch --- crypto/asn1/d2i_pu.c | 2 +- crypto/asn1/i2d_pu.c | 2 +- crypto/asn1/t_pkey.c | 27 ++++++--- crypto/asn1/x_pubkey.c | 2 - crypto/ecdsa/ecdsa.h | 21 ++++++- crypto/ecdsa/ecdsatest.c | 17 ------ crypto/ecdsa/ecs_asn1.c | 123 +++++++++++++-------------------------- crypto/ecdsa/ecs_lib.c | 24 +++++++- crypto/ecdsa/ecs_locl.h | 1 - crypto/evp/evp_pkey.c | 4 +- 10 files changed, 104 insertions(+), 119 deletions(-) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 81b5d0f820..f66d72fd7b 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -113,7 +113,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_ECDSA case EVP_PKEY_ECDSA: - if ((ret->pkey.ecdsa = d2i_ECDSAPublicKey(&(ret->pkey.ecdsa), + if ((ret->pkey.ecdsa = ECDSAPublicKey_set_octet_string(&(ret->pkey.ecdsa), (const unsigned char **)pp, length)) == NULL) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c index 2607734ebc..2fcc5554a7 100644 --- a/crypto/asn1/i2d_pu.c +++ b/crypto/asn1/i2d_pu.c @@ -85,7 +85,7 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_ECDSA case EVP_PKEY_ECDSA: - return(i2d_ECDSAPublicKey(a->pkey.ecdsa, pp)); + return(ECDSAPublicKey_get_octet_string(a->pkey.ecdsa, pp)); #endif default: ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index f169e26252..1b29fdc4a8 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -237,7 +237,8 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off) unsigned char *buffer=NULL; int i, buf_len=0, ret=0, reason=ERR_R_BIO_LIB; BIGNUM *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL, - *tmp_4=NULL, *tmp_5=NULL; + *tmp_4=NULL, *tmp_5=NULL, *tmp_6=NULL, + *tmp_7=NULL; BN_CTX *ctx=NULL; EC_POINT *point=NULL; @@ -249,7 +250,8 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off) goto err; } if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL || - (tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL) + (tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL || + (tmp_6 = BN_new()) == NULL || (tmp_7 = BN_new()) == NULL) { reason = ERR_R_MALLOC_FAILURE; goto err; @@ -264,7 +266,12 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off) reason = ERR_R_EC_LIB; goto err; } - if ((buf_len = EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx)) == 0) + if (!EC_GROUP_get_order(x->group, tmp_6, NULL) || !EC_GROUP_get_cofactor(x->group, tmp_7, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + if ((buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0) { reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH; goto err; @@ -274,14 +281,14 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off) reason = ERR_R_MALLOC_FAILURE; goto err; } - if (!EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, + if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), buffer, buf_len, ctx)) goto err; if ((tmp_4 = BN_bin2bn(buffer, buf_len, NULL)) == NULL) { reason = ERR_R_BN_LIB; goto err; } - if ((i = EC_POINT_point2oct(x->group, x->pub_key, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx)) == 0) + if ((i = EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0) { reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH; goto err; @@ -292,7 +299,7 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off) buf_len = i; goto err; } - if (!EC_POINT_point2oct(x->group, x->pub_key, POINT_CONVERSION_COMPRESSED, + if (!EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), buffer, buf_len, ctx)) { reason = ERR_R_EC_LIB; @@ -330,6 +337,8 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off) if ((tmp_2 != NULL) && !print(bp, "A: ", tmp_2, buffer, off)) goto err; if ((tmp_3 != NULL) && !print(bp, "B: ", tmp_3, buffer, off)) goto err; if ((tmp_4 != NULL) && !print(bp, "Gen: ", tmp_4, buffer, off)) goto err; + if ((tmp_6 != NULL) && !print(bp, "Order: ", tmp_6, buffer, off)) goto err; + if ((tmp_7 != NULL) && !print(bp, "Cofactor: ", tmp_7, buffer, off)) goto err; ret=1; err: if (!ret) @@ -339,6 +348,8 @@ err: if (tmp_3) BN_free(tmp_3); if (tmp_4) BN_free(tmp_4); if (tmp_5) BN_free(tmp_5); + if (tmp_6) BN_free(tmp_6); + if (tmp_7) BN_free(tmp_7); if (ctx) BN_CTX_free(ctx); if (buffer != NULL) OPENSSL_free(buffer); return(ret); @@ -541,13 +552,13 @@ int ECDSAParameters_print(BIO *bp, const ECDSA *x) if ((point = EC_GROUP_get0_generator(x->group)) == NULL) goto err; if (!EC_GROUP_get_order(x->group, tmp_5, ctx)) goto err; if (!EC_GROUP_get_cofactor(x->group, tmp_6, ctx)) goto err; - buf_len = EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx); + buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx); if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) { reason = ERR_R_MALLOC_FAILURE; goto err; } - if (!EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, buffer, buf_len, ctx)) + if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), buffer, buf_len, ctx)) { reason = ERR_R_EC_LIB; goto err; diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index f6f2a0daca..9fea31a8a5 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -136,7 +136,6 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) ECDSA *ecdsa; ecdsa = pkey->pkey.ecdsa; - ecdsa->write_params=0; ASN1_TYPE_free(a->parameter); if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0) { @@ -272,7 +271,6 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); goto err; } - ret->pkey.ecdsa->write_params = 0; cp = p = a->parameter->value.sequence->data; j = a->parameter->value.sequence->length; if (!d2i_ECDSAParameters(&ret->pkey.ecdsa, &cp, (long)j)) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 5250e15fee..9b2a17f02d 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -99,7 +99,7 @@ typedef struct ecdsa_method struct ecdsa_st { int version; - int write_params; + point_conversion_form_t conversion_form; EC_GROUP *group; @@ -164,6 +164,15 @@ int ECDSA_print_fp(FILE *fp, const ECDSA *x, int off); void ECDSA_set_parameter_flags(ECDSA *, int); int ECDSA_get_parameter_flags(const ECDSA*); +/* The ECDSA_{set|get}_conversion_type() functions set/get the + * conversion form for ec-points (see ec.h) in a ECDSA-structure */ +void ECDSA_set_conversion_form(ECDSA *, const point_conversion_form_t); +point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *); +/* The ECDSA_{set|get}_default_conversion_form() functions set/get the + * default conversion form */ +void ECDSA_set_default_conversion_form(const point_conversion_form_t); +point_conversion_form_t ECDSA_get_default_conversion_form(void); + /* the basic de- and encode functions ( see ecs_asn1.c ) */ ECDSA *d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len); int i2d_ECDSAParameters(ECDSA *a, unsigned char **out); @@ -171,8 +180,14 @@ int i2d_ECDSAParameters(ECDSA *a, unsigned char **out); ECDSA *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len); int i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out); -ECDSA *d2i_ECDSAPublicKey(ECDSA **a, const unsigned char **in, long len); -int i2d_ECDSAPublicKey(ECDSA *a, unsigned char **out); +/* ECDSAPublicKey_set_octet_string() sets the public key in the ECDSA-structure. + * (*a) must be a pointer to a ECDSA-structure with (*a)->group not zero + * (e.g. a ECDSA-structure with a valid EC_GROUP-structure) */ +ECDSA *ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len); +/* ECDSAPublicKey_get_octet_string() returns the length of the octet string encoding + * of the public key. If out != NULL then the function returns in *out + * a pointer to the octet string */ +int ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out); #define ECDSAParameters_dup(x) (ECDSA *)ASN1_dup((int (*)())i2d_ECDSAParameters, \ diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 18b0ce18b3..cffc194928 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -390,23 +390,6 @@ int main(void) OPENSSL_free(buffer); buffer = NULL; - /* i2d_ - d2i_ECDSAPublicKey() */ - - BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPublicKey \n"); - buf_len = i2d_ECDSAPublicKey(ecdsa, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; - pp = buffer; - if (!i2d_ECDSAPublicKey(ecdsa, &pp)) goto err; - pp = buffer; - if ((ret_ecdsa = d2i_ECDSAPublicKey(&ret_ecdsa , (const unsigned char**)&pp, - buf_len)) == NULL) goto err; - ECDSA_print(bio_err, ret_ecdsa, 0); - if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - OPENSSL_free(buffer); - buffer = NULL; - ECDSA_free(ret_ecdsa); - ret_ecdsa = NULL; - /* X509_PUBKEY_set() & X509_PUBKEY_get() */ BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set} : "); diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 8c47a14da6..30e8bfb340 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -59,8 +59,6 @@ #include #include -static point_conversion_form_t POINT_CONVERSION_FORM = POINT_CONVERSION_COMPRESSED; - ASN1_SEQUENCE(ECDSA_SIG) = { ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) @@ -122,19 +120,6 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPrivateKey) IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(ECDSAPrivateKey, ECDSAPrivateKey, ECDSAPrivateKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPrivateKey, ecdsaPrivateKey) -ASN1_SEQUENCE(ecdsa_pub_internal) = { - ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING), - ASN1_SIMPLE(ECDSAPrivateKey, parameters, EC_PARAMETERS), -} ASN1_SEQUENCE_END_name(ECDSAPrivateKey, ecdsa_pub_internal) - -ASN1_CHOICE(ECDSAPublicKey) = { - ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING), - ASN1_EX_COMBINE(0, 0, ecdsa_pub_internal) -} ASN1_CHOICE_END_selector(ECDSAPrivateKey, ECDSAPublicKey, write_params) - -DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPublicKey) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPublicKey, ecdsaPublicKey) - X9_62_FIELDID *ECDSA_get_X9_62_FIELDID(const ECDSA *ecdsa, X9_62_FIELDID *field) { @@ -583,7 +568,6 @@ ECDSA *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len) if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, NULL)) == NULL) OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE) ret->version = priv_key->version; - ret->write_params = priv_key->write_params; if (priv_key->priv_key) { if ((ret->priv_key = BN_dup(priv_key->priv_key)) == NULL) @@ -641,85 +625,58 @@ err: if (!ok) } -ECDSA *d2i_ECDSAPublicKey(ECDSA **a, const unsigned char **in, long len) +ECDSA *ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len) { - int reason=ERR_R_BN_LIB, ok=0, ecdsa_new=1; ECDSA *ret=NULL; - ECDSAPrivateKey *priv_key=NULL; - if (a && *a) + if (a == NULL || (*a) == NULL || (*a)->group == NULL) { - ecdsa_new = 0; - ret = *a; + /* sorry, but a EC_GROUP-structur is necessary + * to set the public key */ + ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ECDSA_R_MISSING_PARAMETERS); + return 0; } - else if ((ret = ECDSA_new()) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE); - if ((priv_key = ECDSAPrivateKey_new()) == NULL) - OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE) - if ((priv_key = d2i_ecdsaPublicKey(&priv_key, in, len)) == NULL) - OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE) - if (priv_key->write_params == 0) + ret = *a; + if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { - if (ecdsa_new || !ret->group) - OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS) - if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) - if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data, - priv_key->pub_key->length, NULL)) - OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB) + ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + return 0; } - else if (priv_key->write_params == 1) + if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { - if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, ret)) == NULL) - OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE) - if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB) - if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data, - priv_key->pub_key->length, NULL)) - OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB) + ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); + return 0; } - else OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER) - ret->write_params = 1; - ok = 1; -err : if (!ok) - { - if (ret && ecdsa_new) ECDSA_free(ret); - ret = NULL; - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, reason); - } - if (priv_key) ECDSAPrivateKey_free(priv_key); - return(ret); + ECDSA_set_conversion_form(ret, (point_conversion_form_t)*in[0]); + return ret; } -int i2d_ECDSAPublicKey(ECDSA *a, unsigned char **out) +int ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out) { - int ret=0, reason=ERR_R_EC_LIB, ok=0; - unsigned char *buffer=NULL; - size_t buf_len=0; - ECDSAPrivateKey *priv_key=NULL; + size_t buf_len=0; if (a == NULL) - OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS) - if ((priv_key = ECDSAPrivateKey_new()) == NULL) - OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE) - if ((priv_key->parameters = ECDSA_get_EC_PARAMETERS(a, priv_key->parameters)) == NULL) - OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE) - priv_key->version = a->version; - priv_key->write_params = a->write_params; - buf_len = EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_FORM, NULL, 0, NULL); - if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) - if (!EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_FORM, - buffer, buf_len, NULL)) goto err; - if (!M_ASN1_OCTET_STRING_set(priv_key->pub_key, buffer, buf_len)) - OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB) - if ((ret = i2d_ecdsaPublicKey(priv_key, out)) == 0) - OPENSSL_ECDSA_ABORT(ECDSA_R_I2D_ECDSA_PUBLICKEY) - ok = 1; - -err: if (!ok) - ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, reason); - if (buffer) OPENSSL_free(buffer); - if (priv_key) ECDSAPrivateKey_free(priv_key); - return(ok?ret:0); + { + ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ECDSA_R_MISSING_PARAMETERS); + return 0; + } + buf_len = EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a), NULL, 0, NULL); + if (out == NULL || buf_len == 0) + /* out == NULL => just return the length of the octet string */ + return buf_len; + if (*out == NULL) + if ((*out = OPENSSL_malloc(buf_len)) == NULL) + { + ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a), + *out, buf_len, NULL)) + { + ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_EC_LIB); + OPENSSL_free(*out); + *out = NULL; + return 0; + } + return buf_len; } diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index b161b6c2d2..7063d8a18f 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -177,7 +177,7 @@ ECDSA *ECDSA_new_method(ENGINE *engine) } ret->version = 1; - ret->write_params=1; + ret->conversion_form = ECDSA_get_default_conversion_form(); ret->group = NULL; ret->pub_key = NULL; @@ -310,3 +310,25 @@ int ECDSA_get_parameter_flags(const ECDSA *ecdsa) { return ecdsa->parameter_flags; } + +void ECDSA_set_conversion_form(ECDSA *ecdsa, const point_conversion_form_t form) +{ + if (ecdsa) ecdsa->conversion_form = form; +} + +point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *ecdsa) +{ + return ecdsa ? ecdsa->conversion_form : 0; +} + +static point_conversion_form_t default_conversion_form = POINT_CONVERSION_COMPRESSED; + +void ECDSA_set_default_conversion_form(const point_conversion_form_t form) +{ + default_conversion_form = form; +} + +point_conversion_form_t ECDSA_get_default_conversion_form(void) +{ + return default_conversion_form; +} diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h index 61b63668ca..3c353049e4 100644 --- a/crypto/ecdsa/ecs_locl.h +++ b/crypto/ecdsa/ecs_locl.h @@ -96,7 +96,6 @@ typedef struct ec_parameters { typedef struct ecdsa_priv_key_st { int version; - int write_params; EC_PARAMETERS *parameters; ASN1_OBJECT *named_curve; ASN1_OCTET_STRING *pub_key; diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 3577837fa9..1772647b16 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -585,11 +585,11 @@ static int ecdsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_EC_LIB); return 0; } - len = EC_POINT_point2oct(pkey->pkey.ecdsa->group, point, POINT_CONVERSION_COMPRESSED, + len = EC_POINT_point2oct(pkey->pkey.ecdsa->group, point, ECDSA_get_conversion_form(pkey->pkey.ecdsa), NULL, 0, NULL); p = OPENSSL_malloc(len); if (!len || !p || !EC_POINT_point2oct(pkey->pkey.ecdsa->group, point, - POINT_CONVERSION_COMPRESSED, p, len, NULL)) + ECDSA_get_conversion_form(pkey->pkey.ecdsa), p, len, NULL)) { EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_EC_LIB); OPENSSL_free(p); From 6d498d478e8606c1c71ab9a88a72403f3a32dd44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 9 Apr 2002 12:42:47 +0000 Subject: [PATCH 142/173] harmonize capitalization --- apps/smime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/smime.c b/apps/smime.c index 28a1106639..42451728db 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -505,9 +505,9 @@ int MAIN(int argc, char **argv) } else if(operation == SMIME_VERIFY) { STACK_OF(X509) *signers; if(PKCS7_verify(p7, other, store, indata, out, flags)) { - BIO_printf(bio_err, "Verification Successful\n"); + BIO_printf(bio_err, "Verification successful\n"); } else { - BIO_printf(bio_err, "Verification Failure\n"); + BIO_printf(bio_err, "Verification failure\n"); goto end; } signers = PKCS7_get0_signers(p7, other, flags); From b4a262832a518ce7d94bad2d7e422d03800d3ee4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 10 Apr 2002 12:35:45 +0000 Subject: [PATCH 143/173] Keep my own specially optimized HP-UX shared library building up to date. --- shlib/Makefile.hpux10-cc | 27 +++++---------------------- shlib/hpux10-cc.sh | 14 +++++++------- 2 files changed, 12 insertions(+), 29 deletions(-) diff --git a/shlib/Makefile.hpux10-cc b/shlib/Makefile.hpux10-cc index 4dc62ebd9e..89c28dcf46 100644 --- a/shlib/Makefile.hpux10-cc +++ b/shlib/Makefile.hpux10-cc @@ -1,12 +1,12 @@ # Makefile.hpux-cc -major=1 +major=0.9.8 slib=libssl -sh_slib=$(slib).so.$(major) +sh_slib=$(slib).sl.$(major) clib=libcrypto -sh_clib=$(clib).so.$(major) +sh_clib=$(clib).sl.$(major) all : $(clib).sl $(slib).sl @@ -20,31 +20,14 @@ $(slib)_pic.a : $(slib).a cp -p $? $@ $(sh_clib) : $(clib)_pic.a - echo "collecting all object files for $@" - find . -name \*.o -print > allobjs - for obj in `ar t $(clib)_pic.a`; \ - do \ - grep /$$obj allobjs; \ - done >objlist - echo "linking $@" - ld -b -s -z +h $@ -o $@ `cat objlist` -lc - rm allobjs objlist + ld -b -s -z +h $@ -o $@ -Fl $(clib)_pic.a -ldld -lc $(clib).sl : $(sh_clib) rm -f $@ ln -s $? $@ $(sh_slib) : $(slib)_pic.a $(clib).sl - echo "collecting all object files for $@" - find . -name \*.o -print > allobjs - for obj in `ar t $(slib)_pic.a`; \ - do \ - grep /$$obj allobjs; \ - done >objlist - echo "linking $@" - ld -b -s -z +h $@ +b /usr/local/ssl/lib:/usr/lib -o $@ `cat objlist` \ - -L. -lcrypto -lc - rm -f allobjs objlist + ld -b -s -z +h $@ -o $@ -Fl $(slib)_pic.a -ldld -lc $(slib).sl : $(sh_slib) rm -f $@ diff --git a/shlib/hpux10-cc.sh b/shlib/hpux10-cc.sh index b68fcf7d2b..ceeb8c5236 100644 --- a/shlib/hpux10-cc.sh +++ b/shlib/hpux10-cc.sh @@ -42,7 +42,7 @@ SITEFLAGS="+DAportable +w1" MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS" # Configure for pic and build the static pic libraries -perl5 Configure hpux-parisc-cc-o4 +z ${MYFLAGS} +perl5 Configure no-shared hpux-parisc-cc-o4 +Z ${MYFLAGS} make clean make DIRS="crypto ssl" # Rename the static pic libs and build dynamic libraries from them @@ -60,21 +60,21 @@ mkdir /usr/local mkdir /usr/local/ssl mkdir /usr/local/ssl/lib chmod 444 lib*_pic.a -chmod 555 lib*.so.1 -cp -p lib*_pic.a lib*.so.1 /usr/local/ssl/lib -(cd /usr/local/ssl/lib ; ln -sf libcrypto.so.1 libcrypto.sl ; ln -sf libssl.so.1 libssl.sl) +chmod 555 lib*.sl.0.9.8 +cp -p lib*_pic.a lib*.sl.0.9.8 /usr/local/ssl/lib +(cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.8 libcrypto.sl ; ln -sf libssl.sl.0.9.8 libssl.sl) # Reconfigure without pic to compile the executables. Unfortunately, while # performing this task we have to recompile the library components, even # though we use the already installed shared libs anyway. # -perl5 Configure hpux-parisc-cc-o4 ${MYFLAGS} +perl5 Configure no-shared hpux-parisc-cc-o4 ${MYFLAGS} make clean # Hack the Makefiles to pick up the dynamic libraries during linking # -sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib -Wl,+b,\/usr\/local\/ssl\/lib:\/usr\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl +sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl # Build the static libs and the executables in one make. @@ -85,7 +85,7 @@ make install # Finally build the static libs with +O3. This time we only need the libraries, # once created, they are simply copied into place. # -perl5 Configure hpux-parisc-cc ${MYFLAGS} +perl5 Configure no-shared hpux-parisc-cc ${MYFLAGS} make clean make DIRS="crypto ssl" chmod 644 libcrypto.a libssl.a From 381a146dc6e4c35e06546926fe7c48328aeb103d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 10 Apr 2002 19:52:40 +0000 Subject: [PATCH 144/173] Synchronize with 0.9.7-stable branch --- CHANGES | 1380 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 717 insertions(+), 663 deletions(-) diff --git a/CHANGES b/CHANGES index ca05c92379..a37552173a 100644 --- a/CHANGES +++ b/CHANGES @@ -38,52 +38,22 @@ EC_GROUP_get_nid() [Nils Larsch ). - [Lutz Jaenicke] - +) Make object definitions compliant to LDAP (RFC2256): SN is the short form for "surname", serialNumber has no short form (Michael Bell ). [Lutu Jaenicke] - *) Fix DH_generate_parameters() so that it works for 'non-standard' - generators, i.e. generators other than 2 and 5. (Previously, the - code did not properly initialise the 'add' and 'rem' values to - BN_generate_prime().) - - In the new general case, we do not insist that 'generator' is - actually a primitive root: This requirement is rather pointless; - a generator of the order-q subgroup is just as good, if not - better. - [Bodo Moeller] - - *) Map new X509 verification errors to alerts. Discovered and submitted by - Tom Wu . - [Lutz Jaenicke] - - *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from - returning non-zero before the data has been completely received - when using non-blocking I/O. - [Bodo Moeller; problem pointed out by John Hughes] - - *) Some of the ciphers missed the strength entry (SSL_LOW etc). - [Ben Laurie, Lutz Jaenicke] - +) Add an "init" command to the ENGINE config module and auto initialize ENGINEs. Without any "init" command the ENGINE will be initialized after all ctrl commands have been executed on it. If init=1 the @@ -111,10 +81,6 @@ +) Added the '4758cca' ENGINE to support IBM 4758 cards. [Maurice Gittens , touchups by Geoff Thorpe] - *) Fix bug in SSL_clear(): bad sessions were not removed (found by - Yoram Zahavi ). - [Lutz Jaenicke] - +) Add and OPENSSL_LOAD_CONF define which will cause OpenSSL_add_all_algorithms() to load the openssl.cnf config file. This allows older applications to transparently support certain @@ -149,21 +115,6 @@ and move code to CONF_modules_load_file(). [Steve Henson] - *) Add information about CygWin 1.3 and on, and preserve proper - configuration for the versions before that. - [Corinna Vinschen and Richard Levitte] - - *) Make removal from session cache (SSL_CTX_remove_session()) more robust: - check whether we deal with a copy of a session and do not delete from - the cache in this case. Problem reported by "Izhar Shoshani Levi" - . - [Lutz Jaenicke] - - *) Do not store session data into the internal session cache, if it - is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP - flag is set). Proposed by Aslam . - [Lutz Jaenicke] - +) Support for crypto accelerator cards from Accelerated Encryption Processing, www.aep.ie. (Use engine 'aep') The support was copied from 0.9.6c [engine] and adapted/corrected @@ -176,10 +127,6 @@ to work with the new engine framework. [Richard Levitte] - *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested - value is 0. - [Richard Levitte] - +) Have the CHIL engine fork-safe (as defined by nCipher) and actually make the newer ENGINE framework commands for the CHIL engine work. [Toomas Kiisk and Richard Levitte] @@ -187,9 +134,6 @@ +) Make it possible to produce shared libraries on ReliantUNIX. [Robert Dahlem via Richard Levitte] - *) Add the configuration target linux-s390x. - [Neale Ferguson via Richard Levitte] - +) Add the configuration target debug-linux-ppro. Make 'openssl rsa' use the general key loading routines implemented in apps.c, and make those routines able to @@ -197,7 +141,7 @@ FORMAT_IISSGC. [Toomas Kiisk via Richard Levitte] - *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). [Toomas Kiisk via Richard Levitte] +) Add -keyform to rsautl, and document -engine. @@ -229,84 +173,27 @@ +) Prelminary ENGINE config module. [Steve Henson] - *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of - ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag - variable as an indication that a ClientHello message has been - received. As the flag value will be lost between multiple - invocations of ssl3_accept when using non-blocking I/O, the - function may not be aware that a handshake has actually taken - place, thus preventing a new session from being added to the - session cache. - - To avoid this problem, we now set s->new_session to 2 instead of - using a local variable. - [Lutz Jaenicke, Bodo Moeller] - - *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) - if the SSL_R_LENGTH_MISMATCH error is detected. - [Geoff Thorpe, Bodo Moeller] - +) New experimental application configuration code. [Steve Henson] - *) New 'shared_ldflag' column in Configure platform table. - [Richard Levitte] - - *) Fix EVP_CIPHER_mode macro. - ["Dan S. Camper" ] - +) Change the AES code to follow the same name structure as all other symmetric ciphers, and behave the same way. Move everything to the directory crypto/aes, thereby obsoleting crypto/rijndael. [Stephen Sprunk and Richard Levitte] - *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown - type, we must throw them away by setting rr->length to 0. - [D P Chang ] - -) OpenSSL 0.9.6c released [21 dec 2001] +) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. [Ben Laurie and Theo de Raadt] - *) Fix BN_rand_range bug pointed out by Dominikus Scherkl - . (The previous implementation - worked incorrectly for those cases where range = 10..._2 and - 3*range is two bits longer than range.) - [Bodo Moeller] - - *) Only add signing time to PKCS7 structures if it is not already - present. - [Steve Henson] - - *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", - OBJ_ld_ce should be OBJ_id_ce. - Also some ip-pda OIDs in crypto/objects/objects.txt were - incorrect (cf. RFC 3039). - [Matt Cooper, Frederic Giudicelli, Bodo Moeller] - +) Add option to output public keys in req command. [Massimiliano Pala madwolf@openca.org] - *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() - returns early because it has nothing to do. - [Andy Schneider ] - - *) [In 0.9.6c-engine and 0.9.7 release:] - Fix mutex callback return values in crypto/engine/hw_ncipher.c. - [Andy Schneider ] - -) [In 0.9.6c-engine release:] Add support for Cryptographic Appliance's keyserver technology. (Use engine 'keyclient') [Cryptographic Appliances and Geoff Thorpe] - *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' - is called via tools/c89.sh because arguments have to be - rearranged (all '-L' options must appear before the first object - modules). - [Richard Shapiro ] - +) Use wNAFs in EC_POINTs_mul() for improved efficiency (up to about 10% better than before for P-192 and P-224). [Bodo Moeller] @@ -326,9 +213,6 @@ Encryption Processing, www.aep.ie. (Use engine 'aep') [AEP Inc. and Mark Cox] - *) Add a configuration entry for gcc on UnixWare. - [Gary Benson ] - +) New functions/macros SSL_CTX_set_msg_callback(ctx, cb) @@ -356,11 +240,6 @@ to enable a callback that displays all protocol messages. [Bodo Moeller] - *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake - messages are stored in a single piece (fixed-length part and - variable-length part combined) and fix various bugs found on the way. - [Bodo Moeller] - +) Change the shared library support so shared libraries are built as soon as the corresponding static library is finished, and thereby get openssl and the test programs linked against the shared library. @@ -379,12 +258,6 @@ when reusing an existing buffer. [Bodo Moeller] - *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() - instead. BIO_gethostbyname() does not know what timeouts are - appropriate, so entries would stay in cache even when they have - become invalid. - [Bodo Moeller; problem pointed out by Rich Salz - +) New command line and configuration option 'utf8' for the req command. This allows field values to be specified as UTF8 strings. [Steve Henson] @@ -399,15 +272,6 @@ has the same effect. [Massimiliano Pala madwolf@openca.org] - *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when - faced with a pathologically small ClientHello fragment that does - not contain client_version: Instead of aborting with an error, - simply choose the highest available protocol version (i.e., - TLS 1.0 unless it is disabled). In practice, ClientHello - messages are never sent like this, but this change gives us - strictly correct behaviour at least for TLS. - [Bodo Moeller] - +) Change all functions with names starting with des_ to be starting with DES_ instead. Add wrappers that are compatible with libdes, but are named _ossl_old_des_*. Finally, add macros that map the @@ -437,11 +301,6 @@ default), and then completely removed. [Richard Levitte] - *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() - never resets s->method to s->ctx->method when called from within - one of the SSL handshake functions. - [Bodo Moeller; problem pointed out by Niko Baric] - +) Test for certificates which contain unsupported critical extensions. If such a certificate is found during a verify operation it is rejected by default: this behaviour can be overridden by either @@ -451,14 +310,6 @@ particular extension is supported. [Steve Henson] - *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert - (sent using the client's version number) if client_version is - smaller than the protocol version in use. Also change - ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if - the client demanded SSL 3.0 but only TLS 1.0 is enabled; then - the client will at least see that alert. - [Bodo Moeller] - +) Modify the behaviour of EVP cipher functions in similar way to digests to retain compatibility with existing code. [Steve Henson] @@ -481,10 +332,6 @@ instead of overwriting 'msg_type' and 'length' with 'body' data. [Bodo Moeller] - *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation - correctly. - [Bodo Moeller] - +) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. [Massimo Santin via Richard Levitte] @@ -518,10 +365,6 @@ become part of libeay.num as well. [Richard Levitte] - *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a - client receives HelloRequest while in a handshake. - [Bodo Moeller; bug noticed by Andy Schneider ] - +) New function SSL_renegotiate_pending(). This returns true once renegotiation has been requested (either SSL_renegotiate() call or HelloRequest/ClientHello receveived from the peer) and becomes @@ -538,29 +381,6 @@ session resumption is possible only in the first handshake. [Bodo Moeller] - *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C - should end in 'break', not 'goto end' which circuments various - cleanups done in state SSL_ST_OK. But session related stuff - must be disabled for SSL_ST_OK in the case that we just sent a - HelloRequest. - - Also avoid some overhead by not calling ssl_init_wbio_buffer() - before just sending a HelloRequest. - [Bodo Moeller, Eric Rescorla ] - - *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't - reveal whether illegal block cipher padding was found or a MAC - verification error occured. (Neither SSLerr() codes nor alerts - are directly visible to potential attackers, but the information - may leak via logfiles.) - - Similar changes are not required for the SSL 2.0 implementation - because the number of padding bytes is sent in clear for SSL 2.0, - and the extra bytes are just ignored. However ssl/s2_pkt.c - failed to verify that the purported number of padding bytes is in - the legal range. - [Bodo Moeller] - +) Add some demos for certificate and certificate request creation. [Steve Henson] @@ -573,17 +393,6 @@ (Boyd Lynn Gerber ). [Lutz Jaenicke] - *) Add OpenUNIX-8 support including shared libraries - (Boyd Lynn Gerber ). - [Lutz Jaenicke] - - *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid - 'wristwatch attack' using huge encoding parameters (cf. - James H. Manger's CRYPTO 2001 paper). Note that the - RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use - encoding parameters and hence was not vulnerable. - [Bodo Moeller] - +) Add a "destroy" handler to ENGINEs that allows structural cleanup to be done prior to destruction. Use this to unload error strings from ENGINEs that load their own error strings. NB: This adds two new API @@ -608,22 +417,10 @@ (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). [Geoff Thorpe] - *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis ] - +) Make it possible to unload ranges of ERR strings with a new "ERR_unload_strings" function. [Geoff Thorpe] - *) Rabin-Miller test analyses assume uniformly distributed witnesses, - so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() - followed by modular reduction. - [Bodo Moeller; pointed out by Adam Young ] - - *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() - equivalent based on BN_pseudo_rand() instead of BN_rand(). - [Bodo Moeller] - +) Add a copy() function to EVP_MD. [Ben Laurie] @@ -680,15 +477,6 @@ Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". [Geoff Thorpe] - *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). - This function was broken, as the check for a new client hello message - to handle SGC did not allow these large messages. - (Tracked down by "Douglas E. Engert" .) - [Lutz Jaenicke] - - *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). - [Lutz Jaenicke] - +) Add EVP test program. [Ben Laurie] @@ -702,25 +490,6 @@ directly. Modify 'ca' application to use new functions. [Steve Henson] - *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() - for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" ). - [Lutz Jaenicke] - - *) Rework the configuration and shared library support for Tru64 Unix. - The configuration part makes use of modern compiler features and - still retains old compiler behavior for those that run older versions - of the OS. The shared library support part includes a variant that - uses the RPATH feature, and is available through the special - configuration target "alpha-cc-rpath", which will never be selected - automatically. - [Tim Mooney via Richard Levitte] - - *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() - with the same message size as in ssl3_get_certificate_request(). - Otherwise, if no ServerKeyExchange message occurs, CertificateRequest - messages might inadvertently be reject as too long. - [Petr Lampa ] - +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended bug workarounds. Rollback attack detection is a security feature. The problem will only arise on OpenSSL servers when TLSv1 is not @@ -758,17 +527,6 @@ (Note that a later change renames 'des_...' into 'DES_...'.) [Ben Laurie] - *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). - [Andy Polyakov] - - *) Modified SSL library such that the verify_callback that has been set - specificly for an SSL object with SSL_set_verify() is actually being - used. Before the change, a verify_callback set with this function was - ignored and the verify_callback() set in the SSL_CTX at the time of - the call was used. New function X509_STORE_CTX_set_verify_cb() introduced - to allow the necessary settings. - [Lutz Jaenicke] - +) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function @@ -777,55 +535,6 @@ functions prevents this. [Steve Henson] - *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c - explicitly to NULL, as at least on Solaris 8 this seems not always to be - done automatically (in contradiction to the requirements of the C - standard). This made problems when used from OpenSSH. - [Lutz Jaenicke] - - *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored - dh->length and always used - - BN_rand_range(priv_key, dh->p). - - BN_rand_range() is not necessary for Diffie-Hellman, and this - specific range makes Diffie-Hellman unnecessarily inefficient if - dh->length (recommended exponent length) is much smaller than the - length of dh->p. We could use BN_rand_range() if the order of - the subgroup was stored in the DH structure, but we only have - dh->length. - - So switch back to - - BN_rand(priv_key, l, ...) - - where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 - otherwise. - [Bodo Moeller] - - *) In - - RSA_eay_public_encrypt - RSA_eay_private_decrypt - RSA_eay_private_encrypt (signing) - RSA_eay_public_decrypt (signature verification) - - (default implementations for RSA_public_encrypt, - RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), - always reject numbers >= n. - [Bodo Moeller] - - *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 - to synchronize access to 'locking_thread'. This is necessary on - systems where access to 'locking_thread' (an 'unsigned long' - variable) is not atomic. - [Bodo Moeller] - - *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID - *before* setting the 'crypto_lock_rand' flag. The previous code had - a race condition if 0 is a valid thread ID. - [Travis Vitek ] - +) Cleanup of EVP macros. [Ben Laurie] @@ -862,43 +571,8 @@ parameters (and 'speed' generating keys each time). [Geoff Thorpe] - *) Add support for shared libraries under Irix. - [Albert Chin-A-Young ] - - *) Add configuration option to build on Linux on both big-endian and - little-endian MIPS. - [Ralf Baechle ] - - *) Add the possibility to create shared libraries on HP-UX. - [Richard Levitte] - -) OpenSSL 0.9.6b released [9 July 2001] - *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) - to avoid a SSLeay/OpenSSL PRNG weakness pointed out by - Markku-Juhani O. Saarinen : - PRNG state recovery was possible based on the output of - one PRNG request appropriately sized to gain knowledge on - 'md' followed by enough consecutive 1-byte PRNG requests - to traverse all of 'state'. - - 1. When updating 'md_local' (the current thread's copy of 'md') - during PRNG output generation, hash all of the previous - 'md_local' value, not just the half used for PRNG output. - - 2. Make the number of bytes from 'state' included into the hash - independent from the number of PRNG bytes requested. - - The first measure alone would be sufficient to avoid - Markku-Juhani's attack. (Actually it had never occurred - to me that the half of 'md_local' used for chaining was the - half from which PRNG output bytes were taken -- I had always - assumed that the secret half would be used.) The second - measure makes sure that additional data from 'state' is never - mixed into 'md_local' in small portions; this heuristically - further strengthens the PRNG. - [Bodo Moeller] - +) Speed up EVP routines. Before: encrypt @@ -917,13 +591,6 @@ decrypt des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] - *) Fix crypto/bn/asm/mips3.s. - [Andy Polyakov] - - *) When only the key is given to "enc", the IV is undefined. Print out - an error message in this case. - [Lutz Jaenicke] - +) Added the OS2-EMX target. ["Brian Havard" and Richard Levitte] @@ -935,13 +602,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. [Steve Henson] - *) Handle special case when X509_NAME is empty in X509 printing routines. - [Steve Henson] - - *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are - positive and less than q. - [Bodo Moeller] - +) Enhance the general user interface with mechanisms for inner control and with possibilities to have yes/no kind of prompts. [Richard Levitte] @@ -966,43 +626,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k and interrupts/cancellations. [Richard Levitte] - *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is - used: it isn't thread safe and the add_lock_callback should handle - that itself. - [Paul Rose ] - - *) Verify that incoming data obeys the block size in - ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). - [Bodo Moeller] - +) Tidy up PKCS#12 attribute handling. Add support for the CSP name attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. [Steve Henson] - *) Fix OAEP check. - [Ulf Möller, Bodo Möller] - - *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 - RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 - when fixing the server behaviour for backwards-compatible 'client - hello' messages. (Note that the attack is impractical against - SSL 3.0 and TLS 1.0 anyway because length and version checking - means that the probability of guessing a valid ciphertext is - around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 - paper.) - - Before 0.9.5, the countermeasure (hide the error by generating a - random 'decryption result') did not work properly because - ERR_clear_error() was missing, meaning that SSL_get_error() would - detect the supposedly ignored error. - - Both problems are now fixed. - [Bodo Moeller] - - *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 - (previously it was 1024). - [Bodo Moeller] - +) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also tidy up some unnecessarily weird code in 'sk_new()'). [Geoff, reported by Diego Tartara ] @@ -1012,13 +639,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k kind of callback. [Richard Levitte] - *) Fix for compatibility mode trust settings: ignore trust settings - unless some valid trust or reject settings are present. - [Steve Henson] - - *) Fix for blowfish EVP: its a variable length cipher. - [Steve Henson] - +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with 256 bit (=32 byte) keys. Of course seeding with more entropy bytes than this minimum value is recommended. @@ -1082,20 +702,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k a window system and the like. [Richard Levitte] - *) Fix various bugs related to DSA S/MIME verification. Handle missing - parameters in DSA public key structures and return an error in the - DSA routines if parameters are absent. - [Steve Henson] - - *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" - in the current directory if neither $RANDFILE nor $HOME was set. - RAND_file_name() in 0.9.6a returned NULL in this case. This has - caused some confusion to Windows users who haven't defined $HOME. - Thus RAND_file_name() is changed again: e_os.h can define a - DEFAULT_HOME, which will be used if $HOME is not set. - For Windows, we use "C:"; on other platforms, we still require - environment variables. - +) Add "ex_data" support to ENGINE so implementations can add state at a per-structure level rather than having to store it globally. [Geoff] @@ -1181,19 +787,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. [Geoff] - *) Move 'if (!initialized) RAND_poll()' into regions protected by - CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids - having multiple threads call RAND_poll() concurrently. - [Bodo Moeller] - - *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a - combination of a flag and a thread ID variable. - Otherwise while one thread is in ssleay_rand_bytes (which sets the - flag), *other* threads can enter ssleay_add_bytes without obeying - the CRYPTO_LOCK_RAND lock (and may even illegally release the lock - that they do not hold after the first thread unsets add_do_not_lock). - [Bodo Moeller] - +) Implement binary inversion algorithm for BN_mod_inverse in addition to the algorithm using long division. The binary algorithm can be used only if the modulus is odd. On 32-bit systems, it is faster @@ -1204,22 +797,8 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k for moduli up to 2048 bits. [Bodo Moeller] - *) Change bctest again: '-x' expressions are not available in all - versions of 'test'. - [Bodo Moeller] - -) OpenSSL 0.9.6a released [5 Apr 2001] - *) Fix a couple of memory leaks in PKCS7_dataDecode() - [Steve Henson, reported by Heyun Zheng ] - - *) Change Configure and Makefiles to provide EXE_EXT, which will contain - the default extension for executables, if any. Also, make the perl - scripts that use symlink() to test if it really exists and use "cp" - if it doesn't. All this made OpenSSL compilable and installable in - CygWin. - [Richard Levitte] - +) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code could not support the combine flag in choice fields. [Steve Henson] @@ -1230,44 +809,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson, reported by shige@FreeBSD.org] [This change does not apply to 0.9.7.] - *) Change bctest to avoid here-documents inside command substitution - (workaround for FreeBSD /bin/sh bug). - For compatibility with Ultrix, avoid shell functions (introduced - in the bctest version that searches along $PATH). - [Bodo Moeller] - - *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes - with des_encrypt() defined on some operating systems, like Solaris - and UnixWare. - [Richard Levitte] - - *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: - On the Importance of Eliminating Errors in Cryptographic - Computations, J. Cryptology 14 (2001) 2, 101-119, - http://theory.stanford.edu/~dabo/papers/faults.ps.gz). - [Ulf Moeller] - - *) MIPS assembler BIGNUM division bug fix. - [Andy Polyakov] - - *) Disabled incorrect Alpha assembler code. - [Richard Levitte] - -) Fix PKCS#7 decode routines so they correctly update the length after reading an EOC for the EXPLICIT tag. [Steve Henson] [This change does not apply to 0.9.7.] - *) Fix bug in PKCS#12 key generation routines. This was triggered - if a 3DES key was generated with a 0 initial byte. Include - PKCS12_BROKEN_KEYGEN compilation option to retain the old - (but broken) behaviour. - [Steve Henson] - - *) Enhance bctest to search for a working bc along $PATH and print - it when found. - [Tim Rice via Richard Levitte] - +) Add a 'copy_extensions' option to the 'ca' utility. This copies extensions from a certificate request to the certificate. [Steve Henson] @@ -1281,10 +827,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k and couldn't display additional details such as extensions. [Steve Henson] - *) Fix memory leaks in err.c: free err_data string if necessary; - don't write to the wrong index in ERR_set_error_data. - [Bodo Moeller] - +) Function EC_POINTs_mul for multiple scalar multiplication of an arbitrary number of elliptic curve points \sum scalars[i]*points[i], @@ -1338,13 +880,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k pointers. [Steve Henson] - *) Implement ssl23_peek (analogous to ssl23_read), which previously - did not exist. - [Bodo Moeller] - - *) Replace rdtsc with _emit statements for VC++ version 5. - [Jeremy Cooper ] - +) Hide BN_CTX structure details in bn_lcl.h instead of publishing them in . Also further increase BN_CTX_NUM to 32. [Bodo Moeller] @@ -1386,9 +921,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Add options '-batch' and '-verbose' to 'openssl req'. [Massimiliano Pala ] - *) Make it possible to reuse SSLv2 sessions. - [Richard Levitte] - +) Introduce the possibility to access global variables through functions on platform were that's the best way to handle exporting global variables in shared libraries. To enable this functionality, @@ -1423,10 +955,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k lexicographically to avoid constant rewrites). [Richard Levitte] - *) In copy_email() check for >= 0 as a return value for - X509_NAME_get_index_by_NID() since 0 is a valid index. - [Steve Henson reported by Massimiliano Pala ] - +) In BN_div() keep a copy of the sign of 'num' before writing the result to 'rm' because if rm==num the value will be overwritten and produce the wrong result if 'num' is negative: this caused @@ -1454,11 +982,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k OID rather that just UNKNOWN. [Steve Henson] - *) Avoid coredump with unsupported or invalid public keys by checking if - X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when - PKCS7_verify() fails with non detached data. - [Steve Henson] - +) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate ID to be generated from the issuer certificate alone which can then be @@ -1492,10 +1015,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k the growing number of special cases it was previously handling. [Richard Levitte] - *) Don't use getenv in library functions when run as setuid/setgid. - New function OPENSSL_issetugid(). - [Ulf Moeller] - +) Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making @@ -1516,27 +1035,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k auto incremented. [Steve Henson] - *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) - due to incorrect handling of multi-threading: - - 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). - - 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). - - 3. Count how many times MemCheck_off() has been called so that - nested use can be treated correctly. This also avoids - inband-signalling in the previous code (which relied on the - assumption that thread ID 0 is impossible). - [Bodo Moeller] - +) New options to 'ca' utility to support V2 CRL entry extensions. Currently CRL reason, invalidity date and hold instruction are supported. Add new CRL extensions to V3 code and some new objects. [Steve Henson] - *) Add "-rand" option also to s_client and s_server. - [Lutz Jaenicke] - +) New function EVP_CIPHER_CTX_set_padding() this is used to disable standard block padding (aka PKCS#5 padding) in the EVP API, which was previously mandatory. This means that the data is @@ -1547,10 +1050,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k +) Initial (incomplete) OCSP SSL support. [Steve Henson] - *) Fix CPU detection on Irix 6.x. - [Kurt Hockenbury and - "Bruce W. Forsberg" ] - +) New function OCSP_parse_url(). This splits up a URL into its host, port and path components: primarily to parse OCSP URLs. New -url option to ocsp utility. @@ -1565,16 +1064,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k the request is nonce-less. [Steve Henson] - *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME + -) Fix X509_NAME bug which produced incorrect encoding if X509_NAME was empty. [Steve Henson] [This change does not apply to 0.9.7.] - *) Use the cached encoding of an X509_NAME structure rather than - copying it. This is apparently the reason for the libsafe "errors" - but the code is actually correct. - [Steve Henson] - +) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are skipped when using openssl x509 multiple times on a single input file, e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ] @@ -1679,10 +1143,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] [This change does not apply to 0.9.7.] - *) Zero the premaster secret after deriving the master secret in - DH ciphersuites. - [Steve Henson] - +) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT to data. This was previously part of the PKCS7 ASN1 code. This was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. @@ -1694,19 +1154,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Fix leaks in PKCS12 and PKCS7 routines. [Steve Henson] - *) Add some EVP_add_digest_alias registrations (as found in - OpenSSL_add_all_digests()) to SSL_library_init() - aka OpenSSL_add_ssl_algorithms(). This provides improved - compatibility with peers using X.509 certificates - with unconventional AlgorithmIdentifier OIDs. - [Bodo Moeller] - - *) Fix for Irix with NO_ASM. - ["Bruce W. Forsberg" ] - - *) ./config script fixes. - [Ulf Moeller, Richard Levitte] - +) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). Previously it initialised the 'type' argument to V_ASN1_UTCTIME which effectively meant GeneralizedTime would never be used. Now it @@ -1724,9 +1171,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k where it did not print out a minus for negative ASN1_INTEGER. [Steve Henson] - *) Fix 'openssl passwd -1'. - [Bodo Moeller] - +) Add summary printout to ocsp utility. The various functions which convert status values to strings have been renamed to: OCSP_response_status_str(), OCSP_cert_status_str() and @@ -1762,12 +1206,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k section to use. [Massimiliano Pala ] - *) Change PKCS12_key_gen_asc() so it can cope with non null - terminated strings whose length is passed in the passlen - parameter, for example from PEM callbacks. This was done - by adding an extra length parameter to asc2uni(). - [Steve Henson, reported by ] - +) New OCSP utility. Allows OCSP requests to be generated or read. The request can be sent to a responder and the output parsed, outputed or printed in text form. Not complete yet: @@ -1799,10 +1237,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k to 'openssl version', and is also included in 'openssl version -a'. [Bodo Moeller] - *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn - call failed, free the DSA structure. - [Bodo Moeller] - +) Allowing defining memory allocation callbacks that will be given file name and line number information in additional arguments (a const char* and an int). The basic functionality remains, as @@ -1824,10 +1258,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k a conventional allocation function is enabled. [Richard Levitte, Bodo Moeller] - *) Fix to uni2asc() to cope with zero length Unicode strings. - These are present in some PKCS#12 files. - [Steve Henson] - +) Finish off removing the remaining LHASH function pointer casts. There should no longer be any prototype-casting required when using the LHASH abstraction, and any casts that remain are "bugs". See @@ -1952,27 +1382,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k OCSP_SERVICELOC extension. Tidy up print OCSP format. [Steve Henson] - *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). - Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits - when writing a 32767 byte record. - [Bodo Moeller; problem reported by Eric Day ] - - *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), - obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. - - (RSA objects have a reference count access to which is protected - by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], - so they are meant to be shared between threads.) - [Bodo Moeller, Geoff Thorpe; original patch submitted by - "Reddie, Steven" ] - +) Make mkdef.pl parse some of the ASN1 macros and add apropriate entries for variables. [Steve Henson] - *) Fix a deadlock in CRYPTO_mem_leaks(). - [Bodo Moeller] - +) Add functionality to apps/openssl.c for detecting locking problems: As the program is single-threaded, all we have to do is register a locking callback using an array for @@ -2043,20 +1456,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k type-specific callbacks. [Geoff Thorpe] - *) Use better test patterns in bntest. - [Ulf Möller] - +) Added Kerberos Cipher Suites to be used with TLS, as written in RFC 2712. [Veers Staats , Jeffrey Altman , via Richard Levitte] - *) rand_win.c fix for Borland C. - [Ulf Möller] - - *) BN_rshift bugfix for n == 0. - [Bodo Moeller] - +) Reformat the FAQ so the different questions and answers can be divided in sections depending on the subject. [Richard Levitte] @@ -2071,37 +1475,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k be handled deterministically). [Lenka Fibikova , Bodo Moeller] - *) Add a 'bctest' script that checks for some known 'bc' bugs - so that 'make test' does not abort just because 'bc' is broken. - [Bodo Moeller] - - *) Store verify_result within SSL_SESSION also for client side to - avoid potential security hole. (Re-used sessions on the client side - always resulted in verify_result==X509_V_OK, not using the original - result of the server certificate verification.) - [Lutz Jaenicke] - +) Make BN_mod_inverse faster by explicitly handling small quotients in the Euclid loop. (Speed gain about 20% for small moduli [256 or 512 bits], about 30% for larger ones [1024 or 2048 bits].) [Bodo Moeller] - *) Fix ssl3_pending: If the record in s->s3->rrec is not of type - SSL3_RT_APPLICATION_DATA, return 0. - Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true. - [Bodo Moeller] - - *) Fix SSL_peek: - Both ssl2_peek and ssl3_peek, which were totally broken in earlier - releases, have been re-implemented by renaming the previous - implementations of ssl2_read and ssl3_read to ssl2_read_internal - and ssl3_read_internal, respectively, and adding 'peek' parameters - to them. The new ssl[23]_{read,peek} functions are calls to - ssl[23]_read_internal with the 'peek' flag set appropriately. - A 'peek' parameter has also been added to ssl3_read_bytes, which - does the actual work for ssl3_read_internal. - [Bodo Moeller] - +) New function BN_kronecker. [Bodo Moeller] @@ -2124,12 +1502,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k BN_is_one(), and BN_is_word(). [Bodo Moeller] - *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling - the method-specific "init()" handler. Also clean up ex_data after - calling the method-specific "finish()" handler. Previously, this was - happening the other way round. - [Geoff Thorpe] - +) New function BN_swap. [Bodo Moeller] @@ -2193,10 +1565,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k +) Remove all references to RSAref, since there's no more need for it. [Richard Levitte] - *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. - The previous value, 12, was not always sufficient for BN_mod_exp(). - [Bodo Moeller] - +) Make DSO load along a path given through an environment variable (SHLIB_PATH) with shl_load(). [Richard Levitte] @@ -2214,12 +1582,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k +) Constify the BIGNUM routines a little more. [Richard Levitte] - *) Make sure that shared libraries get the internal name engine with - the full version number and not just 0. This should mark the - shared libraries as not backward compatible. Of course, this should - be changed again when we can guarantee backward binary compatibility. - [Richard Levitte] - +) Add the following functions: ENGINE_load_cswift() @@ -2298,24 +1660,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k LDAP server. [Richard Levitte] - *) Fix typo in get_cert_by_subject() in by_dir.c - [Jean-Marc Desperrier ] - - *) Rework the system to generate shared libraries: - - - Make note of the expected extension for the shared libraries and - if there is a need for symbolic links from for example libcrypto.so.0 - to libcrypto.so.0.9.7. There is extended info in Configure for - that. - - - Make as few rebuilds of the shared libraries as possible. - - - Still avoid linking the OpenSSL programs with the shared libraries. - - - When installing, install the shared libraries separately from the - static ones. - [Richard Levitte] - +) Fix for non blocking accept BIOs. Added new I/O special reason BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs with non blocking I/O was not possible because no retry code was @@ -2336,6 +1680,716 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k +) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6c and 0.9.6d [XX xxx 2002] + + *) Fix object definitions for Private and Enterprise: they were not + recognized in their shortname (=lowercase) representation. Extend + obj_dat.pl to issue an error when using undefined keywords instead + of silently ignoring the problem (Svenning Sorensen + ). + [Lutz Jaenicke] + + *) Fix DH_generate_parameters() so that it works for 'non-standard' + generators, i.e. generators other than 2 and 5. (Previously, the + code did not properly initialise the 'add' and 'rem' values to + BN_generate_prime().) + + In the new general case, we do not insist that 'generator' is + actually a primitive root: This requirement is rather pointless; + a generator of the order-q subgroup is just as good, if not + better. + [Bodo Moeller] + + *) Map new X509 verification errors to alerts. Discovered and submitted by + Tom Wu . + [Lutz Jaenicke] + + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from + returning non-zero before the data has been completely received + when using non-blocking I/O. + [Bodo Moeller; problem pointed out by John Hughes] + + *) Some of the ciphers missed the strength entry (SSL_LOW etc). + [Ben Laurie, Lutz Jaenicke] + + *) Fix bug in SSL_clear(): bad sessions were not removed (found by + Yoram Zahavi ). + [Lutz Jaenicke] + + *) Add information about CygWin 1.3 and on, and preserve proper + configuration for the versions before that. + [Corinna Vinschen and Richard Levitte] + + *) Make removal from session cache (SSL_CTX_remove_session()) more robust: + check whether we deal with a copy of a session and do not delete from + the cache in this case. Problem reported by "Izhar Shoshani Levi" + . + [Lutz Jaenicke] + + *) Do not store session data into the internal session cache, if it + is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + flag is set). Proposed by Aslam . + [Lutz Jaenicke] + + *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested + value is 0. + [Richard Levitte] + + *) Add the configuration target linux-s390x. + [Neale Ferguson via Richard Levitte] + + *) [In 0.9.6d-engine release:] + Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk via Richard Levitte] + + *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of + ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag + variable as an indication that a ClientHello message has been + received. As the flag value will be lost between multiple + invocations of ssl3_accept when using non-blocking I/O, the + function may not be aware that a handshake has actually taken + place, thus preventing a new session from being added to the + session cache. + + To avoid this problem, we now set s->new_session to 2 instead of + using a local variable. + [Lutz Jaenicke, Bodo Moeller] + + *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) + if the SSL_R_LENGTH_MISMATCH error is detected. + [Geoff Thorpe, Bodo Moeller] + + *) New 'shared_ldflag' column in Configure platform table. + [Richard Levitte] + + *) Fix EVP_CIPHER_mode macro. + ["Dan S. Camper" ] + + *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown + type, we must throw them away by setting rr->length to 0. + [D P Chang ] + + Changes between 0.9.6b and 0.9.6c [21 dec 2001] + + *) Fix BN_rand_range bug pointed out by Dominikus Scherkl + . (The previous implementation + worked incorrectly for those cases where range = 10..._2 and + 3*range is two bits longer than range.) + [Bodo Moeller] + + *) Only add signing time to PKCS7 structures if it is not already + present. + [Steve Henson] + + *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", + OBJ_ld_ce should be OBJ_id_ce. + Also some ip-pda OIDs in crypto/objects/objects.txt were + incorrect (cf. RFC 3039). + [Matt Cooper, Frederic Giudicelli, Bodo Moeller] + + *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() + returns early because it has nothing to do. + [Andy Schneider ] + + *) [In 0.9.6c-engine release:] + Fix mutex callback return values in crypto/engine/hw_ncipher.c. + [Andy Schneider ] + + *) [In 0.9.6c-engine release:] + Add support for Cryptographic Appliance's keyserver technology. + (Use engine 'keyclient') + [Cryptographic Appliances and Geoff Thorpe] + + *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' + is called via tools/c89.sh because arguments have to be + rearranged (all '-L' options must appear before the first object + modules). + [Richard Shapiro ] + + *) [In 0.9.6c-engine release:] + Add support for Broadcom crypto accelerator cards, backported + from 0.9.7. + [Broadcom, Nalin Dahyabhai , Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for SureWare crypto accelerator cards from + Baltimore Technologies. (Use engine 'sureware') + [Baltimore Technologies and Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for crypto accelerator cards from Accelerated + Encryption Processing, www.aep.ie. (Use engine 'aep') + [AEP Inc. and Mark Cox] + + *) Add a configuration entry for gcc on UnixWare. + [Gary Benson ] + + *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake + messages are stored in a single piece (fixed-length part and + variable-length part combined) and fix various bugs found on the way. + [Bodo Moeller] + + *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() + instead. BIO_gethostbyname() does not know what timeouts are + appropriate, so entries would stay in cache even when they have + become invalid. + [Bodo Moeller; problem pointed out by Rich Salz + + *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when + faced with a pathologically small ClientHello fragment that does + not contain client_version: Instead of aborting with an error, + simply choose the highest available protocol version (i.e., + TLS 1.0 unless it is disabled). In practice, ClientHello + messages are never sent like this, but this change gives us + strictly correct behaviour at least for TLS. + [Bodo Moeller] + + *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() + never resets s->method to s->ctx->method when called from within + one of the SSL handshake functions. + [Bodo Moeller; problem pointed out by Niko Baric] + + *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert + (sent using the client's version number) if client_version is + smaller than the protocol version in use. Also change + ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if + the client demanded SSL 3.0 but only TLS 1.0 is enabled; then + the client will at least see that alert. + [Bodo Moeller] + + *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation + correctly. + [Bodo Moeller] + + *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a + client receives HelloRequest while in a handshake. + [Bodo Moeller; bug noticed by Andy Schneider ] + + *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C + should end in 'break', not 'goto end' which circuments various + cleanups done in state SSL_ST_OK. But session related stuff + must be disabled for SSL_ST_OK in the case that we just sent a + HelloRequest. + + Also avoid some overhead by not calling ssl_init_wbio_buffer() + before just sending a HelloRequest. + [Bodo Moeller, Eric Rescorla ] + + *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't + reveal whether illegal block cipher padding was found or a MAC + verification error occured. (Neither SSLerr() codes nor alerts + are directly visible to potential attackers, but the information + may leak via logfiles.) + + Similar changes are not required for the SSL 2.0 implementation + because the number of padding bytes is sent in clear for SSL 2.0, + and the extra bytes are just ignored. However ssl/s2_pkt.c + failed to verify that the purported number of padding bytes is in + the legal range. + [Bodo Moeller] + + *) Add OpenUNIX-8 support including shared libraries + (Boyd Lynn Gerber ). + [Lutz Jaenicke] + + *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid + 'wristwatch attack' using huge encoding parameters (cf. + James H. Manger's CRYPTO 2001 paper). Note that the + RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use + encoding parameters and hence was not vulnerable. + [Bodo Moeller] + + *) BN_sqr() bug fix. + [Ulf Möller, reported by Jim Ellis ] + + *) Rabin-Miller test analyses assume uniformly distributed witnesses, + so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() + followed by modular reduction. + [Bodo Moeller; pointed out by Adam Young ] + + *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() + equivalent based on BN_pseudo_rand() instead of BN_rand(). + [Bodo Moeller] + + *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). + This function was broken, as the check for a new client hello message + to handle SGC did not allow these large messages. + (Tracked down by "Douglas E. Engert" .) + [Lutz Jaenicke] + + *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). + [Lutz Jaenicke] + + *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() + for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" ). + [Lutz Jaenicke] + + *) Rework the configuration and shared library support for Tru64 Unix. + The configuration part makes use of modern compiler features and + still retains old compiler behavior for those that run older versions + of the OS. The shared library support part includes a variant that + uses the RPATH feature, and is available through the special + configuration target "alpha-cc-rpath", which will never be selected + automatically. + [Tim Mooney via Richard Levitte] + + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa ] + + *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). + [Andy Polyakov] + + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + + *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c + explicitly to NULL, as at least on Solaris 8 this seems not always to be + done automatically (in contradiction to the requirements of the C + standard). This made problems when used from OpenSSH. + [Lutz Jaenicke] + + *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored + dh->length and always used + + BN_rand_range(priv_key, dh->p). + + BN_rand_range() is not necessary for Diffie-Hellman, and this + specific range makes Diffie-Hellman unnecessarily inefficient if + dh->length (recommended exponent length) is much smaller than the + length of dh->p. We could use BN_rand_range() if the order of + the subgroup was stored in the DH structure, but we only have + dh->length. + + So switch back to + + BN_rand(priv_key, l, ...) + + where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 + otherwise. + [Bodo Moeller] + + *) In + + RSA_eay_public_encrypt + RSA_eay_private_decrypt + RSA_eay_private_encrypt (signing) + RSA_eay_public_decrypt (signature verification) + + (default implementations for RSA_public_encrypt, + RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), + always reject numbers >= n. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 + to synchronize access to 'locking_thread'. This is necessary on + systems where access to 'locking_thread' (an 'unsigned long' + variable) is not atomic. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID + *before* setting the 'crypto_lock_rand' flag. The previous code had + a race condition if 0 is a valid thread ID. + [Travis Vitek ] + + *) Add support for shared libraries under Irix. + [Albert Chin-A-Young ] + + *) Add configuration option to build on Linux on both big-endian and + little-endian MIPS. + [Ralf Baechle ] + + *) Add the possibility to create shared libraries on HP-UX. + [Richard Levitte] + + Changes between 0.9.6a and 0.9.6b [9 Jul 2001] + + *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) + to avoid a SSLeay/OpenSSL PRNG weakness pointed out by + Markku-Juhani O. Saarinen : + PRNG state recovery was possible based on the output of + one PRNG request appropriately sized to gain knowledge on + 'md' followed by enough consecutive 1-byte PRNG requests + to traverse all of 'state'. + + 1. When updating 'md_local' (the current thread's copy of 'md') + during PRNG output generation, hash all of the previous + 'md_local' value, not just the half used for PRNG output. + + 2. Make the number of bytes from 'state' included into the hash + independent from the number of PRNG bytes requested. + + The first measure alone would be sufficient to avoid + Markku-Juhani's attack. (Actually it had never occurred + to me that the half of 'md_local' used for chaining was the + half from which PRNG output bytes were taken -- I had always + assumed that the secret half would be used.) The second + measure makes sure that additional data from 'state' is never + mixed into 'md_local' in small portions; this heuristically + further strengthens the PRNG. + [Bodo Moeller] + + *) Fix crypto/bn/asm/mips3.s. + [Andy Polyakov] + + *) When only the key is given to "enc", the IV is undefined. Print out + an error message in this case. + [Lutz Jaenicke] + + *) Handle special case when X509_NAME is empty in X509 printing routines. + [Steve Henson] + + *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are + positive and less than q. + [Bodo Moeller] + + *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + used: it isn't thread safe and the add_lock_callback should handle + that itself. + [Paul Rose ] + + *) Verify that incoming data obeys the block size in + ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). + [Bodo Moeller] + + *) Fix OAEP check. + [Ulf Möller, Bodo Möller] + + *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 + RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 + when fixing the server behaviour for backwards-compatible 'client + hello' messages. (Note that the attack is impractical against + SSL 3.0 and TLS 1.0 anyway because length and version checking + means that the probability of guessing a valid ciphertext is + around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 + paper.) + + Before 0.9.5, the countermeasure (hide the error by generating a + random 'decryption result') did not work properly because + ERR_clear_error() was missing, meaning that SSL_get_error() would + detect the supposedly ignored error. + + Both problems are now fixed. + [Bodo Moeller] + + *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 + (previously it was 1024). + [Bodo Moeller] + + *) Fix for compatibility mode trust settings: ignore trust settings + unless some valid trust or reject settings are present. + [Steve Henson] + + *) Fix for blowfish EVP: its a variable length cipher. + [Steve Henson] + + *) Fix various bugs related to DSA S/MIME verification. Handle missing + parameters in DSA public key structures and return an error in the + DSA routines if parameters are absent. + [Steve Henson] + + *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" + in the current directory if neither $RANDFILE nor $HOME was set. + RAND_file_name() in 0.9.6a returned NULL in this case. This has + caused some confusion to Windows users who haven't defined $HOME. + Thus RAND_file_name() is changed again: e_os.h can define a + DEFAULT_HOME, which will be used if $HOME is not set. + For Windows, we use "C:"; on other platforms, we still require + environment variables. + + *) Move 'if (!initialized) RAND_poll()' into regions protected by + CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids + having multiple threads call RAND_poll() concurrently. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a + combination of a flag and a thread ID variable. + Otherwise while one thread is in ssleay_rand_bytes (which sets the + flag), *other* threads can enter ssleay_add_bytes without obeying + the CRYPTO_LOCK_RAND lock (and may even illegally release the lock + that they do not hold after the first thread unsets add_do_not_lock). + [Bodo Moeller] + + *) Change bctest again: '-x' expressions are not available in all + versions of 'test'. + [Bodo Moeller] + + Changes between 0.9.6 and 0.9.6a [5 Apr 2001] + + *) Fix a couple of memory leaks in PKCS7_dataDecode() + [Steve Henson, reported by Heyun Zheng ] + + *) Change Configure and Makefiles to provide EXE_EXT, which will contain + the default extension for executables, if any. Also, make the perl + scripts that use symlink() to test if it really exists and use "cp" + if it doesn't. All this made OpenSSL compilable and installable in + CygWin. + [Richard Levitte] + + *) Fix for asn1_GetSequence() for indefinite length constructed data. + If SEQUENCE is length is indefinite just set c->slen to the total + amount of data available. + [Steve Henson, reported by shige@FreeBSD.org] + [This change does not apply to 0.9.7.] + + *) Change bctest to avoid here-documents inside command substitution + (workaround for FreeBSD /bin/sh bug). + For compatibility with Ultrix, avoid shell functions (introduced + in the bctest version that searches along $PATH). + [Bodo Moeller] + + *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes + with des_encrypt() defined on some operating systems, like Solaris + and UnixWare. + [Richard Levitte] + + *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: + On the Importance of Eliminating Errors in Cryptographic + Computations, J. Cryptology 14 (2001) 2, 101-119, + http://theory.stanford.edu/~dabo/papers/faults.ps.gz). + [Ulf Moeller] + + *) MIPS assembler BIGNUM division bug fix. + [Andy Polyakov] + + *) Disabled incorrect Alpha assembler code. + [Richard Levitte] + + *) Fix PKCS#7 decode routines so they correctly update the length + after reading an EOC for the EXPLICIT tag. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Fix bug in PKCS#12 key generation routines. This was triggered + if a 3DES key was generated with a 0 initial byte. Include + PKCS12_BROKEN_KEYGEN compilation option to retain the old + (but broken) behaviour. + [Steve Henson] + + *) Enhance bctest to search for a working bc along $PATH and print + it when found. + [Tim Rice via Richard Levitte] + + *) Fix memory leaks in err.c: free err_data string if necessary; + don't write to the wrong index in ERR_set_error_data. + [Bodo Moeller] + + *) Implement ssl23_peek (analogous to ssl23_read), which previously + did not exist. + [Bodo Moeller] + + *) Replace rdtsc with _emit statements for VC++ version 5. + [Jeremy Cooper ] + + *) Make it possible to reuse SSLv2 sessions. + [Richard Levitte] + + *) In copy_email() check for >= 0 as a return value for + X509_NAME_get_index_by_NID() since 0 is a valid index. + [Steve Henson reported by Massimiliano Pala ] + + *) Avoid coredump with unsupported or invalid public keys by checking if + X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when + PKCS7_verify() fails with non detached data. + [Steve Henson] + + *) Don't use getenv in library functions when run as setuid/setgid. + New function OPENSSL_issetugid(). + [Ulf Moeller] + + *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) + due to incorrect handling of multi-threading: + + 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). + + 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). + + 3. Count how many times MemCheck_off() has been called so that + nested use can be treated correctly. This also avoids + inband-signalling in the previous code (which relied on the + assumption that thread ID 0 is impossible). + [Bodo Moeller] + + *) Add "-rand" option also to s_client and s_server. + [Lutz Jaenicke] + + *) Fix CPU detection on Irix 6.x. + [Kurt Hockenbury and + "Bruce W. Forsberg" ] + + *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME + was empty. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Use the cached encoding of an X509_NAME structure rather than + copying it. This is apparently the reason for the libsafe "errors" + but the code is actually correct. + [Steve Henson] + + *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent + Bleichenbacher's DSA attack. + Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits + to be set and top=0 forces the highest bit to be set; top=-1 is new + and leaves the highest bit random. + [Ulf Moeller, Bodo Moeller] + + *) In the NCONF_...-based implementations for CONF_... queries + (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using + a temporary CONF structure with the data component set to NULL + (which gives segmentation faults in lh_retrieve). + Instead, use NULL for the CONF pointer in CONF_get_string and + CONF_get_number (which may use environment variables) and directly + return NULL from CONF_get_section. + [Bodo Moeller] + + *) Fix potential buffer overrun for EBCDIC. + [Ulf Moeller] + + *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign + keyUsage if basicConstraints absent for a CA. + [Steve Henson] + + *) Make SMIME_write_PKCS7() write mail header values with a format that + is more generally accepted (no spaces before the semicolon), since + some programs can't parse those values properly otherwise. Also make + sure BIO's that break lines after each write do not create invalid + headers. + [Richard Levitte] + + *) Make the CRL encoding routines work with empty SEQUENCE OF. The + macros previously used would not encode an empty SEQUENCE OF + and break the signature. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Zero the premaster secret after deriving the master secret in + DH ciphersuites. + [Steve Henson] + + *) Add some EVP_add_digest_alias registrations (as found in + OpenSSL_add_all_digests()) to SSL_library_init() + aka OpenSSL_add_ssl_algorithms(). This provides improved + compatibility with peers using X.509 certificates + with unconventional AlgorithmIdentifier OIDs. + [Bodo Moeller] + + *) Fix for Irix with NO_ASM. + ["Bruce W. Forsberg" ] + + *) ./config script fixes. + [Ulf Moeller, Richard Levitte] + + *) Fix 'openssl passwd -1'. + [Bodo Moeller] + + *) Change PKCS12_key_gen_asc() so it can cope with non null + terminated strings whose length is passed in the passlen + parameter, for example from PEM callbacks. This was done + by adding an extra length parameter to asc2uni(). + [Steve Henson, reported by ] + + *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn + call failed, free the DSA structure. + [Bodo Moeller] + + *) Fix to uni2asc() to cope with zero length Unicode strings. + These are present in some PKCS#12 files. + [Steve Henson] + + *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). + Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits + when writing a 32767 byte record. + [Bodo Moeller; problem reported by Eric Day ] + + *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. + + (RSA objects have a reference count access to which is protected + by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], + so they are meant to be shared between threads.) + [Bodo Moeller, Geoff Thorpe; original patch submitted by + "Reddie, Steven" ] + + *) Fix a deadlock in CRYPTO_mem_leaks(). + [Bodo Moeller] + + *) Use better test patterns in bntest. + [Ulf Möller] + + *) rand_win.c fix for Borland C. + [Ulf Möller] + + *) BN_rshift bugfix for n == 0. + [Bodo Moeller] + + *) Add a 'bctest' script that checks for some known 'bc' bugs + so that 'make test' does not abort just because 'bc' is broken. + [Bodo Moeller] + + *) Store verify_result within SSL_SESSION also for client side to + avoid potential security hole. (Re-used sessions on the client side + always resulted in verify_result==X509_V_OK, not using the original + result of the server certificate verification.) + [Lutz Jaenicke] + + *) Fix ssl3_pending: If the record in s->s3->rrec is not of type + SSL3_RT_APPLICATION_DATA, return 0. + Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true. + [Bodo Moeller] + + *) Fix SSL_peek: + Both ssl2_peek and ssl3_peek, which were totally broken in earlier + releases, have been re-implemented by renaming the previous + implementations of ssl2_read and ssl3_read to ssl2_read_internal + and ssl3_read_internal, respectively, and adding 'peek' parameters + to them. The new ssl[23]_{read,peek} functions are calls to + ssl[23]_read_internal with the 'peek' flag set appropriately. + A 'peek' parameter has also been added to ssl3_read_bytes, which + does the actual work for ssl3_read_internal. + [Bodo Moeller] + + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. + The previous value, 12, was not always sufficient for BN_mod_exp(). + [Bodo Moeller] + + *) Make sure that shared libraries get the internal name engine with + the full version number and not just 0. This should mark the + shared libraries as not backward compatible. Of course, this should + be changed again when we can guarantee backward binary compatibility. + [Richard Levitte] + + *) Fix typo in get_cert_by_subject() in by_dir.c + [Jean-Marc Desperrier ] + + *) Rework the system to generate shared libraries: + + - Make note of the expected extension for the shared libraries and + if there is a need for symbolic links from for example libcrypto.so.0 + to libcrypto.so.0.9.7. There is extended info in Configure for + that. + + - Make as few rebuilds of the shared libraries as possible. + + - Still avoid linking the OpenSSL programs with the shared libraries. + + - When installing, install the shared libraries separately from the + static ones. + [Richard Levitte] + *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new From e4fb49775b99f01000dd4a2ce2d89611e13e7b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 11 Apr 2002 18:43:52 +0000 Subject: [PATCH 145/173] Synchronize with 0.9.7-stable. --- NEWS | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index f8cb8c0831..ebb2b74a0e 100644 --- a/NEWS +++ b/NEWS @@ -8,9 +8,41 @@ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: o New library section OCSP. - o Complete haul-over of the ASN.1 library section. + o Complete rewrite of ASN1 code. + o CRL checking in verify code and openssl utility. + o Extension copying in 'ca' utility. + o Flexible display options in 'ca' utility. + o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. + o New elliptic curve library section. + o New AES (Rijndael) library section. + o Change DES API to clean up the namespace (some applications link also + against libdes providing similar functions having the same name). + Provide macros for backward compatibility (will be removed in the + future). + o Unifiy handling of cryptographic algorithms (software and + engine) to be available via EVP routines for asymmetric and + symmetric ciphers. + o NCONF: new configuration handling routines. + o Change API to use more 'const' modifiers to improve error checking + and help optimizers. + o Finally remove references to RSAref. + o Reworked parts of the BIGNUM code. + o Support for new engines: Broadcom ubsec, Accelerated Encryption + Processing, IBM 4758. + o PRNG: query at more locations for a random device, automatic query for + EGD style random sources at several locations. + o SSL/TLS: allow optional cipher choice according to server's preference. + o SSL/TLS: allow server to explicitly set new session ids. + o SSL/TLS: support Kerberos cipher suites (RFC2712). + o SSL/TLS: allow more precise control of renegotiations and sessions. + o SSL/TLS: add callback to retrieve SSL/TLS messages. + + Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: + + o Various SSL/TLS library bugfixes. + o Fix DH parameter generation for 'non-standard' generators. Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: From 241d2ba1da4ab3eb334a72c269725c060986e204 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 11 Apr 2002 21:51:40 +0000 Subject: [PATCH 146/173] Change the date to XX xxx XXXX in development versions. --- README | 2 +- crypto/opensslv.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README b/README index 22970cb099..ef9fcc002b 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8-dev 24 Sep 2000 + OpenSSL 0.9.8-dev XX xxx XXXX Copyright (c) 1998-2002 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 802bda5eec..cb21ee381f 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -26,7 +26,7 @@ * major minor fix final patch/beta) */ #define OPENSSL_VERSION_NUMBER 0x00908000L -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8-dev 24 Sep 2000" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8-dev XX xxx XXXX" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT From 083100e2abe0f7b6cef91a4a5e267037af4e1904 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 11 Apr 2002 22:13:58 +0000 Subject: [PATCH 147/173] Check error code from a2d_ASN1_OBJECT(). --- crypto/objects/obj_dat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 8094c7df95..cf21ea3377 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -654,6 +654,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) return(0); } i=a2d_ASN1_OBJECT(buf,i,oid,-1); + if (i == 0) + goto err; op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); if (op == NULL) goto err; From b975183c41718cc9eaa5d1f8265aeb8013239725 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 12 Apr 2002 08:57:01 +0000 Subject: [PATCH 148/173] ECDSA representation bugfixes Submitted by: Nils Larsch --- crypto/asn1/x_pubkey.c | 77 ++++++++++++++++++++++++++++------------- crypto/ecdsa/ecs_asn1.c | 2 +- 2 files changed, 54 insertions(+), 25 deletions(-) diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 9fea31a8a5..a34f473cfe 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -132,43 +132,55 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) #ifndef OPENSSL_NO_ECDSA else if (pkey->type == EVP_PKEY_ECDSA) { + int nid=0; unsigned char *pp; ECDSA *ecdsa; ecdsa = pkey->pkey.ecdsa; ASN1_TYPE_free(a->parameter); - if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB); - goto err; - } - if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); - goto err; - } - pp = p; - if (!i2d_ECDSAParameters(ecdsa, &pp)) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB); - OPENSSL_free(p); - goto err; - } + if ((a->parameter = ASN1_TYPE_new()) == NULL) { X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); OPENSSL_free(p); goto err; } - a->parameter->type = V_ASN1_SEQUENCE; - if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) + + if ((ECDSA_get_parameter_flags(ecdsa) & ECDSA_FLAG_NAMED_CURVE) && (nid = EC_GROUP_get_nid(ecdsa->group))) { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); - OPENSSL_free(p); - goto err; + /* just set the OID */ + a->parameter->type = V_ASN1_OBJECT; + a->parameter->value.object = OBJ_nid2obj(nid); + } + else /* explicit parameters */ + { + if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB); + goto err; + } + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); + goto err; + } + pp = p; + if (!i2d_ECDSAParameters(ecdsa, &pp)) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB); + OPENSSL_free(p); + goto err; + } + a->parameter->type = V_ASN1_SEQUENCE; + if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); + OPENSSL_free(p); + goto err; + } + ASN1_STRING_set(a->parameter->value.sequence, p, i); + OPENSSL_free(p); } - ASN1_STRING_set(a->parameter->value.sequence, p, i); - OPENSSL_free(p); } #endif else if (1) @@ -266,6 +278,9 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { + /* type == V_ASN1_SEQUENCE => we have explicit parameters + * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) + */ if ((ret->pkey.ecdsa= ECDSA_new()) == NULL) { X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); @@ -279,6 +294,20 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) goto err; } } + else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) + { + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if (ret->pkey.ecdsa == NULL) + ret->pkey.ecdsa = ECDSA_new(); + if (ret->pkey.ecdsa->group) + EC_GROUP_free(ret->pkey.ecdsa->group); + ret->pkey.ecdsa->parameter_flags |= ECDSA_FLAG_NAMED_CURVE; + if ((ret->pkey.ecdsa->group = EC_GROUP_new_by_name(OBJ_obj2nid(a->parameter->value.object))) == NULL) + goto err; + } + /* the case implicitlyCA is currently not implemented */ ret->save_parameters = 1; } #endif diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 30e8bfb340..f68081d42c 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -647,7 +647,7 @@ ECDSA *ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, lon ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); return 0; } - ECDSA_set_conversion_form(ret, (point_conversion_form_t)*in[0]); + ECDSA_set_conversion_form(ret, (point_conversion_form_t)(*in[0] & ~0x01)); return ret; } From 85fb12d5545537487fb220c54252417c14a876b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 12 Apr 2002 13:45:29 +0000 Subject: [PATCH 149/173] clean up and synchronize with 0.9.6-stable --- CHANGES | 493 +++++++++++++++++++++++++------------------------------- 1 file changed, 218 insertions(+), 275 deletions(-) diff --git a/CHANGES b/CHANGES index a37552173a..6b9ca156c6 100644 --- a/CHANGES +++ b/CHANGES @@ -40,21 +40,12 @@ Changes between 0.9.6d and 0.9.7 [XX xxx 2002] - OpenSSL 0.9.6a/0.9.6b/0.9.6c/0.9.6d (bugfix releases, 5 Apr 2001, - 9 July 2001, 21 Dec 2001, XX xxx 2002) and OpenSSL 0.9.7 were developed - in parallel, based on OpenSSL 0.9.6. - - Change log entries are tagged as follows: - -) applies to 0.9.6a/0.9.6b/0.9.6c/0.9.6d only - *) applies to 0.9.6a/0.9.6b/0.9.6c/0.9.6d and 0.9.7 - +) applies to 0.9.7 only - - +) Make object definitions compliant to LDAP (RFC2256): SN is the short + *) Make object definitions compliant to LDAP (RFC2256): SN is the short form for "surname", serialNumber has no short form (Michael Bell ). [Lutu Jaenicke] - +) Add an "init" command to the ENGINE config module and auto initialize + *) Add an "init" command to the ENGINE config module and auto initialize ENGINEs. Without any "init" command the ENGINE will be initialized after all ctrl commands have been executed on it. If init=1 the ENGINE is initailized at that point (ctrls before that point are run @@ -62,7 +53,7 @@ init=0 then the ENGINE will not be iniatialized at all. [Steve Henson] - +) Fix the 'app_verify_callback' interface so that the user-defined + *) Fix the 'app_verify_callback' interface so that the user-defined argument is actually passed to the callback: In the SSL_CTX_set_cert_verify_callback() prototype, the callback declaration has been changed from @@ -78,10 +69,10 @@ a dummy argument can be added to their callback functions. [D. K. Smetters ] - +) Added the '4758cca' ENGINE to support IBM 4758 cards. + *) Added the '4758cca' ENGINE to support IBM 4758 cards. [Maurice Gittens , touchups by Geoff Thorpe] - +) Add and OPENSSL_LOAD_CONF define which will cause + *) Add and OPENSSL_LOAD_CONF define which will cause OpenSSL_add_all_algorithms() to load the openssl.cnf config file. This allows older applications to transparently support certain OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. @@ -90,11 +81,11 @@ always load it have also been added. [Steve Henson] - +) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. + *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. Adjust NIDs and EVP layer. [Stephen Sprunk and Richard Levitte] - +) Config modules support in openssl utility. + *) Config modules support in openssl utility. Most commands now load modules from the config file, though in a few (such as version) this isn't done @@ -106,35 +97,35 @@ alternative file. [Steve Henson] - +) Move default behaviour from OPENSSL_config(). If appname is NULL + *) Move default behaviour from OPENSSL_config(). If appname is NULL use "openssl_conf" if filename is NULL use default openssl config file. [Steve Henson] - +) Add an argument to OPENSSL_config() to allow the use of an alternative + *) Add an argument to OPENSSL_config() to allow the use of an alternative config section name. Add a new flag to tolerate a missing config file and move code to CONF_modules_load_file(). [Steve Henson] - +) Support for crypto accelerator cards from Accelerated Encryption + *) Support for crypto accelerator cards from Accelerated Encryption Processing, www.aep.ie. (Use engine 'aep') The support was copied from 0.9.6c [engine] and adapted/corrected to work with the new engine framework. [AEP Inc. and Richard Levitte] - +) Support for SureWare crypto accelerator cards from Baltimore + *) Support for SureWare crypto accelerator cards from Baltimore Technologies. (Use engine 'sureware') The support was copied from 0.9.6c [engine] and adapted to work with the new engine framework. [Richard Levitte] - +) Have the CHIL engine fork-safe (as defined by nCipher) and actually + *) Have the CHIL engine fork-safe (as defined by nCipher) and actually make the newer ENGINE framework commands for the CHIL engine work. [Toomas Kiisk and Richard Levitte] - +) Make it possible to produce shared libraries on ReliantUNIX. + *) Make it possible to produce shared libraries on ReliantUNIX. [Robert Dahlem via Richard Levitte] - +) Add the configuration target debug-linux-ppro. + *) Add the configuration target debug-linux-ppro. Make 'openssl rsa' use the general key loading routines implemented in apps.c, and make those routines able to handle the key format FORMAT_NETSCAPE and the variant @@ -144,15 +135,15 @@ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). [Toomas Kiisk via Richard Levitte] - +) Add -keyform to rsautl, and document -engine. + *) Add -keyform to rsautl, and document -engine. [Richard Levitte, inspired by Toomas Kiisk ] - +) Change BIO_new_file (crypto/bio/bss_file.c) to use new + *) Change BIO_new_file (crypto/bio/bss_file.c) to use new BIO_R_NO_SUCH_FILE error code rather than the generic ERR_R_SYS_LIB error code if fopen() fails with ENOENT. [Ben Laurie] - +) Add new functions + *) Add new functions ERR_peek_last_error ERR_peek_last_error_line ERR_peek_last_error_line_data. @@ -164,56 +155,34 @@ still in the error queue. [Ben Laurie, Bodo Moeller] - +) default_algorithms option in ENGINE config module. This allows things + *) default_algorithms option in ENGINE config module. This allows things like: default_algorithms = ALL default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS [Steve Henson] - +) Prelminary ENGINE config module. + *) Prelminary ENGINE config module. [Steve Henson] - +) New experimental application configuration code. + *) New experimental application configuration code. [Steve Henson] - +) Change the AES code to follow the same name structure as all other + *) Change the AES code to follow the same name structure as all other symmetric ciphers, and behave the same way. Move everything to the directory crypto/aes, thereby obsoleting crypto/rijndael. [Stephen Sprunk and Richard Levitte] - -) OpenSSL 0.9.6c released [21 dec 2001] - - +) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. + *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. [Ben Laurie and Theo de Raadt] - +) Add option to output public keys in req command. + *) Add option to output public keys in req command. [Massimiliano Pala madwolf@openca.org] - -) [In 0.9.6c-engine release:] - Add support for Cryptographic Appliance's keyserver technology. - (Use engine 'keyclient') - [Cryptographic Appliances and Geoff Thorpe] - - +) Use wNAFs in EC_POINTs_mul() for improved efficiency + *) Use wNAFs in EC_POINTs_mul() for improved efficiency (up to about 10% better than before for P-192 and P-224). [Bodo Moeller] - -) [In 0.9.6c-engine release:] - Add support for Broadcom crypto accelerator cards, backported - from 0.9.7. - [Broadcom, Nalin Dahyabhai , Mark Cox] - - -) [In 0.9.6c-engine release:] - Add support for SureWare crypto accelerator cards from - Baltimore Technologies. (Use engine 'sureware') - [Baltimore Technologies and Mark Cox] - - -) [In 0.9.6c-engine release:] - Add support for crypto accelerator cards from Accelerated - Encryption Processing, www.aep.ie. (Use engine 'aep') - [AEP Inc. and Mark Cox] - - +) New functions/macros + *) New functions/macros SSL_CTX_set_msg_callback(ctx, cb) SSL_CTX_set_msg_callback_arg(ctx, arg) @@ -240,7 +209,7 @@ to enable a callback that displays all protocol messages. [Bodo Moeller] - +) Change the shared library support so shared libraries are built as + *) Change the shared library support so shared libraries are built as soon as the corresponding static library is finished, and thereby get openssl and the test programs linked against the shared library. This still only happens when the keyword "shard" has been given to @@ -250,29 +219,29 @@ backward binary compatibility is still not guaranteed. ["Maciej W. Rozycki" and Richard Levitte] - +) Add support for Subject Information Access extension. + *) Add support for Subject Information Access extension. [Peter Sylvester ] - +) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero + *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero additional bytes when new memory had to be allocated, not just when reusing an existing buffer. [Bodo Moeller] - +) New command line and configuration option 'utf8' for the req command. + *) New command line and configuration option 'utf8' for the req command. This allows field values to be specified as UTF8 strings. [Steve Henson] - +) Add -multi and -mr options to "openssl speed" - giving multiple parallel + *) Add -multi and -mr options to "openssl speed" - giving multiple parallel runs for the former and machine-readable output for the latter. [Ben Laurie] - +) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion + *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of the e-mail address in the DN (i.e., it will go into a certificate extension only). The new configuration file option 'email_in_dn = no' has the same effect. [Massimiliano Pala madwolf@openca.org] - +) Change all functions with names starting with des_ to be starting + *) Change all functions with names starting with des_ to be starting with DES_ instead. Add wrappers that are compatible with libdes, but are named _ossl_old_des_*. Finally, add macros that map the des_* symbols to the corresponding _ossl_old_des_* if libdes @@ -301,7 +270,7 @@ default), and then completely removed. [Richard Levitte] - +) Test for certificates which contain unsupported critical extensions. + *) Test for certificates which contain unsupported critical extensions. If such a certificate is found during a verify operation it is rejected by default: this behaviour can be overridden by either handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or @@ -310,11 +279,11 @@ particular extension is supported. [Steve Henson] - +) Modify the behaviour of EVP cipher functions in similar way to digests + *) Modify the behaviour of EVP cipher functions in similar way to digests to retain compatibility with existing code. [Steve Henson] - +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain + *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain compatibility with existing code. In particular the 'ctx' parameter does not have to be to be initialized before the call to EVP_DigestInit() and it is tidied up after a call to EVP_DigestFinal(). New function @@ -327,15 +296,15 @@ EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). [Steve Henson] - +) Change ssl3_get_message (ssl/s3_both.c) and the functions using it + *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it so that complete 'Handshake' protocol structures are kept in memory instead of overwriting 'msg_type' and 'length' with 'body' data. [Bodo Moeller] - +) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. + *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. [Massimo Santin via Richard Levitte] - +) Major restructuring to the underlying ENGINE code. This includes + *) Major restructuring to the underlying ENGINE code. This includes reduction of linker bloat, separation of pure "ENGINE" manipulation (initialisation, etc) from functionality dealing with implementations of specific crypto iterfaces. This change also introduces integrated @@ -357,15 +326,15 @@ the new code. [Geoff Thorpe] - +) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. + *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. [Steve Henson] - +) Change mkdef.pl to sort symbols that get the same entry number, + *) Change mkdef.pl to sort symbols that get the same entry number, and make sure the automatically generated functions ERR_load_* become part of libeay.num as well. [Richard Levitte] - +) New function SSL_renegotiate_pending(). This returns true once + *) New function SSL_renegotiate_pending(). This returns true once renegotiation has been requested (either SSL_renegotiate() call or HelloRequest/ClientHello receveived from the peer) and becomes false once a handshake has been completed. @@ -375,31 +344,31 @@ client has followed the request.) [Bodo Moeller] - +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. + *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. By default, clients may request session resumption even during renegotiation (if session ID contexts permit); with this option, session resumption is possible only in the first handshake. [Bodo Moeller] - +) Add some demos for certificate and certificate request creation. + *) Add some demos for certificate and certificate request creation. [Steve Henson] - +) Make maximum certificate chain size accepted from the peer application + *) Make maximum certificate chain size accepted from the peer application settable (SSL*_get/set_max_cert_list()), as proposed by "Douglas E. Engert" . [Lutz Jaenicke] - +) Add support for shared libraries for Unixware-7 + *) Add support for shared libraries for Unixware-7 (Boyd Lynn Gerber ). [Lutz Jaenicke] - +) Add a "destroy" handler to ENGINEs that allows structural cleanup to + *) Add a "destroy" handler to ENGINEs that allows structural cleanup to be done prior to destruction. Use this to unload error strings from ENGINEs that load their own error strings. NB: This adds two new API functions to "get" and "set" this destroy handler in an ENGINE. [Geoff Thorpe] - +) Alter all existing ENGINE implementations (except "openssl" and + *) Alter all existing ENGINE implementations (except "openssl" and "openbsd") to dynamically instantiate their own error strings. This makes them more flexible to be built both as statically-linked ENGINEs and self-contained shared-libraries loadable via the "dynamic" ENGINE. @@ -407,7 +376,7 @@ shared-libraries easier (see README.ENGINE). [Geoff Thorpe] - +) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE + *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE implementations into applications that are completely implemented in self-contained shared-libraries. The "dynamic" ENGINE exposes control commands that can be used to configure what shared-library to load and @@ -417,18 +386,18 @@ (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). [Geoff Thorpe] - +) Make it possible to unload ranges of ERR strings with a new + *) Make it possible to unload ranges of ERR strings with a new "ERR_unload_strings" function. [Geoff Thorpe] - +) Add a copy() function to EVP_MD. + *) Add a copy() function to EVP_MD. [Ben Laurie] - +) Make EVP_MD routines take a context pointer instead of just the + *) Make EVP_MD routines take a context pointer instead of just the md_data void pointer. [Ben Laurie] - +) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates + *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates that the digest can only process a single chunk of data (typically because it is provided by a piece of hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application @@ -436,7 +405,7 @@ framework needn't accumulate the data for oneshot drivers. [Ben Laurie] - +) As with "ERR", make it possible to replace the underlying "ex_data" + *) As with "ERR", make it possible to replace the underlying "ex_data" functions. This change also alters the storage and management of global ex_data state - it's now all inside ex_data.c and all "class" code (eg. RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class @@ -457,7 +426,7 @@ has a return value to indicate success or failure. [Geoff Thorpe] - +) Make it possible to replace the underlying "ERR" functions such that the + *) Make it possible to replace the underlying "ERR" functions such that the global state (2 LHASH tables and 2 locks) is only used by the "default" implementation. This change also adds two functions to "get" and "set" the implementation prior to it being automatically set the first time @@ -468,7 +437,7 @@ application and not in its own statically linked copy of OpenSSL code. [Geoff Thorpe] - +) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment + *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment reference counts. This performs normal REF_PRINT/REF_CHECK macros on the operation, and provides a more encapsulated way for external code (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code @@ -477,20 +446,20 @@ Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". [Geoff Thorpe] - +) Add EVP test program. + *) Add EVP test program. [Ben Laurie] - +) Add symmetric cipher support to ENGINE. Expect the API to change! + *) Add symmetric cipher support to ENGINE. Expect the API to change! [Ben Laurie] - +) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() + *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). These allow a CRL to be built without having to access X509_CRL fields directly. Modify 'ca' application to use new functions. [Steve Henson] - +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended + *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended bug workarounds. Rollback attack detection is a security feature. The problem will only arise on OpenSSL servers when TLSv1 is not available (sslv3_server_method() or SSL_OP_NO_TLSv1). @@ -498,7 +467,7 @@ for their choice and can explicitly enable this option. [Bodo Moeller, Lutz Jaenicke] - +) Rationalise EVP so it can be extended: don't include a union of + *) Rationalise EVP so it can be extended: don't include a union of cipher/digest structures, add init/cleanup functions. This also reduces the number of header dependencies. Usage example: @@ -513,7 +482,7 @@ [Ben Laurie] - +) Make DES key schedule conform to the usual scheme, as well as + *) Make DES key schedule conform to the usual scheme, as well as correcting its structure. This means that calls to DES functions now have to pass a pointer to a des_key_schedule instead of a plain des_key_schedule (which was actually always a pointer @@ -527,7 +496,7 @@ (Note that a later change renames 'des_...' into 'DES_...'.) [Ben Laurie] - +) Initial reduction of linker bloat: the use of some functions, such as + *) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function which has a knock on effect of linking in large amounts of (unused) @@ -535,24 +504,24 @@ functions prevents this. [Steve Henson] - +) Cleanup of EVP macros. + *) Cleanup of EVP macros. [Ben Laurie] - +) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the + *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the correct _ecb suffix. [Ben Laurie] - +) Add initial OCSP responder support to ocsp application. The + *) Add initial OCSP responder support to ocsp application. The revocation information is handled using the text based index use by the ca application. The responder can either handle requests generated internally, supplied in files (for example via a CGI script) or using an internal minimal server. [Steve Henson] - +) Add configuration choices to get zlib compression for TLS. + *) Add configuration choices to get zlib compression for TLS. [Richard Levitte] - +) Changes to Kerberos SSL for RFC 2712 compliance: + *) Changes to Kerberos SSL for RFC 2712 compliance: 1. Implemented real KerberosWrapper, instead of just using KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] 2. Implemented optional authenticator field of KerberosWrapper. @@ -565,15 +534,13 @@ Jeffrey Altman via Richard Levitte] - +) Cause 'openssl speed' to use fully hard-coded DSA keys as it + *) Cause 'openssl speed' to use fully hard-coded DSA keys as it already does with RSA. testdsa.h now has 'priv_key/pub_key' values for each of the key sizes rather than having just parameters (and 'speed' generating keys each time). [Geoff Thorpe] - -) OpenSSL 0.9.6b released [9 July 2001] - - +) Speed up EVP routines. + *) Speed up EVP routines. Before: encrypt type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes @@ -591,10 +558,10 @@ decrypt des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] - +) Added the OS2-EMX target. + *) Added the OS2-EMX target. ["Brian Havard" and Richard Levitte] - +) Rewrite apps to use NCONF routines instead of the old CONF. New functions + *) Rewrite apps to use NCONF routines instead of the old CONF. New functions to support NCONF routines in extension code. New function CONF_set_nconf() to allow functions which take an NCONF to also handle the old LHASH structure: this means that the old CONF compatible routines can be @@ -602,16 +569,16 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. [Steve Henson] - +) Enhance the general user interface with mechanisms for inner control + *) Enhance the general user interface with mechanisms for inner control and with possibilities to have yes/no kind of prompts. [Richard Levitte] - +) Change all calls to low level digest routines in the library and + *) Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). [Verdon Walker , Steve Henson] - +) Add the possibility to control engines through control names but with + *) Add the possibility to control engines through control names but with arbitrary arguments instead of just a string. Change the key loaders to take a UI_METHOD instead of a callback function pointer. NOTE: this breaks binary compatibility with earlier @@ -620,35 +587,35 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k callback. [Richard Levitte] - +) Enhance the general user interface with mechanisms to better support + *) Enhance the general user interface with mechanisms to better support dialog box interfaces, application-defined prompts, the possibility to use defaults (for example default passwords from somewhere else) and interrupts/cancellations. [Richard Levitte] - +) Tidy up PKCS#12 attribute handling. Add support for the CSP name + *) Tidy up PKCS#12 attribute handling. Add support for the CSP name attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. [Steve Henson] - +) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also + *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also tidy up some unnecessarily weird code in 'sk_new()'). [Geoff, reported by Diego Tartara ] - +) Change the key loading routines for ENGINEs to use the same kind + *) Change the key loading routines for ENGINEs to use the same kind callback (pem_password_cb) as all other routines that need this kind of callback. [Richard Levitte] - +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with + *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with 256 bit (=32 byte) keys. Of course seeding with more entropy bytes than this minimum value is recommended. [Lutz Jaenicke] - +) New random seeder for OpenVMS, using the system process statistics + *) New random seeder for OpenVMS, using the system process statistics that are easily reachable. [Richard Levitte] - +) Windows apparently can't transparently handle global + *) Windows apparently can't transparently handle global variables defined in DLLs. Initialisations such as: const ASN1_ITEM *it = &ASN1_INTEGER_it; @@ -659,12 +626,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k needed for static libraries under Win32. [Steve Henson] - +) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle + *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle setting of purpose and trust fields. New X509_STORE trust and purpose functions and tidy up setting in other SSL functions. [Steve Henson] - +) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE + *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE structure. These are inherited by X509_STORE_CTX when it is initialised. This allows various defaults to be set in the X509_STORE structure (such as flags for CRL checking and custom @@ -679,7 +646,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k applications. [Steve Henson] - +) Initial CRL based revocation checking. If the CRL checking flag(s) + *) Initial CRL based revocation checking. If the CRL checking flag(s) are set then the CRL is looked up in the X509_STORE structure and its validity and signature checked, then if the certificate is found in the CRL the verify fails with a revoked error. @@ -694,7 +661,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k handling. [Steve Henson] - +) Add a general user interface API (crypto/ui/). This is designed + *) Add a general user interface API (crypto/ui/). This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code @@ -702,11 +669,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k a window system and the like. [Richard Levitte] - +) Add "ex_data" support to ENGINE so implementations can add state at a + *) Add "ex_data" support to ENGINE so implementations can add state at a per-structure level rather than having to store it globally. [Geoff] - +) Make it possible for ENGINE structures to be copied when retrieved by + *) Make it possible for ENGINE structures to be copied when retrieved by ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. This causes the "original" ENGINE structure to act like a template, analogous to the RSA vs. RSA_METHOD type of separation. Because of this @@ -718,12 +685,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ENGINE structure. [Geoff] - +) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this + *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this needs to match any other type at all we need to manually clear the tag cache. [Steve Henson] - +) Changes to the "openssl engine" utility to include; + *) Changes to the "openssl engine" utility to include; - verbosity levels ('-v', '-vv', and '-vvv') that provide information about an ENGINE's available control commands. - executing control commands from command line arguments using the @@ -733,7 +700,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so [Geoff] - +) New dynamic control command support for ENGINEs. ENGINEs can now + *) New dynamic control command support for ENGINEs. ENGINEs can now declare their own commands (numbers), names (strings), descriptions, and input types for run-time discovery by calling applications. A subset of these commands are implicitly classed as "executable" @@ -752,20 +719,20 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k control over shared-library paths without source code alterations. [Geoff] - +) Changed all ENGINE implementations to dynamically allocate their + *) Changed all ENGINE implementations to dynamically allocate their ENGINEs rather than declaring them statically. Apart from this being necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, this also allows the implementations to compile without using the internal engine_int.h header. [Geoff] - +) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a + *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a 'const' value. Any code that should be able to modify a RAND_METHOD should already have non-const pointers to it (ie. they should only modify their own ones). [Geoff] - +) Made a variety of little tweaks to the ENGINE code. + *) Made a variety of little tweaks to the ENGINE code. - "atalla" and "ubsec" string definitions were moved from header files to C code. "nuron" string definitions were placed in variables rather than hard-coded - allowing parameterisation of these values @@ -787,7 +754,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. [Geoff] - +) Implement binary inversion algorithm for BN_mod_inverse in addition + *) Implement binary inversion algorithm for BN_mod_inverse in addition to the algorithm using long division. The binary algorithm can be used only if the modulus is odd. On 32-bit systems, it is faster only for relatively small moduli (roughly 20-30% for 128-bit moduli, @@ -797,28 +764,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k for moduli up to 2048 bits. [Bodo Moeller] - -) OpenSSL 0.9.6a released [5 Apr 2001] - - +) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code + *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code could not support the combine flag in choice fields. [Steve Henson] - -) Fix for asn1_GetSequence() for indefinite length constructed data. - If SEQUENCE is length is indefinite just set c->slen to the total - amount of data available. - [Steve Henson, reported by shige@FreeBSD.org] - [This change does not apply to 0.9.7.] - - -) Fix PKCS#7 decode routines so they correctly update the length - after reading an EOC for the EXPLICIT tag. - [Steve Henson] - [This change does not apply to 0.9.7.] - - +) Add a 'copy_extensions' option to the 'ca' utility. This copies + *) Add a 'copy_extensions' option to the 'ca' utility. This copies extensions from a certificate request to the certificate. [Steve Henson] - +) Allow multiple 'certopt' and 'nameopt' options to be separated + *) Allow multiple 'certopt' and 'nameopt' options to be separated by commas. Add 'namopt' and 'certopt' options to the 'ca' config file: this allows the display of the certificate about to be signed to be customised, to allow certain fields to be included @@ -827,7 +781,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k and couldn't display additional details such as extensions. [Steve Henson] - +) Function EC_POINTs_mul for multiple scalar multiplication + *) Function EC_POINTs_mul for multiple scalar multiplication of an arbitrary number of elliptic curve points \sum scalars[i]*points[i], optionally including the generator defined for the EC_GROUP: @@ -838,7 +792,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k generator). [Bodo Moeller] - +) First EC_METHODs for curves over GF(p): + *) First EC_METHODs for curves over GF(p): EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr operations and provides various method functions that can also @@ -851,7 +805,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k implementation directly derived from source code provided by Lenka Fibikova ] - +) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, + *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c): Curves are EC_GROUP objects (with an optional group generator) @@ -864,32 +818,32 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k than GF(p), some functions are limited to that for now. [Bodo Moeller] - +) Add the -HTTP option to s_server. It is similar to -WWW, but requires + *) Add the -HTTP option to s_server. It is similar to -WWW, but requires that the file contains a complete HTTP response. [Richard Levitte] - +) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl + *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl change the def and num file printf format specifier from "%-40sXXX" to "%-39s XXX". The latter will always guarantee a space after the field while the former will cause them to run together if the field is 40 of more characters long. [Steve Henson] - +) Constify the cipher and digest 'method' functions and structures + *) Constify the cipher and digest 'method' functions and structures and modify related functions to take constant EVP_MD and EVP_CIPHER pointers. [Steve Henson] - +) Hide BN_CTX structure details in bn_lcl.h instead of publishing them + *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them in . Also further increase BN_CTX_NUM to 32. [Bodo Moeller] - +) Modify EVP_Digest*() routines so they now return values. Although the + *) Modify EVP_Digest*() routines so they now return values. Although the internal software routines can never fail additional hardware versions might. [Steve Henson] - +) Clean up crypto/err/err.h and change some error codes to avoid conflicts: + *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. @@ -907,11 +861,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Add new error code 'ERR_R_INTERNAL_ERROR'. [Bodo Moeller] - +) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock + *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock suffices. [Bodo Moeller] - +) New option '-subj arg' for 'openssl req' and 'openssl ca'. This + *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This sets the subject name for a new request or supersedes the subject name in a given request. Formats that can be parsed are 'CN=Some Name, OU=myOU, C=IT' @@ -921,7 +875,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Add options '-batch' and '-verbose' to 'openssl req'. [Massimiliano Pala ] - +) Introduce the possibility to access global variables through + *) Introduce the possibility to access global variables through functions on platform were that's the best way to handle exporting global variables in shared libraries. To enable this functionality, one must configure with "EXPORT_VAR_AS_FN" or defined the C macro @@ -955,19 +909,19 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k lexicographically to avoid constant rewrites). [Richard Levitte] - +) In BN_div() keep a copy of the sign of 'num' before writing the + *) In BN_div() keep a copy of the sign of 'num' before writing the result to 'rm' because if rm==num the value will be overwritten and produce the wrong result if 'num' is negative: this caused problems with BN_mod() and BN_nnmod(). [Steve Henson] - +) Function OCSP_request_verify(). This checks the signature on an + *) Function OCSP_request_verify(). This checks the signature on an OCSP request and verifies the signer certificate. The signer certificate is just checked for a generic purpose and OCSP request trust settings. [Steve Henson] - +) Add OCSP_check_validity() function to check the validity of OCSP + *) Add OCSP_check_validity() function to check the validity of OCSP responses. OCSP responses are prepared in real time and may only be a few seconds old. Simply checking that the current time lies between thisUpdate and nextUpdate max reject otherwise valid responses @@ -978,17 +932,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ocsp utility. [Steve Henson] - +) If signature or public key algorithm is unrecognized print out its + *) If signature or public key algorithm is unrecognized print out its OID rather that just UNKNOWN. [Steve Henson] - +) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and + *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate ID to be generated from the issuer certificate alone which can then be passed to OCSP_id_issuer_cmp(). [Steve Henson] - +) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new + *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new ASN1 modules to export functions returning ASN1_ITEM pointers instead of the ASN1_ITEM structures themselves. This adds several new macros which allow the underlying ASN1 function/structure to @@ -1000,7 +954,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k functions returning pointers to structures is not. [Steve Henson] - +) Add support for overriding the generation of SSL/TLS session IDs. + *) Add support for overriding the generation of SSL/TLS session IDs. These callbacks can be registered either in an SSL_CTX or per SSL. The purpose of this is to allow applications to control, if they wish, the arbitrary values chosen for use as session IDs, particularly as it @@ -1009,13 +963,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k to use such a feature) has been added to "s_server". [Geoff Thorpe, Lutz Jaenicke] - +) Modify mkdef.pl to recognise and parse preprocessor conditionals + *) Modify mkdef.pl to recognise and parse preprocessor conditionals of the form '#if defined(...) || defined(...) || ...' and '#if !defined(...) && !defined(...) && ...'. This also avoids the growing number of special cases it was previously handling. [Richard Levitte] - +) Make all configuration macros available for application by making + *) Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with @@ -1028,34 +982,34 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k what is available. [Richard Levitte] - +) New option -set_serial to 'req' and 'x509' this allows the serial + *) New option -set_serial to 'req' and 'x509' this allows the serial number to use to be specified on the command line. Previously self signed certificates were hard coded with serial number 0 and the CA options of 'x509' had to use a serial number in a file which was auto incremented. [Steve Henson] - +) New options to 'ca' utility to support V2 CRL entry extensions. + *) New options to 'ca' utility to support V2 CRL entry extensions. Currently CRL reason, invalidity date and hold instruction are supported. Add new CRL extensions to V3 code and some new objects. [Steve Henson] - +) New function EVP_CIPHER_CTX_set_padding() this is used to + *) New function EVP_CIPHER_CTX_set_padding() this is used to disable standard block padding (aka PKCS#5 padding) in the EVP API, which was previously mandatory. This means that the data is not padded in any way and so the total length much be a multiple of the block size, otherwise an error occurs. [Steve Henson] - +) Initial (incomplete) OCSP SSL support. + *) Initial (incomplete) OCSP SSL support. [Steve Henson] - +) New function OCSP_parse_url(). This splits up a URL into its host, + *) New function OCSP_parse_url(). This splits up a URL into its host, port and path components: primarily to parse OCSP URLs. New -url option to ocsp utility. [Steve Henson] - +) New nonce behavior. The return value of OCSP_check_nonce() now + *) New nonce behavior. The return value of OCSP_check_nonce() now reflects the various checks performed. Applications can decide whether to tolerate certain situations such as an absent nonce in a response when one was present in a request: the ocsp application @@ -1064,53 +1018,48 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k the request is nonce-less. [Steve Henson] - -) Fix X509_NAME bug which produced incorrect encoding if X509_NAME - was empty. - [Steve Henson] - [This change does not apply to 0.9.7.] - - +) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are + *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are skipped when using openssl x509 multiple times on a single input file, e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ] - +) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates + *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates passed by the function are trusted implicitly. If any of them signed the response then it is assumed to be valid and is not verified. [Steve Henson] - -) Make the CRL encoding routines work with empty SEQUENCE OF. The - macros previously used would not encode an empty SEQUENCE OF - and break the signature. - [Steve Henson] - [This change does not apply to 0.9.7.] - - +) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT + *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT to data. This was previously part of the PKCS7 ASN1 code. This was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. [Steve Henson, reported by Kenneth R. Robinette ] - +) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 + *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 routines: without these tracing memory leaks is very painful. Fix leaks in PKCS12 and PKCS7 routines. [Steve Henson] - +) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). + *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). Previously it initialised the 'type' argument to V_ASN1_UTCTIME which effectively meant GeneralizedTime would never be used. Now it is initialised to -1 but X509_time_adj() now has to check the value @@ -1163,7 +1106,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson, reported by Kenneth R. Robinette ] - +) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously + *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously result in a zero length in the ASN1_INTEGER structure which was not consistent with the structure when d2i_ASN1_INTEGER() was used and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() @@ -1171,7 +1114,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k where it did not print out a minus for negative ASN1_INTEGER. [Steve Henson] - +) Add summary printout to ocsp utility. The various functions which + *) Add summary printout to ocsp utility. The various functions which convert status values to strings have been renamed to: OCSP_response_status_str(), OCSP_cert_status_str() and OCSP_crl_reason_str() and are no longer static. New options @@ -1179,7 +1122,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k printout format cleaned up. [Steve Henson] - +) Add additional OCSP certificate checks. These are those specified + *) Add additional OCSP certificate checks. These are those specified in RFC2560. This consists of two separate checks: the CA of the certificate being checked must either be the OCSP signer certificate or the issuer of the OCSP signer certificate. In the latter case the @@ -1189,7 +1132,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k in the OCSP_CERTID structures of the response. [Steve Henson] - +) Initial OCSP certificate verification added to OCSP_basic_verify() + *) Initial OCSP certificate verification added to OCSP_basic_verify() and related routines. This uses the standard OpenSSL certificate verify routines to perform initial checks (just CA validity) and to obtain the certificate chain. Then additional checks will be @@ -1199,45 +1142,45 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k chains to that CA is an acceptable OCSP signing certificate. [Steve Henson] - +) New '-extfile ...' option to 'openssl ca' for reading X.509v3 + *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 extensions from a separate configuration file. As when reading extensions from the main configuration file, the '-extensions ...' option may be used for specifying the section to use. [Massimiliano Pala ] - +) New OCSP utility. Allows OCSP requests to be generated or + *) New OCSP utility. Allows OCSP requests to be generated or read. The request can be sent to a responder and the output parsed, outputed or printed in text form. Not complete yet: still needs to check the OCSP response validity. [Steve Henson] - +) New subcommands for 'openssl ca': + *) New subcommands for 'openssl ca': 'openssl ca -status ' prints the status of the cert with the given serial number (according to the index file). 'openssl ca -updatedb' updates the expiry status of certificates in the index file. [Massimiliano Pala ] - +) New '-newreq-nodes' command option to CA.pl. This is like + *) New '-newreq-nodes' command option to CA.pl. This is like '-newreq', but calls 'openssl req' with the '-nodes' option so that the resulting key is not encrypted. [Damien Miller ] - +) New configuration for the GNU Hurd. + *) New configuration for the GNU Hurd. [Jonathan Bartlett via Richard Levitte] - +) Initial code to implement OCSP basic response verify. This + *) Initial code to implement OCSP basic response verify. This is currently incomplete. Currently just finds the signer's certificate and verifies the signature on the response. [Steve Henson] - +) New SSLeay_version code SSLEAY_DIR to determine the compiled-in + *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in value of OPENSSLDIR. This is available via the new '-d' option to 'openssl version', and is also included in 'openssl version -a'. [Bodo Moeller] - +) Allowing defining memory allocation callbacks that will be given + *) Allowing defining memory allocation callbacks that will be given file name and line number information in additional arguments (a const char* and an int). The basic functionality remains, as well as the original possibility to just replace malloc(), @@ -1258,14 +1201,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k a conventional allocation function is enabled. [Richard Levitte, Bodo Moeller] - +) Finish off removing the remaining LHASH function pointer casts. + *) Finish off removing the remaining LHASH function pointer casts. There should no longer be any prototype-casting required when using the LHASH abstraction, and any casts that remain are "bugs". See the callback types and macros at the head of lhash.h for details (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). [Geoff Thorpe] - +) Add automatic query of EGD sockets in RAND_poll() for the unix variant. + *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. If /dev/[u]random devices are not available or do not return enough entropy, EGD style sockets (served by EGD or PRNGD) will automatically be queried. @@ -1274,7 +1217,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k when enough entropy was collected without querying more sockets. [Lutz Jaenicke] - +) Change the Unix RAND_poll() variant to be able to poll several + *) Change the Unix RAND_poll() variant to be able to poll several random devices, as specified by DEVRANDOM, until a sufficient amount of data has been collected. We spend at most 10 ms on each file (select timeout) and read in non-blocking mode. DEVRANDOM now @@ -1285,7 +1228,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k For VMS, there's a currently-empty rand_vms.c. [Richard Levitte] - +) Move OCSP client related routines to ocsp_cl.c. These + *) Move OCSP client related routines to ocsp_cl.c. These provide utility functions which an application needing to issue a request to an OCSP responder and analyse the response will typically need: as opposed to those which an @@ -1307,7 +1250,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k validity of the nonce in an OCSP response. [Steve Henson] - +) Change function OCSP_request_add() to OCSP_request_add0_id(). + *) Change function OCSP_request_add() to OCSP_request_add0_id(). This doesn't copy the supplied OCSP_CERTID and avoids the need to free up the newly created id. Change return type to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. @@ -1318,13 +1261,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k will be added elsewhere. [Steve Henson] - +) Update OCSP API. Remove obsolete extensions argument from + *) Update OCSP API. Remove obsolete extensions argument from various functions. Extensions are now handled using the new OCSP extension code. New simple OCSP HTTP function which can be used to send requests and parse the response. [Steve Henson] - +) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new + *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN uses the special reorder version of SET OF to sort the attributes and reorder them to match the encoded order. This resolves a long @@ -1337,12 +1280,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k to produce the required SET OF. [Steve Henson] - +) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and + *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header files to get correct declarations of the ASN.1 item variables. [Richard Levitte] - +) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many + *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: asn1_check_tlen() would sometimes attempt to use 'ctx' when it was NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). @@ -1350,49 +1293,49 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ASN1_ITEM and no wrapper functions. [Steve Henson] - +) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These + *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These replace the old function pointer based I/O routines. Change most of the *_d2i_bio() and *_d2i_fp() functions to use these. [Steve Henson] - +) Enhance mkdef.pl to be more accepting about spacing in C preprocessor + *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor lines, recognice more "algorithms" that can be deselected, and make it complain about algorithm deselection that isn't recognised. [Richard Levitte] - +) New ASN1 functions to handle dup, sign, verify, digest, pack and + *) New ASN1 functions to handle dup, sign, verify, digest, pack and unpack operations in terms of ASN1_ITEM. Modify existing wrappers to use new functions. Add NO_ASN1_OLD which can be set to remove some old style ASN1 functions: this can be used to determine if old code will still work when these eventually go away. [Steve Henson] - +) New extension functions for OCSP structures, these follow the + *) New extension functions for OCSP structures, these follow the same conventions as certificates and CRLs. [Steve Henson] - +) New function X509V3_add1_i2d(). This automatically encodes and + *) New function X509V3_add1_i2d(). This automatically encodes and adds an extension. Its behaviour can be customised with various flags to append, replace or delete. Various wrappers added for certifcates and CRLs. [Steve Henson] - +) Fix to avoid calling the underlying ASN1 print routine when + *) Fix to avoid calling the underlying ASN1 print routine when an extension cannot be parsed. Correct a typo in the OCSP_SERVICELOC extension. Tidy up print OCSP format. [Steve Henson] - +) Make mkdef.pl parse some of the ASN1 macros and add apropriate + *) Make mkdef.pl parse some of the ASN1 macros and add apropriate entries for variables. [Steve Henson] - +) Add functionality to apps/openssl.c for detecting locking + *) Add functionality to apps/openssl.c for detecting locking problems: As the program is single-threaded, all we have to do is register a locking callback using an array for storing which locks are currently held by the program. [Bodo Moeller] - +) Use a lock around the call to CRYPTO_get_ex_new_index() in + *) Use a lock around the call to CRYPTO_get_ex_new_index() in SSL_get_ex_data_X509_STORE_idx(), which is used in ssl_verify_cert_chain() and thus can be called at any time during TLS/SSL handshakes so that thread-safety is essential. @@ -1400,19 +1343,19 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k for multi-threaded use, so it probably should be abolished. [Bodo Moeller] - +) Added Broadcom "ubsec" ENGINE to OpenSSL. + *) Added Broadcom "ubsec" ENGINE to OpenSSL. [Broadcom, tweaked and integrated by Geoff Thorpe] - +) Move common extension printing code to new function + *) Move common extension printing code to new function X509V3_print_extensions(). Reorganise OCSP print routines and implement some needed OCSP ASN1 functions. Add OCSP extensions. [Steve Henson] - +) New function X509_signature_print() to remove duplication in some + *) New function X509_signature_print() to remove duplication in some print routines. [Steve Henson] - +) Add a special meaning when SET OF and SEQUENCE OF flags are both + *) Add a special meaning when SET OF and SEQUENCE OF flags are both set (this was treated exactly the same as SET OF previously). This is used to reorder the STACK representing the structure to match the encoding. This will be used to get round a problem where a PKCS7 @@ -1420,15 +1363,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k order did not reflect the encoded order. [Steve Henson] - +) Reimplement the OCSP ASN1 module using the new code. + *) Reimplement the OCSP ASN1 module using the new code. [Steve Henson] - +) Update the X509V3 code to permit the use of an ASN1_ITEM structure + *) Update the X509V3 code to permit the use of an ASN1_ITEM structure for its ASN1 operations. The old style function pointers still exist for now but they will eventually go away. [Steve Henson] - +) Merge in replacement ASN1 code from the ASN1 branch. This almost + *) Merge in replacement ASN1 code from the ASN1 branch. This almost completely replaces the old ASN1 functionality with a table driven encoder and decoder which interprets an ASN1_ITEM structure describing the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is @@ -1436,61 +1379,61 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k has also been converted to the new form. [Steve Henson] - +) Change BN_mod_exp_recp so that negative moduli are tolerated + *) Change BN_mod_exp_recp so that negative moduli are tolerated (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set so that BN_mod_exp_mont and BN_mod_exp_mont_word work for negative moduli. [Bodo Moeller] - +) Fix BN_uadd and BN_usub: Always return non-negative results instead + *) Fix BN_uadd and BN_usub: Always return non-negative results instead of not touching the result's sign bit. [Bodo Moeller] - +) BN_div bugfix: If the result is 0, the sign (res->neg) must not be + *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be set. [Bodo Moeller] - +) Changed the LHASH code to use prototypes for callbacks, and created + *) Changed the LHASH code to use prototypes for callbacks, and created macros to declare and implement thin (optionally static) functions that provide type-safety and avoid function pointer casting for the type-specific callbacks. [Geoff Thorpe] - +) Added Kerberos Cipher Suites to be used with TLS, as written in + *) Added Kerberos Cipher Suites to be used with TLS, as written in RFC 2712. [Veers Staats , Jeffrey Altman , via Richard Levitte] - +) Reformat the FAQ so the different questions and answers can be divided + *) Reformat the FAQ so the different questions and answers can be divided in sections depending on the subject. [Richard Levitte] - +) Have the zlib compression code load ZLIB.DLL dynamically under + *) Have the zlib compression code load ZLIB.DLL dynamically under Windows. [Richard Levitte] - +) New function BN_mod_sqrt for computing square roots modulo a prime + *) New function BN_mod_sqrt for computing square roots modulo a prime (using the probabilistic Tonelli-Shanks algorithm unless p == 3 (mod 4) or p == 5 (mod 8), which are cases that can be handled deterministically). [Lenka Fibikova , Bodo Moeller] - +) Make BN_mod_inverse faster by explicitly handling small quotients + *) Make BN_mod_inverse faster by explicitly handling small quotients in the Euclid loop. (Speed gain about 20% for small moduli [256 or 512 bits], about 30% for larger ones [1024 or 2048 bits].) [Bodo Moeller] - +) New function BN_kronecker. + *) New function BN_kronecker. [Bodo Moeller] - +) Fix BN_gcd so that it works on negative inputs; the result is + *) Fix BN_gcd so that it works on negative inputs; the result is positive unless both parameters are zero. Previously something reasonably close to an infinite loop was possible because numbers could be growing instead of shrinking in the implementation of Euclid's algorithm. [Bodo Moeller] - +) Fix BN_is_word() and BN_is_one() macros to take into account the + *) Fix BN_is_word() and BN_is_one() macros to take into account the sign of the number in question. Fix BN_is_word(a,w) to work correctly for w == 0. @@ -1502,20 +1445,20 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k BN_is_one(), and BN_is_word(). [Bodo Moeller] - +) New function BN_swap. + *) New function BN_swap. [Bodo Moeller] - +) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that + *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that the exponentiation functions are more likely to produce reasonable results on negative inputs. [Bodo Moeller] - +) Change BN_mod_mul so that the result is always non-negative. + *) Change BN_mod_mul so that the result is always non-negative. Previously, it could be negative if one of the factors was negative; I don't think anyone really wanted that behaviour. [Bodo Moeller] - +) Move BN_mod_... functions into new file crypto/bn/bn_mod.c + *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c (except for exponentiation, which stays in crypto/bn/bn_exp.c, and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) and add new functions: @@ -1541,7 +1484,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k be reduced modulo m. [Lenka Fibikova , Bodo Moeller] - +) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there was actually never needed) and in BN_mul(). The removal in BN_mul() required a small change in bn_mul_part_recursive() and the addition of the functions bn_cmp_part_words(), bn_sub_part_words() and @@ -1550,7 +1493,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k differing sizes. [Richard Levitte] - +) In 'openssl passwd', verify passwords read from the terminal + *) In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that verification would just waste user's time since the resulting hash is going to be compared with some given password hash) @@ -1562,27 +1505,27 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k cause any problems. [Bodo Moeller] - +) Remove all references to RSAref, since there's no more need for it. + *) Remove all references to RSAref, since there's no more need for it. [Richard Levitte] - +) Make DSO load along a path given through an environment variable + *) Make DSO load along a path given through an environment variable (SHLIB_PATH) with shl_load(). [Richard Levitte] - +) Constify the ENGINE code as a result of BIGNUM constification. + *) Constify the ENGINE code as a result of BIGNUM constification. Also constify the RSA code and most things related to it. In a few places, most notable in the depth of the ASN.1 code, ugly casts back to non-const were required (to be solved at a later time) [Richard Levitte] - +) Make it so the openssl application has all engines loaded by default. + *) Make it so the openssl application has all engines loaded by default. [Richard Levitte] - +) Constify the BIGNUM routines a little more. + *) Constify the BIGNUM routines a little more. [Richard Levitte] - +) Add the following functions: + *) Add the following functions: ENGINE_load_cswift() ENGINE_load_chil() @@ -1600,56 +1543,56 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k declarations (they differed!). [Richard Levitte] - +) 'openssl engine' can now list capabilities. + *) 'openssl engine' can now list capabilities. [Richard Levitte] - +) Better error reporting in 'openssl engine'. + *) Better error reporting in 'openssl engine'. [Richard Levitte] - +) Never call load_dh_param(NULL) in s_server. + *) Never call load_dh_param(NULL) in s_server. [Bodo Moeller] - +) Add engine application. It can currently list engines by name and + *) Add engine application. It can currently list engines by name and identity, and test if they are actually available. [Richard Levitte] - +) Improve RPM specification file by forcing symbolic linking and making + *) Improve RPM specification file by forcing symbolic linking and making sure the installed documentation is also owned by root.root. [Damien Miller ] - +) Give the OpenSSL applications more possibilities to make use of + *) Give the OpenSSL applications more possibilities to make use of keys (public as well as private) handled by engines. [Richard Levitte] - +) Add OCSP code that comes from CertCo. + *) Add OCSP code that comes from CertCo. [Richard Levitte] - +) Add VMS support for the Rijndael code. + *) Add VMS support for the Rijndael code. [Richard Levitte] - +) Added untested support for Nuron crypto accelerator. + *) Added untested support for Nuron crypto accelerator. [Ben Laurie] - +) Add support for external cryptographic devices. This code was + *) Add support for external cryptographic devices. This code was previously distributed separately as the "engine" branch. [Geoff Thorpe, Richard Levitte] - +) Rework the filename-translation in the DSO code. It is now possible to + *) Rework the filename-translation in the DSO code. It is now possible to have far greater control over how a "name" is turned into a filename depending on the operating environment and any oddities about the different shared library filenames on each system. [Geoff Thorpe] - +) Support threads on FreeBSD-elf in Configure. + *) Support threads on FreeBSD-elf in Configure. [Richard Levitte] - +) Fix for SHA1 assembly problem with MASM: it produces + *) Fix for SHA1 assembly problem with MASM: it produces warnings about corrupt line number information when assembling with debugging information. This is caused by the overlapping of two sections. [Bernd Matthes , Steve Henson] - +) NCONF changes. + *) NCONF changes. NCONF_get_number() has no error checking at all. As a replacement, NCONF_get_number_e() is defined (_e for "error checking") and is promoted strongly. The old NCONF_get_number is kept around for @@ -1660,24 +1603,24 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k LDAP server. [Richard Levitte] - +) Fix for non blocking accept BIOs. Added new I/O special reason + *) Fix for non blocking accept BIOs. Added new I/O special reason BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs with non blocking I/O was not possible because no retry code was implemented. Also added new SSL code SSL_WANT_ACCEPT to cover this case. [Steve Henson] - +) Added the beginnings of Rijndael support. + *) Added the beginnings of Rijndael support. [Ben Laurie] - +) Fix for bug in DirectoryString mask setting. Add support for + *) Fix for bug in DirectoryString mask setting. Add support for X509_NAME_print_ex() in 'req' and X509_print_ex() function to allow certificate printing to more controllable, additional 'certopt' option to 'x509' to allow new printing options to be set. [Steve Henson] - +) Clean old EAY MD5 hack from e_os.h. + *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] Changes between 0.9.6c and 0.9.6d [XX xxx 2002] From 08b977b5a5e1e0dbf62737d159e810434a6b80ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 12 Apr 2002 13:52:40 +0000 Subject: [PATCH 150/173] looks like a typo --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 6b9ca156c6..103517a700 100644 --- a/CHANGES +++ b/CHANGES @@ -43,7 +43,7 @@ *) Make object definitions compliant to LDAP (RFC2256): SN is the short form for "surname", serialNumber has no short form (Michael Bell ). - [Lutu Jaenicke] + [Lutz Jaenicke] *) Add an "init" command to the ENGINE config module and auto initialize ENGINEs. Without any "init" command the ENGINE will be initialized From 592c0e0273c323ba789ffe5b70697fc29e85b39f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 13 Apr 2002 09:58:50 +0000 Subject: [PATCH 151/173] another error discovered by Karsten Braaten. The number was not even prime! --- doc/crypto/RSA_generate_key.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod index fdaddbcb13..8714f7179d 100644 --- a/doc/crypto/RSA_generate_key.pod +++ b/doc/crypto/RSA_generate_key.pod @@ -19,7 +19,7 @@ be seeded prior to calling RSA_generate_key(). The modulus size will be B bits, and the public exponent will be B. Key sizes with B E 1024 should be considered insecure. -The exponent is an odd number, typically 3 or 65535. +The exponent is an odd number, typically 3, 17 or 65537. A callback function may be used to provide feedback about the progress of the key generation. If B is not B, it From 3a7cef3e76aae1ef0d03f50b9e7ebcdf41b30c90 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 13 Apr 2002 12:28:44 +0000 Subject: [PATCH 152/173] Avoid emacs backup files when making a snapshot --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 736a178772..550ed5135c 100644 --- a/Makefile.org +++ b/Makefile.org @@ -655,7 +655,7 @@ tar: tar-snap: @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' | sort` |\ + `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ tardy --user_number=0 --user_name=openssl \ --group_number=0 --group_name=openssl \ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ From 82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 13 Apr 2002 22:47:20 +0000 Subject: [PATCH 153/173] Implement known-IV countermeasure. Fix length checks in ssl3_get_client_hello(). Use s->s3->in_read_app_data differently to fix ssl3_read_internal(). --- CHANGES | 16 +++++++++ STATUS | 6 +--- ssl/s3_both.c | 18 ++++++---- ssl/s3_enc.c | 66 +++++++++++++++++++++++++++++++++++- ssl/s3_lib.c | 18 ++++++---- ssl/s3_pkt.c | 93 ++++++++++++++++++++++++++++++++++++++------------- ssl/s3_srvr.c | 11 ++++-- ssl/ssl3.h | 66 +++++++++++++++++++++++++++++++++--- ssl/t1_enc.c | 61 +++++++++++++++++++++++++++++++++ 9 files changed, 306 insertions(+), 49 deletions(-) diff --git a/CHANGES b/CHANGES index 103517a700..f5327d36bf 100644 --- a/CHANGES +++ b/CHANGES @@ -1625,6 +1625,22 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6c and 0.9.6d [XX xxx 2002] + *) Implement a countermeasure against a vulnerability recently found + in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment + before application data chunks to avoid the use of known IVs + with data potentially chosen by the attacker. + [Bodo Moeller] + + *) Fix length checks in ssl3_get_client_hello(). + [Bodo Moeller] + + *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently + to prevent ssl3_read_internal() from incorrectly assuming that + ssl3_read_bytes() found application data while handshake + processing was enabled when in fact s->s3->in_read_app_data was + merely automatically cleared during the initial handshake. + [Bodo Moeller; problem pointed out by Arne Ansper ] + *) Fix object definitions for Private and Enterprise: they were not recognized in their shortname (=lowercase) representation. Extend obj_dat.pl to issue an error when using undefined keywords instead diff --git a/STATUS b/STATUS index 7853d9ff50..3744876fbf 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/03/11 09:36:04 $ + ______________ $Date: 2002/04/13 22:47:04 $ DEVELOPMENT STATE @@ -62,10 +62,6 @@ NEEDS PATCH - o An (optional) countermeasure against the predictable-IV CBC - weakness in SSL/TLS should be added; see - http://www.openssl.org/~bodo/tls-cbc.txt - o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file o "OpenSSL STATUS" is never up-to-date. diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 89b54b71d3..58a24cd883 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -592,6 +592,7 @@ int ssl3_setup_buffers(SSL *s) { unsigned char *p; unsigned int extra; + size_t len; if (s->s3->rbuf.buf == NULL) { @@ -599,18 +600,21 @@ int ssl3_setup_buffers(SSL *s) extra=SSL3_RT_MAX_EXTRA; else extra=0; - if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) - == NULL) + len = SSL3_RT_MAX_PACKET_SIZE + extra; + if ((p=OPENSSL_malloc(len)) == NULL) goto err; - s->s3->rbuf.buf=p; + s->s3->rbuf.buf = p; + s->s3->rbuf.len = len; } if (s->s3->wbuf.buf == NULL) { - if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE)) - == NULL) + len = SSL3_RT_MAX_PACKET_SIZE; + len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */ + if ((p=OPENSSL_malloc(len)) == NULL) goto err; - s->s3->wbuf.buf=p; + s->s3->wbuf.buf = p; + s->s3->wbuf.len = len; } s->packet= &(s->s3->rbuf.buf[0]); return(1); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 6d9f986d58..6dfef5caaf 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -296,6 +349,7 @@ int ssl3_setup_key_block(SSL *s) const EVP_CIPHER *c; const EVP_MD *hash; int num; + int ret = 0; SSL_COMP *comp; if (s->s3->tmp.key_block_length != 0) @@ -322,8 +376,18 @@ int ssl3_setup_key_block(SSL *s) s->s3->tmp.key_block_length=num; s->s3->tmp.key_block=p; - return ssl3_generate_key_block(s,p,num); + ret = ssl3_generate_key_block(s,p,num); + /* enable vulnerability countermeasure for CBC ciphers with + * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ + s->s3->need_empty_fragments = 1; +#ifndef OPENSSL_NO_RC4 + if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) + s->s3->need_empty_fragments = 0; +#endif + + return ret; + err: SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); return(0); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4ccc70b061..686992406c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -994,6 +994,7 @@ void ssl3_free(SSL *s) void ssl3_clear(SSL *s) { unsigned char *rp,*wp; + size_t rlen, wlen; ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) @@ -1009,15 +1010,19 @@ void ssl3_clear(SSL *s) DH_free(s->s3->tmp.dh); #endif - rp=s->s3->rbuf.buf; - wp=s->s3->wbuf.buf; + rp = s->s3->rbuf.buf; + wp = s->s3->wbuf.buf; + rlen = s->s3->rbuf.len; + wlen = s->s3->wbuf.len; EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); memset(s->s3,0,sizeof *s->s3); - if (rp != NULL) s->s3->rbuf.buf=rp; - if (wp != NULL) s->s3->wbuf.buf=wp; + s->s3->rbuf.buf = rp; + s->s3->wbuf.buf = wp; + s->s3->rbuf.len = rlen; + s->s3->wbuf.len = wlen; ssl_free_wbio_buffer(s); @@ -1609,13 +1614,12 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) if (s->s3->renegotiate) ssl3_renegotiate_check(s); s->s3->in_read_app_data=1; ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - if ((ret == -1) && (s->s3->in_read_app_data == 0)) + if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* ssl3_read_bytes decided to call s->handshake_func, which * called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data - * and thinks that application data makes sense here (signalled - * by resetting 'in_read_app_data', strangely); so disable + * and thinks that application data makes sense here; so disable * handshake processing and try to read application data again. */ s->in_handshake++; ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 616698f70a..5e60e18972 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -117,7 +117,7 @@ #include "ssl_locl.h" static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len); + unsigned int len, int create_empty_fragment); static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len); static int ssl3_get_record(SSL *s); @@ -162,9 +162,7 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) { /* avoid buffer overflow */ - int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - max_max += SSL3_RT_MAX_EXTRA; + int max_max = s->s3->rbuf.len - s->packet_length; if (max > max_max) max = max_max; } @@ -247,14 +245,20 @@ static int ssl3_get_record(SSL *s) extra=SSL3_RT_MAX_EXTRA; else extra=0; + if (extra != (s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)) + { + /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER + * set after ssl3_setup_buffers() was done */ + SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); + return -1; + } again: /* check if we have the header */ if ( (s->rstate != SSL_ST_READ_BODY) || (s->packet_length < SSL3_RT_HEADER_LENGTH)) { - n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, - SSL3_RT_MAX_PACKET_SIZE,0); + n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); /* error or non-blocking */ s->rstate=SSL_ST_READ_BODY; @@ -509,7 +513,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (i == 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); + return -1; } } @@ -521,18 +525,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) else nw=n; - i=do_ssl3_write(s,type,&(buf[tot]),nw); + i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); if (i <= 0) { s->s3->wnum=tot; - return(i); + return i; } if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { - return(tot+i); + /* next chunk of data should get another prepended empty fragment + * in ciphersuites with known-IV weakness: */ + s->s3->empty_fragment_done = 0; + + return tot+i; } n-=i; @@ -541,15 +549,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len) + unsigned int len, int create_empty_fragment) { unsigned char *p,*plen; int i,mac_size,clear=0; + int prefix_len = 0; SSL3_RECORD *wr; SSL3_BUFFER *wb; SSL_SESSION *sess; - /* first check is there is a SSL3_RECORD still being written + /* first check if there is a SSL3_BUFFER still being written * out. This will happen with non blocking IO */ if (s->s3->wbuf.left != 0) return(ssl3_write_pending(s,type,buf,len)); @@ -563,7 +572,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if it went, fall through and send more stuff */ } - if (len == 0) return(len); + if (len == 0 && !create_empty_fragment) + return 0; wr= &(s->s3->wrec); wb= &(s->s3->wbuf); @@ -579,16 +589,44 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, else mac_size=EVP_MD_size(s->write_hash); - p=wb->buf; + /* 'create_empty_fragment' is true only when this function calls itself */ + if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) + { + /* countermeasure against known-IV weakness in CBC ciphersuites + * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ + + if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) + { + /* recursive function call with 'create_empty_fragment' set; + * this prepares and buffers the data for an empty fragment + * (these 'prefix_len' bytes are sent out later + * together with the actual payload) */ + prefix_len = do_ssl3_write(s, type, buf, 0, 1); + if (prefix_len <= 0) + goto err; + + if (s->s3->wbuf.len < prefix_len + SSL3_RT_MAX_PACKET_SIZE) + { + /* insufficient space */ + SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + s->s3->empty_fragment_done = 1; + } + + p = wb->buf + prefix_len; /* write the header */ + *(p++)=type&0xff; wr->type=type; *(p++)=(s->version>>8); *(p++)=s->version&0xff; - /* record where we are to write out packet length */ + /* field where we are to write out packet length */ plen=p; p+=2; @@ -639,19 +677,28 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->type=type; /* not needed but helps for debugging */ wr->length+=SSL3_RT_HEADER_LENGTH; - /* Now lets setup wb */ - wb->left=wr->length; - wb->offset=0; + if (create_empty_fragment) + { + /* we are in a recursive call; + * just return the length, don't write out anything here + */ + return wr->length; + } + /* now let's set up wb */ + wb->left = prefix_len + wr->length; + wb->offset = 0; + + /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ s->s3->wpend_tot=len; s->s3->wpend_buf=buf; s->s3->wpend_type=type; s->s3->wpend_ret=len; /* we now just need to write the buffer */ - return(ssl3_write_pending(s,type,buf,len)); + return ssl3_write_pending(s,type,buf,len); err: - return(-1); + return -1; } /* if s->s3->wbuf.left != 0, we need to call this */ @@ -1124,7 +1171,7 @@ start: ) )) { - s->s3->in_read_app_data=0; + s->s3->in_read_app_data=2; return(-1); } else @@ -1210,7 +1257,7 @@ int ssl3_dispatch_alert(SSL *s) void (*cb)(const SSL *ssl,int type,int val)=NULL; s->s3->alert_dispatch=0; - i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); if (i <= 0) { s->s3->alert_dispatch=1; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d6247a64ea..99b6a86983 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -727,7 +727,7 @@ static int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } - if ((i+p) > (d+n)) + if ((p+i) >= (d+n)) { /* not enough data */ al=SSL_AD_DECODE_ERROR; @@ -784,6 +784,13 @@ static int ssl3_get_client_hello(SSL *s) /* compression */ i= *(p++); + if ((p+i) > (d+n)) + { + /* not enough data */ + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); + goto f_err; + } q=p; for (j=0; jversion == SSL3_VERSION) { - if (p > (d+n)) + if (p < (d+n)) { /* wrong number of bytes, * there could be more to follow */ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 0528588aa9..8fd6951d77 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #ifndef HEADER_SSL3_H #define HEADER_SSL3_H @@ -218,10 +271,11 @@ typedef struct ssl3_record_st typedef struct ssl3_buffer_st { - unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes (more if - * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */ - int offset; /* where to 'copy from' */ - int left; /* how many bytes left */ + unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, + * see ssl3_setup_buffers() */ + size_t len; /* buffer size */ + int offset; /* where to 'copy from' */ + int left; /* how many bytes left */ } SSL3_BUFFER; #define SSL3_CT_RSA_SIGN 1 @@ -251,6 +305,10 @@ typedef struct ssl3_state_st unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; + SSL3_BUFFER rbuf; /* read IO goes into here */ SSL3_BUFFER wbuf; /* write IO goes into here */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 8b7844ceee..b80525f3ba 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -430,6 +483,14 @@ printf("\nkey block\n"); { int z; for (z=0; zs3->need_empty_fragments = 1; +#ifndef NO_RC4 + if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) + s->s3->need_empty_fragments = 0; +#endif + return(1); err: SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); From 2fb3f002d0f7f0ffe530dffa39df81f75ab08733 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sun, 14 Apr 2002 13:05:15 +0000 Subject: [PATCH 154/173] fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format (the bug was introduced with message callback support) --- ssl/s23_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 6170861705..9e89cc7f9a 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -473,7 +473,7 @@ int ssl23_get_client_hello(SSL *s) *(d++)=1; *(d++)=0; - i=(d-(unsigned char *)s->init_buf->data); + i = (d-(unsigned char *)s->init_buf->data) - 4; l2n3((long)i, d_len); /* get the data reused from the init_buf */ From f916052eab814b08cb50b501cb14d41f851cfd32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sun, 14 Apr 2002 13:28:17 +0000 Subject: [PATCH 155/173] remove disabled code --- crypto/ec/ec_mult.c | 311 +------------------------------------------- 1 file changed, 1 insertion(+), 310 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 4e409d07bf..603ba31b81 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -61,14 +61,13 @@ /* TODO: optional precomputation of multiples of the generator */ -#if 1 + /* * wNAF-based interleaving multi-exponentation method * () */ - /* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying @@ -417,314 +416,6 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, return ret; } -#else - -/* - * Basic interleaving multi-exponentation method - */ - - - -#define EC_window_bits_for_scalar_size(b) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1) -/* For window size 'w' (w >= 2), we compute the odd multiples - * 1*P .. (2^w-1)*P. - * This accounts for 2^(w-1) point additions (neglecting constants), - * each of which requires 16 field multiplications (4 squarings - * and 12 general multiplications) in the case of curves defined - * over GF(p), which are the only curves we have so far. - * - * Converting these precomputed points into affine form takes - * three field multiplications for inverting Z and one squaring - * and three multiplications for adjusting X and Y, i.e. - * 7 multiplications in total (1 squaring and 6 general multiplications), - * again except for constants. - * - * The average number of windows for a 'b' bit scalar is roughly - * b/(w+1). - * Each of these windows (except possibly for the first one, but - * we are ignoring constants anyway) requires one point addition. - * As the precomputed table stores points in affine form, these - * additions take only 11 field multiplications each (3 squarings - * and 8 general multiplications). - * - * So the total workload, except for constants, is - * - * 2^(w-1)*[5 squarings + 18 multiplications] - * + (b/(w+1))*[3 squarings + 8 multiplications] - * - * If we assume that 10 squarings are as costly as 9 multiplications, - * our task is to find the 'w' that, given 'b', minimizes - * - * 2^(w-1)*(5*9 + 18*10) + (b/(w+1))*(3*9 + 8*10) - * = 2^(w-1)*225 + (b/(w+1))*107. - * - * Thus optimal window sizes should be roughly as follows: - * - * w >= 6 if b >= 1414 - * w = 5 if 1413 >= b >= 505 - * w = 4 if 504 >= b >= 169 - * w = 3 if 168 >= b >= 51 - * w = 2 if 50 >= b >= 13 - * w = 1 if 12 >= b - * - * If we assume instead that squarings are exactly as costly as - * multiplications, we have to minimize - * 2^(w-1)*23 + (b/(w+1))*11. - * - * This gives us the following (nearly unchanged) table of optimal - * windows sizes: - * - * w >= 6 if b >= 1406 - * w = 5 if 1405 >= b >= 502 - * w = 4 if 501 >= b >= 168 - * w = 3 if 167 >= b >= 51 - * w = 2 if 50 >= b >= 13 - * w = 1 if 12 >= b - * - * Note that neither table tries to take into account memory usage - * (allocation overhead, code locality etc.). Actual timings with - * NIST curves P-192, P-224, and P-256 with scalars of 192, 224, - * and 256 bits, respectively, show that w = 3 (instead of 4) is - * preferrable; timings with NIST curve P-384 and 384-bit scalars - * confirm that w = 4 is optimal for this case; and timings with - * NIST curve P-521 and 521-bit scalars show that w = 4 (instead - * of 5) is preferrable. So we generously round up all the - * boundaries and use the following table: - * - * w >= 6 if b >= 2000 - * w = 5 if 1999 >= b >= 800 - * w = 4 if 799 >= b >= 300 - * w = 3 if 299 >= b >= 70 - * w = 2 if 69 >= b >= 20 - * w = 1 if 19 >= b - */ - -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { - BN_CTX *new_ctx = NULL; - EC_POINT *generator = NULL; - EC_POINT *tmp = NULL; - size_t totalnum; - size_t i, j; - int k, t; - int r_is_at_infinity = 1; - size_t max_bits = 0; - size_t *wsize = NULL; /* individual window sizes */ - unsigned long *wbits = NULL; /* individual window contents */ - int *wpos = NULL; /* position of bottom bit of current individual windows - * (wpos[i] is valid if wbits[i] != 0) */ - size_t num_val; - EC_POINT **val = NULL; /* precomputation */ - EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ - int ret = 0; - - if (scalar != NULL) - { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR); - return 0; - } - } - - for (i = 0; i < num; i++) - { - if (group->meth != points[i]->meth) - { - ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - } - - totalnum = num + (scalar != NULL); - - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wbits = OPENSSL_malloc(totalnum * sizeof wbits[0]); - wpos = OPENSSL_malloc(totalnum * sizeof wpos[0]); - if (wsize == NULL || wbits == NULL || wpos == NULL) goto err; - - /* num_val := total number of points to precompute */ - num_val = 0; - for (i = 0; i < totalnum; i++) - { - size_t bits; - - bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); - wsize[i] = EC_window_bits_for_scalar_size(bits); - num_val += 1u << (wsize[i] - 1); - if (bits > max_bits) - max_bits = bits; - wbits[i] = 0; - wpos[i] = 0; - } - - /* all precomputed points go into a single array 'val', - * 'val_sub[i]' is a pointer to the subarray for the i-th point */ - val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); - if (val == NULL) goto err; - val[num_val] = NULL; /* pivot element */ - - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); - if (val_sub == NULL) goto err; - - /* allocate points for precomputation */ - v = val; - for (i = 0; i < totalnum; i++) - { - val_sub[i] = v; - for (j = 0; j < (1u << (wsize[i] - 1)); j++) - { - *v = EC_POINT_new(group); - if (*v == NULL) goto err; - v++; - } - } - if (!(v == val + num_val)) - { - ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - - tmp = EC_POINT_new(group); - if (tmp == NULL) goto err; - - /* prepare precomputed values: - * val_sub[i][0] := points[i] - * val_sub[i][1] := 3 * points[i] - * val_sub[i][2] := 5 * points[i] - * ... - */ - for (i = 0; i < totalnum; i++) - { - if (i < num) - { - if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err; - if (scalars[i]->neg) - { - if (!EC_POINT_invert(group, val_sub[i][0], ctx)) goto err; - } - } - else - { - if (!EC_POINT_copy(val_sub[i][0], generator)) goto err; - if (scalar->neg) - { - if (!EC_POINT_invert(group, val_sub[i][0], ctx)) goto err; - } - } - - if (wsize[i] > 1) - { - if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; - for (j = 1; j < (1u << (wsize[i] - 1)); j++) - { - if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; - } - } - } - -#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; -#endif - - r_is_at_infinity = 1; - - for (k = max_bits - 1; k >= 0; k--) - { - if (!r_is_at_infinity) - { - if (!EC_POINT_dbl(group, r, r, ctx)) goto err; - } - - for (i = 0; i < totalnum; i++) - { - if (wbits[i] == 0) - { - const BIGNUM *s; - - s = i < num ? scalars[i] : scalar; - - if (BN_is_bit_set(s, k)) - { - /* look at bits k - wsize[i] + 1 .. k for this window */ - t = k - wsize[i] + 1; - while (!BN_is_bit_set(s, t)) /* BN_is_bit_set is false for t < 0 */ - t++; - wpos[i] = t; - wbits[i] = 1; - for (t = k - 1; t >= wpos[i]; t--) - { - wbits[i] <<= 1; - if (BN_is_bit_set(s, t)) - wbits[i]++; - } - /* now wbits[i] is the odd bit pattern at bits wpos[i] .. k */ - } - } - - if ((wbits[i] != 0) && (wpos[i] == k)) - { - if (r_is_at_infinity) - { - if (!EC_POINT_copy(r, val_sub[i][wbits[i] >> 1])) goto err; - r_is_at_infinity = 0; - } - else - { - if (!EC_POINT_add(group, r, r, val_sub[i][wbits[i] >> 1], ctx)) goto err; - } - wbits[i] = 0; - } - } - } - - if (r_is_at_infinity) - if (!EC_POINT_set_to_infinity(group, r)) goto err; - - ret = 1; - - err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (tmp != NULL) - EC_POINT_free(tmp); - if (wsize != NULL) - OPENSSL_free(wsize); - if (wbits != NULL) - OPENSSL_free(wbits); - if (wpos != NULL) - OPENSSL_free(wpos); - if (val != NULL) - { - for (v = val; *v != NULL; v++) - EC_POINT_clear_free(*v); - - OPENSSL_free(val); - } - if (val_sub != NULL) - { - OPENSSL_free(val_sub); - } - return ret; - } -#endif - int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { From 2940a1298eea7b25b2bd5e13f3b45de3b1944008 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 15 Apr 2002 09:55:40 +0000 Subject: [PATCH 156/173] Fix CRLF problem in BASE64 decode. --- CHANGES | 8 ++++++++ crypto/evp/encode.c | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index f5327d36bf..5f090e442a 100644 --- a/CHANGES +++ b/CHANGES @@ -1625,6 +1625,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6c and 0.9.6d [XX xxx 2002] + *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: + an end-of-file condition would erronously be flagged, when the CRLF + was just at the end of a processed block. The bug was discovered when + processing data through a buffering memory BIO handing the data to a + BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov + and Nedelcho Stanev. + [Lutz Jaenicke] + *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 6ff9c1783c..12c6379df1 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, eof++; } + if (v == B64_CR) + { + ln = 0; + if (exp_nl) + continue; + } + /* eoln */ if (v == B64_EOLN) { From 30911232c17f309f947156959fcbbf504c1b66fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 15 Apr 2002 10:41:38 +0000 Subject: [PATCH 157/173] Some more OID enhancements. --- CHANGES | 4 +- crypto/objects/obj_dat.h | 1883 ++++++++++++++++++------------------ crypto/objects/obj_mac.h | 37 +- crypto/objects/obj_mac.num | 6 + crypto/objects/objects.txt | 19 +- 5 files changed, 1007 insertions(+), 942 deletions(-) diff --git a/CHANGES b/CHANGES index 5f090e442a..68e233fedb 100644 --- a/CHANGES +++ b/CHANGES @@ -41,8 +41,8 @@ Changes between 0.9.6d and 0.9.7 [XX xxx 2002] *) Make object definitions compliant to LDAP (RFC2256): SN is the short - form for "surname", serialNumber has no short form (Michael Bell - ). + form for "surname", serialNumber has no short form; some more OID + additions.(Michael Bell ) [Lutz Jaenicke] *) Add an "init" command to the ENGINE config module and auto initialize diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index a1249a2e99..68f225b3d8 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 568 -#define NUM_SN 564 -#define NUM_LN 564 -#define NUM_OBJ 538 +#define NUM_NID 574 +#define NUM_SN 569 +#define NUM_LN 569 +#define NUM_OBJ 543 -static unsigned char lvalues[4226]={ +static unsigned char lvalues[4257]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -152,460 +152,465 @@ static unsigned char lvalues[4226]={ 0x55,0x04,0x2A, /* [535] OBJ_givenName */ 0x55,0x04,0x04, /* [538] OBJ_surname */ 0x55,0x04,0x2B, /* [541] OBJ_initials */ -0x55,0x04,0x2D, /* [544] OBJ_uniqueIdentifier */ -0x55,0x1D,0x1F, /* [547] OBJ_crl_distribution_points */ -0x2B,0x0E,0x03,0x02,0x03, /* [550] OBJ_md5WithRSA */ -0x55,0x04,0x05, /* [555] OBJ_serialNumber */ -0x55,0x04,0x0C, /* [558] OBJ_title */ -0x55,0x04,0x0D, /* [561] OBJ_description */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [564] OBJ_cast5_cbc */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [573] OBJ_pbeWithMD5AndCast5_CBC */ -0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [582] OBJ_dsaWithSHA1 */ -0x2B,0x0E,0x03,0x02,0x1D, /* [589] OBJ_sha1WithRSA */ -0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [594] OBJ_dsa */ -0x2B,0x24,0x03,0x02,0x01, /* [601] OBJ_ripemd160 */ -0x2B,0x24,0x03,0x03,0x01,0x02, /* [606] OBJ_ripemd160WithRSA */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [612] OBJ_rc5_cbc */ -0x29,0x01,0x01,0x85,0x1A,0x01, /* [620] OBJ_rle_compression */ -0x29,0x01,0x01,0x85,0x1A,0x02, /* [626] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [632] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [635] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [641] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [648] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [656] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [664] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [672] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [680] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [688] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [698] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [708] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [718] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [728] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [738] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [747] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [750] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [753] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [756] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [761] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [771] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [781] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [791] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [801] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [811] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [821] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [832] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [843] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [854] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [865] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [876] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [887] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [896] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [905] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [915] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [925] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [935] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [944] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [953] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [961] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [969] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [977] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [986] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [995] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1004] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1013] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1023] OBJ_ext_req */ -0x55,0x04,0x29, /* [1032] OBJ_name */ -0x55,0x04,0x2E, /* [1035] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1038] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1045] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1052] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1060] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1068] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1076] OBJ_OCSP_sign */ -0x28, /* [1084] OBJ_iso */ -0x2A, /* [1085] OBJ_member_body */ -0x2A,0x86,0x48, /* [1086] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1089] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1094] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1100] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1108] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1866] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1874] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1881] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1888] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1895] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1902] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1909] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1916] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1923] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1930] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1937] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1944] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1951] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1959] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1967] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1975] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1983] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1991] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1999] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2007] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2015] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2023] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2031] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2039] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2047] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2055] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2063] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2071] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2079] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2087] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2095] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2103] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2111] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2119] OBJ_sbqp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2127] OBJ_sbqp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2135] OBJ_sbqp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2143] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2151] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2159] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2167] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2175] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2183] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2191] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2199] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2207] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2215] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2223] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2231] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2239] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2247] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2255] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2263] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2271] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2279] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2287] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2295] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2303] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2311] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2391] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2399] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2415] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2423] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2431] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2439] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2447] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2455] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2463] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2471] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2479] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2487] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2495] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2503] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2511] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2519] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2527] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2535] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2543] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2551] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2559] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2567] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2575] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ -0x55,0x08, /* [2827] OBJ_X500algorithms */ -0x2B, /* [2829] OBJ_org */ -0x2B,0x06, /* [2830] OBJ_dod */ -0x2B,0x06,0x01, /* [2832] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ -0x50, /* [2897] OBJ_joint_iso_ccitt */ -0x55,0x01,0x05, /* [2898] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2901] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2905] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2914] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2922] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2930] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2938] OBJ_role */ -0x55,0x1D,0x24, /* [2941] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2944] OBJ_target_information */ -0x55,0x1D,0x38, /* [2947] OBJ_no_rev_avail */ -0x00, /* [2950] OBJ_ccitt */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2951] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2956] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2963] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2970] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2977] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2985] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2993] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3001] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3009] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3017] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3025] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3033] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3040] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3049] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3058] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3067] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3076] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3085] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3094] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3103] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3112] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3121] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3130] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3139] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3148] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3157] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3160] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3167] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3174] OBJ_hold_instruction_reject */ -0x09, /* [3181] OBJ_data */ -0x09,0x92,0x26, /* [3182] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3185] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3192] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3200] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3209] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3218] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3227] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3236] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3246] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3256] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3266] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3276] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3286] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3296] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3306] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3316] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3326] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3336] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3346] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3356] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3366] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3376] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3386] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3396] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3406] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3416] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3426] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3436] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3446] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3456] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3466] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3476] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3486] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3496] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3506] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3516] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3526] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3536] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3546] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3556] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3566] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3576] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3586] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3596] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3606] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3616] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3626] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3636] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3646] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3656] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3666] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3676] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3686] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3696] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3706] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3716] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3726] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3736] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3746] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3756] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3766] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3776] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3786] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3796] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3806] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3816] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3826] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3836] OBJ_documentPublisher */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [3846] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [3854] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [3863] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [3872] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [3881] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [3889] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [3897] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [3905] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [3913] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [3921] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [3929] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [3937] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [3945] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [3953] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [3961] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [3969] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [3977] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [3985] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [3993] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4001] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4009] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4017] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4025] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4033] OBJ_X9_62_c2tnb431r1 */ -0x2B, /* [4041] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4042] OBJ_certicom_arc */ -0x2B,0x81,0x04,0x00,0x06, /* [4045] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4050] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4055] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4060] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4065] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4070] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4075] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4080] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4085] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4090] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4095] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4100] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4105] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4110] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4115] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4120] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4125] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4130] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4135] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4140] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4145] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4150] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4155] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4160] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4165] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4170] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4175] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4180] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4185] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4190] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4195] OBJ_sect571r1 */ -0x67,0x2B, /* [4200] OBJ_wap */ -0x67,0x2B,0x0D, /* [4202] OBJ_wap_wsg */ -0x67,0x2B,0x0D,0x04,0x01, /* [4205] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4210] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4215] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4220] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x55,0x1D,0x1F, /* [544] OBJ_crl_distribution_points */ +0x2B,0x0E,0x03,0x02,0x03, /* [547] OBJ_md5WithRSA */ +0x55,0x04,0x05, /* [552] OBJ_serialNumber */ +0x55,0x04,0x0C, /* [555] OBJ_title */ +0x55,0x04,0x0D, /* [558] OBJ_description */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */ +0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [579] OBJ_dsaWithSHA1 */ +0x2B,0x0E,0x03,0x02,0x1D, /* [586] OBJ_sha1WithRSA */ +0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [591] OBJ_dsa */ +0x2B,0x24,0x03,0x02,0x01, /* [598] OBJ_ripemd160 */ +0x2B,0x24,0x03,0x03,0x01,0x02, /* [603] OBJ_ripemd160WithRSA */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [609] OBJ_rc5_cbc */ +0x29,0x01,0x01,0x85,0x1A,0x01, /* [617] OBJ_rle_compression */ +0x29,0x01,0x01,0x85,0x1A,0x02, /* [623] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [629] OBJ_ext_key_usage */ +0x2B,0x06,0x01,0x05,0x05,0x07, /* [632] OBJ_id_pkix */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [638] OBJ_id_kp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [645] OBJ_server_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [653] OBJ_client_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [661] OBJ_code_sign */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [669] OBJ_email_protect */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [677] OBJ_time_stamp */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [744] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [747] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [750] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [753] OBJ_sxnet */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [950] OBJ_hmacWithSHA1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [958] OBJ_id_qt_cps */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [966] OBJ_id_qt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */ +0x55,0x04,0x29, /* [1029] OBJ_name */ +0x55,0x04,0x2E, /* [1032] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1035] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1042] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1049] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1057] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1065] OBJ_ad_ca_issuers */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1073] OBJ_OCSP_sign */ +0x28, /* [1081] OBJ_iso */ +0x2A, /* [1082] OBJ_member_body */ +0x2A,0x86,0x48, /* [1083] OBJ_ISO_US */ +0x2A,0x86,0x48,0xCE,0x38, /* [1086] OBJ_X9_57 */ +0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1091] OBJ_X9cm */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1097] OBJ_pkcs1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1105] OBJ_pkcs5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1863] OBJ_md4 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1871] OBJ_id_pkix_mod */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1878] OBJ_id_qt */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1885] OBJ_id_it */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1892] OBJ_id_pkip */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1899] OBJ_id_alg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1906] OBJ_id_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1913] OBJ_id_on */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1920] OBJ_id_pda */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1927] OBJ_id_aca */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1934] OBJ_id_qcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1941] OBJ_id_cct */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1948] OBJ_id_pkix1_explicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1956] OBJ_id_pkix1_implicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1964] OBJ_id_pkix1_explicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1972] OBJ_id_pkix1_implicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1980] OBJ_id_mod_crmf */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1988] OBJ_id_mod_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1996] OBJ_id_mod_kea_profile_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2004] OBJ_id_mod_kea_profile_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2012] OBJ_id_mod_cmp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2020] OBJ_id_mod_qualified_cert_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2028] OBJ_id_mod_qualified_cert_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2036] OBJ_id_mod_attribute_cert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2044] OBJ_id_mod_timestamp_protocol */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2052] OBJ_id_mod_ocsp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2060] OBJ_id_mod_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2068] OBJ_id_mod_cmp2000 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2076] OBJ_biometricInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2084] OBJ_qcStatements */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbqp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbqp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbqp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2164] OBJ_ipsecUser */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2172] OBJ_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2180] OBJ_id_it_caProtEncCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2188] OBJ_id_it_signKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2196] OBJ_id_it_encKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2204] OBJ_id_it_preferredSymmAlg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2212] OBJ_id_it_caKeyUpdateInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2220] OBJ_id_it_currentCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2228] OBJ_id_it_unsupportedOIDs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2236] OBJ_id_it_subscriptionRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2244] OBJ_id_it_subscriptionResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2252] OBJ_id_it_keyPairParamReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2260] OBJ_id_it_keyPairParamRep */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2268] OBJ_id_it_revPassphrase */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2276] OBJ_id_it_implicitConfirm */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2284] OBJ_id_it_confirmWaitTime */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2292] OBJ_id_it_origPKIMessage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2300] OBJ_id_regCtrl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2308] OBJ_id_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2388] OBJ_id_alg_des40 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2396] OBJ_id_alg_noSignature */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2412] OBJ_id_alg_dh_pop */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2420] OBJ_id_cmc_statusInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2428] OBJ_id_cmc_identification */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2436] OBJ_id_cmc_identityProof */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2444] OBJ_id_cmc_dataReturn */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2452] OBJ_id_cmc_transactionId */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2460] OBJ_id_cmc_senderNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2468] OBJ_id_cmc_recipientNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2476] OBJ_id_cmc_addExtensions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2484] OBJ_id_cmc_encryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2492] OBJ_id_cmc_decryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2500] OBJ_id_cmc_lraPOPWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2508] OBJ_id_cmc_getCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2516] OBJ_id_cmc_getCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2524] OBJ_id_cmc_revokeRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2532] OBJ_id_cmc_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2540] OBJ_id_cmc_responseInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2548] OBJ_id_cmc_queryPending */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2556] OBJ_id_cmc_popLinkRandom */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2564] OBJ_id_cmc_popLinkWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2572] OBJ_id_cmc_confirmCertAcceptance */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2580] OBJ_id_on_personalData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2588] OBJ_id_pda_dateOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2596] OBJ_id_pda_placeOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2604] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2612] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2620] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2628] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2636] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2644] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2652] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2660] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2676] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2684] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2692] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2700] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2708] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2815] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2819] OBJ_rsaSignature */ +0x55,0x08, /* [2824] OBJ_X500algorithms */ +0x2B, /* [2826] OBJ_org */ +0x2B,0x06, /* [2827] OBJ_dod */ +0x2B,0x06,0x01, /* [2829] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2832] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2836] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2840] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2844] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2848] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2852] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2856] OBJ_Mail */ +0x2B,0x06,0x01,0x04,0x01, /* [2860] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ +0x50, /* [2894] OBJ_joint_iso_ccitt */ +0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2911] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2919] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2927] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2935] OBJ_role */ +0x55,0x1D,0x24, /* [2938] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2941] OBJ_target_information */ +0x55,0x1D,0x38, /* [2944] OBJ_no_rev_avail */ +0x00, /* [2947] OBJ_ccitt */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2948] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2953] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2960] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2967] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2974] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2982] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2990] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2998] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3006] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3014] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3022] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3030] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3154] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3157] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3164] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3171] OBJ_hold_instruction_reject */ +0x09, /* [3178] OBJ_data */ +0x09,0x92,0x26, /* [3179] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3182] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3189] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [3843] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [3851] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [3860] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [3869] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [3878] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [3886] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [3894] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [3902] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [3910] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [3918] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [3926] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [3934] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [3942] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [3950] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [3958] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [3966] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [3974] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [3982] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [3990] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [3998] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4006] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4014] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4022] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4030] OBJ_X9_62_c2tnb431r1 */ +0x2B, /* [4038] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4039] OBJ_certicom_arc */ +0x2B,0x81,0x04,0x00,0x06, /* [4042] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4047] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4052] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4057] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4062] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4067] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4072] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4077] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4082] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4087] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4092] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4097] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4102] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4107] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4112] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4117] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4122] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4127] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4132] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4137] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4142] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4147] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4152] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4157] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4162] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4167] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4172] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4177] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4182] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4187] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4192] OBJ_sect571r1 */ +0x67,0x2B, /* [4197] OBJ_wap */ +0x67,0x2B,0x0D, /* [4199] OBJ_wap_wsg */ +0x67,0x2B,0x0D,0x04,0x01, /* [4202] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x0D,0x04,0x06, /* [4207] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x0D,0x04,0x08, /* [4212] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x0D,0x04,0x09, /* [4217] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x55,0x04,0x2D, /* [4222] OBJ_x500UniqueIdentifier */ +0x2B,0x06,0x01,0x07,0x01, /* [4225] OBJ_mime_mhs */ +0x2B,0x06,0x01,0x07,0x01,0x01, /* [4230] OBJ_mime_mhs_headings */ +0x2B,0x06,0x01,0x07,0x01,0x02, /* [4236] OBJ_mime_mhs_bodies */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [4242] OBJ_id_hex_partial_message */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [4249] OBJ_id_hex_multipart_message */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -669,7 +674,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0}, {"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL}, {"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0}, -{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[257]),0}, +{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, + &(lvalues[257]),0}, {"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9, &(lvalues[266]),0}, {"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0}, @@ -746,709 +752,719 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0}, {"RC4-40","rc4-40",NID_rc4_40,0,NULL}, {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL}, -{"G","givenName",NID_givenName,3,&(lvalues[535]),0}, +{"gn","givenName",NID_givenName,3,&(lvalues[535]),0}, {"SN","surname",NID_surname,3,&(lvalues[538]),0}, -{"I","initials",NID_initials,3,&(lvalues[541]),0}, -{"uniqueIdentifier","uniqueIdentifier",NID_uniqueIdentifier,3, - &(lvalues[544]),0}, +{"initials","initials",NID_initials,3,&(lvalues[541]),0}, +{NULL,NULL,NID_undef,0,NULL}, {"crlDistributionPoints","X509v3 CRL Distribution Points", - NID_crl_distribution_points,3,&(lvalues[547]),0}, -{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0}, -{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[555]),0}, -{"T","title",NID_title,3,&(lvalues[558]),0}, -{"D","description",NID_description,3,&(lvalues[561]),0}, -{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[564]),0}, + NID_crl_distribution_points,3,&(lvalues[544]),0}, +{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0}, +{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0}, +{"title","title",NID_title,3,&(lvalues[555]),0}, +{"description","description",NID_description,3,&(lvalues[558]),0}, +{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0}, {"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL}, {"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL}, {"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL}, {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", - NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[573]),0}, -{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[582]),0}, + NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0}, +{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0}, {"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL}, -{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[589]),0}, -{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[594]),0}, -{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[601]),0}, +{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0}, +{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0}, +{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0}, {NULL,NULL,NID_undef,0,NULL}, {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, - &(lvalues[606]),0}, -{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[612]),0}, + &(lvalues[603]),0}, +{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0}, {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL}, {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL}, {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL}, -{"RLE","run length compression",NID_rle_compression,6,&(lvalues[620]),0}, -{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[626]),0}, +{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0}, +{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[632]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[635]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[641]),0}, + &(lvalues[629]),0}, +{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0}, +{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0}, {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[648]),0}, + &(lvalues[645]),0}, {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[656]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[664]),0}, + &(lvalues[653]),0}, +{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0}, {"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[672]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[680]),0}, + &(lvalues[669]),0}, +{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[688]),0}, + &(lvalues[685]),0}, {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, - &(lvalues[698]),0}, + &(lvalues[695]),0}, {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, - &(lvalues[708]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[718]),0}, + &(lvalues[705]),0}, +{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0}, {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[728]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[738]),0}, + &(lvalues[725]),0}, +{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0}, {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[747]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[750]),0}, + &(lvalues[744]),0}, +{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[753]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[756]),0}, + &(lvalues[750]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0}, {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[761]),0}, + NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0}, {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[771]),0}, + NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0}, {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[781]),0}, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0}, {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[791]),0}, + NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0}, {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[801]),0}, + NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0}, {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[811]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[821]),0}, + NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0}, +{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0}, {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[832]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[843]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[854]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[865]),0}, + 11,&(lvalues[829]),0}, +{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0}, +{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0}, +{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0}, {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[876]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[887]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[896]),0}, + &(lvalues[873]),0}, +{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0}, +{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0}, {"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[905]),0}, + &(lvalues[902]),0}, {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, - &(lvalues[915]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[925]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[935]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[944]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[953]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[961]),0}, + &(lvalues[912]),0}, +{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0}, +{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0}, +{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0}, +{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0}, +{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[969]),0}, + &(lvalues[966]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[977]),0}, + &(lvalues[974]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[986]),0}, + &(lvalues[983]),0}, {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[995]),0}, + &(lvalues[992]),0}, {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[1004]),0}, + &(lvalues[1001]),0}, {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1013]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1023]),0}, -{"name","name",NID_name,3,&(lvalues[1032]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1035]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1038]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1045]),0}, + &(lvalues[1010]),0}, +{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0}, +{"name","name",NID_name,3,&(lvalues[1029]),0}, +{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0}, {"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1052]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1060]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1068]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1076]),0}, -{"ISO","iso",NID_iso,1,&(lvalues[1084]),0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0}, + 8,&(lvalues[1049]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0}, +{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0}, +{"ISO","iso",NID_iso,1,&(lvalues[1081]),0}, +{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0}, +{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0}, +{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0}, +{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0}, +{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0}, +{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0}, +{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0}, +{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0}, +{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0}, +{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0}, +{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0}, +{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0}, +{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0}, +{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0}, {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1195]),0}, + &(lvalues[1192]),0}, {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1206]),0}, + &(lvalues[1203]),0}, {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1217]),0}, + &(lvalues[1214]),0}, {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1228]),0}, + 11,&(lvalues[1225]),0}, {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0}, + NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0}, {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0}, + NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0}, {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0}, + NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0}, {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0}, + NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0}, {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1283]),0}, + 11,&(lvalues[1280]),0}, {"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1294]),0}, + NID_id_smime_ct_authData,11,&(lvalues[1291]),0}, {"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0}, + NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0}, {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1316]),0}, + 11,&(lvalues[1313]),0}, {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1327]),0}, + 11,&(lvalues[1324]),0}, {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0}, + NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0}, {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0}, + NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0}, {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0}, + NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0}, {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0}, + NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0}, {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0}, + NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0}, {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0}, + NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0}, {"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0}, + NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0}, {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0}, + NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0}, {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0}, + NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0}, {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0}, + NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0}, {"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1448]),0}, + NID_id_smime_aa_macValue,11,&(lvalues[1445]),0}, {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0}, + NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0}, {"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0}, + NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0}, {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0}, + NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0}, {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0}, + NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0}, {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0}, + NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0}, {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0}, + NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0}, {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0}, + NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0}, {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0}, + NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0}, {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0}, + NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0}, {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0}, + NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0}, {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0}, + NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0}, {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0}, + NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0}, {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0}, + NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0}, {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0}, + NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0}, {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0}, + NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0}, {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0}, + NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0}, {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0}, + NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0}, {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0}, + NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0}, {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0}, + NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0}, {"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0}, + NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0}, {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0}, + NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0}, {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0}, + NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0}, {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0}, + NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0}, {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0}, + NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0}, {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0}, + NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0}, {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1734]),0}, + &(lvalues[1731]),0}, {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0}, + NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0}, {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0}, + NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0}, {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1767]),0}, + &(lvalues[1764]),0}, {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0}, + NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0}, {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0}, + NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0}, {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0}, + NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0}, {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0}, + NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0}, {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0}, + NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0}, {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0}, + NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0}, {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0}, + NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0}, {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1866]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0}, + NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0}, +{"MD4","md4",NID_md4,8,&(lvalues[1863]),0}, +{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0}, +{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0}, +{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0}, +{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0}, +{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0}, +{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0}, +{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0}, +{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0}, +{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0}, +{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0}, +{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0}, {"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0}, + NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0}, {"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0}, + NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0}, {"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0}, + NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0}, {"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0}, + NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0}, +{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0}, +{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0}, {"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0}, + NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0}, {"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0}, + NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0}, +{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0}, {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0}, + NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0}, {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0}, + NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0}, {"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2039]),0}, + NID_id_mod_attribute_cert,8,&(lvalues[2036]),0}, {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0}, + NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0}, +{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0}, +{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0}, {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2071]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0}, + &(lvalues[2068]),0}, +{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0}, +{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0}, {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2095]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0}, + &(lvalues[2092]),0}, +{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0}, +{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0}, {"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8, - &(lvalues[2119]),0}, + &(lvalues[2116]),0}, {"sbqp-autonomousSysNum","sbqp-autonomousSysNum", - NID_sbqp_autonomousSysNum,8,&(lvalues[2127]),0}, + NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0}, {"sbqp-routerIdentifier","sbqp-routerIdentifier", - NID_sbqp_routerIdentifier,8,&(lvalues[2135]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0}, + NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0}, +{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2151]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0}, + &(lvalues[2148]),0}, +{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0}, +{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0}, +{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2183]),0}, + 8,&(lvalues[2180]),0}, {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0}, + NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0}, {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0}, + NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0}, {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0}, + NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0}, {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0}, + NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0}, {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2223]),0}, + &(lvalues[2220]),0}, {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0}, + NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0}, {"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0}, + NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0}, {"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0}, + NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0}, {"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0}, + NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0}, {"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0}, + NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0}, {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2271]),0}, + 8,&(lvalues[2268]),0}, {"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2279]),0}, + NID_id_it_implicitConfirm,8,&(lvalues[2276]),0}, {"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0}, + NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0}, {"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2295]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0}, + NID_id_it_origPKIMessage,8,&(lvalues[2292]),0}, +{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0}, +{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0}, {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2319]),0}, + 9,&(lvalues[2316]),0}, {"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0}, + NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0}, {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0}, + NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0}, {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0}, + NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0}, {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0}, + NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0}, {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0}, + NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0}, {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0}, + NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0}, {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2382]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0}, + &(lvalues[2379]),0}, +{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0}, {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2399]),0}, + &(lvalues[2396]),0}, {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0}, + NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0}, +{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0}, {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2423]),0}, + &(lvalues[2420]),0}, {"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2431]),0}, + NID_id_cmc_identification,8,&(lvalues[2428]),0}, {"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2439]),0}, + NID_id_cmc_identityProof,8,&(lvalues[2436]),0}, {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2447]),0}, + &(lvalues[2444]),0}, {"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2455]),0}, + NID_id_cmc_transactionId,8,&(lvalues[2452]),0}, {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2463]),0}, + &(lvalues[2460]),0}, {"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0}, + NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0}, {"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2479]),0}, + NID_id_cmc_addExtensions,8,&(lvalues[2476]),0}, {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2487]),0}, + 8,&(lvalues[2484]),0}, {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2495]),0}, + 8,&(lvalues[2492]),0}, {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0}, + NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0}, {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2511]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0}, + &(lvalues[2508]),0}, +{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0}, {"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0}, + NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0}, {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2535]),0}, + &(lvalues[2532]),0}, {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2543]),0}, + 8,&(lvalues[2540]),0}, {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2551]),0}, + 8,&(lvalues[2548]),0}, {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0}, + NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0}, {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0}, + NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0}, {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0}, + NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0}, {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2583]),0}, + &(lvalues[2580]),0}, {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2591]),0}, + &(lvalues[2588]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2599]),0}, + 8,&(lvalues[2596]),0}, {NULL,NULL,NID_undef,0,NULL}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2636]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2687]),0}, + &(lvalues[2684]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2695]),0}, + &(lvalues[2692]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2703]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, + &(lvalues[2700]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2719]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, + &(lvalues[2716]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2764]),0}, + 9,&(lvalues[2761]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2809]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, + &(lvalues[2806]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2827]),0}, -{"ORG","org",NID_org,1,&(lvalues[2829]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, -{"private","Private",NID_Private,4,&(lvalues[2847]),0}, -{"security","Security",NID_Security,4,&(lvalues[2851]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, -{"mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, + NID_X500algorithms,2,&(lvalues[2824]),0}, +{"ORG","org",NID_org,1,&(lvalues[2826]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2827]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2829]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0}, +{"private","Private",NID_Private,4,&(lvalues[2844]),0}, +{"security","Security",NID_Security,4,&(lvalues[2848]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0}, +{"mail","Mail",NID_Mail,4,&(lvalues[2856]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, {"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, - &(lvalues[2897]),0}, + &(lvalues[2894]),0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2898]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2901]),0}, + NID_selected_attribute_types,3,&(lvalues[2895]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2905]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2914]),0}, + &(lvalues[2902]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2922]),0}, + &(lvalues[2919]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2930]),0}, -{"role","role",NID_role,3,&(lvalues[2938]),0}, + &(lvalues[2927]),0}, +{"role","role",NID_role,3,&(lvalues[2935]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2941]),0}, + NID_policy_constraints,3,&(lvalues[2938]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2944]),0}, + &(lvalues[2941]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2947]),0}, -{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2950]),0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2951]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2956]),0}, + &(lvalues[2944]),0}, +{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2963]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2970]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2977]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2985]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2993]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3001]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3009]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3017]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3025]),0}, + &(lvalues[2967]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3033]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3040]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3049]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3058]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3067]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3076]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3085]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3094]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3103]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3112]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3121]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3130]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3139]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3148]),0}, + &(lvalues[3030]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3157]),0}, + NID_hold_instruction_code,3,&(lvalues[3154]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3160]),0}, + NID_hold_instruction_none,7,&(lvalues[3157]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3167]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3174]),0}, -{"data","data",NID_data,1,&(lvalues[3181]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3182]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3185]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3192]),0}, + NID_hold_instruction_reject,7,&(lvalues[3171]),0}, +{"data","data",NID_data,1,&(lvalues[3178]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3179]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3200]),0}, + &(lvalues[3197]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3209]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3206]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3218]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3227]),0}, + &(lvalues[3215]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3236]),0}, + &(lvalues[3233]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3246]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3256]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3266]),0}, -{"account","account",NID_account,10,&(lvalues[3276]),0}, -{"document","document",NID_document,10,&(lvalues[3286]),0}, -{"room","room",NID_room,10,&(lvalues[3296]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0}, +{"account","account",NID_account,10,&(lvalues[3273]),0}, +{"document","document",NID_document,10,&(lvalues[3283]),0}, +{"room","room",NID_room,10,&(lvalues[3293]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3306]),0}, + &(lvalues[3303]),0}, {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, - &(lvalues[3316]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3326]),0}, + &(lvalues[3313]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3336]),0}, + 10,&(lvalues[3333]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3346]),0}, + &(lvalues[3343]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3356]),0}, + NID_simpleSecurityObject,10,&(lvalues[3353]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3366]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3376]),0}, + &(lvalues[3363]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3386]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3396]),0}, + 10,&(lvalues[3383]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3393]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3406]),0}, -{"rfc822Mailbox","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3416]),0}, -{"info","info",NID_info,10,&(lvalues[3426]),0}, + NID_textEncodedORAddress,10,&(lvalues[3403]),0}, +{"rfc822Mailbox","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0}, +{"info","info",NID_info,10,&(lvalues[3423]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3436]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3446]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3456]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3466]),0}, -{"host","host",NID_host,10,&(lvalues[3476]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3486]),0}, + &(lvalues[3433]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3453]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0}, +{"host","host",NID_host,10,&(lvalues[3473]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3483]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3496]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3506]),0}, + &(lvalues[3493]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3516]),0}, + &(lvalues[3513]),0}, {"documentAuthor","documentAuthor",NID_documentAuthor,10, - &(lvalues[3526]),0}, + &(lvalues[3523]),0}, {"documentLocation","documentLocation",NID_documentLocation,10, - &(lvalues[3536]),0}, + &(lvalues[3533]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3546]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3556]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3566]),0}, + 10,&(lvalues[3543]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3576]),0}, + &(lvalues[3573]),0}, {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, - &(lvalues[3586]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3596]),0}, + &(lvalues[3583]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3606]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3616]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3626]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3636]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3646]),0}, + NID_pilotAttributeType27,10,&(lvalues[3603]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3656]),0}, + &(lvalues[3653]),0}, {"associatedName","associatedName",NID_associatedName,10, - &(lvalues[3666]),0}, + &(lvalues[3663]),0}, {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, - &(lvalues[3676]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3686]),0}, + &(lvalues[3673]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3696]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3693]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3706]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3703]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3716]),0}, + 10,&(lvalues[3713]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3726]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3736]),0}, + NID_organizationalStatus,10,&(lvalues[3723]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3746]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3756]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3766]),0}, + NID_mailPreferenceOption,10,&(lvalues[3743]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3776]),0}, + &(lvalues[3773]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3786]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3783]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3796]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3793]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3806]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3816]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3826]),0}, + &(lvalues[3803]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3823]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3836]),0}, + &(lvalues[3833]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[3846]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[3854]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[3863]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[3872]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[3881]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[3889]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[3897]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[3905]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[3913]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[3921]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[3929]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[3937]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[3945]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[3953]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[3961]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[3969]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[3977]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[3985]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[3993]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4001]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4009]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4017]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4025]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4033]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[3843]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[3851]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[3860]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[3869]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[3878]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[3886]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[3894]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[3902]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[3910]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[3918]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[3926]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[3934]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[3942]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[3950]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[3958]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[3966]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[3974]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[3982]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[3990]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[3998]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4006]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4014]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4022]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4030]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4041]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4042]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4045]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4050]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4055]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4060]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4065]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4070]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4075]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4080]),0}, + NID_identified_organization,1,&(lvalues[4038]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4039]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4042]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4047]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4052]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4057]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4062]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4067]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4072]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4077]),0}, {NULL,NULL,NID_undef,0,NULL}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4085]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4090]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4095]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4082]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4087]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4092]),0}, {NULL,NULL,NID_undef,0,NULL}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4100]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4105]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4110]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4115]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4120]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4125]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4130]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4135]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4140]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4145]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4150]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4155]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4160]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4165]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4170]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4175]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4180]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4185]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4190]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4195]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4200]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4202]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4097]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4102]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4107]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4112]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4117]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4122]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4127]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4132]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4137]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4142]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4147]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4152]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4157]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4162]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4167]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4172]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4177]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4182]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4187]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4192]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4197]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4199]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4205]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4202]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4210]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4207]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4215]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4212]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4220]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4217]),0}, +{"x500UniqueIdentifier","x500UniqueIdentifier", + NID_x500UniqueIdentifier,3,&(lvalues[4222]),0}, +{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[4225]),0}, +{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, + &(lvalues[4230]),0}, +{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, + &(lvalues[4236]),0}, +{"id-hex-partial-message","id-hex-partial-message", + NID_id_hex_partial_message,7,&(lvalues[4242]),0}, +{"id-hex-multipart-message","id-hex-multipart-message", + NID_id_hex_multipart_message,7,&(lvalues[4249]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1479,7 +1495,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[141]),/* "CRLReason" */ &(nid_objs[417]),/* "CSPName" */ &(nid_objs[367]),/* "CrlID" */ -&(nid_objs[107]),/* "D" */ &(nid_objs[391]),/* "DC" */ &(nid_objs[31]),/* "DES-CBC" */ &(nid_objs[30]),/* "DES-CFB" */ @@ -1501,9 +1516,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[70]),/* "DSA-SHA1-old" */ &(nid_objs[67]),/* "DSA-old" */ &(nid_objs[297]),/* "DVCS" */ -&(nid_objs[48]),/* "Email" */ -&(nid_objs[99]),/* "G" */ -&(nid_objs[101]),/* "I" */ &(nid_objs[381]),/* "IANA" */ &(nid_objs[34]),/* "IDEA-CBC" */ &(nid_objs[35]),/* "IDEA-CFB" */ @@ -1572,7 +1584,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[100]),/* "SN" */ &(nid_objs[16]),/* "ST" */ &(nid_objs[143]),/* "SXNetID" */ -&(nid_objs[106]),/* "T" */ &(nid_objs[458]),/* "UID" */ &(nid_objs[ 0]),/* "UNDEF" */ &(nid_objs[11]),/* "X500" */ @@ -1643,6 +1654,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[434]),/* "data" */ &(nid_objs[390]),/* "dcobject" */ &(nid_objs[140]),/* "deltaCRL" */ +&(nid_objs[107]),/* "description" */ &(nid_objs[28]),/* "dhKeyAgreement" */ &(nid_objs[382]),/* "directory" */ &(nid_objs[174]),/* "dnQualifier" */ @@ -1657,6 +1669,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[392]),/* "domain" */ &(nid_objs[452]),/* "domainRelatedObject" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ +&(nid_objs[48]),/* "emailAddress" */ &(nid_objs[132]),/* "emailProtection" */ &(nid_objs[389]),/* "enterprises" */ &(nid_objs[384]),/* "experimental" */ @@ -1668,6 +1681,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[453]),/* "friendlyCountry" */ &(nid_objs[490]),/* "friendlyCountryName" */ &(nid_objs[156]),/* "friendlyName" */ +&(nid_objs[99]),/* "gn" */ &(nid_objs[163]),/* "hmacWithSHA1" */ &(nid_objs[432]),/* "holdInstructionCallIssuer" */ &(nid_objs[430]),/* "holdInstructionCode" */ @@ -1718,6 +1732,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[327]),/* "id-cmc-statusInfo" */ &(nid_objs[331]),/* "id-cmc-transactionId" */ &(nid_objs[408]),/* "id-ecPublicKey" */ +&(nid_objs[573]),/* "id-hex-multipart-message" */ +&(nid_objs[572]),/* "id-hex-partial-message" */ &(nid_objs[260]),/* "id-it" */ &(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ &(nid_objs[298]),/* "id-it-caProtEncCert" */ @@ -1847,6 +1863,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ +&(nid_objs[101]),/* "initials" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ &(nid_objs[295]),/* "ipsecTunnel" */ @@ -1865,6 +1882,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[182]),/* "member-body" */ &(nid_objs[51]),/* "messageDigest" */ &(nid_objs[383]),/* "mgmt" */ +&(nid_objs[569]),/* "mime-mhs" */ +&(nid_objs[571]),/* "mime-mhs-bodies" */ +&(nid_objs[570]),/* "mime-mhs-headings" */ &(nid_objs[488]),/* "mobileTelephoneNumber" */ &(nid_objs[136]),/* "msCTLSign" */ &(nid_objs[135]),/* "msCodeCom" */ @@ -2000,10 +2020,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[133]),/* "timeStamping" */ +&(nid_objs[106]),/* "title" */ &(nid_objs[505]),/* "tpBasis" */ &(nid_objs[375]),/* "trustRoot" */ &(nid_objs[436]),/* "ucl" */ -&(nid_objs[102]),/* "uniqueIdentifier" */ &(nid_objs[55]),/* "unstructuredAddress" */ &(nid_objs[49]),/* "unstructuredName" */ &(nid_objs[465]),/* "userClass" */ @@ -2014,6 +2034,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[565]),/* "wap-wsg-idm-ecid-wtls6" */ &(nid_objs[566]),/* "wap-wsg-idm-ecid-wtls8" */ &(nid_objs[567]),/* "wap-wsg-idm-ecid-wtls9" */ +&(nid_objs[568]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ }; @@ -2044,6 +2065,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[182]),/* "ISO Member Body" */ &(nid_objs[183]),/* "ISO US Member Body" */ &(nid_objs[142]),/* "Invalidity Date" */ +&(nid_objs[569]),/* "MIME MHS" */ &(nid_objs[388]),/* "Mail" */ &(nid_objs[383]),/* "Management" */ &(nid_objs[417]),/* "Microsoft CSP Name" */ @@ -2272,6 +2294,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[327]),/* "id-cmc-statusInfo" */ &(nid_objs[331]),/* "id-cmc-transactionId" */ &(nid_objs[408]),/* "id-ecPublicKey" */ +&(nid_objs[573]),/* "id-hex-multipart-message" */ +&(nid_objs[572]),/* "id-hex-partial-message" */ &(nid_objs[260]),/* "id-it" */ &(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ &(nid_objs[298]),/* "id-it-caProtEncCert" */ @@ -2426,6 +2450,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[95]),/* "mdc2" */ &(nid_objs[96]),/* "mdc2WithRSA" */ &(nid_objs[51]),/* "messageDigest" */ +&(nid_objs[571]),/* "mime-mhs-bodies" */ +&(nid_objs[570]),/* "mime-mhs-headings" */ &(nid_objs[488]),/* "mobileTelephoneNumber" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ @@ -2568,7 +2594,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[505]),/* "tpBasis" */ &(nid_objs[436]),/* "ucl" */ &(nid_objs[ 0]),/* "undefined" */ -&(nid_objs[102]),/* "uniqueIdentifier" */ &(nid_objs[55]),/* "unstructuredAddress" */ &(nid_objs[49]),/* "unstructuredName" */ &(nid_objs[465]),/* "userClass" */ @@ -2580,6 +2605,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[565]),/* "wap-wsg-idm-ecid-wtls6" */ &(nid_objs[566]),/* "wap-wsg-idm-ecid-wtls8" */ &(nid_objs[567]),/* "wap-wsg-idm-ecid-wtls9" */ +&(nid_objs[568]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ &(nid_objs[125]),/* "zlib compression" */ @@ -2591,8 +2617,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[379]),/* OBJ_org 1 3 */ +&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ @@ -2618,7 +2644,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[173]),/* OBJ_name 2 5 4 41 */ &(nid_objs[99]),/* OBJ_givenName 2 5 4 42 */ &(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ -&(nid_objs[102]),/* OBJ_uniqueIdentifier 2 5 4 45 */ +&(nid_objs[568]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ &(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ &(nid_objs[400]),/* OBJ_role 2 5 4 72 */ &(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ @@ -2655,6 +2681,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ &(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ &(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ +&(nid_objs[569]),/* OBJ_mime_mhs 1 3 6 1 7 1 */ &(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ &(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ &(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ @@ -2711,6 +2738,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ &(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */ &(nid_objs[127]),/* OBJ_id_pkix 1 3 6 1 5 5 7 */ +&(nid_objs[570]),/* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ +&(nid_objs[571]),/* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ &(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ &(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ &(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ @@ -2737,6 +2766,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[267]),/* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ &(nid_objs[268]),/* OBJ_id_cct 1 3 6 1 5 5 7 12 */ &(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ +&(nid_objs[572]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ +&(nid_objs[573]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ &(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ &(nid_objs[437]),/* OBJ_pilot 0 9 2342 19200300 100 */ &(nid_objs[186]),/* OBJ_pkcs1 1 2 840 113549 1 1 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 749bb0fc68..d995582739 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -583,7 +583,6 @@ #define NID_pkcs9 47 #define OBJ_pkcs9 OBJ_pkcs,9L -#define SN_pkcs9_emailAddress "Email" #define LN_pkcs9_emailAddress "emailAddress" #define NID_pkcs9_emailAddress 48 #define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L @@ -1876,12 +1875,10 @@ #define NID_organizationalUnitName 18 #define OBJ_organizationalUnitName OBJ_X509,11L -#define SN_title "T" #define LN_title "title" #define NID_title 106 #define OBJ_title OBJ_X509,12L -#define SN_description "D" #define LN_description "description" #define NID_description 107 #define OBJ_description OBJ_X509,13L @@ -1891,19 +1888,18 @@ #define NID_name 173 #define OBJ_name OBJ_X509,41L -#define SN_givenName "G" +#define SN_givenName "gn" #define LN_givenName "givenName" #define NID_givenName 99 #define OBJ_givenName OBJ_X509,42L -#define SN_initials "I" #define LN_initials "initials" #define NID_initials 101 #define OBJ_initials OBJ_X509,43L -#define LN_uniqueIdentifier "uniqueIdentifier" -#define NID_uniqueIdentifier 102 -#define OBJ_uniqueIdentifier OBJ_X509,45L +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 568 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L #define SN_dnQualifier "dnQualifier" #define LN_dnQualifier "dnQualifier" @@ -2151,6 +2147,31 @@ #define NID_dcObject 390 #define OBJ_dcObject OBJ_Enterprises,1466L,344L +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 569 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 570 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 571 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 572 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 573 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + #define SN_rle_compression "RLE" #define LN_rle_compression "run length compression" #define NID_rle_compression 124 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 1a9c833f79..7bdce87e86 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -565,3 +565,9 @@ wap_wsg_idm_ecid_wtls1 564 wap_wsg_idm_ecid_wtls6 565 wap_wsg_idm_ecid_wtls8 566 wap_wsg_idm_ecid_wtls9 567 +x500UniqueIdentifier 568 +mime_mhs 569 +mime_mhs_headings 570 +mime_mhs_bodies 571 +id_hex_partial_message 572 +id_hex_multipart_message 573 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index ee892f9f64..512fc9c954 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -168,7 +168,7 @@ pkcs7 6 : : pkcs7-encryptedData pkcs 9 : pkcs9 !module pkcs9 -pkcs9 1 : Email : emailAddress +pkcs9 1 : : emailAddress pkcs9 2 : : unstructuredName pkcs9 3 : : contentType pkcs9 4 : : messageDigest @@ -606,12 +606,12 @@ X509 7 : L : localityName X509 8 : ST : stateOrProvinceName X509 10 : O : organizationName X509 11 : OU : organizationalUnitName -X509 12 : T : title -X509 13 : D : description +X509 12 : : title +X509 13 : : description X509 41 : name : name -X509 42 : G : givenName -X509 43 : I : initials -X509 45 : : uniqueIdentifier +X509 42 : gn : givenName +X509 43 : : initials +X509 45 : : x500UniqueIdentifier X509 46 : dnQualifier : dnQualifier X509 72 : role : role @@ -702,6 +702,13 @@ Private 1 : enterprises : Enterprises # RFC 2247 Enterprises 1466 344 : dcobject : dcObject +# RFC 1495 +Mail 1 : mime-mhs : MIME MHS +mime-mhs 1 : mime-mhs-headings : mime-mhs-headings +mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies +mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message +mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message + # What the hell are these OIDs, really? !Cname rle-compression 1 1 1 1 666 1 : RLE : run length compression From ea7fc0311c44309d0ec932a8711df1fe65aac054 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 15 Apr 2002 13:30:41 +0000 Subject: [PATCH 158/173] Use the "mail" short name according to RFC2798 (Michael Bell ). --- crypto/objects/obj_dat.h | 8 ++++---- crypto/objects/obj_mac.h | 2 +- crypto/objects/objects.txt | 9 +++++++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 68f225b3d8..533b919ffe 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1218,7 +1218,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"private","Private",NID_Private,4,&(lvalues[2844]),0}, {"security","Security",NID_Security,4,&(lvalues[2848]),0}, {"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0}, -{"mail","Mail",NID_Mail,4,&(lvalues[2856]),0}, +{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0}, {"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0}, {"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, @@ -1318,7 +1318,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"UID","userId",NID_userId,10,&(lvalues[3393]),0}, {"textEncodedORAddress","textEncodedORAddress", NID_textEncodedORAddress,10,&(lvalues[3403]),0}, -{"rfc822Mailbox","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0}, +{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0}, {"info","info",NID_info,10,&(lvalues[3423]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, &(lvalues[3433]),0}, @@ -1530,6 +1530,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[ 4]),/* "MD5" */ &(nid_objs[114]),/* "MD5-SHA1" */ &(nid_objs[95]),/* "MDC2" */ +&(nid_objs[388]),/* "Mail" */ &(nid_objs[57]),/* "Netscape" */ &(nid_objs[366]),/* "Nonce" */ &(nid_objs[17]),/* "O" */ @@ -1876,7 +1877,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[476]),/* "lastModifiedTime" */ &(nid_objs[157]),/* "localKeyID" */ &(nid_objs[480]),/* "mXRecord" */ -&(nid_objs[388]),/* "mail" */ +&(nid_objs[460]),/* "mail" */ &(nid_objs[493]),/* "mailPreferenceOption" */ &(nid_objs[467]),/* "manager" */ &(nid_objs[182]),/* "member-body" */ @@ -1956,7 +1957,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[286]),/* "qcStatements" */ &(nid_objs[457]),/* "qualityLabelledData" */ &(nid_objs[450]),/* "rFC822localPart" */ -&(nid_objs[460]),/* "rfc822Mailbox" */ &(nid_objs[400]),/* "role" */ &(nid_objs[448]),/* "room" */ &(nid_objs[463]),/* "roomNumber" */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index d995582739..bdc1b7f3b4 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2132,7 +2132,6 @@ #define NID_SNMPv2 387 #define OBJ_SNMPv2 OBJ_internet,6L -#define SN_Mail "mail" #define LN_Mail "Mail" #define NID_Mail 388 #define OBJ_Mail OBJ_internet,7L @@ -2380,6 +2379,7 @@ #define NID_textEncodedORAddress 459 #define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L +#define SN_rfc822Mailbox "mail" #define LN_rfc822Mailbox "rfc822Mailbox" #define NID_rfc822Mailbox 460 #define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 512fc9c954..03f071c2c2 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -695,7 +695,12 @@ internet 3 : experimental : Experimental internet 4 : private : Private internet 5 : security : Security internet 6 : snmpv2 : SNMPv2 -internet 7 : mail : Mail +# Documents refer to "internet 7" as "mail". This however leads to ambiguities +# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for +# rfc822Mailbox. The short name is therefore here left out for a reason. +# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as +# references are realized via long name "Mail" (with capital M). +internet 7 : : Mail Private 1 : enterprises : Enterprises @@ -782,7 +787,7 @@ pilotObjectClass 21 : : pilotDSA pilotObjectClass 22 : : qualityLabelledData pilotAttributeType 1 : UID : userId pilotAttributeType 2 : : textEncodedORAddress -pilotAttributeType 3 : : rfc822Mailbox +pilotAttributeType 3 : mail : rfc822Mailbox pilotAttributeType 4 : info pilotAttributeType 5 : : favouriteDrink pilotAttributeType 6 : : roomNumber From e9cbcb1d989c6de5d78b74c35621e8973d67b707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 15 Apr 2002 14:18:30 +0000 Subject: [PATCH 159/173] Document OID changes. --- CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 68e233fedb..6670ed569b 100644 --- a/CHANGES +++ b/CHANGES @@ -41,8 +41,10 @@ Changes between 0.9.6d and 0.9.7 [XX xxx 2002] *) Make object definitions compliant to LDAP (RFC2256): SN is the short - form for "surname", serialNumber has no short form; some more OID - additions.(Michael Bell ) + form for "surname", serialNumber has no short form. + Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; + therefore remove "mail" short name for "internet 7". + Some more OID additions. (Michael Bell ) [Lutz Jaenicke] *) Add an "init" command to the ENGINE config module and auto initialize From ff8e412ceb28239225b5ac3668ba1fc51ce48f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 15 Apr 2002 15:29:43 +0000 Subject: [PATCH 160/173] get rid of some assignments that have become obsolete --- util/libeay.num | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/util/libeay.num b/util/libeay.num index 5bb4153c07..8bd9055ef9 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2811,7 +2811,7 @@ d2i_ECDSAPrivateKey_fp 3253 EXIST::FUNCTION:ECDSA,FP_API ECDSA_print_fp 3254 EXIST::FUNCTION:ECDSA,FP_API i2d_ECDSAPrivateKey 3255 EXIST::FUNCTION:ECDSA d2i_ECDSAParameters 3256 EXIST::FUNCTION:ECDSA -d2i_ECDSAPublicKey 3257 EXIST::FUNCTION:ECDSA +ECDSA_set_conversion_form 3257 EXIST::FUNCTION:ECDSA PEM_write_bio_ECDSAPrivateKey 3258 EXIST::FUNCTION:ECDSA ERR_load_ECDSA_strings 3259 EXIST::FUNCTION:ECDSA d2i_ECDSA_SIG 3260 EXIST::FUNCTION:ECDSA @@ -2829,22 +2829,26 @@ ECDSA_do_sign 3271 EXIST::FUNCTION:ECDSA ECDSA_set_parameter_flags 3272 EXIST::FUNCTION:ECDSA i2d_ECDSA_SIG 3273 EXIST::FUNCTION:ECDSA PEM_read_bio_ECDSAParameters 3274 EXIST::FUNCTION:ECDSA -ECDSA_new 3275 EXIST::FUNCTION:ECDSA -EVP_ecdsa 3276 EXIST::FUNCTION:SHA -ECDSA_set_default_method 3277 EXIST::FUNCTION:ECDSA -ENGINE_set_ECDSA 3278 EXIST::FUNCTION: -ECDSA_get_ex_new_index 3279 EXIST::FUNCTION:ECDSA -i2d_ECDSAPublicKey 3280 EXIST::FUNCTION:ECDSA +ECDSAPublicKey_get_octet_string 3275 EXIST::FUNCTION:ECDSA +ECDSA_new 3276 EXIST::FUNCTION:ECDSA +EVP_ecdsa 3277 EXIST::FUNCTION:SHA +ECDSA_set_default_method 3278 EXIST::FUNCTION:ECDSA +ENGINE_set_ECDSA 3279 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3280 EXIST::FUNCTION:ECDSA PEM_write_ECDSA_PUBKEY 3281 EXIST:!WIN16:FUNCTION:ECDSA EC_GROUP_check_discriminant 3282 EXIST::FUNCTION:EC -ECDSA_set_ex_data 3283 EXIST::FUNCTION:ECDSA -i2d_ECDSA_PUBKEY_bio 3284 EXIST::FUNCTION:BIO,ECDSA -d2i_ECDSAPrivateKey 3285 EXIST::FUNCTION:ECDSA -EC_GROUP_new_by_nid 3286 EXIST::FUNCTION:EC -PEM_read_ECDSA_PUBKEY 3287 EXIST:!WIN16:FUNCTION:ECDSA -ECDSA_up_ref 3288 EXIST::FUNCTION:ECDSA -ENGINE_register_all_ECDSA 3289 EXIST::FUNCTION: -ECDSA_generate_key 3290 EXIST::FUNCTION:ECDSA -PEM_write_ECDSAParameters 3291 EXIST:!WIN16:FUNCTION:ECDSA -i2d_ECDSAPrivateKey_fp 3292 EXIST::FUNCTION:ECDSA,FP_API -PEM_read_ECDSAPrivateKey 3293 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_set_default_conversion_form 3283 EXIST::FUNCTION:ECDSA +ECDSA_set_ex_data 3284 EXIST::FUNCTION:ECDSA +ECDSA_get_default_conversion_form 3285 EXIST::FUNCTION:ECDSA +i2d_ECDSA_PUBKEY_bio 3286 EXIST::FUNCTION:BIO,ECDSA +d2i_ECDSAPrivateKey 3287 EXIST::FUNCTION:ECDSA +EC_GROUP_new_by_nid 3288 EXIST::FUNCTION:EC +PEM_read_ECDSA_PUBKEY 3289 EXIST:!WIN16:FUNCTION:ECDSA +ECDSA_up_ref 3290 EXIST::FUNCTION:ECDSA +ENGINE_register_all_ECDSA 3291 EXIST::FUNCTION: +ECDSA_get_conversion_form 3292 EXIST::FUNCTION:ECDSA +ECDSA_generate_key 3293 EXIST::FUNCTION:ECDSA +PEM_write_ECDSAParameters 3294 EXIST:!WIN16:FUNCTION:ECDSA +i2d_ECDSAPrivateKey_fp 3295 EXIST::FUNCTION:ECDSA,FP_API +PEM_read_ECDSAPrivateKey 3296 EXIST:!WIN16:FUNCTION:ECDSA +ECDSAPublicKey_set_octet_string 3297 EXIST::FUNCTION:ECDSA From 1064acafc4b6892a36c016e53256a0590680afe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 17 Apr 2002 09:31:34 +0000 Subject: [PATCH 161/173] check return values Submitted by: Nils Larsch --- CHANGES | 3 +++ apps/req.c | 27 ++++++++++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 6670ed569b..10b23debee 100644 --- a/CHANGES +++ b/CHANGES @@ -1627,6 +1627,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6c and 0.9.6d [XX xxx 2002] + *) Check various X509_...() return values in apps/req.c. + [Nils Larsch ] + *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: an end-of-file condition would erronously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when diff --git a/apps/req.c b/apps/req.c index ba2167aabd..629a604490 100644 --- a/apps/req.c +++ b/apps/req.c @@ -310,7 +310,7 @@ int MAIN(int argc, char **argv) goto end; } - dtmp=X509_get_pubkey(xtmp); + if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end; if (dtmp->type == EVP_PKEY_DSA) dsa_params=DSAparams_dup(dtmp->pkey.dsa); EVP_PKEY_free(dtmp); @@ -350,7 +350,7 @@ int MAIN(int argc, char **argv) goto end; } - dtmp=X509_get_pubkey(xtmp); + if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end; if (dtmp->type == EVP_PKEY_ECDSA) ecdsa_params = ECDSAParameters_dup(dtmp->pkey.ecdsa); EVP_PKEY_free(dtmp); @@ -888,19 +888,20 @@ loop: /* Set version to V3 */ if(!X509_set_version(x509ss, 2)) goto end; if (serial) - X509_set_serialNumber(x509ss, serial); + { + if (!X509_set_serialNumber(x509ss, serial)) goto end; + } else - ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); + { + if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end; + } - X509_set_issuer_name(x509ss, - X509_REQ_get_subject_name(req)); - X509_gmtime_adj(X509_get_notBefore(x509ss),0); - X509_gmtime_adj(X509_get_notAfter(x509ss), - (long)60*60*24*days); - X509_set_subject_name(x509ss, - X509_REQ_get_subject_name(req)); + if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; + if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; + if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end; + if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; tmppkey = X509_REQ_get_pubkey(req); - X509_set_pubkey(x509ss,tmppkey); + if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end; EVP_PKEY_free(tmppkey); /* Set up V3 context struct */ @@ -1202,7 +1203,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, } if(!i) goto err; - X509_REQ_set_pubkey(req,pkey); + if (!X509_REQ_set_pubkey(req,pkey)) goto err; ret=1; err: From 8f182fdc6929708b30ce6f525e06841af636d32e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 17 Apr 2002 11:31:20 +0000 Subject: [PATCH 162/173] 'version' is not optional in the encoding Submitted by: Nils Larsch --- crypto/ecdsa/ecs_asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index f68081d42c..0b2baf7219 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -86,7 +86,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE) IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE) ASN1_SEQUENCE(X9_62_EC_PARAMETERS) = { - ASN1_OPT(X9_62_EC_PARAMETERS, version, ASN1_INTEGER), + ASN1_SIMPLE(X9_62_EC_PARAMETERS, version, ASN1_INTEGER), ASN1_SIMPLE(X9_62_EC_PARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(X9_62_EC_PARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(X9_62_EC_PARAMETERS, base, ASN1_OCTET_STRING), From dde3e83129ecc3ca06a5c4d1698334c26ec4bd9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 17 Apr 2002 11:35:52 +0000 Subject: [PATCH 163/173] 'version' is not optional in the encoding Submitted by: Nils Larsch --- crypto/ecdsa/ecs_asn1.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 0b2baf7219..07899150be 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -261,14 +261,9 @@ X9_62_EC_PARAMETERS *ECDSA_get_X9_62_EC_PARAMETERS(const ECDSA *ecdsa, X9_62_EC_ } else ret = param; - if (ecdsa->version == 1) - ret->version = NULL; - else - { - if (ret->version == NULL && (ret->version = ASN1_INTEGER_new()) == NULL) - OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) - if (!ASN1_INTEGER_set(ret->version, (long)ecdsa->version)) goto err; - } + if (ret->version == NULL && (ret->version = ASN1_INTEGER_new()) == NULL) + OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE) + if (!ASN1_INTEGER_set(ret->version, (long)ecdsa->version)) goto err; if ((ret->fieldID = ECDSA_get_X9_62_FIELDID(ecdsa, ret->fieldID)) == NULL) OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE) if ((ret->curve = ECDSA_get_X9_62_CURVE(ecdsa, ret->curve)) == NULL) From 151457ab16b19f855240ef4c417a8ba2e61abe22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 18 Apr 2002 08:11:31 +0000 Subject: [PATCH 164/173] Handle headings uniformly to allow automatic processing. --- NEWS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index ebb2b74a0e..3850f59605 100644 --- a/NEWS +++ b/NEWS @@ -39,12 +39,12 @@ o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. - Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. - Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: + Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: o Various SSL/TLS library bugfixes. o BIGNUM library fixes. @@ -57,7 +57,7 @@ Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. - Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: + Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: o Security fix: PRNG improvements. o Security fix: RSA OAEP check. From d5d007abe357ce4bea5390bf3a872dc85497da38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 18 Apr 2002 11:54:06 +0000 Subject: [PATCH 165/173] Optimize: better shortcut evaluation ("Howard Chu" ). --- crypto/objects/obj_dat.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index cf21ea3377..8779ba7d1d 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -445,8 +445,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) return(0); } - nid=OBJ_obj2nid(a); - if ((nid == NID_undef) || no_name) { + if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { len=a->length; p=a->data; From a8f8788248f8c702805942917e6ddb7eee6f73fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 18 Apr 2002 12:47:50 +0000 Subject: [PATCH 166/173] Missing "Configure" entry (Jean-Marc Desperrier ). --- Configure | 1 + TABLE | 25 ++++++++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 8a7f7d9908..70bc37eef8 100755 --- a/Configure +++ b/Configure @@ -373,6 +373,7 @@ my %table=( "linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", diff --git a/TABLE b/TABLE index d13c723807..8ca5309e4d 100644 --- a/TABLE +++ b/TABLE @@ -1,4 +1,3 @@ -Output of `Configure TABLE': *** BC-16 $cc = bcc @@ -1584,6 +1583,30 @@ $shared_ldflag = $shared_extension = $ranlib = +*** debug-linux-pentium +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o +$dso_scheme = dlfcn +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = + *** debug-linux-ppro $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall From 6176df94ed4a8c217546ac31d11d4d72140df3f5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 18 Apr 2002 16:20:13 +0000 Subject: [PATCH 167/173] Make sure the opened directory is closed on exit. Notified by Lorinczy Zsigmond --- ssl/ssl_cert.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 1a873d2cb7..0c5d05fb41 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -773,6 +773,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ret = 1; err: + if (d) closedir(d); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } @@ -798,7 +799,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, SYSerr(SYS_F_OPENDIR, get_last_sys_error()); ERR_add_error_data(3, "opendir('", dir, "')"); SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); - goto err; + goto err_noclose; } do @@ -819,10 +820,11 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, goto err; } while (FindNextFile(hFind, &FindFileData) != FALSE); - FindClose(hFind); ret = 1; -err: +err: + FindClose(hFind); +err_noclose: CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } From 2d7ab7e9ea611de3cd2944934a468c2b0218f0cc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 20 Apr 2002 10:19:20 +0000 Subject: [PATCH 168/173] Do not free p if it hasn't been used yet. Notified by Bernd Matthes --- crypto/asn1/x_pubkey.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index a34f473cfe..f1ddbf044f 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -85,7 +85,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) X509_PUBKEY *pk; X509_ALGOR *a; ASN1_OBJECT *o; - unsigned char *s,*p; + unsigned char *s,*p = NULL; int i; if (x == NULL) return(0); @@ -142,7 +142,6 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) if ((a->parameter = ASN1_TYPE_new()) == NULL) { X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); - OPENSSL_free(p); goto err; } From ce94682ce103c1f5e319722ab14b745a314cb221 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 20 Apr 2002 10:22:01 +0000 Subject: [PATCH 169/173] No point constifying an int. Notified by Bernd Matthes --- crypto/ecdsa/ecdsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 9b2a17f02d..8dbe872d64 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -144,7 +144,7 @@ int ECDSA_sign_setup(ECDSA *ecdsa, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); int ECDSA_sign(int type, const unsigned char *dgst, int dgst_len, unsigned char *sig, unsigned int *siglen, ECDSA *ecdsa); int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sig, - const int sig_len, ECDSA *ecdsa); + int sig_len, ECDSA *ecdsa); int ECDSA_up_ref(ECDSA *ecdsa); void ECDSA_free(ECDSA *a); int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, From 45932ad508ae6d022fcbd893de8fc20296185e94 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 20 Apr 2002 10:22:42 +0000 Subject: [PATCH 170/173] The callback must have (void) as argument list. Notified by Bernd Matthes --- crypto/engine/tb_ecdsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/tb_ecdsa.c b/crypto/engine/tb_ecdsa.c index 682ca15312..5860fcac72 100644 --- a/crypto/engine/tb_ecdsa.c +++ b/crypto/engine/tb_ecdsa.c @@ -69,7 +69,7 @@ void ENGINE_unregister_ECDSA(ENGINE *e) engine_table_unregister(&ecdsa_table, e); } -static void engine_unregister_all_ECDSA() +static void engine_unregister_all_ECDSA(void) { engine_table_cleanup(&ecdsa_table); } From 8b07f23c30cbab65054b4c1df6c1a0c4432ea3d9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 20 Apr 2002 10:23:19 +0000 Subject: [PATCH 171/173] Signedness mismatch. Notified by Bernd Matthes --- ssl/s3_pkt.c | 4 ++-- ssl/ssltest.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 5e60e18972..e411fb5a03 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -245,7 +245,7 @@ static int ssl3_get_record(SSL *s) extra=SSL3_RT_MAX_EXTRA; else extra=0; - if (extra != (s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)) + if ((size_t)extra != (s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)) { /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER * set after ssl3_setup_buffers() was done */ @@ -605,7 +605,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (prefix_len <= 0) goto err; - if (s->s3->wbuf.len < prefix_len + SSL3_RT_MAX_PACKET_SIZE) + if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) { /* insufficient space */ SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index f98202945e..918aabe4d5 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -991,7 +991,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, do { size_t num; - int r; + size_t r; r1 = BIO_ctrl_pending(io1); r2 = BIO_ctrl_get_write_guarantee(io2); From 01682a8b3c67a7f09b2696862bd6b3cb30b12e13 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 20 Apr 2002 10:23:56 +0000 Subject: [PATCH 172/173] Make sure ec and ecdsa is properly handled in Windows. Notified by Bernd Matthes --- util/mk1mf.pl | 8 +++++++- util/mkfiles.pl | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index fdaf642c65..1f8b839e41 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -62,6 +62,8 @@ and [options] can be one of just-ssl - remove all non-ssl keys/digest no-asm - No x86 asm no-krb5 - No KRB5 + no-ec - No EC + no-ecdsa - No ECDSA nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -224,7 +226,9 @@ $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; -$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; +$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; +$cflags.=" -DOPENSSL_NO_EC" if $no_ec; +$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -882,6 +886,8 @@ sub read_options elsif (/^no-err$/) { $no_err=1; } elsif (/^no-sock$/) { $no_sock=1; } elsif (/^no-krb5$/) { $no_krb5=1; } + elsif (/^no-ec$/) { $no_ec=1; } + elsif (/^no-ecdsa$/) { $no_ecdsa=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 29e1404c69..0ae8695bec 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -30,6 +30,7 @@ my @dirs = ( "crypto/dso", "crypto/dh", "crypto/ec", +"crypto/ecdsa", "crypto/buffer", "crypto/bio", "crypto/stack", From 8b2f9cdfad0ccdc7903c497bf3faabb6c54dfcd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 21 Apr 2002 17:54:03 +0000 Subject: [PATCH 173/173] Add cygwin build script (Corinna Vinschen ). --- util/cygwin.sh | 125 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100755 util/cygwin.sh diff --git a/util/cygwin.sh b/util/cygwin.sh new file mode 100755 index 0000000000..b607399b02 --- /dev/null +++ b/util/cygwin.sh @@ -0,0 +1,125 @@ +#!/bin/bash +# +# This script configures, builds and packs the binary package for +# the Cygwin net distribution version of OpenSSL +# + +# Uncomment when debugging +#set -x + +CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2" +INSTALL_PREFIX=/tmp/install + +VERSION= +SUBVERSION=$1 + +function cleanup() +{ + rm -rf ${INSTALL_PREFIX}/etc + rm -rf ${INSTALL_PREFIX}/usr +} + +function get_openssl_version() +{ + eval `grep '^VERSION=' Makefile.ssl` + if [ -z "${VERSION}" ] + then + echo "Error: Couldn't retrieve OpenSSL version from Makefile.ssl." + echo " Check value of variable VERSION in Makefile.ssl." + exit 1 + fi +} + +function base_install() +{ + mkdir -p ${INSTALL_PREFIX} + cleanup + make install INSTALL_PREFIX="${INSTALL_PREFIX}" +} + +function doc_install() +{ + DOC_DIR=${INSTALL_PREFIX}/usr/doc/openssl + + mkdir -p ${DOC_DIR} + cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR} + + create_cygwin_readme +} + +function create_cygwin_readme() +{ + README_DIR=${INSTALL_PREFIX}/usr/doc/Cygwin + README_FILE=${README_DIR}/openssl-${VERSION}.README + + mkdir -p ${README_DIR} + cat > ${README_FILE} <<- EOF + The Cygwin version has been built using the following configure: + + ./config ${CONFIG_OPTIONS} + + The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or + licensing issues. + EOF +} + +function create_profile_files() +{ + PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d + + mkdir -p $PROFILE_DIR + cat > ${PROFILE_DIR}/openssl.sh <<- "EOF" + export MANPATH="${MANPATH}:/usr/ssl/man" + EOF + cat > ${PROFILE_DIR}/openssl.csh <<- "EOF" + if ( $?MANPATH ) then + setenv MANPATH "${MANPATH}:/usr/ssl/man" + else + setenv MANPATH ":/usr/ssl/man" + endif + EOF +} + +if [ -z "${SUBVERSION}" ] +then + echo "Usage: $0 subversion" + exit 1 +fi + +if [ ! -f config ] +then + echo "You must start this script in the OpenSSL toplevel source dir." + exit 1 +fi + +./config ${CONFIG_OPTIONS} + +get_openssl_version + +make || exit 1 + +base_install + +doc_install + +create_cygwin_readme + +create_profile_files + +cd ${INSTALL_PREFIX} +strip usr/bin/*.exe usr/bin/*.dll + +# Runtime package +find etc usr/bin usr/doc usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc \ + usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d | +tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - +# Development package +find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d | +tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - + +ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 +ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 + +cleanup + +exit 0